Google Git
Sign in
flutter / third_party / openssl / 2e4d0677ea858c619a33235265dbee19520a9d35 / . / crypto / x509 / v3_conf.c
blob: 8201ba0d86683b3a1929a06bed5f81844c03dd70 [file] [log] [blame]
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]1/*
Richard Levitte4333b892021-01-28 13:54:57 +0100[diff] [blame]2 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
Rich Salzd2e9e322016-05-17 14:51:26 -0400[diff] [blame]3 *
Richard Levitte4286ca42018-12-06 14:00:54 +0100[diff] [blame]4 * Licensed under the Apache License 2.0 (the "License"). You may not use
Rich Salzd2e9e322016-05-17 14:51:26 -0400[diff] [blame]5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]8 */
Rich Salzd2e9e322016-05-17 14:51:26 -0400[diff] [blame]9
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]10/* extension creation utilities */
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]11
Dr. Stephen Hensone527ba01999-02-22 01:26:40 +0000[diff] [blame]12#include <stdio.h>
Dr. Matthias St. Pierre25f21382019-09-28 00:45:33 +0200[diff] [blame]13#include "crypto/ctype.h"
Richard Levitteb39fc562015-05-14 16:56:48 +0200[diff] [blame]14#include "internal/cryptlib.h"
Bodo Möllerec577821999-04-23 22:13:45 +0000[diff] [blame]15#include <openssl/conf.h>
16#include <openssl/x509.h>
Dr. Matthias St. Pierre25f21382019-09-28 00:45:33 +0200[diff] [blame]17#include "crypto/x509.h"
Bodo Möllerec577821999-04-23 22:13:45 +0000[diff] [blame]18#include <openssl/x509v3.h>
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]19
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]20static int v3_check_critical(const char **value);
21static int v3_check_generic(const char **value);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]22static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]23 int crit, const char *value);
24static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]25 int crit, int type,
26 X509V3_CTX *ctx);
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]27static char *conf_lhash_get_string(void *db, const char *section, const char *value);
28static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]29static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
30 int ext_nid, int crit, void *ext_struc);
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]31static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]32 long *ext_len);
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]33
34static X509_EXTENSION *X509V3_EXT_nconf_int(CONF *conf, X509V3_CTX *ctx,
35 const char *section,
36 const char *name, const char *value)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]37{
38 int crit;
39 int ext_type;
40 X509_EXTENSION *ret;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]41
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]42 crit = v3_check_critical(&value);
43 if ((ext_type = v3_check_generic(&value)))
44 return v3_generic_extension(name, value, crit, ext_type, ctx);
45 ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
46 if (!ret) {
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]47 if (section != NULL)
Richard Levittea150f8e2020-11-04 16:14:00 +0100[diff] [blame]48 ERR_raise_data(ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION,
49 "section=%s, name=%s, value=%s",
50 section, name, value);
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]51 else
Richard Levittea150f8e2020-11-04 16:14:00 +0100[diff] [blame]52 ERR_raise_data(ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION,
53 "name=%s, value=%s", name, value);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]54 }
55 return ret;
56}
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]57
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]58X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
59 const char *value)
60{
61 return X509V3_EXT_nconf_int(conf, ctx, NULL, name, value);
62}
63
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]64X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]65 const char *value)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]66{
67 int crit;
68 int ext_type;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]69
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]70 crit = v3_check_critical(&value);
71 if ((ext_type = v3_check_generic(&value)))
72 return v3_generic_extension(OBJ_nid2sn(ext_nid),
73 value, crit, ext_type, ctx);
74 return do_ext_nconf(conf, ctx, ext_nid, crit, value);
75}
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]76
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]77/* CONF *conf: Config file */
Ulf Möller6b691a51999-04-19 21:31:43 +0000[diff] [blame]78/* char *value: Value */
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]79static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]80 int crit, const char *value)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]81{
82 const X509V3_EXT_METHOD *method;
83 X509_EXTENSION *ext;
84 STACK_OF(CONF_VALUE) *nval;
85 void *ext_struc;
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]86
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]87 if (ext_nid == NID_undef) {
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]88 ERR_raise(ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION_NAME);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]89 return NULL;
90 }
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]91 if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]92 ERR_raise(ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]93 return NULL;
94 }
95 /* Now get internal extension representation based on type */
96 if (method->v2i) {
97 if (*value == '@')
98 nval = NCONF_get_section(conf, value + 1);
99 else
100 nval = X509V3_parse_list(value);
Matt Caswell8605abf2016-06-10 15:30:09 +0100[diff] [blame]101 if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
Richard Levittea150f8e2020-11-04 16:14:00 +0100[diff] [blame]102 ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_EXTENSION_STRING,
103 "name=%s,section=%s", OBJ_nid2sn(ext_nid), value);
Matt Caswell8605abf2016-06-10 15:30:09 +0100[diff] [blame]104 if (*value != '@')
David Benjamine125c122016-07-26 11:36:23 -0400[diff] [blame]105 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]106 return NULL;
107 }
108 ext_struc = method->v2i(method, ctx, nval);
109 if (*value != '@')
110 sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
111 if (!ext_struc)
112 return NULL;
113 } else if (method->s2i) {
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]114 if ((ext_struc = method->s2i(method, ctx, value)) == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]115 return NULL;
116 } else if (method->r2i) {
117 if (!ctx->db || !ctx->db_meth) {
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]118 ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_CONFIG_DATABASE);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]119 return NULL;
120 }
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]121 if ((ext_struc = method->r2i(method, ctx, value)) == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]122 return NULL;
123 } else {
Richard Levittea150f8e2020-11-04 16:14:00 +0100[diff] [blame]124 ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,
125 "name=%s", OBJ_nid2sn(ext_nid));
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]126 return NULL;
127 }
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]128
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]129 ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
130 if (method->it)
131 ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
132 else
133 method->ext_free(ext_struc);
134 return ext;
Dr. Stephen Hensonc8b41851999-05-09 16:39:11 +0000[diff] [blame]135
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]136}
Dr. Stephen Hensonc8b41851999-05-09 16:39:11 +0000[diff] [blame]137
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]138static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
139 int ext_nid, int crit, void *ext_struc)
140{
141 unsigned char *ext_der = NULL;
142 int ext_len;
143 ASN1_OCTET_STRING *ext_oct = NULL;
144 X509_EXTENSION *ext;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]145
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]146 /* Convert internal representation to DER */
147 if (method->it) {
148 ext_der = NULL;
149 ext_len =
150 ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
151 if (ext_len < 0)
152 goto merr;
153 } else {
154 unsigned char *p;
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]155
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]156 ext_len = method->i2d(ext_struc, NULL);
Shane Lontis42e7d2f2021-04-12 13:58:14 +1000[diff] [blame]157 if (ext_len <= 0)
158 goto merr;
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]159 if ((ext_der = OPENSSL_malloc(ext_len)) == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]160 goto merr;
161 p = ext_der;
162 method->i2d(ext_struc, &p);
163 }
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]164 if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]165 goto merr;
166 ext_oct->data = ext_der;
167 ext_der = NULL;
168 ext_oct->length = ext_len;
Dr. Stephen Henson2aff7722000-12-13 13:47:33 +0000[diff] [blame]169
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]170 ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
171 if (!ext)
172 goto merr;
Dr. Stephen Hensonf422a512015-03-14 04:16:42 +0000[diff] [blame]173 ASN1_OCTET_STRING_free(ext_oct);
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]174
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]175 return ext;
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]176
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]177 merr:
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]178 ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
Rich Salzb548a1f2015-05-01 10:02:07 -0400[diff] [blame]179 OPENSSL_free(ext_der);
Rich Salz0dfb9392015-03-24 07:52:24 -0400[diff] [blame]180 ASN1_OCTET_STRING_free(ext_oct);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]181 return NULL;
Dr. Stephen Hensonc8b41851999-05-09 16:39:11 +0000[diff] [blame]182
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]183}
Dr. Stephen Hensonc8b41851999-05-09 16:39:11 +0000[diff] [blame]184
185/* Given an internal structure, nid and critical flag create an extension */
186
187X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]188{
189 const X509V3_EXT_METHOD *method;
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]190
191 if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]192 ERR_raise(ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]193 return NULL;
194 }
195 return do_ext_i2d(method, ext_nid, crit, ext_struc);
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]196}
197
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]198/* Check the extension string for critical flag */
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]199static int v3_check_critical(const char **value)
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]200{
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]201 const char *p = *value;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]202
Dr. David von Oheimb2ff286c2021-06-21 08:55:50 +0200[diff] [blame]203 if (!CHECK_AND_SKIP_PREFIX(p, "critical,"))
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]204 return 0;
Paulia1df06b2017-08-21 07:19:17 +1000[diff] [blame]205 while (ossl_isspace(*p))
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]206 p++;
207 *value = p;
208 return 1;
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]209}
210
211/* Check extension string for generic extension and return the type */
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]212static int v3_check_generic(const char **value)
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]213{
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]214 int gen_type = 0;
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]215 const char *p = *value;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]216
Dr. David von Oheimb2ff286c2021-06-21 08:55:50 +0200[diff] [blame]217 if (CHECK_AND_SKIP_PREFIX(p, "DER:")) {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]218 gen_type = 1;
Dr. David von Oheimb2ff286c2021-06-21 08:55:50 +0200[diff] [blame]219 } else if (CHECK_AND_SKIP_PREFIX(p, "ASN1:")) {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]220 gen_type = 2;
221 } else
222 return 0;
Dr. Stephen Henson9ea1b872002-11-12 13:34:51 +0000[diff] [blame]223
Paulia1df06b2017-08-21 07:19:17 +1000[diff] [blame]224 while (ossl_isspace(*p))
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]225 p++;
226 *value = p;
227 return gen_type;
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]228}
229
Dr. Stephen Hensonc79b16e1999-08-25 16:59:26 +0000[diff] [blame]230/* Create a generic extension: for now just handle DER type */
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]231static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]232 int crit, int gen_type,
233 X509V3_CTX *ctx)
234{
235 unsigned char *ext_der = NULL;
Gunnar Kudrjavets4c9b0a02015-05-06 10:16:55 +0100[diff] [blame]236 long ext_len = 0;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]237 ASN1_OBJECT *obj = NULL;
238 ASN1_OCTET_STRING *oct = NULL;
239 X509_EXTENSION *extension = NULL;
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]240
241 if ((obj = OBJ_txt2obj(ext, 0)) == NULL) {
Richard Levittea150f8e2020-11-04 16:14:00 +0100[diff] [blame]242 ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR,
243 "name=%s", ext);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]244 goto err;
245 }
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]246
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]247 if (gen_type == 1)
Rich Salz14f051a2016-04-13 15:58:28 -0400[diff] [blame]248 ext_der = OPENSSL_hexstr2buf(value, &ext_len);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]249 else if (gen_type == 2)
250 ext_der = generic_asn1(value, ctx, &ext_len);
Dr. Stephen Henson9ea1b872002-11-12 13:34:51 +0000[diff] [blame]251
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]252 if (ext_der == NULL) {
Richard Levittea150f8e2020-11-04 16:14:00 +0100[diff] [blame]253 ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR,
254 "value=%s", value);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]255 goto err;
256 }
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]257
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]258 if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]259 ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]260 goto err;
261 }
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]262
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]263 oct->data = ext_der;
264 oct->length = ext_len;
265 ext_der = NULL;
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]266
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]267 extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]268
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]269 err:
270 ASN1_OBJECT_free(obj);
Dr. Stephen Hensonf422a512015-03-14 04:16:42 +0000[diff] [blame]271 ASN1_OCTET_STRING_free(oct);
Rich Salzb548a1f2015-05-01 10:02:07 -0400[diff] [blame]272 OPENSSL_free(ext_der);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]273 return extension;
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]274
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]275}
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]276
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]277static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]278 long *ext_len)
279{
280 ASN1_TYPE *typ;
281 unsigned char *ext_der = NULL;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]282
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]283 typ = ASN1_generate_v3(value, ctx);
284 if (typ == NULL)
285 return NULL;
286 *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
287 ASN1_TYPE_free(typ);
288 return ext_der;
289}
Dr. Stephen Henson388ff0b1999-02-14 16:48:22 +0000[diff] [blame]290
Dr. Stephen Hensonebaa2cf2010-03-03 19:56:34 +0000[diff] [blame]291static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]292{
293 int idx;
294 ASN1_OBJECT *obj;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]295
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]296 obj = X509_EXTENSION_get_object(dext);
Dr. David von Oheimbd8ab30b2021-01-08 23:18:19 +0100[diff] [blame]297 while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0)
298 X509_EXTENSION_free(X509v3_delete_ext(sk, idx));
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]299}
Dr. Stephen Hensonebaa2cf2010-03-03 19:56:34 +0000[diff] [blame]300
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]301/*
302 * This is the main function: add a bunch of extensions based on a config
Dr. David von Oheimbf9027162020-12-07 13:28:39 +0100[diff] [blame]303 * file section to an extension STACK. Just check in case sk == NULL.
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]304 * Note that on error new elements may have been added to *sk if sk != NULL.
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]305 */
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]306int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]307 STACK_OF(X509_EXTENSION) **sk)
308{
309 X509_EXTENSION *ext;
310 STACK_OF(CONF_VALUE) *nval;
Dr. David von Oheimbadbd77f2021-08-17 23:13:28 +0200[diff] [blame]311 const CONF_VALUE *val;
312 int i, akid = -1, skid = -1;
Rich Salz75ebbd92015-05-06 13:43:59 -0400[diff] [blame]313
314 if ((nval = NCONF_get_section(conf, section)) == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]315 return 0;
316 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
317 val = sk_CONF_VALUE_value(nval, i);
Dr. David von Oheimbadbd77f2021-08-17 23:13:28 +0200[diff] [blame]318 if (strcmp(val->name, "authorityKeyIdentifier") == 0)
319 akid = i;
320 else if (strcmp(val->name, "subjectKeyIdentifier") == 0)
321 skid = i;
322 }
323 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
324 val = sk_CONF_VALUE_value(nval, i);
325 if (skid > akid && akid >= 0) {
326 /* make sure SKID is handled before AKID */
327 if (i == akid)
328 val = sk_CONF_VALUE_value(nval, skid);
329 else if (i == skid)
330 val = sk_CONF_VALUE_value(nval, akid);
331 }
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]332 if ((ext = X509V3_EXT_nconf_int(conf, ctx, val->section,
333 val->name, val->value)) == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]334 return 0;
Pavel Kopylabcf2412017-11-07 15:28:18 +0300[diff] [blame]335 if (sk != NULL) {
Dr. David von Oheimbf9027162020-12-07 13:28:39 +0100[diff] [blame]336 if (ctx->flags == X509V3_CTX_REPLACE)
337 delete_ext(*sk, ext);
Pavel Kopylabcf2412017-11-07 15:28:18 +0300[diff] [blame]338 if (X509v3_add_ext(sk, ext, -1) == NULL) {
339 X509_EXTENSION_free(ext);
340 return 0;
341 }
342 }
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]343 X509_EXTENSION_free(ext);
344 }
345 return 1;
346}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]347
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]348/*
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]349 * Add extensions to a certificate. Just check in case cert == NULL.
350 * Note that on error new elements may remain added to cert if cert != NULL.
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]351 */
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]352int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]353 X509 *cert)
354{
355 STACK_OF(X509_EXTENSION) **sk = NULL;
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]356 if (cert != NULL)
Dr. Stephen Henson5cf6abd2015-09-16 18:40:26 +0100[diff] [blame]357 sk = &cert->cert_info.extensions;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]358 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
359}
Dr. Stephen Henson9aeaf1b1999-01-24 00:50:01 +0000[diff] [blame]360
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]361/*
362 * Add extensions to a CRL. Just check in case crl == NULL.
363 * Note that on error new elements may remain added to crl if crl != NULL.
364 */
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]365int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]366 X509_CRL *crl)
367{
368 STACK_OF(X509_EXTENSION) **sk = NULL;
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]369 if (crl != NULL)
Dr. Stephen Henson7aef39a2015-09-16 00:24:43 +0100[diff] [blame]370 sk = &crl->crl.extensions;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]371 return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
372}
Dr. Stephen Henson1756d401999-03-06 19:33:29 +0000[diff] [blame]373
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]374/*
375 * Add extensions to certificate request. Just check in case req is NULL.
376 * Note that on error new elements may remain added to req if req != NULL.
377 */
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]378int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]379 X509_REQ *req)
380{
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]381 STACK_OF(X509_EXTENSION) *exts = NULL;
382 int ret = X509V3_EXT_add_nconf_sk(conf, ctx, section, &exts);
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]383
Dr. David von Oheimbab8af352020-12-11 19:30:40 +0100[diff] [blame]384 if (ret && req != NULL && exts != NULL)
385 ret = X509_REQ_add_extensions(req, exts);
386 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
387 return ret;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]388}
Dr. Stephen Hensonc79b16e1999-08-25 16:59:26 +0000[diff] [blame]389
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]390/* Config database functions */
391
FdaSilvaYYc8f717f2016-06-12 18:20:40 +0200[diff] [blame]392char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]393{
394 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]395 ERR_raise(ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]396 return NULL;
397 }
398 if (ctx->db_meth->get_string)
399 return ctx->db_meth->get_string(ctx->db, name, section);
400 return NULL;
401}
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]402
FdaSilvaYYc8f717f2016-06-12 18:20:40 +0200[diff] [blame]403STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]404{
405 if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
Richard Levitte9311d0c2020-11-04 12:23:19 +0100[diff] [blame]406 ERR_raise(ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]407 return NULL;
408 }
409 if (ctx->db_meth->get_section)
410 return ctx->db_meth->get_section(ctx->db, section);
411 return NULL;
412}
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]413
Ulf Möller6b691a51999-04-19 21:31:43 +0000[diff] [blame]414void X509V3_string_free(X509V3_CTX *ctx, char *str)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]415{
416 if (!str)
417 return;
418 if (ctx->db_meth->free_string)
419 ctx->db_meth->free_string(ctx->db, str);
420}
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]421
Dr. Stephen Hensonba404b51999-06-20 22:18:16 +0000[diff] [blame]422void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]423{
424 if (!section)
425 return;
426 if (ctx->db_meth->free_section)
427 ctx->db_meth->free_section(ctx->db, section);
428}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]429
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]430static char *nconf_get_string(void *db, const char *section, const char *value)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]431{
432 return NCONF_get_string(db, section, value);
433}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]434
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]435static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]436{
437 return NCONF_get_section(db, section);
438}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]439
440static X509V3_CONF_METHOD nconf_method = {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]441 nconf_get_string,
442 nconf_get_section,
443 NULL,
444 NULL
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]445};
446
447void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]448{
Dr. David von Oheimb41e597a2020-12-24 11:25:47 +0100[diff] [blame]449 if (ctx == NULL) {
450 ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER);
451 return;
452 }
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]453 ctx->db_meth = &nconf_method;
454 ctx->db = conf;
455}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]456
457void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]458 X509_CRL *crl, int flags)
459{
Dr. David von Oheimb41e597a2020-12-24 11:25:47 +0100[diff] [blame]460 if (ctx == NULL) {
461 ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER);
462 return;
463 }
464 ctx->flags = flags;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]465 ctx->issuer_cert = issuer;
466 ctx->subject_cert = subj;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]467 ctx->subject_req = req;
Dr. David von Oheimb41e597a2020-12-24 11:25:47 +0100[diff] [blame]468 ctx->crl = crl;
469 ctx->db_meth = NULL;
470 ctx->db = NULL;
471 ctx->issuer_pkey = NULL;
472}
473
474/* For API backward compatibility, this is separate from X509V3_set_ctx() */
475int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey)
476{
477 if (ctx == NULL) {
478 ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER);
479 return 0;
480 }
481 if (ctx->subject_cert == NULL && pkey != NULL) {
482 ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
483 return 0;
484 }
485 ctx->issuer_pkey = pkey;
486 return 1;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]487}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]488
489/* Old conf compatibility functions */
490
Ben Laurie3c1d6bb2008-05-26 11:24:29 +0000[diff] [blame]491X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]492 const char *name, const char *value)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]493{
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]494 CONF *ctmp;
495 X509_EXTENSION *ret;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]496
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]497 if ((ctmp = NCONF_new(NULL)) == NULL)
498 return NULL;
499 CONF_set_nconf(ctmp, conf);
500 ret = X509V3_EXT_nconf(ctmp, ctx, name, value);
Tomas Mrazc2b94c02021-08-05 12:44:58 +0200[diff] [blame]501 CONF_set_nconf(ctmp, NULL);
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]502 NCONF_free(ctmp);
503 return ret;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]504}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]505
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]506X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]507 X509V3_CTX *ctx, int ext_nid, const char *value)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]508{
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]509 CONF *ctmp;
510 X509_EXTENSION *ret;
511
512 if ((ctmp = NCONF_new(NULL)) == NULL)
513 return NULL;
514 CONF_set_nconf(ctmp, conf);
515 ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value);
Tomas Mrazc2b94c02021-08-05 12:44:58 +0200[diff] [blame]516 CONF_set_nconf(ctmp, NULL);
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]517 NCONF_free(ctmp);
518 return ret;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]519}
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]520
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]521static char *conf_lhash_get_string(void *db, const char *section, const char *value)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]522{
523 return CONF_get_string(db, section, value);
524}
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]525
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]526static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]527{
528 return CONF_get_section(db, section);
529}
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]530
531static X509V3_CONF_METHOD conf_lhash_method = {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]532 conf_lhash_get_string,
533 conf_lhash_get_section,
534 NULL,
535 NULL
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]536};
537
Ben Laurie3c1d6bb2008-05-26 11:24:29 +0000[diff] [blame]538void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]539{
Dr. David von Oheimb41e597a2020-12-24 11:25:47 +0100[diff] [blame]540 if (ctx == NULL) {
541 ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER);
542 return;
543 }
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]544 ctx->db_meth = &conf_lhash_method;
545 ctx->db = lhash;
546}
Dr. Stephen Henson1d48dd01999-04-16 23:57:04 +0000[diff] [blame]547
Ben Laurie3c1d6bb2008-05-26 11:24:29 +0000[diff] [blame]548int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]549 const char *section, X509 *cert)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]550{
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]551 CONF *ctmp;
552 int ret;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]553
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]554 if ((ctmp = NCONF_new(NULL)) == NULL)
555 return 0;
556 CONF_set_nconf(ctmp, conf);
557 ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert);
Tomas Mrazc2b94c02021-08-05 12:44:58 +0200[diff] [blame]558 CONF_set_nconf(ctmp, NULL);
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]559 NCONF_free(ctmp);
560 return ret;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]561}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]562
563/* Same as above but for a CRL */
564
Ben Laurie3c1d6bb2008-05-26 11:24:29 +0000[diff] [blame]565int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]566 const char *section, X509_CRL *crl)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]567{
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]568 CONF *ctmp;
569 int ret;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]570
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]571 if ((ctmp = NCONF_new(NULL)) == NULL)
572 return 0;
573 CONF_set_nconf(ctmp, conf);
574 ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl);
Tomas Mrazc2b94c02021-08-05 12:44:58 +0200[diff] [blame]575 CONF_set_nconf(ctmp, NULL);
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]576 NCONF_free(ctmp);
577 return ret;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]578}
Dr. Stephen Hensonb7a26e62001-06-28 11:41:50 +0000[diff] [blame]579
580/* Add extensions to certificate request */
581
Ben Laurie3c1d6bb2008-05-26 11:24:29 +0000[diff] [blame]582int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
FdaSilvaYY34707952016-05-14 23:09:34 +0200[diff] [blame]583 const char *section, X509_REQ *req)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]584{
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]585 CONF *ctmp;
586 int ret;
Dr. David von Oheimb02ae1302020-06-26 20:40:19 +0200[diff] [blame]587
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]588 if ((ctmp = NCONF_new(NULL)) == NULL)
589 return 0;
590 CONF_set_nconf(ctmp, conf);
591 ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req);
Tomas Mrazc2b94c02021-08-05 12:44:58 +0200[diff] [blame]592 CONF_set_nconf(ctmp, NULL);
Tomas Mrazb3c2ed72021-05-27 11:00:35 +0200[diff] [blame]593 NCONF_free(ctmp);
594 return ret;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]595}