Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 1 | /* |
Matt Caswell | 454afd9 | 2020-05-15 14:09:49 +0100 | [diff] [blame] | 2 | * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. |
Rich Salz | d2e9e32 | 2016-05-17 14:51:26 -0400 | [diff] [blame] | 3 | * |
Richard Levitte | 4286ca4 | 2018-12-06 14:00:54 +0100 | [diff] [blame] | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
Rich Salz | d2e9e32 | 2016-05-17 14:51:26 -0400 | [diff] [blame] | 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 8 | */ |
Rich Salz | d2e9e32 | 2016-05-17 14:51:26 -0400 | [diff] [blame] | 9 | |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 10 | /* extension creation utilities */ |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 11 | |
Dr. Stephen Henson | e527ba0 | 1999-02-22 01:26:40 +0000 | [diff] [blame] | 12 | #include <stdio.h> |
Dr. Matthias St. Pierre | 25f2138 | 2019-09-28 00:45:33 +0200 | [diff] [blame] | 13 | #include "crypto/ctype.h" |
Richard Levitte | b39fc56 | 2015-05-14 16:56:48 +0200 | [diff] [blame] | 14 | #include "internal/cryptlib.h" |
Bodo Möller | ec57782 | 1999-04-23 22:13:45 +0000 | [diff] [blame] | 15 | #include <openssl/conf.h> |
| 16 | #include <openssl/x509.h> |
Dr. Matthias St. Pierre | 25f2138 | 2019-09-28 00:45:33 +0200 | [diff] [blame] | 17 | #include "crypto/x509.h" |
Bodo Möller | ec57782 | 1999-04-23 22:13:45 +0000 | [diff] [blame] | 18 | #include <openssl/x509v3.h> |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 19 | |
Rich Salz | 852c2ed | 2019-12-19 17:30:24 -0500 | [diff] [blame] | 20 | DEFINE_STACK_OF(CONF_VALUE) |
Rich Salz | 852c2ed | 2019-12-19 17:30:24 -0500 | [diff] [blame] | 21 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 22 | static int v3_check_critical(const char **value); |
| 23 | static int v3_check_generic(const char **value); |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 24 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 25 | int crit, const char *value); |
| 26 | static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 27 | int crit, int type, |
| 28 | X509V3_CTX *ctx); |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 29 | static char *conf_lhash_get_string(void *db, const char *section, const char *value); |
| 30 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 31 | static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, |
| 32 | int ext_nid, int crit, void *ext_struc); |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 33 | static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 34 | long *ext_len); |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 35 | |
| 36 | static X509_EXTENSION *X509V3_EXT_nconf_int(CONF *conf, X509V3_CTX *ctx, |
| 37 | const char *section, |
| 38 | const char *name, const char *value) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 39 | { |
| 40 | int crit; |
| 41 | int ext_type; |
| 42 | X509_EXTENSION *ret; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 43 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 44 | crit = v3_check_critical(&value); |
| 45 | if ((ext_type = v3_check_generic(&value))) |
| 46 | return v3_generic_extension(name, value, crit, ext_type, ctx); |
| 47 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); |
| 48 | if (!ret) { |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 49 | X509V3err(0, X509V3_R_ERROR_IN_EXTENSION); |
| 50 | if (section != NULL) |
| 51 | ERR_add_error_data(6, "section=", section, |
| 52 | ", name=", name, ", value=", value); |
| 53 | else |
| 54 | ERR_add_error_data(4, "name=", name, ", value=", value); |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 55 | } |
| 56 | return ret; |
| 57 | } |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 58 | |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 59 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, |
| 60 | const char *value) |
| 61 | { |
| 62 | return X509V3_EXT_nconf_int(conf, ctx, NULL, name, value); |
| 63 | } |
| 64 | |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 65 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 66 | const char *value) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 67 | { |
| 68 | int crit; |
| 69 | int ext_type; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 70 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 71 | crit = v3_check_critical(&value); |
| 72 | if ((ext_type = v3_check_generic(&value))) |
| 73 | return v3_generic_extension(OBJ_nid2sn(ext_nid), |
| 74 | value, crit, ext_type, ctx); |
| 75 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); |
| 76 | } |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 77 | |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 78 | /* CONF *conf: Config file */ |
Ulf Möller | 6b691a5 | 1999-04-19 21:31:43 +0000 | [diff] [blame] | 79 | /* char *value: Value */ |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 80 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 81 | int crit, const char *value) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 82 | { |
| 83 | const X509V3_EXT_METHOD *method; |
| 84 | X509_EXTENSION *ext; |
| 85 | STACK_OF(CONF_VALUE) *nval; |
| 86 | void *ext_struc; |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 87 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 88 | if (ext_nid == NID_undef) { |
| 89 | X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); |
| 90 | return NULL; |
| 91 | } |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 92 | if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 93 | X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); |
| 94 | return NULL; |
| 95 | } |
| 96 | /* Now get internal extension representation based on type */ |
| 97 | if (method->v2i) { |
| 98 | if (*value == '@') |
| 99 | nval = NCONF_get_section(conf, value + 1); |
| 100 | else |
| 101 | nval = X509V3_parse_list(value); |
Matt Caswell | 8605abf | 2016-06-10 15:30:09 +0100 | [diff] [blame] | 102 | if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 103 | X509V3err(X509V3_F_DO_EXT_NCONF, |
| 104 | X509V3_R_INVALID_EXTENSION_STRING); |
| 105 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", |
| 106 | value); |
Matt Caswell | 8605abf | 2016-06-10 15:30:09 +0100 | [diff] [blame] | 107 | if (*value != '@') |
David Benjamin | e125c12 | 2016-07-26 11:36:23 -0400 | [diff] [blame] | 108 | sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 109 | return NULL; |
| 110 | } |
| 111 | ext_struc = method->v2i(method, ctx, nval); |
| 112 | if (*value != '@') |
| 113 | sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); |
| 114 | if (!ext_struc) |
| 115 | return NULL; |
| 116 | } else if (method->s2i) { |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 117 | if ((ext_struc = method->s2i(method, ctx, value)) == NULL) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 118 | return NULL; |
| 119 | } else if (method->r2i) { |
| 120 | if (!ctx->db || !ctx->db_meth) { |
| 121 | X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); |
| 122 | return NULL; |
| 123 | } |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 124 | if ((ext_struc = method->r2i(method, ctx, value)) == NULL) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 125 | return NULL; |
| 126 | } else { |
| 127 | X509V3err(X509V3_F_DO_EXT_NCONF, |
| 128 | X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); |
| 129 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); |
| 130 | return NULL; |
| 131 | } |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 132 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 133 | ext = do_ext_i2d(method, ext_nid, crit, ext_struc); |
| 134 | if (method->it) |
| 135 | ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); |
| 136 | else |
| 137 | method->ext_free(ext_struc); |
| 138 | return ext; |
Dr. Stephen Henson | c8b4185 | 1999-05-09 16:39:11 +0000 | [diff] [blame] | 139 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 140 | } |
Dr. Stephen Henson | c8b4185 | 1999-05-09 16:39:11 +0000 | [diff] [blame] | 141 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 142 | static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, |
| 143 | int ext_nid, int crit, void *ext_struc) |
| 144 | { |
| 145 | unsigned char *ext_der = NULL; |
| 146 | int ext_len; |
| 147 | ASN1_OCTET_STRING *ext_oct = NULL; |
| 148 | X509_EXTENSION *ext; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 149 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 150 | /* Convert internal representation to DER */ |
| 151 | if (method->it) { |
| 152 | ext_der = NULL; |
| 153 | ext_len = |
| 154 | ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); |
| 155 | if (ext_len < 0) |
| 156 | goto merr; |
| 157 | } else { |
| 158 | unsigned char *p; |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 159 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 160 | ext_len = method->i2d(ext_struc, NULL); |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 161 | if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 162 | goto merr; |
| 163 | p = ext_der; |
| 164 | method->i2d(ext_struc, &p); |
| 165 | } |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 166 | if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 167 | goto merr; |
| 168 | ext_oct->data = ext_der; |
| 169 | ext_der = NULL; |
| 170 | ext_oct->length = ext_len; |
Dr. Stephen Henson | 2aff772 | 2000-12-13 13:47:33 +0000 | [diff] [blame] | 171 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 172 | ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); |
| 173 | if (!ext) |
| 174 | goto merr; |
Dr. Stephen Henson | f422a51 | 2015-03-14 04:16:42 +0000 | [diff] [blame] | 175 | ASN1_OCTET_STRING_free(ext_oct); |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 176 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 177 | return ext; |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 178 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 179 | merr: |
| 180 | X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); |
Rich Salz | b548a1f | 2015-05-01 10:02:07 -0400 | [diff] [blame] | 181 | OPENSSL_free(ext_der); |
Rich Salz | 0dfb939 | 2015-03-24 07:52:24 -0400 | [diff] [blame] | 182 | ASN1_OCTET_STRING_free(ext_oct); |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 183 | return NULL; |
Dr. Stephen Henson | c8b4185 | 1999-05-09 16:39:11 +0000 | [diff] [blame] | 184 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 185 | } |
Dr. Stephen Henson | c8b4185 | 1999-05-09 16:39:11 +0000 | [diff] [blame] | 186 | |
| 187 | /* Given an internal structure, nid and critical flag create an extension */ |
| 188 | |
| 189 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 190 | { |
| 191 | const X509V3_EXT_METHOD *method; |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 192 | |
| 193 | if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 194 | X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); |
| 195 | return NULL; |
| 196 | } |
| 197 | return do_ext_i2d(method, ext_nid, crit, ext_struc); |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 198 | } |
| 199 | |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 200 | /* Check the extension string for critical flag */ |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 201 | static int v3_check_critical(const char **value) |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 202 | { |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 203 | const char *p = *value; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 204 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 205 | if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) |
| 206 | return 0; |
| 207 | p += 9; |
Pauli | a1df06b | 2017-08-21 07:19:17 +1000 | [diff] [blame] | 208 | while (ossl_isspace(*p)) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 209 | p++; |
| 210 | *value = p; |
| 211 | return 1; |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 212 | } |
| 213 | |
| 214 | /* Check extension string for generic extension and return the type */ |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 215 | static int v3_check_generic(const char **value) |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 216 | { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 217 | int gen_type = 0; |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 218 | const char *p = *value; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 219 | |
Rich Salz | 86885c2 | 2015-05-06 14:56:14 -0400 | [diff] [blame] | 220 | if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 221 | p += 4; |
| 222 | gen_type = 1; |
Rich Salz | 86885c2 | 2015-05-06 14:56:14 -0400 | [diff] [blame] | 223 | } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 224 | p += 5; |
| 225 | gen_type = 2; |
| 226 | } else |
| 227 | return 0; |
Dr. Stephen Henson | 9ea1b87 | 2002-11-12 13:34:51 +0000 | [diff] [blame] | 228 | |
Pauli | a1df06b | 2017-08-21 07:19:17 +1000 | [diff] [blame] | 229 | while (ossl_isspace(*p)) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 230 | p++; |
| 231 | *value = p; |
| 232 | return gen_type; |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 233 | } |
| 234 | |
Dr. Stephen Henson | c79b16e | 1999-08-25 16:59:26 +0000 | [diff] [blame] | 235 | /* Create a generic extension: for now just handle DER type */ |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 236 | static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 237 | int crit, int gen_type, |
| 238 | X509V3_CTX *ctx) |
| 239 | { |
| 240 | unsigned char *ext_der = NULL; |
Gunnar Kudrjavets | 4c9b0a0 | 2015-05-06 10:16:55 +0100 | [diff] [blame] | 241 | long ext_len = 0; |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 242 | ASN1_OBJECT *obj = NULL; |
| 243 | ASN1_OCTET_STRING *oct = NULL; |
| 244 | X509_EXTENSION *extension = NULL; |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 245 | |
| 246 | if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 247 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION, |
| 248 | X509V3_R_EXTENSION_NAME_ERROR); |
| 249 | ERR_add_error_data(2, "name=", ext); |
| 250 | goto err; |
| 251 | } |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 252 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 253 | if (gen_type == 1) |
Rich Salz | 14f051a | 2016-04-13 15:58:28 -0400 | [diff] [blame] | 254 | ext_der = OPENSSL_hexstr2buf(value, &ext_len); |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 255 | else if (gen_type == 2) |
| 256 | ext_der = generic_asn1(value, ctx, &ext_len); |
Dr. Stephen Henson | 9ea1b87 | 2002-11-12 13:34:51 +0000 | [diff] [blame] | 257 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 258 | if (ext_der == NULL) { |
| 259 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION, |
| 260 | X509V3_R_EXTENSION_VALUE_ERROR); |
| 261 | ERR_add_error_data(2, "value=", value); |
| 262 | goto err; |
| 263 | } |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 264 | |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 265 | if ((oct = ASN1_OCTET_STRING_new()) == NULL) { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 266 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); |
| 267 | goto err; |
| 268 | } |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 269 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 270 | oct->data = ext_der; |
| 271 | oct->length = ext_len; |
| 272 | ext_der = NULL; |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 273 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 274 | extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 275 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 276 | err: |
| 277 | ASN1_OBJECT_free(obj); |
Dr. Stephen Henson | f422a51 | 2015-03-14 04:16:42 +0000 | [diff] [blame] | 278 | ASN1_OCTET_STRING_free(oct); |
Rich Salz | b548a1f | 2015-05-01 10:02:07 -0400 | [diff] [blame] | 279 | OPENSSL_free(ext_der); |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 280 | return extension; |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 281 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 282 | } |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 283 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 284 | static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 285 | long *ext_len) |
| 286 | { |
| 287 | ASN1_TYPE *typ; |
| 288 | unsigned char *ext_der = NULL; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 289 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 290 | typ = ASN1_generate_v3(value, ctx); |
| 291 | if (typ == NULL) |
| 292 | return NULL; |
| 293 | *ext_len = i2d_ASN1_TYPE(typ, &ext_der); |
| 294 | ASN1_TYPE_free(typ); |
| 295 | return ext_der; |
| 296 | } |
Dr. Stephen Henson | 388ff0b | 1999-02-14 16:48:22 +0000 | [diff] [blame] | 297 | |
Dr. Stephen Henson | ebaa2cf | 2010-03-03 19:56:34 +0000 | [diff] [blame] | 298 | static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 299 | { |
| 300 | int idx; |
| 301 | ASN1_OBJECT *obj; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 302 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 303 | obj = X509_EXTENSION_get_object(dext); |
| 304 | while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { |
| 305 | X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 306 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 307 | X509v3_delete_ext(sk, idx); |
| 308 | X509_EXTENSION_free(tmpext); |
| 309 | } |
| 310 | } |
Dr. Stephen Henson | ebaa2cf | 2010-03-03 19:56:34 +0000 | [diff] [blame] | 311 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 312 | /* |
| 313 | * This is the main function: add a bunch of extensions based on a config |
| 314 | * file section to an extension STACK. |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 315 | */ |
| 316 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 317 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 318 | STACK_OF(X509_EXTENSION) **sk) |
| 319 | { |
| 320 | X509_EXTENSION *ext; |
| 321 | STACK_OF(CONF_VALUE) *nval; |
| 322 | CONF_VALUE *val; |
| 323 | int i; |
Rich Salz | 75ebbd9 | 2015-05-06 13:43:59 -0400 | [diff] [blame] | 324 | |
| 325 | if ((nval = NCONF_get_section(conf, section)) == NULL) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 326 | return 0; |
| 327 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
| 328 | val = sk_CONF_VALUE_value(nval, i); |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 329 | if ((ext = X509V3_EXT_nconf_int(conf, ctx, val->section, |
| 330 | val->name, val->value)) == NULL) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 331 | return 0; |
| 332 | if (ctx->flags == X509V3_CTX_REPLACE) |
| 333 | delete_ext(*sk, ext); |
Pavel Kopyl | abcf241 | 2017-11-07 15:28:18 +0300 | [diff] [blame] | 334 | if (sk != NULL) { |
| 335 | if (X509v3_add_ext(sk, ext, -1) == NULL) { |
| 336 | X509_EXTENSION_free(ext); |
| 337 | return 0; |
| 338 | } |
| 339 | } |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 340 | X509_EXTENSION_free(ext); |
| 341 | } |
| 342 | return 1; |
| 343 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 344 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 345 | /* |
| 346 | * Convenience functions to add extensions to a certificate, CRL and request |
| 347 | */ |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 348 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 349 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 350 | X509 *cert) |
| 351 | { |
| 352 | STACK_OF(X509_EXTENSION) **sk = NULL; |
| 353 | if (cert) |
Dr. Stephen Henson | 5cf6abd | 2015-09-16 18:40:26 +0100 | [diff] [blame] | 354 | sk = &cert->cert_info.extensions; |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 355 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); |
| 356 | } |
Dr. Stephen Henson | 9aeaf1b | 1999-01-24 00:50:01 +0000 | [diff] [blame] | 357 | |
Dr. Stephen Henson | 1756d40 | 1999-03-06 19:33:29 +0000 | [diff] [blame] | 358 | /* Same as above but for a CRL */ |
| 359 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 360 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 361 | X509_CRL *crl) |
| 362 | { |
| 363 | STACK_OF(X509_EXTENSION) **sk = NULL; |
| 364 | if (crl) |
Dr. Stephen Henson | 7aef39a | 2015-09-16 00:24:43 +0100 | [diff] [blame] | 365 | sk = &crl->crl.extensions; |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 366 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); |
| 367 | } |
Dr. Stephen Henson | 1756d40 | 1999-03-06 19:33:29 +0000 | [diff] [blame] | 368 | |
Dr. Stephen Henson | c79b16e | 1999-08-25 16:59:26 +0000 | [diff] [blame] | 369 | /* Add extensions to certificate request */ |
| 370 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 371 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 372 | X509_REQ *req) |
| 373 | { |
| 374 | STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; |
| 375 | int i; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 376 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 377 | if (req) |
| 378 | sk = &extlist; |
| 379 | i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); |
| 380 | if (!i || !sk) |
| 381 | return i; |
| 382 | i = X509_REQ_add_extensions(req, extlist); |
| 383 | sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); |
| 384 | return i; |
| 385 | } |
Dr. Stephen Henson | c79b16e | 1999-08-25 16:59:26 +0000 | [diff] [blame] | 386 | |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 387 | /* Config database functions */ |
| 388 | |
FdaSilvaYY | c8f717f | 2016-06-12 18:20:40 +0200 | [diff] [blame] | 389 | char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 390 | { |
| 391 | if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { |
| 392 | X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); |
| 393 | return NULL; |
| 394 | } |
| 395 | if (ctx->db_meth->get_string) |
| 396 | return ctx->db_meth->get_string(ctx->db, name, section); |
| 397 | return NULL; |
| 398 | } |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 399 | |
FdaSilvaYY | c8f717f | 2016-06-12 18:20:40 +0200 | [diff] [blame] | 400 | STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 401 | { |
| 402 | if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { |
| 403 | X509V3err(X509V3_F_X509V3_GET_SECTION, |
| 404 | X509V3_R_OPERATION_NOT_DEFINED); |
| 405 | return NULL; |
| 406 | } |
| 407 | if (ctx->db_meth->get_section) |
| 408 | return ctx->db_meth->get_section(ctx->db, section); |
| 409 | return NULL; |
| 410 | } |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 411 | |
Ulf Möller | 6b691a5 | 1999-04-19 21:31:43 +0000 | [diff] [blame] | 412 | void X509V3_string_free(X509V3_CTX *ctx, char *str) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 413 | { |
| 414 | if (!str) |
| 415 | return; |
| 416 | if (ctx->db_meth->free_string) |
| 417 | ctx->db_meth->free_string(ctx->db, str); |
| 418 | } |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 419 | |
Dr. Stephen Henson | ba404b5 | 1999-06-20 22:18:16 +0000 | [diff] [blame] | 420 | void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 421 | { |
| 422 | if (!section) |
| 423 | return; |
| 424 | if (ctx->db_meth->free_section) |
| 425 | ctx->db_meth->free_section(ctx->db, section); |
| 426 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 427 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 428 | static char *nconf_get_string(void *db, const char *section, const char *value) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 429 | { |
| 430 | return NCONF_get_string(db, section, value); |
| 431 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 432 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 433 | static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 434 | { |
| 435 | return NCONF_get_section(db, section); |
| 436 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 437 | |
| 438 | static X509V3_CONF_METHOD nconf_method = { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 439 | nconf_get_string, |
| 440 | nconf_get_section, |
| 441 | NULL, |
| 442 | NULL |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 443 | }; |
| 444 | |
| 445 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 446 | { |
| 447 | ctx->db_meth = &nconf_method; |
| 448 | ctx->db = conf; |
| 449 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 450 | |
| 451 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 452 | X509_CRL *crl, int flags) |
| 453 | { |
| 454 | ctx->issuer_cert = issuer; |
| 455 | ctx->subject_cert = subj; |
| 456 | ctx->crl = crl; |
| 457 | ctx->subject_req = req; |
| 458 | ctx->flags = flags; |
| 459 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 460 | |
| 461 | /* Old conf compatibility functions */ |
| 462 | |
Ben Laurie | 3c1d6bb | 2008-05-26 11:24:29 +0000 | [diff] [blame] | 463 | X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 464 | const char *name, const char *value) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 465 | { |
| 466 | CONF ctmp; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 467 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 468 | CONF_set_nconf(&ctmp, conf); |
| 469 | return X509V3_EXT_nconf(&ctmp, ctx, name, value); |
| 470 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 471 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 472 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 473 | X509V3_CTX *ctx, int ext_nid, const char *value) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 474 | { |
| 475 | CONF ctmp; |
| 476 | CONF_set_nconf(&ctmp, conf); |
| 477 | return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); |
| 478 | } |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 479 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 480 | static char *conf_lhash_get_string(void *db, const char *section, const char *value) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 481 | { |
| 482 | return CONF_get_string(db, section, value); |
| 483 | } |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 484 | |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 485 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 486 | { |
| 487 | return CONF_get_section(db, section); |
| 488 | } |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 489 | |
| 490 | static X509V3_CONF_METHOD conf_lhash_method = { |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 491 | conf_lhash_get_string, |
| 492 | conf_lhash_get_section, |
| 493 | NULL, |
| 494 | NULL |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 495 | }; |
| 496 | |
Ben Laurie | 3c1d6bb | 2008-05-26 11:24:29 +0000 | [diff] [blame] | 497 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 498 | { |
| 499 | ctx->db_meth = &conf_lhash_method; |
| 500 | ctx->db = lhash; |
| 501 | } |
Dr. Stephen Henson | 1d48dd0 | 1999-04-16 23:57:04 +0000 | [diff] [blame] | 502 | |
Ben Laurie | 3c1d6bb | 2008-05-26 11:24:29 +0000 | [diff] [blame] | 503 | int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 504 | const char *section, X509 *cert) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 505 | { |
| 506 | CONF ctmp; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 507 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 508 | CONF_set_nconf(&ctmp, conf); |
| 509 | return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); |
| 510 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 511 | |
| 512 | /* Same as above but for a CRL */ |
| 513 | |
Ben Laurie | 3c1d6bb | 2008-05-26 11:24:29 +0000 | [diff] [blame] | 514 | int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 515 | const char *section, X509_CRL *crl) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 516 | { |
| 517 | CONF ctmp; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 518 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 519 | CONF_set_nconf(&ctmp, conf); |
| 520 | return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); |
| 521 | } |
Dr. Stephen Henson | b7a26e6 | 2001-06-28 11:41:50 +0000 | [diff] [blame] | 522 | |
| 523 | /* Add extensions to certificate request */ |
| 524 | |
Ben Laurie | 3c1d6bb | 2008-05-26 11:24:29 +0000 | [diff] [blame] | 525 | int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, |
FdaSilvaYY | 3470795 | 2016-05-14 23:09:34 +0200 | [diff] [blame] | 526 | const char *section, X509_REQ *req) |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 527 | { |
| 528 | CONF ctmp; |
Dr. David von Oheimb | 02ae130 | 2020-06-26 20:40:19 +0200 | [diff] [blame] | 529 | |
Matt Caswell | 0f113f3 | 2015-01-22 03:40:55 +0000 | [diff] [blame] | 530 | CONF_set_nconf(&ctmp, conf); |
| 531 | return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); |
| 532 | } |