Use the correct function types in X509V3_EXT_METHODs.
While C allows function pointer casts, it is UB to call a function with
a different type than its actual type signature. That is, even though
`void f(int *)` and `void g(void *)` have the same ABI, it is UB to
cast `f` to a `void(*)(void *)` and then call it through that pointer.
Clang CFI will try to enforce this rule.
The recent CL to call X509_print in tests revealed that all the i2? and
?2i callbacks in X509V3_EXT_METHODs were implemented with functions of
the wrong type, out of some combination of missing consts and void*
turned into T*.
This CL fixes this. Where the function wasn't exported, or had no
callers, I just fixed the function itself. Where it had extension
callers, I added a wrapper function with a void* type.
I'm not positive whether the wrappers are the right call. On the one
hand, keeping the exported functions as-is is more type-safe and more
OpenSSL-compatible. However, most (but not all) uses of these are in
other code defining X509V3_EXT_METHODs themselves, so the void*
signature is more correct for them too. And the functions have a type
signature meant for X509V3_EXT_METHOD, complete with method pointer.
I've gone with leaving the exported ones as-is for now. Probably the
right answer anyway is to migrate the external callers, of either type
signature.
Change-Id: Ib8f2995cbd890221eaa9ac864a7e553cb6711901
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52686
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index e64e99f..ca581d9 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -69,30 +69,26 @@
#include "internal.h"
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- AUTHORITY_KEYID *akeyid,
- STACK_OF(CONF_VALUE)
- *extlist);
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *values);
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_AUTHORITY_KEYID(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
const X509V3_EXT_METHOD v3_akey_id = {
NID_authority_key_identifier,
X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
0, 0, 0, 0,
0, 0,
- (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
- (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+ i2v_AUTHORITY_KEYID,
+ v2i_AUTHORITY_KEYID,
0, 0,
NULL
};
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- AUTHORITY_KEYID *akeyid,
- STACK_OF(CONF_VALUE)
- *extlist)
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist)
{
+ const AUTHORITY_KEYID *akeyid = ext;
int extlist_was_null = extlist == NULL;
if (akeyid->keyid) {
char *tmp = x509v3_bytes_to_hex(akeyid->keyid->data,
@@ -133,9 +129,8 @@
* is always included.
*/
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *values)
+static void *v2i_AUTHORITY_KEYID(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
{
char keyid = 0, issuer = 0;
size_t i;
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index eb9c975..c057da1 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -68,40 +68,44 @@
#include "internal.h"
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval);
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval);
+static void *v2i_subject_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+static void *v2i_issuer_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+static STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES_cb(
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret)
+{
+ return i2v_GENERAL_NAMES(method, ext, ret);
+}
+
const X509V3_EXT_METHOD v3_alt[] = {
{NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
0, 0, 0, 0,
0, 0,
- (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
- (X509V3_EXT_V2I)v2i_subject_alt,
+ i2v_GENERAL_NAMES_cb,
+ v2i_subject_alt,
NULL, NULL, NULL},
{NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
0, 0, 0, 0,
0, 0,
- (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
- (X509V3_EXT_V2I)v2i_issuer_alt,
+ i2v_GENERAL_NAMES_cb,
+ v2i_issuer_alt,
NULL, NULL, NULL},
{NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
0, 0, 0, 0,
0, 0,
- (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+ i2v_GENERAL_NAMES_cb,
NULL, NULL, NULL, NULL},
};
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
GENERAL_NAMES *gens,
STACK_OF(CONF_VALUE) *ret)
{
@@ -122,7 +126,7 @@
return ret;
}
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(const X509V3_EXT_METHOD *method,
GENERAL_NAME *gen,
STACK_OF(CONF_VALUE) *ret)
{
@@ -266,9 +270,8 @@
return 1;
}
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval)
+static void *v2i_issuer_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
{
GENERAL_NAMES *gens = NULL;
CONF_VALUE *cnf;
@@ -336,9 +339,8 @@
return ret;
}
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval)
+static void *v2i_subject_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
{
GENERAL_NAMES *gens = NULL;
CONF_VALUE *cnf;
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
index aefefdf..4edf27b 100644
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@@ -65,21 +65,19 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
- BASIC_CONSTRAINTS *bcons,
- STACK_OF(CONF_VALUE)
- *extlist);
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *values);
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+static void *v2i_BASIC_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values);
const X509V3_EXT_METHOD v3_bcons = {
NID_basic_constraints, 0,
ASN1_ITEM_ref(BASIC_CONSTRAINTS),
0, 0, 0, 0,
0, 0,
- (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS,
- (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+ i2v_BASIC_CONSTRAINTS,
+ v2i_BASIC_CONSTRAINTS,
NULL, NULL,
NULL
};
@@ -91,19 +89,18 @@
IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
- BASIC_CONSTRAINTS *bcons,
- STACK_OF(CONF_VALUE)
- *extlist)
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist)
{
+ const BASIC_CONSTRAINTS *bcons = ext;
X509V3_add_value_bool("CA", bcons->ca, &extlist);
X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
return extlist;
}
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *values)
+static void *v2i_BASIC_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values)
{
BASIC_CONSTRAINTS *bcons = NULL;
CONF_VALUE *val;
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
index 871b776..3420b12 100644
--- a/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
@@ -91,15 +91,10 @@
{-1, NULL, NULL}
};
-const X509V3_EXT_METHOD v3_nscert =
-EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
-const X509V3_EXT_METHOD v3_key_usage =
-EXT_BITSTRING(NID_key_usage, key_usage_type_table);
-
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
- ASN1_BIT_STRING *bits,
- STACK_OF(CONF_VALUE) *ret)
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret)
{
+ const ASN1_BIT_STRING *bits = ext;
const BIT_STRING_BITNAME *bnam;
for (bnam = method->usr_data; bnam->lname; bnam++) {
if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
@@ -108,9 +103,8 @@
return ret;
}
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval)
+static void *v2i_ASN1_BIT_STRING(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
CONF_VALUE *val;
ASN1_BIT_STRING *bs;
@@ -142,3 +136,14 @@
}
return bs;
}
+
+#define EXT_BITSTRING(nid, table) \
+ { \
+ nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), 0, 0, 0, 0, 0, 0, \
+ i2v_ASN1_BIT_STRING, v2i_ASN1_BIT_STRING, NULL, NULL, (void *)(table) \
+ }
+
+const X509V3_EXT_METHOD v3_nscert =
+EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+const X509V3_EXT_METHOD v3_key_usage =
+EXT_BITSTRING(NID_key_usage, key_usage_type_table);
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 6e3eb14..9290556 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -73,13 +73,13 @@
/* Certificate policies extension support: this one is a bit complex... */
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
- BIO *out, int indent);
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *value);
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+static int i2r_certpol(const X509V3_EXT_METHOD *method, void *ext, BIO *out,
+ int indent);
+static void *r2i_certpol(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *value);
+static void print_qualifiers(BIO *out, const STACK_OF(POLICYQUALINFO) *quals,
int indent);
-static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static void print_notice(BIO *out, const USERNOTICE *notice, int indent);
static POLICYINFO *policy_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *polstrs, int ia5org);
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
@@ -91,8 +91,8 @@
0, 0, 0, 0,
0, 0,
0, 0,
- (X509V3_EXT_I2R)i2r_certpol,
- (X509V3_EXT_R2I)r2i_certpol,
+ i2r_certpol,
+ r2i_certpol,
NULL
};
@@ -137,8 +137,8 @@
IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *value)
+static void *r2i_certpol(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *value)
{
STACK_OF(POLICYINFO) *pols = NULL;
char *pstr;
@@ -405,14 +405,13 @@
return 0;
}
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+static int i2r_certpol(const X509V3_EXT_METHOD *method, void *ext,
BIO *out, int indent)
{
- size_t i;
- POLICYINFO *pinfo;
+ const STACK_OF(POLICYINFO) *pol = ext;
/* First print out the policy OIDs */
- for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
- pinfo = sk_POLICYINFO_value(pol, i);
+ for (size_t i = 0; i < sk_POLICYINFO_num(pol); i++) {
+ const POLICYINFO *pinfo = sk_POLICYINFO_value(pol, i);
BIO_printf(out, "%*sPolicy: ", indent, "");
i2a_ASN1_OBJECT(out, pinfo->policyid);
BIO_puts(out, "\n");
@@ -422,13 +421,11 @@
return 1;
}
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+static void print_qualifiers(BIO *out, const STACK_OF(POLICYQUALINFO) *quals,
int indent)
{
- POLICYQUALINFO *qualinfo;
- size_t i;
- for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
- qualinfo = sk_POLICYQUALINFO_value(quals, i);
+ for (size_t i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+ const POLICYQUALINFO *qualinfo = sk_POLICYQUALINFO_value(quals, i);
switch (OBJ_obj2nid(qualinfo->pqualid)) {
case NID_id_qt_cps:
BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
@@ -450,9 +447,8 @@
}
}
-static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+static void print_notice(BIO *out, const USERNOTICE *notice, int indent)
{
- size_t i;
if (notice->noticeref) {
NOTICEREF *ref;
ref = notice->noticeref;
@@ -460,7 +456,7 @@
ref->organization->length, ref->organization->data);
BIO_printf(out, "%*sNumber%s: ", indent, "",
sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
- for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+ for (size_t i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
ASN1_INTEGER *num;
char *tmp;
num = sk_ASN1_INTEGER_value(ref->noticenos, i);
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
index 9b222bb..5c95858 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -83,24 +83,23 @@
{-1, NULL, NULL}
};
-const X509V3_EXT_METHOD v3_crl_reason = {
- NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
- 0, 0, 0, 0,
- (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
- 0,
- 0, 0, 0, 0,
- (void *)crl_reasons
-};
-
-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
- const ASN1_ENUMERATED *e)
+static char *i2s_ASN1_ENUMERATED_TABLE(const X509V3_EXT_METHOD *method,
+ void *ext)
{
- const ENUMERATED_NAMES *enam;
- long strval;
- strval = ASN1_ENUMERATED_get(e);
- for (enam = method->usr_data; enam->lname; enam++) {
+ const ASN1_ENUMERATED *e = ext;
+ long strval = ASN1_ENUMERATED_get(e);
+ for (const ENUMERATED_NAMES *enam = method->usr_data; enam->lname; enam++) {
if (strval == enam->bitnum)
return OPENSSL_strdup(enam->lname);
}
return i2s_ASN1_ENUMERATED(method, e);
}
+
+const X509V3_EXT_METHOD v3_crl_reason = {
+ NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+ 0, 0, 0, 0,
+ i2s_ASN1_ENUMERATED_TABLE,
+ 0,
+ 0, 0, 0, 0,
+ (void *)crl_reasons
+};
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
index 700200c..6f5ce1d 100644
--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -70,24 +70,9 @@
#include "../internal.h"
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
- ASN1_IA5STRING *ia5);
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
- EXT_IA5STRING(NID_netscape_base_url),
- EXT_IA5STRING(NID_netscape_revocation_url),
- EXT_IA5STRING(NID_netscape_ca_revocation_url),
- EXT_IA5STRING(NID_netscape_renewal_url),
- EXT_IA5STRING(NID_netscape_ca_policy_url),
- EXT_IA5STRING(NID_netscape_ssl_server_name),
- EXT_IA5STRING(NID_netscape_comment),
- EXT_END
-};
-
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
- ASN1_IA5STRING *ia5)
+static char *i2s_ASN1_IA5STRING(const X509V3_EXT_METHOD *method, void *ext)
{
+ const ASN1_IA5STRING *ia5 = ext;
char *tmp;
if (!ia5 || !ia5->length)
return NULL;
@@ -100,8 +85,8 @@
return tmp;
}
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str)
+static void *s2i_ASN1_IA5STRING(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *str)
{
ASN1_IA5STRING *ia5;
if (!str) {
@@ -119,3 +104,23 @@
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
return NULL;
}
+
+#define EXT_IA5STRING(nid) \
+ { \
+ nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), 0, 0, 0, 0, i2s_ASN1_IA5STRING, \
+ s2i_ASN1_IA5STRING, 0, 0, 0, 0, NULL \
+ }
+
+#define EXT_END \
+ { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+
+const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
+ EXT_IA5STRING(NID_netscape_base_url),
+ EXT_IA5STRING(NID_netscape_revocation_url),
+ EXT_IA5STRING(NID_netscape_ca_revocation_url),
+ EXT_IA5STRING(NID_netscape_renewal_url),
+ EXT_IA5STRING(NID_netscape_ca_policy_url),
+ EXT_IA5STRING(NID_netscape_ssl_server_name),
+ EXT_IA5STRING(NID_netscape_comment),
+ EXT_END
+};
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
index 3615c71..e314019 100644
--- a/crypto/x509v3/v3_info.c
+++ b/crypto/x509v3/v3_info.c
@@ -68,22 +68,18 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
- *method, AUTHORITY_INFO_ACCESS
- *ainfo, STACK_OF(CONF_VALUE)
- *ret);
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
- *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE)
- *nval);
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret);
+static void *v2i_AUTHORITY_INFO_ACCESS(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
0, 0, 0, 0,
0, 0,
- (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
- (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+ i2v_AUTHORITY_INFO_ACCESS,
+ v2i_AUTHORITY_INFO_ACCESS,
0, 0,
NULL
};
@@ -92,8 +88,8 @@
ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
0, 0, 0, 0,
0, 0,
- (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
- (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+ i2v_AUTHORITY_INFO_ACCESS,
+ v2i_AUTHORITY_INFO_ACCESS,
0, 0,
NULL
};
@@ -112,17 +108,16 @@
IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
- X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,
- STACK_OF(CONF_VALUE) *ret)
+ const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret)
{
+ const AUTHORITY_INFO_ACCESS *ainfo = ext;
ACCESS_DESCRIPTION *desc;
- size_t i;
int nlen;
char objtmp[80], *ntmp;
CONF_VALUE *vtmp;
STACK_OF(CONF_VALUE) *tret = ret;
- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+ for (size_t i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
STACK_OF(CONF_VALUE) *tmp;
desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
@@ -154,24 +149,19 @@
return NULL;
}
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
- *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE)
- *nval)
+static void *v2i_AUTHORITY_INFO_ACCESS(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
{
AUTHORITY_INFO_ACCESS *ainfo = NULL;
- CONF_VALUE *cnf, ctmp;
ACCESS_DESCRIPTION *acc;
- size_t i;
- int objlen;
char *objtmp, *ptmp;
if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
return NULL;
}
- for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- cnf = sk_CONF_VALUE_value(nval, i);
+ for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
if (!(acc = ACCESS_DESCRIPTION_new())
|| !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
@@ -182,7 +172,8 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SYNTAX);
goto err;
}
- objlen = ptmp - cnf->name;
+ int objlen = ptmp - cnf->name;
+ CONF_VALUE ctmp;
ctmp.name = ptmp + 1;
ctmp.value = cnf->value;
if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
@@ -211,8 +202,5 @@
int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a)
{
i2a_ASN1_OBJECT(bp, a->method);
-#ifdef UNDEF
- i2a_GENERAL_NAME(bp, a->location);
-#endif
return 2;
}
diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
index 7bde446..8b96796 100644
--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@@ -60,10 +60,22 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+
+static char *i2s_ASN1_INTEGER_cb(const X509V3_EXT_METHOD *method, void *ext)
+{
+ return i2s_ASN1_INTEGER(method, ext);
+}
+
+static void *s2i_asn1_int(const X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
+ const char *value)
+{
+ return s2i_ASN1_INTEGER(meth, value);
+}
+
const X509V3_EXT_METHOD v3_crl_num = {
NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
0, 0, 0, 0,
- (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+ i2s_ASN1_INTEGER_cb,
0,
0, 0, 0, 0, NULL
};
@@ -71,21 +83,15 @@
const X509V3_EXT_METHOD v3_delta_crl = {
NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
0, 0, 0, 0,
- (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+ i2s_ASN1_INTEGER_cb,
0,
0, 0, 0, 0, NULL
};
-static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
- char *value)
-{
- return s2i_ASN1_INTEGER(meth, value);
-}
-
const X509V3_EXT_METHOD v3_inhibit_anyp = {
NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
0, 0, 0, 0,
- (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
- (X509V3_EXT_S2I)s2i_asn1_int,
+ i2s_ASN1_INTEGER_cb,
+ s2i_asn1_int,
0, 0, 0, 0, NULL
};
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 57b64ef..b6ff148 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -47,24 +47,25 @@
#include "internal.h"
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
- BIO *out, int indent);
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str);
+static int i2r_pci(const X509V3_EXT_METHOD *method, void *ext, BIO *out,
+ int indent);
+static void *r2i_pci(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *str);
const X509V3_EXT_METHOD v3_pci =
{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
0, 0, 0, 0,
0, 0,
NULL, NULL,
- (X509V3_EXT_I2R)i2r_pci,
- (X509V3_EXT_R2I)r2i_pci,
+ i2r_pci,
+ r2i_pci,
NULL,
};
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
- BIO *out, int indent)
+static int i2r_pci(const X509V3_EXT_METHOD *method, void *ext, BIO *out,
+ int indent)
{
+ const PROXY_CERT_INFO_EXTENSION *pci = ext;
BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
if (pci->pcPathLengthConstraint)
i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
@@ -195,8 +196,8 @@
return 0;
}
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *value)
+static void *r2i_pci(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *value)
{
PROXY_CERT_INFO_EXTENSION *pci = NULL;
STACK_OF(CONF_VALUE) *vals;
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index 1cae7e1..926eecd 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -67,23 +67,13 @@
#include "internal.h"
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_skey_id = {
- NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
- 0, 0, 0, 0,
- (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
- (X509V3_EXT_S2I)s2i_skey_id,
- 0, 0, 0, 0,
- NULL
-};
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *oct)
+char *i2s_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method,
+ const ASN1_OCTET_STRING *oct)
{
return x509v3_bytes_to_hex(oct->data, oct->length);
}
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, const char *str)
{
ASN1_OCTET_STRING *oct;
@@ -105,8 +95,14 @@
}
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str)
+static char *i2s_ASN1_OCTET_STRING_cb(const X509V3_EXT_METHOD *method,
+ void *ext)
+{
+ return i2s_ASN1_OCTET_STRING(method, ext);
+}
+
+static void *s2i_skey_id(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *str)
{
ASN1_OCTET_STRING *oct;
ASN1_BIT_STRING *pk;
@@ -154,3 +150,12 @@
ASN1_OCTET_STRING_free(oct);
return NULL;
}
+
+const X509V3_EXT_METHOD v3_skey_id = {
+ NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+ 0, 0, 0, 0,
+ i2s_ASN1_OCTET_STRING_cb,
+ s2i_skey_id,
+ 0, 0, 0, 0,
+ NULL
+};
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 960c407..064e71b 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -222,7 +222,8 @@
return ret;
}
-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)
+char *i2s_ASN1_ENUMERATED(const X509V3_EXT_METHOD *method,
+ const ASN1_ENUMERATED *a)
{
BIGNUM *bntmp = NULL;
char *strtmp = NULL;
@@ -235,7 +236,7 @@
return strtmp;
}
-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
+char *i2s_ASN1_INTEGER(const X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
{
BIGNUM *bntmp = NULL;
char *strtmp = NULL;
@@ -248,7 +249,8 @@
return strtmp;
}
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
+ASN1_INTEGER *s2i_ASN1_INTEGER(const X509V3_EXT_METHOD *method,
+ const char *value)
{
BIGNUM *bn = NULL;
ASN1_INTEGER *aint;
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index c67dde6..afaf172 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -79,23 +79,24 @@
// Useful typedefs
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+
typedef void *(*X509V3_EXT_NEW)(void);
typedef void (*X509V3_EXT_FREE)(void *);
typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(
- const struct v3_ext_method *method, void *ext,
- STACK_OF(CONF_VALUE) *extlist);
-typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
- struct v3_ext_ctx *ctx,
- STACK_OF(CONF_VALUE) *values);
-typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
-typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
- struct v3_ext_ctx *ctx, const char *str);
-typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
+typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(const X509V3_EXT_METHOD *method,
+ void *ext,
+ STACK_OF(CONF_VALUE) *extlist);
+typedef void *(*X509V3_EXT_V2I)(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+typedef char *(*X509V3_EXT_I2S)(const X509V3_EXT_METHOD *method, void *ext);
+typedef void *(*X509V3_EXT_S2I)(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R)(const X509V3_EXT_METHOD *method, void *ext,
BIO *out, int indent);
-typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
- struct v3_ext_ctx *ctx, const char *str);
+typedef void *(*X509V3_EXT_R2I)(const X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, const char *str);
// V3 extension structure
@@ -145,8 +146,6 @@
// Maybe more here
};
-typedef struct v3_ext_method X509V3_EXT_METHOD;
-
DEFINE_STACK_OF(X509V3_EXT_METHOD)
// ext_flags values
@@ -365,23 +364,6 @@
X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
-#define EXT_BITSTRING(nid, table) \
- { \
- nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), 0, 0, 0, 0, 0, 0, \
- (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
- (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, NULL, NULL, (void *)(table) \
- }
-
-#define EXT_IA5STRING(nid) \
- { \
- nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), 0, 0, 0, 0, \
- (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
- (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, 0, 0, 0, 0, NULL \
- }
-
-#define EXT_END \
- { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
-
// X509_PURPOSE stuff
@@ -474,15 +456,6 @@
OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a,
const GENERAL_NAME *b);
-
-
-OPENSSL_EXPORT ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval);
-OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(
- X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits,
- STACK_OF(CONF_VALUE) *extlist);
-
// i2v_GENERAL_NAME serializes |gen| as a |CONF_VALUE|. If |ret| is non-NULL, it
// appends the value to |ret| and returns |ret| on success or NULL on error. If
// it returns NULL, the caller is still responsible for freeing |ret|. If |ret|
@@ -493,7 +466,8 @@
// human-readable print functions. If extracting a SAN list from a certificate,
// look at |gen| directly.
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(
- X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+ const X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
+ STACK_OF(CONF_VALUE) *ret);
OPENSSL_EXPORT int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
@@ -508,7 +482,7 @@
// human-readable print functions. If extracting a SAN list from a certificate,
// look at |gen| directly.
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(
- X509V3_EXT_METHOD *method, GENERAL_NAMES *gen,
+ const X509V3_EXT_METHOD *method, GENERAL_NAMES *gen,
STACK_OF(CONF_VALUE) *extlist);
OPENSSL_EXPORT GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
@@ -527,10 +501,10 @@
ASN1_OBJECT **poid,
ASN1_TYPE **pvalue);
-OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method,
const ASN1_OCTET_STRING *ia5);
OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(
- X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
+ const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
@@ -649,14 +623,12 @@
const ASN1_INTEGER *aint,
STACK_OF(CONF_VALUE) **extlist);
-OPENSSL_EXPORT char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth,
+OPENSSL_EXPORT char *i2s_ASN1_INTEGER(const X509V3_EXT_METHOD *meth,
const ASN1_INTEGER *aint);
-OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth,
+OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(const X509V3_EXT_METHOD *meth,
const char *value);
-OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth,
+OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(const X509V3_EXT_METHOD *meth,
const ASN1_ENUMERATED *aint);
-OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
- const ASN1_ENUMERATED *aint);
OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to, int nid_from);