summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libcrypto/x509v3/v3_conf.c73
-rw-r--r--lib/libcrypto/x509v3/x509v3.h36
2 files changed, 61 insertions, 48 deletions
diff --git a/lib/libcrypto/x509v3/v3_conf.c b/lib/libcrypto/x509v3/v3_conf.c
index 27e1bc9f574..bb06c185367 100644
--- a/lib/libcrypto/x509v3/v3_conf.c
+++ b/lib/libcrypto/x509v3/v3_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: v3_conf.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: v3_conf.c,v 1.22 2018/05/13 17:49:02 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -66,23 +66,27 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
- int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+ int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
int crit, int type, X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static char *conf_lhash_get_string(void *db, const char *section,
+ const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db,
+ const char *section);
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+ long *ext_len);
/* CONF *conf: Config file */
/* char *name: Name */
/* char *value: Value */
X509_EXTENSION *
-X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
+X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+ const char *value)
{
int crit;
int ext_type;
@@ -102,7 +106,8 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
/* CONF *conf: Config file */
/* char *value: Value */
X509_EXTENSION *
-X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
+X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ const char *value)
{
int crit;
int ext_type;
@@ -117,7 +122,8 @@ X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
/* CONF *conf: Config file */
/* char *value: Value */
static X509_EXTENSION *
-do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
+do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit,
+ const char *value)
{
const X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
@@ -233,9 +239,9 @@ X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
/* Check the extension string for critical flag */
static int
-v3_check_critical(char **value)
+v3_check_critical(const char **value)
{
- char *p = *value;
+ const char *p = *value;
if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
return 0;
@@ -247,10 +253,10 @@ v3_check_critical(char **value)
/* Check extension string for generic extension and return the type */
static int
-v3_check_generic(char **value)
+v3_check_generic(const char **value)
{
int gen_type = 0;
- char *p = *value;
+ const char *p = *value;
if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
p += 4;
@@ -269,7 +275,7 @@ v3_check_generic(char **value)
/* Create a generic extension: for now just handle DER type */
static X509_EXTENSION *
-v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
+v3_generic_extension(const char *ext, const char *value, int crit, int gen_type,
X509V3_CTX *ctx)
{
unsigned char *ext_der = NULL;
@@ -318,7 +324,7 @@ err:
}
static unsigned char *
-generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
+generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len)
{
ASN1_TYPE *typ;
unsigned char *ext_der = NULL;
@@ -336,7 +342,7 @@ generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
*/
int
-X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
STACK_OF(X509_EXTENSION) **sk)
{
X509_EXTENSION *ext;
@@ -360,7 +366,8 @@ X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
/* Convenience functions to add extensions to a certificate, CRL and request */
int
-X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
+X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509 *cert)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
@@ -372,7 +379,7 @@ X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
/* Same as above but for a CRL */
int
-X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
X509_CRL *crl)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
@@ -385,7 +392,7 @@ X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
/* Add extensions to certificate request */
int
-X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
X509_REQ *req)
{
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
@@ -446,13 +453,13 @@ X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
}
static char *
-nconf_get_string(void *db, char *section, char *value)
+nconf_get_string(void *db, const char *section, const char *value)
{
return NCONF_get_string(db, section, value);
}
-static
-STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+static STACK_OF(CONF_VALUE) *
+nconf_get_section(void *db, const char *section)
{
return NCONF_get_section(db, section);
}
@@ -485,8 +492,8 @@ X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
/* Old conf compatibility functions */
X509_EXTENSION *
-X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
- char *value)
+X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name,
+ const char *value)
{
CONF ctmp;
@@ -498,7 +505,7 @@ X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name,
/* char *value: Value */
X509_EXTENSION *
X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
- char *value)
+ const char *value)
{
CONF ctmp;
@@ -507,13 +514,13 @@ X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid,
}
static char *
-conf_lhash_get_string(void *db, char *section, char *value)
+conf_lhash_get_string(void *db, const char *section, const char *value)
{
return CONF_get_string(db, section, value);
}
static STACK_OF(CONF_VALUE) *
-conf_lhash_get_section(void *db, char *section)
+conf_lhash_get_section(void *db, const char *section)
{
return CONF_get_section(db, section);
}
@@ -533,8 +540,8 @@ X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
}
int
-X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
- X509 *cert)
+X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+ const char *section, X509 *cert)
{
CONF ctmp;
@@ -546,7 +553,7 @@ X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *section,
int
X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_CRL *crl)
+ const char *section, X509_CRL *crl)
{
CONF ctmp;
@@ -558,7 +565,7 @@ X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
int
X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_REQ *req)
+ const char *section, X509_REQ *req)
{
CONF ctmp;
diff --git a/lib/libcrypto/x509v3/x509v3.h b/lib/libcrypto/x509v3/x509v3.h
index 3efb4ef25de..429239424cd 100644
--- a/lib/libcrypto/x509v3/x509v3.h
+++ b/lib/libcrypto/x509v3/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.24 2018/05/13 15:03:01 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.25 2018/05/13 17:49:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -121,9 +121,9 @@ void *usr_data; /* Any extension specific data */
};
typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
+char *(*get_string)(void *db, const char *section, const char *value);
+STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
+void (*free_string)(void *db, char *string);
void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
} X509V3_CONF_METHOD;
@@ -696,23 +696,29 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
void X509V3_conf_free(CONF_VALUE *val);
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+ const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+ STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+ X509_CRL *crl);
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- int ext_nid, char *value);
+ int ext_nid, const char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *name, char *value);
+ const char *name, const char *value);
int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509 *cert);
+ const char *section, X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_REQ *req);
+ const char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
- char *section, X509_CRL *crl);
+ const char *section, X509_CRL *crl);
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);