Rewrite the extension code to use an ASN1_ITEM structure
for its ASN1 operations as well as the old style function
pointers (i2d, d2i, new, free). Change standard extensions
to support this.

Fix a warning in BN_mul(), bn_mul.c about uninitialised 'j'.

CHANGES

@@ -3,6 +3,11 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+     for its ASN1 operations. The old style function pointers still exist
+     for now but they will eventually go away.
+     [Steve Henson]
+
   *) Merge in replacement ASN1 code from the ASN1 branch. This almost
      completely replaces the old ASN1 functionality.
      [Steve Henson]

crypto/bn/bn_mul.c

@@ -939,7 +939,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 #endif
 #ifdef BN_RECURSION
 	BIGNUM *t;
-	int j,k;
+	int j=0,k;
 #endif
 
 #ifdef BN_COUNT

crypto/x509v3/v3_akey.c

@@ -69,15 +69,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 
 X509V3_EXT_METHOD v3_akey_id = {
-NID_authority_key_identifier, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)AUTHORITY_KEYID_new,
-(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
-(X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
-(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
-NULL, NULL,
+NID_authority_key_identifier, X509V3_EXT_MULTILINE, &AUTHORITY_KEYID_it,
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
 (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-NULL,NULL,
+0,0,
 NULL
 };
 

crypto/x509v3/v3_alt.c

@@ -66,21 +66,16 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0,
-(X509V3_EXT_NEW)GENERAL_NAMES_new,
-(X509V3_EXT_FREE)GENERAL_NAMES_free,
-(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
-(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
-NULL, NULL,
+{ NID_subject_alt_name, 0, &GENERAL_NAMES_it,
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_subject_alt,
 NULL, NULL, NULL},
-{ NID_issuer_alt_name, 0,
-(X509V3_EXT_NEW)GENERAL_NAMES_new,
-(X509V3_EXT_FREE)GENERAL_NAMES_free,
-(X509V3_EXT_D2I)d2i_GENERAL_NAMES,
-(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
-NULL, NULL,
+
+{ NID_issuer_alt_name, 0, &GENERAL_NAMES_it,
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_issuer_alt,
 NULL, NULL, NULL},

crypto/x509v3/v3_bcons.c

@@ -69,11 +69,9 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V
 
 X509V3_EXT_METHOD v3_bcons = {
 NID_basic_constraints, 0,
-(X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
-(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
-(X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
-(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
-NULL, NULL,
+&BASIC_CONSTRAINTS_it,
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
 (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
 NULL,NULL,

crypto/x509v3/v3_bitst.c

@@ -66,6 +66,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 				ASN1_BIT_STRING *bits,
 				STACK_OF(CONF_VALUE) *extlist);
+
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
 {0, "SSL Client", "client"},
 {1, "SSL Server", "server"},

crypto/x509v3/v3_conf.c

@@ -153,7 +153,8 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 	}
 
 	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
-	method->ext_free(ext_struc);
+	if(method->it) ASN1_item_free(ext_struc, method->it);
+	else method->ext_free(ext_struc);
 	return ext;
 
 }
@@ -161,19 +162,25 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
 						 int crit, void *ext_struc)
 {
-	unsigned char *ext_der, *p;
+	unsigned char *ext_der;
 	int ext_len;
 	ASN1_OCTET_STRING *ext_oct;
 	X509_EXTENSION *ext;
 	/* Convert internal representation to DER */
-	ext_len = method->i2d(ext_struc, NULL);
-	if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
-	p = ext_der;
-	method->i2d(ext_struc, &p);
+	if(method->it) {
+		ext_len = ASN1_item_i2d(ext_struc, &ext_der, method->it);
+		if(ext_len < 0) goto merr;
+	} else {
+		unsigned char *p;
+		ext_len = method->i2d(ext_struc, NULL);
+		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
+		p = ext_der;
+		method->i2d(ext_struc, &p);
+	}
 	if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
 	ext_oct->data = ext_der;
 	ext_oct->length = ext_len;
-	
+
 	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
 	if(!ext) goto merr;
 	M_ASN1_OCTET_STRING_free(ext_oct);

crypto/x509v3/v3_cpols.c

@@ -76,13 +76,10 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
 static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
 
 X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,
-(X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
-(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
-(X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
-(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
-NULL, NULL,
-NULL, NULL,
+NID_certificate_policies, 0,&CERTIFICATEPOLICIES_it,
+0,0,0,0,
+0,0,
+0,0,
 (X509V3_EXT_I2R)i2r_certpol,
 (X509V3_EXT_R2I)r2i_certpol,
 NULL

crypto/x509v3/v3_crld.c

@@ -69,15 +69,13 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 X509V3_EXT_METHOD v3_crld = {
-NID_crl_distribution_points, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)CRL_DIST_POINTS_new,
-(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
-(X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
-(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
-NULL, NULL,
+NID_crl_distribution_points, X509V3_EXT_MULTILINE, &CRL_DIST_POINTS_it,
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_crld,
 (X509V3_EXT_V2I)v2i_crld,
-NULL, NULL, NULL
+0,0,
+NULL
 };
 
 static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,

crypto/x509v3/v3_enum.c

@@ -73,14 +73,12 @@ static ENUMERATED_NAMES crl_reasons[] = {
 };
 
 X509V3_EXT_METHOD v3_crl_reason = { 
-NID_crl_reason, 0,
-(X509V3_EXT_NEW)ASN1_ENUMERATED_new,
-(X509V3_EXT_FREE)ASN1_ENUMERATED_free,
-(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
-(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
+NID_crl_reason, 0, &ASN1_ENUMERATED_it,
+0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
-(X509V3_EXT_S2I)0,
-NULL, NULL, NULL, NULL, crl_reasons};
+0,
+0,0,0,0,
+crl_reasons};
 
 
 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,

crypto/x509v3/v3_extku.c

@@ -70,14 +70,12 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
 
 X509V3_EXT_METHOD v3_ext_ku = {
 NID_ext_key_usage, 0,
-(X509V3_EXT_NEW)EXTENDED_KEY_USAGE_new,
-(X509V3_EXT_FREE)EXTENDED_KEY_USAGE_free,
-(X509V3_EXT_D2I)d2i_EXTENDED_KEY_USAGE,
-(X509V3_EXT_I2D)i2d_EXTENDED_KEY_USAGE,
-NULL, NULL,
+&EXTENDED_KEY_USAGE_it,
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_EXTENDED_KEY_USAGE,
 (X509V3_EXT_V2I)v2i_EXTENDED_KEY_USAGE,
-NULL,NULL,
+0,0,
 NULL
 };
 

crypto/x509v3/v3_info.c

@@ -70,15 +70,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho
 				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 
 X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
-(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
-(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
-NULL, NULL,
+{ NID_info_access, X509V3_EXT_MULTILINE, &AUTHORITY_INFO_ACCESS_it,
+0,0,0,0,
+0,0,
 (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
 (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-NULL, NULL, NULL};
+0,0,
+NULL};
 
 ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
 	ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),

crypto/x509v3/v3_int.c

@@ -61,12 +61,9 @@
 #include <openssl/x509v3.h>
 
 X509V3_EXT_METHOD v3_crl_num = { 
-NID_crl_number, 0,
-(X509V3_EXT_NEW)ASN1_INTEGER_new,
-(X509V3_EXT_FREE)ASN1_INTEGER_free,
-(X509V3_EXT_D2I)d2i_ASN1_INTEGER,
-(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
+NID_crl_number, 0, &ASN1_INTEGER_it,
+0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-(X509V3_EXT_S2I)0,
-NULL, NULL, NULL, NULL, NULL};
+0,
+0,0,0,0, NULL};
 

crypto/x509v3/v3_lib.c

@@ -163,8 +163,9 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
 	X509V3_EXT_METHOD *method;
 	unsigned char *p;
-	if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL;
+	if(!(method = X509V3_EXT_get(ext))) return NULL;
 	p = ext->value->data;
+	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
 	return method->d2i(NULL, &p, ext->value->length);
 }
 

crypto/x509v3/v3_pku.c

@@ -67,12 +67,9 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
 X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0,
-(X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
-(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
-(X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
-(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
-NULL, NULL, NULL, NULL,
+NID_private_key_usage_period, 0, &PKEY_USAGE_PERIOD_it,
+0,0,0,0,
+0,0,0,0,
 (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
 NULL
 };

crypto/x509v3/v3_prn.c

@@ -100,7 +100,8 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
 
 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
 {
-	char *ext_str = NULL, *value = NULL;
+	void *ext_str = NULL;
+	char *value = NULL;
 	unsigned char *p;
 	X509V3_EXT_METHOD *method;	
 	STACK_OF(CONF_VALUE) *nval = NULL;
@@ -108,8 +109,11 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	if(!(method = X509V3_EXT_get(ext)))
 		return unknown_ext_print(out, ext, flag, indent, 0);
 	p = ext->value->data;
-	if(!(ext_str = method->d2i(NULL, &p, ext->value->length)))
-		return unknown_ext_print(out, ext, flag, indent, 1);
+	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, method->it);
+	else ext_str = method->d2i(NULL, &p, ext->value->length);
+
+	if(!ext_str) unknown_ext_print(out, ext, flag, indent, 1);
+
 	if(method->i2s) {
 		if(!(value = method->i2s(method, ext_str))) {
 			ok = 0;
@@ -138,7 +142,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 	err:
 		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
 		if(value) OPENSSL_free(value);
-		method->ext_free(ext_str);
+		if(method->it) ASN1_item_free(ext_str, method->it);
+		else method->ext_free(ext_str);
 		return ok;
 }
 

crypto/x509v3/v3_skey.c

@@ -63,14 +63,12 @@
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 X509V3_EXT_METHOD v3_skey_id = { 
-NID_subject_key_identifier, 0,
-(X509V3_EXT_NEW)ASN1_OCTET_STRING_new,
-(X509V3_EXT_FREE)ASN1_OCTET_STRING_free,
-(X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
-(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
+NID_subject_key_identifier, 0, &ASN1_OCTET_STRING_it,
+0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
 (X509V3_EXT_S2I)s2i_skey_id,
-NULL, NULL, NULL, NULL, NULL};
+0,0,0,0,
+NULL};
 
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
 	     ASN1_OCTET_STRING *oct)

crypto/x509v3/v3_sxnet.c

@@ -73,20 +73,17 @@ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
 						STACK_OF(CONF_VALUE) *nval);
 #endif
 X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE,
-(X509V3_EXT_NEW)SXNET_new,
-(X509V3_EXT_FREE)SXNET_free,
-(X509V3_EXT_D2I)d2i_SXNET,
-(X509V3_EXT_I2D)i2d_SXNET,
-NULL, NULL,
-NULL, 
+NID_sxnet, X509V3_EXT_MULTILINE, &SXNET_it,
+0,0,0,0,
+0,0,
+0, 
 #ifdef SXNET_TEST
 (X509V3_EXT_V2I)sxnet_v2i,
 #else
-NULL,
+0,
 #endif
 (X509V3_EXT_I2R)sxnet_i2r,
-NULL,
+0,
 NULL
 };
 

crypto/x509v3/x509v3.h

@@ -88,6 +88,9 @@ typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx
 struct v3_ext_method {
 int ext_nid;
 int ext_flags;
+/* If this is set the following four fields are ignored */
+const ASN1_ITEM *it;
+/* Old style ASN1 calls */
 X509V3_EXT_NEW ext_new;
 X509V3_EXT_FREE ext_free;
 X509V3_EXT_D2I d2i;
@@ -291,30 +294,22 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
 #define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
 
-#define EXT_BITSTRING(nid, table) { nid, 0, \
-			(X509V3_EXT_NEW)ASN1_BIT_STRING_new, \
-			(X509V3_EXT_FREE)ASN1_BIT_STRING_free, \
-			(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
-			(X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
-			NULL, NULL, \
+#define EXT_BITSTRING(nid, table) { nid, 0, &ASN1_BIT_STRING_it, \
+			0,0,0,0, \
+			0,0, \
 			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
 			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
 			NULL, NULL, \
-			(char *)table}
+			table}
 
-#define EXT_IA5STRING(nid) { nid, 0, \
-			(X509V3_EXT_NEW)ASN1_IA5STRING_new, \
-			(X509V3_EXT_FREE)ASN1_IA5STRING_free, \
-			(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
-			(X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
+#define EXT_IA5STRING(nid) { nid, 0, &ASN1_IA5STRING_it, \
+			0,0,0,0, \
 			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
 			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
-			NULL, NULL, NULL, NULL, \
+			0,0,0,0, \
 			NULL}
 
-#define EXT_END { -1, 0, NULL, NULL, NULL, NULL, NULL, NULL, \
-			 NULL, NULL, NULL, NULL, \
-			 NULL}
+#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
 
 
 /* X509_PURPOSE stuff */
@@ -394,10 +389,8 @@ typedef struct x509_purpose_st {
 DECLARE_STACK_OF(X509_PURPOSE)
 
 void ERR_load_X509V3_strings(void);
-int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
-BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
-BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
-void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a);
+
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
 
 DECLARE_ASN1_FUNCTIONS(SXNET)
 DECLARE_ASN1_FUNCTIONS(SXNETID)