From e9fce74f2e88d74006d659eb079d4710eb017d86 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 21 Oct 2020 19:45:37 -0400 Subject: [PATCH] Const-correct X509V3_extensions_print. Change-Id: I1cb16d926a58de5345de462c857774775c865c2f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43565 Reviewed-by: Adam Langley Commit-Queue: David Benjamin --- crypto/x509v3/v3_prn.c | 2 +- include/openssl/x509v3.h | 34 +++++++++++++++++++++------------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 2f5efcff0..b508eb3c5 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -156,7 +156,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, } int X509V3_extensions_print(BIO *bp, const char *title, - STACK_OF(X509_EXTENSION) *exts, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) { size_t i; diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index 95144534e..0a4e776cf 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -466,18 +466,6 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_MIN 1 #define X509_PURPOSE_MAX 9 -// Flags for X509V3_EXT_print() - -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -// Return error for unknown extensions -#define X509V3_EXT_DEFAULT 0 -// Print error for unknown extensions -#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) -// ASN1 parse unknown extensions -#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) -// BIO_dump unknown extensions -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) - // Flags for X509V3_add1_i2d #define X509V3_ADD_OP_MASK 0xfL @@ -660,6 +648,21 @@ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) + +// X509V3_EXT_DEFAULT causes unknown extensions or syntax errors to return +// failure. +#define X509V3_EXT_DEFAULT 0 +// X509V3_EXT_ERROR_UNKNOWN causes unknown extensions or syntax errors to print +// as "" or "", respectively. +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +// X509V3_EXT_PARSE_UNKNOWN is deprecated and behaves like +// |X509V3_EXT_DUMP_UNKNOWN|. +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +// X509V3_EXT_DUMP_UNKNOWN causes unknown extensions to be displayed as a +// hexdump. +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + OPENSSL_EXPORT void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, @@ -667,8 +670,13 @@ OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); +// X509V3_extensions_print prints |title|, followed by a human-readable +// representation of |exts| to |out|. It returns one on success and zero on +// error. The output is indented by |indent| spaces. |flag| is one of the +// |X509V3_EXT_*| constants and controls printing of unknown extensions and +// syntax errors. OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title, - STACK_OF(X509_EXTENSION) *exts, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); OPENSSL_EXPORT int X509_check_ca(X509 *x);