Modify apps to use NCONF code instead of old CONF code.
Add new extension functions which work with NCONF. Tidy up extension config routines and remove redundant code. Fix NCONF_get_number(). Todo: more testing of apps to see they still work...
This commit is contained in:
parent
ce16450a89
commit
b7a26e6daf
12 changed files with 432 additions and 329 deletions
8
CHANGES
8
CHANGES
|
@ -11,6 +11,14 @@
|
|||
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
|
||||
+) applies to 0.9.7 only
|
||||
|
||||
+) Rewrite apps to use NCONF routines instead of the old CONF. New functions
|
||||
to support NCONF routines in extension code. New function CONF_set_nconf()
|
||||
to allow functions which take an NCONF to also handle the old LHASH
|
||||
structure: this means that the old CONF compatible routines can be
|
||||
retained (in particular wrt extensions) without having to duplicate the
|
||||
code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
|
||||
[Steve Henson]
|
||||
|
||||
*) Handle special case when X509_NAME is empty in X509 printing routines.
|
||||
[Steve Henson]
|
||||
|
||||
|
|
|
@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
|
|||
return BUF_strdup(tpass);
|
||||
}
|
||||
|
||||
int add_oid_section(BIO *err, LHASH *conf)
|
||||
int add_oid_section(BIO *err, CONF *conf)
|
||||
{
|
||||
char *p;
|
||||
STACK_OF(CONF_VALUE) *sktmp;
|
||||
CONF_VALUE *cnf;
|
||||
int i;
|
||||
if(!(p=CONF_get_string(conf,NULL,"oid_section")))
|
||||
if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
|
||||
{
|
||||
ERR_clear_error();
|
||||
return 1;
|
||||
}
|
||||
if(!(sktmp = CONF_get_section(conf, p))) {
|
||||
if(!(sktmp = NCONF_get_section(conf, p))) {
|
||||
BIO_printf(err, "problem loading oid section %s\n", p);
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -101,7 +101,7 @@ extern BIO *bio_err;
|
|||
#else
|
||||
|
||||
#define MAIN(a,v) PROG(a,v)
|
||||
extern LHASH *config;
|
||||
extern CONF *config;
|
||||
extern char *default_config_file;
|
||||
extern BIO *bio_err;
|
||||
|
||||
|
@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg);
|
|||
int set_ext_copy(int *copy_type, const char *arg);
|
||||
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
|
||||
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
|
||||
int add_oid_section(BIO *err, LHASH *conf);
|
||||
int add_oid_section(BIO *err, CONF *conf);
|
||||
X509 *load_cert(BIO *err, const char *file, int format,
|
||||
const char *pass, ENGINE *e, const char *cert_descrip);
|
||||
EVP_PKEY *load_key(BIO *err, const char *file, int format,
|
||||
|
|
120
apps/ca.c
120
apps/ca.c
|
@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial);
|
|||
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
||||
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
|
||||
BIGNUM *serial, char *subj, char *startdate,char *enddate,
|
||||
int days, int batch, char *ext_sect, LHASH *conf,int verbose,
|
||||
long days, int batch, char *ext_sect, CONF *conf,int verbose,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
int ext_copy);
|
||||
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
||||
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
|
||||
TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
|
||||
char *enddate, int days, int batch, char *ext_sect,
|
||||
LHASH *conf,int verbose, unsigned long certopt,
|
||||
char *enddate, long days, int batch, char *ext_sect,
|
||||
CONF *conf,int verbose, unsigned long certopt,
|
||||
unsigned long nameopt, int default_op, int ext_copy,
|
||||
ENGINE *e);
|
||||
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
||||
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
|
||||
TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
|
||||
char *enddate, int days, char *ext_sect,LHASH *conf,
|
||||
char *enddate, long days, char *ext_sect,CONF *conf,
|
||||
int verbose, unsigned long certopt, unsigned long nameopt,
|
||||
int default_op, int ext_copy);
|
||||
static int fix_data(int nid, int *type);
|
||||
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
|
||||
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
||||
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
|
||||
char *startdate, char *enddate, int days, int batch, int verbose,
|
||||
X509_REQ *req, char *ext_sect, LHASH *conf,
|
||||
char *startdate, char *enddate, long days, int batch, int verbose,
|
||||
X509_REQ *req, char *ext_sect, CONF *conf,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
int ext_copy);
|
||||
static X509_NAME *do_subject(char *subject);
|
||||
|
@ -245,8 +245,8 @@ static int check_time_format(char *str);
|
|||
char *make_revocation_str(int rev_type, char *rev_arg);
|
||||
int make_revoked(X509_REVOKED *rev, char *str);
|
||||
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
|
||||
static LHASH *conf=NULL;
|
||||
static LHASH *extconf=NULL;
|
||||
static CONF *conf=NULL;
|
||||
static CONF *extconf=NULL;
|
||||
static char *section=NULL;
|
||||
|
||||
static int preserve=0;
|
||||
|
@ -300,7 +300,7 @@ int MAIN(int argc, char **argv)
|
|||
BIGNUM *serial=NULL;
|
||||
char *startdate=NULL;
|
||||
char *enddate=NULL;
|
||||
int days=0;
|
||||
long days=0;
|
||||
int batch=0;
|
||||
int notext=0;
|
||||
unsigned long nameopt = 0, certopt = 0;
|
||||
|
@ -571,7 +571,8 @@ bad:
|
|||
}
|
||||
|
||||
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
|
||||
if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
|
||||
conf = NCONF_new(NULL);
|
||||
if (NCONF_load(conf,configfile,&errorline) <= 0)
|
||||
{
|
||||
if (errorline <= 0)
|
||||
BIO_printf(bio_err,"error loading the config file '%s'\n",
|
||||
|
@ -585,7 +586,7 @@ bad:
|
|||
/* Lets get the config section we are using */
|
||||
if (section == NULL)
|
||||
{
|
||||
section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
|
||||
section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
|
||||
if (section == NULL)
|
||||
{
|
||||
lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
|
||||
|
@ -595,7 +596,7 @@ bad:
|
|||
|
||||
if (conf != NULL)
|
||||
{
|
||||
p=CONF_get_string(conf,NULL,"oid_file");
|
||||
p=NCONF_get_string(conf,NULL,"oid_file");
|
||||
if (p == NULL)
|
||||
ERR_clear_error();
|
||||
if (p != NULL)
|
||||
|
@ -624,7 +625,7 @@ bad:
|
|||
}
|
||||
}
|
||||
|
||||
randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
|
||||
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
|
||||
if (randfile == NULL)
|
||||
ERR_clear_error();
|
||||
app_RAND_load_file(randfile, bio_err, 0);
|
||||
|
@ -643,7 +644,7 @@ bad:
|
|||
/* report status of cert with serial number given on command line */
|
||||
if (ser_status)
|
||||
{
|
||||
if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
|
||||
if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
|
||||
{
|
||||
lookup_fail(section,ENV_DATABASE);
|
||||
goto err;
|
||||
|
@ -676,7 +677,7 @@ bad:
|
|||
/*****************************************************************/
|
||||
/* we definitely need a public key, so let's get it */
|
||||
|
||||
if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
|
||||
if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
|
||||
section,ENV_PRIVATE_KEY)) == NULL))
|
||||
{
|
||||
lookup_fail(section,ENV_PRIVATE_KEY);
|
||||
|
@ -698,7 +699,7 @@ bad:
|
|||
|
||||
/*****************************************************************/
|
||||
/* we need a certificate */
|
||||
if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
|
||||
if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
|
||||
section,ENV_CERTIFICATE)) == NULL))
|
||||
{
|
||||
lookup_fail(section,ENV_CERTIFICATE);
|
||||
|
@ -715,18 +716,18 @@ bad:
|
|||
goto err;
|
||||
}
|
||||
|
||||
f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
|
||||
f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
|
||||
if (f == NULL)
|
||||
ERR_clear_error();
|
||||
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
|
||||
preserve=1;
|
||||
f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
|
||||
f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
|
||||
if (f == NULL)
|
||||
ERR_clear_error();
|
||||
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
|
||||
msie_hack=1;
|
||||
|
||||
f=CONF_get_string(conf,section,ENV_NAMEOPT);
|
||||
f=NCONF_get_string(conf,section,ENV_NAMEOPT);
|
||||
|
||||
if (f)
|
||||
{
|
||||
|
@ -740,7 +741,7 @@ bad:
|
|||
else
|
||||
ERR_clear_error();
|
||||
|
||||
f=CONF_get_string(conf,section,ENV_CERTOPT);
|
||||
f=NCONF_get_string(conf,section,ENV_CERTOPT);
|
||||
|
||||
if (f)
|
||||
{
|
||||
|
@ -754,7 +755,7 @@ bad:
|
|||
else
|
||||
ERR_clear_error();
|
||||
|
||||
f=CONF_get_string(conf,section,ENV_EXTCOPY);
|
||||
f=NCONF_get_string(conf,section,ENV_EXTCOPY);
|
||||
|
||||
if (f)
|
||||
{
|
||||
|
@ -773,7 +774,7 @@ bad:
|
|||
{
|
||||
struct stat sb;
|
||||
|
||||
if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
|
||||
if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
|
||||
== NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
|
||||
|
@ -816,7 +817,7 @@ bad:
|
|||
|
||||
/*****************************************************************/
|
||||
/* we need to load the database file */
|
||||
if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
|
||||
if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
|
||||
{
|
||||
lookup_fail(section,ENV_DATABASE);
|
||||
goto err;
|
||||
|
@ -995,7 +996,8 @@ bad:
|
|||
/* Read extentions config file */
|
||||
if (extfile)
|
||||
{
|
||||
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
|
||||
extconf = NCONF_new(NULL);
|
||||
if (NCONF_load(extconf,extfile,&errorline) <= 0)
|
||||
{
|
||||
if (errorline <= 0)
|
||||
BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
|
||||
|
@ -1011,7 +1013,7 @@ bad:
|
|||
BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
|
||||
|
||||
/* We can have sections in the ext file */
|
||||
if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
|
||||
if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
|
||||
extensions = "default";
|
||||
}
|
||||
|
||||
|
@ -1040,7 +1042,7 @@ bad:
|
|||
|
||||
if (req)
|
||||
{
|
||||
if ((md == NULL) && ((md=CONF_get_string(conf,
|
||||
if ((md == NULL) && ((md=NCONF_get_string(conf,
|
||||
section,ENV_DEFAULT_MD)) == NULL))
|
||||
{
|
||||
lookup_fail(section,ENV_DEFAULT_MD);
|
||||
|
@ -1054,7 +1056,7 @@ bad:
|
|||
if (verbose)
|
||||
BIO_printf(bio_err,"message digest is %s\n",
|
||||
OBJ_nid2ln(dgst->type));
|
||||
if ((policy == NULL) && ((policy=CONF_get_string(conf,
|
||||
if ((policy == NULL) && ((policy=NCONF_get_string(conf,
|
||||
section,ENV_POLICY)) == NULL))
|
||||
{
|
||||
lookup_fail(section,ENV_POLICY);
|
||||
|
@ -1063,7 +1065,7 @@ bad:
|
|||
if (verbose)
|
||||
BIO_printf(bio_err,"policy is %s\n",policy);
|
||||
|
||||
if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
|
||||
if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
|
||||
== NULL)
|
||||
{
|
||||
lookup_fail(section,ENV_SERIAL);
|
||||
|
@ -1076,7 +1078,7 @@ bad:
|
|||
* in the main configuration file */
|
||||
if (!extensions)
|
||||
{
|
||||
extensions=CONF_get_string(conf,section,
|
||||
extensions=NCONF_get_string(conf,section,
|
||||
ENV_EXTENSIONS);
|
||||
if (!extensions)
|
||||
ERR_clear_error();
|
||||
|
@ -1086,8 +1088,8 @@ bad:
|
|||
/* Check syntax of file */
|
||||
X509V3_CTX ctx;
|
||||
X509V3_set_ctx_test(&ctx);
|
||||
X509V3_set_conf_lhash(&ctx, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
|
||||
X509V3_set_nconf(&ctx, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
|
||||
NULL))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
|
@ -1101,7 +1103,7 @@ bad:
|
|||
|
||||
if (startdate == NULL)
|
||||
{
|
||||
startdate=CONF_get_string(conf,section,
|
||||
startdate=NCONF_get_string(conf,section,
|
||||
ENV_DEFAULT_STARTDATE);
|
||||
if (startdate == NULL)
|
||||
ERR_clear_error();
|
||||
|
@ -1115,7 +1117,7 @@ bad:
|
|||
|
||||
if (enddate == NULL)
|
||||
{
|
||||
enddate=CONF_get_string(conf,section,
|
||||
enddate=NCONF_get_string(conf,section,
|
||||
ENV_DEFAULT_ENDDATE);
|
||||
if (enddate == NULL)
|
||||
ERR_clear_error();
|
||||
|
@ -1128,8 +1130,8 @@ bad:
|
|||
|
||||
if (days == 0)
|
||||
{
|
||||
days=(int)CONF_get_number(conf,section,
|
||||
ENV_DEFAULT_DAYS);
|
||||
if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
|
||||
days = 0;
|
||||
}
|
||||
if (!enddate && (days == 0))
|
||||
{
|
||||
|
@ -1149,7 +1151,7 @@ bad:
|
|||
OPENSSL_free(f);
|
||||
}
|
||||
|
||||
if ((attribs=CONF_get_section(conf,policy)) == NULL)
|
||||
if ((attribs=NCONF_get_section(conf,policy)) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
|
||||
goto err;
|
||||
|
@ -1404,7 +1406,7 @@ bad:
|
|||
int crl_v2 = 0;
|
||||
if (!crl_ext)
|
||||
{
|
||||
crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
|
||||
crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
|
||||
if (!crl_ext)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
@ -1413,8 +1415,8 @@ bad:
|
|||
/* Check syntax of file */
|
||||
X509V3_CTX ctx;
|
||||
X509V3_set_ctx_test(&ctx);
|
||||
X509V3_set_conf_lhash(&ctx, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
|
||||
X509V3_set_nconf(&ctx, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Error Loading CRL extension section %s\n",
|
||||
|
@ -1426,10 +1428,12 @@ bad:
|
|||
|
||||
if (!crldays && !crlhours)
|
||||
{
|
||||
crldays=CONF_get_number(conf,section,
|
||||
ENV_DEFAULT_CRL_DAYS);
|
||||
crlhours=CONF_get_number(conf,section,
|
||||
ENV_DEFAULT_CRL_HOURS);
|
||||
if (!NCONF_get_number(conf,section,
|
||||
ENV_DEFAULT_CRL_DAYS, &crldays))
|
||||
crldays = 0;
|
||||
if (!NCONF_get_number(conf,section,
|
||||
ENV_DEFAULT_CRL_HOURS, &crlhours))
|
||||
crlhours = 0;
|
||||
}
|
||||
if ((crldays == 0) && (crlhours == 0))
|
||||
{
|
||||
|
@ -1505,9 +1509,9 @@ bad:
|
|||
if (ci->version == NULL)
|
||||
if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
|
||||
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
|
||||
X509V3_set_conf_lhash(&crlctx, conf);
|
||||
X509V3_set_nconf(&crlctx, conf);
|
||||
|
||||
if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
|
||||
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
|
||||
crl_ext, crl)) goto err;
|
||||
}
|
||||
if (crl_ext || crl_v2)
|
||||
|
@ -1593,7 +1597,7 @@ err:
|
|||
EVP_PKEY_free(pkey);
|
||||
X509_free(x509);
|
||||
X509_CRL_free(crl);
|
||||
CONF_free(conf);
|
||||
NCONF_free(conf);
|
||||
OBJ_cleanup();
|
||||
apps_shutdown();
|
||||
EXIT(ret);
|
||||
|
@ -1704,8 +1708,8 @@ err:
|
|||
|
||||
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
|
||||
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
|
||||
int batch, char *ext_sect, LHASH *lconf, int verbose,
|
||||
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
|
||||
int batch, char *ext_sect, CONF *lconf, int verbose,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
int ext_copy)
|
||||
{
|
||||
|
@ -1766,8 +1770,8 @@ err:
|
|||
|
||||
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
|
||||
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
|
||||
int batch, char *ext_sect, LHASH *lconf, int verbose,
|
||||
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
|
||||
int batch, char *ext_sect, CONF *lconf, int verbose,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
int ext_copy, ENGINE *e)
|
||||
{
|
||||
|
@ -1820,8 +1824,8 @@ err:
|
|||
|
||||
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
||||
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
|
||||
char *startdate, char *enddate, int days, int batch, int verbose,
|
||||
X509_REQ *req, char *ext_sect, LHASH *lconf,
|
||||
char *startdate, char *enddate, long days, int batch, int verbose,
|
||||
X509_REQ *req, char *ext_sect, CONF *lconf,
|
||||
unsigned long certopt, unsigned long nameopt, int default_op,
|
||||
int ext_copy)
|
||||
{
|
||||
|
@ -2143,13 +2147,13 @@ again2:
|
|||
BIO_printf(bio_err, "Extra configuration file found\n");
|
||||
|
||||
/* Use the extconf configuration db LHASH */
|
||||
X509V3_set_conf_lhash(&ctx, extconf);
|
||||
X509V3_set_nconf(&ctx, extconf);
|
||||
|
||||
/* Test the structure (needed?) */
|
||||
/* X509V3_set_ctx_test(&ctx); */
|
||||
|
||||
/* Adds exts contained in the configuration file */
|
||||
if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
|
||||
if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"ERROR: adding extensions in section %s\n",
|
||||
|
@ -2163,9 +2167,9 @@ again2:
|
|||
else if (ext_sect)
|
||||
{
|
||||
/* We found extensions to be set from config file */
|
||||
X509V3_set_conf_lhash(&ctx, lconf);
|
||||
X509V3_set_nconf(&ctx, lconf);
|
||||
|
||||
if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
|
||||
if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
|
||||
{
|
||||
BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
|
||||
ERR_print_errors(bio_err);
|
||||
|
@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
|
|||
|
||||
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
||||
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
|
||||
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
|
||||
char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
|
||||
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
|
||||
char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
|
||||
unsigned long nameopt, int default_op, int ext_copy)
|
||||
{
|
||||
STACK_OF(CONF_VALUE) *sk=NULL;
|
||||
|
|
|
@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void);
|
|||
static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
|
||||
static LHASH *prog_init(void );
|
||||
static int do_cmd(LHASH *prog,int argc,char *argv[]);
|
||||
LHASH *config=NULL;
|
||||
CONF *config=NULL;
|
||||
char *default_config_file=NULL;
|
||||
|
||||
/* Make sure there is only one when MONOLITH is defined */
|
||||
|
@ -269,8 +269,9 @@ int main(int Argc, char *Argv[])
|
|||
|
||||
default_config_file=p;
|
||||
|
||||
config=CONF_load(config,p,&errline);
|
||||
if (config == NULL) ERR_clear_error();
|
||||
config=NCONF_new(NULL);
|
||||
i=NCONF_load(config,p,&errline);
|
||||
if (i == 0) ERR_clear_error();
|
||||
|
||||
prog=prog_init();
|
||||
|
||||
|
@ -339,7 +340,7 @@ int main(int Argc, char *Argv[])
|
|||
end:
|
||||
if (config != NULL)
|
||||
{
|
||||
CONF_free(config);
|
||||
NCONF_free(config);
|
||||
config=NULL;
|
||||
}
|
||||
if (prog != NULL) lh_free(prog);
|
||||
|
|
127
apps/req.c
127
apps/req.c
|
@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req,
|
|||
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
|
||||
STACK_OF(CONF_VALUE) *attr, int attribs);
|
||||
static int add_attribute_object(X509_REQ *req, char *text,
|
||||
char *def, char *value, int nid, int min,
|
||||
int max);
|
||||
char *def, char *value, int nid, int n_min,
|
||||
int n_max);
|
||||
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
|
||||
int nid,int min,int max);
|
||||
int nid,int n_min,int n_max);
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
static void MS_CALLBACK req_cb(int p,int n,void *arg);
|
||||
#endif
|
||||
static int req_check_len(int len,int min,int max);
|
||||
static int req_check_len(int len,int n_min,int n_max);
|
||||
static int check_end(char *str, char *end);
|
||||
#ifndef MONOLITH
|
||||
static char *default_config_file=NULL;
|
||||
static LHASH *config=NULL;
|
||||
static CONF *config=NULL;
|
||||
#endif
|
||||
static LHASH *req_conf=NULL;
|
||||
static CONF *req_conf=NULL;
|
||||
static int batch=0;
|
||||
|
||||
#define TYPE_RSA 1
|
||||
|
@ -152,7 +152,8 @@ int MAIN(int argc, char **argv)
|
|||
X509 *x509ss=NULL;
|
||||
X509_REQ *req=NULL;
|
||||
EVP_PKEY *pkey=NULL;
|
||||
int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
|
||||
int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
|
||||
long newkey = -1;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
|
||||
int nodes=0,kludge=0,newhdr=0,subject=0;
|
||||
|
@ -457,7 +458,8 @@ bad:
|
|||
p=config_name;
|
||||
}
|
||||
default_config_file=p;
|
||||
config=CONF_load(config,p,NULL);
|
||||
config=NCONF_new(NULL);
|
||||
i=NCONF_load(config, p);
|
||||
#endif
|
||||
|
||||
if (template != NULL)
|
||||
|
@ -465,8 +467,9 @@ bad:
|
|||
long errline;
|
||||
|
||||
BIO_printf(bio_err,"Using configuration from %s\n",template);
|
||||
req_conf=CONF_load(NULL,template,&errline);
|
||||
if (req_conf == NULL)
|
||||
req_conf=NCONF_new(NULL);
|
||||
i=NCONF_load(req_conf,template,&errline);
|
||||
if (i == 0)
|
||||
{
|
||||
BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
|
||||
goto end;
|
||||
|
@ -477,7 +480,7 @@ bad:
|
|||
req_conf=config;
|
||||
BIO_printf(bio_err,"Using configuration from %s\n",
|
||||
default_config_file);
|
||||
if (req_conf == NULL)
|
||||
if (i == 0)
|
||||
{
|
||||
BIO_printf(bio_err,"Unable to load config info\n");
|
||||
}
|
||||
|
@ -485,7 +488,7 @@ bad:
|
|||
|
||||
if (req_conf != NULL)
|
||||
{
|
||||
p=CONF_get_string(req_conf,NULL,"oid_file");
|
||||
p=NCONF_get_string(req_conf,NULL,"oid_file");
|
||||
if (p == NULL)
|
||||
ERR_clear_error();
|
||||
if (p != NULL)
|
||||
|
@ -511,7 +514,7 @@ bad:
|
|||
|
||||
if (md_alg == NULL)
|
||||
{
|
||||
p=CONF_get_string(req_conf,SECTION,"default_md");
|
||||
p=NCONF_get_string(req_conf,SECTION,"default_md");
|
||||
if (p == NULL)
|
||||
ERR_clear_error();
|
||||
if (p != NULL)
|
||||
|
@ -523,7 +526,7 @@ bad:
|
|||
|
||||
if (!extensions)
|
||||
{
|
||||
extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
|
||||
extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
|
||||
if (!extensions)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
@ -531,8 +534,8 @@ bad:
|
|||
/* Check syntax of file */
|
||||
X509V3_CTX ctx;
|
||||
X509V3_set_ctx_test(&ctx);
|
||||
X509V3_set_conf_lhash(&ctx, req_conf);
|
||||
if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
|
||||
X509V3_set_nconf(&ctx, req_conf);
|
||||
if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
|
||||
BIO_printf(bio_err,
|
||||
"Error Loading extension section %s\n", extensions);
|
||||
goto end;
|
||||
|
@ -541,19 +544,19 @@ bad:
|
|||
|
||||
if(!passin)
|
||||
{
|
||||
passin = CONF_get_string(req_conf, SECTION, "input_password");
|
||||
passin = NCONF_get_string(req_conf, SECTION, "input_password");
|
||||
if (!passin)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
if(!passout)
|
||||
{
|
||||
passout = CONF_get_string(req_conf, SECTION, "output_password");
|
||||
passout = NCONF_get_string(req_conf, SECTION, "output_password");
|
||||
if (!passout)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
p = CONF_get_string(req_conf, SECTION, STRING_MASK);
|
||||
p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
|
||||
if (!p)
|
||||
ERR_clear_error();
|
||||
|
||||
|
@ -564,7 +567,7 @@ bad:
|
|||
|
||||
if(!req_exts)
|
||||
{
|
||||
req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
|
||||
req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
|
||||
if (!req_exts)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
@ -572,8 +575,8 @@ bad:
|
|||
/* Check syntax of file */
|
||||
X509V3_CTX ctx;
|
||||
X509V3_set_ctx_test(&ctx);
|
||||
X509V3_set_conf_lhash(&ctx, req_conf);
|
||||
if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
|
||||
X509V3_set_nconf(&ctx, req_conf);
|
||||
if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
|
||||
BIO_printf(bio_err,
|
||||
"Error Loading request extension section %s\n",
|
||||
req_exts);
|
||||
|
@ -600,7 +603,7 @@ bad:
|
|||
}
|
||||
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
|
||||
{
|
||||
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
|
||||
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
|
||||
if (randfile == NULL)
|
||||
ERR_clear_error();
|
||||
app_RAND_load_file(randfile, bio_err, 0);
|
||||
|
@ -609,7 +612,7 @@ bad:
|
|||
|
||||
if (newreq && (pkey == NULL))
|
||||
{
|
||||
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
|
||||
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
|
||||
if (randfile == NULL)
|
||||
ERR_clear_error();
|
||||
app_RAND_load_file(randfile, bio_err, 0);
|
||||
|
@ -618,8 +621,7 @@ bad:
|
|||
|
||||
if (newkey <= 0)
|
||||
{
|
||||
newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
|
||||
if (newkey <= 0)
|
||||
if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
|
||||
newkey=DEFAULT_KEY_LENGTH;
|
||||
}
|
||||
|
||||
|
@ -659,7 +661,7 @@ bad:
|
|||
|
||||
if (keyout == NULL)
|
||||
{
|
||||
keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
|
||||
keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
|
||||
if (keyout == NULL)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
@ -685,11 +687,11 @@ bad:
|
|||
}
|
||||
}
|
||||
|
||||
p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
|
||||
p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
|
||||
if (p == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
p=CONF_get_string(req_conf,SECTION,"encrypt_key");
|
||||
p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
|
||||
if (p == NULL)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
@ -806,10 +808,10 @@ loop:
|
|||
/* Set up V3 context struct */
|
||||
|
||||
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
|
||||
X509V3_set_conf_lhash(&ext_ctx, req_conf);
|
||||
X509V3_set_nconf(&ext_ctx, req_conf);
|
||||
|
||||
/* Add extensions */
|
||||
if(extensions && !X509V3_EXT_add_conf(req_conf,
|
||||
if(extensions && !X509V3_EXT_add_nconf(req_conf,
|
||||
&ext_ctx, extensions, x509ss))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
|
@ -828,10 +830,10 @@ loop:
|
|||
/* Set up V3 context struct */
|
||||
|
||||
X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
|
||||
X509V3_set_conf_lhash(&ext_ctx, req_conf);
|
||||
X509V3_set_nconf(&ext_ctx, req_conf);
|
||||
|
||||
/* Add extensions */
|
||||
if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf,
|
||||
if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
|
||||
&ext_ctx, req_exts, req))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
|
@ -1009,7 +1011,7 @@ end:
|
|||
{
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
|
||||
if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
EVP_PKEY_free(pkey);
|
||||
|
@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
|
|||
STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
|
||||
char *tmp, *dn_sect,*attr_sect;
|
||||
|
||||
tmp=CONF_get_string(req_conf,SECTION,PROMPT);
|
||||
tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
|
||||
if (tmp == NULL)
|
||||
ERR_clear_error();
|
||||
if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
|
||||
|
||||
dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
|
||||
dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
|
||||
if (dn_sect == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to find '%s' in config\n",
|
||||
DISTINGUISHED_NAME);
|
||||
goto err;
|
||||
}
|
||||
dn_sk=CONF_get_section(req_conf,dn_sect);
|
||||
dn_sk=NCONF_get_section(req_conf,dn_sect);
|
||||
if (dn_sk == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
|
||||
goto err;
|
||||
}
|
||||
|
||||
attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
|
||||
attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
|
||||
if (attr_sect == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
|
@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
|
|||
}
|
||||
else
|
||||
{
|
||||
attr_sk=CONF_get_section(req_conf,attr_sect);
|
||||
attr_sk=NCONF_get_section(req_conf,attr_sect);
|
||||
if (attr_sk == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
|
||||
|
@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req,
|
|||
int i;
|
||||
char *p,*q;
|
||||
char buf[100];
|
||||
int nid,min,max;
|
||||
int nid;
|
||||
long n_min,n_max;
|
||||
char *type,*def,*value;
|
||||
CONF_VALUE *v;
|
||||
X509_NAME *subj;
|
||||
|
@ -1204,27 +1207,29 @@ start: for (;;)
|
|||
/* If OBJ not recognised ignore it */
|
||||
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
|
||||
sprintf(buf,"%s_default",v->name);
|
||||
if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
|
||||
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
def="";
|
||||
}
|
||||
|
||||
sprintf(buf,"%s_value",v->name);
|
||||
if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
|
||||
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
value=NULL;
|
||||
}
|
||||
|
||||
sprintf(buf,"%s_min",v->name);
|
||||
min=(int)CONF_get_number(req_conf,dn_sect,buf);
|
||||
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
|
||||
n_min = -1;
|
||||
|
||||
sprintf(buf,"%s_max",v->name);
|
||||
max=(int)CONF_get_number(req_conf,dn_sect,buf);
|
||||
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
|
||||
n_max = -1;
|
||||
|
||||
if (!add_DN_object(subj,v->value,def,value,nid,
|
||||
min,max))
|
||||
n_min,n_max))
|
||||
return 0;
|
||||
}
|
||||
if (X509_NAME_entry_count(subj) == 0)
|
||||
|
@ -1255,7 +1260,7 @@ start2: for (;;)
|
|||
goto start2;
|
||||
|
||||
sprintf(buf,"%s_default",type);
|
||||
if ((def=CONF_get_string(req_conf,attr_sect,buf))
|
||||
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
|
||||
== NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
|
@ -1264,7 +1269,7 @@ start2: for (;;)
|
|||
|
||||
|
||||
sprintf(buf,"%s_value",type);
|
||||
if ((value=CONF_get_string(req_conf,attr_sect,buf))
|
||||
if ((value=NCONF_get_string(req_conf,attr_sect,buf))
|
||||
== NULL)
|
||||
{
|
||||
ERR_clear_error();
|
||||
|
@ -1272,13 +1277,15 @@ start2: for (;;)
|
|||
}
|
||||
|
||||
sprintf(buf,"%s_min",type);
|
||||
min=(int)CONF_get_number(req_conf,attr_sect,buf);
|
||||
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
|
||||
n_min = -1;
|
||||
|
||||
sprintf(buf,"%s_max",type);
|
||||
max=(int)CONF_get_number(req_conf,attr_sect,buf);
|
||||
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
|
||||
n_max = -1;
|
||||
|
||||
if (!add_attribute_object(req,
|
||||
v->value,def,value,nid,min,max))
|
||||
v->value,def,value,nid,n_min,n_max))
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
|
|||
|
||||
|
||||
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
|
||||
int nid, int min, int max)
|
||||
int nid, int n_min, int n_max)
|
||||
{
|
||||
int i,ret=0;
|
||||
MS_STATIC char buf[1024];
|
||||
|
@ -1393,7 +1400,7 @@ start:
|
|||
#ifdef CHARSET_EBCDIC
|
||||
ebcdic2ascii(buf, buf, i);
|
||||
#endif
|
||||
if(!req_check_len(i, min, max)) goto start;
|
||||
if(!req_check_len(i, n_min, n_max)) goto start;
|
||||
if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
|
||||
(unsigned char *) buf, -1,-1,0)) goto err;
|
||||
ret=1;
|
||||
|
@ -1402,8 +1409,8 @@ err:
|
|||
}
|
||||
|
||||
static int add_attribute_object(X509_REQ *req, char *text,
|
||||
char *def, char *value, int nid, int min,
|
||||
int max)
|
||||
char *def, char *value, int nid, int n_min,
|
||||
int n_max)
|
||||
{
|
||||
int i;
|
||||
static char buf[1024];
|
||||
|
@ -1451,7 +1458,7 @@ start:
|
|||
#ifdef CHARSET_EBCDIC
|
||||
ebcdic2ascii(buf, buf, i);
|
||||
#endif
|
||||
if(!req_check_len(i, min, max)) goto start;
|
||||
if(!req_check_len(i, n_min, n_max)) goto start;
|
||||
|
||||
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
|
||||
(unsigned char *)buf, -1)) {
|
||||
|
@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
|
|||
}
|
||||
#endif
|
||||
|
||||
static int req_check_len(int len, int min, int max)
|
||||
static int req_check_len(int len, int n_min, int n_max)
|
||||
{
|
||||
if (len < min)
|
||||
if ((n_min > 0) && (len < n_min))
|
||||
{
|
||||
BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
|
||||
BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
|
||||
return(0);
|
||||
}
|
||||
if ((max != 0) && (len > max))
|
||||
if ((n_max >= 0) && (len > n_max))
|
||||
{
|
||||
BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max);
|
||||
BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
|
||||
return(0);
|
||||
}
|
||||
return(1);
|
||||
|
|
11
apps/spkac.c
11
apps/spkac.c
|
@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
|
|||
char *passargin = NULL, *passin = NULL;
|
||||
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
|
||||
char *challenge = NULL, *keyfile = NULL;
|
||||
LHASH *conf = NULL;
|
||||
CONF *conf = NULL;
|
||||
NETSCAPE_SPKI *spki = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
char *engine=NULL;
|
||||
|
@ -228,15 +228,16 @@ bad:
|
|||
goto end;
|
||||
}
|
||||
|
||||
conf = CONF_load_bio(NULL, in, NULL);
|
||||
conf = NCONF_new(NULL);
|
||||
i = NCONF_load_bio(conf, in, NULL);
|
||||
|
||||
if(!conf) {
|
||||
if(!i) {
|
||||
BIO_printf(bio_err, "Error parsing config file\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
|
||||
spkstr = CONF_get_string(conf, spksect, spkac);
|
||||
spkstr = NCONF_get_string(conf, spksect, spkac);
|
||||
|
||||
if(!spkstr) {
|
||||
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
|
||||
|
@ -285,7 +286,7 @@ bad:
|
|||
ret = 0;
|
||||
|
||||
end:
|
||||
CONF_free(conf);
|
||||
NCONF_free(conf);
|
||||
NETSCAPE_SPKI_free(spki);
|
||||
BIO_free(in);
|
||||
BIO_free_all(out);
|
||||
|
|
29
apps/x509.c
29
apps/x509.c
|
@ -139,10 +139,10 @@ NULL
|
|||
|
||||
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
|
||||
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
|
||||
LHASH *conf, char *section);
|
||||
CONF *conf, char *section);
|
||||
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
|
||||
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
|
||||
int create,int days, int clrext, LHASH *conf, char *section,
|
||||
int create,int days, int clrext, CONF *conf, char *section,
|
||||
ASN1_INTEGER *sno);
|
||||
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
|
||||
static int reqfile=0;
|
||||
|
@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
|
|||
int fingerprint=0;
|
||||
char buf[256];
|
||||
const EVP_MD *md_alg,*digest=EVP_md5();
|
||||
LHASH *extconf = NULL;
|
||||
CONF *extconf = NULL;
|
||||
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
||||
int need_rand = 0;
|
||||
int checkend=0,checkoffset=0;
|
||||
|
@ -479,7 +479,8 @@ bad:
|
|||
{
|
||||
long errorline;
|
||||
X509V3_CTX ctx2;
|
||||
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
|
||||
extconf = NCONF_new(NULL);
|
||||
if (!NCONF_load(extconf, extfile,&errorline))
|
||||
{
|
||||
if (errorline <= 0)
|
||||
BIO_printf(bio_err,
|
||||
|
@ -493,7 +494,7 @@ bad:
|
|||
}
|
||||
if (!extsect)
|
||||
{
|
||||
extsect = CONF_get_string(extconf, "default", "extensions");
|
||||
extsect = NCONF_get_string(extconf, "default", "extensions");
|
||||
if (!extsect)
|
||||
{
|
||||
ERR_clear_error();
|
||||
|
@ -501,8 +502,8 @@ bad:
|
|||
}
|
||||
}
|
||||
X509V3_set_ctx_test(&ctx2);
|
||||
X509V3_set_conf_lhash(&ctx2, extconf);
|
||||
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
|
||||
X509V3_set_nconf(&ctx2, extconf);
|
||||
if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Error Loading extension section %s\n",
|
||||
|
@ -995,7 +996,7 @@ end:
|
|||
if (need_rand)
|
||||
app_RAND_write_file(NULL, bio_err);
|
||||
OBJ_cleanup();
|
||||
CONF_free(extconf);
|
||||
NCONF_free(extconf);
|
||||
BIO_free_all(out);
|
||||
BIO_free_all(STDout);
|
||||
X509_STORE_free(ctx);
|
||||
|
@ -1116,7 +1117,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
|
|||
|
||||
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
||||
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
|
||||
int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
|
||||
int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
|
||||
{
|
||||
int ret=0;
|
||||
ASN1_INTEGER *bs=NULL;
|
||||
|
@ -1166,8 +1167,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
|
|||
X509V3_CTX ctx2;
|
||||
X509_set_version(x,2); /* version 3 certificate */
|
||||
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
|
||||
X509V3_set_conf_lhash(&ctx2, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
|
||||
X509V3_set_nconf(&ctx2, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
|
||||
}
|
||||
|
||||
if (!X509_sign(x,pkey,digest)) goto end;
|
||||
|
@ -1213,7 +1214,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
|
|||
|
||||
/* self sign */
|
||||
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
|
||||
LHASH *conf, char *section)
|
||||
CONF *conf, char *section)
|
||||
{
|
||||
|
||||
EVP_PKEY *pktmp;
|
||||
|
@ -1243,8 +1244,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
|
|||
X509V3_CTX ctx;
|
||||
X509_set_version(x,2); /* version 3 certificate */
|
||||
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
|
||||
X509V3_set_conf_lhash(&ctx, conf);
|
||||
if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
|
||||
X509V3_set_nconf(&ctx, conf);
|
||||
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
|
||||
}
|
||||
if (!X509_sign(x,pkey,digest)) goto err;
|
||||
return 1;
|
||||
|
|
|
@ -98,6 +98,7 @@ struct conf_method_st
|
|||
};
|
||||
|
||||
int CONF_set_default_method(CONF_METHOD *meth);
|
||||
void CONF_set_nconf(CONF *conf,LHASH *hash);
|
||||
LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
|
||||
#ifndef OPENSSL_NO_FP_API
|
||||
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
|
||||
|
@ -145,7 +146,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
|
|||
and should therefore be avoided */
|
||||
long NCONF_get_number(CONF *conf,char *group,char *name);
|
||||
#else
|
||||
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
|
||||
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
|
||||
#endif
|
||||
|
||||
|
||||
|
|
|
@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
|
|||
|
||||
static CONF_METHOD *default_CONF_method=NULL;
|
||||
|
||||
/* Init a 'CONF' structure from an old LHASH */
|
||||
|
||||
void CONF_set_nconf(CONF *conf, LHASH *hash)
|
||||
{
|
||||
if (default_CONF_method == NULL)
|
||||
default_CONF_method = NCONF_default();
|
||||
|
||||
default_CONF_method->init(conf);
|
||||
conf->data = hash;
|
||||
}
|
||||
|
||||
/* The following section contains the "CONF classic" functions,
|
||||
rewritten in terms of the new CONF interface. */
|
||||
|
||||
|
@ -118,11 +129,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
|
|||
CONF ctmp;
|
||||
int ret;
|
||||
|
||||
if (default_CONF_method == NULL)
|
||||
default_CONF_method = NCONF_default();
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
|
||||
default_CONF_method->init(&ctmp);
|
||||
ctmp.data = conf;
|
||||
ret = NCONF_load_bio(&ctmp, bp, eline);
|
||||
if (ret)
|
||||
return ctmp.data;
|
||||
|
@ -138,12 +146,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
|
|||
else
|
||||
{
|
||||
CONF ctmp;
|
||||
|
||||
if (default_CONF_method == NULL)
|
||||
default_CONF_method = NCONF_default();
|
||||
|
||||
default_CONF_method->init(&ctmp);
|
||||
ctmp.data = conf;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return NCONF_get_section(&ctmp, section);
|
||||
}
|
||||
}
|
||||
|
@ -157,12 +160,7 @@ char *CONF_get_string(LHASH *conf,char *group,char *name)
|
|||
else
|
||||
{
|
||||
CONF ctmp;
|
||||
|
||||
if (default_CONF_method == NULL)
|
||||
default_CONF_method = NCONF_default();
|
||||
|
||||
default_CONF_method->init(&ctmp);
|
||||
ctmp.data = conf;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return NCONF_get_string(&ctmp, group, name);
|
||||
}
|
||||
}
|
||||
|
@ -179,12 +177,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
|
|||
else
|
||||
{
|
||||
CONF ctmp;
|
||||
|
||||
if (default_CONF_method == NULL)
|
||||
default_CONF_method = NCONF_default();
|
||||
|
||||
default_CONF_method->init(&ctmp);
|
||||
ctmp.data = conf;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
status = NCONF_get_number_e(&ctmp, group, name, &result);
|
||||
}
|
||||
|
||||
|
@ -199,12 +192,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
|
|||
void CONF_free(LHASH *conf)
|
||||
{
|
||||
CONF ctmp;
|
||||
|
||||
if (default_CONF_method == NULL)
|
||||
default_CONF_method = NCONF_default();
|
||||
|
||||
default_CONF_method->init(&ctmp);
|
||||
ctmp.data = conf;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
NCONF_free_data(&ctmp);
|
||||
}
|
||||
|
||||
|
@ -227,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
|
|||
int CONF_dump_bio(LHASH *conf, BIO *out)
|
||||
{
|
||||
CONF ctmp;
|
||||
|
||||
if (default_CONF_method == NULL)
|
||||
default_CONF_method = NCONF_default();
|
||||
|
||||
default_CONF_method->init(&ctmp);
|
||||
ctmp.data = conf;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return NCONF_dump_bio(&ctmp, out);
|
||||
}
|
||||
|
||||
|
@ -362,7 +345,7 @@ int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result)
|
|||
if (str == NULL)
|
||||
return 0;
|
||||
|
||||
for (;conf->meth->is_number(conf, *str);)
|
||||
for (*result = 0;conf->meth->is_number(conf, *str);)
|
||||
{
|
||||
*result = (*result)*10 + conf->meth->to_int(conf, *str);
|
||||
str++;
|
||||
|
|
|
@ -68,122 +68,137 @@
|
|||
|
||||
static int v3_check_critical(char **value);
|
||||
static int v3_check_generic(char **value);
|
||||
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
|
||||
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
|
||||
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
|
||||
static char *conf_lhash_get_string(void *db, char *section, char *value);
|
||||
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
|
||||
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
|
||||
int crit, void *ext_struc);
|
||||
/* LHASH *conf: Config file */
|
||||
/* CONF *conf: Config file */
|
||||
/* char *name: Name */
|
||||
/* char *value: Value */
|
||||
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
|
||||
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
|
||||
char *value)
|
||||
{
|
||||
{
|
||||
int crit;
|
||||
int ext_type;
|
||||
X509_EXTENSION *ret;
|
||||
crit = v3_check_critical(&value);
|
||||
if((ext_type = v3_check_generic(&value)))
|
||||
if ((ext_type = v3_check_generic(&value)))
|
||||
return v3_generic_extension(name, value, crit, ext_type);
|
||||
ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
|
||||
if(!ret) {
|
||||
ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
|
||||
if (!ret)
|
||||
{
|
||||
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
|
||||
ERR_add_error_data(4,"name=", name, ", value=", value);
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
/* LHASH *conf: Config file */
|
||||
/* CONF *conf: Config file */
|
||||
/* char *value: Value */
|
||||
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
|
||||
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
|
||||
char *value)
|
||||
{
|
||||
{
|
||||
int crit;
|
||||
int ext_type;
|
||||
crit = v3_check_critical(&value);
|
||||
if((ext_type = v3_check_generic(&value)))
|
||||
if ((ext_type = v3_check_generic(&value)))
|
||||
return v3_generic_extension(OBJ_nid2sn(ext_nid),
|
||||
value, crit, ext_type);
|
||||
return do_ext_conf(conf, ctx, ext_nid, crit, value);
|
||||
}
|
||||
return do_ext_nconf(conf, ctx, ext_nid, crit, value);
|
||||
}
|
||||
|
||||
/* LHASH *conf: Config file */
|
||||
/* CONF *conf: Config file */
|
||||
/* char *value: Value */
|
||||
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
|
||||
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
|
||||
int crit, char *value)
|
||||
{
|
||||
{
|
||||
X509V3_EXT_METHOD *method;
|
||||
X509_EXTENSION *ext;
|
||||
STACK_OF(CONF_VALUE) *nval;
|
||||
void *ext_struc;
|
||||
if(ext_nid == NID_undef) {
|
||||
if (ext_nid == NID_undef)
|
||||
{
|
||||
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
|
||||
return NULL;
|
||||
}
|
||||
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
|
||||
}
|
||||
if (!(method = X509V3_EXT_get_nid(ext_nid)))
|
||||
{
|
||||
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
/* Now get internal extension representation based on type */
|
||||
if(method->v2i) {
|
||||
if(*value == '@') nval = CONF_get_section(conf, value + 1);
|
||||
if (method->v2i)
|
||||
{
|
||||
if(*value == '@') nval = NCONF_get_section(conf, value + 1);
|
||||
else nval = X509V3_parse_list(value);
|
||||
if(!nval) {
|
||||
if(!nval)
|
||||
{
|
||||
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
|
||||
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
ext_struc = method->v2i(method, ctx, nval);
|
||||
if(*value != '@') sk_CONF_VALUE_pop_free(nval,
|
||||
X509V3_conf_free);
|
||||
if(!ext_struc) return NULL;
|
||||
} else if(method->s2i) {
|
||||
}
|
||||
else if(method->s2i)
|
||||
{
|
||||
if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
|
||||
} else if(method->r2i) {
|
||||
if(!ctx->db) {
|
||||
}
|
||||
else if(method->r2i)
|
||||
{
|
||||
if(!ctx->db)
|
||||
{
|
||||
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
|
||||
} else {
|
||||
}
|
||||
else
|
||||
{
|
||||
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
|
||||
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
|
||||
if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
|
||||
else method->ext_free(ext_struc);
|
||||
return ext;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
|
||||
int crit, void *ext_struc)
|
||||
{
|
||||
{
|
||||
unsigned char *ext_der;
|
||||
int ext_len;
|
||||
ASN1_OCTET_STRING *ext_oct;
|
||||
X509_EXTENSION *ext;
|
||||
/* Convert internal representation to DER */
|
||||
if(method->it) {
|
||||
if (method->it)
|
||||
{
|
||||
ext_der = NULL;
|
||||
ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
|
||||
if(ext_len < 0) goto merr;
|
||||
} else {
|
||||
if (ext_len < 0) goto merr;
|
||||
}
|
||||
else
|
||||
{
|
||||
unsigned char *p;
|
||||
ext_len = method->i2d(ext_struc, NULL);
|
||||
if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
|
||||
p = ext_der;
|
||||
method->i2d(ext_struc, &p);
|
||||
}
|
||||
if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
|
||||
}
|
||||
if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
|
||||
ext_oct->data = ext_der;
|
||||
ext_oct->length = ext_len;
|
||||
|
||||
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
|
||||
if(!ext) goto merr;
|
||||
if (!ext) goto merr;
|
||||
M_ASN1_OCTET_STRING_free(ext_oct);
|
||||
|
||||
return ext;
|
||||
|
@ -192,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
|
|||
X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
/* Given an internal structure, nid and critical flag create an extension */
|
||||
|
||||
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
|
||||
{
|
||||
{
|
||||
X509V3_EXT_METHOD *method;
|
||||
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
|
||||
if (!(method = X509V3_EXT_get_nid(ext_nid))) {
|
||||
X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -210,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
|
|||
static int v3_check_critical(char **value)
|
||||
{
|
||||
char *p = *value;
|
||||
if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
|
||||
if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
|
||||
p+=9;
|
||||
while(isspace((unsigned char)*p)) p++;
|
||||
*value = p;
|
||||
|
@ -221,9 +236,9 @@ static int v3_check_critical(char **value)
|
|||
static int v3_check_generic(char **value)
|
||||
{
|
||||
char *p = *value;
|
||||
if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
|
||||
if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
|
||||
p+=4;
|
||||
while(isspace((unsigned char)*p)) p++;
|
||||
while (isspace((unsigned char)*p)) p++;
|
||||
*value = p;
|
||||
return 1;
|
||||
}
|
||||
|
@ -231,148 +246,202 @@ static int v3_check_generic(char **value)
|
|||
/* Create a generic extension: for now just handle DER type */
|
||||
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
|
||||
int crit, int type)
|
||||
{
|
||||
unsigned char *ext_der=NULL;
|
||||
long ext_len;
|
||||
ASN1_OBJECT *obj=NULL;
|
||||
ASN1_OCTET_STRING *oct=NULL;
|
||||
X509_EXTENSION *extension=NULL;
|
||||
if(!(obj = OBJ_txt2obj(ext, 0))) {
|
||||
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
|
||||
ERR_add_error_data(2, "name=", ext);
|
||||
goto err;
|
||||
}
|
||||
{
|
||||
unsigned char *ext_der=NULL;
|
||||
long ext_len;
|
||||
ASN1_OBJECT *obj=NULL;
|
||||
ASN1_OCTET_STRING *oct=NULL;
|
||||
X509_EXTENSION *extension=NULL;
|
||||
if (!(obj = OBJ_txt2obj(ext, 0)))
|
||||
{
|
||||
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
|
||||
ERR_add_error_data(2, "name=", ext);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if(!(ext_der = string_to_hex(value, &ext_len))) {
|
||||
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
|
||||
ERR_add_error_data(2, "value=", value);
|
||||
goto err;
|
||||
}
|
||||
if (!(ext_der = string_to_hex(value, &ext_len)))
|
||||
{
|
||||
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
|
||||
ERR_add_error_data(2, "value=", value);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if(!(oct = M_ASN1_OCTET_STRING_new())) {
|
||||
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (!(oct = M_ASN1_OCTET_STRING_new()))
|
||||
{
|
||||
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
oct->data = ext_der;
|
||||
oct->length = ext_len;
|
||||
ext_der = NULL;
|
||||
oct->data = ext_der;
|
||||
oct->length = ext_len;
|
||||
ext_der = NULL;
|
||||
|
||||
extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
|
||||
extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
|
||||
|
||||
err:
|
||||
ASN1_OBJECT_free(obj);
|
||||
M_ASN1_OCTET_STRING_free(oct);
|
||||
if(ext_der) OPENSSL_free(ext_der);
|
||||
return extension;
|
||||
}
|
||||
err:
|
||||
ASN1_OBJECT_free(obj);
|
||||
M_ASN1_OCTET_STRING_free(oct);
|
||||
if(ext_der) OPENSSL_free(ext_der);
|
||||
return extension;
|
||||
|
||||
}
|
||||
|
||||
|
||||
/* This is the main function: add a bunch of extensions based on a config file
|
||||
* section
|
||||
* section to an extension STACK.
|
||||
*/
|
||||
|
||||
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
|
||||
X509 *cert)
|
||||
{
|
||||
|
||||
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
|
||||
STACK_OF(X509_EXTENSION) **sk)
|
||||
{
|
||||
X509_EXTENSION *ext;
|
||||
STACK_OF(CONF_VALUE) *nval;
|
||||
CONF_VALUE *val;
|
||||
int i;
|
||||
if(!(nval = CONF_get_section(conf, section))) return 0;
|
||||
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
|
||||
if (!(nval = NCONF_get_section(conf, section))) return 0;
|
||||
for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
|
||||
{
|
||||
val = sk_CONF_VALUE_value(nval, i);
|
||||
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
|
||||
if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
|
||||
return 0;
|
||||
if(cert) X509_add_ext(cert, ext, -1);
|
||||
if (sk) X509v3_add_ext(sk, ext, -1);
|
||||
X509_EXTENSION_free(ext);
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Convenience functions to add extensions to a certificate, CRL and request */
|
||||
|
||||
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
||||
X509 *cert)
|
||||
{
|
||||
STACK_OF(X509_EXTENSION) **sk = NULL;
|
||||
if (cert)
|
||||
sk = &cert->cert_info->extensions;
|
||||
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
|
||||
}
|
||||
|
||||
/* Same as above but for a CRL */
|
||||
|
||||
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
|
||||
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
||||
X509_CRL *crl)
|
||||
{
|
||||
X509_EXTENSION *ext;
|
||||
STACK_OF(CONF_VALUE) *nval;
|
||||
CONF_VALUE *val;
|
||||
int i;
|
||||
if(!(nval = CONF_get_section(conf, section))) return 0;
|
||||
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
|
||||
val = sk_CONF_VALUE_value(nval, i);
|
||||
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
|
||||
return 0;
|
||||
if(crl) X509_CRL_add_ext(crl, ext, -1);
|
||||
X509_EXTENSION_free(ext);
|
||||
{
|
||||
STACK_OF(X509_EXTENSION) **sk = NULL;
|
||||
if (crl)
|
||||
sk = &crl->crl->extensions;
|
||||
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Add extensions to certificate request */
|
||||
|
||||
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
|
||||
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
||||
X509_REQ *req)
|
||||
{
|
||||
X509_EXTENSION *ext;
|
||||
STACK_OF(X509_EXTENSION) *extlist = NULL;
|
||||
STACK_OF(CONF_VALUE) *nval;
|
||||
CONF_VALUE *val;
|
||||
{
|
||||
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
|
||||
int i;
|
||||
if(!(nval = CONF_get_section(conf, section))) return 0;
|
||||
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
|
||||
val = sk_CONF_VALUE_value(nval, i);
|
||||
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
|
||||
return 0;
|
||||
if(!extlist) extlist = sk_X509_EXTENSION_new_null();
|
||||
sk_X509_EXTENSION_push(extlist, ext);
|
||||
}
|
||||
if(req) i = X509_REQ_add_extensions(req, extlist);
|
||||
else i = 1;
|
||||
if (req)
|
||||
sk = &extlist;
|
||||
i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
|
||||
if (!i || !sk)
|
||||
return i;
|
||||
i = X509_REQ_add_extensions(req, extlist);
|
||||
sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
|
||||
return i;
|
||||
}
|
||||
}
|
||||
|
||||
/* Config database functions */
|
||||
|
||||
char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
|
||||
{
|
||||
if(ctx->db_meth->get_string)
|
||||
{
|
||||
if (ctx->db_meth->get_string)
|
||||
return ctx->db_meth->get_string(ctx->db, name, section);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
|
||||
{
|
||||
if(ctx->db_meth->get_section)
|
||||
{
|
||||
if (ctx->db_meth->get_section)
|
||||
return ctx->db_meth->get_section(ctx->db, section);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
void X509V3_string_free(X509V3_CTX *ctx, char *str)
|
||||
{
|
||||
if(!str) return;
|
||||
if(ctx->db_meth->free_string)
|
||||
{
|
||||
if (!str) return;
|
||||
if (ctx->db_meth->free_string)
|
||||
ctx->db_meth->free_string(ctx->db, str);
|
||||
}
|
||||
}
|
||||
|
||||
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
|
||||
{
|
||||
if(!section) return;
|
||||
if(ctx->db_meth->free_section)
|
||||
{
|
||||
if (!section) return;
|
||||
if (ctx->db_meth->free_section)
|
||||
ctx->db_meth->free_section(ctx->db, section);
|
||||
}
|
||||
}
|
||||
|
||||
static char *nconf_get_string(void *db, char *section, char *value)
|
||||
{
|
||||
return NCONF_get_string(db, section, value);
|
||||
}
|
||||
|
||||
static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
|
||||
{
|
||||
return NCONF_get_section(db, section);
|
||||
}
|
||||
|
||||
static X509V3_CONF_METHOD nconf_method = {
|
||||
nconf_get_string,
|
||||
nconf_get_section,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
||||
|
||||
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
|
||||
{
|
||||
ctx->db_meth = &nconf_method;
|
||||
ctx->db = conf;
|
||||
}
|
||||
|
||||
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
|
||||
X509_CRL *crl, int flags)
|
||||
{
|
||||
ctx->issuer_cert = issuer;
|
||||
ctx->subject_cert = subj;
|
||||
ctx->crl = crl;
|
||||
ctx->subject_req = req;
|
||||
ctx->flags = flags;
|
||||
}
|
||||
|
||||
/* Old conf compatibility functions */
|
||||
|
||||
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
|
||||
char *value)
|
||||
{
|
||||
CONF ctmp;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return X509V3_EXT_nconf(&ctmp, ctx, name, value);
|
||||
}
|
||||
|
||||
/* LHASH *conf: Config file */
|
||||
/* char *value: Value */
|
||||
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
|
||||
char *value)
|
||||
{
|
||||
CONF ctmp;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
|
||||
}
|
||||
|
||||
static char *conf_lhash_get_string(void *db, char *section, char *value)
|
||||
{
|
||||
{
|
||||
return CONF_get_string(db, section, value);
|
||||
}
|
||||
}
|
||||
|
||||
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
|
||||
{
|
||||
{
|
||||
return CONF_get_section(db, section);
|
||||
}
|
||||
}
|
||||
|
||||
static X509V3_CONF_METHOD conf_lhash_method = {
|
||||
conf_lhash_get_string,
|
||||
|
@ -382,17 +451,35 @@ NULL
|
|||
};
|
||||
|
||||
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
|
||||
{
|
||||
{
|
||||
ctx->db_meth = &conf_lhash_method;
|
||||
ctx->db = lhash;
|
||||
}
|
||||
}
|
||||
|
||||
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
|
||||
X509_CRL *crl, int flags)
|
||||
{
|
||||
ctx->issuer_cert = issuer;
|
||||
ctx->subject_cert = subj;
|
||||
ctx->crl = crl;
|
||||
ctx->subject_req = req;
|
||||
ctx->flags = flags;
|
||||
}
|
||||
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
|
||||
X509 *cert)
|
||||
{
|
||||
CONF ctmp;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
|
||||
}
|
||||
|
||||
/* Same as above but for a CRL */
|
||||
|
||||
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
|
||||
X509_CRL *crl)
|
||||
{
|
||||
CONF ctmp;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
|
||||
}
|
||||
|
||||
/* Add extensions to certificate request */
|
||||
|
||||
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
|
||||
X509_REQ *req)
|
||||
{
|
||||
CONF ctmp;
|
||||
CONF_set_nconf(&ctmp, conf);
|
||||
return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
|
||||
}
|
||||
|
|
|
@ -459,15 +459,25 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
|
|||
#ifdef HEADER_CONF_H
|
||||
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
|
||||
void X509V3_conf_free(CONF_VALUE *val);
|
||||
|
||||
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
|
||||
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
|
||||
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
|
||||
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
|
||||
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
|
||||
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
|
||||
|
||||
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
|
||||
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
|
||||
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
|
||||
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
|
||||
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
|
||||
|
||||
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
|
||||
STACK_OF(CONF_VALUE) **extlist);
|
||||
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
|
||||
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
|
||||
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
|
||||
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
|
||||
#endif
|
||||
|
||||
|
|
Loading…
Reference in a new issue