Modify apps to use NCONF code instead of old CONF code.

Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
This commit is contained in:
Dr. Stephen Henson 2001-06-28 11:41:50 +00:00
parent ce16450a89
commit b7a26e6daf
12 changed files with 432 additions and 329 deletions

View file

@ -11,6 +11,14 @@
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
+) applies to 0.9.7 only
+) Rewrite apps to use NCONF routines instead of the old CONF. New functions
to support NCONF routines in extension code. New function CONF_set_nconf()
to allow functions which take an NCONF to also handle the old LHASH
structure: this means that the old CONF compatible routines can be
retained (in particular wrt extensions) without having to duplicate the
code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
[Steve Henson]
*) Handle special case when X509_NAME is empty in X509 printing routines.
[Steve Henson]

View file

@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
return BUF_strdup(tpass);
}
int add_oid_section(BIO *err, LHASH *conf)
int add_oid_section(BIO *err, CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
if(!(p=CONF_get_string(conf,NULL,"oid_section")))
if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
{
ERR_clear_error();
return 1;
}
if(!(sktmp = CONF_get_section(conf, p))) {
if(!(sktmp = NCONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}

View file

@ -101,7 +101,7 @@ extern BIO *bio_err;
#else
#define MAIN(a,v) PROG(a,v)
extern LHASH *config;
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf);
int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
EVP_PKEY *load_key(BIO *err, const char *file, int format,

120
apps/ca.c
View file

@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate,char *enddate,
int days, int batch, char *ext_sect, LHASH *conf,int verbose,
long days, int batch, char *ext_sect, CONF *conf,int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
char *enddate, int days, int batch, char *ext_sect,
LHASH *conf,int verbose, unsigned long certopt,
char *enddate, long days, int batch, char *ext_sect,
CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
char *enddate, int days, char *ext_sect,LHASH *conf,
char *enddate, long days, char *ext_sect,CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
char *startdate, char *enddate, int days, int batch, int verbose,
X509_REQ *req, char *ext_sect, LHASH *conf,
char *startdate, char *enddate, long days, int batch, int verbose,
X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static X509_NAME *do_subject(char *subject);
@ -245,8 +245,8 @@ static int check_time_format(char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
static LHASH *conf=NULL;
static LHASH *extconf=NULL;
static CONF *conf=NULL;
static CONF *extconf=NULL;
static char *section=NULL;
static int preserve=0;
@ -300,7 +300,7 @@ int MAIN(int argc, char **argv)
BIGNUM *serial=NULL;
char *startdate=NULL;
char *enddate=NULL;
int days=0;
long days=0;
int batch=0;
int notext=0;
unsigned long nameopt = 0, certopt = 0;
@ -571,7 +571,8 @@ bad:
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
conf = NCONF_new(NULL);
if (NCONF_load(conf,configfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err,"error loading the config file '%s'\n",
@ -585,7 +586,7 @@ bad:
/* Lets get the config section we are using */
if (section == NULL)
{
section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
if (section == NULL)
{
lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
@ -595,7 +596,7 @@ bad:
if (conf != NULL)
{
p=CONF_get_string(conf,NULL,"oid_file");
p=NCONF_get_string(conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
@ -624,7 +625,7 @@ bad:
}
}
randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
@ -643,7 +644,7 @@ bad:
/* report status of cert with serial number given on command line */
if (ser_status)
{
if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
@ -676,7 +677,7 @@ bad:
/*****************************************************************/
/* we definitely need a public key, so let's get it */
if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
{
lookup_fail(section,ENV_PRIVATE_KEY);
@ -698,7 +699,7 @@ bad:
/*****************************************************************/
/* we need a certificate */
if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
{
lookup_fail(section,ENV_CERTIFICATE);
@ -715,18 +716,18 @@ bad:
goto err;
}
f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
preserve=1;
f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
msie_hack=1;
f=CONF_get_string(conf,section,ENV_NAMEOPT);
f=NCONF_get_string(conf,section,ENV_NAMEOPT);
if (f)
{
@ -740,7 +741,7 @@ bad:
else
ERR_clear_error();
f=CONF_get_string(conf,section,ENV_CERTOPT);
f=NCONF_get_string(conf,section,ENV_CERTOPT);
if (f)
{
@ -754,7 +755,7 @@ bad:
else
ERR_clear_error();
f=CONF_get_string(conf,section,ENV_EXTCOPY);
f=NCONF_get_string(conf,section,ENV_EXTCOPY);
if (f)
{
@ -773,7 +774,7 @@ bad:
{
struct stat sb;
if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
== NULL)
{
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
@ -816,7 +817,7 @@ bad:
/*****************************************************************/
/* we need to load the database file */
if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
@ -995,7 +996,8 @@ bad:
/* Read extentions config file */
if (extfile)
{
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
extconf = NCONF_new(NULL);
if (NCONF_load(extconf,extfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
@ -1011,7 +1013,7 @@ bad:
BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
/* We can have sections in the ext file */
if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
extensions = "default";
}
@ -1040,7 +1042,7 @@ bad:
if (req)
{
if ((md == NULL) && ((md=CONF_get_string(conf,
if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
@ -1054,7 +1056,7 @@ bad:
if (verbose)
BIO_printf(bio_err,"message digest is %s\n",
OBJ_nid2ln(dgst->type));
if ((policy == NULL) && ((policy=CONF_get_string(conf,
if ((policy == NULL) && ((policy=NCONF_get_string(conf,
section,ENV_POLICY)) == NULL))
{
lookup_fail(section,ENV_POLICY);
@ -1063,7 +1065,7 @@ bad:
if (verbose)
BIO_printf(bio_err,"policy is %s\n",policy);
if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
== NULL)
{
lookup_fail(section,ENV_SERIAL);
@ -1076,7 +1078,7 @@ bad:
* in the main configuration file */
if (!extensions)
{
extensions=CONF_get_string(conf,section,
extensions=NCONF_get_string(conf,section,
ENV_EXTENSIONS);
if (!extensions)
ERR_clear_error();
@ -1086,8 +1088,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, conf);
if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
NULL))
{
BIO_printf(bio_err,
@ -1101,7 +1103,7 @@ bad:
if (startdate == NULL)
{
startdate=CONF_get_string(conf,section,
startdate=NCONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
if (startdate == NULL)
ERR_clear_error();
@ -1115,7 +1117,7 @@ bad:
if (enddate == NULL)
{
enddate=CONF_get_string(conf,section,
enddate=NCONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
if (enddate == NULL)
ERR_clear_error();
@ -1128,8 +1130,8 @@ bad:
if (days == 0)
{
days=(int)CONF_get_number(conf,section,
ENV_DEFAULT_DAYS);
if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
days = 0;
}
if (!enddate && (days == 0))
{
@ -1149,7 +1151,7 @@ bad:
OPENSSL_free(f);
}
if ((attribs=CONF_get_section(conf,policy)) == NULL)
if ((attribs=NCONF_get_section(conf,policy)) == NULL)
{
BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
goto err;
@ -1404,7 +1406,7 @@ bad:
int crl_v2 = 0;
if (!crl_ext)
{
crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
if (!crl_ext)
ERR_clear_error();
}
@ -1413,8 +1415,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, conf);
if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
{
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
@ -1426,10 +1428,12 @@ bad:
if (!crldays && !crlhours)
{
crldays=CONF_get_number(conf,section,
ENV_DEFAULT_CRL_DAYS);
crlhours=CONF_get_number(conf,section,
ENV_DEFAULT_CRL_HOURS);
if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_DAYS, &crldays))
crldays = 0;
if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_HOURS, &crlhours))
crlhours = 0;
}
if ((crldays == 0) && (crlhours == 0))
{
@ -1505,9 +1509,9 @@ bad:
if (ci->version == NULL)
if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
X509V3_set_conf_lhash(&crlctx, conf);
X509V3_set_nconf(&crlctx, conf);
if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
crl_ext, crl)) goto err;
}
if (crl_ext || crl_v2)
@ -1593,7 +1597,7 @@ err:
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
CONF_free(conf);
NCONF_free(conf);
OBJ_cleanup();
apps_shutdown();
EXIT(ret);
@ -1704,8 +1708,8 @@ err:
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
int batch, char *ext_sect, LHASH *lconf, int verbose,
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
@ -1766,8 +1770,8 @@ err:
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
int batch, char *ext_sect, LHASH *lconf, int verbose,
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, ENGINE *e)
{
@ -1820,8 +1824,8 @@ err:
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
char *startdate, char *enddate, int days, int batch, int verbose,
X509_REQ *req, char *ext_sect, LHASH *lconf,
char *startdate, char *enddate, long days, int batch, int verbose,
X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
@ -2143,13 +2147,13 @@ again2:
BIO_printf(bio_err, "Extra configuration file found\n");
/* Use the extconf configuration db LHASH */
X509V3_set_conf_lhash(&ctx, extconf);
X509V3_set_nconf(&ctx, extconf);
/* Test the structure (needed?) */
/* X509V3_set_ctx_test(&ctx); */
/* Adds exts contained in the configuration file */
if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
{
BIO_printf(bio_err,
"ERROR: adding extensions in section %s\n",
@ -2163,9 +2167,9 @@ again2:
else if (ext_sect)
{
/* We found extensions to be set from config file */
X509V3_set_conf_lhash(&ctx, lconf);
X509V3_set_nconf(&ctx, lconf);
if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
{
BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
ERR_print_errors(bio_err);
@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
STACK_OF(CONF_VALUE) *sk=NULL;

View file

@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void);
static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
LHASH *config=NULL;
CONF *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
@ -269,8 +269,9 @@ int main(int Argc, char *Argv[])
default_config_file=p;
config=CONF_load(config,p,&errline);
if (config == NULL) ERR_clear_error();
config=NCONF_new(NULL);
i=NCONF_load(config,p,&errline);
if (i == 0) ERR_clear_error();
prog=prog_init();
@ -339,7 +340,7 @@ int main(int Argc, char *Argv[])
end:
if (config != NULL)
{
CONF_free(config);
NCONF_free(config);
config=NULL;
}
if (prog != NULL) lh_free(prog);

View file

@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req,
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs);
static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int min,
int max);
char *def, char *value, int nid, int n_min,
int n_max);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid,int min,int max);
int nid,int n_min,int n_max);
#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p,int n,void *arg);
#endif
static int req_check_len(int len,int min,int max);
static int req_check_len(int len,int n_min,int n_max);
static int check_end(char *str, char *end);
#ifndef MONOLITH
static char *default_config_file=NULL;
static LHASH *config=NULL;
static CONF *config=NULL;
#endif
static LHASH *req_conf=NULL;
static CONF *req_conf=NULL;
static int batch=0;
#define TYPE_RSA 1
@ -152,7 +152,8 @@ int MAIN(int argc, char **argv)
X509 *x509ss=NULL;
X509_REQ *req=NULL;
EVP_PKEY *pkey=NULL;
int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
long newkey = -1;
BIO *in=NULL,*out=NULL;
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0;
@ -457,7 +458,8 @@ bad:
p=config_name;
}
default_config_file=p;
config=CONF_load(config,p,NULL);
config=NCONF_new(NULL);
i=NCONF_load(config, p);
#endif
if (template != NULL)
@ -465,8 +467,9 @@ bad:
long errline;
BIO_printf(bio_err,"Using configuration from %s\n",template);
req_conf=CONF_load(NULL,template,&errline);
if (req_conf == NULL)
req_conf=NCONF_new(NULL);
i=NCONF_load(req_conf,template,&errline);
if (i == 0)
{
BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
goto end;
@ -477,7 +480,7 @@ bad:
req_conf=config;
BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file);
if (req_conf == NULL)
if (i == 0)
{
BIO_printf(bio_err,"Unable to load config info\n");
}
@ -485,7 +488,7 @@ bad:
if (req_conf != NULL)
{
p=CONF_get_string(req_conf,NULL,"oid_file");
p=NCONF_get_string(req_conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
@ -511,7 +514,7 @@ bad:
if (md_alg == NULL)
{
p=CONF_get_string(req_conf,SECTION,"default_md");
p=NCONF_get_string(req_conf,SECTION,"default_md");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
@ -523,7 +526,7 @@ bad:
if (!extensions)
{
extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if (!extensions)
ERR_clear_error();
}
@ -531,8 +534,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, req_conf);
if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
X509V3_set_nconf(&ctx, req_conf);
if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
@ -541,19 +544,19 @@ bad:
if(!passin)
{
passin = CONF_get_string(req_conf, SECTION, "input_password");
passin = NCONF_get_string(req_conf, SECTION, "input_password");
if (!passin)
ERR_clear_error();
}
if(!passout)
{
passout = CONF_get_string(req_conf, SECTION, "output_password");
passout = NCONF_get_string(req_conf, SECTION, "output_password");
if (!passout)
ERR_clear_error();
}
p = CONF_get_string(req_conf, SECTION, STRING_MASK);
p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
if (!p)
ERR_clear_error();
@ -564,7 +567,7 @@ bad:
if(!req_exts)
{
req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
if (!req_exts)
ERR_clear_error();
}
@ -572,8 +575,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, req_conf);
if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
X509V3_set_nconf(&ctx, req_conf);
if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
BIO_printf(bio_err,
"Error Loading request extension section %s\n",
req_exts);
@ -600,7 +603,7 @@ bad:
}
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
{
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
@ -609,7 +612,7 @@ bad:
if (newreq && (pkey == NULL))
{
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
@ -618,8 +621,7 @@ bad:
if (newkey <= 0)
{
newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
if (newkey <= 0)
if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
newkey=DEFAULT_KEY_LENGTH;
}
@ -659,7 +661,7 @@ bad:
if (keyout == NULL)
{
keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
if (keyout == NULL)
ERR_clear_error();
}
@ -685,11 +687,11 @@ bad:
}
}
p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
if (p == NULL)
{
ERR_clear_error();
p=CONF_get_string(req_conf,SECTION,"encrypt_key");
p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
if (p == NULL)
ERR_clear_error();
}
@ -806,10 +808,10 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
X509V3_set_conf_lhash(&ext_ctx, req_conf);
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
if(extensions && !X509V3_EXT_add_conf(req_conf,
if(extensions && !X509V3_EXT_add_nconf(req_conf,
&ext_ctx, extensions, x509ss))
{
BIO_printf(bio_err,
@ -828,10 +830,10 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
X509V3_set_conf_lhash(&ext_ctx, req_conf);
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf,
if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
&ext_ctx, req_exts, req))
{
BIO_printf(bio_err,
@ -1009,7 +1011,7 @@ end:
{
ERR_print_errors(bio_err);
}
if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
char *tmp, *dn_sect,*attr_sect;
tmp=CONF_get_string(req_conf,SECTION,PROMPT);
tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
if (tmp == NULL)
ERR_clear_error();
if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
if (dn_sect == NULL)
{
BIO_printf(bio_err,"unable to find '%s' in config\n",
DISTINGUISHED_NAME);
goto err;
}
dn_sk=CONF_get_section(req_conf,dn_sect);
dn_sk=NCONF_get_section(req_conf,dn_sect);
if (dn_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
goto err;
}
attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
if (attr_sect == NULL)
{
ERR_clear_error();
@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
}
else
{
attr_sk=CONF_get_section(req_conf,attr_sect);
attr_sk=NCONF_get_section(req_conf,attr_sect);
if (attr_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req,
int i;
char *p,*q;
char buf[100];
int nid,min,max;
int nid;
long n_min,n_max;
char *type,*def,*value;
CONF_VALUE *v;
X509_NAME *subj;
@ -1204,27 +1207,29 @@ start: for (;;)
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
sprintf(buf,"%s_default",v->name);
if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
sprintf(buf,"%s_value",v->name);
if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
value=NULL;
}
sprintf(buf,"%s_min",v->name);
min=(int)CONF_get_number(req_conf,dn_sect,buf);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
n_min = -1;
sprintf(buf,"%s_max",v->name);
max=(int)CONF_get_number(req_conf,dn_sect,buf);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
n_max = -1;
if (!add_DN_object(subj,v->value,def,value,nid,
min,max))
n_min,n_max))
return 0;
}
if (X509_NAME_entry_count(subj) == 0)
@ -1255,7 +1260,7 @@ start2: for (;;)
goto start2;
sprintf(buf,"%s_default",type);
if ((def=CONF_get_string(req_conf,attr_sect,buf))
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
@ -1264,7 +1269,7 @@ start2: for (;;)
sprintf(buf,"%s_value",type);
if ((value=CONF_get_string(req_conf,attr_sect,buf))
if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
@ -1272,13 +1277,15 @@ start2: for (;;)
}
sprintf(buf,"%s_min",type);
min=(int)CONF_get_number(req_conf,attr_sect,buf);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
n_min = -1;
sprintf(buf,"%s_max",type);
max=(int)CONF_get_number(req_conf,attr_sect,buf);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
n_max = -1;
if (!add_attribute_object(req,
v->value,def,value,nid,min,max))
v->value,def,value,nid,n_min,n_max))
return 0;
}
}
@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid, int min, int max)
int nid, int n_min, int n_max)
{
int i,ret=0;
MS_STATIC char buf[1024];
@ -1393,7 +1400,7 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
if(!req_check_len(i, min, max)) goto start;
if(!req_check_len(i, n_min, n_max)) goto start;
if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
(unsigned char *) buf, -1,-1,0)) goto err;
ret=1;
@ -1402,8 +1409,8 @@ err:
}
static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int min,
int max)
char *def, char *value, int nid, int n_min,
int n_max)
{
int i;
static char buf[1024];
@ -1451,7 +1458,7 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
if(!req_check_len(i, min, max)) goto start;
if(!req_check_len(i, n_min, n_max)) goto start;
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
(unsigned char *)buf, -1)) {
@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
}
#endif
static int req_check_len(int len, int min, int max)
static int req_check_len(int len, int n_min, int n_max)
{
if (len < min)
if ((n_min > 0) && (len < n_min))
{
BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
return(0);
}
if ((max != 0) && (len > max))
if ((n_max >= 0) && (len > n_max))
{
BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max);
BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
return(0);
}
return(1);

View file

@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
LHASH *conf = NULL;
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char *engine=NULL;
@ -228,15 +228,16 @@ bad:
goto end;
}
conf = CONF_load_bio(NULL, in, NULL);
conf = NCONF_new(NULL);
i = NCONF_load_bio(conf, in, NULL);
if(!conf) {
if(!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
spkstr = CONF_get_string(conf, spksect, spkac);
spkstr = NCONF_get_string(conf, spksect, spkac);
if(!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
@ -285,7 +286,7 @@ bad:
ret = 0;
end:
CONF_free(conf);
NCONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free_all(out);

View file

@ -139,10 +139,10 @@ NULL
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
LHASH *conf, char *section);
CONF *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
int create,int days, int clrext, LHASH *conf, char *section,
int create,int days, int clrext, CONF *conf, char *section,
ASN1_INTEGER *sno);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile=0;
@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
int fingerprint=0;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
LHASH *extconf = NULL;
CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
@ -479,7 +479,8 @@ bad:
{
long errorline;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
extconf = NCONF_new(NULL);
if (!NCONF_load(extconf, extfile,&errorline))
{
if (errorline <= 0)
BIO_printf(bio_err,
@ -493,7 +494,7 @@ bad:
}
if (!extsect)
{
extsect = CONF_get_string(extconf, "default", "extensions");
extsect = NCONF_get_string(extconf, "default", "extensions");
if (!extsect)
{
ERR_clear_error();
@ -501,8 +502,8 @@ bad:
}
}
X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf);
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
X509V3_set_nconf(&ctx2, extconf);
if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
{
BIO_printf(bio_err,
"Error Loading extension section %s\n",
@ -995,7 +996,7 @@ end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
OBJ_cleanup();
CONF_free(extconf);
NCONF_free(extconf);
BIO_free_all(out);
BIO_free_all(STDout);
X509_STORE_free(ctx);
@ -1116,7 +1117,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
{
int ret=0;
ASN1_INTEGER *bs=NULL;
@ -1166,8 +1167,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx2, conf);
if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
}
if (!X509_sign(x,pkey,digest)) goto end;
@ -1213,7 +1214,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
LHASH *conf, char *section)
CONF *conf, char *section)
{
EVP_PKEY *pktmp;
@ -1243,8 +1244,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx, conf);
if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
}
if (!X509_sign(x,pkey,digest)) goto err;
return 1;

View file

@ -98,6 +98,7 @@ struct conf_method_st
};
int CONF_set_default_method(CONF_METHOD *meth);
void CONF_set_nconf(CONF *conf,LHASH *hash);
LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
#ifndef OPENSSL_NO_FP_API
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
@ -145,7 +146,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
and should therefore be avoided */
long NCONF_get_number(CONF *conf,char *group,char *name);
#else
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
#endif

View file

@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
static CONF_METHOD *default_CONF_method=NULL;
/* Init a 'CONF' structure from an old LHASH */
void CONF_set_nconf(CONF *conf, LHASH *hash)
{
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(conf);
conf->data = hash;
}
/* The following section contains the "CONF classic" functions,
rewritten in terms of the new CONF interface. */
@ -118,11 +129,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
CONF ctmp;
int ret;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
CONF_set_nconf(&ctmp, conf);
default_CONF_method->init(&ctmp);
ctmp.data = conf;
ret = NCONF_load_bio(&ctmp, bp, eline);
if (ret)
return ctmp.data;
@ -138,12 +146,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
return NCONF_get_section(&ctmp, section);
}
}
@ -157,12 +160,7 @@ char *CONF_get_string(LHASH *conf,char *group,char *name)
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
return NCONF_get_string(&ctmp, group, name);
}
}
@ -179,12 +177,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
status = NCONF_get_number_e(&ctmp, group, name, &result);
}
@ -199,12 +192,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
void CONF_free(LHASH *conf)
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
NCONF_free_data(&ctmp);
}
@ -227,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
int CONF_dump_bio(LHASH *conf, BIO *out)
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
return NCONF_dump_bio(&ctmp, out);
}
@ -362,7 +345,7 @@ int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result)
if (str == NULL)
return 0;
for (;conf->meth->is_number(conf, *str);)
for (*result = 0;conf->meth->is_number(conf, *str);)
{
*result = (*result)*10 + conf->meth->to_int(conf, *str);
str++;

View file

@ -68,122 +68,137 @@
static int v3_check_critical(char **value);
static int v3_check_generic(char **value);
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
static char *conf_lhash_get_string(void *db, char *section, char *value);
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc);
/* LHASH *conf: Config file */
/* CONF *conf: Config file */
/* char *name: Name */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
char *value)
{
{
int crit;
int ext_type;
X509_EXTENSION *ret;
crit = v3_check_critical(&value);
if((ext_type = v3_check_generic(&value)))
if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(name, value, crit, ext_type);
ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
if(!ret) {
ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
if (!ret)
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
ERR_add_error_data(4,"name=", name, ", value=", value);
}
}
return ret;
}
}
/* LHASH *conf: Config file */
/* CONF *conf: Config file */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
char *value)
{
{
int crit;
int ext_type;
crit = v3_check_critical(&value);
if((ext_type = v3_check_generic(&value)))
if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(OBJ_nid2sn(ext_nid),
value, crit, ext_type);
return do_ext_conf(conf, ctx, ext_nid, crit, value);
}
return do_ext_nconf(conf, ctx, ext_nid, crit, value);
}
/* LHASH *conf: Config file */
/* CONF *conf: Config file */
/* char *value: Value */
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
int crit, char *value)
{
{
X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
void *ext_struc;
if(ext_nid == NID_undef) {
if (ext_nid == NID_undef)
{
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
return NULL;
}
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
}
if (!(method = X509V3_EXT_get_nid(ext_nid)))
{
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
return NULL;
}
}
/* Now get internal extension representation based on type */
if(method->v2i) {
if(*value == '@') nval = CONF_get_section(conf, value + 1);
if (method->v2i)
{
if(*value == '@') nval = NCONF_get_section(conf, value + 1);
else nval = X509V3_parse_list(value);
if(!nval) {
if(!nval)
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
return NULL;
}
}
ext_struc = method->v2i(method, ctx, nval);
if(*value != '@') sk_CONF_VALUE_pop_free(nval,
X509V3_conf_free);
if(!ext_struc) return NULL;
} else if(method->s2i) {
}
else if(method->s2i)
{
if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
} else if(method->r2i) {
if(!ctx->db) {
}
else if(method->r2i)
{
if(!ctx->db)
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
return NULL;
}
}
if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
} else {
}
else
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
return NULL;
}
}
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
else method->ext_free(ext_struc);
return ext;
}
}
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc)
{
{
unsigned char *ext_der;
int ext_len;
ASN1_OCTET_STRING *ext_oct;
X509_EXTENSION *ext;
/* Convert internal representation to DER */
if(method->it) {
if (method->it)
{
ext_der = NULL;
ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
if(ext_len < 0) goto merr;
} else {
if (ext_len < 0) goto merr;
}
else
{
unsigned char *p;
ext_len = method->i2d(ext_struc, NULL);
if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
p = ext_der;
method->i2d(ext_struc, &p);
}
if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
}
if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
ext_oct->data = ext_der;
ext_oct->length = ext_len;
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
if(!ext) goto merr;
if (!ext) goto merr;
M_ASN1_OCTET_STRING_free(ext_oct);
return ext;
@ -192,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
return NULL;
}
}
/* Given an internal structure, nid and critical flag create an extension */
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
{
{
X509V3_EXT_METHOD *method;
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
if (!(method = X509V3_EXT_get_nid(ext_nid))) {
X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
return NULL;
}
@ -210,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
static int v3_check_critical(char **value)
{
char *p = *value;
if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
p+=9;
while(isspace((unsigned char)*p)) p++;
*value = p;
@ -221,9 +236,9 @@ static int v3_check_critical(char **value)
static int v3_check_generic(char **value)
{
char *p = *value;
if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
p+=4;
while(isspace((unsigned char)*p)) p++;
while (isspace((unsigned char)*p)) p++;
*value = p;
return 1;
}
@ -231,148 +246,202 @@ static int v3_check_generic(char **value)
/* Create a generic extension: for now just handle DER type */
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
int crit, int type)
{
unsigned char *ext_der=NULL;
long ext_len;
ASN1_OBJECT *obj=NULL;
ASN1_OCTET_STRING *oct=NULL;
X509_EXTENSION *extension=NULL;
if(!(obj = OBJ_txt2obj(ext, 0))) {
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
ERR_add_error_data(2, "name=", ext);
goto err;
}
{
unsigned char *ext_der=NULL;
long ext_len;
ASN1_OBJECT *obj=NULL;
ASN1_OCTET_STRING *oct=NULL;
X509_EXTENSION *extension=NULL;
if (!(obj = OBJ_txt2obj(ext, 0)))
{
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
ERR_add_error_data(2, "name=", ext);
goto err;
}
if(!(ext_der = string_to_hex(value, &ext_len))) {
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
ERR_add_error_data(2, "value=", value);
goto err;
}
if (!(ext_der = string_to_hex(value, &ext_len)))
{
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
ERR_add_error_data(2, "value=", value);
goto err;
}
if(!(oct = M_ASN1_OCTET_STRING_new())) {
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!(oct = M_ASN1_OCTET_STRING_new()))
{
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
goto err;
}
oct->data = ext_der;
oct->length = ext_len;
ext_der = NULL;
oct->data = ext_der;
oct->length = ext_len;
ext_der = NULL;
extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
err:
ASN1_OBJECT_free(obj);
M_ASN1_OCTET_STRING_free(oct);
if(ext_der) OPENSSL_free(ext_der);
return extension;
}
err:
ASN1_OBJECT_free(obj);
M_ASN1_OCTET_STRING_free(oct);
if(ext_der) OPENSSL_free(ext_der);
return extension;
}
/* This is the main function: add a bunch of extensions based on a config file
* section
* section to an extension STACK.
*/
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509 *cert)
{
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
STACK_OF(X509_EXTENSION) **sk)
{
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
if (!(nval = NCONF_get_section(conf, section))) return 0;
for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
{
val = sk_CONF_VALUE_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
return 0;
if(cert) X509_add_ext(cert, ext, -1);
if (sk) X509v3_add_ext(sk, ext, -1);
X509_EXTENSION_free(ext);
}
}
return 1;
}
}
/* Convenience functions to add extensions to a certificate, CRL and request */
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509 *cert)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
if (cert)
sk = &cert->cert_info->extensions;
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
/* Same as above but for a CRL */
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl)
{
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
return 0;
if(crl) X509_CRL_add_ext(crl, ext, -1);
X509_EXTENSION_free(ext);
{
STACK_OF(X509_EXTENSION) **sk = NULL;
if (crl)
sk = &crl->crl->extensions;
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
return 1;
}
/* Add extensions to certificate request */
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_REQ *req)
{
X509_EXTENSION *ext;
STACK_OF(X509_EXTENSION) *extlist = NULL;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
{
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
return 0;
if(!extlist) extlist = sk_X509_EXTENSION_new_null();
sk_X509_EXTENSION_push(extlist, ext);
}
if(req) i = X509_REQ_add_extensions(req, extlist);
else i = 1;
if (req)
sk = &extlist;
i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
if (!i || !sk)
return i;
i = X509_REQ_add_extensions(req, extlist);
sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
return i;
}
}
/* Config database functions */
char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
{
if(ctx->db_meth->get_string)
{
if (ctx->db_meth->get_string)
return ctx->db_meth->get_string(ctx->db, name, section);
return NULL;
}
}
STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
{
if(ctx->db_meth->get_section)
{
if (ctx->db_meth->get_section)
return ctx->db_meth->get_section(ctx->db, section);
return NULL;
}
}
void X509V3_string_free(X509V3_CTX *ctx, char *str)
{
if(!str) return;
if(ctx->db_meth->free_string)
{
if (!str) return;
if (ctx->db_meth->free_string)
ctx->db_meth->free_string(ctx->db, str);
}
}
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
{
if(!section) return;
if(ctx->db_meth->free_section)
{
if (!section) return;
if (ctx->db_meth->free_section)
ctx->db_meth->free_section(ctx->db, section);
}
}
static char *nconf_get_string(void *db, char *section, char *value)
{
return NCONF_get_string(db, section, value);
}
static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
{
return NCONF_get_section(db, section);
}
static X509V3_CONF_METHOD nconf_method = {
nconf_get_string,
nconf_get_section,
NULL,
NULL
};
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
{
ctx->db_meth = &nconf_method;
ctx->db = conf;
}
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
X509_CRL *crl, int flags)
{
ctx->issuer_cert = issuer;
ctx->subject_cert = subj;
ctx->crl = crl;
ctx->subject_req = req;
ctx->flags = flags;
}
/* Old conf compatibility functions */
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
char *value)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_nconf(&ctmp, ctx, name, value);
}
/* LHASH *conf: Config file */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
char *value)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
}
static char *conf_lhash_get_string(void *db, char *section, char *value)
{
{
return CONF_get_string(db, section, value);
}
}
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
{
{
return CONF_get_section(db, section);
}
}
static X509V3_CONF_METHOD conf_lhash_method = {
conf_lhash_get_string,
@ -382,17 +451,35 @@ NULL
};
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
{
{
ctx->db_meth = &conf_lhash_method;
ctx->db = lhash;
}
}
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
X509_CRL *crl, int flags)
{
ctx->issuer_cert = issuer;
ctx->subject_cert = subj;
ctx->crl = crl;
ctx->subject_req = req;
ctx->flags = flags;
}
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509 *cert)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
}
/* Same as above but for a CRL */
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
}
/* Add extensions to certificate request */
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509_REQ *req)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
}

View file

@ -459,15 +459,25 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
#endif