Kill evil casts, fix PKCS#7 and add new X509V3 Function.
This commit is contained in:
parent
1c10afc32a
commit
c8b4185079
15 changed files with 69 additions and 30 deletions
6
CHANGES
6
CHANGES
|
@ -5,6 +5,12 @@
|
|||
|
||||
Changes between 0.9.2b and 0.9.3
|
||||
|
||||
*) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
|
||||
from the internal representation. Various PKCS#7 fixes: remove some
|
||||
evil casts and set the enc_dig_alg field properly based on the signing
|
||||
key type.
|
||||
[Steve Henson]
|
||||
|
||||
*) Allow PKCS#12 password to be set from the command line or the
|
||||
environment. Let 'ca' get its config file name from the environment
|
||||
variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
|
||||
|
|
|
@ -293,7 +293,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
|
|||
return(0);
|
||||
}
|
||||
|
||||
void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value)
|
||||
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
|
||||
{
|
||||
if (a->value.ptr != NULL)
|
||||
ASN1_TYPE_component_free(a);
|
||||
|
|
|
@ -488,7 +488,7 @@ void ASN1_TYPE_free(ASN1_TYPE *a);
|
|||
int i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
|
||||
ASN1_TYPE * d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
|
||||
int ASN1_TYPE_get(ASN1_TYPE *a);
|
||||
void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value);
|
||||
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
|
||||
|
||||
ASN1_OBJECT * ASN1_OBJECT_new(void );
|
||||
void ASN1_OBJECT_free(ASN1_OBJECT *a);
|
||||
|
|
|
@ -67,7 +67,7 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
|
|||
|
||||
if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0);
|
||||
if (!ASN1_OCTET_STRING_set(os,data,len)) return(0);
|
||||
ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os);
|
||||
ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
@ -124,7 +124,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
|
|||
i2d_ASN1_INTEGER(&in,&p);
|
||||
M_i2d_ASN1_OCTET_STRING(&os,&p);
|
||||
|
||||
ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp);
|
||||
ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
|
|
@ -117,7 +117,7 @@ X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp,
|
|||
M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
|
||||
}
|
||||
|
||||
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value)
|
||||
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
|
||||
{
|
||||
X509_ATTRIBUTE *ret=NULL;
|
||||
ASN1_TYPE *val=NULL;
|
||||
|
|
|
@ -62,7 +62,7 @@
|
|||
#include <openssl/objects.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
static int add_attribute(STACK **sk, int nid, int atrtype, char *value);
|
||||
static int add_attribute(STACK **sk, int nid, int atrtype, void *value);
|
||||
static ASN1_TYPE *get_attribute(STACK *sk, int nid);
|
||||
|
||||
#if 1
|
||||
|
@ -567,7 +567,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
|||
sign_time=X509_gmtime_adj(NULL,0);
|
||||
PKCS7_add_signed_attribute(si,
|
||||
NID_pkcs9_signingTime,
|
||||
V_ASN1_UTCTIME,(char *)sign_time);
|
||||
V_ASN1_UTCTIME,sign_time);
|
||||
|
||||
/* Add digest */
|
||||
md_tmp=EVP_MD_CTX_type(&ctx_tmp);
|
||||
|
@ -575,7 +575,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
|||
digest=ASN1_OCTET_STRING_new();
|
||||
ASN1_OCTET_STRING_set(digest,md_data,md_len);
|
||||
PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest,
|
||||
V_ASN1_OCTET_STRING,(char *)digest);
|
||||
V_ASN1_OCTET_STRING,digest);
|
||||
|
||||
/* Now sign the mess */
|
||||
EVP_SignInit(&ctx_tmp,md_tmp);
|
||||
|
@ -874,18 +874,18 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk)
|
|||
}
|
||||
|
||||
int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
|
||||
char *value)
|
||||
void *value)
|
||||
{
|
||||
return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
|
||||
}
|
||||
|
||||
int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
|
||||
char *value)
|
||||
void *value)
|
||||
{
|
||||
return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
|
||||
}
|
||||
|
||||
static int add_attribute(STACK **sk, int nid, int atrtype, char *value)
|
||||
static int add_attribute(STACK **sk, int nid, int atrtype, void *value)
|
||||
{
|
||||
X509_ATTRIBUTE *attr=NULL;
|
||||
|
||||
|
|
|
@ -309,15 +309,14 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
|
|||
p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
|
||||
else
|
||||
p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
|
||||
p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
|
||||
|
||||
#if 1
|
||||
p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
|
||||
|
||||
if (p7i->digest_enc_alg->parameter != NULL)
|
||||
ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
|
||||
if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
|
||||
goto err;
|
||||
p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
|
||||
#endif
|
||||
|
||||
return(1);
|
||||
err:
|
||||
|
|
|
@ -340,9 +340,9 @@ int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
|
|||
PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
|
||||
ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk);
|
||||
int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
|
||||
char *data);
|
||||
void *data);
|
||||
int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
|
||||
char *value);
|
||||
void *value);
|
||||
ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
|
||||
ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
|
||||
int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk);
|
||||
|
|
|
@ -655,7 +655,7 @@ void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
|
|||
int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
|
||||
X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
|
||||
long length);
|
||||
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value);
|
||||
X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
|
||||
|
||||
|
||||
X509_EXTENSION *X509_EXTENSION_new(void );
|
||||
|
|
|
@ -103,7 +103,7 @@ static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
|||
ASN1_BIT_STRING *bits, STACK *ret)
|
||||
{
|
||||
BIT_STRING_BITNAME *bnam;
|
||||
for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) {
|
||||
for(bnam =method->usr_data; bnam->lname; bnam++) {
|
||||
if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
|
||||
X509V3_add_value(bnam->lname, NULL, &ret);
|
||||
}
|
||||
|
@ -123,7 +123,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
|||
}
|
||||
for(i = 0; i < sk_num(nval); i++) {
|
||||
val = (CONF_VALUE *)sk_value(nval, i);
|
||||
for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname;
|
||||
for(bnam = method->usr_data; bnam->lname;
|
||||
bnam++) {
|
||||
if(!strcmp(bnam->sname, val->name) ||
|
||||
!strcmp(bnam->lname, val->name) ) {
|
||||
|
|
|
@ -72,6 +72,8 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, in
|
|||
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
|
||||
static char *conf_lhash_get_string(void *db, char *section, char *value);
|
||||
static STACK *conf_lhash_get_section(void *db, char *section);
|
||||
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
|
||||
int crit, void *ext_struc);
|
||||
/* LHASH *conf: Config file */
|
||||
/* char *name: Name */
|
||||
/* char *value: Value */
|
||||
|
@ -111,13 +113,10 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
|
|||
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
|
||||
int crit, char *value)
|
||||
{
|
||||
X509_EXTENSION *ext = NULL;
|
||||
X509V3_EXT_METHOD *method;
|
||||
X509_EXTENSION *ext;
|
||||
STACK *nval;
|
||||
char *ext_struc;
|
||||
unsigned char *ext_der, *p;
|
||||
int ext_len;
|
||||
ASN1_OCTET_STRING *ext_oct;
|
||||
void *ext_struc;
|
||||
if(ext_nid == NID_undef) {
|
||||
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
|
||||
return NULL;
|
||||
|
@ -152,21 +151,50 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
/* We've now got the internal representation: convert to DER */
|
||||
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
|
||||
method->ext_free(ext_struc);
|
||||
return ext;
|
||||
|
||||
}
|
||||
|
||||
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
|
||||
int crit, void *ext_struc)
|
||||
{
|
||||
unsigned char *ext_der, *p;
|
||||
int ext_len;
|
||||
ASN1_OCTET_STRING *ext_oct;
|
||||
X509_EXTENSION *ext;
|
||||
/* Convert internal representation to DER */
|
||||
ext_len = method->i2d(ext_struc, NULL);
|
||||
ext_der = Malloc(ext_len);
|
||||
if(!(ext_der = Malloc(ext_len))) goto merr;
|
||||
p = ext_der;
|
||||
method->i2d(ext_struc, &p);
|
||||
method->ext_free(ext_struc);
|
||||
ext_oct = ASN1_OCTET_STRING_new();
|
||||
if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr;
|
||||
ext_oct->data = ext_der;
|
||||
ext_oct->length = ext_len;
|
||||
|
||||
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
|
||||
if(!ext) goto merr;
|
||||
ASN1_OCTET_STRING_free(ext_oct);
|
||||
|
||||
return ext;
|
||||
|
||||
merr:
|
||||
X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
|
||||
}
|
||||
|
||||
/* Given an internal structure, nid and critical flag create an extension */
|
||||
|
||||
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
|
||||
{
|
||||
X509V3_EXT_METHOD *method;
|
||||
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
|
||||
X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
|
||||
return NULL;
|
||||
}
|
||||
return do_ext_i2d(method, ext_nid, crit, ext_struc);
|
||||
}
|
||||
|
||||
/* Check the extension string for critical flag */
|
||||
|
|
|
@ -95,7 +95,7 @@ char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
|
|||
ENUMERATED_NAMES *enam;
|
||||
long strval;
|
||||
strval = ASN1_ENUMERATED_get(e);
|
||||
for(enam =(ENUMERATED_NAMES *)method->usr_data; enam->lname; enam++) {
|
||||
for(enam = method->usr_data; enam->lname; enam++) {
|
||||
if(strval == enam->bitnum) return BUF_strdup(enam->lname);
|
||||
}
|
||||
return i2s_ASN1_ENUMERATED(method, e);
|
||||
|
|
|
@ -68,6 +68,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
|
|||
{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
|
||||
{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"},
|
||||
{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"},
|
||||
{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
|
||||
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
|
||||
{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
|
||||
{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
|
||||
|
@ -98,6 +99,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
|
|||
{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
|
||||
{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
|
||||
{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
|
||||
{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
|
||||
{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
|
||||
{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
|
||||
{0,NULL}
|
||||
|
|
|
@ -104,7 +104,7 @@ X509V3_EXT_V2I v2i;
|
|||
X509V3_EXT_I2R i2r;
|
||||
X509V3_EXT_R2I r2i;
|
||||
|
||||
char *usr_data; /* Any extension specific data */
|
||||
void *usr_data; /* Any extension specific data */
|
||||
};
|
||||
|
||||
typedef struct X509V3_CONF_METHOD_st {
|
||||
|
@ -411,6 +411,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
|
|||
int X509V3_add_standard_extensions(void);
|
||||
STACK *X509V3_parse_list(char *line);
|
||||
void *X509V3_EXT_d2i(X509_EXTENSION *ext);
|
||||
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
|
||||
|
||||
char *hex_to_string(unsigned char *buffer, long len);
|
||||
unsigned char *string_to_hex(char *str, long *len);
|
||||
|
@ -430,6 +431,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
|
|||
#define X509V3_F_COPY_EMAIL 122
|
||||
#define X509V3_F_COPY_ISSUER 123
|
||||
#define X509V3_F_DO_EXT_CONF 124
|
||||
#define X509V3_F_DO_EXT_I2D 135
|
||||
#define X509V3_F_HEX_TO_STRING 111
|
||||
#define X509V3_F_I2S_ASN1_ENUMERATED 121
|
||||
#define X509V3_F_I2S_ASN1_INTEGER 120
|
||||
|
@ -460,6 +462,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
|
|||
#define X509V3_F_X509V3_EXT_ADD 104
|
||||
#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
|
||||
#define X509V3_F_X509V3_EXT_CONF 107
|
||||
#define X509V3_F_X509V3_EXT_I2D 136
|
||||
#define X509V3_F_X509V3_GET_VALUE_BOOL 110
|
||||
#define X509V3_F_X509V3_PARSE_LIST 109
|
||||
|
||||
|
|
|
@ -1618,3 +1618,4 @@ sk_X509_EXTENSION_delete 1642
|
|||
sk_X509_EXTENSION_shift 1643
|
||||
sk_X509_EXTENSION_push 1644
|
||||
sk_X509_NAME_ENTRY_find 1645
|
||||
X509V3_EXT_i2d 1646
|
||||
|
|
Loading…
Reference in a new issue