From c8b41850793faed7fccf4fe4403f774266412f22 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 9 May 1999 16:39:11 +0000 Subject: [PATCH] Kill evil casts, fix PKCS#7 and add new X509V3 Function. --- CHANGES | 6 ++++++ crypto/asn1/a_type.c | 2 +- crypto/asn1/asn1.h | 2 +- crypto/asn1/evp_asn1.c | 4 ++-- crypto/asn1/x_attrib.c | 2 +- crypto/pkcs7/pk7_doit.c | 12 +++++------ crypto/pkcs7/pk7_lib.c | 5 ++--- crypto/pkcs7/pkcs7.h | 4 ++-- crypto/x509/x509.h | 2 +- crypto/x509v3/v3_bitst.c | 4 ++-- crypto/x509v3/v3_conf.c | 46 ++++++++++++++++++++++++++++++++-------- crypto/x509v3/v3_enum.c | 2 +- crypto/x509v3/v3err.c | 2 ++ crypto/x509v3/x509v3.h | 5 ++++- util/libeay.num | 1 + 15 files changed, 69 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index ecfb0c01a3..61553dba43 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,12 @@ Changes between 0.9.2b and 0.9.3 + *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure + from the internal representation. Various PKCS#7 fixes: remove some + evil casts and set the enc_dig_alg field properly based on the signing + key type. + [Steve Henson] + *) Allow PKCS#12 password to be set from the command line or the environment. Let 'ca' get its config file name from the environment variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req' diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 72240a0b25..3f2ecee5c2 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -293,7 +293,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a) return(0); } -void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value) +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) { if (a->value.ptr != NULL) ASN1_TYPE_component_free(a); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 5050d572e4..8dc61e1e63 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -488,7 +488,7 @@ void ASN1_TYPE_free(ASN1_TYPE *a); int i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp); ASN1_TYPE * d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length); int ASN1_TYPE_get(ASN1_TYPE *a); -void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index 7528b2d97f..41ced49c19 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -67,7 +67,7 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0); if (!ASN1_OCTET_STRING_set(os,data,len)) return(0); - ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os); + ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); return(1); } @@ -124,7 +124,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, i2d_ASN1_INTEGER(&in,&p); M_i2d_ASN1_OCTET_STRING(&os,&p); - ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp); + ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp); return(1); } diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c index 274c9a920d..ae88b2741b 100644 --- a/crypto/asn1/x_attrib.c +++ b/crypto/asn1/x_attrib.c @@ -117,7 +117,7 @@ X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp, M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE); } -X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value) +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) { X509_ATTRIBUTE *ret=NULL; ASN1_TYPE *val=NULL; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 67085e3956..1536aa8c1d 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -62,7 +62,7 @@ #include #include -static int add_attribute(STACK **sk, int nid, int atrtype, char *value); +static int add_attribute(STACK **sk, int nid, int atrtype, void *value); static ASN1_TYPE *get_attribute(STACK *sk, int nid); #if 1 @@ -567,7 +567,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) sign_time=X509_gmtime_adj(NULL,0); PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, - V_ASN1_UTCTIME,(char *)sign_time); + V_ASN1_UTCTIME,sign_time); /* Add digest */ md_tmp=EVP_MD_CTX_type(&ctx_tmp); @@ -575,7 +575,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) digest=ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(digest,md_data,md_len); PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING,(char *)digest); + V_ASN1_OCTET_STRING,digest); /* Now sign the mess */ EVP_SignInit(&ctx_tmp,md_tmp); @@ -874,18 +874,18 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk) } int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - char *value) + void *value) { return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); } int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - char *value) + void *value) { return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); } -static int add_attribute(STACK **sk, int nid, int atrtype, char *value) +static int add_attribute(STACK **sk, int nid, int atrtype, void *value) { X509_ATTRIBUTE *attr=NULL; diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index e8c279dc93..7bba23e3d4 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -309,15 +309,14 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); else p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst)); -#if 1 + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); + if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) goto err; p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; -#endif return(1); err: diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index 8541fdc89d..4afde8274b 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -340,9 +340,9 @@ int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher); PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk); int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, - char *data); + void *data); int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - char *value); + void *value); ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index fb9be71079..ac95f8a139 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -655,7 +655,7 @@ void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp); X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp, long length); -X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value); +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); X509_EXTENSION *X509_EXTENSION_new(void ); diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c index 29d8bd44ca..641f877c13 100644 --- a/crypto/x509v3/v3_bitst.c +++ b/crypto/x509v3/v3_bitst.c @@ -103,7 +103,7 @@ static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, STACK *ret) { BIT_STRING_BITNAME *bnam; - for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) { + for(bnam =method->usr_data; bnam->lname; bnam++) { if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) X509V3_add_value(bnam->lname, NULL, &ret); } @@ -123,7 +123,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, } for(i = 0; i < sk_num(nval); i++) { val = (CONF_VALUE *)sk_value(nval, i); - for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname; + for(bnam = method->usr_data; bnam->lname; bnam++) { if(!strcmp(bnam->sname, val->name) || !strcmp(bnam->lname, val->name) ) { diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index d63db97340..0460fbedfc 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -72,6 +72,8 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, in static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); static char *conf_lhash_get_string(void *db, char *section, char *value); static STACK *conf_lhash_get_section(void *db, char *section); +static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, + int crit, void *ext_struc); /* LHASH *conf: Config file */ /* char *name: Name */ /* char *value: Value */ @@ -111,13 +113,10 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) { - X509_EXTENSION *ext = NULL; X509V3_EXT_METHOD *method; + X509_EXTENSION *ext; STACK *nval; - char *ext_struc; - unsigned char *ext_der, *p; - int ext_len; - ASN1_OCTET_STRING *ext_oct; + void *ext_struc; if(ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; @@ -152,21 +151,50 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, return NULL; } - /* We've now got the internal representation: convert to DER */ + ext = do_ext_i2d(method, ext_nid, crit, ext_struc); + method->ext_free(ext_struc); + return ext; + +} + +static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, + int crit, void *ext_struc) +{ + unsigned char *ext_der, *p; + int ext_len; + ASN1_OCTET_STRING *ext_oct; + X509_EXTENSION *ext; + /* Convert internal representation to DER */ ext_len = method->i2d(ext_struc, NULL); - ext_der = Malloc(ext_len); + if(!(ext_der = Malloc(ext_len))) goto merr; p = ext_der; method->i2d(ext_struc, &p); - method->ext_free(ext_struc); - ext_oct = ASN1_OCTET_STRING_new(); + if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); + if(!ext) goto merr; ASN1_OCTET_STRING_free(ext_oct); return ext; + merr: + X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); + return NULL; + +} + +/* Given an internal structure, nid and critical flag create an extension */ + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) +{ + X509V3_EXT_METHOD *method; + if(!(method = X509V3_EXT_get_nid(ext_nid))) { + X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); + return NULL; + } + return do_ext_i2d(method, ext_nid, crit, ext_struc); } /* Check the extension string for critical flag */ diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c index e68e04f401..e76229da76 100644 --- a/crypto/x509v3/v3_enum.c +++ b/crypto/x509v3/v3_enum.c @@ -95,7 +95,7 @@ char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ENUMERATED_NAMES *enam; long strval; strval = ASN1_ENUMERATED_get(e); - for(enam =(ENUMERATED_NAMES *)method->usr_data; enam->lname; enam++) { + for(enam = method->usr_data; enam->lname; enam++) { if(strval == enam->bitnum) return BUF_strdup(enam->lname); } return i2s_ASN1_ENUMERATED(method, e); diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index b20b59c250..50efa8d99d 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -68,6 +68,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, {ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, +{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, @@ -98,6 +99,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, +{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, {0,NULL} diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 80bb36e78e..d294a3cff1 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -104,7 +104,7 @@ X509V3_EXT_V2I v2i; X509V3_EXT_I2R i2r; X509V3_EXT_R2I r2i; -char *usr_data; /* Any extension specific data */ +void *usr_data; /* Any extension specific data */ }; typedef struct X509V3_CONF_METHOD_st { @@ -411,6 +411,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK *X509V3_parse_list(char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); char *hex_to_string(unsigned char *buffer, long len); unsigned char *string_to_hex(char *str, long *len); @@ -430,6 +431,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_ISSUER 123 #define X509V3_F_DO_EXT_CONF 124 +#define X509V3_F_DO_EXT_I2D 135 #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 @@ -460,6 +462,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #define X509V3_F_X509V3_EXT_ADD 104 #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_CONF 107 +#define X509V3_F_X509V3_EXT_I2D 136 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 #define X509V3_F_X509V3_PARSE_LIST 109 diff --git a/util/libeay.num b/util/libeay.num index 12cebd38bd..1a1b21ad6a 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1618,3 +1618,4 @@ sk_X509_EXTENSION_delete 1642 sk_X509_EXTENSION_shift 1643 sk_X509_EXTENSION_push 1644 sk_X509_NAME_ENTRY_find 1645 +X509V3_EXT_i2d 1646