'req' fixes. Reinstate length check one request fields.

Fix to stop null being added to attributes.
Modify X509_LOOKUP, X509_INFO to handle auxiliary info.

diff --git a/CHANGES b/CHANGES
index dc60f56cc303e0eacb78a633eff3c18ad58b28f6..c4b95c88cef264f083becb23dad8791c982940c7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Fix for 'req': it was adding a null to request attributes.
+     Also change the X509_LOOKUP and X509_INFO code to handle
+     certificate auxiliary information.
+     [Steve Henson]
+
   *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
      the 'enc' command.
      [Steve Henson]

diff --git a/apps/req.c b/apps/req.c
index cf91012cf40cd68793dbac59737a88fc3cd247e9..59a38982b9020ac44c5f4e019e60bc0b9dd75ab0 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -1051,6 +1051,7 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
+       if(!req_fix_data(-1, NULL, i, min, max)) goto err;
        if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
                                (unsigned char *) buf, -1,-1,0)) goto err;
        ret=1;
@@ -1123,7 +1124,7 @@ start:
                else    goto err;
                }
 
-       if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1))
+       if (!ASN1_STRING_set(bs,(unsigned char *)buf,i))
                { BIO_printf(bio_err,"Malloc failure\n"); goto err; }
 
        if ((at=ASN1_TYPE_new()) == NULL)
@@ -1161,23 +1162,24 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
 
 static int req_fix_data(int nid, int *type, int len, int min, int max)
        {
-       if (nid == NID_pkcs9_emailAddress)
-               *type=V_ASN1_IA5STRING;
-       if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
-               *type=V_ASN1_T61STRING;
-       if ((nid == NID_pkcs9_challengePassword) &&
-               (*type == V_ASN1_IA5STRING))
-               *type=V_ASN1_T61STRING;
-
-       if ((nid == NID_pkcs9_unstructuredName) &&
-               (*type == V_ASN1_T61STRING))
-               {
-               BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
-               return(0);
-               }
-       if (nid == NID_pkcs9_unstructuredName)
-               *type=V_ASN1_IA5STRING;
-
+       if(type) {
+               if (nid == NID_pkcs9_emailAddress)
+                       *type=V_ASN1_IA5STRING;
+               if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
+                       *type=V_ASN1_T61STRING;
+               if ((nid == NID_pkcs9_challengePassword) &&
+                       (*type == V_ASN1_IA5STRING))
+                       *type=V_ASN1_T61STRING;
+
+               if ((nid == NID_pkcs9_unstructuredName) &&
+                       (*type == V_ASN1_T61STRING))
+                       {
+                       BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
+                       return(0);
+                       }
+               if (nid == NID_pkcs9_unstructuredName)
+                       *type=V_ASN1_IA5STRING;
+       }
        if (len < min)
                {
                BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);

diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index fec18a4c2ed6bc012ba1a980d9e217d242eed4a7..b65239a9200fce87cbb95ea8bc427346f1c5a63e 100644 (file)
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -132,6 +132,17 @@ start:
                                }
                        pp=(char **)&(xi->x509);
                        }
+               else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
+                       {
+                       d2i=(char *(*)())d2i_X509_AUX;
+                       if (xi->x509 != NULL)
+                               {
+                               if (!sk_X509_INFO_push(ret,xi)) goto err;
+                               if ((xi=X509_INFO_new()) == NULL) goto err;
+                               goto start;
+                               }
+                       pp=(char **)&(xi->x509);
+                       }
                else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
                        {
                        d2i=(char *(*)())d2i_X509_CRL;

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 3c31de728cfae0c7cbe1fd92cc1dda2999110c7f..0457f01c345fa3e97103313d3eefa6e941b0446d 100644 (file)
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -147,7 +147,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
                {
                for (;;)
                        {
-                       x=PEM_read_bio_X509(in,NULL,NULL,NULL);
+                       x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
                        if (x == NULL)
                                {
                                if ((ERR_GET_REASON(ERR_peek_error()) ==