Changes between 0.9.2b and 0.9.3
+ *) Add code to allow r2i extensions to access the configuration database,
+ add an LHASH database driver and add several ctx helper functions.
+ [Steve Henson]
+
*) Fix an evil bug in bn_expand2() which caused various BN functions to
fail when they extended the size of a BIGNUM.
[Steve Henson]
OpenSSL STATUS Last modified at
- ______________ $Date: 1999/04/16 11:32:33 $
+ ______________ $Date: 1999/04/16 23:57:00 $
DEVELOPMENT STATE
Proper (or at least usable) certificate chain verification.
Documentation on X509 V3 extension code.
PKCS#12 code cleanup and enhancement.
+ PKCS #8 and PKCS#5 v2.0 support.
+ Private key, certificate and CRL API and implementation.
o Mark is currently working on:
Folding in any changes that are in the C2Net code base that were
if (ci->version == NULL)
if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
- crlctx.crl = crl;
- crlctx.issuer_cert = x509;
- crlctx.subject_cert = NULL;
- crlctx.subject_req = NULL;
- crlctx.flags = 0;
+ X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+ X509V3_set_conf_lhash(&crlctx, conf);
if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
crl_ext, crl)) goto err;
ci->extensions = NULL;
- ctx.subject_cert = ret;
- ctx.issuer_cert = x509;
- ctx.subject_req = req;
- ctx.crl = NULL;
- ctx.flags = 0;
+ X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+ X509V3_set_conf_lhash(&ctx, lconf);
if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
/* Set up V3 context struct */
- ext_ctx.issuer_cert = x509ss;
- ext_ctx.subject_cert = x509ss;
- ext_ctx.subject_req = NULL;
- ext_ctx.crl = NULL;
- ext_ctx.flags = 0;
+ X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+ X509V3_set_conf_lhash(&ext_ctx, req_conf);
/* Add extensions */
if(extensions && !X509V3_EXT_add_conf(req_conf,
static X509V3_CTX ctx_tst = { CTX_TEST, NULL, NULL, NULL, NULL };
return X509V3_EXT_add_conf(conf, &ctx_tst, section, NULL);
}
+
+/* Config database functions */
+
+char * X509V3_get_string(ctx, name, section)
+X509V3_CTX *ctx;
+char *name;
+char *section;
+{
+ if(ctx->db_meth->get_string)
+ return ctx->db_meth->get_string(ctx->db, name, section);
+ return NULL;
+}
+
+STACK * X509V3_get_section(ctx, section)
+X509V3_CTX *ctx;
+char *section;
+{
+ if(ctx->db_meth->get_section)
+ return ctx->db_meth->get_section(ctx->db, section);
+ return NULL;
+}
+
+void X509V3_free_string(ctx, str)
+X509V3_CTX *ctx;
+char *str;
+{
+ if(ctx->db_meth->free_string)
+ return ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_free_section(ctx, section)
+X509V3_CTX *ctx;
+STACK *section;
+{
+ if(ctx->db_meth->free_section)
+ return ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *conf_lhash_get_string(db, section, value)
+void *db;
+char *section;
+char *value;
+{
+ return CONF_get_string(db, section, value);
+}
+
+static STACK *conf_lhash_get_section(db, section)
+void *db;
+char *section;
+{
+ return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+conf_lhash_get_string,
+conf_lhash_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_conf_lhash(ctx, lhash)
+X509V3_CTX *ctx;
+LHASH *lhash;
+{
+ ctx->db_meth = &conf_lhash_method;
+ ctx->db = lhash;
+}
+
+void X509V3_set_ctx(ctx, issuer, subj, req, crl, flags)
+X509V3_CTX *ctx;
+X509 *issuer;
+X509 *subj;
+X509_REQ *req;
+X509_CRL *crl;
+int flags;
+{
+ ctx->issuer_cert = issuer;
+ ctx->subject_cert = subj;
+ ctx->crl = crl;
+ ctx->subject_req = req;
+ ctx->flags = flags;
+}
typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out, int indent);
-typedef char *(*X509V3_EXT_R2I)(struct v3_ext_method *method, char *db, char *value);
+typedef char * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
/* V3 extension structure */
/* The following are used for raw extensions */
X509V3_EXT_I2R i2r;
-X509V3_EXT_R2I r2i; /* Doesn't do anything *YET* */
+X509V3_EXT_R2I r2i;
char *usr_data; /* Any extension specific data */
};
+typedef struct X509V3_CONF_METHOD_st {
+char * (*get_string)(void *db, char *section, char *value);
+STACK * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK *section);
+} X509V3_CONF_METHOD;
/* Context specific info */
struct v3_ext_ctx {
X509 *subject_cert;
X509_REQ *subject_req;
X509_CRL *crl;
+X509V3_CONF_METHOD *db_meth;
+void *db;
/* Maybe more here */
};
int X509V3_EXT_check_conf(LHASH *conf, char *section);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
#endif
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK * X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_free_string(X509V3_CTX *ctx, char *str);
+void X509V3_free_section( X509V3_CTX *ctx, STACK *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+ X509_REQ *req, X509_CRL *crl, int flags);
+
int X509V3_add_value(char *name, char *value, STACK **extlist);
int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
int X509V3_EXT_check_conf();
int X509V3_get_value_bool();
int X509V3_get_value_int();
+void X509V3_set_conf_lhash();
#endif
+char * X509V3_get_string();
+STACK * X509V3_get_section();
+void X509V3_free_string();
+void X509V3_free_section();
+void X509V3_set_ctx();
+
int X509V3_add_value();
int X509V3_add_value_bool();
int X509V3_add_value_int();