From: Dr. Stephen Henson Date: Thu, 28 Jun 2001 11:41:50 +0000 (+0000) Subject: Modify apps to use NCONF code instead of old CONF code. X-Git-Tag: OpenSSL_0_9_6c~182^2~62 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b7a26e6dafdbf97513e968a45757a4d4e9843ba2;p=oweals%2Fopenssl.git Modify apps to use NCONF code instead of old CONF code. Add new extension functions which work with NCONF. Tidy up extension config routines and remove redundant code. Fix NCONF_get_number(). Todo: more testing of apps to see they still work... --- diff --git a/CHANGES b/CHANGES index 74189b35c2..76d123a612 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,14 @@ *) applies to 0.9.6a (/0.9.6b) and 0.9.7 +) applies to 0.9.7 only + +) Rewrite apps to use NCONF routines instead of the old CONF. New functions + to support NCONF routines in extension code. New function CONF_set_nconf() + to allow functions which take an NCONF to also handle the old LHASH + structure: this means that the old CONF compatible routines can be + retained (in particular wrt extensions) without having to duplicate the + code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. + [Steve Henson] + *) Handle special case when X509_NAME is empty in X509 printing routines. [Steve Henson] diff --git a/apps/apps.c b/apps/apps.c index d3b6ca82ee..2d2fb38858 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio) return BUF_strdup(tpass); } -int add_oid_section(BIO *err, LHASH *conf) +int add_oid_section(BIO *err, CONF *conf) { char *p; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; - if(!(p=CONF_get_string(conf,NULL,"oid_section"))) + if(!(p=NCONF_get_string(conf,NULL,"oid_section"))) { ERR_clear_error(); return 1; } - if(!(sktmp = CONF_get_section(conf, p))) { + if(!(sktmp = NCONF_get_section(conf, p))) { BIO_printf(err, "problem loading oid section %s\n", p); return 0; } diff --git a/apps/apps.h b/apps/apps.h index 34935bde42..ae2f7f0833 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -101,7 +101,7 @@ extern BIO *bio_err; #else #define MAIN(a,v) PROG(a,v) -extern LHASH *config; +extern CONF *config; extern char *default_config_file; extern BIO *bio_err; @@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg); int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); -int add_oid_section(BIO *err, LHASH *conf); +int add_oid_section(BIO *err, CONF *conf); X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); EVP_PKEY *load_key(BIO *err, const char *file, int format, diff --git a/apps/ca.c b/apps/ca.c index e66331845e..e0a9ef9eae 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,char *enddate, - int days, int batch, char *ext_sect, LHASH *conf,int verbose, + long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, char *startdate, - char *enddate, int days, int batch, char *ext_sect, - LHASH *conf,int verbose, unsigned long certopt, + char *enddate, long days, int batch, char *ext_sect, + CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, char *startdate, - char *enddate, int days, char *ext_sect,LHASH *conf, + char *enddate, long days, char *ext_sect,CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, - char *startdate, char *enddate, int days, int batch, int verbose, - X509_REQ *req, char *ext_sect, LHASH *conf, + char *startdate, char *enddate, long days, int batch, int verbose, + X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static X509_NAME *do_subject(char *subject); @@ -245,8 +245,8 @@ static int check_time_format(char *str); char *make_revocation_str(int rev_type, char *rev_arg); int make_revoked(X509_REVOKED *rev, char *str); int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); -static LHASH *conf=NULL; -static LHASH *extconf=NULL; +static CONF *conf=NULL; +static CONF *extconf=NULL; static char *section=NULL; static int preserve=0; @@ -300,7 +300,7 @@ int MAIN(int argc, char **argv) BIGNUM *serial=NULL; char *startdate=NULL; char *enddate=NULL; - int days=0; + long days=0; int batch=0; int notext=0; unsigned long nameopt = 0, certopt = 0; @@ -571,7 +571,8 @@ bad: } BIO_printf(bio_err,"Using configuration from %s\n",configfile); - if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL) + conf = NCONF_new(NULL); + if (NCONF_load(conf,configfile,&errorline) <= 0) { if (errorline <= 0) BIO_printf(bio_err,"error loading the config file '%s'\n", @@ -585,7 +586,7 @@ bad: /* Lets get the config section we are using */ if (section == NULL) { - section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); + section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); if (section == NULL) { lookup_fail(BASE_SECTION,ENV_DEFAULT_CA); @@ -595,7 +596,7 @@ bad: if (conf != NULL) { - p=CONF_get_string(conf,NULL,"oid_file"); + p=NCONF_get_string(conf,NULL,"oid_file"); if (p == NULL) ERR_clear_error(); if (p != NULL) @@ -624,7 +625,7 @@ bad: } } - randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE"); + randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); @@ -643,7 +644,7 @@ bad: /* report status of cert with serial number given on command line */ if (ser_status) { - if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) { lookup_fail(section,ENV_DATABASE); goto err; @@ -676,7 +677,7 @@ bad: /*****************************************************************/ /* we definitely need a public key, so let's get it */ - if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, + if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) { lookup_fail(section,ENV_PRIVATE_KEY); @@ -698,7 +699,7 @@ bad: /*****************************************************************/ /* we need a certificate */ - if ((certfile == NULL) && ((certfile=CONF_get_string(conf, + if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, section,ENV_CERTIFICATE)) == NULL)) { lookup_fail(section,ENV_CERTIFICATE); @@ -715,18 +716,18 @@ bad: goto err; } - f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); + f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if (f == NULL) ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) preserve=1; - f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); + f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); if (f == NULL) ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) msie_hack=1; - f=CONF_get_string(conf,section,ENV_NAMEOPT); + f=NCONF_get_string(conf,section,ENV_NAMEOPT); if (f) { @@ -740,7 +741,7 @@ bad: else ERR_clear_error(); - f=CONF_get_string(conf,section,ENV_CERTOPT); + f=NCONF_get_string(conf,section,ENV_CERTOPT); if (f) { @@ -754,7 +755,7 @@ bad: else ERR_clear_error(); - f=CONF_get_string(conf,section,ENV_EXTCOPY); + f=NCONF_get_string(conf,section,ENV_EXTCOPY); if (f) { @@ -773,7 +774,7 @@ bad: { struct stat sb; - if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) + if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) == NULL) { BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); @@ -816,7 +817,7 @@ bad: /*****************************************************************/ /* we need to load the database file */ - if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) { lookup_fail(section,ENV_DATABASE); goto err; @@ -995,7 +996,8 @@ bad: /* Read extentions config file */ if (extfile) { - if (!(extconf=CONF_load(NULL,extfile,&errorline))) + extconf = NCONF_new(NULL); + if (NCONF_load(extconf,extfile,&errorline) <= 0) { if (errorline <= 0) BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", @@ -1011,7 +1013,7 @@ bad: BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile); /* We can have sections in the ext file */ - if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions"))) + if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) extensions = "default"; } @@ -1040,7 +1042,7 @@ bad: if (req) { - if ((md == NULL) && ((md=CONF_get_string(conf, + if ((md == NULL) && ((md=NCONF_get_string(conf, section,ENV_DEFAULT_MD)) == NULL)) { lookup_fail(section,ENV_DEFAULT_MD); @@ -1054,7 +1056,7 @@ bad: if (verbose) BIO_printf(bio_err,"message digest is %s\n", OBJ_nid2ln(dgst->type)); - if ((policy == NULL) && ((policy=CONF_get_string(conf, + if ((policy == NULL) && ((policy=NCONF_get_string(conf, section,ENV_POLICY)) == NULL)) { lookup_fail(section,ENV_POLICY); @@ -1063,7 +1065,7 @@ bad: if (verbose) BIO_printf(bio_err,"policy is %s\n",policy); - if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL)) + if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL)) == NULL) { lookup_fail(section,ENV_SERIAL); @@ -1076,7 +1078,7 @@ bad: * in the main configuration file */ if (!extensions) { - extensions=CONF_get_string(conf,section, + extensions=NCONF_get_string(conf,section, ENV_EXTENSIONS); if (!extensions) ERR_clear_error(); @@ -1086,8 +1088,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, extensions, + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, @@ -1101,7 +1103,7 @@ bad: if (startdate == NULL) { - startdate=CONF_get_string(conf,section, + startdate=NCONF_get_string(conf,section, ENV_DEFAULT_STARTDATE); if (startdate == NULL) ERR_clear_error(); @@ -1115,7 +1117,7 @@ bad: if (enddate == NULL) { - enddate=CONF_get_string(conf,section, + enddate=NCONF_get_string(conf,section, ENV_DEFAULT_ENDDATE); if (enddate == NULL) ERR_clear_error(); @@ -1128,8 +1130,8 @@ bad: if (days == 0) { - days=(int)CONF_get_number(conf,section, - ENV_DEFAULT_DAYS); + if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days)) + days = 0; } if (!enddate && (days == 0)) { @@ -1149,7 +1151,7 @@ bad: OPENSSL_free(f); } - if ((attribs=CONF_get_section(conf,policy)) == NULL) + if ((attribs=NCONF_get_section(conf,policy)) == NULL) { BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); goto err; @@ -1404,7 +1406,7 @@ bad: int crl_v2 = 0; if (!crl_ext) { - crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); + crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT); if (!crl_ext) ERR_clear_error(); } @@ -1413,8 +1415,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) { BIO_printf(bio_err, "Error Loading CRL extension section %s\n", @@ -1426,10 +1428,12 @@ bad: if (!crldays && !crlhours) { - crldays=CONF_get_number(conf,section, - ENV_DEFAULT_CRL_DAYS); - crlhours=CONF_get_number(conf,section, - ENV_DEFAULT_CRL_HOURS); + if (!NCONF_get_number(conf,section, + ENV_DEFAULT_CRL_DAYS, &crldays)) + crldays = 0; + if (!NCONF_get_number(conf,section, + ENV_DEFAULT_CRL_HOURS, &crlhours)) + crlhours = 0; } if ((crldays == 0) && (crlhours == 0)) { @@ -1505,9 +1509,9 @@ bad: if (ci->version == NULL) if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); - X509V3_set_conf_lhash(&crlctx, conf); + X509V3_set_nconf(&crlctx, conf); - if (!X509V3_EXT_CRL_add_conf(conf, &crlctx, + if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl)) goto err; } if (crl_ext || crl_v2) @@ -1593,7 +1597,7 @@ err: EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); - CONF_free(conf); + NCONF_free(conf); OBJ_cleanup(); apps_shutdown(); EXIT(ret); @@ -1704,8 +1708,8 @@ err: static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *subj, char *startdate, char *enddate, int days, - int batch, char *ext_sect, LHASH *lconf, int verbose, + BIGNUM *serial, char *subj, char *startdate, char *enddate, long days, + int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -1766,8 +1770,8 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *subj, char *startdate, char *enddate, int days, - int batch, char *ext_sect, LHASH *lconf, int verbose, + BIGNUM *serial, char *subj, char *startdate, char *enddate, long days, + int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) { @@ -1820,8 +1824,8 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, - char *startdate, char *enddate, int days, int batch, int verbose, - X509_REQ *req, char *ext_sect, LHASH *lconf, + char *startdate, char *enddate, long days, int batch, int verbose, + X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2143,13 +2147,13 @@ again2: BIO_printf(bio_err, "Extra configuration file found\n"); /* Use the extconf configuration db LHASH */ - X509V3_set_conf_lhash(&ctx, extconf); + X509V3_set_nconf(&ctx, extconf); /* Test the structure (needed?) */ /* X509V3_set_ctx_test(&ctx); */ /* Adds exts contained in the configuration file */ - if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret)) + if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret)) { BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", @@ -2163,9 +2167,9 @@ again2: else if (ext_sect) { /* We found extensions to be set from config file */ - X509V3_set_conf_lhash(&ctx, lconf); + X509V3_set_nconf(&ctx, lconf); - if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) + if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) { BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); ERR_print_errors(bio_err); @@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *subj, char *startdate, char *enddate, int days, - char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt, + BIGNUM *serial, char *subj, char *startdate, char *enddate, long days, + char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { STACK_OF(CONF_VALUE) *sk=NULL; diff --git a/apps/openssl.c b/apps/openssl.c index 22bd52ffed..f8d4ac69d6 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void); static int MS_CALLBACK cmp(const void *a_void,const void *b_void); static LHASH *prog_init(void ); static int do_cmd(LHASH *prog,int argc,char *argv[]); -LHASH *config=NULL; +CONF *config=NULL; char *default_config_file=NULL; /* Make sure there is only one when MONOLITH is defined */ @@ -269,8 +269,9 @@ int main(int Argc, char *Argv[]) default_config_file=p; - config=CONF_load(config,p,&errline); - if (config == NULL) ERR_clear_error(); + config=NCONF_new(NULL); + i=NCONF_load(config,p,&errline); + if (i == 0) ERR_clear_error(); prog=prog_init(); @@ -339,7 +340,7 @@ int main(int Argc, char *Argv[]) end: if (config != NULL) { - CONF_free(config); + NCONF_free(config); config=NULL; } if (prog != NULL) lh_free(prog); diff --git a/apps/req.c b/apps/req.c index 9269aa85ac..f534e3af20 100644 --- a/apps/req.c +++ b/apps/req.c @@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req, static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, STACK_OF(CONF_VALUE) *attr, int attribs); static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int min, - int max); + char *def, char *value, int nid, int n_min, + int n_max); static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid,int min,int max); + int nid,int n_min,int n_max); #ifndef OPENSSL_NO_RSA static void MS_CALLBACK req_cb(int p,int n,void *arg); #endif -static int req_check_len(int len,int min,int max); +static int req_check_len(int len,int n_min,int n_max); static int check_end(char *str, char *end); #ifndef MONOLITH static char *default_config_file=NULL; -static LHASH *config=NULL; +static CONF *config=NULL; #endif -static LHASH *req_conf=NULL; +static CONF *req_conf=NULL; static int batch=0; #define TYPE_RSA 1 @@ -152,7 +152,8 @@ int MAIN(int argc, char **argv) X509 *x509ss=NULL; X509_REQ *req=NULL; EVP_PKEY *pkey=NULL; - int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA; + int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA; + long newkey = -1; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0,subject=0; @@ -457,7 +458,8 @@ bad: p=config_name; } default_config_file=p; - config=CONF_load(config,p,NULL); + config=NCONF_new(NULL); + i=NCONF_load(config, p); #endif if (template != NULL) @@ -465,8 +467,9 @@ bad: long errline; BIO_printf(bio_err,"Using configuration from %s\n",template); - req_conf=CONF_load(NULL,template,&errline); - if (req_conf == NULL) + req_conf=NCONF_new(NULL); + i=NCONF_load(req_conf,template,&errline); + if (i == 0) { BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); goto end; @@ -477,7 +480,7 @@ bad: req_conf=config; BIO_printf(bio_err,"Using configuration from %s\n", default_config_file); - if (req_conf == NULL) + if (i == 0) { BIO_printf(bio_err,"Unable to load config info\n"); } @@ -485,7 +488,7 @@ bad: if (req_conf != NULL) { - p=CONF_get_string(req_conf,NULL,"oid_file"); + p=NCONF_get_string(req_conf,NULL,"oid_file"); if (p == NULL) ERR_clear_error(); if (p != NULL) @@ -511,7 +514,7 @@ bad: if (md_alg == NULL) { - p=CONF_get_string(req_conf,SECTION,"default_md"); + p=NCONF_get_string(req_conf,SECTION,"default_md"); if (p == NULL) ERR_clear_error(); if (p != NULL) @@ -523,7 +526,7 @@ bad: if (!extensions) { - extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); + extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); if (!extensions) ERR_clear_error(); } @@ -531,8 +534,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, req_conf); - if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) { + X509V3_set_nconf(&ctx, req_conf); + if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); goto end; @@ -541,19 +544,19 @@ bad: if(!passin) { - passin = CONF_get_string(req_conf, SECTION, "input_password"); + passin = NCONF_get_string(req_conf, SECTION, "input_password"); if (!passin) ERR_clear_error(); } if(!passout) { - passout = CONF_get_string(req_conf, SECTION, "output_password"); + passout = NCONF_get_string(req_conf, SECTION, "output_password"); if (!passout) ERR_clear_error(); } - p = CONF_get_string(req_conf, SECTION, STRING_MASK); + p = NCONF_get_string(req_conf, SECTION, STRING_MASK); if (!p) ERR_clear_error(); @@ -564,7 +567,7 @@ bad: if(!req_exts) { - req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); + req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); if (!req_exts) ERR_clear_error(); } @@ -572,8 +575,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, req_conf); - if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { + X509V3_set_nconf(&ctx, req_conf); + if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { BIO_printf(bio_err, "Error Loading request extension section %s\n", req_exts); @@ -600,7 +603,7 @@ bad: } if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { - char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); + char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); @@ -609,7 +612,7 @@ bad: if (newreq && (pkey == NULL)) { - char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); + char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); @@ -618,8 +621,7 @@ bad: if (newkey <= 0) { - newkey=(int)CONF_get_number(req_conf,SECTION,BITS); - if (newkey <= 0) + if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) newkey=DEFAULT_KEY_LENGTH; } @@ -659,7 +661,7 @@ bad: if (keyout == NULL) { - keyout=CONF_get_string(req_conf,SECTION,KEYFILE); + keyout=NCONF_get_string(req_conf,SECTION,KEYFILE); if (keyout == NULL) ERR_clear_error(); } @@ -685,11 +687,11 @@ bad: } } - p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); + p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); if (p == NULL) { ERR_clear_error(); - p=CONF_get_string(req_conf,SECTION,"encrypt_key"); + p=NCONF_get_string(req_conf,SECTION,"encrypt_key"); if (p == NULL) ERR_clear_error(); } @@ -806,10 +808,10 @@ loop: /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); - X509V3_set_conf_lhash(&ext_ctx, req_conf); + X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(extensions && !X509V3_EXT_add_conf(req_conf, + if(extensions && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions, x509ss)) { BIO_printf(bio_err, @@ -828,10 +830,10 @@ loop: /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); - X509V3_set_conf_lhash(&ext_ctx, req_conf); + X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, + if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx, req_exts, req)) { BIO_printf(bio_err, @@ -1009,7 +1011,7 @@ end: { ERR_print_errors(bio_err); } - if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); + if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); @@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs) STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; char *tmp, *dn_sect,*attr_sect; - tmp=CONF_get_string(req_conf,SECTION,PROMPT); + tmp=NCONF_get_string(req_conf,SECTION,PROMPT); if (tmp == NULL) ERR_clear_error(); if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1; - dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); + dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); if (dn_sect == NULL) { BIO_printf(bio_err,"unable to find '%s' in config\n", DISTINGUISHED_NAME); goto err; } - dn_sk=CONF_get_section(req_conf,dn_sect); + dn_sk=NCONF_get_section(req_conf,dn_sect); if (dn_sk == NULL) { BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect); goto err; } - attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES); + attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES); if (attr_sect == NULL) { ERR_clear_error(); @@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs) } else { - attr_sk=CONF_get_section(req_conf,attr_sect); + attr_sk=NCONF_get_section(req_conf,attr_sect); if (attr_sk == NULL) { BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect); @@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req, int i; char *p,*q; char buf[100]; - int nid,min,max; + int nid; + long n_min,n_max; char *type,*def,*value; CONF_VALUE *v; X509_NAME *subj; @@ -1204,27 +1207,29 @@ start: for (;;) /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; sprintf(buf,"%s_default",v->name); - if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } sprintf(buf,"%s_value",v->name); - if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); value=NULL; } sprintf(buf,"%s_min",v->name); - min=(int)CONF_get_number(req_conf,dn_sect,buf); + if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) + n_min = -1; sprintf(buf,"%s_max",v->name); - max=(int)CONF_get_number(req_conf,dn_sect,buf); + if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) + n_max = -1; if (!add_DN_object(subj,v->value,def,value,nid, - min,max)) + n_min,n_max)) return 0; } if (X509_NAME_entry_count(subj) == 0) @@ -1255,7 +1260,7 @@ start2: for (;;) goto start2; sprintf(buf,"%s_default",type); - if ((def=CONF_get_string(req_conf,attr_sect,buf)) + if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { ERR_clear_error(); @@ -1264,7 +1269,7 @@ start2: for (;;) sprintf(buf,"%s_value",type); - if ((value=CONF_get_string(req_conf,attr_sect,buf)) + if ((value=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { ERR_clear_error(); @@ -1272,13 +1277,15 @@ start2: for (;;) } sprintf(buf,"%s_min",type); - min=(int)CONF_get_number(req_conf,attr_sect,buf); + if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) + n_min = -1; sprintf(buf,"%s_max",type); - max=(int)CONF_get_number(req_conf,attr_sect,buf); + if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) + n_max = -1; if (!add_attribute_object(req, - v->value,def,value,nid,min,max)) + v->value,def,value,nid,n_min,n_max)) return 0; } } @@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid, int min, int max) + int nid, int n_min, int n_max) { int i,ret=0; MS_STATIC char buf[1024]; @@ -1393,7 +1400,7 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, min, max)) goto start; + if(!req_check_len(i, n_min, n_max)) goto start; if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC, (unsigned char *) buf, -1,-1,0)) goto err; ret=1; @@ -1402,8 +1409,8 @@ err: } static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int min, - int max) + char *def, char *value, int nid, int n_min, + int n_max) { int i; static char buf[1024]; @@ -1451,7 +1458,7 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, min, max)) goto start; + if(!req_check_len(i, n_min, n_max)) goto start; if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC, (unsigned char *)buf, -1)) { @@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) } #endif -static int req_check_len(int len, int min, int max) +static int req_check_len(int len, int n_min, int n_max) { - if (len < min) + if ((n_min > 0) && (len < n_min)) { - BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); + BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min); return(0); } - if ((max != 0) && (len > max)) + if ((n_max >= 0) && (len > n_max)) { - BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max); + BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max); return(0); } return(1); diff --git a/apps/spkac.c b/apps/spkac.c index 918efc0e5a..d43dc9f3b9 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -90,7 +90,7 @@ int MAIN(int argc, char **argv) char *passargin = NULL, *passin = NULL; char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; - LHASH *conf = NULL; + CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; char *engine=NULL; @@ -228,15 +228,16 @@ bad: goto end; } - conf = CONF_load_bio(NULL, in, NULL); + conf = NCONF_new(NULL); + i = NCONF_load_bio(conf, in, NULL); - if(!conf) { + if(!i) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); goto end; } - spkstr = CONF_get_string(conf, spksect, spkac); + spkstr = NCONF_get_string(conf, spksect, spkac); if(!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); @@ -285,7 +286,7 @@ bad: ret = 0; end: - CONF_free(conf); + NCONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free_all(out); diff --git a/apps/x509.c b/apps/x509.c index 8a392d813a..f18aaf5d9f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -139,10 +139,10 @@ NULL static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest, - LHASH *conf, char *section); + CONF *conf, char *section); static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, - int create,int days, int clrext, LHASH *conf, char *section, + int create,int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int reqfile=0; @@ -179,7 +179,7 @@ int MAIN(int argc, char **argv) int fingerprint=0; char buf[256]; const EVP_MD *md_alg,*digest=EVP_md5(); - LHASH *extconf = NULL; + CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; int checkend=0,checkoffset=0; @@ -479,7 +479,8 @@ bad: { long errorline; X509V3_CTX ctx2; - if (!(extconf=CONF_load(NULL,extfile,&errorline))) + extconf = NCONF_new(NULL); + if (!NCONF_load(extconf, extfile,&errorline)) { if (errorline <= 0) BIO_printf(bio_err, @@ -493,7 +494,7 @@ bad: } if (!extsect) { - extsect = CONF_get_string(extconf, "default", "extensions"); + extsect = NCONF_get_string(extconf, "default", "extensions"); if (!extsect) { ERR_clear_error(); @@ -501,8 +502,8 @@ bad: } } X509V3_set_ctx_test(&ctx2); - X509V3_set_conf_lhash(&ctx2, extconf); - if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) + X509V3_set_nconf(&ctx2, extconf); + if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", @@ -995,7 +996,7 @@ end: if (need_rand) app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); - CONF_free(extconf); + NCONF_free(extconf); BIO_free_all(out); BIO_free_all(STDout); X509_STORE_free(ctx); @@ -1116,7 +1117,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, - int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno) + int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno) { int ret=0; ASN1_INTEGER *bs=NULL; @@ -1166,8 +1167,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509V3_CTX ctx2; X509_set_version(x,2); /* version 3 certificate */ X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); - X509V3_set_conf_lhash(&ctx2, conf); - if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end; + X509V3_set_nconf(&ctx2, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end; } if (!X509_sign(x,pkey,digest)) goto end; @@ -1213,7 +1214,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx) /* self sign */ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, - LHASH *conf, char *section) + CONF *conf, char *section) { EVP_PKEY *pktmp; @@ -1243,8 +1244,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig X509V3_CTX ctx; X509_set_version(x,2); /* version 3 certificate */ X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err; + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err; } if (!X509_sign(x,pkey,digest)) goto err; return 1; diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 724378d07a..9a38134745 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -98,6 +98,7 @@ struct conf_method_st }; int CONF_set_default_method(CONF_METHOD *meth); +void CONF_set_nconf(CONF *conf,LHASH *hash); LHASH *CONF_load(LHASH *conf,const char *file,long *eline); #ifndef OPENSSL_NO_FP_API LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline); @@ -145,7 +146,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out); and should therefore be avoided */ long NCONF_get_number(CONF *conf,char *group,char *name); #else -#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r); +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) #endif diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 8e4d673fb8..4f0c1c6fc7 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT; static CONF_METHOD *default_CONF_method=NULL; +/* Init a 'CONF' structure from an old LHASH */ + +void CONF_set_nconf(CONF *conf, LHASH *hash) + { + if (default_CONF_method == NULL) + default_CONF_method = NCONF_default(); + + default_CONF_method->init(conf); + conf->data = hash; + } + /* The following section contains the "CONF classic" functions, rewritten in terms of the new CONF interface. */ @@ -118,11 +129,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) CONF ctmp; int ret; - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); + CONF_set_nconf(&ctmp, conf); - default_CONF_method->init(&ctmp); - ctmp.data = conf; ret = NCONF_load_bio(&ctmp, bp, eline); if (ret) return ctmp.data; @@ -138,12 +146,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section) else { CONF ctmp; - - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); - - default_CONF_method->init(&ctmp); - ctmp.data = conf; + CONF_set_nconf(&ctmp, conf); return NCONF_get_section(&ctmp, section); } } @@ -157,12 +160,7 @@ char *CONF_get_string(LHASH *conf,char *group,char *name) else { CONF ctmp; - - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); - - default_CONF_method->init(&ctmp); - ctmp.data = conf; + CONF_set_nconf(&ctmp, conf); return NCONF_get_string(&ctmp, group, name); } } @@ -179,12 +177,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name) else { CONF ctmp; - - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); - - default_CONF_method->init(&ctmp); - ctmp.data = conf; + CONF_set_nconf(&ctmp, conf); status = NCONF_get_number_e(&ctmp, group, name, &result); } @@ -199,12 +192,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name) void CONF_free(LHASH *conf) { CONF ctmp; - - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); - - default_CONF_method->init(&ctmp); - ctmp.data = conf; + CONF_set_nconf(&ctmp, conf); NCONF_free_data(&ctmp); } @@ -227,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out) int CONF_dump_bio(LHASH *conf, BIO *out) { CONF ctmp; - - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); - - default_CONF_method->init(&ctmp); - ctmp.data = conf; + CONF_set_nconf(&ctmp, conf); return NCONF_dump_bio(&ctmp, out); } @@ -362,7 +345,7 @@ int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result) if (str == NULL) return 0; - for (;conf->meth->is_number(conf, *str);) + for (*result = 0;conf->meth->is_number(conf, *str);) { *result = (*result)*10 + conf->meth->to_int(conf, *str); str++; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 07f4d3ffe7..1a3448e121 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -68,122 +68,137 @@ static int v3_check_critical(char **value); static int v3_check_generic(char **value); -static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); +static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); static char *conf_lhash_get_string(void *db, char *section, char *value); static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); -/* LHASH *conf: Config file */ +/* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value) -{ + { int crit; int ext_type; X509_EXTENSION *ret; crit = v3_check_critical(&value); - if((ext_type = v3_check_generic(&value))) + if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(name, value, crit, ext_type); - ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value); - if(!ret) { + ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); + if (!ret) + { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); ERR_add_error_data(4,"name=", name, ", value=", value); - } + } return ret; -} + } -/* LHASH *conf: Config file */ +/* CONF *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value) -{ + { int crit; int ext_type; crit = v3_check_critical(&value); - if((ext_type = v3_check_generic(&value))) + if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(OBJ_nid2sn(ext_nid), value, crit, ext_type); - return do_ext_conf(conf, ctx, ext_nid, crit, value); -} + return do_ext_nconf(conf, ctx, ext_nid, crit, value); + } -/* LHASH *conf: Config file */ +/* CONF *conf: Config file */ /* char *value: Value */ -static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, +static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) -{ + { X509V3_EXT_METHOD *method; X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; - if(ext_nid == NID_undef) { + if (ext_nid == NID_undef) + { X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; - } - if(!(method = X509V3_EXT_get_nid(ext_nid))) { + } + if (!(method = X509V3_EXT_get_nid(ext_nid))) + { X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); return NULL; - } + } /* Now get internal extension representation based on type */ - if(method->v2i) { - if(*value == '@') nval = CONF_get_section(conf, value + 1); + if (method->v2i) + { + if(*value == '@') nval = NCONF_get_section(conf, value + 1); else nval = X509V3_parse_list(value); - if(!nval) { + if(!nval) + { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); return NULL; - } + } ext_struc = method->v2i(method, ctx, nval); if(*value != '@') sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); if(!ext_struc) return NULL; - } else if(method->s2i) { + } + else if(method->s2i) + { if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; - } else if(method->r2i) { - if(!ctx->db) { + } + else if(method->r2i) + { + if(!ctx->db) + { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); return NULL; - } + } if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; - } else { + } + else + { X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); return NULL; - } + } ext = do_ext_i2d(method, ext_nid, crit, ext_struc); if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); else method->ext_free(ext_struc); return ext; -} + } static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) -{ + { unsigned char *ext_der; int ext_len; ASN1_OCTET_STRING *ext_oct; X509_EXTENSION *ext; /* Convert internal representation to DER */ - if(method->it) { + if (method->it) + { ext_der = NULL; ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); - if(ext_len < 0) goto merr; - } else { + if (ext_len < 0) goto merr; + } + else + { unsigned char *p; ext_len = method->i2d(ext_struc, NULL); if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; p = ext_der; method->i2d(ext_struc, &p); - } - if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; + } + if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); - if(!ext) goto merr; + if (!ext) goto merr; M_ASN1_OCTET_STRING_free(ext_oct); return ext; @@ -192,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); return NULL; -} + } /* Given an internal structure, nid and critical flag create an extension */ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) -{ + { X509V3_EXT_METHOD *method; - if(!(method = X509V3_EXT_get_nid(ext_nid))) { + if (!(method = X509V3_EXT_get_nid(ext_nid))) { X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -210,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) static int v3_check_critical(char **value) { char *p = *value; - if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; + if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p+=9; while(isspace((unsigned char)*p)) p++; *value = p; @@ -221,9 +236,9 @@ static int v3_check_critical(char **value) static int v3_check_generic(char **value) { char *p = *value; - if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; + if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; p+=4; - while(isspace((unsigned char)*p)) p++; + while (isspace((unsigned char)*p)) p++; *value = p; return 1; } @@ -231,148 +246,202 @@ static int v3_check_generic(char **value) /* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type) -{ -unsigned char *ext_der=NULL; -long ext_len; -ASN1_OBJECT *obj=NULL; -ASN1_OCTET_STRING *oct=NULL; -X509_EXTENSION *extension=NULL; -if(!(obj = OBJ_txt2obj(ext, 0))) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); - ERR_add_error_data(2, "name=", ext); - goto err; -} + { + unsigned char *ext_der=NULL; + long ext_len; + ASN1_OBJECT *obj=NULL; + ASN1_OCTET_STRING *oct=NULL; + X509_EXTENSION *extension=NULL; + if (!(obj = OBJ_txt2obj(ext, 0))) + { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); + ERR_add_error_data(2, "name=", ext); + goto err; + } -if(!(ext_der = string_to_hex(value, &ext_len))) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); - ERR_add_error_data(2, "value=", value); - goto err; -} + if (!(ext_der = string_to_hex(value, &ext_len))) + { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); + ERR_add_error_data(2, "value=", value); + goto err; + } -if(!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); - goto err; -} + if (!(oct = M_ASN1_OCTET_STRING_new())) + { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); + goto err; + } -oct->data = ext_der; -oct->length = ext_len; -ext_der = NULL; + oct->data = ext_der; + oct->length = ext_len; + ext_der = NULL; -extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); + extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); -err: -ASN1_OBJECT_free(obj); -M_ASN1_OCTET_STRING_free(oct); -if(ext_der) OPENSSL_free(ext_der); -return extension; -} + err: + ASN1_OBJECT_free(obj); + M_ASN1_OCTET_STRING_free(oct); + if(ext_der) OPENSSL_free(ext_der); + return extension; + + } /* This is the main function: add a bunch of extensions based on a config file - * section + * section to an extension STACK. */ -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert) -{ + +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, + STACK_OF(X509_EXTENSION) **sk) + { X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; - if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + if (!(nval = NCONF_get_section(conf, section))) return 0; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) + { val = sk_CONF_VALUE_value(nval, i); - if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) + if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) return 0; - if(cert) X509_add_ext(cert, ext, -1); + if (sk) X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); - } + } return 1; -} + } + +/* Convenience functions to add extensions to a certificate, CRL and request */ + +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509 *cert) + { + STACK_OF(X509_EXTENSION) **sk = NULL; + if (cert) + sk = &cert->cert_info->extensions; + return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); + } /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl) -{ - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; - int i; - if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) - return 0; - if(crl) X509_CRL_add_ext(crl, ext, -1); - X509_EXTENSION_free(ext); + { + STACK_OF(X509_EXTENSION) **sk = NULL; + if (crl) + sk = &crl->crl->extensions; + return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); } - return 1; -} /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req) -{ - X509_EXTENSION *ext; - STACK_OF(X509_EXTENSION) *extlist = NULL; - STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; + { + STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; int i; - if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) - return 0; - if(!extlist) extlist = sk_X509_EXTENSION_new_null(); - sk_X509_EXTENSION_push(extlist, ext); - } - if(req) i = X509_REQ_add_extensions(req, extlist); - else i = 1; + if (req) + sk = &extlist; + i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); + if (!i || !sk) + return i; + i = X509_REQ_add_extensions(req, extlist); sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); return i; -} + } /* Config database functions */ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) -{ - if(ctx->db_meth->get_string) + { + if (ctx->db_meth->get_string) return ctx->db_meth->get_string(ctx->db, name, section); return NULL; -} + } STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) -{ - if(ctx->db_meth->get_section) + { + if (ctx->db_meth->get_section) return ctx->db_meth->get_section(ctx->db, section); return NULL; -} + } void X509V3_string_free(X509V3_CTX *ctx, char *str) -{ - if(!str) return; - if(ctx->db_meth->free_string) + { + if (!str) return; + if (ctx->db_meth->free_string) ctx->db_meth->free_string(ctx->db, str); -} + } void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) -{ - if(!section) return; - if(ctx->db_meth->free_section) + { + if (!section) return; + if (ctx->db_meth->free_section) ctx->db_meth->free_section(ctx->db, section); -} + } + +static char *nconf_get_string(void *db, char *section, char *value) + { + return NCONF_get_string(db, section, value); + } + +static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) + { + return NCONF_get_section(db, section); + } + +static X509V3_CONF_METHOD nconf_method = { +nconf_get_string, +nconf_get_section, +NULL, +NULL +}; + +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) + { + ctx->db_meth = &nconf_method; + ctx->db = conf; + } + +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, + X509_CRL *crl, int flags) + { + ctx->issuer_cert = issuer; + ctx->subject_cert = subj; + ctx->crl = crl; + ctx->subject_req = req; + ctx->flags = flags; + } + +/* Old conf compatibility functions */ + +X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, + char *value) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); + return X509V3_EXT_nconf(&ctmp, ctx, name, value); + } + +/* LHASH *conf: Config file */ +/* char *value: Value */ +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, + char *value) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); + return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); + } static char *conf_lhash_get_string(void *db, char *section, char *value) -{ + { return CONF_get_string(db, section, value); -} + } static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) -{ + { return CONF_get_section(db, section); -} + } static X509V3_CONF_METHOD conf_lhash_method = { conf_lhash_get_string, @@ -382,17 +451,35 @@ NULL }; void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) -{ + { ctx->db_meth = &conf_lhash_method; ctx->db = lhash; -} + } -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) -{ - ctx->issuer_cert = issuer; - ctx->subject_cert = subj; - ctx->crl = crl; - ctx->subject_req = req; - ctx->flags = flags; -} +int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, + X509 *cert) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); + return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); + } + +/* Same as above but for a CRL */ + +int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, + X509_CRL *crl) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); + return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); + } + +/* Add extensions to certificate request */ + +int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); + return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); + } diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 65ef776d7e..8dfa73cbe1 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -459,15 +459,25 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); + X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); + int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); #endif