From fd52057729fcf050734882069e6fa3f02b555cd2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 11 Aug 1999 13:08:58 +0000 Subject: [PATCH] Add functions to allow extensions to be added to certificate requests. Modify obj_dat.pl to take its files from the command line. Usage is now perl obj_dat.pl objects.h obj_dat.h this should avoid redirection shell escape problems under Win32. --- CHANGES | 10 ++++--- Configure | 2 +- crypto/objects/Makefile.ssl | 2 +- crypto/objects/obj_dat.pl | 54 ++++++++++++++++++++----------------- crypto/x509/x509.h | 3 +++ crypto/x509/x509_req.c | 45 +++++++++++++++++++++++++++++++ doc/openssl.txt | 2 +- 7 files changed, 88 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index 33130ff462..6d77412f7a 100644 --- a/CHANGES +++ b/CHANGES @@ -4,10 +4,14 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Changed obj_dat.pl script so it takes its input and output files on + the command line. This should avoid shell escape redirection problems + under Win32. + [Steve Henson] + *) Initial support for certificate extension requests, these are included - in things like Xenroll certificate requests. They will later be used to - allow PKCS#10 requests to include a list of "requested extensions" which - can be added. + in things like Xenroll certificate requests. Included functions to allow + extensions to be obtained and added. [Steve Henson] *) -crlf option to s_client and s_server for sending newlines as diff --git a/Configure b/Configure index fdad0c238c..d0917d85b7 100755 --- a/Configure +++ b/Configure @@ -724,7 +724,7 @@ if($IsWindows) { EOF close(OUT); - system "perl crypto/objects/obj_dat.pl crypto\\objects\\obj_dat.h"; + system "perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h"; } else { (system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?; ### (system 'make depend') == 0 or exit $? if $depflags ne ""; diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl index a3a15c13c1..8b15ab0d6c 100644 --- a/crypto/objects/Makefile.ssl +++ b/crypto/objects/Makefile.ssl @@ -38,7 +38,7 @@ top: all: obj_dat.h lib obj_dat.h: objects.h obj_dat.pl - $(PERL) ./obj_dat.pl < objects.h > obj_dat.h + $(PERL) ./obj_dat.pl objects.h obj_dat.h lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl index 5043daef2a..e6e3c3b9c0 100644 --- a/crypto/objects/obj_dat.pl +++ b/crypto/objects/obj_dat.pl @@ -38,7 +38,10 @@ sub expand_obj return(%objn); } -while (<>) +open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]"; +open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]"; + +while () { next unless /^\#define\s+(\S+)\s+(.*)$/; $v=$1; @@ -55,6 +58,7 @@ while (<>) $objd{$v}=$d; } } +close IN; %ob=&expand_obj(*objd); @@ -132,7 +136,7 @@ foreach (sort obj_cmp @a) push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v)); } -print <<'EOF'; +print OUT <<'EOF'; /* lib/obj/obj_dat.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. @@ -193,21 +197,21 @@ print <<'EOF'; /* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the * following command: - * perl obj_dat.pl < objects.h > obj_dat.h + * perl obj_dat.pl objects.h obj_dat.h */ EOF -printf "#define NUM_NID %d\n",$n; -printf "#define NUM_SN %d\n",$#sn+1; -printf "#define NUM_LN %d\n",$#ln+1; -printf "#define NUM_OBJ %d\n\n",$#ob+1; +printf OUT "#define NUM_NID %d\n",$n; +printf OUT "#define NUM_SN %d\n",$#sn+1; +printf OUT "#define NUM_LN %d\n",$#ln+1; +printf OUT "#define NUM_OBJ %d\n\n",$#ob+1; -printf "static unsigned char lvalues[%d]={\n",$lvalues+1; -print @lvalues; -print "};\n\n"; +printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1; +print OUT @lvalues; +print OUT "};\n\n"; -printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; +printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; foreach (@out) { if (length($_) > 75) @@ -218,30 +222,32 @@ foreach (@out) $t=$out.$_.","; if (length($t) > 70) { - print "$out\n"; + print OUT "$out\n"; $t="\t$_,"; } $out=$t; } chop $out; - print "$out"; + print OUT "$out"; } else - { print $_; } + { print OUT $_; } } -print "};\n\n"; +print OUT "};\n\n"; + +printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; +print OUT @sn; +print OUT "};\n\n"; -printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; -print @sn; -print "};\n\n"; +printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; +print OUT @ln; +print OUT "};\n\n"; -printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; -print @ln; -print "};\n\n"; +printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; +print OUT @ob; +print OUT "};\n\n"; -printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; -print @ob; -print "};\n\n"; +close OUT; sub der_it { diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 80ca680594..7bb4dbf125 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -791,6 +791,9 @@ int X509_REQ_extension_nid(int nid); int * X509_REQ_get_extesion_nids(void); void X509_REQ_set_extension_nids(int *nids); STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 6544f03f2c..b52a59c263 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -169,3 +169,48 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) d2i_X509_EXTENSION, X509_EXTENSION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); } + +/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs + * in case we want to create a non standard one. + */ + +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) +{ + unsigned char *p = NULL, *q; + long len; + ASN1_TYPE *at = NULL; + X509_ATTRIBUTE *attr = NULL; + if(!(at = ASN1_TYPE_new()) || + !(at->value.sequence = ASN1_STRING_new())) goto err; + + at->type = V_ASN1_SEQUENCE; + /* Generate encoding of extensions */ + len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, + V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(p = Malloc(len))) goto err; + q = p; + i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, + V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); + at->value.sequence->data = p; + p = NULL; + at->value.sequence->length = len; + if(!(attr = X509_ATTRIBUTE_new())) goto err; + if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; + if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; + at = NULL; + attr->set = 1; + attr->object = OBJ_nid2obj(nid); + if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; + return 1; + err: + if(p) Free(p); + X509_ATTRIBUTE_free(attr); + ASN1_TYPE_free(at); + return 0; +} +/* This is the normal usage: use the "official" OID */ +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) +{ + return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); +} diff --git a/doc/openssl.txt b/doc/openssl.txt index 2f50038d17..2a84be420a 100644 --- a/doc/openssl.txt +++ b/doc/openssl.txt @@ -561,7 +561,7 @@ takes the NID of the extension rather than its name. For example to produce basicConstraints with the CA flag and a path length of 10: -x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10"); +x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10"); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); -- 2.25.1