Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
接近 2 年 前同步成功

通知 12
Star 18
Fork 1
T
Third Party Openssl
提交 b7a26e6d 编写于 作者: D Dr. Stephen Henson
浏览文件
操作 

Modify apps to use NCONF code instead of old CONF code.

Add new extension functions which work with NCONF.

Tidy up extension config routines and remove redundant code.

Fix NCONF_get_number().

Todo: more testing of apps to see they still work...
上级 ce16450a
隐藏空白更改
内联 并排
Showing with 432 addition and 329 deletion
CHANGES
浏览文件 @ b7a26e6d
......@@ -11,6 +11,14 @@
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
+) applies to 0.9.7 only
+) Rewrite apps to use NCONF routines instead of the old CONF. New functions
to support NCONF routines in extension code. New function CONF_set_nconf()
to allow functions which take an NCONF to also handle the old LHASH
structure: this means that the old CONF compatible routines can be
retained (in particular wrt extensions) without having to duplicate the
code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
[Steve Henson]
*) Handle special case when X509_NAME is empty in X509 printing routines.
[Steve Henson]
......
apps/apps.c
浏览文件 @ b7a26e6d
......@@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
return BUF_strdup(tpass);
}
int add_oid_section(BIO *err, LHASH *conf)
int add_oid_section(BIO *err, CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
if(!(p=CONF_get_string(conf,NULL,"oid_section")))
if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
{
ERR_clear_error();
return 1;
}
if(!(sktmp = CONF_get_section(conf, p))) {
if(!(sktmp = NCONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}
......
apps/apps.h
浏览文件 @ b7a26e6d
......@@ -101,7 +101,7 @@ extern BIO *bio_err;
#else
#define MAIN(a,v) PROG(a,v)
extern LHASH *config;
extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
......@@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int add_oid_section(BIO *err, LHASH *conf);
int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
EVP_PKEY *load_key(BIO *err, const char *file, int format,
......
apps/ca.c
浏览文件 @ b7a26e6d
......@@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate,char *enddate,
int days, int batch, char *ext_sect, LHASH *conf,int verbose,
long days, int batch, char *ext_sect, CONF *conf,int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
char *enddate, int days, int batch, char *ext_sect,
LHASH *conf,int verbose, unsigned long certopt,
char *enddate, long days, int batch, char *ext_sect,
CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
char *enddate, int days, char *ext_sect,LHASH *conf,
char *enddate, long days, char *ext_sect,CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
char *startdate, char *enddate, int days, int batch, int verbose,
X509_REQ *req, char *ext_sect, LHASH *conf,
char *startdate, char *enddate, long days, int batch, int verbose,
X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static X509_NAME *do_subject(char *subject);
......@@ -245,8 +245,8 @@ static int check_time_format(char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
static LHASH *conf=NULL;
static LHASH *extconf=NULL;
static CONF *conf=NULL;
static CONF *extconf=NULL;
static char *section=NULL;
static int preserve=0;
......@@ -300,7 +300,7 @@ int MAIN(int argc, char **argv)
BIGNUM *serial=NULL;
char *startdate=NULL;
char *enddate=NULL;
int days=0;
long days=0;
int batch=0;
int notext=0;
unsigned long nameopt = 0, certopt = 0;
......@@ -571,7 +571,8 @@ bad:
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
conf = NCONF_new(NULL);
if (NCONF_load(conf,configfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err,"error loading the config file '%s'\n",
......@@ -585,7 +586,7 @@ bad:
/* Lets get the config section we are using */
if (section == NULL)
{
section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
if (section == NULL)
{
lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
......@@ -595,7 +596,7 @@ bad:
if (conf != NULL)
{
p=CONF_get_string(conf,NULL,"oid_file");
p=NCONF_get_string(conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
......@@ -624,7 +625,7 @@ bad:
}
}
randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
......@@ -643,7 +644,7 @@ bad:
/* report status of cert with serial number given on command line */
if (ser_status)
{
if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
......@@ -676,7 +677,7 @@ bad:
/*****************************************************************/
/* we definitely need a public key, so let's get it */
if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
{
lookup_fail(section,ENV_PRIVATE_KEY);
......@@ -698,7 +699,7 @@ bad:
/*****************************************************************/
/* we need a certificate */
if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
{
lookup_fail(section,ENV_CERTIFICATE);
......@@ -715,18 +716,18 @@ bad:
goto err;
}
f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
preserve=1;
f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
msie_hack=1;
f=CONF_get_string(conf,section,ENV_NAMEOPT);
f=NCONF_get_string(conf,section,ENV_NAMEOPT);
if (f)
{
......@@ -740,7 +741,7 @@ bad:
else
ERR_clear_error();
f=CONF_get_string(conf,section,ENV_CERTOPT);
f=NCONF_get_string(conf,section,ENV_CERTOPT);
if (f)
{
......@@ -754,7 +755,7 @@ bad:
else
ERR_clear_error();
f=CONF_get_string(conf,section,ENV_EXTCOPY);
f=NCONF_get_string(conf,section,ENV_EXTCOPY);
if (f)
{
......@@ -773,7 +774,7 @@ bad:
{
struct stat sb;
if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
== NULL)
{
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
......@@ -816,7 +817,7 @@ bad:
/*****************************************************************/
/* we need to load the database file */
if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
......@@ -995,7 +996,8 @@ bad:
/* Read extentions config file */
if (extfile)
{
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
extconf = NCONF_new(NULL);
if (NCONF_load(extconf,extfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
......@@ -1011,7 +1013,7 @@ bad:
BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
/* We can have sections in the ext file */
if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
extensions = "default";
}
......@@ -1040,7 +1042,7 @@ bad:
if (req)
{
if ((md == NULL) && ((md=CONF_get_string(conf,
if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
......@@ -1054,7 +1056,7 @@ bad:
if (verbose)
BIO_printf(bio_err,"message digest is %s\n",
OBJ_nid2ln(dgst->type));
if ((policy == NULL) && ((policy=CONF_get_string(conf,
if ((policy == NULL) && ((policy=NCONF_get_string(conf,
section,ENV_POLICY)) == NULL))
{
lookup_fail(section,ENV_POLICY);
......@@ -1063,7 +1065,7 @@ bad:
if (verbose)
BIO_printf(bio_err,"policy is %s\n",policy);
if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
== NULL)
{
lookup_fail(section,ENV_SERIAL);
......@@ -1076,7 +1078,7 @@ bad:
* in the main configuration file */
if (!extensions)
{
extensions=CONF_get_string(conf,section,
extensions=NCONF_get_string(conf,section,
ENV_EXTENSIONS);
if (!extensions)
ERR_clear_error();
......@@ -1086,8 +1088,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, conf);
if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
NULL))
{
BIO_printf(bio_err,
......@@ -1101,7 +1103,7 @@ bad:
if (startdate == NULL)
{
startdate=CONF_get_string(conf,section,
startdate=NCONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
if (startdate == NULL)
ERR_clear_error();
......@@ -1115,7 +1117,7 @@ bad:
if (enddate == NULL)
{
enddate=CONF_get_string(conf,section,
enddate=NCONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
if (enddate == NULL)
ERR_clear_error();
......@@ -1128,8 +1130,8 @@ bad:
if (days == 0)
{
days=(int)CONF_get_number(conf,section,
ENV_DEFAULT_DAYS);
if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
days = 0;
}
if (!enddate && (days == 0))
{
......@@ -1149,7 +1151,7 @@ bad:
OPENSSL_free(f);
}
if ((attribs=CONF_get_section(conf,policy)) == NULL)
if ((attribs=NCONF_get_section(conf,policy)) == NULL)
{
BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
goto err;
......@@ -1404,7 +1406,7 @@ bad:
int crl_v2 = 0;
if (!crl_ext)
{
crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
if (!crl_ext)
ERR_clear_error();
}
......@@ -1413,8 +1415,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, conf);
if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
{
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
......@@ -1426,10 +1428,12 @@ bad:
if (!crldays && !crlhours)
{
crldays=CONF_get_number(conf,section,
ENV_DEFAULT_CRL_DAYS);
crlhours=CONF_get_number(conf,section,
ENV_DEFAULT_CRL_HOURS);
if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_DAYS, &crldays))
crldays = 0;
if (!NCONF_get_number(conf,section,
ENV_DEFAULT_CRL_HOURS, &crlhours))
crlhours = 0;
}
if ((crldays == 0) && (crlhours == 0))
{
......@@ -1505,9 +1509,9 @@ bad:
if (ci->version == NULL)
if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
X509V3_set_conf_lhash(&crlctx, conf);
X509V3_set_nconf(&crlctx, conf);
if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
crl_ext, crl)) goto err;
}
if (crl_ext || crl_v2)
......@@ -1593,7 +1597,7 @@ err:
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
CONF_free(conf);
NCONF_free(conf);
OBJ_cleanup();
apps_shutdown();
EXIT(ret);
......@@ -1704,8 +1708,8 @@ err:
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
int batch, char *ext_sect, LHASH *lconf, int verbose,
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
......@@ -1766,8 +1770,8 @@ err:
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
int batch, char *ext_sect, LHASH *lconf, int verbose,
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, ENGINE *e)
{
......@@ -1820,8 +1824,8 @@ err:
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
char *startdate, char *enddate, int days, int batch, int verbose,
X509_REQ *req, char *ext_sect, LHASH *lconf,
char *startdate, char *enddate, long days, int batch, int verbose,
X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
......@@ -2143,13 +2147,13 @@ again2:
BIO_printf(bio_err, "Extra configuration file found\n");
/* Use the extconf configuration db LHASH */
X509V3_set_conf_lhash(&ctx, extconf);
X509V3_set_nconf(&ctx, extconf);
/* Test the structure (needed?) */
/* X509V3_set_ctx_test(&ctx); */
/* Adds exts contained in the configuration file */
if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
{
BIO_printf(bio_err,
"ERROR: adding extensions in section %s\n",
......@@ -2163,9 +2167,9 @@ again2:
else if (ext_sect)
{
/* We found extensions to be set from config file */
X509V3_set_conf_lhash(&ctx, lconf);
X509V3_set_nconf(&ctx, lconf);
if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
{
BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
ERR_print_errors(bio_err);
......@@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
STACK_OF(CONF_VALUE) *sk=NULL;
......
apps/openssl.c
浏览文件 @ b7a26e6d
......@@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void);
static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
LHASH *config=NULL;
CONF *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
......@@ -269,8 +269,9 @@ int main(int Argc, char *Argv[])
default_config_file=p;
config=CONF_load(config,p,&errline);
if (config == NULL) ERR_clear_error();
config=NCONF_new(NULL);
i=NCONF_load(config,p,&errline);
if (i == 0) ERR_clear_error();
prog=prog_init();
......@@ -339,7 +340,7 @@ int main(int Argc, char *Argv[])
end:
if (config != NULL)
{
CONF_free(config);
NCONF_free(config);
config=NULL;
}
if (prog != NULL) lh_free(prog);
......
apps/req.c
浏览文件 @ b7a26e6d
......@@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req,
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs);
static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int min,
int max);
char *def, char *value, int nid, int n_min,
int n_max);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid,int min,int max);
int nid,int n_min,int n_max);
#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p,int n,void *arg);
#endif
static int req_check_len(int len,int min,int max);
static int req_check_len(int len,int n_min,int n_max);
static int check_end(char *str, char *end);
#ifndef MONOLITH
static char *default_config_file=NULL;
static LHASH *config=NULL;
static CONF *config=NULL;
#endif
static LHASH *req_conf=NULL;
static CONF *req_conf=NULL;
static int batch=0;
#define TYPE_RSA 1
......@@ -152,7 +152,8 @@ int MAIN(int argc, char **argv)
X509 *x509ss=NULL;
X509_REQ *req=NULL;
EVP_PKEY *pkey=NULL;
int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
long newkey = -1;
BIO *in=NULL,*out=NULL;
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0;
......@@ -457,7 +458,8 @@ bad:
p=config_name;
}
default_config_file=p;
config=CONF_load(config,p,NULL);
config=NCONF_new(NULL);
i=NCONF_load(config, p);
#endif
if (template != NULL)
......@@ -465,8 +467,9 @@ bad:
long errline;
BIO_printf(bio_err,"Using configuration from %s\n",template);
req_conf=CONF_load(NULL,template,&errline);
if (req_conf == NULL)
req_conf=NCONF_new(NULL);
i=NCONF_load(req_conf,template,&errline);
if (i == 0)
{
BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
goto end;
......@@ -477,7 +480,7 @@ bad:
req_conf=config;
BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file);
if (req_conf == NULL)
if (i == 0)
{
BIO_printf(bio_err,"Unable to load config info\n");
}
......@@ -485,7 +488,7 @@ bad:
if (req_conf != NULL)
{
p=CONF_get_string(req_conf,NULL,"oid_file");
p=NCONF_get_string(req_conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
......@@ -511,7 +514,7 @@ bad:
if (md_alg == NULL)
{
p=CONF_get_string(req_conf,SECTION,"default_md");
p=NCONF_get_string(req_conf,SECTION,"default_md");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
......@@ -523,7 +526,7 @@ bad:
if (!extensions)
{
extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if (!extensions)
ERR_clear_error();
}
......@@ -531,8 +534,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, req_conf);
if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
X509V3_set_nconf(&ctx, req_conf);
if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
......@@ -541,19 +544,19 @@ bad:
if(!passin)
{
passin = CONF_get_string(req_conf, SECTION, "input_password");
passin = NCONF_get_string(req_conf, SECTION, "input_password");
if (!passin)
ERR_clear_error();
}
if(!passout)
{
passout = CONF_get_string(req_conf, SECTION, "output_password");
passout = NCONF_get_string(req_conf, SECTION, "output_password");
if (!passout)
ERR_clear_error();
}
p = CONF_get_string(req_conf, SECTION, STRING_MASK);
p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
if (!p)
ERR_clear_error();
......@@ -564,7 +567,7 @@ bad:
if(!req_exts)
{
req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
if (!req_exts)
ERR_clear_error();
}
......@@ -572,8 +575,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, req_conf);
if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
X509V3_set_nconf(&ctx, req_conf);
if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
BIO_printf(bio_err,
"Error Loading request extension section %s\n",
req_exts);
......@@ -600,7 +603,7 @@ bad:
}
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
{
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
......@@ -609,7 +612,7 @@ bad:
if (newreq && (pkey == NULL))
{
char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
......@@ -618,8 +621,7 @@ bad:
if (newkey <= 0)
{
newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
if (newkey <= 0)
if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
newkey=DEFAULT_KEY_LENGTH;
}
......@@ -659,7 +661,7 @@ bad:
if (keyout == NULL)
{
keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
if (keyout == NULL)
ERR_clear_error();
}
......@@ -685,11 +687,11 @@ bad:
}
}
p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
if (p == NULL)
{
ERR_clear_error();
p=CONF_get_string(req_conf,SECTION,"encrypt_key");
p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
if (p == NULL)
ERR_clear_error();
}
......@@ -806,10 +808,10 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
X509V3_set_conf_lhash(&ext_ctx, req_conf);
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
if(extensions && !X509V3_EXT_add_conf(req_conf,
if(extensions && !X509V3_EXT_add_nconf(req_conf,
&ext_ctx, extensions, x509ss))
{
BIO_printf(bio_err,
......@@ -828,10 +830,10 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
X509V3_set_conf_lhash(&ext_ctx, req_conf);
X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf,
if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
&ext_ctx, req_exts, req))
{
BIO_printf(bio_err,
......@@ -1009,7 +1011,7 @@ end:
{
ERR_print_errors(bio_err);
}
if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
......@@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
char *tmp, *dn_sect,*attr_sect;
tmp=CONF_get_string(req_conf,SECTION,PROMPT);
tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
if (tmp == NULL)
ERR_clear_error();
if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
if (dn_sect == NULL)
{
BIO_printf(bio_err,"unable to find '%s' in config\n",
DISTINGUISHED_NAME);
goto err;
}
dn_sk=CONF_get_section(req_conf,dn_sect);
dn_sk=NCONF_get_section(req_conf,dn_sect);
if (dn_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
goto err;
}
attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
if (attr_sect == NULL)
{
ERR_clear_error();
......@@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
}
else
{
attr_sk=CONF_get_section(req_conf,attr_sect);
attr_sk=NCONF_get_section(req_conf,attr_sect);
if (attr_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
......@@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req,
int i;
char *p,*q;
char buf[100];
int nid,min,max;
int nid;
long n_min,n_max;
char *type,*def,*value;
CONF_VALUE *v;
X509_NAME *subj;
......@@ -1204,27 +1207,29 @@ start: for (;;)
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
sprintf(buf,"%s_default",v->name);
if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
sprintf(buf,"%s_value",v->name);
if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
value=NULL;
}
sprintf(buf,"%s_min",v->name);
min=(int)CONF_get_number(req_conf,dn_sect,buf);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
n_min = -1;
sprintf(buf,"%s_max",v->name);
max=(int)CONF_get_number(req_conf,dn_sect,buf);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
n_max = -1;
if (!add_DN_object(subj,v->value,def,value,nid,
min,max))
n_min,n_max))
return 0;
}
if (X509_NAME_entry_count(subj) == 0)
......@@ -1255,7 +1260,7 @@ start2: for (;;)
goto start2;
sprintf(buf,"%s_default",type);
if ((def=CONF_get_string(req_conf,attr_sect,buf))
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
......@@ -1264,7 +1269,7 @@ start2: for (;;)
sprintf(buf,"%s_value",type);
if ((value=CONF_get_string(req_conf,attr_sect,buf))
if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
......@@ -1272,13 +1277,15 @@ start2: for (;;)
}
sprintf(buf,"%s_min",type);
min=(int)CONF_get_number(req_conf,attr_sect,buf);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
n_min = -1;
sprintf(buf,"%s_max",type);
max=(int)CONF_get_number(req_conf,attr_sect,buf);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
n_max = -1;
if (!add_attribute_object(req,
v->value,def,value,nid,min,max))
v->value,def,value,nid,n_min,n_max))
return 0;
}
}
......@@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
int nid, int min, int max)
int nid, int n_min, int n_max)
{
int i,ret=0;
MS_STATIC char buf[1024];
......@@ -1393,7 +1400,7 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
if(!req_check_len(i, min, max)) goto start;
if(!req_check_len(i, n_min, n_max)) goto start;
if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
(unsigned char *) buf, -1,-1,0)) goto err;
ret=1;
......@@ -1402,8 +1409,8 @@ err:
}
static int add_attribute_object(X509_REQ *req, char *text,
char *def, char *value, int nid, int min,
int max)
char *def, char *value, int nid, int n_min,
int n_max)
{
int i;
static char buf[1024];
......@@ -1451,7 +1458,7 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
if(!req_check_len(i, min, max)) goto start;
if(!req_check_len(i, n_min, n_max)) goto start;
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
(unsigned char *)buf, -1)) {
......@@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
}
#endif
static int req_check_len(int len, int min, int max)
static int req_check_len(int len, int n_min, int n_max)
{
if (len < min)
if ((n_min > 0) && (len < n_min))
{
BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
return(0);
}
if ((max != 0) && (len > max))
if ((n_max >= 0) && (len > n_max))
{
BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max);
BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
return(0);
}
return(1);
......
apps/spkac.c
浏览文件 @ b7a26e6d
......@@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
LHASH *conf = NULL;
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char *engine=NULL;
......@@ -228,15 +228,16 @@ bad:
goto end;
}
conf = CONF_load_bio(NULL, in, NULL);
conf = NCONF_new(NULL);
i = NCONF_load_bio(conf, in, NULL);
if(!conf) {
if(!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
spkstr = CONF_get_string(conf, spksect, spkac);
spkstr = NCONF_get_string(conf, spksect, spkac);
if(!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
......@@ -285,7 +286,7 @@ bad:
ret = 0;
end:
CONF_free(conf);
NCONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free_all(out);
......
apps/x509.c
浏览文件 @ b7a26e6d
......@@ -139,10 +139,10 @@ NULL
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
LHASH *conf, char *section);
CONF *conf, char *section);
static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
int create,int days, int clrext, LHASH *conf, char *section,
int create,int days, int clrext, CONF *conf, char *section,
ASN1_INTEGER *sno);
static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
static int reqfile=0;
......@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
int fingerprint=0;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_md5();
LHASH *extconf = NULL;
CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
......@@ -479,7 +479,8 @@ bad:
{
long errorline;
X509V3_CTX ctx2;
if (!(extconf=CONF_load(NULL,extfile,&errorline)))
extconf = NCONF_new(NULL);
if (!NCONF_load(extconf, extfile,&errorline))
{
if (errorline <= 0)
BIO_printf(bio_err,
......@@ -493,7 +494,7 @@ bad:
}
if (!extsect)
{
extsect = CONF_get_string(extconf, "default", "extensions");
extsect = NCONF_get_string(extconf, "default", "extensions");
if (!extsect)
{
ERR_clear_error();
......@@ -501,8 +502,8 @@ bad:
}
}
X509V3_set_ctx_test(&ctx2);
X509V3_set_conf_lhash(&ctx2, extconf);
if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))
X509V3_set_nconf(&ctx2, extconf);
if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
{
BIO_printf(bio_err,
"Error Loading extension section %s\n",
......@@ -995,7 +996,7 @@ end:
if (need_rand)
app_RAND_write_file(NULL, bio_err);
OBJ_cleanup();
CONF_free(extconf);
NCONF_free(extconf);
BIO_free_all(out);
BIO_free_all(STDout);
X509_STORE_free(ctx);
......@@ -1116,7 +1117,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno)
int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
{
int ret=0;
ASN1_INTEGER *bs=NULL;
......@@ -1166,8 +1167,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx2, conf);
if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end;
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
}
if (!X509_sign(x,pkey,digest)) goto end;
......@@ -1213,7 +1214,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
/* self sign */
static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
LHASH *conf, char *section)
CONF *conf, char *section)
{
EVP_PKEY *pktmp;
......@@ -1243,8 +1244,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig
X509V3_CTX ctx;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
X509V3_set_conf_lhash(&ctx, conf);
if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;
X509V3_set_nconf(&ctx, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
}
if (!X509_sign(x,pkey,digest)) goto err;
return 1;
......
crypto/conf/conf.h
浏览文件 @ b7a26e6d
......@@ -98,6 +98,7 @@ struct conf_method_st
};
int CONF_set_default_method(CONF_METHOD *meth);
void CONF_set_nconf(CONF *conf,LHASH *hash);
LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
#ifndef OPENSSL_NO_FP_API
LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
......@@ -145,7 +146,7 @@ int NCONF_dump_bio(CONF *conf, BIO *out);
and should therefore be avoided */
long NCONF_get_number(CONF *conf,char *group,char *name);
#else
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r);
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
#endif
......
crypto/conf/conf_lib.c
浏览文件 @ b7a26e6d
......@@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
static CONF_METHOD *default_CONF_method=NULL;
/* Init a 'CONF' structure from an old LHASH */
void CONF_set_nconf(CONF *conf, LHASH *hash)
{
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(conf);
conf->data = hash;
}
/* The following section contains the "CONF classic" functions,
rewritten in terms of the new CONF interface. */
......@@ -118,11 +129,8 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
CONF ctmp;
int ret;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
CONF_set_nconf(&ctmp, conf);
default_CONF_method->init(&ctmp);
ctmp.data = conf;
ret = NCONF_load_bio(&ctmp, bp, eline);
if (ret)
return ctmp.data;
......@@ -138,12 +146,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section)
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
return NCONF_get_section(&ctmp, section);
}
}
......@@ -157,12 +160,7 @@ char *CONF_get_string(LHASH *conf,char *group,char *name)
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
return NCONF_get_string(&ctmp, group, name);
}
}
......@@ -179,12 +177,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
else
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
status = NCONF_get_number_e(&ctmp, group, name, &result);
}
......@@ -199,12 +192,7 @@ long CONF_get_number(LHASH *conf,char *group,char *name)
void CONF_free(LHASH *conf)
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
NCONF_free_data(&ctmp);
}
......@@ -227,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out)
int CONF_dump_bio(LHASH *conf, BIO *out)
{
CONF ctmp;
if (default_CONF_method == NULL)
default_CONF_method = NCONF_default();
default_CONF_method->init(&ctmp);
ctmp.data = conf;
CONF_set_nconf(&ctmp, conf);
return NCONF_dump_bio(&ctmp, out);
}
......@@ -362,7 +345,7 @@ int NCONF_get_number_e(CONF *conf,char *group,char *name,long *result)
if (str == NULL)
return 0;
for (;conf->meth->is_number(conf, *str);)
for (*result = 0;conf->meth->is_number(conf, *str);)
{
*result = (*result)*10 + conf->meth->to_int(conf, *str);
str++;
......
crypto/x509v3/v3_conf.c
浏览文件 @ b7a26e6d
......@@ -68,122 +68,137 @@
static int v3_check_critical(char **value);
static int v3_check_generic(char **value);
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
static char *conf_lhash_get_string(void *db, char *section, char *value);
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc);
/* LHASH *conf: Config file */
/* CONF *conf: Config file */
/* char *name: Name */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
char *value)
{
{
int crit;
int ext_type;
X509_EXTENSION *ret;
crit = v3_check_critical(&value);
if((ext_type = v3_check_generic(&value)))
if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(name, value, crit, ext_type);
ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value);
if(!ret) {
ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
if (!ret)
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
ERR_add_error_data(4,"name=", name, ", value=", value);
}
}
return ret;
}
}
/* LHASH *conf: Config file */
/* CONF *conf: Config file */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
char *value)
{
{
int crit;
int ext_type;
crit = v3_check_critical(&value);
if((ext_type = v3_check_generic(&value)))
if ((ext_type = v3_check_generic(&value)))
return v3_generic_extension(OBJ_nid2sn(ext_nid),
value, crit, ext_type);
return do_ext_conf(conf, ctx, ext_nid, crit, value);
}
return do_ext_nconf(conf, ctx, ext_nid, crit, value);
}
/* LHASH *conf: Config file */
/* CONF *conf: Config file */
/* char *value: Value */
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
int crit, char *value)
{
{
X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
void *ext_struc;
if(ext_nid == NID_undef) {
if (ext_nid == NID_undef)
{
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
return NULL;
}
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
}
if (!(method = X509V3_EXT_get_nid(ext_nid)))
{
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
return NULL;
}
}
/* Now get internal extension representation based on type */
if(method->v2i) {
if(*value == '@') nval = CONF_get_section(conf, value + 1);
if (method->v2i)
{
if(*value == '@') nval = NCONF_get_section(conf, value + 1);
else nval = X509V3_parse_list(value);
if(!nval) {
if(!nval)
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
return NULL;
}
}
ext_struc = method->v2i(method, ctx, nval);
if(*value != '@') sk_CONF_VALUE_pop_free(nval,
X509V3_conf_free);
if(!ext_struc) return NULL;
} else if(method->s2i) {
}
else if(method->s2i)
{
if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
} else if(method->r2i) {
if(!ctx->db) {
}
else if(method->r2i)
{
if(!ctx->db)
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
return NULL;
}
}
if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
} else {
}
else
{
X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
return NULL;
}
}
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
else method->ext_free(ext_struc);
return ext;
}
}
static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
int crit, void *ext_struc)
{
{
unsigned char *ext_der;
int ext_len;
ASN1_OCTET_STRING *ext_oct;
X509_EXTENSION *ext;
/* Convert internal representation to DER */
if(method->it) {
if (method->it)
{
ext_der = NULL;
ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
if(ext_len < 0) goto merr;
} else {
if (ext_len < 0) goto merr;
}
else
{
unsigned char *p;
ext_len = method->i2d(ext_struc, NULL);
if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
p = ext_der;
method->i2d(ext_struc, &p);
}
if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
}
if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
ext_oct->data = ext_der;
ext_oct->length = ext_len;
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
if(!ext) goto merr;
if (!ext) goto merr;
M_ASN1_OCTET_STRING_free(ext_oct);
return ext;
......@@ -192,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
return NULL;
}
}
/* Given an internal structure, nid and critical flag create an extension */
X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
{
{
X509V3_EXT_METHOD *method;
if(!(method = X509V3_EXT_get_nid(ext_nid))) {
if (!(method = X509V3_EXT_get_nid(ext_nid))) {
X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
return NULL;
}
......@@ -210,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
static int v3_check_critical(char **value)
{
char *p = *value;
if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
p+=9;
while(isspace((unsigned char)*p)) p++;
*value = p;
......@@ -221,9 +236,9 @@ static int v3_check_critical(char **value)
static int v3_check_generic(char **value)
{
char *p = *value;
if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0;
p+=4;
while(isspace((unsigned char)*p)) p++;
while (isspace((unsigned char)*p)) p++;
*value = p;
return 1;
}
......@@ -231,148 +246,202 @@ static int v3_check_generic(char **value)
/* Create a generic extension: for now just handle DER type */
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
int crit, int type)
{
unsigned char *ext_der=NULL;
long ext_len;
ASN1_OBJECT *obj=NULL;
ASN1_OCTET_STRING *oct=NULL;
X509_EXTENSION *extension=NULL;
if(!(obj = OBJ_txt2obj(ext, 0))) {
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
ERR_add_error_data(2, "name=", ext);
goto err;
}
{
unsigned char *ext_der=NULL;
long ext_len;
ASN1_OBJECT *obj=NULL;
ASN1_OCTET_STRING *oct=NULL;
X509_EXTENSION *extension=NULL;
if (!(obj = OBJ_txt2obj(ext, 0)))
{
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
ERR_add_error_data(2, "name=", ext);
goto err;
}
if(!(ext_der = string_to_hex(value, &ext_len))) {
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
ERR_add_error_data(2, "value=", value);
goto err;
}
if (!(ext_der = string_to_hex(value, &ext_len)))
{
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
ERR_add_error_data(2, "value=", value);
goto err;
}
if(!(oct = M_ASN1_OCTET_STRING_new())) {
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!(oct = M_ASN1_OCTET_STRING_new()))
{
X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
goto err;
}
oct->data = ext_der;
oct->length = ext_len;
ext_der = NULL;
oct->data = ext_der;
oct->length = ext_len;
ext_der = NULL;
extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
err:
ASN1_OBJECT_free(obj);
M_ASN1_OCTET_STRING_free(oct);
if(ext_der) OPENSSL_free(ext_der);
return extension;
}
err:
ASN1_OBJECT_free(obj);
M_ASN1_OCTET_STRING_free(oct);
if(ext_der) OPENSSL_free(ext_der);
return extension;
}
/* This is the main function: add a bunch of extensions based on a config file
* section
* section to an extension STACK.
*/
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509 *cert)
{
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
STACK_OF(X509_EXTENSION) **sk)
{
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
if (!(nval = NCONF_get_section(conf, section))) return 0;
for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
{
val = sk_CONF_VALUE_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
return 0;
if(cert) X509_add_ext(cert, ext, -1);
if (sk) X509v3_add_ext(sk, ext, -1);
X509_EXTENSION_free(ext);
}
}
return 1;
}
}
/* Convenience functions to add extensions to a certificate, CRL and request */
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509 *cert)
{
STACK_OF(X509_EXTENSION) **sk = NULL;
if (cert)
sk = &cert->cert_info->extensions;
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
/* Same as above but for a CRL */
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl)
{
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
return 0;
if(crl) X509_CRL_add_ext(crl, ext, -1);
X509_EXTENSION_free(ext);
{
STACK_OF(X509_EXTENSION) **sk = NULL;
if (crl)
sk = &crl->crl->extensions;
return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
}
return 1;
}
/* Add extensions to certificate request */
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
X509_REQ *req)
{
X509_EXTENSION *ext;
STACK_OF(X509_EXTENSION) *extlist = NULL;
STACK_OF(CONF_VALUE) *nval;
CONF_VALUE *val;
{
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
int i;
if(!(nval = CONF_get_section(conf, section))) return 0;
for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i);
if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value)))
return 0;
if(!extlist) extlist = sk_X509_EXTENSION_new_null();
sk_X509_EXTENSION_push(extlist, ext);
}
if(req) i = X509_REQ_add_extensions(req, extlist);
else i = 1;
if (req)
sk = &extlist;
i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
if (!i || !sk)
return i;
i = X509_REQ_add_extensions(req, extlist);
sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
return i;
}
}
/* Config database functions */
char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
{
if(ctx->db_meth->get_string)
{
if (ctx->db_meth->get_string)
return ctx->db_meth->get_string(ctx->db, name, section);
return NULL;
}
}
STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
{
if(ctx->db_meth->get_section)
{
if (ctx->db_meth->get_section)
return ctx->db_meth->get_section(ctx->db, section);
return NULL;
}
}
void X509V3_string_free(X509V3_CTX *ctx, char *str)
{
if(!str) return;
if(ctx->db_meth->free_string)
{
if (!str) return;
if (ctx->db_meth->free_string)
ctx->db_meth->free_string(ctx->db, str);
}
}
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
{
if(!section) return;
if(ctx->db_meth->free_section)
{
if (!section) return;
if (ctx->db_meth->free_section)
ctx->db_meth->free_section(ctx->db, section);
}
}
static char *nconf_get_string(void *db, char *section, char *value)
{
return NCONF_get_string(db, section, value);
}
static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
{
return NCONF_get_section(db, section);
}
static X509V3_CONF_METHOD nconf_method = {
nconf_get_string,
nconf_get_section,
NULL,
NULL
};
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
{
ctx->db_meth = &nconf_method;
ctx->db = conf;
}
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
X509_CRL *crl, int flags)
{
ctx->issuer_cert = issuer;
ctx->subject_cert = subj;
ctx->crl = crl;
ctx->subject_req = req;
ctx->flags = flags;
}
/* Old conf compatibility functions */
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
char *value)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_nconf(&ctmp, ctx, name, value);
}
/* LHASH *conf: Config file */
/* char *value: Value */
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
char *value)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
}
static char *conf_lhash_get_string(void *db, char *section, char *value)
{
{
return CONF_get_string(db, section, value);
}
}
static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
{
{
return CONF_get_section(db, section);
}
}
static X509V3_CONF_METHOD conf_lhash_method = {
conf_lhash_get_string,
......@@ -382,17 +451,35 @@ NULL
};
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
{
{
ctx->db_meth = &conf_lhash_method;
ctx->db = lhash;
}
}
void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
X509_CRL *crl, int flags)
{
ctx->issuer_cert = issuer;
ctx->subject_cert = subj;
ctx->crl = crl;
ctx->subject_req = req;
ctx->flags = flags;
}
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509 *cert)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
}
/* Same as above but for a CRL */
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509_CRL *crl)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
}
/* Add extensions to certificate request */
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
X509_REQ *req)
{
CONF ctmp;
CONF_set_nconf(&ctmp, conf);
return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
}
crypto/x509v3/x509v3.h
浏览文件 @ b7a26e6d
......@@ -459,15 +459,25 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
#ifdef HEADER_CONF_H
GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
int X509V3_add_value_bool_nf(char *name, int asn1_bool,
STACK_OF(CONF_VALUE) **extlist);
int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
#endif
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册