Redo the way 'req' and 'ca' add objects: add support for oid_section.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 23 Feb 1999 00:07:46 +0000 (00:07 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 23 Feb 1999 00:07:46 +0000 (00:07 +0000)
CHANGES
apps/ca.c
apps/openssl.cnf
apps/req.c

diff --git a/CHANGES b/CHANGES
index c2ef7bf..0af7ea0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
   *) Add cool BIO that does syslog (or event log on NT).
      [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
 
index 76bbcbc..6f3b1a8 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -155,6 +155,7 @@ extern int EF_ALIGNMENT;
 #endif
 
 #ifndef NOPROTO
+static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
 static int MS_CALLBACK key_callback(char *buf,int len,int verify);
 static unsigned long index_serial_hash(char **a);
@@ -181,6 +182,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
        LHASH *conf);
 static int check_time_format(char *str);
 #else
+static int add_oid_section();
 static void lookup_fail();
 static int MS_CALLBACK key_callback();
 static unsigned long index_serial_hash();
@@ -453,6 +455,10 @@ bad:
                                }
                        }
                }
+               if(!add_oid_section(conf)) {
+                       ERR_print_errors(bio_err);
+                       goto err;
+               }
 
        in=BIO_new(BIO_s_file());
        out=BIO_new(BIO_s_file());
@@ -1044,22 +1050,23 @@ bad:
        /*****************************************************************/
        ret=0;
 err:
-       if (hex != NULL) BIO_free(hex);
-       if (Cout != NULL) BIO_free(Cout);
-       if (Sout != NULL) BIO_free(Sout);
-       if (out != NULL) BIO_free(out);
-       if (in != NULL) BIO_free(in);
+       BIO_free(hex);
+       BIO_free(Cout);
+       BIO_free(Sout);
+       BIO_free(out);
+       BIO_free(in);
 
-       if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free);
+       sk_pop_free(cert_sk,X509_free);
 
        if (ret) ERR_print_errors(bio_err);
-       if (serial != NULL) BN_free(serial);
-       if (db != NULL) TXT_DB_free(db);
-       if (pkey != NULL) EVP_PKEY_free(pkey);
-       if (x509 != NULL) X509_free(x509);
-       if (crl != NULL) X509_CRL_free(crl);
-       if (conf != NULL) CONF_free(conf);
+       BN_free(serial);
+       TXT_DB_free(db);
+       EVP_PKEY_free(pkey);
+       X509_free(x509);
+       X509_CRL_free(crl);
+       CONF_free(conf);
        X509V3_EXT_cleanup();
+       OBJ_cleanup();
        EXIT(ret);
        }
 
@@ -2009,3 +2016,25 @@ char *str;
        return(ASN1_UTCTIME_check(&tm));
        }
 
+static int add_oid_section(conf)
+LHASH *conf;
+{      
+       char *p;
+       STACK *sktmp;
+       CONF_VALUE *cnf;
+       int i;
+       if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+       if(!(sktmp = CONF_get_section(conf, p))) {
+               BIO_printf(bio_err, "problem loading oid section %s\n", p);
+               return 0;
+       }
+       for(i = 0; i < sk_num(sktmp); i++) {
+               cnf = (CONF_VALUE *)sk_value(sktmp, i);
+               if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+                       BIO_printf(bio_err, "problem creating object %s=%s\n",
+                                                        cnf->name, cnf->value);
+                       return 0;
+               }
+       }
+       return 1;
+}
index 7dee643..49cff56 100644 (file)
@@ -5,6 +5,15 @@
 
 RANDFILE               = $ENV::HOME/.rnd
 oid_file               = $ENV::HOME/.oid
+oid_section            = new_oids
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
 
 ####################################################################
 [ ca ]
@@ -92,7 +101,7 @@ commonName_max                       = 64
 emailAddress                   = Email Address
 emailAddress_max               = 40
 
-SET-ex3                                = SET extension number 3
+# SET-ex3                      = SET extension number 3
 
 [ req_attributes ]
 challengePassword              = A challenge password
index b2c1bb2..9a100ae 100644 (file)
@@ -115,12 +115,16 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
        int nid,int min,int max);
 static void MS_CALLBACK req_cb(int p,int n,char *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
+static int check_end(char *str, char *end);
+static int add_oid_section(LHASH *conf);
 #else
 static int make_REQ();
 static int add_attribute_object();
 static int add_DN_object();
 static void MS_CALLBACK req_cb();
 static int req_fix_data();
+static int check_end();
+static int add_oid_section();
 #endif
 
 #ifndef MONOLITH
@@ -423,6 +427,7 @@ bad:
                                }
                        }
                }
+               if(!add_oid_section(req_conf)) goto end;
 
        if ((md_alg == NULL) &&
                ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
@@ -800,11 +805,13 @@ end:
                ERR_print_errors(bio_err);
                }
        if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
-       if (in != NULL) BIO_free(in);
-       if (out != NULL) BIO_free(out);
-       if (pkey != NULL) EVP_PKEY_free(pkey);
-       if (req != NULL) X509_REQ_free(req);
-       if (x509ss != NULL) X509_free(x509ss);
+       BIO_free(in);
+       BIO_free(out);
+       EVP_PKEY_free(pkey);
+       X509_REQ_free(req);
+       X509_free(x509ss);
+       X509V3_EXT_cleanup();
+       OBJ_cleanup();
 #ifndef NO_DSA
        if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
@@ -816,7 +823,7 @@ X509_REQ *req;
 EVP_PKEY *pkey;
 int attribs;
        {
-       int ret=0,i,j;
+       int ret=0,i;
        unsigned char *p,*q;
        X509_REQ_INFO *ri;
        char buf[100];
@@ -876,42 +883,18 @@ start:            for (;;)
                        v=(CONF_VALUE *)sk_value(sk,i);
                        p=q=NULL;
                        type=v->name;
-                       /* Allow for raw OIDs */
-                       /* [n.mm.ooo.ppp] */
-                       for (j=0; type[j] != '\0'; j++)
-                               {
-                               if (    (type[j] == ':') ||
-                                       (type[j] == ',') ||
-                                       (type[j] == '.'))
-                                       p=(unsigned char *)&(type[j+1]);
-                               if (type[j] == '[')
-                                       {
-                                       p=(unsigned char *)&(type[j+1]);
-                                       for (j++; type[j] != '\0'; j++)
-                                               if (type[j] == ']')
-                                                       {
-                                                       q=(unsigned char *)&(type[j]);
-                                                       break;
-                                                       }
-                                       break;
-                                       }
-                               }
-                       if (p != NULL)
-                               type=(char *)p;
-                       if ((nid=OBJ_txt2nid(type)) == NID_undef)
-                               {
-                               /* Add a new one if possible */
-                               if ((p != NULL) && (q != NULL) && (*q == ']'))
-                                       {
-                                       *q='\0';
-                                       nid=OBJ_create((char *)p,NULL,NULL);
-                                       *q=']';
-                                       if (nid == NID_undef) goto start;
-                                       }
-                               else
-                                       goto start;
-                               }
-
+                       if(!check_end(type,"_min") || !check_end(type,"_max") ||
+                               !check_end(type,"_default") ||
+                                        !check_end(type,"_value")) continue;
+                       /* Skip past any leading X. X: X, etc to allow for
+                        * multiple instances 
+                        */
+                       for(p = v->name; *p ; p++) 
+                               if ((*p != ':') || (*p != ',') ||
+                                                        (*p != '.')) break;
+                       if (*p) type=(char *)p;
+                       /* If OBJ not recognised ignore it */
+                       if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
                        sprintf(buf,"%s_default",v->name);
                        if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
                                def="";
@@ -1194,3 +1177,41 @@ int len,min,max;
                }
        return(1);
        }
+
+/* Check if the end of a string matches 'end' */
+static int check_end(str, end)
+char *str;
+char *end;
+{
+       int elen, slen; 
+       char *tmp;
+       elen = strlen(end);
+       slen = strlen(str);
+       if(elen > slen) return 1;
+       tmp = str + slen - elen;
+fprintf(stderr, "Matching %s, %s %s\n", str, end, tmp);
+       return strcmp(tmp, end);
+}
+
+static int add_oid_section(conf)
+LHASH *conf;
+{      
+       char *p;
+       STACK *sktmp;
+       CONF_VALUE *cnf;
+       int i;
+       if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+       if(!(sktmp = CONF_get_section(conf, p))) {
+               BIO_printf(bio_err, "problem loading oid section %s\n", p);
+               return 0;
+       }
+       for(i = 0; i < sk_num(sktmp); i++) {
+               cnf = (CONF_VALUE *)sk_value(sktmp, i);
+               if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+                       BIO_printf(bio_err, "problem creating object %s=%s\n",
+                                                        cnf->name, cnf->value);
+                       return 0;
+               }
+       }
+       return 1;
+}