Changes between 0.9.2b and 0.9.3
+ *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+ from the internal representation. Various PKCS#7 fixes: remove some
+ evil casts and set the enc_dig_alg field properly based on the signing
+ key type.
+ [Steve Henson]
+
*) Allow PKCS#12 password to be set from the command line or the
environment. Let 'ca' get its config file name from the environment
variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
return(0);
}
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value)
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
{
if (a->value.ptr != NULL)
ASN1_TYPE_component_free(a);
int i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
ASN1_TYPE * d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0);
if (!ASN1_OCTET_STRING_set(os,data,len)) return(0);
- ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os);
+ ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
return(1);
}
i2d_ASN1_INTEGER(&in,&p);
M_i2d_ASN1_OCTET_STRING(&os,&p);
- ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp);
+ ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
return(1);
}
M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
}
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
{
X509_ATTRIBUTE *ret=NULL;
ASN1_TYPE *val=NULL;
#include <openssl/objects.h>
#include <openssl/x509.h>
-static int add_attribute(STACK **sk, int nid, int atrtype, char *value);
+static int add_attribute(STACK **sk, int nid, int atrtype, void *value);
static ASN1_TYPE *get_attribute(STACK *sk, int nid);
#if 1
sign_time=X509_gmtime_adj(NULL,0);
PKCS7_add_signed_attribute(si,
NID_pkcs9_signingTime,
- V_ASN1_UTCTIME,(char *)sign_time);
+ V_ASN1_UTCTIME,sign_time);
/* Add digest */
md_tmp=EVP_MD_CTX_type(&ctx_tmp);
digest=ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(digest,md_data,md_len);
PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest,
- V_ASN1_OCTET_STRING,(char *)digest);
+ V_ASN1_OCTET_STRING,digest);
/* Now sign the mess */
EVP_SignInit(&ctx_tmp,md_tmp);
}
int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
- char *value)
+ void *value)
{
return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
}
int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
- char *value)
+ void *value)
{
return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
}
-static int add_attribute(STACK **sk, int nid, int atrtype, char *value)
+static int add_attribute(STACK **sk, int nid, int atrtype, void *value)
{
X509_ATTRIBUTE *attr=NULL;
p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
else
p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
-#if 1
+ p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
+
if (p7i->digest_enc_alg->parameter != NULL)
ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
goto err;
p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-#endif
return(1);
err:
PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk);
int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
- char *data);
+ void *data);
int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
- char *value);
+ void *value);
ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk);
int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
long length);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
X509_EXTENSION *X509_EXTENSION_new(void );
ASN1_BIT_STRING *bits, STACK *ret)
{
BIT_STRING_BITNAME *bnam;
- for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) {
+ for(bnam =method->usr_data; bnam->lname; bnam++) {
if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
X509V3_add_value(bnam->lname, NULL, &ret);
}
}
for(i = 0; i < sk_num(nval); i++) {
val = (CONF_VALUE *)sk_value(nval, i);
- for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname;
+ for(bnam = method->usr_data; bnam->lname;
bnam++) {
if(!strcmp(bnam->sname, val->name) ||
!strcmp(bnam->lname, val->name) ) {
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
static char *conf_lhash_get_string(void *db, char *section, char *value);
static STACK *conf_lhash_get_section(void *db, char *section);
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+ int crit, void *ext_struc);
/* LHASH *conf: Config file */
/* char *name: Name */
/* char *value: Value */
static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
int crit, char *value)
{
- X509_EXTENSION *ext = NULL;
X509V3_EXT_METHOD *method;
+ X509_EXTENSION *ext;
STACK *nval;
- char *ext_struc;
- unsigned char *ext_der, *p;
- int ext_len;
- ASN1_OCTET_STRING *ext_oct;
+ void *ext_struc;
if(ext_nid == NID_undef) {
X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
return NULL;
return NULL;
}
- /* We've now got the internal representation: convert to DER */
+ ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
+ method->ext_free(ext_struc);
+ return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+ int crit, void *ext_struc)
+{
+ unsigned char *ext_der, *p;
+ int ext_len;
+ ASN1_OCTET_STRING *ext_oct;
+ X509_EXTENSION *ext;
+ /* Convert internal representation to DER */
ext_len = method->i2d(ext_struc, NULL);
- ext_der = Malloc(ext_len);
+ if(!(ext_der = Malloc(ext_len))) goto merr;
p = ext_der;
method->i2d(ext_struc, &p);
- method->ext_free(ext_struc);
- ext_oct = ASN1_OCTET_STRING_new();
+ if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr;
ext_oct->data = ext_der;
ext_oct->length = ext_len;
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+ if(!ext) goto merr;
ASN1_OCTET_STRING_free(ext_oct);
return ext;
+ merr:
+ X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
+ return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+ X509V3_EXT_METHOD *method;
+ if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+ X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
+ return NULL;
+ }
+ return do_ext_i2d(method, ext_nid, crit, ext_struc);
}
/* Check the extension string for critical flag */
ENUMERATED_NAMES *enam;
long strval;
strval = ASN1_ENUMERATED_get(e);
- for(enam =(ENUMERATED_NAMES *)method->usr_data; enam->lname; enam++) {
+ for(enam = method->usr_data; enam->lname; enam++) {
if(strval == enam->bitnum) return BUF_strdup(enam->lname);
}
return i2s_ASN1_ENUMERATED(method, e);
{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"},
{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"},
{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"},
+{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"},
{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"},
{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"},
{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"},
{0,NULL}
X509V3_EXT_I2R i2r;
X509V3_EXT_R2I r2i;
-char *usr_data; /* Any extension specific data */
+void *usr_data; /* Any extension specific data */
};
typedef struct X509V3_CONF_METHOD_st {
int X509V3_add_standard_extensions(void);
STACK *X509V3_parse_list(char *line);
void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
char *hex_to_string(unsigned char *buffer, long len);
unsigned char *string_to_hex(char *str, long *len);
#define X509V3_F_COPY_EMAIL 122
#define X509V3_F_COPY_ISSUER 123
#define X509V3_F_DO_EXT_CONF 124
+#define X509V3_F_DO_EXT_I2D 135
#define X509V3_F_HEX_TO_STRING 111
#define X509V3_F_I2S_ASN1_ENUMERATED 121
#define X509V3_F_I2S_ASN1_INTEGER 120
#define X509V3_F_X509V3_EXT_ADD 104
#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
#define X509V3_F_X509V3_EXT_CONF 107
+#define X509V3_F_X509V3_EXT_I2D 136
#define X509V3_F_X509V3_GET_VALUE_BOOL 110
#define X509V3_F_X509V3_PARSE_LIST 109
sk_X509_EXTENSION_shift 1643
sk_X509_EXTENSION_push 1644
sk_X509_NAME_ENTRY_find 1645
+X509V3_EXT_i2d 1646
projects / openssl.git / commitdiff