From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 22 Oct 2012 13:05:54 +0000 (+0000)
Subject: New config module for string tables. This can be used to add new
X-Git-Tag: master-post-reformat~1654
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=30765fed5558e81ea474c92291f6a9b139258f4d;hp=6a45ea4f887494bd972dcfc3186002497a1c6eeb

New config module for string tables. This can be used to add new
multi string components (as used in DN fields or request attributes)
or change the values of existing ones.
---

diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile
index c66d9169fb..b709c4166e 100644
--- a/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
@@ -29,7 +29,8 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	f_int.c f_string.c n_pkey.c \
 	f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
 	asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \
-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \
+	asn_mstbl.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
 	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
@@ -42,7 +43,8 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	f_int.o f_string.o n_pkey.o \
 	f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
 	asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \
-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \
+	asn_mstbl.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 33a41d79b1..a082c96f84 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -263,6 +263,12 @@ typedef struct ASN1_ENCODING_st
 #define ASN1_LONG_UNDEF	0x7fffffffL
 
 #define STABLE_FLAGS_MALLOC	0x01
+/* A zero passed to ASN1_STRING_TABLE_new_add for the flags is 
+ * interpreted as "don't change" and STABLE_FLAGS_MALLOC is always
+ * set. By setting STABLE_FLAGS_MALLOC only we can clear the existing
+ * value. Use the alias STABLE_FLAGS_CLEAR to reflect this.
+ */
+#define STABLE_FLAGS_CLEAR	STABLE_FLAGS_MALLOC
 #define STABLE_NO_MASK		0x02
 #define DIRSTRING_TYPE	\
  (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
@@ -1090,9 +1096,11 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 
 void ASN1_add_oid_module(void);
+void ASN1_add_stable_module(void);
 
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+int ASN1_str2mask(const char *str, unsigned long *pmask);
 
 /* ASN1 Print flags */
 
@@ -1260,6 +1268,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509					 156
 #define ASN1_F_D2I_X509_CINF				 157
 #define ASN1_F_D2I_X509_PKEY				 159
+#define ASN1_F_DO_TCREATE				 222
 #define ASN1_F_I2D_ASN1_BIO_STREAM			 211
 #define ASN1_F_I2D_ASN1_SET				 188
 #define ASN1_F_I2D_ASN1_TIME				 160
@@ -1278,6 +1287,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_PKCS5_PBKDF2_SET				 219
 #define ASN1_F_SMIME_READ_ASN1				 212
 #define ASN1_F_SMIME_TEXT				 213
+#define ASN1_F_STBL_MODULE_INIT				 223
 #define ASN1_F_X509_CINF_NEW				 168
 #define ASN1_F_X509_CRL_ADD0_REVOKED			 169
 #define ASN1_F_X509_INFO_NEW				 170
@@ -1345,9 +1355,11 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INVALID_NUMBER				 187
 #define ASN1_R_INVALID_OBJECT_ENCODING			 216
 #define ASN1_R_INVALID_SEPARATOR			 131
+#define ASN1_R_INVALID_STRING_TABLE_VALUE		 218
 #define ASN1_R_INVALID_TIME_FORMAT			 132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
 #define ASN1_R_INVALID_UTF8STRING			 134
+#define ASN1_R_INVALID_VALUE				 219
 #define ASN1_R_IV_TOO_LARGE				 135
 #define ASN1_R_LENGTH_ERROR				 136
 #define ASN1_R_LIST_ERROR				 188
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index 4c042b13c6..da8559fbd9 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2012 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -166,6 +166,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_X509),	"D2I_X509"},
 {ERR_FUNC(ASN1_F_D2I_X509_CINF),	"D2I_X509_CINF"},
 {ERR_FUNC(ASN1_F_D2I_X509_PKEY),	"d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_DO_TCREATE),	"DO_TCREATE"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM),	"i2d_ASN1_bio_stream"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_SET),	"i2d_ASN1_SET"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_TIME),	"I2D_ASN1_TIME"},
@@ -184,6 +185,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET),	"PKCS5_pbkdf2_set"},
 {ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),	"SMIME_text"},
+{ERR_FUNC(ASN1_F_STBL_MODULE_INIT),	"STBL_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
 {ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},
@@ -254,9 +256,11 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
 {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
+{ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE),"invalid string table value"},
 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
 {ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
+{ERR_REASON(ASN1_R_INVALID_VALUE)        ,"invalid value"},
 {ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
 {ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
 {ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 4fc241908f..7c2c337a1a 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -852,3 +852,27 @@ static int bitstr_cb(const char *elem, int len, void *bitstr)
 	return 1;
 	}
 
+static int mask_cb(const char *elem, int len, void *arg)
+	{
+	unsigned long *pmask = arg, tmpmask;
+	int tag;
+	if (len == 3 && !strncmp(elem, "DIR", 3))
+		{
+		*pmask |= B_ASN1_DIRECTORYSTRING;
+		return 1;
+		}
+	tag = asn1_str2tag(elem, len);
+	if (!tag || (tag & ASN1_GEN_FLAG))
+		return 0;
+	tmpmask = ASN1_tag2bit(tag);
+	if (!tmpmask)
+		return 0;
+	*pmask |= tmpmask;
+	return 1;
+	}
+
+int ASN1_str2mask(const char *str, unsigned long *pmask)
+	{
+	*pmask = 0;
+	return CONF_parse_list(str, '|', 1, mask_cb, pmask);
+	}
diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
index 213890e0c2..ee05d85de6 100644
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
@@ -73,6 +73,7 @@ void OPENSSL_load_builtin_modules(void)
 	{
 	/* Add builtin modules here */
 	ASN1_add_oid_module();
+	ASN1_add_stable_module();
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE_add_conf_module();
 #endif