From 1d48dd001915bbccf1f08b4b431dd945d351ec5d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 16 Apr 1999 23:57:04 +0000 Subject: [PATCH] Add initial support for r2i RAW extensions which can access the config database add various X509V3_CTX helper functions and support for LHASH as the config database. --- CHANGES | 4 ++ STATUS | 4 +- apps/ca.c | 14 ++----- apps/req.c | 7 +--- crypto/x509v3/v3_conf.c | 82 +++++++++++++++++++++++++++++++++++++++++ crypto/x509v3/x509v3.h | 27 +++++++++++++- 6 files changed, 120 insertions(+), 18 deletions(-) diff --git a/CHANGES b/CHANGES index ec06cde929..845b082a5d 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,10 @@ Changes between 0.9.2b and 0.9.3 + *) Add code to allow r2i extensions to access the configuration database, + add an LHASH database driver and add several ctx helper functions. + [Steve Henson] + *) Fix an evil bug in bn_expand2() which caused various BN functions to fail when they extended the size of a BIGNUM. [Steve Henson] diff --git a/STATUS b/STATUS index 4ad933de73..6ce1f1519d 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 1999/04/16 11:32:33 $ + ______________ $Date: 1999/04/16 23:57:00 $ DEVELOPMENT STATE @@ -45,6 +45,8 @@ Proper (or at least usable) certificate chain verification. Documentation on X509 V3 extension code. PKCS#12 code cleanup and enhancement. + PKCS #8 and PKCS#5 v2.0 support. + Private key, certificate and CRL API and implementation. o Mark is currently working on: Folding in any changes that are in the C2Net code base that were diff --git a/apps/ca.c b/apps/ca.c index 738c7dbe46..7a8dcbfdb3 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1073,11 +1073,8 @@ bad: if (ci->version == NULL) if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */ - crlctx.crl = crl; - crlctx.issuer_cert = x509; - crlctx.subject_cert = NULL; - crlctx.subject_req = NULL; - crlctx.flags = 0; + X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); + X509V3_set_conf_lhash(&crlctx, conf); if(!X509V3_EXT_CRL_add_conf(conf, &crlctx, crl_ext, crl)) goto err; @@ -1792,11 +1789,8 @@ again2: ci->extensions = NULL; - ctx.subject_cert = ret; - ctx.issuer_cert = x509; - ctx.subject_req = req; - ctx.crl = NULL; - ctx.flags = 0; + X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); + X509V3_set_conf_lhash(&ctx, lconf); if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err; diff --git a/apps/req.c b/apps/req.c index cb9d9d16fa..136cdc7d01 100644 --- a/apps/req.c +++ b/apps/req.c @@ -666,11 +666,8 @@ loop: /* Set up V3 context struct */ - ext_ctx.issuer_cert = x509ss; - ext_ctx.subject_cert = x509ss; - ext_ctx.subject_req = NULL; - ext_ctx.crl = NULL; - ext_ctx.flags = 0; + X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); + X509V3_set_conf_lhash(&ext_ctx, req_conf); /* Add extensions */ if(extensions && !X509V3_EXT_add_conf(req_conf, diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 5e0fa0b23f..f81cd277d8 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -295,3 +295,85 @@ char *section; static X509V3_CTX ctx_tst = { CTX_TEST, NULL, NULL, NULL, NULL }; return X509V3_EXT_add_conf(conf, &ctx_tst, section, NULL); } + +/* Config database functions */ + +char * X509V3_get_string(ctx, name, section) +X509V3_CTX *ctx; +char *name; +char *section; +{ + if(ctx->db_meth->get_string) + return ctx->db_meth->get_string(ctx->db, name, section); + return NULL; +} + +STACK * X509V3_get_section(ctx, section) +X509V3_CTX *ctx; +char *section; +{ + if(ctx->db_meth->get_section) + return ctx->db_meth->get_section(ctx->db, section); + return NULL; +} + +void X509V3_free_string(ctx, str) +X509V3_CTX *ctx; +char *str; +{ + if(ctx->db_meth->free_string) + return ctx->db_meth->free_string(ctx->db, str); +} + +void X509V3_free_section(ctx, section) +X509V3_CTX *ctx; +STACK *section; +{ + if(ctx->db_meth->free_section) + return ctx->db_meth->free_section(ctx->db, section); +} + +static char *conf_lhash_get_string(db, section, value) +void *db; +char *section; +char *value; +{ + return CONF_get_string(db, section, value); +} + +static STACK *conf_lhash_get_section(db, section) +void *db; +char *section; +{ + return CONF_get_section(db, section); +} + +static X509V3_CONF_METHOD conf_lhash_method = { +conf_lhash_get_string, +conf_lhash_get_section, +NULL, +NULL +}; + +void X509V3_set_conf_lhash(ctx, lhash) +X509V3_CTX *ctx; +LHASH *lhash; +{ + ctx->db_meth = &conf_lhash_method; + ctx->db = lhash; +} + +void X509V3_set_ctx(ctx, issuer, subj, req, crl, flags) +X509V3_CTX *ctx; +X509 *issuer; +X509 *subj; +X509_REQ *req; +X509_CRL *crl; +int flags; +{ + ctx->issuer_cert = issuer; + ctx->subject_cert = subj; + ctx->crl = crl; + ctx->subject_req = req; + ctx->flags = flags; +} diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 081a86b8c6..5143a1e7ab 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -80,7 +80,7 @@ typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext); typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out, int indent); -typedef char *(*X509V3_EXT_R2I)(struct v3_ext_method *method, char *db, char *value); +typedef char * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); /* V3 extension structure */ @@ -102,11 +102,17 @@ X509V3_EXT_V2I v2i; /* The following are used for raw extensions */ X509V3_EXT_I2R i2r; -X509V3_EXT_R2I r2i; /* Doesn't do anything *YET* */ +X509V3_EXT_R2I r2i; char *usr_data; /* Any extension specific data */ }; +typedef struct X509V3_CONF_METHOD_st { +char * (*get_string)(void *db, char *section, char *value); +STACK * (*get_section)(void *db, char *section); +void (*free_string)(void *db, char * string); +void (*free_section)(void *db, STACK *section); +} X509V3_CONF_METHOD; /* Context specific info */ struct v3_ext_ctx { @@ -116,6 +122,8 @@ X509 *issuer_cert; X509 *subject_cert; X509_REQ *subject_req; X509_CRL *crl; +X509V3_CONF_METHOD *db_meth; +void *db; /* Maybe more here */ }; @@ -278,8 +286,16 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CR int X509V3_EXT_check_conf(LHASH *conf, char *section); int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); #endif +char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); +STACK * X509V3_get_section(X509V3_CTX *ctx, char *section); +void X509V3_free_string(X509V3_CTX *ctx, char *str); +void X509V3_free_section( X509V3_CTX *ctx, STACK *section); +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + int X509V3_add_value(char *name, char *value, STACK **extlist); int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist); int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist); @@ -368,8 +384,15 @@ int X509V3_EXT_add_conf(); int X509V3_EXT_check_conf(); int X509V3_get_value_bool(); int X509V3_get_value_int(); +void X509V3_set_conf_lhash(); #endif +char * X509V3_get_string(); +STACK * X509V3_get_section(); +void X509V3_free_string(); +void X509V3_free_section(); +void X509V3_set_ctx(); + int X509V3_add_value(); int X509V3_add_value_bool(); int X509V3_add_value_int(); -- 2.34.1