X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fca.c;h=6f3b1a8501fd5cabfbc8c45d1283cf2d0e0896b4;hp=07ef9ebb9d6fa63d18aca99d16ee095a4f512c8d;hb=a43aa73e3b56d408d4a34512ff7f766062ab87c7;hpb=7ec218eb4afb9fdd03d9c2b2490ced21c03a0517 diff --git a/apps/ca.c b/apps/ca.c index 07ef9ebb9d..6f3b1a8501 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -155,6 +155,7 @@ extern int EF_ALIGNMENT; #endif #ifndef NOPROTO +static int add_oid_section(LHASH *conf); static void lookup_fail(char *name,char *tag); static int MS_CALLBACK key_callback(char *buf,int len,int verify); static unsigned long index_serial_hash(char **a); @@ -181,6 +182,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst, LHASH *conf); static int check_time_format(char *str); #else +static int add_oid_section(); static void lookup_fail(); static int MS_CALLBACK key_callback(); static unsigned long index_serial_hash(); @@ -453,6 +455,10 @@ bad: } } } + if(!add_oid_section(conf)) { + ERR_print_errors(bio_err); + goto err; + } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); @@ -690,12 +696,12 @@ bad: extensions=CONF_get_string(conf,section,ENV_EXTENSIONS); if(extensions) { - /* Check syntax of file */ - if(!X509V3_EXT_add_conf(conf, NULL, extensions, NULL)) { + if(!X509V3_EXT_check_conf(conf, extensions)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); + ret = 1; goto err; } } @@ -1044,22 +1050,23 @@ bad: /*****************************************************************/ ret=0; err: - if (hex != NULL) BIO_free(hex); - if (Cout != NULL) BIO_free(Cout); - if (Sout != NULL) BIO_free(Sout); - if (out != NULL) BIO_free(out); - if (in != NULL) BIO_free(in); + BIO_free(hex); + BIO_free(Cout); + BIO_free(Sout); + BIO_free(out); + BIO_free(in); - if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free); + sk_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); - if (serial != NULL) BN_free(serial); - if (db != NULL) TXT_DB_free(db); - if (pkey != NULL) EVP_PKEY_free(pkey); - if (x509 != NULL) X509_free(x509); - if (crl != NULL) X509_CRL_free(crl); - if (conf != NULL) CONF_free(conf); + BN_free(serial); + TXT_DB_free(db); + EVP_PKEY_free(pkey); + X509_free(x509); + X509_CRL_free(crl); + CONF_free(conf); X509V3_EXT_cleanup(); + OBJ_cleanup(); EXIT(ret); } @@ -1191,7 +1198,7 @@ err: } static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days, - batch,ext_sect,conf,verbose) + batch,ext_sect,lconf,verbose) X509 **xret; char *infile; EVP_PKEY *pkey; @@ -1204,7 +1211,7 @@ char *startdate; int days; int batch; char *ext_sect; -LHASH *conf; +LHASH *lconf; int verbose; { X509_REQ *req=NULL; @@ -1253,7 +1260,7 @@ int verbose; BIO_printf(bio_err,"Signature ok\n"); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, - days,batch,verbose,req,ext_sect,conf); + days,batch,verbose,req,ext_sect,lconf); err: if (req != NULL) X509_REQ_free(req); @@ -1262,7 +1269,7 @@ err: } static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate, - days, batch,ext_sect,conf,verbose) + days,batch,ext_sect,lconf,verbose) X509 **xret; char *infile; EVP_PKEY *pkey; @@ -1275,7 +1282,7 @@ char *startdate; int days; int batch; char *ext_sect; -LHASH *conf; +LHASH *lconf; int verbose; { X509 *req=NULL; @@ -1327,7 +1334,7 @@ int verbose; goto err; ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days, - batch,verbose,rreq,ext_sect,conf); + batch,verbose,rreq,ext_sect,lconf); err: if (rreq != NULL) X509_REQ_free(rreq); @@ -1337,7 +1344,7 @@ err: } static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days, - batch,verbose,req, ext_sect,conf) + batch,verbose,req,ext_sect,lconf) X509 **xret; EVP_PKEY *pkey; X509 *x509; @@ -1351,7 +1358,7 @@ int batch; int verbose; X509_REQ *req; char *ext_sect; -LHASH *conf; +LHASH *lconf; { X509_NAME *name=NULL,*CAname=NULL,*subject=NULL; ASN1_UTCTIME *tm,*tmptm; @@ -1669,6 +1676,7 @@ again2: /* Lets add the extensions, if there are any */ if (ext_sect) { + X509V3_CTX ctx; if (ci->version == NULL) if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; @@ -1681,7 +1689,13 @@ again2: ci->extensions = NULL; - if(!X509V3_EXT_add_conf(conf, NULL, ext_sect, ret)) goto err; + ctx.subject_cert = ret; + ctx.issuer_cert = x509; + ctx.subject_req = req; + ctx.crl = NULL; + ctx.flags = 0; + + if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err; } @@ -1805,7 +1819,7 @@ int output_der; } static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial, - startdate,days,ext_sect,conf,verbose) + startdate,days,ext_sect,lconf,verbose) X509 **xret; char *infile; EVP_PKEY *pkey; @@ -1817,7 +1831,7 @@ BIGNUM *serial; char *startdate; int days; char *ext_sect; -LHASH *conf; +LHASH *lconf; int verbose; { STACK *sk=NULL; @@ -1963,7 +1977,7 @@ int verbose; X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate, - days,1,verbose,req,ext_sect,conf); + days,1,verbose,req,ext_sect,lconf); err: if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); @@ -2002,3 +2016,25 @@ char *str; return(ASN1_UTCTIME_check(&tm)); } +static int add_oid_section(conf) +LHASH *conf; +{ + char *p; + STACK *sktmp; + CONF_VALUE *cnf; + int i; + if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; + if(!(sktmp = CONF_get_section(conf, p))) { + BIO_printf(bio_err, "problem loading oid section %s\n", p); + return 0; + } + for(i = 0; i < sk_num(sktmp); i++) { + cnf = (CONF_VALUE *)sk_value(sktmp, i); + if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { + BIO_printf(bio_err, "problem creating object %s=%s\n", + cnf->name, cnf->value); + return 0; + } + } + return 1; +}