X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509v3%2Fv3_conf.c;h=07f4d3ffe71bcf851248f5a1c1924b6e0baf4553;hp=0460fbedfc6529f93e160a962d2c368bf6b30b12;hb=bb5ea36b962453c4d74dab15ac1897725a02707d;hpb=c8b41850793faed7fccf4fe4403f774266412f22 diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 0460fbedfc..07f4d3ffe7 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -71,7 +71,7 @@ static int v3_check_generic(char **value); static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); static char *conf_lhash_get_string(void *db, char *section, char *value); -static STACK *conf_lhash_get_section(void *db, char *section); +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); /* LHASH *conf: Config file */ @@ -115,7 +115,7 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, { X509V3_EXT_METHOD *method; X509_EXTENSION *ext; - STACK *nval; + STACK_OF(CONF_VALUE) *nval; void *ext_struc; if(ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); @@ -135,7 +135,8 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, return NULL; } ext_struc = method->v2i(method, ctx, nval); - if(*value != '@') sk_pop_free(nval, X509V3_conf_free); + if(*value != '@') sk_CONF_VALUE_pop_free(nval, + X509V3_conf_free); if(!ext_struc) return NULL; } else if(method->s2i) { if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; @@ -152,7 +153,8 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, } ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - method->ext_free(ext_struc); + if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); + else method->ext_free(ext_struc); return ext; } @@ -160,22 +162,29 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { - unsigned char *ext_der, *p; + unsigned char *ext_der; int ext_len; ASN1_OCTET_STRING *ext_oct; X509_EXTENSION *ext; /* Convert internal representation to DER */ - ext_len = method->i2d(ext_struc, NULL); - if(!(ext_der = Malloc(ext_len))) goto merr; - p = ext_der; - method->i2d(ext_struc, &p); - if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; + if(method->it) { + ext_der = NULL; + ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); + if(ext_len < 0) goto merr; + } else { + unsigned char *p; + ext_len = method->i2d(ext_struc, NULL); + if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; + p = ext_der; + method->i2d(ext_struc, &p); + } + if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; - + ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if(!ext) goto merr; - ASN1_OCTET_STRING_free(ext_oct); + M_ASN1_OCTET_STRING_free(ext_oct); return ext; @@ -203,7 +212,7 @@ static int v3_check_critical(char **value) char *p = *value; if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; p+=9; - while(isspace(*p)) p++; + while(isspace((unsigned char)*p)) p++; *value = p; return 1; } @@ -212,14 +221,14 @@ static int v3_check_critical(char **value) static int v3_check_generic(char **value) { char *p = *value; - if((strlen(p) < 4) || strncmp(p, "RAW:,", 4)) return 0; + if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; p+=4; - while(isspace(*p)) p++; + while(isspace((unsigned char)*p)) p++; *value = p; return 1; } -/* Create a generic extension: for now just handle RAW type */ +/* Create a generic extension: for now just handle DER type */ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type) { @@ -240,7 +249,7 @@ if(!(ext_der = string_to_hex(value, &ext_len))) { goto err; } -if(!(oct = ASN1_OCTET_STRING_new())) { +if(!(oct = M_ASN1_OCTET_STRING_new())) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); goto err; } @@ -253,8 +262,8 @@ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); err: ASN1_OBJECT_free(obj); -ASN1_OCTET_STRING_free(oct); -if(ext_der) Free(ext_der); +M_ASN1_OCTET_STRING_free(oct); +if(ext_der) OPENSSL_free(ext_der); return extension; } @@ -267,12 +276,12 @@ int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert) { X509_EXTENSION *ext; - STACK *nval; + STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_num(nval); i++) { - val = (CONF_VALUE *)sk_value(nval, i); + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) return 0; if(cert) X509_add_ext(cert, ext, -1); @@ -287,12 +296,12 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl) { X509_EXTENSION *ext; - STACK *nval; + STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; if(!(nval = CONF_get_section(conf, section))) return 0; - for(i = 0; i < sk_num(nval); i++) { - val = (CONF_VALUE *)sk_value(nval, i); + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) return 0; if(crl) X509_CRL_add_ext(crl, ext, -1); @@ -301,6 +310,30 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, return 1; } +/* Add extensions to certificate request */ + +int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req) +{ + X509_EXTENSION *ext; + STACK_OF(X509_EXTENSION) *extlist = NULL; + STACK_OF(CONF_VALUE) *nval; + CONF_VALUE *val; + int i; + if(!(nval = CONF_get_section(conf, section))) return 0; + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) + return 0; + if(!extlist) extlist = sk_X509_EXTENSION_new_null(); + sk_X509_EXTENSION_push(extlist, ext); + } + if(req) i = X509_REQ_add_extensions(req, extlist); + else i = 1; + sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); + return i; +} + /* Config database functions */ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) @@ -310,7 +343,7 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) return NULL; } -STACK * X509V3_get_section(X509V3_CTX *ctx, char *section) +STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) { if(ctx->db_meth->get_section) return ctx->db_meth->get_section(ctx->db, section); @@ -324,7 +357,7 @@ void X509V3_string_free(X509V3_CTX *ctx, char *str) ctx->db_meth->free_string(ctx->db, str); } -void X509V3_section_free(X509V3_CTX *ctx, STACK *section) +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) { if(!section) return; if(ctx->db_meth->free_section) @@ -336,7 +369,7 @@ static char *conf_lhash_get_string(void *db, char *section, char *value) return CONF_get_string(db, section, value); } -static STACK *conf_lhash_get_section(void *db, char *section) +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) { return CONF_get_section(db, section); }