Add initial support for r2i RAW extensions which can access the config database
authorDr. Stephen Henson <steve@openssl.org>
Fri, 16 Apr 1999 23:57:04 +0000 (23:57 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 16 Apr 1999 23:57:04 +0000 (23:57 +0000)
add various X509V3_CTX helper functions and support for LHASH as the config
database.

CHANGES
STATUS
apps/ca.c
apps/req.c
crypto/x509v3/v3_conf.c
crypto/x509v3/x509v3.h

diff --git a/CHANGES b/CHANGES
index ec06cde..845b082 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
   *) Fix an evil bug in bn_expand2() which caused various BN functions to
      fail when they extended the size of a BIGNUM.
      [Steve Henson]
diff --git a/STATUS b/STATUS
index 4ad933d..6ce1f15 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/04/16 11:32:33 $
+  ______________                           $Date: 1999/04/16 23:57:00 $
 
   DEVELOPMENT STATE
 
@@ -45,6 +45,8 @@
         Proper (or at least usable) certificate chain verification.
         Documentation on X509 V3 extension code.
         PKCS#12 code cleanup and enhancement.
+       PKCS #8 and PKCS#5 v2.0 support.
+       Private key, certificate and CRL API and implementation.
 
     o Mark is currently working on:
         Folding in any changes that are in the C2Net code base that were
index 738c7db..7a8dcbf 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1073,11 +1073,8 @@ bad:
                    if (ci->version == NULL)
                    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
                    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
-                   crlctx.crl = crl;
-                   crlctx.issuer_cert = x509;
-                   crlctx.subject_cert = NULL;
-                   crlctx.subject_req = NULL;
-                   crlctx.flags = 0;
+                   X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+                   X509V3_set_conf_lhash(&crlctx, conf);
 
                    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
                                                 crl_ext, crl)) goto err;
@@ -1792,11 +1789,8 @@ again2:
 
                ci->extensions = NULL;
 
-               ctx.subject_cert = ret;
-               ctx.issuer_cert = x509;
-               ctx.subject_req = req;
-               ctx.crl = NULL;
-               ctx.flags = 0;
+               X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+               X509V3_set_conf_lhash(&ctx, lconf);
 
                if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
 
index cb9d9d1..136cdc7 100644 (file)
@@ -666,11 +666,8 @@ loop:
 
                        /* Set up V3 context struct */
 
-                       ext_ctx.issuer_cert = x509ss;
-                       ext_ctx.subject_cert = x509ss;
-                       ext_ctx.subject_req = NULL;
-                       ext_ctx.crl = NULL;
-                       ext_ctx.flags = 0;
+                       X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+                       X509V3_set_conf_lhash(&ext_ctx, req_conf);
 
                        /* Add extensions */
                        if(extensions && !X509V3_EXT_add_conf(req_conf, 
index 5e0fa0b..f81cd27 100644 (file)
@@ -295,3 +295,85 @@ char *section;
        static X509V3_CTX ctx_tst = { CTX_TEST, NULL, NULL, NULL, NULL };
        return X509V3_EXT_add_conf(conf, &ctx_tst, section, NULL);
 }
+
+/* Config database functions */
+
+char * X509V3_get_string(ctx, name, section)
+X509V3_CTX *ctx;
+char *name;
+char *section;
+{
+       if(ctx->db_meth->get_string)
+                       return ctx->db_meth->get_string(ctx->db, name, section);
+       return NULL;
+}
+
+STACK * X509V3_get_section(ctx, section)
+X509V3_CTX *ctx;
+char *section;
+{
+       if(ctx->db_meth->get_section)
+                       return ctx->db_meth->get_section(ctx->db, section);
+       return NULL;
+}
+
+void X509V3_free_string(ctx, str)
+X509V3_CTX *ctx;
+char *str;
+{
+       if(ctx->db_meth->free_string)
+                       return ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_free_section(ctx, section)
+X509V3_CTX *ctx;
+STACK *section;
+{
+       if(ctx->db_meth->free_section)
+                       return ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *conf_lhash_get_string(db, section, value)
+void *db;
+char *section;
+char *value;
+{
+       return CONF_get_string(db, section, value);
+}
+
+static STACK *conf_lhash_get_section(db, section)
+void *db;
+char *section;
+{
+       return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+conf_lhash_get_string,
+conf_lhash_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_conf_lhash(ctx, lhash)
+X509V3_CTX *ctx;
+LHASH *lhash;
+{
+       ctx->db_meth = &conf_lhash_method;
+       ctx->db = lhash;
+}
+
+void X509V3_set_ctx(ctx, issuer, subj, req, crl, flags)
+X509V3_CTX *ctx;
+X509 *issuer;
+X509 *subj;
+X509_REQ *req;
+X509_CRL *crl;
+int flags;
+{
+       ctx->issuer_cert = issuer;
+       ctx->subject_cert = subj;
+       ctx->crl = crl;
+       ctx->subject_req = req;
+       ctx->flags = flags;
+}
index 081a86b..5143a1e 100644 (file)
@@ -80,7 +80,7 @@ typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx
 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
 typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
 typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out, int indent);
-typedef char *(*X509V3_EXT_R2I)(struct v3_ext_method *method, char *db, char *value);
+typedef char * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
 
 /* V3 extension structure */
 
@@ -102,11 +102,17 @@ X509V3_EXT_V2I v2i;
 
 /* The following are used for raw extensions */
 X509V3_EXT_I2R i2r;
-X509V3_EXT_R2I r2i;    /* Doesn't do anything *YET* */
+X509V3_EXT_R2I r2i;
 
 char *usr_data;        /* Any extension specific data */
 };
 
+typedef struct X509V3_CONF_METHOD_st {
+char * (*get_string)(void *db, char *section, char *value);
+STACK * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK *section);
+} X509V3_CONF_METHOD;
 
 /* Context specific info */
 struct v3_ext_ctx {
@@ -116,6 +122,8 @@ X509 *issuer_cert;
 X509 *subject_cert;
 X509_REQ *subject_req;
 X509_CRL *crl;
+X509V3_CONF_METHOD *db_meth;
+void *db;
 /* Maybe more here */
 };
 
@@ -278,8 +286,16 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CR
 int X509V3_EXT_check_conf(LHASH *conf, char *section);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 #endif
 
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK * X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_free_string(X509V3_CTX *ctx, char *str);
+void X509V3_free_section( X509V3_CTX *ctx, STACK *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                                X509_REQ *req, X509_CRL *crl, int flags);
+
 int X509V3_add_value(char *name, char *value, STACK **extlist);
 int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
 int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
@@ -368,8 +384,15 @@ int X509V3_EXT_add_conf();
 int X509V3_EXT_check_conf();
 int X509V3_get_value_bool();
 int X509V3_get_value_int();
+void X509V3_set_conf_lhash();
 #endif
 
+char * X509V3_get_string();
+STACK * X509V3_get_section();
+void X509V3_free_string();
+void X509V3_free_section();
+void X509V3_set_ctx();
+
 int X509V3_add_value();
 int X509V3_add_value_bool();
 int X509V3_add_value_int();