From: Dr. Stephen Henson Date: Sun, 14 Nov 1999 23:10:50 +0000 (+0000) Subject: 'req' fixes. Reinstate length check one request fields. X-Git-Tag: OpenSSL_0_9_5beta1~425 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=06556a1744dced40a2a77d7b6e4bb73f6e611b8d 'req' fixes. Reinstate length check one request fields. Fix to stop null being added to attributes. Modify X509_LOOKUP, X509_INFO to handle auxiliary info. --- diff --git a/CHANGES b/CHANGES index dc60f56cc3..c4b95c88ce 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Fix for 'req': it was adding a null to request attributes. + Also change the X509_LOOKUP and X509_INFO code to handle + certificate auxiliary information. + [Steve Henson] + *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document the 'enc' command. [Steve Henson] diff --git a/apps/req.c b/apps/req.c index cf91012cf4..59a38982b9 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1051,6 +1051,7 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif + if(!req_fix_data(-1, NULL, i, min, max)) goto err; if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC, (unsigned char *) buf, -1,-1,0)) goto err; ret=1; @@ -1123,7 +1124,7 @@ start: else goto err; } - if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1)) + if (!ASN1_STRING_set(bs,(unsigned char *)buf,i)) { BIO_printf(bio_err,"Malloc failure\n"); goto err; } if ((at=ASN1_TYPE_new()) == NULL) @@ -1161,23 +1162,24 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) static int req_fix_data(int nid, int *type, int len, int min, int max) { - if (nid == NID_pkcs9_emailAddress) - *type=V_ASN1_IA5STRING; - if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) - *type=V_ASN1_T61STRING; - if ((nid == NID_pkcs9_challengePassword) && - (*type == V_ASN1_IA5STRING)) - *type=V_ASN1_T61STRING; - - if ((nid == NID_pkcs9_unstructuredName) && - (*type == V_ASN1_T61STRING)) - { - BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n"); - return(0); - } - if (nid == NID_pkcs9_unstructuredName) - *type=V_ASN1_IA5STRING; - + if(type) { + if (nid == NID_pkcs9_emailAddress) + *type=V_ASN1_IA5STRING; + if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + if ((nid == NID_pkcs9_challengePassword) && + (*type == V_ASN1_IA5STRING)) + *type=V_ASN1_T61STRING; + + if ((nid == NID_pkcs9_unstructuredName) && + (*type == V_ASN1_T61STRING)) + { + BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n"); + return(0); + } + if (nid == NID_pkcs9_unstructuredName) + *type=V_ASN1_IA5STRING; + } if (len < min) { BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index fec18a4c2e..b65239a920 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -132,6 +132,17 @@ start: } pp=(char **)&(xi->x509); } + else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) + { + d2i=(char *(*)())d2i_X509_AUX; + if (xi->x509 != NULL) + { + if (!sk_X509_INFO_push(ret,xi)) goto err; + if ((xi=X509_INFO_new()) == NULL) goto err; + goto start; + } + pp=(char **)&(xi->x509); + } else if (strcmp(name,PEM_STRING_X509_CRL) == 0) { d2i=(char *(*)())d2i_X509_CRL; diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 3c31de728c..0457f01c34 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -147,7 +147,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) { for (;;) { - x=PEM_read_bio_X509(in,NULL,NULL,NULL); + x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_error()) ==