Loading CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,11 @@ Changes between 0.9.1c and 0.9.2 *) Dump the old yucky req code that tried (and failed) to allow raw OIDs to be added. Now both 'req' and 'ca' can use new objects defined in the config file. [Steve Henson] *) Add cool BIO that does syslog (or event log on NT). [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie] Loading apps/ca.c +41 −12 Original line number Diff line number Diff line Loading @@ -155,6 +155,7 @@ extern int EF_ALIGNMENT; #endif #ifndef NOPROTO static int add_oid_section(LHASH *conf); static void lookup_fail(char *name,char *tag); static int MS_CALLBACK key_callback(char *buf,int len,int verify); static unsigned long index_serial_hash(char **a); Loading @@ -181,6 +182,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst, LHASH *conf); static int check_time_format(char *str); #else static int add_oid_section(); static void lookup_fail(); static int MS_CALLBACK key_callback(); static unsigned long index_serial_hash(); Loading Loading @@ -453,6 +455,10 @@ bad: } } } if(!add_oid_section(conf)) { ERR_print_errors(bio_err); goto err; } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); Loading Loading @@ -1044,22 +1050,23 @@ bad: /*****************************************************************/ ret=0; err: if (hex != NULL) BIO_free(hex); if (Cout != NULL) BIO_free(Cout); if (Sout != NULL) BIO_free(Sout); if (out != NULL) BIO_free(out); if (in != NULL) BIO_free(in); BIO_free(hex); BIO_free(Cout); BIO_free(Sout); BIO_free(out); BIO_free(in); if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free); sk_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); if (serial != NULL) BN_free(serial); if (db != NULL) TXT_DB_free(db); if (pkey != NULL) EVP_PKEY_free(pkey); if (x509 != NULL) X509_free(x509); if (crl != NULL) X509_CRL_free(crl); if (conf != NULL) CONF_free(conf); BN_free(serial); TXT_DB_free(db); EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); CONF_free(conf); X509V3_EXT_cleanup(); OBJ_cleanup(); EXIT(ret); } Loading Loading @@ -2009,3 +2016,25 @@ char *str; return(ASN1_UTCTIME_check(&tm)); } static int add_oid_section(conf) LHASH *conf; { char *p; STACK *sktmp; CONF_VALUE *cnf; int i; if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; if(!(sktmp = CONF_get_section(conf, p))) { BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } for(i = 0; i < sk_num(sktmp); i++) { cnf = (CONF_VALUE *)sk_value(sktmp, i); if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(bio_err, "problem creating object %s=%s\n", cnf->name, cnf->value); return 0; } } return 1; } apps/openssl.cnf +10 −1 Original line number Diff line number Diff line Loading @@ -5,6 +5,15 @@ RANDFILE = $ENV::HOME/.rnd oid_file = $ENV::HOME/.oid oid_section = new_oids [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 #################################################################### [ ca ] Loading Loading @@ -92,7 +101,7 @@ commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 SET-ex3 = SET extension number 3 # SET-ex3 = SET extension number 3 [ req_attributes ] challengePassword = A challenge password Loading apps/req.c +63 −42 Original line number Diff line number Diff line Loading @@ -115,12 +115,16 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid,int min,int max); static void MS_CALLBACK req_cb(int p,int n,char *arg); static int req_fix_data(int nid,int *type,int len,int min,int max); static int check_end(char *str, char *end); static int add_oid_section(LHASH *conf); #else static int make_REQ(); static int add_attribute_object(); static int add_DN_object(); static void MS_CALLBACK req_cb(); static int req_fix_data(); static int check_end(); static int add_oid_section(); #endif #ifndef MONOLITH Loading Loading @@ -423,6 +427,7 @@ bad: } } } if(!add_oid_section(req_conf)) goto end; if ((md_alg == NULL) && ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) Loading Loading @@ -800,11 +805,13 @@ end: ERR_print_errors(bio_err); } if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free(out); if (pkey != NULL) EVP_PKEY_free(pkey); if (req != NULL) X509_REQ_free(req); if (x509ss != NULL) X509_free(x509ss); BIO_free(in); BIO_free(out); EVP_PKEY_free(pkey); X509_REQ_free(req); X509_free(x509ss); X509V3_EXT_cleanup(); OBJ_cleanup(); #ifndef NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif Loading @@ -816,7 +823,7 @@ X509_REQ *req; EVP_PKEY *pkey; int attribs; { int ret=0,i,j; int ret=0,i; unsigned char *p,*q; X509_REQ_INFO *ri; char buf[100]; Loading Loading @@ -876,42 +883,18 @@ start: for (;;) v=(CONF_VALUE *)sk_value(sk,i); p=q=NULL; type=v->name; /* Allow for raw OIDs */ /* [n.mm.ooo.ppp] */ for (j=0; type[j] != '\0'; j++) { if ( (type[j] == ':') || (type[j] == ',') || (type[j] == '.')) p=(unsigned char *)&(type[j+1]); if (type[j] == '[') { p=(unsigned char *)&(type[j+1]); for (j++; type[j] != '\0'; j++) if (type[j] == ']') { q=(unsigned char *)&(type[j]); break; } break; } } if (p != NULL) type=(char *)p; if ((nid=OBJ_txt2nid(type)) == NID_undef) { /* Add a new one if possible */ if ((p != NULL) && (q != NULL) && (*q == ']')) { *q='\0'; nid=OBJ_create((char *)p,NULL,NULL); *q=']'; if (nid == NID_undef) goto start; } else goto start; } if(!check_end(type,"_min") || !check_end(type,"_max") || !check_end(type,"_default") || !check_end(type,"_value")) continue; /* Skip past any leading X. X: X, etc to allow for * multiple instances */ for(p = v->name; *p ; p++) if ((*p != ':') || (*p != ',') || (*p != '.')) break; if (*p) type=(char *)p; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; sprintf(buf,"%s_default",v->name); if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL) def=""; Loading Loading @@ -1194,3 +1177,41 @@ int len,min,max; } return(1); } /* Check if the end of a string matches 'end' */ static int check_end(str, end) char *str; char *end; { int elen, slen; char *tmp; elen = strlen(end); slen = strlen(str); if(elen > slen) return 1; tmp = str + slen - elen; fprintf(stderr, "Matching %s, %s %s\n", str, end, tmp); return strcmp(tmp, end); } static int add_oid_section(conf) LHASH *conf; { char *p; STACK *sktmp; CONF_VALUE *cnf; int i; if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; if(!(sktmp = CONF_get_section(conf, p))) { BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } for(i = 0; i < sk_num(sktmp); i++) { cnf = (CONF_VALUE *)sk_value(sktmp, i); if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(bio_err, "problem creating object %s=%s\n", cnf->name, cnf->value); return 0; } } return 1; } Loading
CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,11 @@ Changes between 0.9.1c and 0.9.2 *) Dump the old yucky req code that tried (and failed) to allow raw OIDs to be added. Now both 'req' and 'ca' can use new objects defined in the config file. [Steve Henson] *) Add cool BIO that does syslog (or event log on NT). [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie] Loading
apps/ca.c +41 −12 Original line number Diff line number Diff line Loading @@ -155,6 +155,7 @@ extern int EF_ALIGNMENT; #endif #ifndef NOPROTO static int add_oid_section(LHASH *conf); static void lookup_fail(char *name,char *tag); static int MS_CALLBACK key_callback(char *buf,int len,int verify); static unsigned long index_serial_hash(char **a); Loading @@ -181,6 +182,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst, LHASH *conf); static int check_time_format(char *str); #else static int add_oid_section(); static void lookup_fail(); static int MS_CALLBACK key_callback(); static unsigned long index_serial_hash(); Loading Loading @@ -453,6 +455,10 @@ bad: } } } if(!add_oid_section(conf)) { ERR_print_errors(bio_err); goto err; } in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); Loading Loading @@ -1044,22 +1050,23 @@ bad: /*****************************************************************/ ret=0; err: if (hex != NULL) BIO_free(hex); if (Cout != NULL) BIO_free(Cout); if (Sout != NULL) BIO_free(Sout); if (out != NULL) BIO_free(out); if (in != NULL) BIO_free(in); BIO_free(hex); BIO_free(Cout); BIO_free(Sout); BIO_free(out); BIO_free(in); if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free); sk_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); if (serial != NULL) BN_free(serial); if (db != NULL) TXT_DB_free(db); if (pkey != NULL) EVP_PKEY_free(pkey); if (x509 != NULL) X509_free(x509); if (crl != NULL) X509_CRL_free(crl); if (conf != NULL) CONF_free(conf); BN_free(serial); TXT_DB_free(db); EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); CONF_free(conf); X509V3_EXT_cleanup(); OBJ_cleanup(); EXIT(ret); } Loading Loading @@ -2009,3 +2016,25 @@ char *str; return(ASN1_UTCTIME_check(&tm)); } static int add_oid_section(conf) LHASH *conf; { char *p; STACK *sktmp; CONF_VALUE *cnf; int i; if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; if(!(sktmp = CONF_get_section(conf, p))) { BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } for(i = 0; i < sk_num(sktmp); i++) { cnf = (CONF_VALUE *)sk_value(sktmp, i); if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(bio_err, "problem creating object %s=%s\n", cnf->name, cnf->value); return 0; } } return 1; }
apps/openssl.cnf +10 −1 Original line number Diff line number Diff line Loading @@ -5,6 +5,15 @@ RANDFILE = $ENV::HOME/.rnd oid_file = $ENV::HOME/.oid oid_section = new_oids [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 #################################################################### [ ca ] Loading Loading @@ -92,7 +101,7 @@ commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 SET-ex3 = SET extension number 3 # SET-ex3 = SET extension number 3 [ req_attributes ] challengePassword = A challenge password Loading
apps/req.c +63 −42 Original line number Diff line number Diff line Loading @@ -115,12 +115,16 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid,int min,int max); static void MS_CALLBACK req_cb(int p,int n,char *arg); static int req_fix_data(int nid,int *type,int len,int min,int max); static int check_end(char *str, char *end); static int add_oid_section(LHASH *conf); #else static int make_REQ(); static int add_attribute_object(); static int add_DN_object(); static void MS_CALLBACK req_cb(); static int req_fix_data(); static int check_end(); static int add_oid_section(); #endif #ifndef MONOLITH Loading Loading @@ -423,6 +427,7 @@ bad: } } } if(!add_oid_section(req_conf)) goto end; if ((md_alg == NULL) && ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) Loading Loading @@ -800,11 +805,13 @@ end: ERR_print_errors(bio_err); } if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free(out); if (pkey != NULL) EVP_PKEY_free(pkey); if (req != NULL) X509_REQ_free(req); if (x509ss != NULL) X509_free(x509ss); BIO_free(in); BIO_free(out); EVP_PKEY_free(pkey); X509_REQ_free(req); X509_free(x509ss); X509V3_EXT_cleanup(); OBJ_cleanup(); #ifndef NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif Loading @@ -816,7 +823,7 @@ X509_REQ *req; EVP_PKEY *pkey; int attribs; { int ret=0,i,j; int ret=0,i; unsigned char *p,*q; X509_REQ_INFO *ri; char buf[100]; Loading Loading @@ -876,42 +883,18 @@ start: for (;;) v=(CONF_VALUE *)sk_value(sk,i); p=q=NULL; type=v->name; /* Allow for raw OIDs */ /* [n.mm.ooo.ppp] */ for (j=0; type[j] != '\0'; j++) { if ( (type[j] == ':') || (type[j] == ',') || (type[j] == '.')) p=(unsigned char *)&(type[j+1]); if (type[j] == '[') { p=(unsigned char *)&(type[j+1]); for (j++; type[j] != '\0'; j++) if (type[j] == ']') { q=(unsigned char *)&(type[j]); break; } break; } } if (p != NULL) type=(char *)p; if ((nid=OBJ_txt2nid(type)) == NID_undef) { /* Add a new one if possible */ if ((p != NULL) && (q != NULL) && (*q == ']')) { *q='\0'; nid=OBJ_create((char *)p,NULL,NULL); *q=']'; if (nid == NID_undef) goto start; } else goto start; } if(!check_end(type,"_min") || !check_end(type,"_max") || !check_end(type,"_default") || !check_end(type,"_value")) continue; /* Skip past any leading X. X: X, etc to allow for * multiple instances */ for(p = v->name; *p ; p++) if ((*p != ':') || (*p != ',') || (*p != '.')) break; if (*p) type=(char *)p; /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; sprintf(buf,"%s_default",v->name); if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL) def=""; Loading Loading @@ -1194,3 +1177,41 @@ int len,min,max; } return(1); } /* Check if the end of a string matches 'end' */ static int check_end(str, end) char *str; char *end; { int elen, slen; char *tmp; elen = strlen(end); slen = strlen(str); if(elen > slen) return 1; tmp = str + slen - elen; fprintf(stderr, "Matching %s, %s %s\n", str, end, tmp); return strcmp(tmp, end); } static int add_oid_section(conf) LHASH *conf; { char *p; STACK *sktmp; CONF_VALUE *cnf; int i; if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; if(!(sktmp = CONF_get_section(conf, p))) { BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } for(i = 0; i < sk_num(sktmp); i++) { cnf = (CONF_VALUE *)sk_value(sktmp, i); if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(bio_err, "problem creating object %s=%s\n", cnf->name, cnf->value); return 0; } } return 1; }
