diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-08-11 13:08:58 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-08-11 13:08:58 +0000 |
commit | fd52057729fcf050734882069e6fa3f02b555cd2 (patch) | |
tree | 1dc6553e5ffd1b7b9eb11ce5178abb0175a55285 /crypto | |
parent | 8b94634428fc4dd07e2946bde3ed6d1686605e5d (diff) | |
download | openssl-fd52057729fcf050734882069e6fa3f02b555cd2.tar.gz |
Add functions to allow extensions to be added to certificate requests.
Modify obj_dat.pl to take its files from the command line. Usage is now
perl obj_dat.pl objects.h obj_dat.h
this should avoid redirection shell escape problems under Win32.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/objects/Makefile.ssl | 2 | ||||
-rw-r--r-- | crypto/objects/obj_dat.pl | 54 | ||||
-rw-r--r-- | crypto/x509/x509.h | 3 | ||||
-rw-r--r-- | crypto/x509/x509_req.c | 45 |
4 files changed, 79 insertions, 25 deletions
diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl index a3a15c13c1..8b15ab0d6c 100644 --- a/crypto/objects/Makefile.ssl +++ b/crypto/objects/Makefile.ssl @@ -38,7 +38,7 @@ top: all: obj_dat.h lib obj_dat.h: objects.h obj_dat.pl - $(PERL) ./obj_dat.pl < objects.h > obj_dat.h + $(PERL) ./obj_dat.pl objects.h obj_dat.h lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl index 5043daef2a..e6e3c3b9c0 100644 --- a/crypto/objects/obj_dat.pl +++ b/crypto/objects/obj_dat.pl @@ -38,7 +38,10 @@ sub expand_obj return(%objn); } -while (<>) +open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]"; +open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]"; + +while (<IN>) { next unless /^\#define\s+(\S+)\s+(.*)$/; $v=$1; @@ -55,6 +58,7 @@ while (<>) $objd{$v}=$d; } } +close IN; %ob=&expand_obj(*objd); @@ -132,7 +136,7 @@ foreach (sort obj_cmp @a) push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v)); } -print <<'EOF'; +print OUT <<'EOF'; /* lib/obj/obj_dat.h */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. @@ -193,21 +197,21 @@ print <<'EOF'; /* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the * following command: - * perl obj_dat.pl < objects.h > obj_dat.h + * perl obj_dat.pl objects.h obj_dat.h */ EOF -printf "#define NUM_NID %d\n",$n; -printf "#define NUM_SN %d\n",$#sn+1; -printf "#define NUM_LN %d\n",$#ln+1; -printf "#define NUM_OBJ %d\n\n",$#ob+1; +printf OUT "#define NUM_NID %d\n",$n; +printf OUT "#define NUM_SN %d\n",$#sn+1; +printf OUT "#define NUM_LN %d\n",$#ln+1; +printf OUT "#define NUM_OBJ %d\n\n",$#ob+1; -printf "static unsigned char lvalues[%d]={\n",$lvalues+1; -print @lvalues; -print "};\n\n"; +printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1; +print OUT @lvalues; +print OUT "};\n\n"; -printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; +printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; foreach (@out) { if (length($_) > 75) @@ -218,30 +222,32 @@ foreach (@out) $t=$out.$_.","; if (length($t) > 70) { - print "$out\n"; + print OUT "$out\n"; $t="\t$_,"; } $out=$t; } chop $out; - print "$out"; + print OUT "$out"; } else - { print $_; } + { print OUT $_; } } -print "};\n\n"; +print OUT "};\n\n"; + +printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; +print OUT @sn; +print OUT "};\n\n"; -printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; -print @sn; -print "};\n\n"; +printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; +print OUT @ln; +print OUT "};\n\n"; -printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; -print @ln; -print "};\n\n"; +printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; +print OUT @ob; +print OUT "};\n\n"; -printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; -print @ob; -print "};\n\n"; +close OUT; sub der_it { diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 80ca680594..7bb4dbf125 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -791,6 +791,9 @@ int X509_REQ_extension_nid(int nid); int * X509_REQ_get_extesion_nids(void); void X509_REQ_set_extension_nids(int *nids); STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 6544f03f2c..b52a59c263 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -169,3 +169,48 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) d2i_X509_EXTENSION, X509_EXTENSION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); } + +/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs + * in case we want to create a non standard one. + */ + +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) +{ + unsigned char *p = NULL, *q; + long len; + ASN1_TYPE *at = NULL; + X509_ATTRIBUTE *attr = NULL; + if(!(at = ASN1_TYPE_new()) || + !(at->value.sequence = ASN1_STRING_new())) goto err; + + at->type = V_ASN1_SEQUENCE; + /* Generate encoding of extensions */ + len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, + V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(p = Malloc(len))) goto err; + q = p; + i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, + V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); + at->value.sequence->data = p; + p = NULL; + at->value.sequence->length = len; + if(!(attr = X509_ATTRIBUTE_new())) goto err; + if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; + if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; + at = NULL; + attr->set = 1; + attr->object = OBJ_nid2obj(nid); + if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; + return 1; + err: + if(p) Free(p); + X509_ATTRIBUTE_free(attr); + ASN1_TYPE_free(at); + return 0; +} +/* This is the normal usage: use the "official" OID */ +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) +{ + return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); +} |