summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES8
-rw-r--r--apps/apps.c6
-rw-r--r--apps/apps.h4
-rw-r--r--apps/ca.c120
-rw-r--r--apps/openssl.c9
-rw-r--r--apps/req.c127
-rw-r--r--apps/spkac.c11
-rw-r--r--apps/x509.c29
-rw-r--r--crypto/conf/conf.h3
-rw-r--r--crypto/conf/conf_lib.c53
-rw-r--r--crypto/x509v3/v3_conf.c381
-rw-r--r--crypto/x509v3/x509v3.h10
12 files changed, 432 insertions, 329 deletions
diff --git a/CHANGES b/CHANGES
index 74189b35c2..76d123a612 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,14 @@
*) applies to 0.9.6a (/0.9.6b) and 0.9.7
+) applies to 0.9.7 only
+ +) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+ to support NCONF routines in extension code. New function CONF_set_nconf()
+ to allow functions which take an NCONF to also handle the old LHASH
+ structure: this means that the old CONF compatible routines can be
+ retained (in particular wrt extensions) without having to duplicate the
+ code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+ [Steve Henson]
+
*) Handle special case when X509_NAME is empty in X509 printing routines.
[Steve Henson]
diff --git a/apps/apps.c b/apps/apps.c
index d3b6ca82ee..2d2fb38858 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
return BUF_strdup(tpass);
}
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
- if(!(p=CONF_get_string(conf,NULL,"oid_section")))
+ if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
{
ERR_clear_error();
return 1;
}
- if(!(sktmp = CONF_get_section(conf, p))) {
+ if(!(sktmp = NCONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}
diff --git a/apps/apps.h b/apps/apps.h
index 34935bde42..ae2f7f0833 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -101,7 +101,7 @@ extern BIO *bio_err;
#else
#define MAIN(a,v) PROG(a,v)
-extern LHASH *config;
+extern CONF *config;
extern char *default_config_file;
extern BIO *bio_err;
@@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg);
int set_ext_copy(int *copy_type, const char *arg);
int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, LHASH *conf);
+int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
EVP_PKEY *load_key(BIO *err, const char *file, int format,
diff --git a/apps/ca.c b/apps/ca.c
index e66331845e..e0a9ef9eae 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
BIGNUM *serial, char *subj, char *startdate,char *enddate,
- int days, int batch, char *ext_sect, LHASH *conf,int verbose,
+ long days, int batch, char *ext_sect, CONF *conf,int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,
- char *enddate, int days, int batch, char *ext_sect,
- LHASH *conf,int verbose, unsigned long certopt,
+ char *enddate, long days, int batch, char *ext_sect,
+ CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *subj, char *startdate,
- char *enddate, int days, char *ext_sect,LHASH *conf,
+ char *enddate, long days, char *ext_sect,CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *conf,
+ char *startdate, char *enddate, long days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static X509_NAME *do_subject(char *subject);
@@ -245,8 +245,8 @@ static int check_time_format(char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static LHASH *conf=NULL;
-static LHASH *extconf=NULL;
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
static char *section=NULL;
static int preserve=0;
@@ -300,7 +300,7 @@ int MAIN(int argc, char **argv)
BIGNUM *serial=NULL;
char *startdate=NULL;
char *enddate=NULL;
- int days=0;
+ long days=0;
int batch=0;
int notext=0;
unsigned long nameopt = 0, certopt = 0;
@@ -571,7 +571,8 @@ bad:
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
- if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+ conf = NCONF_new(NULL);
+ if (NCONF_load(conf,configfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err,"error loading the config file '%s'\n",
@@ -585,7 +586,7 @@ bad:
/* Lets get the config section we are using */
if (section == NULL)
{
- section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+ section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
if (section == NULL)
{
lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
@@ -595,7 +596,7 @@ bad:
if (conf != NULL)
{
- p=CONF_get_string(conf,NULL,"oid_file");
+ p=NCONF_get_string(conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
@@ -624,7 +625,7 @@ bad:
}
}
- randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
@@ -643,7 +644,7 @@ bad:
/* report status of cert with serial number given on command line */
if (ser_status)
{
- if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
@@ -676,7 +677,7 @@ bad:
/*****************************************************************/
/* we definitely need a public key, so let's get it */
- if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+ if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
{
lookup_fail(section,ENV_PRIVATE_KEY);
@@ -698,7 +699,7 @@ bad:
/*****************************************************************/
/* we need a certificate */
- if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+ if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
section,ENV_CERTIFICATE)) == NULL))
{
lookup_fail(section,ENV_CERTIFICATE);
@@ -715,18 +716,18 @@ bad:
goto err;
}
- f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
preserve=1;
- f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
if (f == NULL)
ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
msie_hack=1;
- f=CONF_get_string(conf,section,ENV_NAMEOPT);
+ f=NCONF_get_string(conf,section,ENV_NAMEOPT);
if (f)
{
@@ -740,7 +741,7 @@ bad:
else
ERR_clear_error();
- f=CONF_get_string(conf,section,ENV_CERTOPT);
+ f=NCONF_get_string(conf,section,ENV_CERTOPT);
if (f)
{
@@ -754,7 +755,7 @@ bad:
else
ERR_clear_error();
- f=CONF_get_string(conf,section,ENV_EXTCOPY);
+ f=NCONF_get_string(conf,section,ENV_EXTCOPY);
if (f)
{
@@ -773,7 +774,7 @@ bad:
{
struct stat sb;
- if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+ if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
== NULL)
{
BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
@@ -816,7 +817,7 @@ bad:
/*****************************************************************/
/* we need to load the database file */
- if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+ if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
{
lookup_fail(section,ENV_DATABASE);
goto err;
@@ -995,7 +996,8 @@ bad:
/* Read extentions config file */
if (extfile)
{
- if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+ extconf = NCONF_new(NULL);
+ if (NCONF_load(extconf,extfile,&errorline) <= 0)
{
if (errorline <= 0)
BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
@@ -1011,7 +1013,7 @@ bad:
BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
/* We can have sections in the ext file */
- if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions")))
+ if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
extensions = "default";
}
@@ -1040,7 +1042,7 @@ bad:
if (req)
{
- if ((md == NULL) && ((md=CONF_get_string(conf,
+ if ((md == NULL) && ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) == NULL))
{
lookup_fail(section,ENV_DEFAULT_MD);
@@ -1054,7 +1056,7 @@ bad:
if (verbose)
BIO_printf(bio_err,"message digest is %s\n",
OBJ_nid2ln(dgst->type));
- if ((policy == NULL) && ((policy=CONF_get_string(conf,
+ if ((policy == NULL) && ((policy=NCONF_get_string(conf,
section,ENV_POLICY)) == NULL))
{
lookup_fail(section,ENV_POLICY);
@@ -1063,7 +1065,7 @@ bad:
if (verbose)
BIO_printf(bio_err,"policy is %s\n",policy);
- if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+ if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
== NULL)
{
lookup_fail(section,ENV_SERIAL);
@@ -1076,7 +1078,7 @@ bad:
* in the main configuration file */
if (!extensions)
{
- extensions=CONF_get_string(conf,section,
+ extensions=NCONF_get_string(conf,section,
ENV_EXTENSIONS);
if (!extensions)
ERR_clear_error();
@@ -1086,8 +1088,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, extensions,
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
NULL))
{
BIO_printf(bio_err,
@@ -1101,7 +1103,7 @@ bad:
if (startdate == NULL)
{
- startdate=CONF_get_string(conf,section,
+ startdate=NCONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
if (startdate == NULL)
ERR_clear_error();
@@ -1115,7 +1117,7 @@ bad:
if (enddate == NULL)
{
- enddate=CONF_get_string(conf,section,
+ enddate=NCONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
if (enddate == NULL)
ERR_clear_error();
@@ -1128,8 +1130,8 @@ bad:
if (days == 0)
{
- days=(int)CONF_get_number(conf,section,
- ENV_DEFAULT_DAYS);
+ if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+ days = 0;
}
if (!enddate && (days == 0))
{
@@ -1149,7 +1151,7 @@ bad:
OPENSSL_free(f);
}
- if ((attribs=CONF_get_section(conf,policy)) == NULL)
+ if ((attribs=NCONF_get_section(conf,policy)) == NULL)
{
BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
goto err;
@@ -1404,7 +1406,7 @@ bad:
int crl_v2 = 0;
if (!crl_ext)
{
- crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
if (!crl_ext)
ERR_clear_error();
}
@@ -1413,8 +1415,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, conf);
- if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
{
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
@@ -1426,10 +1428,12 @@ bad:
if (!crldays && !crlhours)
{
- crldays=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_DAYS);
- crlhours=CONF_get_number(conf,section,
- ENV_DEFAULT_CRL_HOURS);
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_DAYS, &crldays))
+ crldays = 0;
+ if (!NCONF_get_number(conf,section,
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
+ crlhours = 0;
}
if ((crldays == 0) && (crlhours == 0))
{
@@ -1505,9 +1509,9 @@ bad:
if (ci->version == NULL)
if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
- X509V3_set_conf_lhash(&crlctx, conf);
+ X509V3_set_nconf(&crlctx, conf);
- if (!X509V3_EXT_CRL_add_conf(conf, &crlctx,
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
crl_ext, crl)) goto err;
}
if (crl_ext || crl_v2)
@@ -1593,7 +1597,7 @@ err:
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
- CONF_free(conf);
+ NCONF_free(conf);
OBJ_cleanup();
apps_shutdown();
EXIT(ret);
@@ -1704,8 +1708,8 @@ err:
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
@@ -1766,8 +1770,8 @@ err:
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- int batch, char *ext_sect, LHASH *lconf, int verbose,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy, ENGINE *e)
{
@@ -1820,8 +1824,8 @@ err:
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
- char *startdate, char *enddate, int days, int batch, int verbose,
- X509_REQ *req, char *ext_sect, LHASH *lconf,
+ char *startdate, char *enddate, long days, int batch, int verbose,
+ X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy)
{
@@ -2143,13 +2147,13 @@ again2:
BIO_printf(bio_err, "Extra configuration file found\n");
/* Use the extconf configuration db LHASH */
- X509V3_set_conf_lhash(&ctx, extconf);
+ X509V3_set_nconf(&ctx, extconf);
/* Test the structure (needed?) */
/* X509V3_set_ctx_test(&ctx); */
/* Adds exts contained in the configuration file */
- if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret))
+ if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
{
BIO_printf(bio_err,
"ERROR: adding extensions in section %s\n",
@@ -2163,9 +2167,9 @@ again2:
else if (ext_sect)
{
/* We found extensions to be set from config file */
- X509V3_set_conf_lhash(&ctx, lconf);
+ X509V3_set_nconf(&ctx, lconf);
- if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret))
+ if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
{
BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
ERR_print_errors(bio_err);
@@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
- BIGNUM *serial, char *subj, char *startdate, char *enddate, int days,
- char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt,
+ BIGNUM *serial, char *subj, char *startdate, char *enddate, long days,
+ char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
{
STACK_OF(CONF_VALUE) *sk=NULL;
diff --git a/apps/openssl.c b/apps/openssl.c
index 22bd52ffed..f8d4ac69d6 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void);
static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
static LHASH *prog_init(void );
static int do_cmd(LHASH *prog,int argc,char *argv[]);
-LHASH *config=NULL;
+CONF *config=NULL;
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
@@ -269,8 +269,9 @@ int main(int Argc, char *Argv[])
default_config_file=p;
- config=CONF_load(config,p,&errline);
- if (config == NULL) ERR_clear_error();
+ config=NCONF_new(NULL);
+ i=NCONF_load(config,p,&errline);
+ if (i == 0) ERR_clear_error();
prog=prog_init();
@@ -339,7 +340,7 @@ int main(int Argc, char *Argv[])
end:
if (config != NULL)
{
- CONF_free(config);
+ NCONF_free(config);
config=NULL;
}
if (prog != NULL) lh_free(prog);
diff --git a/apps/req.c b/apps/req.c
index 9269aa85ac..f534e3af20 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req,
static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
STACK_OF(CONF_VALUE) *attr, int attribs);
static int add_attribute_object(X509_REQ *req, char *text,
- char *def, char *value, int nid, int min,
- int max);
+ char *def, char *value, int nid, int n_min,
+ int n_max);
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
- int nid,int min,int max);
+ int nid,int n_min,int n_max);
#ifndef OPENSSL_NO_RSA
static void MS_CALLBACK req_cb(int p,int n,void *arg);
#endif
-static int req_check_len(int len,int min,int max);
+static int req_check_len(int len,int n_min,int n_max);
static int check_end(char *str, char *end);
#ifndef MONOLITH
static char *default_config_file=NULL;
-static LHASH *config=NULL;
+static CONF *config=NULL;
#endif
-static LHASH *req_conf=NULL;
+static CONF *req_conf=NULL;
static int batch=0;
#define TYPE_RSA 1
@@ -152,7 +152,8 @@ int MAIN(int argc, char **argv)
X509 *x509ss=NULL;
X509_REQ *req=NULL;
EVP_PKEY *pkey=NULL;
- int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
+ int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+ long newkey = -1;
BIO *in=NULL,*out=NULL;
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0;
@@ -457,7 +458,8 @@ bad:
p=config_name;
}
default_config_file=p;
- config=CONF_load(config,p,NULL);
+ config=NCONF_new(NULL);
+ i=NCONF_load(config, p);
#endif
if (template != NULL)
@@ -465,8 +467,9 @@ bad:
long errline;
BIO_printf(bio_err,"Using configuration from %s\n",template);
- req_conf=CONF_load(NULL,template,&errline);
- if (req_conf == NULL)
+ req_conf=NCONF_new(NULL);
+ i=NCONF_load(req_conf,template,&errline);
+ if (i == 0)
{
BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
goto end;
@@ -477,7 +480,7 @@ bad:
req_conf=config;
BIO_printf(bio_err,"Using configuration from %s\n",
default_config_file);
- if (req_conf == NULL)
+ if (i == 0)
{
BIO_printf(bio_err,"Unable to load config info\n");
}
@@ -485,7 +488,7 @@ bad:
if (req_conf != NULL)
{
- p=CONF_get_string(req_conf,NULL,"oid_file");
+ p=NCONF_get_string(req_conf,NULL,"oid_file");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
@@ -511,7 +514,7 @@ bad:
if (md_alg == NULL)
{
- p=CONF_get_string(req_conf,SECTION,"default_md");
+ p=NCONF_get_string(req_conf,SECTION,"default_md");
if (p == NULL)
ERR_clear_error();
if (p != NULL)
@@ -523,7 +526,7 @@ bad:
if (!extensions)
{
- extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
if (!extensions)
ERR_clear_error();
}
@@ -531,8 +534,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, req_conf);
- if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) {
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
BIO_printf(bio_err,
"Error Loading extension section %s\n", extensions);
goto end;
@@ -541,19 +544,19 @@ bad:
if(!passin)
{
- passin = CONF_get_string(req_conf, SECTION, "input_password");
+ passin = NCONF_get_string(req_conf, SECTION, "input_password");
if (!passin)
ERR_clear_error();
}
if(!passout)
{
- passout = CONF_get_string(req_conf, SECTION, "output_password");
+ passout = NCONF_get_string(req_conf, SECTION, "output_password");
if (!passout)
ERR_clear_error();
}
- p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+ p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
if (!p)
ERR_clear_error();
@@ -564,7 +567,7 @@ bad:
if(!req_exts)
{
- req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
if (!req_exts)
ERR_clear_error();
}
@@ -572,8 +575,8 @@ bad:
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
- X509V3_set_conf_lhash(&ctx, req_conf);
- if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) {
+ X509V3_set_nconf(&ctx, req_conf);
+ if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
BIO_printf(bio_err,
"Error Loading request extension section %s\n",
req_exts);
@@ -600,7 +603,7 @@ bad:
}
if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
{
- char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
@@ -609,7 +612,7 @@ bad:
if (newreq && (pkey == NULL))
{
- char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+ char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
@@ -618,8 +621,7 @@ bad:
if (newkey <= 0)
{
- newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
- if (newkey <= 0)
+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
newkey=DEFAULT_KEY_LENGTH;
}
@@ -659,7 +661,7 @@ bad:
if (keyout == NULL)
{
- keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
+ keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
if (keyout == NULL)
ERR_clear_error();
}
@@ -685,11 +687,11 @@ bad:
}
}
- p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
if (p == NULL)
{
ERR_clear_error();
- p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+ p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
if (p == NULL)
ERR_clear_error();
}
@@ -806,10 +808,10 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
- X509V3_set_conf_lhash(&ext_ctx, req_conf);
+ X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(extensions && !X509V3_EXT_add_conf(req_conf,
+ if(extensions && !X509V3_EXT_add_nconf(req_conf,
&ext_ctx, extensions, x509ss))
{
BIO_printf(bio_err,
@@ -828,10 +830,10 @@ loop:
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
- X509V3_set_conf_lhash(&ext_ctx, req_conf);
+ X509V3_set_nconf(&ext_ctx, req_conf);
/* Add extensions */
- if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf,
+ if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
&ext_ctx, req_exts, req))
{
BIO_printf(bio_err,
@@ -1009,7 +1011,7 @@ end:
{
ERR_print_errors(bio_err);
}
- if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
+ if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
@@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
char *tmp, *dn_sect,*attr_sect;
- tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+ tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
if (tmp == NULL)
ERR_clear_error();
if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
- dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+ dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
if (dn_sect == NULL)
{
BIO_printf(bio_err,"unable to find '%s' in config\n",
DISTINGUISHED_NAME);
goto err;
}
- dn_sk=CONF_get_section(req_conf,dn_sect);
+ dn_sk=NCONF_get_section(req_conf,dn_sect);
if (dn_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
goto err;
}
- attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
+ attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
if (attr_sect == NULL)
{
ERR_clear_error();
@@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
}
else
{
- attr_sk=CONF_get_section(req_conf,attr_sect);
+ attr_sk=NCONF_get_section(req_conf,attr_sect);
if (attr_sk == NULL)
{
BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
@@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req,
int i;
char *p,*q;
char buf[100];
- int nid,min,max;
+ int nid;
+ long n_min,n_max;
char *type,*def,*value;
CONF_VALUE *v;
X509_NAME *subj;
@@ -1204,27 +1207,29 @@ start: for (;;)
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
sprintf(buf,"%s_default",v->name);
- if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
sprintf(buf,"%s_value",v->name);
- if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+ if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
value=NULL;
}
sprintf(buf,"%s_min",v->name);
- min=(int)CONF_get_number(req_conf,dn_sect,buf);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+ n_min = -1;
sprintf(buf,"%s_max",v->name);
- max=(int)CONF_get_number(req_conf,dn_sect,buf);
+ if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+ n_max = -1;
if (!add_DN_object(subj,v->value,def,value,nid,
- min,max))
+ n_min,n_max))
return 0;
}
if (X509_NAME_entry_count(subj) == 0)
@@ -1255,7 +1260,7 @@ start2: for (;;)
goto start2;
sprintf(buf,"%s_default",type);
- if ((def=CONF_get_string(req_conf,attr_sect,buf))
+ if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
@@ -1264,7 +1269,7 @@ start2: for (;;)
sprintf(buf,"%s_value",type);
- if ((value=CONF_get_string(req_conf,attr_sect,buf))
+ if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
ERR_clear_error();
@@ -1272,13 +1277,15 @@ start2: for (;;)
}
sprintf(buf,"%s_min",type);
- min=(int)CONF_get_number(req_conf,attr_sect,buf);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+ n_min = -1;
sprintf(buf,"%s_max",type);
- max=(int)CONF_get_number(req_conf,attr_sect,buf);
+ if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+ n_max = -1;
if (!add_attribute_object(req,
- v->value,def,value,nid,min,max))
+ v->value,def,value,nid,n_min,n_max))
return 0;
}
}
@@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
- int nid, int min, int max)
+ int nid, int n_min, int n_max)
{
int i,ret=0;
MS_STATIC char buf[1024];
@@ -1393,7 +1400,7 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, min, max)) goto start;
+ if(!req_check_len(i, n_min, n_max)) goto start;
if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
(unsigned char *) buf, -1,-1,0)) goto err;
ret=1;
@@ -1402,8 +1409,8 @@ err:
}
static int add_attribute_object(X509_REQ *req, char *text,
- char *def, char *value, int nid, int min,
- int max)
+ char *def, char *value, int nid, int n_min,
+ int n_max)
{
int i;
static char buf[1024];
@@ -1451,7 +1458,7 @@ start:
#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, i);
#endif
- if(!req_check_len(i, min, max)) goto start;
+ if(!req_check_len(i, n_min, n_max)) goto start;
if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
(unsigned char *)buf, -1)) {
@@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
}
#endif
-static int req_check_len(int len, int min, int max)
+static int req_check_len(int len, int n_min, int n_max)
{
- if (len < min)
+ if ((n_min > 0) && (len < n_min))
{
- BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
+ BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
return(0);
}
- if ((max != 0) && (len > max))
+ if ((n_max >= 0) && (len > n_max))
{
- BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max);
+ BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
return(0);
}
return(1);
diff --git a/apps/spkac.c b/apps/spkac.c
index 918efc0e5a..d43dc9f3b9 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -90,7 +90,7 @@ int MAIN(int argc, char **argv)
char *passargin = NULL, *passin = NULL;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
- LHASH *conf = NULL;
+ CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
char *engine=NULL;
@@ -228,15 +228,16 @@ bad:
goto end;
}
- conf = CONF_load_bio(NULL, in, NULL);
+ conf = NCONF_new(NULL);
+ i = NCONF_load_bio(conf, in, NULL);
- if(!conf) {
+ if(!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
- spkstr = CONF_get_string(conf, spksect, spkac);
+ spkstr = NCONF_get_string(conf, spksect, spkac);
if(!spkstr) {
BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
@@ -285,7 +286,7 @@ bad:
ret = 0;