From b7a26e6dafdbf97513e968a45757a4d4e9843ba2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 28 Jun 2001 11:41:50 +0000 Subject: Modify apps to use NCONF code instead of old CONF code. Add new extension functions which work with NCONF. Tidy up extension config routines and remove redundant code. Fix NCONF_get_number(). Todo: more testing of apps to see they still work... --- apps/apps.c | 6 +-- apps/apps.h | 4 +- apps/ca.c | 120 +++++++++++++++++++++++++++-------------------------- apps/openssl.c | 9 ++-- apps/req.c | 127 ++++++++++++++++++++++++++++++--------------------------- apps/spkac.c | 11 ++--- apps/x509.c | 29 ++++++------- 7 files changed, 160 insertions(+), 146 deletions(-) (limited to 'apps') diff --git a/apps/apps.c b/apps/apps.c index d3b6ca82ee..2d2fb38858 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -591,18 +591,18 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio) return BUF_strdup(tpass); } -int add_oid_section(BIO *err, LHASH *conf) +int add_oid_section(BIO *err, CONF *conf) { char *p; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; - if(!(p=CONF_get_string(conf,NULL,"oid_section"))) + if(!(p=NCONF_get_string(conf,NULL,"oid_section"))) { ERR_clear_error(); return 1; } - if(!(sktmp = CONF_get_section(conf, p))) { + if(!(sktmp = NCONF_get_section(conf, p))) { BIO_printf(err, "problem loading oid section %s\n", p); return 0; } diff --git a/apps/apps.h b/apps/apps.h index 34935bde42..ae2f7f0833 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -101,7 +101,7 @@ extern BIO *bio_err; #else #define MAIN(a,v) PROG(a,v) -extern LHASH *config; +extern CONF *config; extern char *default_config_file; extern BIO *bio_err; @@ -175,7 +175,7 @@ int set_name_ex(unsigned long *flags, const char *arg); int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); -int add_oid_section(BIO *err, LHASH *conf); +int add_oid_section(BIO *err, CONF *conf); X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); EVP_PKEY *load_key(BIO *err, const char *file, int format, diff --git a/apps/ca.c b/apps/ca.c index e66331845e..e0a9ef9eae 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -213,28 +213,28 @@ static int save_serial(char *serialfile, BIGNUM *serial); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db, BIGNUM *serial, char *subj, char *startdate,char *enddate, - int days, int batch, char *ext_sect, LHASH *conf,int verbose, + long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, char *startdate, - char *enddate, int days, int batch, char *ext_sect, - LHASH *conf,int verbose, unsigned long certopt, + char *enddate, long days, int batch, char *ext_sect, + CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, char *startdate, - char *enddate, int days, char *ext_sect,LHASH *conf, + char *enddate, long days, char *ext_sect,CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj, - char *startdate, char *enddate, int days, int batch, int verbose, - X509_REQ *req, char *ext_sect, LHASH *conf, + char *startdate, char *enddate, long days, int batch, int verbose, + X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static X509_NAME *do_subject(char *subject); @@ -245,8 +245,8 @@ static int check_time_format(char *str); char *make_revocation_str(int rev_type, char *rev_arg); int make_revoked(X509_REVOKED *rev, char *str); int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); -static LHASH *conf=NULL; -static LHASH *extconf=NULL; +static CONF *conf=NULL; +static CONF *extconf=NULL; static char *section=NULL; static int preserve=0; @@ -300,7 +300,7 @@ int MAIN(int argc, char **argv) BIGNUM *serial=NULL; char *startdate=NULL; char *enddate=NULL; - int days=0; + long days=0; int batch=0; int notext=0; unsigned long nameopt = 0, certopt = 0; @@ -571,7 +571,8 @@ bad: } BIO_printf(bio_err,"Using configuration from %s\n",configfile); - if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL) + conf = NCONF_new(NULL); + if (NCONF_load(conf,configfile,&errorline) <= 0) { if (errorline <= 0) BIO_printf(bio_err,"error loading the config file '%s'\n", @@ -585,7 +586,7 @@ bad: /* Lets get the config section we are using */ if (section == NULL) { - section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); + section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); if (section == NULL) { lookup_fail(BASE_SECTION,ENV_DEFAULT_CA); @@ -595,7 +596,7 @@ bad: if (conf != NULL) { - p=CONF_get_string(conf,NULL,"oid_file"); + p=NCONF_get_string(conf,NULL,"oid_file"); if (p == NULL) ERR_clear_error(); if (p != NULL) @@ -624,7 +625,7 @@ bad: } } - randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE"); + randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); @@ -643,7 +644,7 @@ bad: /* report status of cert with serial number given on command line */ if (ser_status) { - if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) { lookup_fail(section,ENV_DATABASE); goto err; @@ -676,7 +677,7 @@ bad: /*****************************************************************/ /* we definitely need a public key, so let's get it */ - if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, + if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, section,ENV_PRIVATE_KEY)) == NULL)) { lookup_fail(section,ENV_PRIVATE_KEY); @@ -698,7 +699,7 @@ bad: /*****************************************************************/ /* we need a certificate */ - if ((certfile == NULL) && ((certfile=CONF_get_string(conf, + if ((certfile == NULL) && ((certfile=NCONF_get_string(conf, section,ENV_CERTIFICATE)) == NULL)) { lookup_fail(section,ENV_CERTIFICATE); @@ -715,18 +716,18 @@ bad: goto err; } - f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); + f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); if (f == NULL) ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) preserve=1; - f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); + f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); if (f == NULL) ERR_clear_error(); if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) msie_hack=1; - f=CONF_get_string(conf,section,ENV_NAMEOPT); + f=NCONF_get_string(conf,section,ENV_NAMEOPT); if (f) { @@ -740,7 +741,7 @@ bad: else ERR_clear_error(); - f=CONF_get_string(conf,section,ENV_CERTOPT); + f=NCONF_get_string(conf,section,ENV_CERTOPT); if (f) { @@ -754,7 +755,7 @@ bad: else ERR_clear_error(); - f=CONF_get_string(conf,section,ENV_EXTCOPY); + f=NCONF_get_string(conf,section,ENV_EXTCOPY); if (f) { @@ -773,7 +774,7 @@ bad: { struct stat sb; - if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) + if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) == NULL) { BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); @@ -816,7 +817,7 @@ bad: /*****************************************************************/ /* we need to load the database file */ - if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL) + if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) { lookup_fail(section,ENV_DATABASE); goto err; @@ -995,7 +996,8 @@ bad: /* Read extentions config file */ if (extfile) { - if (!(extconf=CONF_load(NULL,extfile,&errorline))) + extconf = NCONF_new(NULL); + if (NCONF_load(extconf,extfile,&errorline) <= 0) { if (errorline <= 0) BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", @@ -1011,7 +1013,7 @@ bad: BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile); /* We can have sections in the ext file */ - if (!extensions && !(extensions = CONF_get_string(extconf, "default", "extensions"))) + if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) extensions = "default"; } @@ -1040,7 +1042,7 @@ bad: if (req) { - if ((md == NULL) && ((md=CONF_get_string(conf, + if ((md == NULL) && ((md=NCONF_get_string(conf, section,ENV_DEFAULT_MD)) == NULL)) { lookup_fail(section,ENV_DEFAULT_MD); @@ -1054,7 +1056,7 @@ bad: if (verbose) BIO_printf(bio_err,"message digest is %s\n", OBJ_nid2ln(dgst->type)); - if ((policy == NULL) && ((policy=CONF_get_string(conf, + if ((policy == NULL) && ((policy=NCONF_get_string(conf, section,ENV_POLICY)) == NULL)) { lookup_fail(section,ENV_POLICY); @@ -1063,7 +1065,7 @@ bad: if (verbose) BIO_printf(bio_err,"policy is %s\n",policy); - if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL)) + if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL)) == NULL) { lookup_fail(section,ENV_SERIAL); @@ -1076,7 +1078,7 @@ bad: * in the main configuration file */ if (!extensions) { - extensions=CONF_get_string(conf,section, + extensions=NCONF_get_string(conf,section, ENV_EXTENSIONS); if (!extensions) ERR_clear_error(); @@ -1086,8 +1088,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, extensions, + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, @@ -1101,7 +1103,7 @@ bad: if (startdate == NULL) { - startdate=CONF_get_string(conf,section, + startdate=NCONF_get_string(conf,section, ENV_DEFAULT_STARTDATE); if (startdate == NULL) ERR_clear_error(); @@ -1115,7 +1117,7 @@ bad: if (enddate == NULL) { - enddate=CONF_get_string(conf,section, + enddate=NCONF_get_string(conf,section, ENV_DEFAULT_ENDDATE); if (enddate == NULL) ERR_clear_error(); @@ -1128,8 +1130,8 @@ bad: if (days == 0) { - days=(int)CONF_get_number(conf,section, - ENV_DEFAULT_DAYS); + if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days)) + days = 0; } if (!enddate && (days == 0)) { @@ -1149,7 +1151,7 @@ bad: OPENSSL_free(f); } - if ((attribs=CONF_get_section(conf,policy)) == NULL) + if ((attribs=NCONF_get_section(conf,policy)) == NULL) { BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); goto err; @@ -1404,7 +1406,7 @@ bad: int crl_v2 = 0; if (!crl_ext) { - crl_ext=CONF_get_string(conf,section,ENV_CRLEXT); + crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT); if (!crl_ext) ERR_clear_error(); } @@ -1413,8 +1415,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) { BIO_printf(bio_err, "Error Loading CRL extension section %s\n", @@ -1426,10 +1428,12 @@ bad: if (!crldays && !crlhours) { - crldays=CONF_get_number(conf,section, - ENV_DEFAULT_CRL_DAYS); - crlhours=CONF_get_number(conf,section, - ENV_DEFAULT_CRL_HOURS); + if (!NCONF_get_number(conf,section, + ENV_DEFAULT_CRL_DAYS, &crldays)) + crldays = 0; + if (!NCONF_get_number(conf,section, + ENV_DEFAULT_CRL_HOURS, &crlhours)) + crlhours = 0; } if ((crldays == 0) && (crlhours == 0)) { @@ -1505,9 +1509,9 @@ bad: if (ci->version == NULL) if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err; X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); - X509V3_set_conf_lhash(&crlctx, conf); + X509V3_set_nconf(&crlctx, conf); - if (!X509V3_EXT_CRL_add_conf(conf, &crlctx, + if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl)) goto err; } if (crl_ext || crl_v2) @@ -1593,7 +1597,7 @@ err: EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); - CONF_free(conf); + NCONF_free(conf); OBJ_cleanup(); apps_shutdown(); EXIT(ret); @@ -1704,8 +1708,8 @@ err: static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *subj, char *startdate, char *enddate, int days, - int batch, char *ext_sect, LHASH *lconf, int verbose, + BIGNUM *serial, char *subj, char *startdate, char *enddate, long days, + int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -1766,8 +1770,8 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *subj, char *startdate, char *enddate, int days, - int batch, char *ext_sect, LHASH *lconf, int verbose, + BIGNUM *serial, char *subj, char *startdate, char *enddate, long days, + int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) { @@ -1820,8 +1824,8 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj, - char *startdate, char *enddate, int days, int batch, int verbose, - X509_REQ *req, char *ext_sect, LHASH *lconf, + char *startdate, char *enddate, long days, int batch, int verbose, + X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2143,13 +2147,13 @@ again2: BIO_printf(bio_err, "Extra configuration file found\n"); /* Use the extconf configuration db LHASH */ - X509V3_set_conf_lhash(&ctx, extconf); + X509V3_set_nconf(&ctx, extconf); /* Test the structure (needed?) */ /* X509V3_set_ctx_test(&ctx); */ /* Adds exts contained in the configuration file */ - if (!X509V3_EXT_add_conf(extconf, &ctx, ext_sect,ret)) + if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret)) { BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", @@ -2163,9 +2167,9 @@ again2: else if (ext_sect) { /* We found extensions to be set from config file */ - X509V3_set_conf_lhash(&ctx, lconf); + X509V3_set_nconf(&ctx, lconf); - if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) + if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) { BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); ERR_print_errors(bio_err); @@ -2318,8 +2322,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, - BIGNUM *serial, char *subj, char *startdate, char *enddate, int days, - char *ext_sect, LHASH *lconf, int verbose, unsigned long certopt, + BIGNUM *serial, char *subj, char *startdate, char *enddate, long days, + char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { STACK_OF(CONF_VALUE) *sk=NULL; diff --git a/apps/openssl.c b/apps/openssl.c index 22bd52ffed..f8d4ac69d6 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -138,7 +138,7 @@ static unsigned long MS_CALLBACK hash(const void *a_void); static int MS_CALLBACK cmp(const void *a_void,const void *b_void); static LHASH *prog_init(void ); static int do_cmd(LHASH *prog,int argc,char *argv[]); -LHASH *config=NULL; +CONF *config=NULL; char *default_config_file=NULL; /* Make sure there is only one when MONOLITH is defined */ @@ -269,8 +269,9 @@ int main(int Argc, char *Argv[]) default_config_file=p; - config=CONF_load(config,p,&errline); - if (config == NULL) ERR_clear_error(); + config=NCONF_new(NULL); + i=NCONF_load(config,p,&errline); + if (i == 0) ERR_clear_error(); prog=prog_init(); @@ -339,7 +340,7 @@ int main(int Argc, char *Argv[]) end: if (config != NULL) { - CONF_free(config); + NCONF_free(config); config=NULL; } if (prog != NULL) lh_free(prog); diff --git a/apps/req.c b/apps/req.c index 9269aa85ac..f534e3af20 100644 --- a/apps/req.c +++ b/apps/req.c @@ -119,20 +119,20 @@ static int prompt_info(X509_REQ *req, static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, STACK_OF(CONF_VALUE) *attr, int attribs); static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int min, - int max); + char *def, char *value, int nid, int n_min, + int n_max); static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid,int min,int max); + int nid,int n_min,int n_max); #ifndef OPENSSL_NO_RSA static void MS_CALLBACK req_cb(int p,int n,void *arg); #endif -static int req_check_len(int len,int min,int max); +static int req_check_len(int len,int n_min,int n_max); static int check_end(char *str, char *end); #ifndef MONOLITH static char *default_config_file=NULL; -static LHASH *config=NULL; +static CONF *config=NULL; #endif -static LHASH *req_conf=NULL; +static CONF *req_conf=NULL; static int batch=0; #define TYPE_RSA 1 @@ -152,7 +152,8 @@ int MAIN(int argc, char **argv) X509 *x509ss=NULL; X509_REQ *req=NULL; EVP_PKEY *pkey=NULL; - int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA; + int i,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA; + long newkey = -1; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0,subject=0; @@ -457,7 +458,8 @@ bad: p=config_name; } default_config_file=p; - config=CONF_load(config,p,NULL); + config=NCONF_new(NULL); + i=NCONF_load(config, p); #endif if (template != NULL) @@ -465,8 +467,9 @@ bad: long errline; BIO_printf(bio_err,"Using configuration from %s\n",template); - req_conf=CONF_load(NULL,template,&errline); - if (req_conf == NULL) + req_conf=NCONF_new(NULL); + i=NCONF_load(req_conf,template,&errline); + if (i == 0) { BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); goto end; @@ -477,7 +480,7 @@ bad: req_conf=config; BIO_printf(bio_err,"Using configuration from %s\n", default_config_file); - if (req_conf == NULL) + if (i == 0) { BIO_printf(bio_err,"Unable to load config info\n"); } @@ -485,7 +488,7 @@ bad: if (req_conf != NULL) { - p=CONF_get_string(req_conf,NULL,"oid_file"); + p=NCONF_get_string(req_conf,NULL,"oid_file"); if (p == NULL) ERR_clear_error(); if (p != NULL) @@ -511,7 +514,7 @@ bad: if (md_alg == NULL) { - p=CONF_get_string(req_conf,SECTION,"default_md"); + p=NCONF_get_string(req_conf,SECTION,"default_md"); if (p == NULL) ERR_clear_error(); if (p != NULL) @@ -523,7 +526,7 @@ bad: if (!extensions) { - extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); + extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); if (!extensions) ERR_clear_error(); } @@ -531,8 +534,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, req_conf); - if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) { + X509V3_set_nconf(&ctx, req_conf); + if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extensions); goto end; @@ -541,19 +544,19 @@ bad: if(!passin) { - passin = CONF_get_string(req_conf, SECTION, "input_password"); + passin = NCONF_get_string(req_conf, SECTION, "input_password"); if (!passin) ERR_clear_error(); } if(!passout) { - passout = CONF_get_string(req_conf, SECTION, "output_password"); + passout = NCONF_get_string(req_conf, SECTION, "output_password"); if (!passout) ERR_clear_error(); } - p = CONF_get_string(req_conf, SECTION, STRING_MASK); + p = NCONF_get_string(req_conf, SECTION, STRING_MASK); if (!p) ERR_clear_error(); @@ -564,7 +567,7 @@ bad: if(!req_exts) { - req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); + req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); if (!req_exts) ERR_clear_error(); } @@ -572,8 +575,8 @@ bad: /* Check syntax of file */ X509V3_CTX ctx; X509V3_set_ctx_test(&ctx); - X509V3_set_conf_lhash(&ctx, req_conf); - if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { + X509V3_set_nconf(&ctx, req_conf); + if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { BIO_printf(bio_err, "Error Loading request extension section %s\n", req_exts); @@ -600,7 +603,7 @@ bad: } if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { - char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); + char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); @@ -609,7 +612,7 @@ bad: if (newreq && (pkey == NULL)) { - char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); + char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); @@ -618,8 +621,7 @@ bad: if (newkey <= 0) { - newkey=(int)CONF_get_number(req_conf,SECTION,BITS); - if (newkey <= 0) + if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) newkey=DEFAULT_KEY_LENGTH; } @@ -659,7 +661,7 @@ bad: if (keyout == NULL) { - keyout=CONF_get_string(req_conf,SECTION,KEYFILE); + keyout=NCONF_get_string(req_conf,SECTION,KEYFILE); if (keyout == NULL) ERR_clear_error(); } @@ -685,11 +687,11 @@ bad: } } - p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); + p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); if (p == NULL) { ERR_clear_error(); - p=CONF_get_string(req_conf,SECTION,"encrypt_key"); + p=NCONF_get_string(req_conf,SECTION,"encrypt_key"); if (p == NULL) ERR_clear_error(); } @@ -806,10 +808,10 @@ loop: /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); - X509V3_set_conf_lhash(&ext_ctx, req_conf); + X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(extensions && !X509V3_EXT_add_conf(req_conf, + if(extensions && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions, x509ss)) { BIO_printf(bio_err, @@ -828,10 +830,10 @@ loop: /* Set up V3 context struct */ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); - X509V3_set_conf_lhash(&ext_ctx, req_conf); + X509V3_set_nconf(&ext_ctx, req_conf); /* Add extensions */ - if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, + if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx, req_exts, req)) { BIO_printf(bio_err, @@ -1009,7 +1011,7 @@ end: { ERR_print_errors(bio_err); } - if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); + if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); @@ -1033,26 +1035,26 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs) STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; char *tmp, *dn_sect,*attr_sect; - tmp=CONF_get_string(req_conf,SECTION,PROMPT); + tmp=NCONF_get_string(req_conf,SECTION,PROMPT); if (tmp == NULL) ERR_clear_error(); if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1; - dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); + dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); if (dn_sect == NULL) { BIO_printf(bio_err,"unable to find '%s' in config\n", DISTINGUISHED_NAME); goto err; } - dn_sk=CONF_get_section(req_conf,dn_sect); + dn_sk=NCONF_get_section(req_conf,dn_sect); if (dn_sk == NULL) { BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect); goto err; } - attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES); + attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES); if (attr_sect == NULL) { ERR_clear_error(); @@ -1060,7 +1062,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs) } else { - attr_sk=CONF_get_section(req_conf,attr_sect); + attr_sk=NCONF_get_section(req_conf,attr_sect); if (attr_sk == NULL) { BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect); @@ -1159,7 +1161,8 @@ static int prompt_info(X509_REQ *req, int i; char *p,*q; char buf[100]; - int nid,min,max; + int nid; + long n_min,n_max; char *type,*def,*value; CONF_VALUE *v; X509_NAME *subj; @@ -1204,27 +1207,29 @@ start: for (;;) /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; sprintf(buf,"%s_default",v->name); - if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } sprintf(buf,"%s_value",v->name); - if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL) + if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); value=NULL; } sprintf(buf,"%s_min",v->name); - min=(int)CONF_get_number(req_conf,dn_sect,buf); + if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) + n_min = -1; sprintf(buf,"%s_max",v->name); - max=(int)CONF_get_number(req_conf,dn_sect,buf); + if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) + n_max = -1; if (!add_DN_object(subj,v->value,def,value,nid, - min,max)) + n_min,n_max)) return 0; } if (X509_NAME_entry_count(subj) == 0) @@ -1255,7 +1260,7 @@ start2: for (;;) goto start2; sprintf(buf,"%s_default",type); - if ((def=CONF_get_string(req_conf,attr_sect,buf)) + if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { ERR_clear_error(); @@ -1264,7 +1269,7 @@ start2: for (;;) sprintf(buf,"%s_value",type); - if ((value=CONF_get_string(req_conf,attr_sect,buf)) + if ((value=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) { ERR_clear_error(); @@ -1272,13 +1277,15 @@ start2: for (;;) } sprintf(buf,"%s_min",type); - min=(int)CONF_get_number(req_conf,attr_sect,buf); + if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) + n_min = -1; sprintf(buf,"%s_max",type); - max=(int)CONF_get_number(req_conf,attr_sect,buf); + if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) + n_max = -1; if (!add_attribute_object(req, - v->value,def,value,nid,min,max)) + v->value,def,value,nid,n_min,n_max)) return 0; } } @@ -1346,7 +1353,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, - int nid, int min, int max) + int nid, int n_min, int n_max) { int i,ret=0; MS_STATIC char buf[1024]; @@ -1393,7 +1400,7 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, min, max)) goto start; + if(!req_check_len(i, n_min, n_max)) goto start; if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC, (unsigned char *) buf, -1,-1,0)) goto err; ret=1; @@ -1402,8 +1409,8 @@ err: } static int add_attribute_object(X509_REQ *req, char *text, - char *def, char *value, int nid, int min, - int max) + char *def, char *value, int nid, int n_min, + int n_max) { int i; static char buf[1024]; @@ -1451,7 +1458,7 @@ start: #ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, i); #endif - if(!req_check_len(i, min, max)) goto start; + if(!req_check_len(i, n_min, n_max)) goto start; if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC, (unsigned char *)buf, -1)) { @@ -1482,16 +1489,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg) } #endif -static int req_check_len(int len, int min, int max) +static int req_check_len(int len, int n_min, int n_max) { - if (len < min) + if ((n_min > 0) && (len < n_min)) { - BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); + BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min); return(0); } - if ((max != 0) && (len > max)) + if ((n_max >= 0) && (len > n_max)) { - BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max); + BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max); return(0); } return(1); diff --git a/apps/spkac.c b/apps/spkac.c index 918efc0e5a..d43dc9f3b9 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -90,7 +90,7 @@ int MAIN(int argc, char **argv) char *passargin = NULL, *passin = NULL; char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; - LHASH *conf = NULL; + CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; char *engine=NULL; @@ -228,15 +228,16 @@ bad: goto end; } - conf = CONF_load_bio(NULL, in, NULL); + conf = NCONF_new(NULL); + i = NCONF_load_bio(conf, in, NULL); - if(!conf) { + if(!i) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); goto end; } - spkstr = CONF_get_string(conf, spksect, spkac); + spkstr = NCONF_get_string(conf, spksect, spkac); if(!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); @@ -285,7 +286,7 @@ bad: ret = 0; end: - CONF_free(conf); + NCONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free_all(out); diff --git a/apps/x509.c b/apps/x509.c index 8a392d813a..f18aaf5d9f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -139,10 +139,10 @@ NULL static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest, - LHASH *conf, char *section); + CONF *conf, char *section); static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, - int create,int days, int clrext, LHASH *conf, char *section, + int create,int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno); static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int reqfile=0; @@ -179,7 +179,7 @@ int MAIN(int argc, char **argv) int fingerprint=0; char buf[256]; const EVP_MD *md_alg,*digest=EVP_md5(); - LHASH *extconf = NULL; + CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; int checkend=0,checkoffset=0; @@ -479,7 +479,8 @@ bad: { long errorline; X509V3_CTX ctx2; - if (!(extconf=CONF_load(NULL,extfile,&errorline))) + extconf = NCONF_new(NULL); + if (!NCONF_load(extconf, extfile,&errorline)) { if (errorline <= 0) BIO_printf(bio_err, @@ -493,7 +494,7 @@ bad: } if (!extsect) { - extsect = CONF_get_string(extconf, "default", "extensions"); + extsect = NCONF_get_string(extconf, "default", "extensions"); if (!extsect) { ERR_clear_error(); @@ -501,8 +502,8 @@ bad: } } X509V3_set_ctx_test(&ctx2); - X509V3_set_conf_lhash(&ctx2, extconf); - if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) + X509V3_set_nconf(&ctx2, extconf); + if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", @@ -995,7 +996,7 @@ end: if (need_rand) app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); - CONF_free(extconf); + NCONF_free(extconf); BIO_free_all(out); BIO_free_all(STDout); X509_STORE_free(ctx); @@ -1116,7 +1117,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create) static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create, - int days, int clrext, LHASH *conf, char *section, ASN1_INTEGER *sno) + int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno) { int ret=0; ASN1_INTEGER *bs=NULL; @@ -1166,8 +1167,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509V3_CTX ctx2; X509_set_version(x,2); /* version 3 certificate */ X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0); - X509V3_set_conf_lhash(&ctx2, conf); - if (!X509V3_EXT_add_conf(conf, &ctx2, section, x)) goto end; + X509V3_set_nconf(&ctx2, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end; } if (!X509_sign(x,pkey,digest)) goto end; @@ -1213,7 +1214,7 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx) /* self sign */ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, - LHASH *conf, char *section) + CONF *conf, char *section) { EVP_PKEY *pktmp; @@ -1243,8 +1244,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *dig X509V3_CTX ctx; X509_set_version(x,2); /* version 3 certificate */ X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0); - X509V3_set_conf_lhash(&ctx, conf); - if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err; + X509V3_set_nconf(&ctx, conf); + if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err; } if (!X509_sign(x,pkey,digest)) goto err; return 1; -- cgit v1.2.3