diff options
| author | beck <> | 2000-03-19 11:13:58 +0000 |
|---|---|---|
| committer | beck <> | 2000-03-19 11:13:58 +0000 |
| commit | 796d609550df3a33fc11468741c5d2f6d3df4c11 (patch) | |
| tree | 6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/x509/x509_req.c | |
| parent | 5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff) | |
| download | openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2 openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip | |
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/x509/x509_req.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_req.c | 165 |
1 files changed, 164 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 2ef94decd1..baef8790eb 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c | |||
| @@ -66,7 +66,7 @@ | |||
| 66 | #include <openssl/buffer.h> | 66 | #include <openssl/buffer.h> |
| 67 | #include <openssl/pem.h> | 67 | #include <openssl/pem.h> |
| 68 | 68 | ||
| 69 | X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md) | 69 | X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) |
| 70 | { | 70 | { |
| 71 | X509_REQ *ret; | 71 | X509_REQ *ret; |
| 72 | X509_REQ_INFO *ri; | 72 | X509_REQ_INFO *ri; |
| @@ -113,3 +113,166 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) | |||
| 113 | return(X509_PUBKEY_get(req->req_info->pubkey)); | 113 | return(X509_PUBKEY_get(req->req_info->pubkey)); |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | /* It seems several organisations had the same idea of including a list of | ||
| 117 | * extensions in a certificate request. There are at least two OIDs that are | ||
| 118 | * used and there may be more: so the list is configurable. | ||
| 119 | */ | ||
| 120 | |||
| 121 | static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef}; | ||
| 122 | |||
| 123 | static int *ext_nids = ext_nid_list; | ||
| 124 | |||
| 125 | int X509_REQ_extension_nid(int req_nid) | ||
| 126 | { | ||
| 127 | int i, nid; | ||
| 128 | for(i = 0; ; i++) { | ||
| 129 | nid = ext_nids[i]; | ||
| 130 | if(nid == NID_undef) return 0; | ||
| 131 | else if (req_nid == nid) return 1; | ||
| 132 | } | ||
| 133 | } | ||
| 134 | |||
| 135 | int *X509_REQ_get_extension_nids(void) | ||
| 136 | { | ||
| 137 | return ext_nids; | ||
| 138 | } | ||
| 139 | |||
| 140 | void X509_REQ_set_extension_nids(int *nids) | ||
| 141 | { | ||
| 142 | ext_nids = nids; | ||
| 143 | } | ||
| 144 | |||
| 145 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) | ||
| 146 | { | ||
| 147 | X509_ATTRIBUTE *attr; | ||
| 148 | STACK_OF(X509_ATTRIBUTE) *sk; | ||
| 149 | ASN1_TYPE *ext = NULL; | ||
| 150 | int i; | ||
| 151 | unsigned char *p; | ||
| 152 | if ((req == NULL) || (req->req_info == NULL)) | ||
| 153 | return(NULL); | ||
| 154 | sk=req->req_info->attributes; | ||
| 155 | if (!sk) return NULL; | ||
| 156 | for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { | ||
| 157 | attr = sk_X509_ATTRIBUTE_value(sk, i); | ||
| 158 | if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) { | ||
| 159 | if(attr->set && sk_ASN1_TYPE_num(attr->value.set)) | ||
| 160 | ext = sk_ASN1_TYPE_value(attr->value.set, 0); | ||
| 161 | else ext = attr->value.single; | ||
| 162 | break; | ||
| 163 | } | ||
| 164 | } | ||
| 165 | if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; | ||
| 166 | p = ext->value.sequence->data; | ||
| 167 | return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, | ||
| 168 | ext->value.sequence->length, | ||
| 169 | d2i_X509_EXTENSION, X509_EXTENSION_free, | ||
| 170 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 171 | } | ||
| 172 | |||
| 173 | /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs | ||
| 174 | * in case we want to create a non standard one. | ||
| 175 | */ | ||
| 176 | |||
| 177 | int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, | ||
| 178 | int nid) | ||
| 179 | { | ||
| 180 | unsigned char *p = NULL, *q; | ||
| 181 | long len; | ||
| 182 | ASN1_TYPE *at = NULL; | ||
| 183 | X509_ATTRIBUTE *attr = NULL; | ||
| 184 | if(!(at = ASN1_TYPE_new()) || | ||
| 185 | !(at->value.sequence = ASN1_STRING_new())) goto err; | ||
| 186 | |||
| 187 | at->type = V_ASN1_SEQUENCE; | ||
| 188 | /* Generate encoding of extensions */ | ||
| 189 | len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, | ||
| 190 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 191 | if(!(p = Malloc(len))) goto err; | ||
| 192 | q = p; | ||
| 193 | i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, | ||
| 194 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 195 | at->value.sequence->data = p; | ||
| 196 | p = NULL; | ||
| 197 | at->value.sequence->length = len; | ||
| 198 | if(!(attr = X509_ATTRIBUTE_new())) goto err; | ||
| 199 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; | ||
| 200 | if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; | ||
| 201 | at = NULL; | ||
| 202 | attr->set = 1; | ||
| 203 | attr->object = OBJ_nid2obj(nid); | ||
| 204 | if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; | ||
| 205 | return 1; | ||
| 206 | err: | ||
| 207 | if(p) Free(p); | ||
| 208 | X509_ATTRIBUTE_free(attr); | ||
| 209 | ASN1_TYPE_free(at); | ||
| 210 | return 0; | ||
| 211 | } | ||
| 212 | /* This is the normal usage: use the "official" OID */ | ||
| 213 | int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) | ||
| 214 | { | ||
| 215 | return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); | ||
| 216 | } | ||
| 217 | |||
| 218 | /* Request attribute functions */ | ||
| 219 | |||
| 220 | int X509_REQ_get_attr_count(const X509_REQ *req) | ||
| 221 | { | ||
| 222 | return X509at_get_attr_count(req->req_info->attributes); | ||
| 223 | } | ||
| 224 | |||
| 225 | int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, | ||
| 226 | int lastpos) | ||
| 227 | { | ||
| 228 | return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); | ||
| 229 | } | ||
| 230 | |||
| 231 | int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, | ||
| 232 | int lastpos) | ||
| 233 | { | ||
| 234 | return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); | ||
| 235 | } | ||
| 236 | |||
| 237 | X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) | ||
| 238 | { | ||
| 239 | return X509at_get_attr(req->req_info->attributes, loc); | ||
| 240 | } | ||
| 241 | |||
| 242 | X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) | ||
| 243 | { | ||
| 244 | return X509at_delete_attr(req->req_info->attributes, loc); | ||
| 245 | } | ||
| 246 | |||
| 247 | int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) | ||
| 248 | { | ||
| 249 | if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; | ||
| 250 | return 0; | ||
| 251 | } | ||
| 252 | |||
| 253 | int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, | ||
| 254 | ASN1_OBJECT *obj, int type, | ||
| 255 | unsigned char *bytes, int len) | ||
| 256 | { | ||
| 257 | if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, | ||
| 258 | type, bytes, len)) return 1; | ||
| 259 | return 0; | ||
| 260 | } | ||
| 261 | |||
| 262 | int X509_REQ_add1_attr_by_NID(X509_REQ *req, | ||
| 263 | int nid, int type, | ||
| 264 | unsigned char *bytes, int len) | ||
| 265 | { | ||
| 266 | if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, | ||
| 267 | type, bytes, len)) return 1; | ||
| 268 | return 0; | ||
| 269 | } | ||
| 270 | |||
| 271 | int X509_REQ_add1_attr_by_txt(X509_REQ *req, | ||
| 272 | char *attrname, int type, | ||
| 273 | unsigned char *bytes, int len) | ||
| 274 | { | ||
| 275 | if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, | ||
| 276 | type, bytes, len)) return 1; | ||
| 277 | return 0; | ||
| 278 | } | ||