1 files changed, 164 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 2ef94decd1..baef8790eb 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -66,7 +66,7 @@
 #include <openssl/buffer.h>
 #include <openssl/pem.h>
-X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md)
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        X509_REQ *ret;
        X509_REQ_INFO *ri;
@@ -113,3 +113,166 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
        return(X509_PUBKEY_get(req->req_info->pubkey));
        }
+/* It seems several organisations had the same idea of including a list of
+ * extensions in a certificate request. There are at least two OIDs that are
+ * used and there may be more: so the list is configurable.
+ */
+static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
+static int *ext_nids = ext_nid_list;
+int X509_REQ_extension_nid(int req_nid)
+{
+        int i, nid;
+        for(i = 0; ; i++) {
+                nid = ext_nids[i];
+                if(nid == NID_undef) return 0;
+                else if (req_nid == nid) return 1;
+        }
+}
+int *X509_REQ_get_extension_nids(void)
+{
+        return ext_nids;
+}
+        
+void X509_REQ_set_extension_nids(int *nids)
+{
+        ext_nids = nids;
+}
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+{
+        X509_ATTRIBUTE *attr;
+        STACK_OF(X509_ATTRIBUTE) *sk;
+        ASN1_TYPE *ext = NULL;
+        int i;
+        unsigned char *p;
+        if ((req == NULL) || (req->req_info == NULL))
+                return(NULL);
+        sk=req->req_info->attributes;
+        if (!sk) return NULL;
+        for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+                attr = sk_X509_ATTRIBUTE_value(sk, i);
+                if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
+                        if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
+                                ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+                        else ext = attr->value.single;
+                        break;
+                }
+        }
+        if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
+        p = ext->value.sequence->data;
+        return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
+                        ext->value.sequence->length,
+                        d2i_X509_EXTENSION, X509_EXTENSION_free,
+                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid)
+{
+        unsigned char *p = NULL, *q;
+        long len;
+        ASN1_TYPE *at = NULL;
+        X509_ATTRIBUTE *attr = NULL;
+        if(!(at = ASN1_TYPE_new()) ||
+                !(at->value.sequence = ASN1_STRING_new())) goto err;
+        at->type = V_ASN1_SEQUENCE;
+        /* Generate encoding of extensions */
+        len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+        if(!(p = Malloc(len))) goto err;
+        q = p;
+        i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
+                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+        at->value.sequence->data = p;
+        p = NULL;
+        at->value.sequence->length = len;
+        if(!(attr = X509_ATTRIBUTE_new())) goto err;
+        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+        if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
+        at = NULL;
+        attr->set = 1;
+        attr->object = OBJ_nid2obj(nid);
+        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
+        return 1;
+        err:
+        if(p) Free(p);
+        X509_ATTRIBUTE_free(attr);
+        ASN1_TYPE_free(at);
+        return 0;
+}
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+        return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
+/* Request attribute functions */
+int X509_REQ_get_attr_count(const X509_REQ *req)
+{
+        return X509at_get_attr_count(req->req_info->attributes);
+}
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
+                          int lastpos)
+{
+        return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
+}
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+                          int lastpos)
+{
+        return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
+}
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+{
+        return X509at_get_attr(req->req_info->attributes, loc);
+}
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+{
+        return X509at_delete_attr(req->req_info->attributes, loc);
+}
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+{
+        if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
+        return 0;
+}
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                        ASN1_OBJECT *obj, int type,
+                        unsigned char *bytes, int len)
+{
+        if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
+                                type, bytes, len)) return 1;
+        return 0;
+}
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                        int nid, int type,
+                        unsigned char *bytes, int len)
+{
+        if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
+                                type, bytes, len)) return 1;
+        return 0;
+}
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                        char *attrname, int type,
+                        unsigned char *bytes, int len)
+{
+        if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
+                                type, bytes, len)) return 1;
+        return 0;
+}

diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 2ef94decd1..baef8790eb 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c
@@ -66,7 +66,7 @@
66	#include <openssl/buffer.h>	66	#include <openssl/buffer.h>
67	#include <openssl/pem.h>	67	#include <openssl/pem.h>
68		68
69	X509_REQ X509_to_X509_REQ(X509 x, EVP_PKEY pkey, EVP_MD md)	69	X509_REQ X509_to_X509_REQ(X509 x, EVP_PKEY pkey, const EVP_MD md)
70	{	70	{
71	X509_REQ *ret;	71	X509_REQ *ret;
72	X509_REQ_INFO *ri;	72	X509_REQ_INFO *ri;
@@ -113,3 +113,166 @@ EVP_PKEY X509_REQ_get_pubkey(X509_REQ req)
113	return(X509_PUBKEY_get(req->req_info->pubkey));	113	return(X509_PUBKEY_get(req->req_info->pubkey));
114	}	114	}
115		115
		116	/* It seems several organisations had the same idea of including a list of
		117	* extensions in a certificate request. There are at least two OIDs that are
		118	* used and there may be more: so the list is configurable.
		119	*/
		120
		121	static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
		122
		123	static int *ext_nids = ext_nid_list;
		124
		125	int X509_REQ_extension_nid(int req_nid)
		126	{
		127	int i, nid;
		128	for(i = 0; ; i++) {
		129	nid = ext_nids[i];
		130	if(nid == NID_undef) return 0;
		131	else if (req_nid == nid) return 1;
		132	}
		133	}
		134
		135	int *X509_REQ_get_extension_nids(void)
		136	{
		137	return ext_nids;
		138	}
		139
		140	void X509_REQ_set_extension_nids(int *nids)
		141	{
		142	ext_nids = nids;
		143	}
		144
		145	STACK_OF(X509_EXTENSION) X509_REQ_get_extensions(X509_REQ req)
		146	{
		147	X509_ATTRIBUTE *attr;
		148	STACK_OF(X509_ATTRIBUTE) *sk;
		149	ASN1_TYPE *ext = NULL;
		150	int i;
		151	unsigned char *p;
		152	if ((req == NULL) \|\| (req->req_info == NULL))
		153	return(NULL);
		154	sk=req->req_info->attributes;
		155	if (!sk) return NULL;
		156	for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
		157	attr = sk_X509_ATTRIBUTE_value(sk, i);
		158	if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
		159	if(attr->set && sk_ASN1_TYPE_num(attr->value.set))
		160	ext = sk_ASN1_TYPE_value(attr->value.set, 0);
		161	else ext = attr->value.single;
		162	break;
		163	}
		164	}
		165	if(!ext \|\| (ext->type != V_ASN1_SEQUENCE)) return NULL;
		166	p = ext->value.sequence->data;
		167	return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
		168	ext->value.sequence->length,
		169	d2i_X509_EXTENSION, X509_EXTENSION_free,
		170	V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
		171	}
		172
		173	/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
		174	* in case we want to create a non standard one.
		175	*/
		176
		177	int X509_REQ_add_extensions_nid(X509_REQ req, STACK_OF(X509_EXTENSION) exts,
		178	int nid)
		179	{
		180	unsigned char p = NULL, q;
		181	long len;
		182	ASN1_TYPE *at = NULL;
		183	X509_ATTRIBUTE *attr = NULL;
		184	if(!(at = ASN1_TYPE_new()) \|\|
		185	!(at->value.sequence = ASN1_STRING_new())) goto err;
		186
		187	at->type = V_ASN1_SEQUENCE;
		188	/* Generate encoding of extensions */
		189	len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
		190	V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
		191	if(!(p = Malloc(len))) goto err;
		192	q = p;
		193	i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
		194	V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
		195	at->value.sequence->data = p;
		196	p = NULL;
		197	at->value.sequence->length = len;
		198	if(!(attr = X509_ATTRIBUTE_new())) goto err;
		199	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
		200	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
		201	at = NULL;
		202	attr->set = 1;
		203	attr->object = OBJ_nid2obj(nid);
		204	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
		205	return 1;
		206	err:
		207	if(p) Free(p);
		208	X509_ATTRIBUTE_free(attr);
		209	ASN1_TYPE_free(at);
		210	return 0;
		211	}
		212	/* This is the normal usage: use the "official" OID */
		213	int X509_REQ_add_extensions(X509_REQ req, STACK_OF(X509_EXTENSION) exts)
		214	{
		215	return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
		216	}
		217
		218	/* Request attribute functions */
		219
		220	int X509_REQ_get_attr_count(const X509_REQ *req)
		221	{
		222	return X509at_get_attr_count(req->req_info->attributes);
		223	}
		224
		225	int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
		226	int lastpos)
		227	{
		228	return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
		229	}
		230
		231	int X509_REQ_get_attr_by_OBJ(const X509_REQ req, ASN1_OBJECT obj,
		232	int lastpos)
		233	{
		234	return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
		235	}
		236
		237	X509_ATTRIBUTE X509_REQ_get_attr(const X509_REQ req, int loc)
		238	{
		239	return X509at_get_attr(req->req_info->attributes, loc);
		240	}
		241
		242	X509_ATTRIBUTE X509_REQ_delete_attr(X509_REQ req, int loc)
		243	{
		244	return X509at_delete_attr(req->req_info->attributes, loc);
		245	}
		246
		247	int X509_REQ_add1_attr(X509_REQ req, X509_ATTRIBUTE attr)
		248	{
		249	if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
		250	return 0;
		251	}
		252
		253	int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
		254	ASN1_OBJECT *obj, int type,
		255	unsigned char *bytes, int len)
		256	{
		257	if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
		258	type, bytes, len)) return 1;
		259	return 0;
		260	}
		261
		262	int X509_REQ_add1_attr_by_NID(X509_REQ *req,
		263	int nid, int type,
		264	unsigned char *bytes, int len)
		265	{
		266	if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
		267	type, bytes, len)) return 1;
		268	return 0;
		269	}
		270
		271	int X509_REQ_add1_attr_by_txt(X509_REQ *req,
		272	char *attrname, int type,
		273	unsigned char *bytes, int len)
		274	{
		275	if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
		276	type, bytes, len)) return 1;
		277	return 0;
		278	}