Redo the way 'req' and 'ca' add objects: add support for oid_section.

CHANGES

@@ -5,6 +5,11 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
   *) Add cool BIO that does syslog (or event log on NT).
      [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
 

apps/ca.c

@@ -155,6 +155,7 @@ extern int EF_ALIGNMENT;
 #endif
 
 #ifndef NOPROTO
+static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
 static int MS_CALLBACK key_callback(char *buf,int len,int verify);
 static unsigned long index_serial_hash(char **a);
@@ -181,6 +182,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
 	LHASH *conf);
 static int check_time_format(char *str);
 #else
+static int add_oid_section();
 static void lookup_fail();
 static int MS_CALLBACK key_callback();
 static unsigned long index_serial_hash();
@@ -453,6 +455,10 @@ bad:
 				}
 			}
 		}
+		if(!add_oid_section(conf)) {
+			ERR_print_errors(bio_err);
+			goto err;
+		}
 
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
@@ -1044,22 +1050,23 @@ bad:
 	/*****************************************************************/
 	ret=0;
 err:
-	if (hex != NULL) BIO_free(hex);
+	BIO_free(hex);
-	if (Cout != NULL) BIO_free(Cout);
+	BIO_free(Cout);
-	if (Sout != NULL) BIO_free(Sout);
+	BIO_free(Sout);
-	if (out != NULL) BIO_free(out);
+	BIO_free(out);
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 
-	if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free);
+	sk_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
-	if (serial != NULL) BN_free(serial);
+	BN_free(serial);
-	if (db != NULL) TXT_DB_free(db);
+	TXT_DB_free(db);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
+	EVP_PKEY_free(pkey);
-	if (x509 != NULL) X509_free(x509);
+	X509_free(x509);
-	if (crl != NULL) X509_CRL_free(crl);
+	X509_CRL_free(crl);
-	if (conf != NULL) CONF_free(conf);
+	CONF_free(conf);
 	X509V3_EXT_cleanup();
+	OBJ_cleanup();
 	EXIT(ret);
 	}
 
@@ -2009,3 +2016,25 @@ char *str;
 	return(ASN1_UTCTIME_check(&tm));
 	}
 
+static int add_oid_section(conf)
+LHASH *conf;
+{	
+	char *p;
+	STACK *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(conf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_num(sktmp); i++) {
+		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}

apps/openssl.cnf

@@ -5,6 +5,15 @@
 
 RANDFILE		= $ENV::HOME/.rnd
 oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
 
 ####################################################################
 [ ca ]
@@ -92,7 +101,7 @@ commonName_max			= 64
 emailAddress			= Email Address
 emailAddress_max		= 40
 
-SET-ex3				= SET extension number 3
+# SET-ex3			= SET extension number 3
 
 [ req_attributes ]
 challengePassword		= A challenge password

apps/req.c

@@ -115,12 +115,16 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 	int nid,int min,int max);
 static void MS_CALLBACK req_cb(int p,int n,char *arg);
 static int req_fix_data(int nid,int *type,int len,int min,int max);
+static int check_end(char *str, char *end);
+static int add_oid_section(LHASH *conf);
 #else
 static int make_REQ();
 static int add_attribute_object();
 static int add_DN_object();
 static void MS_CALLBACK req_cb();
 static int req_fix_data();
+static int check_end();
+static int add_oid_section();
 #endif
 
 #ifndef MONOLITH
@@ -423,6 +427,7 @@ bad:
 				}
 			}
 		}
+		if(!add_oid_section(req_conf)) goto end;
 
 	if ((md_alg == NULL) &&
 		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
@@ -800,11 +805,13 @@ end:
 		ERR_print_errors(bio_err);
 		}
 	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	BIO_free(out);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
+	EVP_PKEY_free(pkey);
-	if (req != NULL) X509_REQ_free(req);
+	X509_REQ_free(req);
-	if (x509ss != NULL) X509_free(x509ss);
+	X509_free(x509ss);
+	X509V3_EXT_cleanup();
+	OBJ_cleanup();
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
@@ -816,7 +823,7 @@ X509_REQ *req;
 EVP_PKEY *pkey;
 int attribs;
 	{
-	int ret=0,i,j;
+	int ret=0,i;
 	unsigned char *p,*q;
 	X509_REQ_INFO *ri;
 	char buf[100];
@@ -876,42 +883,18 @@ start:		for (;;)
 			v=(CONF_VALUE *)sk_value(sk,i);
 			p=q=NULL;
 			type=v->name;
-			/* Allow for raw OIDs */
+			if(!check_end(type,"_min") || !check_end(type,"_max") ||
-			/* [n.mm.ooo.ppp] */
+				!check_end(type,"_default") ||
-			for (j=0; type[j] != '\0'; j++)
+					 !check_end(type,"_value")) continue;
-				{
+			/* Skip past any leading X. X: X, etc to allow for
-				if (	(type[j] == ':') ||
+			 * multiple instances 
-					(type[j] == ',') ||
+			 */
-					(type[j] == '.'))
+			for(p = v->name; *p ; p++) 
-					p=(unsigned char *)&(type[j+1]);
+				if ((*p != ':') || (*p != ',') ||
-				if (type[j] == '[')
+							 (*p != '.')) break;
-					{
+			if (*p) type=(char *)p;
-					p=(unsigned char *)&(type[j+1]);
+			/* If OBJ not recognised ignore it */
-					for (j++; type[j] != '\0'; j++)
+			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
-						if (type[j] == ']')
-							{
-							q=(unsigned char *)&(type[j]);
-							break;
-							}
-					break;
-					}
-				}
-			if (p != NULL)
-				type=(char *)p;
-			if ((nid=OBJ_txt2nid(type)) == NID_undef)
-				{
-				/* Add a new one if possible */
-				if ((p != NULL) && (q != NULL) && (*q == ']'))
-					{
-					*q='\0';
-					nid=OBJ_create((char *)p,NULL,NULL);
-					*q=']';
-					if (nid == NID_undef) goto start;
-					}
-				else
-					goto start;
-				}
-
 			sprintf(buf,"%s_default",v->name);
 			if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
 				def="";
@@ -1194,3 +1177,41 @@ int len,min,max;
 		}
 	return(1);
 	}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(str, end)
+char *str;
+char *end;
+{
+	int elen, slen;	
+	char *tmp;
+	elen = strlen(end);
+	slen = strlen(str);
+	if(elen > slen) return 1;
+	tmp = str + slen - elen;
+fprintf(stderr, "Matching %s, %s %s\n", str, end, tmp);
+	return strcmp(tmp, end);
+}
+
+static int add_oid_section(conf)
+LHASH *conf;
+{	
+	char *p;
+	STACK *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
+	if(!(sktmp = CONF_get_section(conf, p))) {
+		BIO_printf(bio_err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_num(sktmp); i++) {
+		cnf = (CONF_VALUE *)sk_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(bio_err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}