Kill evil casts, fix PKCS#7 and add new X509V3 Function.

CHANGES

@@ -5,6 +5,12 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+     from the internal representation. Various PKCS#7 fixes: remove some
+     evil casts and set the enc_dig_alg field properly based on the signing
+     key type.
+     [Steve Henson]
+
   *) Allow PKCS#12 password to be set from the command line or the
      environment. Let 'ca' get its config file name from the environment
      variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'

crypto/asn1/a_type.c

@@ -293,7 +293,7 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 		return(0);
 	}
 
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value)
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
 		ASN1_TYPE_component_free(a);

crypto/asn1/asn1.h

@@ -488,7 +488,7 @@ void		ASN1_TYPE_free(ASN1_TYPE *a);
 int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
 ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
 int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 
 ASN1_OBJECT *	ASN1_OBJECT_new(void );
 void		ASN1_OBJECT_free(ASN1_OBJECT *a);

crypto/asn1/evp_asn1.c

@@ -67,7 +67,7 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 
 	if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0);
 	if (!ASN1_OCTET_STRING_set(os,data,len)) return(0);
-	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os);
+	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
 	return(1);
 	}
 
@@ -124,7 +124,7 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
 	  i2d_ASN1_INTEGER(&in,&p);
 	M_i2d_ASN1_OCTET_STRING(&os,&p);
 
-	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp);
+	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
 	return(1);
 	}
 

crypto/asn1/x_attrib.c

@@ -117,7 +117,7 @@ X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, unsigned char **pp,
 	M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
 	}
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 	{
 	X509_ATTRIBUTE *ret=NULL;
 	ASN1_TYPE *val=NULL;

crypto/pkcs7/pk7_doit.c

@@ -62,7 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static int add_attribute(STACK **sk, int nid, int atrtype, char *value);
+static int add_attribute(STACK **sk, int nid, int atrtype, void *value);
 static ASN1_TYPE *get_attribute(STACK *sk, int nid);
 
 #if 1
@@ -567,7 +567,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				sign_time=X509_gmtime_adj(NULL,0);
 				PKCS7_add_signed_attribute(si,
 					NID_pkcs9_signingTime,
-					V_ASN1_UTCTIME,(char *)sign_time);
+					V_ASN1_UTCTIME,sign_time);
 
 				/* Add digest */
 				md_tmp=EVP_MD_CTX_type(&ctx_tmp);
@@ -575,7 +575,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				digest=ASN1_OCTET_STRING_new();
 				ASN1_OCTET_STRING_set(digest,md_data,md_len);
 				PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest,
-					V_ASN1_OCTET_STRING,(char *)digest);
+					V_ASN1_OCTET_STRING,digest);
 
 				/* Now sign the mess */
 				EVP_SignInit(&ctx_tmp,md_tmp);
@@ -874,18 +874,18 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk)
 	}
 
 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     char *value)
+	     void *value)
 	{
 	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
 	}
 
 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     char *value)
+	     void *value)
 	{
 	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
 	}
 
-static int add_attribute(STACK **sk, int nid, int atrtype, char *value)
+static int add_attribute(STACK **sk, int nid, int atrtype, void *value)
 	{
 	X509_ATTRIBUTE *attr=NULL;
 

crypto/pkcs7/pk7_lib.c

@@ -309,15 +309,14 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
 		p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
 	else	
 		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
 
-#if 1
+	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
+
 	if (p7i->digest_enc_alg->parameter != NULL)
 		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
 	if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
 		goto err;
 	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-#endif
 
 	return(1);
 err:

crypto/pkcs7/pkcs7.h

@@ -340,9 +340,9 @@ int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk);
 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
-	char *data);
+	void *data);
 int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	char *value);
+	void *value);
 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk);

crypto/x509/x509.h

@@ -655,7 +655,7 @@ void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
 int		i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
 X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
 			long length);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
 
 
 X509_EXTENSION *X509_EXTENSION_new(void );

crypto/x509v3/v3_bitst.c

@@ -103,7 +103,7 @@ static STACK *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 	     ASN1_BIT_STRING *bits, STACK *ret)
 {
 	BIT_STRING_BITNAME *bnam;
-	for(bnam =(BIT_STRING_BITNAME *)method->usr_data; bnam->lname; bnam++) {
+	for(bnam =method->usr_data; bnam->lname; bnam++) {
 		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
 			X509V3_add_value(bnam->lname, NULL, &ret);
 	}
@@ -123,7 +123,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
 	}
 	for(i = 0; i < sk_num(nval); i++) {
 		val = (CONF_VALUE *)sk_value(nval, i);
-		for(bnam = (BIT_STRING_BITNAME *)method->usr_data; bnam->lname;
+		for(bnam = method->usr_data; bnam->lname;
 								       bnam++) {
 			if(!strcmp(bnam->sname, val->name) ||
 				!strcmp(bnam->lname, val->name) ) {

crypto/x509v3/v3_conf.c

@@ -72,6 +72,8 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, in
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK *conf_lhash_get_section(void *db, char *section);
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc);
 /* LHASH *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
@@ -111,13 +113,10 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 	     int crit, char *value)
 {
-	X509_EXTENSION *ext = NULL;
 	X509V3_EXT_METHOD *method;
+	X509_EXTENSION *ext;
 	STACK *nval;
-	char *ext_struc;
+	void *ext_struc;
-	unsigned char *ext_der, *p;
-	int ext_len;
-	ASN1_OCTET_STRING *ext_oct;
 	if(ext_nid == NID_undef) {
 		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
 		return NULL;
@@ -152,21 +151,50 @@ static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
 		return NULL;
 	}
 
-	/* We've now got the internal representation: convert to DER */
+	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
+	method->ext_free(ext_struc);
+	return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc)
+{
+	unsigned char *ext_der, *p;
+	int ext_len;
+	ASN1_OCTET_STRING *ext_oct;
+	X509_EXTENSION *ext;
+	/* Convert internal representation to DER */
 	ext_len = method->i2d(ext_struc, NULL);
-	ext_der = Malloc(ext_len);
+	if(!(ext_der = Malloc(ext_len))) goto merr;
 	p = ext_der;
 	method->i2d(ext_struc, &p);
-	method->ext_free(ext_struc);
+	if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr;
-	ext_oct = ASN1_OCTET_STRING_new();
 	ext_oct->data = ext_der;
 	ext_oct->length = ext_len;
 	
 	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+	if(!ext) goto merr;
 	ASN1_OCTET_STRING_free(ext_oct);
 
 	return ext;
 
+	merr:
+	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
+	return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+	X509V3_EXT_METHOD *method;
+	if(!(method = X509V3_EXT_get_nid(ext_nid))) {
+		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
+		return NULL;
+	}
+	return do_ext_i2d(method, ext_nid, crit, ext_struc);
 }
 
 /* Check the extension string for critical flag */

crypto/x509v3/v3_enum.c

@@ -95,7 +95,7 @@ char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
 	ENUMERATED_NAMES *enam;
 	long strval;
 	strval = ASN1_ENUMERATED_get(e);
-	for(enam =(ENUMERATED_NAMES *)method->usr_data; enam->lname; enam++) {
+	for(enam = method->usr_data; enam->lname; enam++) {
 		if(strval == enam->bitnum) return BUF_strdup(enam->lname);
 	}
 	return i2s_ASN1_ENUMERATED(method, e);

crypto/x509v3/v3err.c

@@ -68,6 +68,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_COPY_EMAIL,0),	"COPY_EMAIL"},
 {ERR_PACK(0,X509V3_F_COPY_ISSUER,0),	"COPY_ISSUER"},
 {ERR_PACK(0,X509V3_F_DO_EXT_CONF,0),	"DO_EXT_CONF"},
+{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0),	"DO_EXT_I2D"},
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),	"i2s_ASN1_ENUMERATED"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),	"i2s_ASN1_INTEGER"},
@@ -98,6 +99,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0),	"X509V3_EXT_add"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),	"X509V3_EXT_add_alias"},
 {ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),	"X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0),	"X509V3_EXT_i2d"},
 {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),	"X509V3_get_value_bool"},
 {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),	"X509V3_parse_list"},
 {0,NULL}

crypto/x509v3/x509v3.h

@@ -104,7 +104,7 @@ X509V3_EXT_V2I v2i;
 X509V3_EXT_I2R i2r;
 X509V3_EXT_R2I r2i;
 
-char *usr_data;	/* Any extension specific data */
+void *usr_data;	/* Any extension specific data */
 };
 
 typedef struct X509V3_CONF_METHOD_st {
@@ -411,6 +411,7 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
 int X509V3_add_standard_extensions(void);
 STACK *X509V3_parse_list(char *line);
 void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
 
 char *hex_to_string(unsigned char *buffer, long len);
 unsigned char *string_to_hex(char *str, long *len);
@@ -430,6 +431,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 #define X509V3_F_COPY_EMAIL				 122
 #define X509V3_F_COPY_ISSUER				 123
 #define X509V3_F_DO_EXT_CONF				 124
+#define X509V3_F_DO_EXT_I2D				 135
 #define X509V3_F_HEX_TO_STRING				 111
 #define X509V3_F_I2S_ASN1_ENUMERATED			 121
 #define X509V3_F_I2S_ASN1_INTEGER			 120
@@ -460,6 +462,7 @@ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
 #define X509V3_F_X509V3_EXT_ADD				 104
 #define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
 #define X509V3_F_X509V3_EXT_CONF			 107
+#define X509V3_F_X509V3_EXT_I2D				 136
 #define X509V3_F_X509V3_GET_VALUE_BOOL			 110
 #define X509V3_F_X509V3_PARSE_LIST			 109
 

util/libeay.num

@@ -1618,3 +1618,4 @@ sk_X509_EXTENSION_delete                1642
 sk_X509_EXTENSION_shift                 1643
 sk_X509_EXTENSION_push                  1644
 sk_X509_NAME_ENTRY_find                 1645
+X509V3_EXT_i2d                          1646