Add initial support for r2i RAW extensions which can access the config database

add various X509V3_CTX helper functions and support for LHASH as the config
database.

CHANGES

@@ -5,6 +5,10 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
   *) Fix an evil bug in bn_expand2() which caused various BN functions to
      fail when they extended the size of a BIGNUM.
      [Steve Henson]

STATUS

 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/04/16 11:32:33 $
+  ______________                           $Date: 1999/04/16 23:57:00 $
 
   DEVELOPMENT STATE
 
@@ -45,6 +45,8 @@
         Proper (or at least usable) certificate chain verification.
         Documentation on X509 V3 extension code.
         PKCS#12 code cleanup and enhancement.
+	PKCS #8 and PKCS#5 v2.0 support.
+	Private key, certificate and CRL API and implementation.
 
     o Mark is currently working on:
         Folding in any changes that are in the C2Net code base that were

apps/ca.c

@@ -1073,11 +1073,8 @@ bad:
 		    if (ci->version == NULL)
 		    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
 		    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
-		    crlctx.crl = crl;
-		    crlctx.issuer_cert = x509;
-		    crlctx.subject_cert = NULL;
-		    crlctx.subject_req = NULL;
-		    crlctx.flags = 0;
+		    X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+		    X509V3_set_conf_lhash(&crlctx, conf);
 
 		    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
 						 crl_ext, crl)) goto err;
@@ -1792,11 +1789,8 @@ again2:
 
 		ci->extensions = NULL;
 
-		ctx.subject_cert = ret;
-		ctx.issuer_cert = x509;
-		ctx.subject_req = req;
-		ctx.crl = NULL;
-		ctx.flags = 0;
+		X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+		X509V3_set_conf_lhash(&ctx, lconf);
 
 		if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
 

apps/req.c

@@ -666,11 +666,8 @@ loop:
 
 			/* Set up V3 context struct */
 
-			ext_ctx.issuer_cert = x509ss;
-			ext_ctx.subject_cert = x509ss;
-			ext_ctx.subject_req = NULL;
-			ext_ctx.crl = NULL;
-			ext_ctx.flags = 0;
+			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+			X509V3_set_conf_lhash(&ext_ctx, req_conf);
 
 			/* Add extensions */
 			if(extensions && !X509V3_EXT_add_conf(req_conf, 

crypto/x509v3/v3_conf.c

@@ -295,3 +295,85 @@ char *section;
 	static X509V3_CTX ctx_tst = { CTX_TEST, NULL, NULL, NULL, NULL };
 	return X509V3_EXT_add_conf(conf, &ctx_tst, section, NULL);
 }
+
+/* Config database functions */
+
+char * X509V3_get_string(ctx, name, section)
+X509V3_CTX *ctx;
+char *name;
+char *section;
+{
+	if(ctx->db_meth->get_string)
+			return ctx->db_meth->get_string(ctx->db, name, section);
+	return NULL;
+}
+
+STACK * X509V3_get_section(ctx, section)
+X509V3_CTX *ctx;
+char *section;
+{
+	if(ctx->db_meth->get_section)
+			return ctx->db_meth->get_section(ctx->db, section);
+	return NULL;
+}
+
+void X509V3_free_string(ctx, str)
+X509V3_CTX *ctx;
+char *str;
+{
+	if(ctx->db_meth->free_string)
+			return ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_free_section(ctx, section)
+X509V3_CTX *ctx;
+STACK *section;
+{
+	if(ctx->db_meth->free_section)
+			return ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *conf_lhash_get_string(db, section, value)
+void *db;
+char *section;
+char *value;
+{
+	return CONF_get_string(db, section, value);
+}
+
+static STACK *conf_lhash_get_section(db, section)
+void *db;
+char *section;
+{
+	return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+conf_lhash_get_string,
+conf_lhash_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_conf_lhash(ctx, lhash)
+X509V3_CTX *ctx;
+LHASH *lhash;
+{
+	ctx->db_meth = &conf_lhash_method;
+	ctx->db = lhash;
+}
+
+void X509V3_set_ctx(ctx, issuer, subj, req, crl, flags)
+X509V3_CTX *ctx;
+X509 *issuer;
+X509 *subj;
+X509_REQ *req;
+X509_CRL *crl;
+int flags;
+{
+	ctx->issuer_cert = issuer;
+	ctx->subject_cert = subj;
+	ctx->crl = crl;
+	ctx->subject_req = req;
+	ctx->flags = flags;
+}

crypto/x509v3/x509v3.h

@@ -80,7 +80,7 @@ typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx
 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
 typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
 typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out, int indent);
-typedef char *(*X509V3_EXT_R2I)(struct v3_ext_method *method, char *db, char *value);
+typedef char * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
 
 /* V3 extension structure */
 
@@ -102,11 +102,17 @@ X509V3_EXT_V2I v2i;
 
 /* The following are used for raw extensions */
 X509V3_EXT_I2R i2r;
-X509V3_EXT_R2I r2i;	/* Doesn't do anything *YET* */
+X509V3_EXT_R2I r2i;
 
 char *usr_data;	/* Any extension specific data */
 };
 
+typedef struct X509V3_CONF_METHOD_st {
+char * (*get_string)(void *db, char *section, char *value);
+STACK * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK *section);
+} X509V3_CONF_METHOD;
 
 /* Context specific info */
 struct v3_ext_ctx {
@@ -116,6 +122,8 @@ X509 *issuer_cert;
 X509 *subject_cert;
 X509_REQ *subject_req;
 X509_CRL *crl;
+X509V3_CONF_METHOD *db_meth;
+void *db;
 /* Maybe more here */
 };
 
@@ -278,8 +286,16 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CR
 int X509V3_EXT_check_conf(LHASH *conf, char *section);
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
 #endif
 
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK * X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_free_string(X509V3_CTX *ctx, char *str);
+void X509V3_free_section( X509V3_CTX *ctx, STACK *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+				 X509_REQ *req, X509_CRL *crl, int flags);
+
 int X509V3_add_value(char *name, char *value, STACK **extlist);
 int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist);
 int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist);
@@ -368,8 +384,15 @@ int X509V3_EXT_add_conf();
 int X509V3_EXT_check_conf();
 int X509V3_get_value_bool();
 int X509V3_get_value_int();
+void X509V3_set_conf_lhash();
 #endif
 
+char * X509V3_get_string();
+STACK * X509V3_get_section();
+void X509V3_free_string();
+void X509V3_free_section();
+void X509V3_set_ctx();
+
 int X509V3_add_value();
 int X509V3_add_value_bool();
 int X509V3_add_value_int();