Add functions to allow extensions to be added to certificate requests.

Modify obj_dat.pl to take its files from the command line. Usage is now perl obj_dat.pl objects.h obj_dat.h this should avoid redirection shell escape problems under Win32.

Add functions to allow extensions to be added to certificate requests.
Modify obj_dat.pl to take its files from the command line. Usage is now perl obj_dat.pl objects.h obj_dat.h this should avoid redirection shell escape problems under Win32.
fd520577 · Dr. Stephen Henson · 8b946344 · fd520577 · fd520577 · fd520577
7 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,10 +4,14 @@
 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
+  *) Changed obj_dat.pl script so it takes its input and output files on
+     the command line. This should avoid shell escape redirection problems
+     under Win32.
+     [Steve Henson]
  *) Initial support for certificate extension requests, these are included
-     in things like Xenroll certificate requests. They will later be used to
+     in things like Xenroll certificate requests. Included functions to allow
-     allow PKCS#10 requests to include a list of "requested extensions" which
+     extensions to be obtained and added.
-     can be added.
     [Steve Henson]
  *) -crlf option to s_client and s_server for sending newlines as

--- a/Configure
+++ b/Configure
@@ -724,7 +724,7 @@ if($IsWindows) {
 EOF
 	close(OUT);
-	system "perl crypto/objects/obj_dat.pl <crypto\\objects\\objects.h >crypto\\objects\\obj_dat.h";
+	system "perl crypto/objects/obj_dat.pl crypto/objects/objects.h crypto/objects/obj_dat.h";
 } else {
 	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?;
 	### (system 'make depend') == 0 or exit $? if $depflags ne "";

--- a/crypto/objects/Makefile.ssl
+++ b/crypto/objects/Makefile.ssl
@@ -38,7 +38,7 @@ top:
 all:	obj_dat.h lib
 obj_dat.h: objects.h obj_dat.pl
-	$(PERL) ./obj_dat.pl < objects.h > obj_dat.h
+	$(PERL) ./obj_dat.pl objects.h obj_dat.h
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)

--- a/crypto/objects/obj_dat.pl
+++ b/crypto/objects/obj_dat.pl
@@ -38,7 +38,10 @@ sub expand_obj
 	return(%objn);
 	}
-while (<>)
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+while (<IN>)
 	{
 	next unless /^\#define\s+(\S+)\s+(.*)$/;
 	$v=$1;
@@ -55,6 +58,7 @@ while (<>)
 		$objd{$v}=$d;
 		}
 	}
+close IN;
 %ob=&expand_obj(*objd);
@@ -132,7 +136,7 @@ foreach (sort obj_cmp @a)
 	push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
 	}
-print <<'EOF';
+print OUT <<'EOF';
 /* lib/obj/obj_dat.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
@@ -193,21 +197,21 @@ print <<'EOF';
 /* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
 * following command:
- * perl obj_dat.pl < objects.h > obj_dat.h
+ * perl obj_dat.pl objects.h obj_dat.h
 */
 EOF
-printf "#define NUM_NID %d\n",$n;
+printf OUT "#define NUM_NID %d\n",$n;
-printf "#define NUM_SN %d\n",$#sn+1;
+printf OUT "#define NUM_SN %d\n",$#sn+1;
-printf "#define NUM_LN %d\n",$#ln+1;
+printf OUT "#define NUM_LN %d\n",$#ln+1;
-printf "#define NUM_OBJ %d\n\n",$#ob+1;
+printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
-printf "static unsigned char lvalues[%d]={\n",$lvalues+1;
+printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;
-print @lvalues;
+print OUT @lvalues;
-print "};\n\n";
+print OUT "};\n\n";
-printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
+printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
 foreach (@out)
 	{
 	if (length($_) > 75)
@@ -218,30 +222,32 @@ foreach (@out)
 			$t=$out.$_.",";
 			if (length($t) > 70)
 				{
-				print "$out\n";
+				print OUT "$out\n";
 				$t="\t$_,";
 				}
 			$out=$t;
 			}
 		chop $out;
-		print "$out";
+		print OUT "$out";
 		}
 	else
-		{ print $_; }
+		{ print OUT $_; }
 	}
-print  "};\n\n";
+print  OUT "};\n\n";
+printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+print  OUT @sn;
+print  OUT "};\n\n";
-printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
-print  @sn;
+print  OUT @ln;
-print  "};\n\n";
+print  OUT "};\n\n";
-printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
+printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
-print  @ln;
+print  OUT @ob;
-print  "};\n\n";
+print  OUT "};\n\n";
-printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
+close OUT;
-print  @ob;
-print  "};\n\n";
 sub der_it
 	{

--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -791,6 +791,9 @@ int		X509_REQ_extension_nid(int nid);
 int *		X509_REQ_get_extesion_nids(void);
 void		X509_REQ_set_extension_nids(int *nids);
 STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+				int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
 int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);

--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -169,3 +169,48 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
 			d2i_X509_EXTENSION, X509_EXTENSION_free,
 			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 }
+/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+				int nid)
+{
+	unsigned char *p = NULL, *q;
+	long len;
+	ASN1_TYPE *at = NULL;
+	X509_ATTRIBUTE *attr = NULL;
+	if(!(at = ASN1_TYPE_new()) ||
+		!(at->value.sequence = ASN1_STRING_new())) goto err;
+	at->type = V_ASN1_SEQUENCE;
+	/* Generate encoding of extensions */
+	len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	if(!(p = Malloc(len))) goto err;
+	q = p;
+	i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
+			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	at->value.sequence->data = p;
+	p = NULL;
+	at->value.sequence->length = len;
+	if(!(attr = X509_ATTRIBUTE_new())) goto err;
+	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
+	at = NULL;
+	attr->set = 1;
+	attr->object = OBJ_nid2obj(nid);
+	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
+	return 1;
+	err:
+	if(p) Free(p);
+	X509_ATTRIBUTE_free(attr);
+	ASN1_TYPE_free(at);
+	return 0;
+}
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+	return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
--- a/doc/openssl.txt
+++ b/doc/openssl.txt
@@ -561,7 +561,7 @@ takes the NID of the extension rather than its name.
 For example to produce basicConstraints with the CA flag and a path length of
 10:
-x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10");
+x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);