'req' fixes. Reinstate length check one request fields.

Fix to stop null being added to attributes. Modify X509_LOOKUP, X509_INFO to handle auxiliary info.
2024-11-25 11:03:37 +08:00 · 1999-11-14 23:10:50 +00:00 · 1999-11-14 23:10:50 +00:00 · 06556a1744
commit 06556a1744
parent 4abc5c624a
4 changed files with 36 additions and 18 deletions
--- a/5
+++ b/5
@ -4,6 +4,11 @@

 Changes between 0.9.4 and 0.9.5  [xx XXX 1999]

+  *) Fix for 'req': it was adding a null to request attributes.
+     Also change the X509_LOOKUP and X509_INFO code to handle
+     certificate auxiliary information.
+     [Steve Henson]
+
  *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
     the 'enc' command.
     [Steve Henson]
--- a/apps/req.c
+++ b/apps/req.c
@ -1051,6 +1051,7 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
 #ifdef CHARSET_EBCDIC
 	ebcdic2ascii(buf, buf, i);
 #endif
+	if(!req_fix_data(-1, NULL, i, min, max)) goto err;
 	if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC,
 				(unsigned char *) buf, -1,-1,0)) goto err;
 	ret=1;
@ -1123,7 +1124,7 @@ start:
 		else	goto err;
 		}

-	if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1))
+	if (!ASN1_STRING_set(bs,(unsigned char *)buf,i))
 		{ BIO_printf(bio_err,"Malloc failure\n"); goto err; }

 	if ((at=ASN1_TYPE_new()) == NULL)
@ -1161,23 +1162,24 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)

 static int req_fix_data(int nid, int *type, int len, int min, int max)
 	{
-	if (nid == NID_pkcs9_emailAddress)
-		*type=V_ASN1_IA5STRING;
-	if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-	if ((nid == NID_pkcs9_challengePassword) &&
-		(*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-
-	if ((nid == NID_pkcs9_unstructuredName) &&
-		(*type == V_ASN1_T61STRING))
-		{
-		BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
-		return(0);
-		}
-	if (nid == NID_pkcs9_unstructuredName)
-		*type=V_ASN1_IA5STRING;
+	if(type) {
+		if (nid == NID_pkcs9_emailAddress)
+			*type=V_ASN1_IA5STRING;
+		if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
+			*type=V_ASN1_T61STRING;
+		if ((nid == NID_pkcs9_challengePassword) &&
+			(*type == V_ASN1_IA5STRING))
+			*type=V_ASN1_T61STRING;

+		if ((nid == NID_pkcs9_unstructuredName) &&
+			(*type == V_ASN1_T61STRING))
+			{
+			BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
+			return(0);
+			}
+		if (nid == NID_pkcs9_unstructuredName)
+			*type=V_ASN1_IA5STRING;
+	}
 	if (len < min)
 		{
 		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@ -132,6 +132,17 @@ start:
 				}
 			pp=(char **)&(xi->x509);
 			}
+		else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
+			{
+			d2i=(char *(*)())d2i_X509_AUX;
+			if (xi->x509 != NULL)
+				{
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
+				if ((xi=X509_INFO_new()) == NULL) goto err;
+				goto start;
+				}
+			pp=(char **)&(xi->x509);
+			}
 		else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
 			{
 			d2i=(char *(*)())d2i_X509_CRL;
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@ -147,7 +147,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
 		{
 		for (;;)
 			{
-			x=PEM_read_bio_X509(in,NULL,NULL,NULL);
+			x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
 			if (x == NULL)
 				{
 				if ((ERR_GET_REASON(ERR_peek_error()) ==