generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add new -notext option to 'ca', -pubkey option to spkac.

Browse Source 
Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.
This commit is contained in:
Dr. Stephen Henson 2000-02-03 02:56:48 +00:00
parent 7999c65c9b
commit 82fc1d9c28
16 changed files with 80 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -4,6 +4,9 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 2000] Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
*) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
[Steve Henson]
*) Use a less unusual form of the Miller-Rabin primality test (it used *) Use a less unusual form of the Miller-Rabin primality test (it used
a binary algorithm for exponentiation integrated into the Miller-Rabin a binary algorithm for exponentiation integrated into the Miller-Rabin
loop, our standard modexp algorithms are faster). loop, our standard modexp algorithms are faster).

21
apps/ca.c
View File

@ -200,7 +200,7 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
char *enddate, int days, char *ext_sect,LHASH *conf, char *enddate, int days, char *ext_sect,LHASH *conf,
int verbose); int verbose);
static int fix_data(int nid, int *type); static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
char *startdate, char *enddate, int days, int batch, int verbose, char *startdate, char *enddate, int days, int batch, int verbose,
@ -247,6 +247,7 @@ int MAIN(int argc, char **argv)
char *enddate=NULL; char *enddate=NULL;
int days=0; int days=0;
int batch=0; int batch=0;
int notext=0;
X509 *x509=NULL; X509 *x509=NULL;
X509 *x=NULL; X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
@ -357,6 +358,8 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
outdir= *(++argv); outdir= *(++argv);
} }
else if (strcmp(*argv,"-notext") == 0)
notext=1;
else if (strcmp(*argv,"-batch") == 0) else if (strcmp(*argv,"-batch") == 0)
batch=1; batch=1;
else if (strcmp(*argv,"-preserveDN") == 0) else if (strcmp(*argv,"-preserveDN") == 0)
@ -984,8 +987,8 @@ bad:
perror(buf[2]); perror(buf[2]);
goto err; goto err;
} }
write_new_certificate(Cout,x, 0); write_new_certificate(Cout,x, 0, notext);
write_new_certificate(Sout,x, output_der); write_new_certificate(Sout,x, output_der, notext);
} }
if (sk_num(cert_sk)) if (sk_num(cert_sk))
@ -1893,17 +1896,16 @@ err:
return(ok); return(ok);
} }
static void write_new_certificate(BIO *bp, X509 *x, int output_der) static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
{ {
char *f;
char buf[256];
if (output_der) if (output_der)
{ {
(void)i2d_X509_bio(bp,x); (void)i2d_X509_bio(bp,x);
return; return;
} }
#if 0
/* ??? Not needed since X509_print prints all this stuff anyway */
f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256); f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
BIO_printf(bp,"issuer :%s\n",f); BIO_printf(bp,"issuer :%s\n",f);
@ -1913,10 +1915,9 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
BIO_puts(bp,"serial :"); BIO_puts(bp,"serial :");
i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber); i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
BIO_puts(bp,"\n\n"); BIO_puts(bp,"\n\n");
X509_print(bp,x); #endif
BIO_puts(bp,"\n"); if(!notext)X509_print(bp,x);
PEM_write_bio_X509(bp,x); PEM_write_bio_X509(bp,x);
BIO_puts(bp,"\n");
} }
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

11
apps/dsaparam.c
View File

@ -84,7 +84,7 @@
* -genkey * -genkey
*/ */
static void MS_CALLBACK dsa_cb(int p, int n, char *arg); static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
DSA *dsa=NULL; DSA *dsa=NULL;
@ -225,8 +225,7 @@ bad:
assert(need_rand); assert(need_rand);
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n"); BIO_printf(bio_err,"This could take some time\n");
dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
dsa_cb,(char *)bio_err);
} }
else if (informat == FORMAT_ASN1) else if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL); dsa=d2i_DSAparams_bio(in,NULL);
@ -350,7 +349,7 @@ end:
EXIT(ret); EXIT(ret);
} }
static void MS_CALLBACK dsa_cb(int p, int n, char *arg) static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{ {
char c='*'; char c='*';
@ -358,8 +357,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
if (p == 1) c='+'; if (p == 1) c='+';
if (p == 2) c='*'; if (p == 2) c='*';
if (p == 3) c='\n'; if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1); BIO_write(arg,&c,1);
(void)BIO_flush((BIO *)arg); (void)BIO_flush(arg);
#ifdef LINT #ifdef LINT
p=n; p=n;
#endif #endif

2
apps/rsa.c
View File

@ -271,7 +271,7 @@ bad:
} }
} }
p=(unsigned char *)buf->data; p=(unsigned char *)buf->data;
rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL); rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
BUF_MEM_free(buf); BUF_MEM_free(buf);
} }
#endif #endif

2
apps/s_client.c
View File

@ -376,7 +376,7 @@ bad:
} }
con=(SSL *)SSL_new(ctx); con=SSL_new(ctx);
/* SSL_set_cipher_list(con,"RC4-MD5"); */ /* SSL_set_cipher_list(con,"RC4-MD5"); */
re_start: re_start:

4
apps/s_server.c
View File

@ -782,7 +782,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
#endif #endif
if (con == NULL) { if (con == NULL) {
con=(SSL *)SSL_new(ctx); con=SSL_new(ctx);
if(context) if(context)
SSL_set_session_id_context(con, context, SSL_set_session_id_context(con, context,
strlen((char *)context)); strlen((char *)context));
@ -1150,7 +1150,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
/* lets make the output buffer a reasonable size */ /* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io,bufsize)) goto err; if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; if ((con=SSL_new(ctx)) == NULL) goto err;
if(context) SSL_set_session_id_context(con, context, if(context) SSL_set_session_id_context(con, context,
strlen((char *)context)); strlen((char *)context));

2
apps/s_time.c
View File

@ -632,7 +632,7 @@ static SSL *doConnection(SSL *scon)
BIO_set_conn_hostname(conn,host); BIO_set_conn_hostname(conn,host);
if (scon == NULL) if (scon == NULL)
serverCon=(SSL *)SSL_new(tm_ctx); serverCon=SSL_new(tm_ctx);
else else
{ {
serverCon=scon; serverCon=scon;

32
apps/spkac.c
View File

@ -79,11 +79,11 @@ int MAIN(int argc, char **argv)
{ {
int i,badops=0, ret = 1; int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL; BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0; int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog; char *infile = NULL,*outfile = NULL,*prog;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL; char *challenge = NULL, *keyfile = NULL;
LHASH *conf; LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL; NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
@ -128,6 +128,8 @@ int MAIN(int argc, char **argv)
} }
else if (strcmp(*argv,"-noout") == 0) else if (strcmp(*argv,"-noout") == 0)
noout=1; noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
pubkey=1;
else if (strcmp(*argv,"-verify") == 0) else if (strcmp(*argv,"-verify") == 0)
verify=1; verify=1;
else badops = 1; else badops = 1;
@ -138,13 +140,16 @@ int MAIN(int argc, char **argv)
if (badops) if (badops)
{ {
bad: bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"%s [options]\n",prog);
BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); BIO_printf(bio_err," -key arg create SPKAC using private key\n");
BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -challenge arg challenge string\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n"); BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
goto end; goto end;
} }
@ -180,6 +185,7 @@ bad:
goto end; goto end;
} }
BIO_printf(out, "SPKAC=%s\n", spkstr); BIO_printf(out, "SPKAC=%s\n", spkstr);
Free(spkstr);
ret = 0; ret = 0;
goto end; goto end;
} }
@ -212,6 +218,7 @@ bad:
} }
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if(!spki) { if(!spki) {
BIO_printf(bio_err, "Error loading SPKAC\n"); BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@ -228,11 +235,9 @@ bad:
} }
if(!noout) NETSCAPE_SPKI_print(out, spki); if(!noout) NETSCAPE_SPKI_print(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) { if(verify) {
EVP_PKEY *pktmp; i = NETSCAPE_SPKI_verify(spki, pkey);
pktmp = NETSCAPE_SPKI_get_pubkey(spki);
i = NETSCAPE_SPKI_verify(spki, pktmp);
EVP_PKEY_free(pktmp);
if(i) BIO_printf(bio_err, "Signature OK\n"); if(i) BIO_printf(bio_err, "Signature OK\n");
else { else {
BIO_printf(bio_err, "Signature Failure\n"); BIO_printf(bio_err, "Signature Failure\n");
@ -240,15 +245,16 @@ bad:
goto end; goto end;
} }
} }
if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
ret = 0; ret = 0;
end: end:
CONF_free(conf);
NETSCAPE_SPKI_free(spki); NETSCAPE_SPKI_free(spki);
BIO_free(in); BIO_free(in);
BIO_free(out); BIO_free(out);
BIO_free(key); BIO_free(key);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
if(spkstr) Free(spkstr);
EXIT(ret); EXIT(ret);
} }

2
crypto/dsa/dsa.h
View File

@ -182,7 +182,7 @@ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
int *counter_ret, unsigned long *h_ret,void int *counter_ret, unsigned long *h_ret,void
(*callback)(),void *cb_arg); (*callback)(int, int, void *),void *cb_arg);
int DSA_generate_key(DSA *a); int DSA_generate_key(DSA *a);
int i2d_DSAPublicKey(DSA *a, unsigned char **pp); int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);

3
crypto/dsa/dsa_gen.c
View File

@ -80,7 +80,8 @@
#include <openssl/rand.h> #include <openssl/rand.h>
DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret, void (*callback)(), int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *),
void *cb_arg) void *cb_arg)
{ {
int ok=0; int ok=0;

10
crypto/dsa/dsatest.c
View File

@ -84,7 +84,7 @@ int main(int argc, char *argv[])
#define MS_CALLBACK #define MS_CALLBACK
#endif #endif
static void MS_CALLBACK dsa_cb(int p, int n, char *arg); static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@ -145,7 +145,7 @@ int main(int argc, char **argv)
BIO_printf(bio_err,"test generation of DSA parameters\n"); BIO_printf(bio_err,"test generation of DSA parameters\n");
dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,(char *)bio_err); dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
BIO_printf(bio_err,"seed\n"); BIO_printf(bio_err,"seed\n");
for (i=0; i<20; i+=4) for (i=0; i<20; i+=4)
@ -209,7 +209,7 @@ end:
return(0); return(0);
} }
static void MS_CALLBACK dsa_cb(int p, int n, char *arg) static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{ {
char c='*'; char c='*';
static int ok=0,num=0; static int ok=0,num=0;
@ -218,8 +218,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
if (p == 1) c='+'; if (p == 1) c='+';
if (p == 2) { c='*'; ok++; } if (p == 2) { c='*'; ok++; }
if (p == 3) c='\n'; if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1); BIO_write(arg,&c,1);
(void)BIO_flush((BIO *)arg); (void)BIO_flush(arg);
if (!ok && (p == 0) && (num > 1)) if (!ok && (p == 0) && (num > 1))
{ {

6
crypto/ebcdic.c
View File

@ -210,4 +210,8 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
return dest; return dest;
} }
#endif /*CHARSET_EBCDIC*/ #else /*CHARSET_EBCDIC*/
#ifdef PEDANTIC
static void *dummy=&dummy;
#endif
#endif

5
doc/apps/ca.pod
View File

@ -26,6 +26,7 @@ B<openssl> B<ca>
[B<-cert file>] [B<-cert file>]
[B<-in file>] [B<-in file>]
[B<-out file>] [B<-out file>]
[B<-notext>]
[B<-outdir dir>] [B<-outdir dir>]
[B<-infiles>] [B<-infiles>]
[B<-spkac file>] [B<-spkac file>]
@ -102,6 +103,10 @@ the 'ps' utility) this option should be used with caution.
this prints extra details about the operations being performed. this prints extra details about the operations being performed.
=item B<-notext>
don't output the text form of a certificate to the output file.
=item B<-startdate date> =item B<-startdate date>
this allows the start date to be explicitly set. The format of the this allows the start date to be explicitly set. The format of the

6
doc/apps/spkac.pod
View File

@ -11,6 +11,7 @@ B<openssl> B<spkac>
[B<-out filename>] [B<-out filename>]
[B<-key keyfile>] [B<-key keyfile>]
[B<-challenge string>] [B<-challenge string>]
[B<-pubkey>]
[B<-spkac spkacname>] [B<-spkac spkacname>]
[B<-spksect section>] [B<-spksect section>]
[B<-noout>] [B<-noout>]
@ -63,6 +64,11 @@ SPKAC. The default is the default section.
don't output the text version of the SPKAC (not used if an don't output the text version of the SPKAC (not used if an
SPKAC is being created). SPKAC is being created).
=item B<-pubkey>
output the public key of an SPKAC (not used if an SPKAC is
being created).
=item B<-verify> =item B<-verify>
verifies the digital signature on the supplied SPKAC. verifies the digital signature on the supplied SPKAC.

15
doc/crypto/err.pod
View File

@ -84,14 +84,23 @@ descriptions. For example, the function ssl23_read() reports a
SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
Function and reason codes should consist of upper case characters,
numbers and underscores only. The error file generation script translates
function codes into function names by looking in the header files
for an appropriate function name, if none is found it just uses
the capitalized form such as "SSL23_READ" in the above example.
The trailing section of a reason code (after the "_R_") is translated
into lower case and and underscores changed to spaces.
When you are using new function or reason codes, run B<make errors>. When you are using new function or reason codes, run B<make errors>.
The necessary B<#define>s will then automatically be added to the The necessary B<#define>s will then automatically be added to the
sub-library's header file. sub-library's header file.
Although a library will normally report errors using its own specific Although a library will normally report errors using its own specific
macro, a different macro is used. This is normally only done when a XXXerr macro, another library's macro can be used. This is normally
library wants to include ASN1 code which must user the ASN1 libraries only done when a library wants to include ASN1 code which must use
error macro. the ASN1err() macro.
=head2 Adding new libraries =head2 Adding new libraries

2
ssl/ssl_ciph.c
View File

@ -313,7 +313,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{ {
unsigned int i, list_num; int i, list_num;
SSL_CIPHER *c; SSL_CIPHER *c;
/* /*