Add new -notext option to 'ca', -pubkey option to spkac.

Remove some "WTF??" casts from applications.

Fixes to keep VC++ happy and avoid warnings.

Docs tidy.
This commit is contained in:
Dr. Stephen Henson 2000-02-03 02:56:48 +00:00
parent 7999c65c9b
commit 82fc1d9c28
16 changed files with 80 additions and 46 deletions

View File

@ -4,6 +4,9 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
*) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
[Steve Henson]
*) Use a less unusual form of the Miller-Rabin primality test (it used
a binary algorithm for exponentiation integrated into the Miller-Rabin
loop, our standard modexp algorithms are faster).

View File

@ -200,7 +200,7 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
char *enddate, int days, char *ext_sect,LHASH *conf,
int verbose);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
char *startdate, char *enddate, int days, int batch, int verbose,
@ -247,6 +247,7 @@ int MAIN(int argc, char **argv)
char *enddate=NULL;
int days=0;
int batch=0;
int notext=0;
X509 *x509=NULL;
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
@ -357,6 +358,8 @@ EF_ALIGNMENT=0;
if (--argc < 1) goto bad;
outdir= *(++argv);
}
else if (strcmp(*argv,"-notext") == 0)
notext=1;
else if (strcmp(*argv,"-batch") == 0)
batch=1;
else if (strcmp(*argv,"-preserveDN") == 0)
@ -984,8 +987,8 @@ bad:
perror(buf[2]);
goto err;
}
write_new_certificate(Cout,x, 0);
write_new_certificate(Sout,x, output_der);
write_new_certificate(Cout,x, 0, notext);
write_new_certificate(Sout,x, output_der, notext);
}
if (sk_num(cert_sk))
@ -1893,17 +1896,16 @@ err:
return(ok);
}
static void write_new_certificate(BIO *bp, X509 *x, int output_der)
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
{
char *f;
char buf[256];
if (output_der)
{
(void)i2d_X509_bio(bp,x);
return;
}
#if 0
/* ??? Not needed since X509_print prints all this stuff anyway */
f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
BIO_printf(bp,"issuer :%s\n",f);
@ -1913,10 +1915,9 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der)
BIO_puts(bp,"serial :");
i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
BIO_puts(bp,"\n\n");
X509_print(bp,x);
BIO_puts(bp,"\n");
#endif
if(!notext)X509_print(bp,x);
PEM_write_bio_X509(bp,x);
BIO_puts(bp,"\n");
}
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,

View File

@ -84,7 +84,7 @@
* -genkey
*/
static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
int MAIN(int argc, char **argv)
{
DSA *dsa=NULL;
@ -225,8 +225,7 @@ bad:
assert(need_rand);
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n");
dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
dsa_cb,(char *)bio_err);
dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
}
else if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL);
@ -350,7 +349,7 @@ end:
EXIT(ret);
}
static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
@ -358,8 +357,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
BIO_write(arg,&c,1);
(void)BIO_flush(arg);
#ifdef LINT
p=n;
#endif

View File

@ -271,7 +271,7 @@ bad:
}
}
p=(unsigned char *)buf->data;
rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
BUF_MEM_free(buf);
}
#endif

View File

@ -376,7 +376,7 @@ bad:
}
con=(SSL *)SSL_new(ctx);
con=SSL_new(ctx);
/* SSL_set_cipher_list(con,"RC4-MD5"); */
re_start:

View File

@ -782,7 +782,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
#endif
if (con == NULL) {
con=(SSL *)SSL_new(ctx);
con=SSL_new(ctx);
if(context)
SSL_set_session_id_context(con, context,
strlen((char *)context));
@ -1150,7 +1150,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
/* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
if ((con=SSL_new(ctx)) == NULL) goto err;
if(context) SSL_set_session_id_context(con, context,
strlen((char *)context));

View File

@ -632,7 +632,7 @@ static SSL *doConnection(SSL *scon)
BIO_set_conn_hostname(conn,host);
if (scon == NULL)
serverCon=(SSL *)SSL_new(tm_ctx);
serverCon=SSL_new(tm_ctx);
else
{
serverCon=scon;

View File

@ -79,11 +79,11 @@ int MAIN(int argc, char **argv)
{
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
int verify=0,noout=0;
int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
LHASH *conf;
LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
@ -128,6 +128,8 @@ int MAIN(int argc, char **argv)
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
pubkey=1;
else if (strcmp(*argv,"-verify") == 0)
verify=1;
else badops = 1;
@ -138,12 +140,15 @@ int MAIN(int argc, char **argv)
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"%s [options]\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -key arg create SPKAC using private key\n");
BIO_printf(bio_err," -challenge arg challenge string\n");
BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
goto end;
}
@ -180,6 +185,7 @@ bad:
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
Free(spkstr);
ret = 0;
goto end;
}
@ -212,6 +218,7 @@ bad:
}
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if(!spki) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
@ -228,11 +235,9 @@ bad:
}
if(!noout) NETSCAPE_SPKI_print(out, spki);
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) {
EVP_PKEY *pktmp;
pktmp = NETSCAPE_SPKI_get_pubkey(spki);
i = NETSCAPE_SPKI_verify(spki, pktmp);
EVP_PKEY_free(pktmp);
i = NETSCAPE_SPKI_verify(spki, pkey);
if(i) BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
@ -240,15 +245,16 @@ bad:
goto end;
}
}
if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
ret = 0;
end:
CONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free(out);
BIO_free(key);
EVP_PKEY_free(pkey);
if(spkstr) Free(spkstr);
EXIT(ret);
}

View File

@ -182,7 +182,7 @@ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
int *counter_ret, unsigned long *h_ret,void
(*callback)(),void *cb_arg);
(*callback)(int, int, void *),void *cb_arg);
int DSA_generate_key(DSA *a);
int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);

View File

@ -80,7 +80,8 @@
#include <openssl/rand.h>
DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret, void (*callback)(),
int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *),
void *cb_arg)
{
int ok=0;

View File

@ -84,7 +84,7 @@ int main(int argc, char *argv[])
#define MS_CALLBACK
#endif
static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
@ -145,7 +145,7 @@ int main(int argc, char **argv)
BIO_printf(bio_err,"test generation of DSA parameters\n");
dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,(char *)bio_err);
dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
BIO_printf(bio_err,"seed\n");
for (i=0; i<20; i+=4)
@ -209,7 +209,7 @@ end:
return(0);
}
static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
static int ok=0,num=0;
@ -218,8 +218,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
if (p == 1) c='+';
if (p == 2) { c='*'; ok++; }
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
BIO_write(arg,&c,1);
(void)BIO_flush(arg);
if (!ok && (p == 0) && (num > 1))
{

View File

@ -210,4 +210,8 @@ ascii2ebcdic(void *dest, const void *srce, size_t count)
return dest;
}
#endif /*CHARSET_EBCDIC*/
#else /*CHARSET_EBCDIC*/
#ifdef PEDANTIC
static void *dummy=&dummy;
#endif
#endif

View File

@ -26,6 +26,7 @@ B<openssl> B<ca>
[B<-cert file>]
[B<-in file>]
[B<-out file>]
[B<-notext>]
[B<-outdir dir>]
[B<-infiles>]
[B<-spkac file>]
@ -102,6 +103,10 @@ the 'ps' utility) this option should be used with caution.
this prints extra details about the operations being performed.
=item B<-notext>
don't output the text form of a certificate to the output file.
=item B<-startdate date>
this allows the start date to be explicitly set. The format of the

View File

@ -11,6 +11,7 @@ B<openssl> B<spkac>
[B<-out filename>]
[B<-key keyfile>]
[B<-challenge string>]
[B<-pubkey>]
[B<-spkac spkacname>]
[B<-spksect section>]
[B<-noout>]
@ -63,6 +64,11 @@ SPKAC. The default is the default section.
don't output the text version of the SPKAC (not used if an
SPKAC is being created).
=item B<-pubkey>
output the public key of an SPKAC (not used if an SPKAC is
being created).
=item B<-verify>
verifies the digital signature on the supplied SPKAC.

View File

@ -84,14 +84,23 @@ descriptions. For example, the function ssl23_read() reports a
SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
Function and reason codes should consist of upper case characters,
numbers and underscores only. The error file generation script translates
function codes into function names by looking in the header files
for an appropriate function name, if none is found it just uses
the capitalized form such as "SSL23_READ" in the above example.
The trailing section of a reason code (after the "_R_") is translated
into lower case and and underscores changed to spaces.
When you are using new function or reason codes, run B<make errors>.
The necessary B<#define>s will then automatically be added to the
sub-library's header file.
Although a library will normally report errors using its own specific
macro, a different macro is used. This is normally only done when a
library wants to include ASN1 code which must user the ASN1 libraries
error macro.
XXXerr macro, another library's macro can be used. This is normally
only done when a library wants to include ASN1 code which must use
the ASN1err() macro.
=head2 Adding new libraries

View File

@ -313,7 +313,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
unsigned int i, list_num;
int i, list_num;
SSL_CIPHER *c;
/*