Merge some common functionality in the apps, delete

the encryption option in the pkcs7 utility (they never
did anything) and add a couple more options to pkcs7.

diff --git a/CHANGES b/CHANGES
index b7d6be415dc5f826eec8e485892ea23fb4f096f8..90a876f2c309f691bb9ca33e6fd24b43aeea6ff9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Add options -text and -noout to pkcs7 utility and delets the
+     encryption options which never did anything. Update docs.
+     [Steve Henson]
+
   *) Add options to some of the utilities to allow the pass phrase
      to be included on either the command line (not recommended on
      OSes like Unix) or read from the environment. Update the

diff --git a/apps/apps.c b/apps/apps.c
index 629b297917d80aa73f202fc92dd3dffd2d057f53..4e3f32d07a0608ffb93f11652ada2d3538195579 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -335,3 +335,17 @@ int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
        memcpy(buf,key,i);
        return(i);
        }
+
+int dump_cert_text (BIO *out, X509 *x)
+{
+       char buf[256];
+       X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+       BIO_puts(out,"subject=");
+       BIO_puts(out,buf);
+
+       X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
+       BIO_puts(out,"\nissuer= ");
+       BIO_puts(out,buf);
+       BIO_puts(out,"\n");
+        return 0;
+}

diff --git a/apps/apps.h b/apps/apps.h
index 7128d0df02fe6ba35c58e3fda0286f535e89c1a5..d4c88ab42d43d54c454faea25df539015a749b25 100644 (file)
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -64,6 +64,7 @@
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
+#include <openssl/x509.h>
 #include "progs.h"
 
 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
@@ -143,6 +144,9 @@ int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
+#ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+#endif
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2

diff --git a/apps/nseq.c b/apps/nseq.c
index d9d01659e78db03dc83c2cf0dba844bba5a5ee9c..4a921396f9f75c1029eb16494f4bf237408f33d7 100644 (file)
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -65,7 +65,6 @@
 #undef PROG
 #define PROG nseq_main
 
-static int dump_cert_text(BIO *out, X509 *x);
 
 int MAIN(int argc, char **argv)
 {
@@ -158,17 +157,3 @@ end:
        EXIT(ret);
 }
 
-static int dump_cert_text(BIO *out, X509 *x)
-{
-       char buf[256];
-       X509_NAME_oneline(X509_get_subject_name(x),buf,256);
-       BIO_puts(out,"subject=");
-       BIO_puts(out,buf);
-
-       X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
-       BIO_puts(out,"\nissuer= ");
-       BIO_puts(out,buf);
-       BIO_puts(out,"\n");
-       return 0;
-}
-

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index f6b444b5f6ac8fc02a880d77f22d24d25e2949e0..5523622625bf493ecff15443cba41caa464607a3 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -79,7 +79,6 @@ EVP_CIPHER *enc;
 #define CACERTS                0x10
 
 int get_cert_chain(X509 *cert, STACK_OF(X509) **chain);
-int dump_cert_text (BIO *out, X509 *x);
 int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options);
 int dump_certs_pkeys_bags(BIO *out, STACK *bags, char *pass, int passlen, int options);
 int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options);
@@ -453,20 +452,6 @@ int MAIN(int argc, char **argv)
     EXIT(ret);
 }
 
-int dump_cert_text (BIO *out, X509 *x)
-{
-       char buf[256];
-       X509_NAME_oneline(X509_get_subject_name(x),buf,256);
-       BIO_puts(out,"subject=");
-       BIO_puts(out,buf);
-
-       X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
-       BIO_puts(out,"\nissuer= ");
-       BIO_puts(out,buf);
-       BIO_puts(out,"\n");
-        return 0;
-}
-
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
             int passlen, int options)
 {

diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 0e1427cc315513ac91a7ed82396828b1f8591f82..c1973646cd2468761de11f5739fc993af9411491 100644 (file)
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -75,9 +75,6 @@
  * -outform arg - output format - default PEM
  * -in arg     - input file - default stdin
  * -out arg    - output file - default stdout
- * -des                - encrypt output if PEM format with DES in cbc mode
- * -des3       - encrypt output if PEM format
- * -idea       - encrypt output if PEM format
  * -print_certs
  */
 
@@ -85,13 +82,10 @@ int MAIN(int argc, char **argv)
        {
        PKCS7 *p7=NULL;
        int i,badops=0;
-#if !defined(NO_DES) || !defined(NO_IDEA)
-       EVP_CIPHER *enc=NULL;
-#endif
        BIO *in=NULL,*out=NULL;
        int informat,outformat;
-       char *infile,*outfile,*prog,buf[256];
-       int print_certs=0;
+       char *infile,*outfile,*prog;
+       int print_certs=0,text=0,noout=0;
        int ret=0;
 
        apps_startup();
@@ -130,18 +124,12 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outfile= *(++argv);
                        }
+               else if (strcmp(*argv,"-noout") == 0)
+                       noout=1;
+               else if (strcmp(*argv,"-text") == 0)
+                       text=1;
                else if (strcmp(*argv,"-print_certs") == 0)
                        print_certs=1;
-#ifndef NO_DES
-               else if (strcmp(*argv,"-des") == 0)
-                       enc=EVP_des_cbc();
-               else if (strcmp(*argv,"-des3") == 0)
-                       enc=EVP_des_ede3_cbc();
-#endif
-#ifndef NO_IDEA
-               else if (strcmp(*argv,"-idea") == 0)
-                       enc=EVP_idea_cbc();
-#endif
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -162,11 +150,8 @@ bad:
                BIO_printf(bio_err," -in arg       input file\n");
                BIO_printf(bio_err," -out arg      output file\n");
                BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
-               BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-               BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
-               BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
-#endif
+               BIO_printf(bio_err," -text         print full details of certificates\n");
+               BIO_printf(bio_err," -noout        don't output encoded data\n");
                EXIT(1);
                }
 
@@ -246,19 +231,10 @@ bad:
                        for (i=0; i<sk_X509_num(certs); i++)
                                {
                                x=sk_X509_value(certs,i);
+                               if(text) X509_print(out, x);
+                               else dump_cert_text(out, x);
 
-                               X509_NAME_oneline(X509_get_subject_name(x),
-                                       buf,256);
-                               BIO_puts(out,"subject=");
-                               BIO_puts(out,buf);
-
-                               X509_NAME_oneline(X509_get_issuer_name(x),
-                                       buf,256);
-                               BIO_puts(out,"\nissuer= ");
-                               BIO_puts(out,buf);
-                               BIO_puts(out,"\n");
-
-                               PEM_write_bio_X509(out,x);
+                               if(!noout) PEM_write_bio_X509(out,x);
                                BIO_puts(out,"\n");
                                }
                        }
@@ -270,17 +246,9 @@ bad:
                                {
                                crl=sk_X509_CRL_value(crls,i);
 
-                               X509_NAME_oneline(crl->crl->issuer,buf,256);
-                               BIO_puts(out,"issuer= ");
-                               BIO_puts(out,buf);
-
-                               BIO_puts(out,"\nlast update=");
-                               ASN1_TIME_print(out,crl->crl->lastUpdate);
-                               BIO_puts(out,"\nnext update=");
-                               ASN1_TIME_print(out,crl->crl->nextUpdate);
-                               BIO_puts(out,"\n");
+                               X509_CRL_print(out, crl);
 
-                               PEM_write_bio_X509_CRL(out,crl);
+                               if(!noout)PEM_write_bio_X509_CRL(out,crl);
                                BIO_puts(out,"\n");
                                }
                        }
@@ -289,21 +257,23 @@ bad:
                goto end;
                }
 
-       if      (outformat == FORMAT_ASN1)
-               i=i2d_PKCS7_bio(out,p7);
-       else if (outformat == FORMAT_PEM)
-               i=PEM_write_bio_PKCS7(out,p7);
-       else    {
-               BIO_printf(bio_err,"bad output format specified for outfile\n");
-               goto end;
-               }
+       if(!noout) {
+               if      (outformat == FORMAT_ASN1)
+                       i=i2d_PKCS7_bio(out,p7);
+               else if (outformat == FORMAT_PEM)
+                       i=PEM_write_bio_PKCS7(out,p7);
+               else    {
+                       BIO_printf(bio_err,"bad output format specified for outfile\n");
+                       goto end;
+                       }
 
-       if (!i)
-               {
-               BIO_printf(bio_err,"unable to write pkcs7 object\n");
-               ERR_print_errors(bio_err);
-               goto end;
-               }
+               if (!i)
+                       {
+                       BIO_printf(bio_err,"unable to write pkcs7 object\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+       }
        ret=0;
 end:
        if (p7 != NULL) PKCS7_free(p7);

diff --git a/doc/man/pkcs7.pod b/doc/man/pkcs7.pod
index ff779c7699b4cfbf0d4f96d05960e59d4c44043b..a2ebaac9825b312ab8fe5aed46ed6b5043fb8661 100644 (file)
--- a/doc/man/pkcs7.pod
+++ b/doc/man/pkcs7.pod
@@ -47,6 +47,16 @@ default.
 prints out any certificates or CRLs contained in the file. They are
 preceded by their subject and issuer names in one line format.
 
+=item B<-text>
+
+prints out certificates details in full rather than just subject and
+issuer names.
+
+=item B<-noout>
+
+don't output the encoded version of the PKCS#7 structure (or certificates
+is B<-print_certs> is set).
+
 =back
 
 =head1 EXAMPLES