# else
# include <unixlib.h>
# endif
-# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
# include <sys/file.h>
# endif
#endif
int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e);
+ unsigned long nameopt, int default_op, int ext_copy);
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
X509 *x509, const EVP_MD *dgst,
STACK_OF(OPENSSL_STRING) *sigopts,
{"name", OPT_NAME, 's', "The particular CA definition to use"},
{"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
{"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
- {"create_serial", OPT_CREATE_SERIAL, '-'},
+ {"create_serial", OPT_CREATE_SERIAL, '-',
+ "If reading serial fails, create a new random serial"},
{"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
"Enable support for multivalued RDNs"},
{"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
{"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
{"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
- {"keyfile", OPT_KEYFILE, '<', "Private key file"},
+ {"keyfile", OPT_KEYFILE, 's', "Private key"},
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
{"passin", OPT_PASSIN, 's'},
{"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
{"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"},
{"crlexts", OPT_CRLEXTS, 's',
"CRL extension section (override value in config file)"},
- {"crl_reason", OPT_CRL_REASON, 's'},
- {"crl_hold", OPT_CRL_HOLD, 's'},
- {"crl_compromise", OPT_CRL_COMPROMISE, 's'},
- {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's'},
+ {"crl_reason", OPT_CRL_REASON, 's', "revocation reason"},
+ {"crl_hold", OPT_CRL_HOLD, 's',
+ "the hold instruction, an OID. Sets revocation reason to certificateHold"},
+ {"crl_compromise", OPT_CRL_COMPROMISE, 's',
+ "sets compromise time to val and the revocation reason to keyCompromise"},
+ {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's',
+ "sets compromise time to val and the revocation reason to CACompromise"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
lookup_fail(section, ENV_CERTIFICATE);
goto end;
}
- x509 = load_cert(certfile, FORMAT_PEM, NULL, e, "CA certificate");
+ x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
if (x509 == NULL)
goto end;
goto end;
}
for ( ; *p; p++) {
- if (!isxdigit(*p)) {
+ if (!isxdigit(_UC(*p))) {
BIO_printf(bio_err,
"entry %d: bad char 0%o '%c' in serial number\n",
i + 1, *p, *p);
db, serial, subj, chtype, multirdn, email_dn,
startdate, enddate, days, batch, extensions,
conf, verbose, certopt, nameopt, default_op,
- ext_copy, e);
+ ext_copy);
if (j < 0)
goto end;
if (j > 0) {
strcpy(buf[2], outdir);
#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(buf[2], "/", sizeof(buf[2]));
+ OPENSSL_strlcat(buf[2], "/", sizeof(buf[2]));
#endif
n = (char *)&(buf[2][strlen(buf[2])]);
goto end;
} else {
X509 *revcert;
- revcert = load_cert(infile, FORMAT_PEM, NULL, e, infile);
+ revcert = load_cert(infile, FORMAT_PEM, infile);
if (revcert == NULL)
goto end;
if (dorevoke == 2)
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
- OBJ_cleanup();
return (ret);
}
ok = 0;
goto end;
}
- if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+ if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto end;
}
i = X509_REQ_verify(req, pktmp);
- EVP_PKEY_free(pktmp);
+ pktmp = NULL;
if (i < 0) {
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
int multirdn, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect,
CONF *lconf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e)
+ unsigned long nameopt, int default_op, int ext_copy)
{
X509 *req = NULL;
X509_REQ *rreq = NULL;
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((req = load_cert(infile, FORMAT_PEM, NULL, e, infile)) == NULL)
+ if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL)
goto end;
if (verbose)
X509_print(bio_err, req);
BIO_printf(bio_err, "Check that the request matches the signature\n");
- if ((pktmp = X509_get_pubkey(req)) == NULL) {
+ if ((pktmp = X509_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto end;
}
i = X509_verify(req, pktmp);
- EVP_PKEY_free(pktmp);
if (i < 0) {
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
} else
BIO_printf(bio_err, "Signature ok\n");
- if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
+ if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
goto end;
ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
}
if (BN_is_zero(serial))
- row[DB_serial] = BUF_strdup("00");
+ row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
if (!X509_set_subject_name(ret, subject))
goto end;
- pktmp = X509_REQ_get_pubkey(req);
+ pktmp = X509_REQ_get0_pubkey(req);
i = X509_set_pubkey(ret, pktmp);
- EVP_PKEY_free(pktmp);
if (!i)
goto end;
}
}
- pktmp = X509_get_pubkey(ret);
+ pktmp = X509_get0_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp) &&
!EVP_PKEY_missing_parameters(pkey))
EVP_PKEY_copy_parameters(pktmp, pkey);
- EVP_PKEY_free(pktmp);
if (!do_X509_sign(ret, pkey, dgst, sigopts))
goto end;
/* We now just add it to the database */
- row[DB_type] = app_malloc(2, "row db type");
-
+ row[DB_type] = OPENSSL_strdup("V");
tm = X509_get_notAfter(ret);
row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
-
row[DB_rev_date] = NULL;
-
- /* row[DB_serial] done already */
- row[DB_file] = app_malloc(8, "row file");
+ row[DB_file] = OPENSSL_strdup("unknown");
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
BIO_printf(bio_err, "Memory allocation failure\n");
goto end;
}
- BUF_strlcpy(row[DB_file], "unknown", 8);
- row[DB_type][0] = 'V';
- row[DB_type][1] = '\0';
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space");
for (i = 0; i < DB_NUMBER; i++) {
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
+ EVP_PKEY_free(pktmp);
BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
goto end;
if (!bn)
goto end;
if (BN_is_zero(bn))
- row[DB_serial] = BUF_strdup("00");
+ row[DB_serial] = OPENSSL_strdup("00");
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
row[DB_serial], row[DB_name]);
/* We now just add it to the database */
- row[DB_type] = app_malloc(2, "row type");
-
+ row[DB_type] = OPENSSL_strdup("V");
tm = X509_get_notAfter(x509);
row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
-
row[DB_rev_date] = NULL;
-
- /* row[DB_serial] done already */
- row[DB_file] = app_malloc(8, "row filename");
-
- /* row[DB_name] done already */
-
- BUF_strlcpy(row[DB_file], "unknown", 8);
- row[DB_type][0] = 'V';
- row[DB_type][1] = '\0';
+ row[DB_file] = OPENSSL_strdup("unknown");
irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr");
for (i = 0; i < DB_NUMBER; i++) {
i += strlen(other) + 1;
str = app_malloc(i, "revocation reason");
- BUF_strlcpy(str, (char *)revtm->data, i);
+ OPENSSL_strlcpy(str, (char *)revtm->data, i);
if (reason) {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, reason, i);
+ OPENSSL_strlcat(str, ",", i);
+ OPENSSL_strlcat(str, reason, i);
}
if (other) {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, other, i);
+ OPENSSL_strlcat(str, ",", i);
+ OPENSSL_strlcat(str, other, i);
}
ASN1_UTCTIME_free(revtm);
return str;
ASN1_OBJECT *hold = NULL;
ASN1_GENERALIZEDTIME *comp_time = NULL;
- tmp = BUF_strdup(str);
+ tmp = OPENSSL_strdup(str);
if (!tmp) {
BIO_printf(bio_err, "memory allocation failure\n");
goto end;
projects / openssl.git / blobdiff