X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fca.c;h=efcd817311f21ec27678a8300b65877346bfc3e3;hb=8cf6522820b3870121711b81eafa3afdaecf19ae;hp=6c060ce02e246e322af581f74351c99f779bc515;hpb=f9a2593163299b47fa5930516266e8dfe4a1c18f;p=openssl.git

diff --git a/apps/ca.c b/apps/ca.c
index 6c060ce02e..efcd817311 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -64,16 +64,16 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "txt_db.h"
-#include "evp.h"
-#include "x509.h"
-#include "x509v3.h"
-#include "objects.h"
-#include "pem.h"
-#include "conf.h"
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #ifndef W_OK
 #include <sys/file.h>
@@ -156,7 +156,6 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
 
-#ifndef NOPROTO
 static int add_oid_section(LHASH *conf);
 static void lookup_fail(char *name,char *tag);
 static int MS_CALLBACK key_callback(char *buf,int len,int verify);
@@ -168,43 +167,25 @@ static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days, int batch, char *ext_sect, LHASH *conf,int verbose);
+		   const EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,
+		   char *startdate,int days,int batch,char *ext_sect,
+		   LHASH *conf,int verbose);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,int batch,char *ext_sect, LHASH *conf,int verbose);
+			const EVP_MD *dgst,STACK *policy,TXT_DB *db,
+			BIGNUM *serial,char *startdate,int days,int batch,
+			char *ext_sect, LHASH *conf,int verbose);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,char *ext_sect,LHASH *conf,int verbose);
+			 const EVP_MD *dgst,STACK *policy,TXT_DB *db,
+			 BIGNUM *serial,char *startdate,int days,
+			 char *ext_sect,LHASH *conf,int verbose);
 static int fix_data(int nid, int *type);
 static void write_new_certificate(BIO *bp, X509 *x, int output_der);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
 	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
 	int days, int batch, int verbose, X509_REQ *req, char *ext_sect,
 	LHASH *conf);
 static int do_revoke(X509 *x509, TXT_DB *db);
 static int check_time_format(char *str);
-#else
-static int add_oid_section();
-static void lookup_fail();
-static int MS_CALLBACK key_callback();
-static unsigned long index_serial_hash();
-static int index_serial_cmp();
-static unsigned long index_name_hash();
-static int index_name_qual();
-static int index_name_cmp();
-static int fix_data();
-static BIGNUM *load_serial();
-static int save_serial();
-static int certify();
-static int certify_cert();
-static int certify_spkac();
-static void write_new_certificate();
-static int do_body();
-static int do_revoke();
-static int check_time_format();
-#endif
-
 static LHASH *conf;
 static char *key=NULL;
 static char *section=NULL;
@@ -212,9 +193,7 @@ static char *section=NULL;
 static int preserve=0;
 static int msie_hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
 	int total=0;
 	int total_done=0;
@@ -223,7 +202,7 @@ char **argv;
 	int req=0;
 	int verbose=0;
 	int gencrl=0;
-	int revoke=0;
+	int dorevoke=0;
 	long crldays=0;
 	long crlhours=0;
 	long errorline= -1;
@@ -257,7 +236,7 @@ char **argv;
 	char **pp,*p,*f;
 	int i,j;
 	long l;
-	EVP_MD *dgst=NULL;
+	const EVP_MD *dgst=NULL;
 	STACK *attribs=NULL;
 	STACK *cert_sk=NULL;
 	BIO *hex=NULL;
@@ -388,7 +367,7 @@ EF_ALIGNMENT=0;
 			{
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
-			revoke=1;
+			dorevoke=1;
 			}
 		else
 			{
@@ -709,7 +688,10 @@ bad:
 		extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
 		if(extensions) {
 			/* Check syntax of file */
-			if(!X509V3_EXT_check_conf(conf, extensions)) {
+			X509V3_CTX ctx;
+			X509V3_set_ctx_test(&ctx);
+			X509V3_set_conf_lhash(&ctx, conf);
+			if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
 				BIO_printf(bio_err,
 				 "Error Loading extension section %s\n",
 								 extensions);
@@ -981,7 +963,10 @@ bad:
 		crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
 		if(crl_ext) {
 			/* Check syntax of file */
-			if(!X509V3_EXT_check_conf(conf, crl_ext)) {
+			X509V3_CTX ctx;
+			X509V3_set_ctx_test(&ctx);
+			X509V3_set_conf_lhash(&ctx, conf);
+			if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
 				BIO_printf(bio_err,
 				 "Error Loading CRL extension section %s\n",
 								 crl_ext);
@@ -1073,11 +1058,8 @@ bad:
 		    if (ci->version == NULL)
 		    if ((ci->version=ASN1_INTEGER_new()) == NULL) goto err;
 		    ASN1_INTEGER_set(ci->version,1); /* version 2 CRL */
-		    crlctx.crl = crl;
-		    crlctx.issuer_cert = x509;
-		    crlctx.subject_cert = NULL;
-		    crlctx.subject_req = NULL;
-		    crlctx.flags = 0;
+		    X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+		    X509V3_set_conf_lhash(&crlctx, conf);
 
 		    if(!X509V3_EXT_CRL_add_conf(conf, &crlctx,
 						 crl_ext, crl)) goto err;
@@ -1088,7 +1070,7 @@ bad:
 		PEM_write_bio_X509_CRL(Sout,crl);
 		}
 	/*****************************************************************/
-	if (revoke)
+	if (dorevoke)
 		{
         	in=BIO_new(BIO_s_file());
         	out=BIO_new(BIO_s_file());
@@ -1173,16 +1155,12 @@ err:
 	EXIT(ret);
 	}
 
-static void lookup_fail(name,tag)
-char *name;
-char *tag;
+static void lookup_fail(char *name, char *tag)
 	{
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 
-static int MS_CALLBACK key_callback(buf,len,verify)
-char *buf;
-int len,verify;
+static int MS_CALLBACK key_callback(char *buf, int len, int verify)
 	{
 	int i;
 
@@ -1193,8 +1171,7 @@ int len,verify;
 	return(i);
 	}
 
-static unsigned long index_serial_hash(a)
-char **a;
+static unsigned long index_serial_hash(char **a)
 	{
 	char *n;
 
@@ -1203,9 +1180,7 @@ char **a;
 	return(lh_strhash(n));
 	}
 
-static int index_serial_cmp(a,b)
-char **a;
-char **b;
+static int index_serial_cmp(char **a, char **b)
 	{
 	char *aa,*bb;
 
@@ -1214,21 +1189,17 @@ char **b;
 	return(strcmp(aa,bb));
 	}
 
-static unsigned long index_name_hash(a)
-char **a;
+static unsigned long index_name_hash(char **a)
 	{ return(lh_strhash(a[DB_name])); }
 
-static int index_name_qual(a)
-char **a;
+static int index_name_qual(char **a)
 	{ return(a[0][0] == 'V'); }
 
-static int index_name_cmp(a,b)
-char **a;
-char **b;
-	{ return(strcmp(a[DB_name],b[DB_name])); }
+static int index_name_cmp(char **a, char **b)
+	{ return(strcmp(a[DB_name],
+	     b[DB_name])); }
 
-static BIGNUM *load_serial(serialfile)
-char *serialfile;
+static BIGNUM *load_serial(char *serialfile)
 	{
 	BIO *in=NULL;
 	BIGNUM *ret=NULL;
@@ -1266,9 +1237,7 @@ err:
 	return(ret);
 	}
 
-static int save_serial(serialfile,serial)
-char *serialfile;
-BIGNUM *serial;
+static int save_serial(char *serialfile, BIGNUM *serial)
 	{
 	BIO *out;
 	int ret=0;
@@ -1300,22 +1269,10 @@ err:
 	return(ret);
 	}
 
-static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
-		   batch,ext_sect,lconf,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-char *ext_sect;
-LHASH *lconf;
-int verbose;
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
+		 int verbose)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1371,22 +1328,11 @@ err:
 	return(ok);
 	}
 
-static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
-			days,batch,ext_sect,lconf,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-char *ext_sect;
-LHASH *lconf;
-int verbose;
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, int days, int batch, char *ext_sect, LHASH *lconf,
+		 int verbose)
+
 	{
 	X509 *req=NULL;
 	X509_REQ *rreq=NULL;
@@ -1446,22 +1392,9 @@ err:
 	return(ok);
 	}
 
-static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-		   batch,verbose,req,ext_sect,lconf)
-X509 **xret;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-int verbose;
-X509_REQ *req;
-char *ext_sect;
-LHASH *lconf;
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+	     STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate, int days,
+	     int batch, int verbose, X509_REQ *req, char *ext_sect, LHASH *lconf)
 	{
 	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
@@ -1788,15 +1721,13 @@ again2:
 		/* Free the current entries if any, there should not
 		 * be any I belive */
 		if (ci->extensions != NULL)
-			sk_pop_free(ci->extensions,X509_EXTENSION_free);
+			sk_X509_EXTENSION_pop_free(ci->extensions,
+						   X509_EXTENSION_free);
 
 		ci->extensions = NULL;
 
-		ctx.subject_cert = ret;
-		ctx.issuer_cert = x509;
-		ctx.subject_req = req;
-		ctx.crl = NULL;
-		ctx.flags = 0;
+		X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+		X509V3_set_conf_lhash(&ctx, lconf);
 
 		if(!X509V3_EXT_add_conf(lconf, &ctx, ext_sect, ret)) goto err;
 
@@ -1892,10 +1823,7 @@ err:
 	return(ok);
 	}
 
-static void write_new_certificate(bp,x, output_der)
-BIO *bp;
-X509 *x;
-int output_der;
+static void write_new_certificate(BIO *bp, X509 *x, int output_der)
 	{
 	char *f;
 	char buf[256];
@@ -1921,21 +1849,9 @@ int output_der;
 	BIO_puts(bp,"\n");
 	}
 
-static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
-			 startdate,days,ext_sect,lconf,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-char *ext_sect;
-LHASH *lconf;
-int verbose;
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK *policy, TXT_DB *db, BIGNUM *serial,
+	     char *startdate, int days, char *ext_sect, LHASH *lconf, int verbose)
 	{
 	STACK *sk=NULL;
 	LHASH *parms=NULL;
@@ -2091,9 +2007,7 @@ err:
 	return(ok);
 	}
 
-static int fix_data(nid,type)
-int nid;
-int *type;
+static int fix_data(int nid, int *type)
 	{
 	if (nid == NID_pkcs9_emailAddress)
 		*type=V_ASN1_IA5STRING;
@@ -2108,8 +2022,7 @@ int *type;
 	return(1);
 	}
 
-static int check_time_format(str)
-char *str;
+static int check_time_format(char *str)
 	{
 	ASN1_UTCTIME tm;
 
@@ -2119,8 +2032,7 @@ char *str;
 	return(ASN1_UTCTIME_check(&tm));
 	}
 
-static int add_oid_section(hconf)
-LHASH *hconf;
+static int add_oid_section(LHASH *hconf)
 {	
 	char *p;
 	STACK *sktmp;
@@ -2142,9 +2054,7 @@ LHASH *hconf;
 	return 1;
 }
 
-static int do_revoke(x509,db)
-X509 *x509;
-TXT_DB *db;
+static int do_revoke(X509 *x509, TXT_DB *db)
 {
         ASN1_UTCTIME *tm=NULL;
         char *row[DB_NUMBER],**rrow,**irow;