X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fx509.c;h=7a688a9dfe7b58f8e0ab917c5261d864484674d3;hb=3e9e810f2e047effb1056211794d2d12ec2b04e7;hp=0345cf09c7671d3b2eaf36d17db2ade2a4a85002;hpb=9c3bcfa027cb32421ed20ab77553860b922b82fc;p=openssl.git diff --git a/apps/x509.c b/apps/x509.c index 0345cf09c7..7a688a9dfe 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -55,7 +55,6 @@ * [including the GNU Public Licence.] */ -#include #include #include #include @@ -228,6 +227,7 @@ int x509_main(int argc, char **argv) int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; int checkoffset = 0, enddate = 0; unsigned long nmflag = 0, certflag = 0; + char nmflag_set = 0; OPTION_CHOICE o; ENGINE *e = NULL; #ifndef OPENSSL_NO_MD5 @@ -361,6 +361,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_NAMEOPT: + nmflag_set = 1; if (!set_name_ex(&nmflag, opt_arg())) goto opthelp; break; @@ -489,10 +490,10 @@ int x509_main(int argc, char **argv) goto opthelp; } - if (!app_load_modules(NULL)) - goto end; + if (!nmflag_set) + nmflag = XN_FLAG_ONELINE; - out = bio_open_default(outfile, "w"); + out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end; @@ -552,7 +553,7 @@ int x509_main(int argc, char **argv) BIO_printf(bio_err, "We need a private key to sign with\n"); goto end; } - in = bio_open_default(infile, "r"); + in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); @@ -563,15 +564,6 @@ int x509_main(int argc, char **argv) goto end; } - if ((req->req_info == NULL) || - (req->req_info->pubkey == NULL) || - (req->req_info->pubkey->public_key == NULL) || - (req->req_info->pubkey->public_key->data == NULL)) { - BIO_printf(bio_err, - "The certificate request appears to corrupted\n"); - BIO_printf(bio_err, "It does not contain a public key\n"); - goto end; - } if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; @@ -598,7 +590,7 @@ int x509_main(int argc, char **argv) if (sno == NULL) { sno = ASN1_INTEGER_new(); - if (!sno || !rand_serial(NULL, sno)) + if (sno == NULL || !rand_serial(NULL, sno)) goto end; if (!X509_set_serialNumber(x, sno)) goto end; @@ -607,9 +599,9 @@ int x509_main(int argc, char **argv) } else if (!X509_set_serialNumber(x, sno)) goto end; - if (!X509_set_issuer_name(x, req->req_info->subject)) + if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) goto end; - if (!X509_set_subject_name(x, req->req_info->subject)) + if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) goto end; X509_gmtime_adj(X509_get_notBefore(x), 0); @@ -731,7 +723,7 @@ int x509_main(int argc, char **argv) } else if (modulus == i) { EVP_PKEY *pkey; - pkey = X509_get_pubkey(x); + pkey = X509_get0_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Modulus=unavailable\n"); ERR_print_errors(bio_err); @@ -739,29 +731,27 @@ int x509_main(int argc, char **argv) } BIO_printf(out, "Modulus="); #ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - BN_print(out, pkey->pkey.rsa->n); + if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) + BN_print(out, EVP_PKEY_get0_RSA(pkey)->n); else #endif #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - BN_print(out, pkey->pkey.dsa->pub_key); + if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) + BN_print(out, EVP_PKEY_get0_DSA(pkey)->pub_key); else #endif BIO_printf(out, "Wrong Algorithm type"); BIO_printf(out, "\n"); - EVP_PKEY_free(pkey); } else if (pubkey == i) { EVP_PKEY *pkey; - pkey = X509_get_pubkey(x); + pkey = X509_get0_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err, "Error getting public key\n"); ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(out, pkey); - EVP_PKEY_free(pkey); } else if (C == i) { unsigned char *d; char *m; @@ -899,8 +889,13 @@ int x509_main(int argc, char **argv) goto end; } - if (badsig) - x->signature->data[x->signature->length - 1] ^= 0x1; + if (badsig) { + ASN1_BIT_STRING *signature; + unsigned char *s; + X509_get0_signature(&signature, NULL, x); + s = ASN1_STRING_data(signature); + s[ASN1_STRING_length(signature) - 1] ^= 0x1; + } if (outformat == FORMAT_ASN1) i = i2d_X509_bio(out, x); @@ -909,16 +904,6 @@ int x509_main(int argc, char **argv) i = PEM_write_bio_X509_AUX(out, x); else i = PEM_write_bio_X509(out, x); - } else if (outformat == FORMAT_NETSCAPE) { - NETSCAPE_X509 nx; - ASN1_OCTET_STRING hdr; - - hdr.data = (unsigned char *)NETSCAPE_CERT_HDR; - hdr.length = strlen(NETSCAPE_CERT_HDR); - nx.header = &hdr; - nx.cert = x; - - i = ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509), out, &nx); } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; @@ -964,15 +949,15 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, : (strlen(serialfile))) + 1; buf = app_malloc(len, "serial# buffer"); if (serialfile == NULL) { - BUF_strlcpy(buf, CAfile, len); + OPENSSL_strlcpy(buf, CAfile, len); for (p = buf; *p; p++) if (*p == '.') { *p = '\0'; break; } - BUF_strlcat(buf, POSTFIX, len); + OPENSSL_strlcat(buf, POSTFIX, len); } else - BUF_strlcpy(buf, serialfile, len); + OPENSSL_strlcpy(buf, serialfile, len); serial = load_serial(buf, create, NULL); if (serial == NULL) @@ -1004,9 +989,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509_STORE_CTX xsc; EVP_PKEY *upkey; - upkey = X509_get_pubkey(xca); + upkey = X509_get0_pubkey(xca); EVP_PKEY_copy_parameters(upkey, pkey); - EVP_PKEY_free(upkey); if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) { BIO_printf(bio_err, "Error initialising X509 store\n"); @@ -1117,8 +1101,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto err; - if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) == - NULL) + if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) goto err; if (!X509_set_pubkey(x, pkey))