From 82fc1d9c28e834549f61e4c91b3f6bbdf4c48153 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 3 Feb 2000 02:56:48 +0000 Subject: [PATCH] Add new -notext option to 'ca', -pubkey option to spkac. Remove some "WTF??" casts from applications. Fixes to keep VC++ happy and avoid warnings. Docs tidy. --- CHANGES | 3 +++ apps/ca.c | 21 +++++++++++---------- apps/dsaparam.c | 11 +++++------ apps/rsa.c | 2 +- apps/s_client.c | 2 +- apps/s_server.c | 4 ++-- apps/s_time.c | 2 +- apps/spkac.c | 32 +++++++++++++++++++------------- crypto/dsa/dsa.h | 2 +- crypto/dsa/dsa_gen.c | 3 ++- crypto/dsa/dsatest.c | 10 +++++----- crypto/ebcdic.c | 6 +++++- doc/apps/ca.pod | 5 +++++ doc/apps/spkac.pod | 6 ++++++ doc/crypto/err.pod | 15 ++++++++++++--- ssl/ssl_ciph.c | 2 +- 16 files changed, 80 insertions(+), 46 deletions(-) diff --git a/CHANGES b/CHANGES index 4e672597ab..d49e01bdb4 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'. + [Steve Henson] + *) Use a less unusual form of the Miller-Rabin primality test (it used a binary algorithm for exponentiation integrated into the Miller-Rabin loop, our standard modexp algorithms are faster). diff --git a/apps/ca.c b/apps/ca.c index ff11c2a05a..55a7ff7816 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -200,7 +200,7 @@ static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, char *enddate, int days, char *ext_sect,LHASH *conf, int verbose); static int fix_data(int nid, int *type); -static void write_new_certificate(BIO *bp, X509 *x, int output_der); +static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *startdate, char *enddate, int days, int batch, int verbose, @@ -247,6 +247,7 @@ int MAIN(int argc, char **argv) char *enddate=NULL; int days=0; int batch=0; + int notext=0; X509 *x509=NULL; X509 *x=NULL; BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; @@ -357,6 +358,8 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; outdir= *(++argv); } + else if (strcmp(*argv,"-notext") == 0) + notext=1; else if (strcmp(*argv,"-batch") == 0) batch=1; else if (strcmp(*argv,"-preserveDN") == 0) @@ -984,8 +987,8 @@ bad: perror(buf[2]); goto err; } - write_new_certificate(Cout,x, 0); - write_new_certificate(Sout,x, output_der); + write_new_certificate(Cout,x, 0, notext); + write_new_certificate(Sout,x, output_der, notext); } if (sk_num(cert_sk)) @@ -1893,17 +1896,16 @@ err: return(ok); } -static void write_new_certificate(BIO *bp, X509 *x, int output_der) +static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) { - char *f; - char buf[256]; if (output_der) { (void)i2d_X509_bio(bp,x); return; } - +#if 0 + /* ??? Not needed since X509_print prints all this stuff anyway */ f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256); BIO_printf(bp,"issuer :%s\n",f); @@ -1913,10 +1915,9 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der) BIO_puts(bp,"serial :"); i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber); BIO_puts(bp,"\n\n"); - X509_print(bp,x); - BIO_puts(bp,"\n"); +#endif + if(!notext)X509_print(bp,x); PEM_write_bio_X509(bp,x); - BIO_puts(bp,"\n"); } static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 7d4a12f562..47d92cc10d 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -84,7 +84,7 @@ * -genkey */ -static void MS_CALLBACK dsa_cb(int p, int n, char *arg); +static void MS_CALLBACK dsa_cb(int p, int n, void *arg); int MAIN(int argc, char **argv) { DSA *dsa=NULL; @@ -225,8 +225,7 @@ bad: assert(need_rand); BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); - dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, - dsa_cb,(char *)bio_err); + dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err); } else if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); @@ -350,7 +349,7 @@ end: EXIT(ret); } -static void MS_CALLBACK dsa_cb(int p, int n, char *arg) +static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; @@ -358,8 +357,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg,&c,1); + (void)BIO_flush(arg); #ifdef LINT p=n; #endif diff --git a/apps/rsa.c b/apps/rsa.c index e5726938a9..2df3fe374c 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -271,7 +271,7 @@ bad: } } p=(unsigned char *)buf->data; - rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL); + rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL); BUF_MEM_free(buf); } #endif diff --git a/apps/s_client.c b/apps/s_client.c index c9b52e6a99..0e158121c8 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -376,7 +376,7 @@ bad: } - con=(SSL *)SSL_new(ctx); + con=SSL_new(ctx); /* SSL_set_cipher_list(con,"RC4-MD5"); */ re_start: diff --git a/apps/s_server.c b/apps/s_server.c index ac86a8ab4d..87abdfad89 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -782,7 +782,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) #endif if (con == NULL) { - con=(SSL *)SSL_new(ctx); + con=SSL_new(ctx); if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); @@ -1150,7 +1150,7 @@ static int www_body(char *hostname, int s, unsigned char *context) /* lets make the output buffer a reasonable size */ if (!BIO_set_write_buffer_size(io,bufsize)) goto err; - if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; + if ((con=SSL_new(ctx)) == NULL) goto err; if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); diff --git a/apps/s_time.c b/apps/s_time.c index 1653195b3f..c17ede4f41 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -632,7 +632,7 @@ static SSL *doConnection(SSL *scon) BIO_set_conn_hostname(conn,host); if (scon == NULL) - serverCon=(SSL *)SSL_new(tm_ctx); + serverCon=SSL_new(tm_ctx); else { serverCon=scon; diff --git a/apps/spkac.c b/apps/spkac.c index f25f4ce9a2..34b0026e01 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -79,11 +79,11 @@ int MAIN(int argc, char **argv) { int i,badops=0, ret = 1; BIO *in = NULL,*out = NULL, *key = NULL; - int verify=0,noout=0; + int verify=0,noout=0,pubkey=0; char *infile = NULL,*outfile = NULL,*prog; char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; - LHASH *conf; + LHASH *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; @@ -128,6 +128,8 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-noout") == 0) noout=1; + else if (strcmp(*argv,"-pubkey") == 0) + pubkey=1; else if (strcmp(*argv,"-verify") == 0) verify=1; else badops = 1; @@ -138,13 +140,16 @@ int MAIN(int argc, char **argv) if (badops) { bad: - BIO_printf(bio_err,"%s [options] outfile\n",prog); + BIO_printf(bio_err,"%s [options]\n",prog); BIO_printf(bio_err,"where options are\n"); - BIO_printf(bio_err," -in arg input file\n"); - BIO_printf(bio_err," -out arg output file\n"); - BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); - BIO_printf(bio_err," -noout don't print SPKAC\n"); - BIO_printf(bio_err," -verify verify SPKAC signature\n"); + BIO_printf(bio_err," -in arg input file\n"); + BIO_printf(bio_err," -out arg output file\n"); + BIO_printf(bio_err," -key arg create SPKAC using private key\n"); + BIO_printf(bio_err," -challenge arg challenge string\n"); + BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); + BIO_printf(bio_err," -noout don't print SPKAC\n"); + BIO_printf(bio_err," -pubkey output public key\n"); + BIO_printf(bio_err," -verify verify SPKAC signature\n"); goto end; } @@ -180,6 +185,7 @@ bad: goto end; } BIO_printf(out, "SPKAC=%s\n", spkstr); + Free(spkstr); ret = 0; goto end; } @@ -212,6 +218,7 @@ bad: } spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); + if(!spki) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); @@ -228,11 +235,9 @@ bad: } if(!noout) NETSCAPE_SPKI_print(out, spki); + pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { - EVP_PKEY *pktmp; - pktmp = NETSCAPE_SPKI_get_pubkey(spki); - i = NETSCAPE_SPKI_verify(spki, pktmp); - EVP_PKEY_free(pktmp); + i = NETSCAPE_SPKI_verify(spki, pkey); if(i) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); @@ -240,15 +245,16 @@ bad: goto end; } } + if(pubkey) PEM_write_bio_PUBKEY(out, pkey); ret = 0; end: + CONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free(out); BIO_free(key); EVP_PKEY_free(pkey); - if(spkstr) Free(spkstr); EXIT(ret); } diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index e59c7d293f..68d9912cbc 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -182,7 +182,7 @@ DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret,void - (*callback)(),void *cb_arg); + (*callback)(int, int, void *),void *cb_arg); int DSA_generate_key(DSA *a); int i2d_DSAPublicKey(DSA *a, unsigned char **pp); int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 248a70be4a..65602dda77 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -80,7 +80,8 @@ #include DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, void (*callback)(), + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), void *cb_arg) { int ok=0; diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index f096ed0688..0705060071 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -84,7 +84,7 @@ int main(int argc, char *argv[]) #define MS_CALLBACK #endif -static void MS_CALLBACK dsa_cb(int p, int n, char *arg); +static void MS_CALLBACK dsa_cb(int p, int n, void *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -145,7 +145,7 @@ int main(int argc, char **argv) BIO_printf(bio_err,"test generation of DSA parameters\n"); - dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,(char *)bio_err); + dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); BIO_printf(bio_err,"seed\n"); for (i=0; i<20; i+=4) @@ -209,7 +209,7 @@ end: return(0); } -static void MS_CALLBACK dsa_cb(int p, int n, char *arg) +static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; static int ok=0,num=0; @@ -218,8 +218,8 @@ static void MS_CALLBACK dsa_cb(int p, int n, char *arg) if (p == 1) c='+'; if (p == 2) { c='*'; ok++; } if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); + BIO_write(arg,&c,1); + (void)BIO_flush(arg); if (!ok && (p == 0) && (num > 1)) { diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c index 1f69b0cc1a..31397b2add 100644 --- a/crypto/ebcdic.c +++ b/crypto/ebcdic.c @@ -210,4 +210,8 @@ ascii2ebcdic(void *dest, const void *srce, size_t count) return dest; } -#endif /*CHARSET_EBCDIC*/ +#else /*CHARSET_EBCDIC*/ +#ifdef PEDANTIC +static void *dummy=&dummy; +#endif +#endif diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index d36c7e5dd7..02769121d3 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -26,6 +26,7 @@ B B [B<-cert file>] [B<-in file>] [B<-out file>] +[B<-notext>] [B<-outdir dir>] [B<-infiles>] [B<-spkac file>] @@ -102,6 +103,10 @@ the 'ps' utility) this option should be used with caution. this prints extra details about the operations being performed. +=item B<-notext> + +don't output the text form of a certificate to the output file. + =item B<-startdate date> this allows the start date to be explicitly set. The format of the diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod index 2151d3f69f..c58768e8b3 100644 --- a/doc/apps/spkac.pod +++ b/doc/apps/spkac.pod @@ -11,6 +11,7 @@ B B [B<-out filename>] [B<-key keyfile>] [B<-challenge string>] +[B<-pubkey>] [B<-spkac spkacname>] [B<-spksect section>] [B<-noout>] @@ -63,6 +64,11 @@ SPKAC. The default is the default section. don't output the text version of the SPKAC (not used if an SPKAC is being created). +=item B<-pubkey> + +output the public key of an SPKAC (not used if an SPKAC is +being created). + =item B<-verify> verifies the digital signature on the supplied SPKAC. diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index e639dbd81e..6273a62e15 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -84,14 +84,23 @@ descriptions. For example, the function ssl23_read() reports a SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); +Function and reason codes should consist of upper case characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as "SSL23_READ" in the above example. + +The trailing section of a reason code (after the "_R_") is translated +into lower case and and underscores changed to spaces. + When you are using new function or reason codes, run B. The necessary B<#define>s will then automatically be added to the sub-library's header file. Although a library will normally report errors using its own specific -macro, a different macro is used. This is normally only done when a -library wants to include ASN1 code which must user the ASN1 libraries -error macro. +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include ASN1 code which must use +the ASN1err() macro. =head2 Adding new libraries diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 12b02a8d7c..04294e2f86 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -313,7 +313,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { - unsigned int i, list_num; + int i, list_num; SSL_CIPHER *c; /* -- 2.34.1