diff -Naur openca-sv-0.9.94/include/openca/apps.h openca-sv/include/openca/apps.h --- openca-sv-0.9.94/include/openca/apps.h 2004-06-17 05:03:33.000000000 +0200 +++ openca-sv/include/openca/apps.h 2004-09-13 16:19:13.000000000 +0200 @@ -108,12 +108,13 @@ * Hudson (tjh@cryptsoft.com). * */ +/* + * Copyright (c) 2002-2004 The OpenCA Project. All rights reserved. + */ #ifndef HEADER_APPS_H #define HEADER_APPS_H -#include "e_os.h" - #include <openssl/buffer.h> #include <openssl/bio.h> #include <openssl/crypto.h> @@ -124,93 +125,6 @@ #include <openssl/engine.h> #include <openssl/ossl_typ.h> -int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); -int app_RAND_write_file(const char *file, BIO *bio_e); -/* When `file' is NULL, use defaults. - * `bio_e' is for error messages. */ -void app_RAND_allow_write_file(void); -long app_RAND_load_files(char *file); /* `file' is a list of files to read, - * separated by LIST_SEPARATOR_CHAR - * (see e_os.h). The string is - * destroyed! */ - -#ifdef OPENSSL_SYS_WIN32 -#define rename(from,to) WIN32_rename((from),(to)) -int WIN32_rename(char *oldname,char *newname); -#endif - -/* VMS below version 7.0 doesn't have strcasecmp() */ -#ifdef OPENSSL_SYS_VMS -#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2)) -int VMS_strcasecmp(const char *str1, const char *str2); -#endif - -#ifndef MONOLITH - -#define MAIN(a,v) main(a,v) - -#ifndef NON_MAIN -CONF *config=NULL; -BIO *bio_err=NULL; -#else -extern CONF *config; -extern BIO *bio_err; -#endif - -#else - -#define MAIN(a,v) PROG(a,v) -extern CONF *config; -extern char *default_config_file; -extern BIO *bio_err; - -#endif - -#include <signal.h> - -#ifdef SIGPIPE -#define do_pipe_sig() signal(SIGPIPE,SIG_IGN) -#else -#define do_pipe_sig() -#endif - -#if defined(MONOLITH) && !defined(OPENSSL_C) -# define apps_startup() \ - do_pipe_sig() -# define apps_shutdown() -#else -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) -# else -# define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) -# endif -# else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ - setup_ui_method(); } while(0) -# endif -# define apps_shutdown() \ - do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); ENGINE_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) -#endif - -typedef struct args_st - { - char **data; - int count; - } ARGS; - #define PW_MIN_LENGTH 4 typedef struct pw_cb_data { @@ -220,64 +134,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); - -int setup_ui_method(void); -void destroy_ui_method(void); - -int should_retry(int i); -int args_from_file(char *file, int *argc, char **argv[]); int str2fmt(char *s); -void program_name(char *in,char *out,int size); -int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]); -#ifdef HEADER_X509_H -int dump_cert_text(BIO *out, X509 *x); -void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags); -#endif -int set_cert_ex(unsigned long *flags, const char *arg); -int set_name_ex(unsigned long *flags, const char *arg); -int set_ext_copy(int *copy_type, const char *arg); -int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2); -int add_oid_section(BIO *err, CONF *conf); X509 *load_cert(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); -EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *key_descrip); -STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip); -X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); -ENGINE *setup_engine(BIO *err, const char *engine, int debug); - -int load_config(BIO *err, CONF *cnf); - -/* Functions defined in ca.c and also used in ocsp.c */ -int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, char *str); -int make_serial_index(TXT_DB *db); - -X509_NAME *do_subject(char *str, long chtype); - -void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent); - -#define FORMAT_UNDEF 0 -#define FORMAT_ASN1 1 -#define FORMAT_TEXT 2 -#define FORMAT_PEM 3 -#define FORMAT_NETSCAPE 4 -#define FORMAT_PKCS12 5 -#define FORMAT_SMIME 6 -#define FORMAT_ENGINE 7 -#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid - * adding yet another param to load_*key() */ - -#define EXT_COPY_NONE 0 -#define EXT_COPY_ADD 1 -#define EXT_COPY_ALL 2 - -#define NETSCAPE_CERT_HDR "certificate" - -#define APP_PASS_LEN 1024 #endif diff -Naur openca-sv-0.9.94/include/openca/general.h openca-sv/include/openca/general.h --- openca-sv-0.9.94/include/openca/general.h 2004-08-24 12:14:00.000000000 +0200 +++ openca-sv/include/openca/general.h 2004-09-13 16:19:13.000000000 +0200 @@ -57,6 +57,9 @@ * [including the GNU Public Licence.] */ +#ifndef HEADER_OPENCA_SV_GENERAL_H +#define HEADER_OPENCA_SV_GENERAL_H + /* OpenCA SV tool - (c) 2000 by Massimiliano Pala and OpenCA Group */ #include <openca/config.h> @@ -108,6 +111,8 @@ #define FORMAT_PKCS12 5 #define FORMAT_SMIME 6 #define FORMAT_ENGINE 7 +#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid + * adding yet another param to load_*key() */ #define NETSCAPE_CERT_HDR "certificate" @@ -126,3 +131,5 @@ extern BIO *bio_err; extern char *INFO[]; + +# endif diff -Naur openca-sv-0.9.94/src/apps.c openca-sv/src/apps.c --- openca-sv-0.9.94/src/apps.c 2004-08-15 00:47:47.000000000 +0200 +++ openca-sv/src/apps.c 2004-09-15 11:59:03.000000000 +0200 @@ -113,7 +113,6 @@ #include <stdio.h> #include <stdlib.h> -#include <string.h> #include <sys/types.h> #include <sys/stat.h> #include <ctype.h> @@ -126,15 +125,8 @@ #include <openssl/safestack.h> #include <openssl/engine.h> -#define NON_MAIN #include <openca/apps.h> -#undef NON_MAIN - -typedef struct { - char *name; - unsigned long flag; - unsigned long mask; -} NAME_EX_TBL; +#include <openca/general.h> #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA) /* Looks like this stuff is worth moving into separate function */ @@ -571,91 +563,6 @@ /* end key loading */ /*************************************************************/ - -STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip) - { - BIO *certs; - int i; - STACK_OF(X509) *othercerts = NULL; - STACK_OF(X509_INFO) *allcerts = NULL; - X509_INFO *xi; - PW_CB_DATA cb_data; - - cb_data.password = pass; - cb_data.prompt_info = file; - - if((certs = BIO_new(BIO_s_file())) == NULL) - { - ERR_print_errors(err); - goto end; - } - - if (file == NULL) - BIO_set_fp(certs,stdin,BIO_NOCLOSE); - else - { - if (BIO_read_filename(certs,file) <= 0) - { - BIO_printf(err, "Error opening %s %s\n", - cert_descrip, file); - ERR_print_errors(err); - goto end; - } - } - - if (format == FORMAT_PEM) - { - othercerts = sk_X509_new_null(); - if(!othercerts) - { - sk_X509_free(othercerts); - othercerts = NULL; - goto end; - } - allcerts = PEM_X509_INFO_read_bio(certs, NULL, - (pem_password_cb *)password_callback, &cb_data); - for(i = 0; i < sk_X509_INFO_num(allcerts); i++) - { - xi = sk_X509_INFO_value (allcerts, i); - if (xi->x509) - { - sk_X509_push(othercerts, xi->x509); - xi->x509 = NULL; - } - } - goto end; - } - else { - BIO_printf(err,"bad input format specified for %s\n", - cert_descrip); - goto end; - } -end: - if (othercerts == NULL) - { - BIO_printf(err,"unable to load certificates\n"); - ERR_print_errors(err); - } - if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free); - if (certs != NULL) BIO_free(certs); - return(othercerts); - } - - -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -/* Return error for unknown extensions */ -#define X509V3_EXT_DEFAULT 0 -/* Print error for unknown extensions */ -#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) -/* ASN1 parse unknown extensions */ -#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) -/* BIO_dump unknown extensions */ -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) - -#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \ - X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION) - #ifndef OPENSSL_NO_ENGINE /*************************************************************/ /* BEGIN engine code */ @@ -663,8 +570,10 @@ ENGINE *load_engine (const char *name, STACK *pre_cmds, STACK *post_cmds, BIO *bio_out) { + ENGINE *e; + ENGINE_load_builtin_engines(); - ENGINE *e = ENGINE_by_id(name); + e = ENGINE_by_id(name); if(e == NULL) { if (verbose) @@ -766,4 +675,4 @@ /*************************************************************/ /* END engine code */ /*************************************************************/ -#endif +#endif /* ndef OPENSSL_NO_ENGINE */ diff -Naur openca-sv-0.9.94/src/callback.c openca-sv/src/callback.c --- openca-sv-0.9.94/src/callback.c 2002-09-10 16:42:03.000000000 +0200 +++ openca-sv/src/callback.c 2005-10-05 15:35:32.000000000 +0200 @@ -78,16 +78,17 @@ err= X509_STORE_CTX_get_error(ctx); depth= X509_STORE_CTX_get_error_depth(ctx); - X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); if( verbose ) { - if( (!chainVerify) || (verify_depth >= depth)) { + if( (!chainVerify) || (verify_depth >= depth)) { BIO_printf(bio_out,"depth:%d serial:",depth); i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(err_cert) ); - BIO_printf(bio_out," subject:%s\n",buf); - } + BIO_printf(bio_out," subject:"); + X509_NAME_print_ex (bio_out, X509_get_subject_name(err_cert), + 0, XN_FLAG_RFC2253&(~ASN1_STRFLGS_ESC_MSB)); + BIO_printf(bio_out, "\n"); + } } - if (!ok) { if (verify_depth >= depth) { ok=1; @@ -164,7 +165,8 @@ BIO_printf(bio_out,"depth:%d serial:",ctx->error_depth); i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(ctx->current_cert) ); BIO_puts (bio_out, " subject:"); - X509_NAME_print_ex (bio_out, X509_get_subject_name (ctx->current_cert), 0, XN_FLAG_RFC2253); + X509_NAME_print_ex (bio_out, X509_get_subject_name (ctx->current_cert), + 0, XN_FLAG_RFC2253&(~ASN1_STRFLGS_ESC_MSB)); BIO_puts (bio_out, "\n"); err_depth = ctx->error_depth; } diff -Naur openca-sv-0.9.94/src/sv.c openca-sv/src/sv.c --- openca-sv-0.9.94/src/sv.c 2004-08-24 12:14:00.000000000 +0200 +++ openca-sv/src/sv.c 2004-09-15 11:59:03.000000000 +0200 @@ -62,6 +62,8 @@ #include <openca/sv.h> #include <openca/tools.h> +BIO *bio_err=NULL; + int main( int argc, char *argv[]) { int cmd=-1; @@ -81,6 +83,10 @@ int flags = 0; int purpose = X509_PURPOSE_SMIME_SIGN; +#ifndef OPENSSL_NO_ENGINE + ENGINE *e; +#endif + BIO *data = NULL; BIO *org_data = NULL; BIO *output = NULL; @@ -363,7 +369,6 @@ #ifndef OPENSSL_NO_ENGINE /* engine loading */ - ENGINE *e; if (engine != NULL) { e = load_engine (engine, pre_cmds, post_cmds, bio_err); diff -Naur openca-sv-0.9.94/src/tools.c openca-sv/src/tools.c --- openca-sv-0.9.94/src/tools.c 2004-06-17 05:03:33.000000000 +0200 +++ openca-sv/src/tools.c 2004-10-05 15:25:01.000000000 +0200 @@ -1,5 +1,5 @@ /* OpenCA PKCS#7 tool - (c) 2000 by Massimiliano Pala and OpenCA Group */ -/* OpenCA PKCS#7 tool - (c) 2004 by Michael Bell and OpenCA Group */ +/* OpenCA PKCS#7 tool - (c) 2004 The OpenCA Project */ #include <openca/general.h> #include <openca/tools.h> diff -Naur openca-sv-0.9.94/src/verify-crypto.c openca-sv/src/verify-crypto.c --- openca-sv-0.9.94/src/verify-crypto.c 2004-08-24 12:14:01.000000000 +0200 +++ openca-sv/src/verify-crypto.c 2004-09-15 11:59:03.000000000 +0200 @@ -75,6 +75,7 @@ STACK_OF(PKCS7_SIGNER_INFO) *sk; X509 *x509 = NULL; X509_STORE_CTX *cert_ctx; + int error; /* Load the PKCS7 object from a file */ if ((p7=PEM_read_bio_PKCS7(signature,NULL,NULL,NULL)) == NULL) { @@ -234,7 +235,7 @@ if( err == 0 ) exit(0); - int error = ERR_get_error(); + error = ERR_get_error(); if (ERR_GET_REASON (error) == PKCS7_R_DIGEST_FAILURE) { BIO_printf (bio_err, "[Error]: Digest mismatch. Signature is wrong.\n");