diff -Naur openca-sv-0.9.94/include/openca/apps.h openca-sv/include/openca/apps.h
--- openca-sv-0.9.94/include/openca/apps.h 2004-06-17 05:03:33.000000000 +0200
+++ openca-sv/include/openca/apps.h 2004-09-13 16:19:13.000000000 +0200
@@ -108,12 +108,13 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+/*
+ * Copyright (c) 2002-2004 The OpenCA Project. All rights reserved.
+ */
#ifndef HEADER_APPS_H
#define HEADER_APPS_H
-#include "e_os.h"
-
#include <openssl/buffer.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
@@ -124,93 +125,6 @@
#include <openssl/engine.h>
#include <openssl/ossl_typ.h>
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
-int app_RAND_write_file(const char *file, BIO *bio_e);
-/* When `file' is NULL, use defaults.
- * `bio_e' is for error messages. */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
- * separated by LIST_SEPARATOR_CHAR
- * (see e_os.h). The string is
- * destroyed! */
-
-#ifdef OPENSSL_SYS_WIN32
-#define rename(from,to) WIN32_rename((from),(to))
-int WIN32_rename(char *oldname,char *newname);
-#endif
-
-/* VMS below version 7.0 doesn't have strcasecmp() */
-#ifdef OPENSSL_SYS_VMS
-#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2))
-int VMS_strcasecmp(const char *str1, const char *str2);
-#endif
-
-#ifndef MONOLITH
-
-#define MAIN(a,v) main(a,v)
-
-#ifndef NON_MAIN
-CONF *config=NULL;
-BIO *bio_err=NULL;
-#else
-extern CONF *config;
-extern BIO *bio_err;
-#endif
-
-#else
-
-#define MAIN(a,v) PROG(a,v)
-extern CONF *config;
-extern char *default_config_file;
-extern BIO *bio_err;
-
-#endif
-
-#include <signal.h>
-
-#ifdef SIGPIPE
-#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
-#else
-#define do_pipe_sig()
-#endif
-
-#if defined(MONOLITH) && !defined(OPENSSL_C)
-# define apps_startup() \
- do_pipe_sig()
-# define apps_shutdown()
-#else
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
- defined(OPENSSL_SYS_WIN32)
-# ifdef _O_BINARY
-# define apps_startup() \
- do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# else
-# define apps_startup() \
- do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# endif
-# else
-# define apps_startup() \
- do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
- ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
- setup_ui_method(); } while(0)
-# endif
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); ENGINE_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
- ERR_free_strings(); } while(0)
-#endif
-
-typedef struct args_st
- {
- char **data;
- int count;
- } ARGS;
-
#define PW_MIN_LENGTH 4
typedef struct pw_cb_data
{
@@ -220,64 +134,11 @@
int password_callback(char *buf, int bufsiz, int verify,
PW_CB_DATA *cb_data);
-
-int setup_ui_method(void);
-void destroy_ui_method(void);
-
-int should_retry(int i);
-int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
-void program_name(char *in,char *out,int size);
-int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#ifdef HEADER_X509_H
-int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
-#endif
-int set_cert_ex(unsigned long *flags, const char *arg);
-int set_name_ex(unsigned long *flags, const char *arg);
-int set_ext_copy(int *copy_type, const char *arg);
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, CONF *conf);
X509 *load_cert(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-
-int load_config(BIO *err, CONF *cnf);
-
-/* Functions defined in ca.c and also used in ocsp.c */
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
- ASN1_GENERALIZEDTIME **pinvtm, char *str);
-int make_serial_index(TXT_DB *db);
-
-X509_NAME *do_subject(char *str, long chtype);
-
-void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent);
-
-#define FORMAT_UNDEF 0
-#define FORMAT_ASN1 1
-#define FORMAT_TEXT 2
-#define FORMAT_PEM 3
-#define FORMAT_NETSCAPE 4
-#define FORMAT_PKCS12 5
-#define FORMAT_SMIME 6
-#define FORMAT_ENGINE 7
-#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
- * adding yet another param to load_*key() */
-
-#define EXT_COPY_NONE 0
-#define EXT_COPY_ADD 1
-#define EXT_COPY_ALL 2
-
-#define NETSCAPE_CERT_HDR "certificate"
-
-#define APP_PASS_LEN 1024
#endif
diff -Naur openca-sv-0.9.94/include/openca/general.h openca-sv/include/openca/general.h
--- openca-sv-0.9.94/include/openca/general.h 2004-08-24 12:14:00.000000000 +0200
+++ openca-sv/include/openca/general.h 2004-09-13 16:19:13.000000000 +0200
@@ -57,6 +57,9 @@
* [including the GNU Public Licence.]
*/
+#ifndef HEADER_OPENCA_SV_GENERAL_H
+#define HEADER_OPENCA_SV_GENERAL_H
+
/* OpenCA SV tool - (c) 2000 by Massimiliano Pala and OpenCA Group */
#include <openca/config.h>
@@ -108,6 +111,8 @@
#define FORMAT_PKCS12 5
#define FORMAT_SMIME 6
#define FORMAT_ENGINE 7
+#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
+ * adding yet another param to load_*key() */
#define NETSCAPE_CERT_HDR "certificate"
@@ -126,3 +131,5 @@
extern BIO *bio_err;
extern char *INFO[];
+
+# endif
diff -Naur openca-sv-0.9.94/src/apps.c openca-sv/src/apps.c
--- openca-sv-0.9.94/src/apps.c 2004-08-15 00:47:47.000000000 +0200
+++ openca-sv/src/apps.c 2004-09-15 11:59:03.000000000 +0200
@@ -113,7 +113,6 @@
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <ctype.h>
@@ -126,15 +125,8 @@
#include <openssl/safestack.h>
#include <openssl/engine.h>
-#define NON_MAIN
#include <openca/apps.h>
-#undef NON_MAIN
-
-typedef struct {
- char *name;
- unsigned long flag;
- unsigned long mask;
-} NAME_EX_TBL;
+#include <openca/general.h>
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
/* Looks like this stuff is worth moving into separate function */
@@ -571,91 +563,6 @@
/* end key loading */
/*************************************************************/
-
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
- {
- BIO *certs;
- int i;
- STACK_OF(X509) *othercerts = NULL;
- STACK_OF(X509_INFO) *allcerts = NULL;
- X509_INFO *xi;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if((certs = BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
-
- if (file == NULL)
- BIO_set_fp(certs,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(certs,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- cert_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- }
-
- if (format == FORMAT_PEM)
- {
- othercerts = sk_X509_new_null();
- if(!othercerts)
- {
- sk_X509_free(othercerts);
- othercerts = NULL;
- goto end;
- }
- allcerts = PEM_X509_INFO_read_bio(certs, NULL,
- (pem_password_cb *)password_callback, &cb_data);
- for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
- {
- xi = sk_X509_INFO_value (allcerts, i);
- if (xi->x509)
- {
- sk_X509_push(othercerts, xi->x509);
- xi->x509 = NULL;
- }
- }
- goto end;
- }
- else {
- BIO_printf(err,"bad input format specified for %s\n",
- cert_descrip);
- goto end;
- }
-end:
- if (othercerts == NULL)
- {
- BIO_printf(err,"unable to load certificates\n");
- ERR_print_errors(err);
- }
- if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
- if (certs != NULL) BIO_free(certs);
- return(othercerts);
- }
-
-
-#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT 0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
-
-#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
- X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
-
#ifndef OPENSSL_NO_ENGINE
/*************************************************************/
/* BEGIN engine code */
@@ -663,8 +570,10 @@
ENGINE *load_engine (const char *name, STACK *pre_cmds, STACK *post_cmds, BIO *bio_out)
{
+ ENGINE *e;
+
ENGINE_load_builtin_engines();
- ENGINE *e = ENGINE_by_id(name);
+ e = ENGINE_by_id(name);
if(e == NULL)
{
if (verbose)
@@ -766,4 +675,4 @@
/*************************************************************/
/* END engine code */
/*************************************************************/
-#endif
+#endif /* ndef OPENSSL_NO_ENGINE */
diff -Naur openca-sv-0.9.94/src/callback.c openca-sv/src/callback.c
--- openca-sv-0.9.94/src/callback.c 2002-09-10 16:42:03.000000000 +0200
+++ openca-sv/src/callback.c 2005-10-05 15:35:32.000000000 +0200
@@ -78,16 +78,17 @@
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
if( verbose ) {
- if( (!chainVerify) || (verify_depth >= depth)) {
+ if( (!chainVerify) || (verify_depth >= depth)) {
BIO_printf(bio_out,"depth:%d serial:",depth);
i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(err_cert) );
- BIO_printf(bio_out," subject:%s\n",buf);
- }
+ BIO_printf(bio_out," subject:");
+ X509_NAME_print_ex (bio_out, X509_get_subject_name(err_cert),
+ 0, XN_FLAG_RFC2253&(~ASN1_STRFLGS_ESC_MSB));
+ BIO_printf(bio_out, "\n");
+ }
}
-
if (!ok) {
if (verify_depth >= depth) {
ok=1;
@@ -164,7 +165,8 @@
BIO_printf(bio_out,"depth:%d serial:",ctx->error_depth);
i2a_ASN1_INTEGER( bio_out, X509_get_serialNumber(ctx->current_cert) );
BIO_puts (bio_out, " subject:");
- X509_NAME_print_ex (bio_out, X509_get_subject_name (ctx->current_cert), 0, XN_FLAG_RFC2253);
+ X509_NAME_print_ex (bio_out, X509_get_subject_name (ctx->current_cert),
+ 0, XN_FLAG_RFC2253&(~ASN1_STRFLGS_ESC_MSB));
BIO_puts (bio_out, "\n");
err_depth = ctx->error_depth;
}
diff -Naur openca-sv-0.9.94/src/sv.c openca-sv/src/sv.c
--- openca-sv-0.9.94/src/sv.c 2004-08-24 12:14:00.000000000 +0200
+++ openca-sv/src/sv.c 2004-09-15 11:59:03.000000000 +0200
@@ -62,6 +62,8 @@
#include <openca/sv.h>
#include <openca/tools.h>
+BIO *bio_err=NULL;
+
int main( int argc, char *argv[]) {
int cmd=-1;
@@ -81,6 +83,10 @@
int flags = 0;
int purpose = X509_PURPOSE_SMIME_SIGN;
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *e;
+#endif
+
BIO *data = NULL;
BIO *org_data = NULL;
BIO *output = NULL;
@@ -363,7 +369,6 @@
#ifndef OPENSSL_NO_ENGINE
/* engine loading */
- ENGINE *e;
if (engine != NULL)
{
e = load_engine (engine, pre_cmds, post_cmds, bio_err);
diff -Naur openca-sv-0.9.94/src/tools.c openca-sv/src/tools.c
--- openca-sv-0.9.94/src/tools.c 2004-06-17 05:03:33.000000000 +0200
+++ openca-sv/src/tools.c 2004-10-05 15:25:01.000000000 +0200
@@ -1,5 +1,5 @@
/* OpenCA PKCS#7 tool - (c) 2000 by Massimiliano Pala and OpenCA Group */
-/* OpenCA PKCS#7 tool - (c) 2004 by Michael Bell and OpenCA Group */
+/* OpenCA PKCS#7 tool - (c) 2004 The OpenCA Project */
#include <openca/general.h>
#include <openca/tools.h>
diff -Naur openca-sv-0.9.94/src/verify-crypto.c openca-sv/src/verify-crypto.c
--- openca-sv-0.9.94/src/verify-crypto.c 2004-08-24 12:14:01.000000000 +0200
+++ openca-sv/src/verify-crypto.c 2004-09-15 11:59:03.000000000 +0200
@@ -75,6 +75,7 @@
STACK_OF(PKCS7_SIGNER_INFO) *sk;
X509 *x509 = NULL;
X509_STORE_CTX *cert_ctx;
+ int error;
/* Load the PKCS7 object from a file */
if ((p7=PEM_read_bio_PKCS7(signature,NULL,NULL,NULL)) == NULL) {
@@ -234,7 +235,7 @@
if( err == 0 )
exit(0);
- int error = ERR_get_error();
+ error = ERR_get_error();
if (ERR_GET_REASON (error) == PKCS7_R_DIGEST_FAILURE)
{
BIO_printf (bio_err, "[Error]: Digest mismatch. Signature is wrong.\n");
