=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/ca.c,v retrieving revision 1.30 retrieving revision 1.31 diff -c -r1.30 -r1.31 *** src/usr.bin/openssl/ca.c 2021/07/15 10:15:22 1.30 --- src/usr.bin/openssl/ca.c 2021/07/15 10:26:43 1.31 *************** *** 1,4 **** ! /* $OpenBSD: ca.c,v 1.30 2021/07/15 10:15:22 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: ca.c,v 1.31 2021/07/15 10:26:43 inoguchi Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 121,163 **** #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ static void lookup_fail(const char *name, const char *tag); ! static int certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, ! const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, ! STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF * conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); ! static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, ! X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, ! STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF * conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); ! static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, ! X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, ! STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, char *ext_sect, CONF * conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); ! static void write_new_certificate(BIO * bp, X509 * x, int output_der, int notext); ! static int do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, ! const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, ! STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, int verbose, X509_REQ * req, ! char *ext_sect, CONF * conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); ! static int do_revoke(X509 * x509, CA_DB * db, int ext, char *extval); ! static int get_certificate_status(const char *serial, CA_DB * db); ! static int do_updatedb(CA_DB * db); static int check_time_format(const char *str); ! static char * bin2hex(unsigned char *, size_t); char *make_revocation_str(int rev_type, char *rev_arg); ! int make_revoked(X509_REVOKED * rev, const char *str); ! int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str); static CONF *conf = NULL; static CONF *extconf = NULL; --- 121,163 ---- #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ static void lookup_fail(const char *name, const char *tag); ! static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ! const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, ! STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); ! static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, ! X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, ! STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); ! static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, ! X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, ! STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); ! static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); ! static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, ! const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, ! STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, int verbose, X509_REQ *req, ! char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); ! static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); ! static int get_certificate_status(const char *serial, CA_DB *db); ! static int do_updatedb(CA_DB *db); static int check_time_format(const char *str); ! static char *bin2hex(unsigned char *, size_t); char *make_revocation_str(int rev_type, char *rev_arg); ! int make_revoked(X509_REVOKED *rev, const char *str); ! int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); static CONF *conf = NULL; static CONF *extconf = NULL; *************** *** 201,207 **** char *serial_status; char *section; int selfsign; ! STACK_OF(OPENSSL_STRING) * sigopts; char *spkac_file; char *ss_cert_file; char *startdate; --- 201,207 ---- char *serial_status; char *section; int selfsign; ! STACK_OF(OPENSSL_STRING) *sigopts; char *spkac_file; char *ss_cert_file; char *startdate; *************** *** 677,687 **** ASN1_INTEGER *tmpserial; char *f; const char *p; ! char *const * pp; int i, j; const EVP_MD *dgst = NULL; ! STACK_OF(CONF_VALUE) * attribs = NULL; ! STACK_OF(X509) * cert_sk = NULL; char *tofree = NULL; DB_ATTR db_attr; --- 677,687 ---- ASN1_INTEGER *tmpserial; char *f; const char *p; ! char *const *pp; int i, j; const EVP_MD *dgst = NULL; ! STACK_OF(CONF_VALUE) *attribs = NULL; ! STACK_OF(X509) *cert_sk = NULL; char *tofree = NULL; DB_ATTR db_attr; *************** *** 1535,1545 **** } static int ! certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, ! const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, ! STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF * lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { --- 1535,1545 ---- } static int ! certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ! const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, ! STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { *************** *** 1603,1613 **** } static int ! certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, ! const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, ! STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF * lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { --- 1603,1613 ---- } static int ! certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ! const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, ! STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { *************** *** 1660,1670 **** } static int ! do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst, ! STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy, ! CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, ! int verbose, X509_REQ * req, char *ext_sect, CONF * lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { --- 1660,1670 ---- } static int ! do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, ! STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, ! CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, ! int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { *************** *** 2178,2184 **** } static void ! write_new_certificate(BIO * bp, X509 * x, int output_der, int notext) { if (output_der) { (void) i2d_X509_bio(bp, x); --- 2178,2184 ---- } static void ! write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) { if (output_der) { (void) i2d_X509_bio(bp, x); *************** *** 2190,2204 **** } static int ! certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, ! const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, ! STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, char *ext_sect, CONF * lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { ! STACK_OF(CONF_VALUE) * sk = NULL; ! LHASH_OF(CONF_VALUE) * parms = NULL; X509_REQ *req = NULL; CONF_VALUE *cv = NULL; NETSCAPE_SPKI *spki = NULL; --- 2190,2204 ---- } static int ! certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ! const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, ! STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, ! char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { ! STACK_OF(CONF_VALUE) *sk = NULL; ! LHASH_OF(CONF_VALUE) *parms = NULL; X509_REQ *req = NULL; CONF_VALUE *cv = NULL; NETSCAPE_SPKI *spki = NULL; *************** *** 2331,2337 **** } static int ! do_revoke(X509 * x509, CA_DB * db, int type, char *value) { ASN1_UTCTIME *tm = NULL; char *row[DB_NUMBER], **rrow, **irow; --- 2331,2337 ---- } static int ! do_revoke(X509 *x509, CA_DB *db, int type, char *value) { ASN1_UTCTIME *tm = NULL; char *row[DB_NUMBER], **rrow, **irow; *************** *** 2443,2449 **** } static int ! get_certificate_status(const char *serial, CA_DB * db) { char *row[DB_NUMBER], **rrow; int ok = -1, i; --- 2443,2449 ---- } static int ! get_certificate_status(const char *serial, CA_DB *db) { char *row[DB_NUMBER], **rrow; int ok = -1, i; *************** *** 2515,2521 **** } static int ! do_updatedb(CA_DB * db) { ASN1_UTCTIME *a_tm = NULL; int i, cnt = 0; --- 2515,2521 ---- } static int ! do_updatedb(CA_DB *db) { ASN1_UTCTIME *a_tm = NULL; int i, cnt = 0; *************** *** 2680,2686 **** */ int ! make_revoked(X509_REVOKED * rev, const char *str) { char *tmp = NULL; int reason_code = -1; --- 2680,2686 ---- */ int ! make_revoked(X509_REVOKED *rev, const char *str) { char *tmp = NULL; int reason_code = -1; *************** *** 2733,2739 **** } int ! old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str) { char buf[25], *pbuf, *p; int j; --- 2733,2739 ---- } int ! old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) { char buf[25], *pbuf, *p; int j; *************** *** 2774,2781 **** } int ! unpack_revinfo(ASN1_TIME ** prevtm, int *preason, ASN1_OBJECT ** phold, ! ASN1_GENERALIZEDTIME ** pinvtm, const char *str) { char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; --- 2774,2781 ---- } int ! unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ! ASN1_GENERALIZEDTIME **pinvtm, const char *str) { char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; *************** *** 2880,2886 **** } static char * ! bin2hex(unsigned char * data, size_t len) { char *ret = NULL; char hex[] = "0123456789ABCDEF"; --- 2880,2886 ---- } static char * ! bin2hex(unsigned char *data, size_t len) { char *ret = NULL; char hex[] = "0123456789ABCDEF";