version 1.30, 2021/07/15 10:15:22 |
version 1.31, 2021/07/15 10:26:43 |
|
|
#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ |
#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ |
|
|
static void lookup_fail(const char *name, const char *tag); |
static void lookup_fail(const char *name, const char *tag); |
static int certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, |
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, |
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, |
STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, |
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
char *enddate, long days, int batch, char *ext_sect, CONF * conf, |
char *enddate, long days, int batch, char *ext_sect, CONF *conf, |
int verbose, unsigned long certopt, unsigned long nameopt, |
int verbose, unsigned long certopt, unsigned long nameopt, |
int default_op, int ext_copy, int selfsign); |
int default_op, int ext_copy, int selfsign); |
static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, |
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, |
X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, |
X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, |
STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, |
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
char *enddate, long days, int batch, char *ext_sect, CONF * conf, |
char *enddate, long days, int batch, char *ext_sect, CONF *conf, |
int verbose, unsigned long certopt, unsigned long nameopt, int default_op, |
int verbose, unsigned long certopt, unsigned long nameopt, int default_op, |
int ext_copy); |
int ext_copy); |
static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, |
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, |
X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, |
X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, |
STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, |
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
char *enddate, long days, char *ext_sect, CONF * conf, int verbose, |
char *enddate, long days, char *ext_sect, CONF *conf, int verbose, |
unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); |
unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); |
static void write_new_certificate(BIO * bp, X509 * x, int output_der, |
static void write_new_certificate(BIO *bp, X509 *x, int output_der, |
int notext); |
int notext); |
static int do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, |
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, |
const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, |
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, |
STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, |
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
char *enddate, long days, int batch, int verbose, X509_REQ * req, |
char *enddate, long days, int batch, int verbose, X509_REQ *req, |
char *ext_sect, CONF * conf, unsigned long certopt, unsigned long nameopt, |
char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, |
int default_op, int ext_copy, int selfsign); |
int default_op, int ext_copy, int selfsign); |
static int do_revoke(X509 * x509, CA_DB * db, int ext, char *extval); |
static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); |
static int get_certificate_status(const char *serial, CA_DB * db); |
static int get_certificate_status(const char *serial, CA_DB *db); |
static int do_updatedb(CA_DB * db); |
static int do_updatedb(CA_DB *db); |
static int check_time_format(const char *str); |
static int check_time_format(const char *str); |
static char * bin2hex(unsigned char *, size_t); |
static char *bin2hex(unsigned char *, size_t); |
char *make_revocation_str(int rev_type, char *rev_arg); |
char *make_revocation_str(int rev_type, char *rev_arg); |
int make_revoked(X509_REVOKED * rev, const char *str); |
int make_revoked(X509_REVOKED *rev, const char *str); |
int old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str); |
int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); |
|
|
static CONF *conf = NULL; |
static CONF *conf = NULL; |
static CONF *extconf = NULL; |
static CONF *extconf = NULL; |
|
|
char *serial_status; |
char *serial_status; |
char *section; |
char *section; |
int selfsign; |
int selfsign; |
STACK_OF(OPENSSL_STRING) * sigopts; |
STACK_OF(OPENSSL_STRING) *sigopts; |
char *spkac_file; |
char *spkac_file; |
char *ss_cert_file; |
char *ss_cert_file; |
char *startdate; |
char *startdate; |
|
|
ASN1_INTEGER *tmpserial; |
ASN1_INTEGER *tmpserial; |
char *f; |
char *f; |
const char *p; |
const char *p; |
char *const * pp; |
char *const *pp; |
int i, j; |
int i, j; |
const EVP_MD *dgst = NULL; |
const EVP_MD *dgst = NULL; |
STACK_OF(CONF_VALUE) * attribs = NULL; |
STACK_OF(CONF_VALUE) *attribs = NULL; |
STACK_OF(X509) * cert_sk = NULL; |
STACK_OF(X509) *cert_sk = NULL; |
char *tofree = NULL; |
char *tofree = NULL; |
DB_ATTR db_attr; |
DB_ATTR db_attr; |
|
|
|
|
} |
} |
|
|
static int |
static int |
certify(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, |
certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, |
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, |
STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, |
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
char *enddate, long days, int batch, char *ext_sect, CONF * lconf, |
char *enddate, long days, int batch, char *ext_sect, CONF *lconf, |
int verbose, unsigned long certopt, unsigned long nameopt, int default_op, |
int verbose, unsigned long certopt, unsigned long nameopt, int default_op, |
int ext_copy, int selfsign) |
int ext_copy, int selfsign) |
{ |
{ |
|
|
} |
} |
|
|
static int |
static int |
certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, |
certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, |
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, |
STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, |
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
char *enddate, long days, int batch, char *ext_sect, CONF * lconf, |
char *enddate, long days, int batch, char *ext_sect, CONF *lconf, |
int verbose, unsigned long certopt, unsigned long nameopt, int default_op, |
int verbose, unsigned long certopt, unsigned long nameopt, int default_op, |
int ext_copy) |
int ext_copy) |
{ |
{ |
|
|
} |
} |
|
|
static int |
static int |
do_body(X509 ** xret, EVP_PKEY * pkey, X509 * x509, const EVP_MD * dgst, |
do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, |
STACK_OF(OPENSSL_STRING) * sigopts, STACK_OF(CONF_VALUE) * policy, |
STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, |
CA_DB * db, BIGNUM * serial, char *subj, unsigned long chtype, int multirdn, |
CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, |
int email_dn, char *startdate, char *enddate, long days, int batch, |
int email_dn, char *startdate, char *enddate, long days, int batch, |
int verbose, X509_REQ * req, char *ext_sect, CONF * lconf, |
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, |
unsigned long certopt, unsigned long nameopt, int default_op, |
unsigned long certopt, unsigned long nameopt, int default_op, |
int ext_copy, int selfsign) |
int ext_copy, int selfsign) |
{ |
{ |
|
|
} |
} |
|
|
static void |
static void |
write_new_certificate(BIO * bp, X509 * x, int output_der, int notext) |
write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) |
{ |
{ |
if (output_der) { |
if (output_der) { |
(void) i2d_X509_bio(bp, x); |
(void) i2d_X509_bio(bp, x); |
|
|
} |
} |
|
|
static int |
static int |
certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509, |
certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, |
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, |
STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, |
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
unsigned long chtype, int multirdn, int email_dn, char *startdate, |
char *enddate, long days, char *ext_sect, CONF * lconf, int verbose, |
char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, |
unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) |
unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) |
{ |
{ |
STACK_OF(CONF_VALUE) * sk = NULL; |
STACK_OF(CONF_VALUE) *sk = NULL; |
LHASH_OF(CONF_VALUE) * parms = NULL; |
LHASH_OF(CONF_VALUE) *parms = NULL; |
X509_REQ *req = NULL; |
X509_REQ *req = NULL; |
CONF_VALUE *cv = NULL; |
CONF_VALUE *cv = NULL; |
NETSCAPE_SPKI *spki = NULL; |
NETSCAPE_SPKI *spki = NULL; |
|
|
} |
} |
|
|
static int |
static int |
do_revoke(X509 * x509, CA_DB * db, int type, char *value) |
do_revoke(X509 *x509, CA_DB *db, int type, char *value) |
{ |
{ |
ASN1_UTCTIME *tm = NULL; |
ASN1_UTCTIME *tm = NULL; |
char *row[DB_NUMBER], **rrow, **irow; |
char *row[DB_NUMBER], **rrow, **irow; |
|
|
} |
} |
|
|
static int |
static int |
get_certificate_status(const char *serial, CA_DB * db) |
get_certificate_status(const char *serial, CA_DB *db) |
{ |
{ |
char *row[DB_NUMBER], **rrow; |
char *row[DB_NUMBER], **rrow; |
int ok = -1, i; |
int ok = -1, i; |
|
|
} |
} |
|
|
static int |
static int |
do_updatedb(CA_DB * db) |
do_updatedb(CA_DB *db) |
{ |
{ |
ASN1_UTCTIME *a_tm = NULL; |
ASN1_UTCTIME *a_tm = NULL; |
int i, cnt = 0; |
int i, cnt = 0; |
|
|
*/ |
*/ |
|
|
int |
int |
make_revoked(X509_REVOKED * rev, const char *str) |
make_revoked(X509_REVOKED *rev, const char *str) |
{ |
{ |
char *tmp = NULL; |
char *tmp = NULL; |
int reason_code = -1; |
int reason_code = -1; |
|
|
} |
} |
|
|
int |
int |
old_entry_print(BIO * bp, ASN1_OBJECT * obj, ASN1_STRING * str) |
old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) |
{ |
{ |
char buf[25], *pbuf, *p; |
char buf[25], *pbuf, *p; |
int j; |
int j; |
|
|
} |
} |
|
|
int |
int |
unpack_revinfo(ASN1_TIME ** prevtm, int *preason, ASN1_OBJECT ** phold, |
unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, |
ASN1_GENERALIZEDTIME ** pinvtm, const char *str) |
ASN1_GENERALIZEDTIME **pinvtm, const char *str) |
{ |
{ |
char *tmp = NULL; |
char *tmp = NULL; |
char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; |
char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; |
|
|
} |
} |
|
|
static char * |
static char * |
bin2hex(unsigned char * data, size_t len) |
bin2hex(unsigned char *data, size_t len) |
{ |
{ |
char *ret = NULL; |
char *ret = NULL; |
char hex[] = "0123456789ABCDEF"; |
char hex[] = "0123456789ABCDEF"; |