#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include <openssl/engine.h>
#ifndef W_OK
# ifdef VMS
" -days arg - number of days to certify the certificate for\n",
" -md arg - md to use, one of md2, md5, sha or sha1\n",
" -policy arg - The CA 'policy' to support\n",
-" -keyfile arg - PEM private key file\n",
+" -keyfile arg - private key file\n",
+" -keyform arg - private key file format (PEM or ENGINE)\n",
" -key arg - key to decode the private key if it is encrypted\n",
" -cert file - The CA certificate\n",
" -in file - The input PEM encoded certificate request(s)\n",
" -revoke file - Revoke a certificate (given in file)\n",
" -extensions .. - Extension section (override value in config file)\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
+" -engine e - use engine e, possibly a hardware device.\n",
NULL
};
#endif
static void lookup_fail(char *name,char *tag);
-static unsigned long index_serial_hash(char **a);
-static int index_serial_cmp(char **a, char **b);
-static unsigned long index_name_hash(char **a);
+static unsigned long index_serial_hash(const char **a);
+static int index_serial_cmp(const char **a, const char **b);
+static unsigned long index_name_hash(const char **a);
static int index_name_qual(char **a);
-static int index_name_cmp(char **a,char **b);
+static int index_name_cmp(const char **a,const char **b);
static BIGNUM *load_serial(char *serialfile);
static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
static int preserve=0;
static int msie_hack=0;
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
+
int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+ ENGINE *e = NULL;
char *key=NULL,*passargin=NULL;
int total=0;
int total_done=0;
char *policy=NULL;
char *keyfile=NULL;
char *certfile=NULL;
+ int keyform=FORMAT_PEM;
char *infile=NULL;
char *spkac_file=NULL;
char *ss_cert_file=NULL;
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
+ char *engine = NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
if (--argc < 1) goto bad;
keyfile= *(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ keyform=str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
if (--argc < 1) goto bad;
crl_ext= *(++argv);
}
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine= *(++argv);
+ }
else
{
bad:
ERR_load_crypto_strings();
+ if (engine != NULL)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine \"%s\"\n",
+ engine);
+ goto err;
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ goto err;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+
/*****************************************************************/
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
if (conf != NULL)
{
p=CONF_get_string(conf,NULL,"oid_file");
+ if (p == NULL)
+ ERR_clear_error();
if (p != NULL)
{
BIO *oid_bio;
}
randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
in=BIO_new(BIO_s_file());
BIO_printf(bio_err,"Error getting password\n");
goto err;
}
- if (BIO_read_filename(in,keyfile) <= 0)
+ if (keyform == FORMAT_ENGINE)
{
- perror(keyfile);
- BIO_printf(bio_err,"trying to load CA private key\n");
- goto err;
+ if (!e)
+ {
+ BIO_printf(bio_err,"no engine specified\n");
+ goto err;
+ }
+ pkey = ENGINE_load_private_key(e, keyfile, key);
}
+ else if (keyform == FORMAT_PEM)
+ {
+ if (BIO_read_filename(in,keyfile) <= 0)
+ {
+ perror(keyfile);
+ BIO_printf(bio_err,"trying to load CA private key\n");
+ goto err;
+ }
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
- if(key) memset(key,0,strlen(key));
+ }
+ else
+ {
+ BIO_printf(bio_err,"bad input format specified for key file\n");
+ goto err;
+ }
+ if(key) memset(key,0,strlen(key));
if (pkey == NULL)
{
BIO_printf(bio_err,"unable to load CA private key\n");
}
f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+ if (f == NULL)
+ ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
preserve=1;
f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+ if (f == NULL)
+ ERR_clear_error();
if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
msie_hack=1;
BIO_printf(bio_err,"generating index\n");
}
- if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
- index_serial_cmp))
+ if (!TXT_DB_create_index(db, DB_serial, NULL,
+ LHASH_HASH_FN(index_serial_hash),
+ LHASH_COMP_FN(index_serial_cmp)))
{
BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
goto err;
}
- if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
- index_name_cmp))
+ if (!TXT_DB_create_index(db, DB_name, index_name_qual,
+ LHASH_HASH_FN(index_name_hash),
+ LHASH_COMP_FN(index_name_cmp)))
{
BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
db->error,db->arg1,db->arg2);
lookup_fail(section,ENV_SERIAL);
goto err;
}
- if(!extensions)
+ if (!extensions)
+ {
extensions=CONF_get_string(conf,section,ENV_EXTENSIONS);
- if(extensions) {
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions)
+ {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, conf);
- if(!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL)) {
+ if (!X509V3_EXT_add_conf(conf, &ctx, extensions, NULL))
+ {
BIO_printf(bio_err,
"Error Loading extension section %s\n",
extensions);
ret = 1;
goto err;
+ }
}
- }
if (startdate == NULL)
{
startdate=CONF_get_string(conf,section,
ENV_DEFAULT_STARTDATE);
+ if (startdate == NULL)
+ ERR_clear_error();
}
if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
{
{
enddate=CONF_get_string(conf,section,
ENV_DEFAULT_ENDDATE);
+ if (enddate == NULL)
+ ERR_clear_error();
}
if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
{
/*****************************************************************/
if (gencrl)
{
- if(!crl_ext) crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
- if(crl_ext) {
+ if (!crl_ext)
+ {
+ crl_ext=CONF_get_string(conf,section,ENV_CRLEXT);
+ if (!crl_ext)
+ ERR_clear_error();
+ }
+ if (crl_ext)
+ {
/* Check syntax of file */
X509V3_CTX ctx;
X509V3_set_ctx_test(&ctx);
X509V3_set_conf_lhash(&ctx, conf);
- if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL)) {
+ if(!X509V3_EXT_add_conf(conf, &ctx, crl_ext, NULL))
+ {
BIO_printf(bio_err,
"Error Loading CRL extension section %s\n",
crl_ext);
ret = 1;
goto err;
+ }
}
- }
if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
if (!crldays && !crlhours)
if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
buf[0],BSIZE)) goto err;
- sk_X509_REVOKED_push(ci->revoked,r);
+ X509_CRL_add0_revoked(crl,r);
}
}
/* sort the data so it will be written in serial
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
-static unsigned long index_serial_hash(char **a)
+static unsigned long index_serial_hash(const char **a)
{
- char *n;
+ const char *n;
n=a[DB_serial];
while (*n == '0') n++;
return(lh_strhash(n));
}
-static int index_serial_cmp(char **a, char **b)
+static int index_serial_cmp(const char **a, const char **b)
{
- char *aa,*bb;
+ const char *aa,*bb;
for (aa=a[DB_serial]; *aa == '0'; aa++);
for (bb=b[DB_serial]; *bb == '0'; bb++);
return(strcmp(aa,bb));
}
-static unsigned long index_name_hash(char **a)
+static unsigned long index_name_hash(const char **a)
{ return(lh_strhash(a[DB_name])); }
static int index_name_qual(char **a)
{ return(a[0][0] == 'V'); }
-static int index_name_cmp(char **a, char **b)
+static int index_name_cmp(const char **a, const char **b)
{ return(strcmp(a[DB_name],
b[DB_name])); }
goto err;
}
- else if (index_name_cmp(row,rrow))
+ else if (index_name_cmp((const char **)row,(const char **)rrow))
{
BIO_printf(bio_err,"ERROR:name does not match %s\n",
row[DB_name]);