X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fca.c;h=25717283b0e7ffb17d14e3564c237899a4cf1949;hb=4913b88f704bd6cf2d6b5afa202ea4f9317422eb;hp=15c57416242f5abf885f50d40a99b41a443cc86c;hpb=10c85057348cf34d0d55cba90904fb37f1a124f6;p=oweals%2Fopenssl.git diff --git a/apps/ca.c b/apps/ca.c index 15c5741624..25717283b0 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -105,6 +105,9 @@ #define ENV_DEFAULT_CA "default_ca" +#define STRING_MASK "string_mask" +#define UTF8_IN "utf8" + #define ENV_DIR "dir" #define ENV_CERTS "certs" #define ENV_CRL_DIR "crl_dir" @@ -143,7 +146,7 @@ #define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ #define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ -static char *ca_usage[]={ +static const char *ca_usage[]={ "usage: ca args\n", "\n", " -verbose - Talk alot while doing things\n", @@ -174,6 +177,7 @@ static char *ca_usage[]={ " -msie_hack - msie modifications to handle all those universal strings\n", " -revoke file - Revoke a certificate (given in file)\n", " -subj arg - Use arg instead of request's subject\n", +" -utf8 - input characters are UTF8 (default ASCII)\n", " -multivalue-rdn - enable support for multivalued RDNs\n", " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", @@ -192,30 +196,30 @@ extern int EF_PROTECT_BELOW; extern int EF_ALIGNMENT; #endif -static void lookup_fail(char *name,char *tag); +static void lookup_fail(const char *name, const char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, - BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial, char *subj, int multirdn, int email_dn, + CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, - CA_DB *db, BIGNUM *serial,char *subj, int multirdn, int email_dn, + CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); static int fix_data(int nid, int *type); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj, int multirdn, + STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -225,7 +229,7 @@ static int get_certificate_status(const char *ser_status, CA_DB *db); static int do_updatedb(CA_DB *db); static int check_time_format(char *str); char *make_revocation_str(int rev_type, char *rev_arg); -int make_revoked(X509_REVOKED *rev, char *str); +int make_revoked(X509_REVOKED *rev, const char *str); int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); static CONF *conf=NULL; static CONF *extconf=NULL; @@ -275,6 +279,7 @@ int MAIN(int argc, char **argv) char *extensions=NULL; char *extfile=NULL; char *subj=NULL; + unsigned long chtype = MBSTRING_ASC; int multirdn = 0; char *tmp_email_dn=NULL; char *crl_ext=NULL; @@ -300,7 +305,8 @@ int MAIN(int argc, char **argv) X509_REVOKED *r=NULL; ASN1_TIME *tmptm; ASN1_INTEGER *tmpser; - char **pp,*p,*f; + char *f; + const char *p, **pp; int i,j; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; @@ -355,6 +361,8 @@ EF_ALIGNMENT=0; subj= *(++argv); /* preserve=1; */ } + else if (strcmp(*argv,"-utf8") == 0) + chtype = MBSTRING_UTF8; else if (strcmp(*argv,"-create_serial") == 0) create_ser = 1; else if (strcmp(*argv,"-multivalue-rdn") == 0) @@ -644,6 +652,23 @@ bad: ERR_clear_error(); app_RAND_load_file(randfile, bio_err, 0); + f = NCONF_get_string(conf, section, STRING_MASK); + if (!f) + ERR_clear_error(); + + if(f && !ASN1_STRING_set_default_mask_asc(f)) { + BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); + goto err; + } + + if (chtype != MBSTRING_UTF8){ + f = NCONF_get_string(conf, section, UTF8_IN); + if (!f) + ERR_clear_error(); + else if (!strcmp(f, "yes")) + chtype = MBSTRING_UTF8; + } + db_attr.unique_subject = 1; p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); if (p) @@ -857,7 +882,7 @@ bad: /* Lets check some fields */ for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->db->data,i); + pp=(const char **)sk_value(db->db->data,i); if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { @@ -870,7 +895,7 @@ bad: BIO_printf(bio_err," in entry %d\n", i+1); goto err; } - if (!check_time_format(pp[DB_exp_date])) + if (!check_time_format((char *)pp[DB_exp_date])) { BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); goto err; @@ -1134,7 +1159,7 @@ bad: { total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, - serial,subj,multirdn,email_dn,startdate,enddate,days,extensions, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j > 0) @@ -1158,7 +1183,7 @@ bad: { total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, - db,serial,subj,multirdn,email_dn,startdate,enddate,days,batch, + db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); if (j < 0) goto err; @@ -1178,7 +1203,7 @@ bad: { total++; j=certify(&x,infile,pkey,x509p,dgst,attribs,db, - serial,subj,multirdn,email_dn,startdate,enddate,days,batch, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1198,7 +1223,7 @@ bad: { total++; j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, - serial,subj,multirdn,email_dn,startdate,enddate,days,batch, + serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); if (j < 0) goto err; @@ -1251,7 +1276,7 @@ bad: x=sk_X509_value(cert_sk,i); j=x->cert_info->serialNumber->length; - p=(char *)x->cert_info->serialNumber->data; + p=(const char *)x->cert_info->serialNumber->data; if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) { @@ -1372,7 +1397,7 @@ bad: for (i=0; idb->data); i++) { - pp=(char **)sk_value(db->db->data,i); + pp=(const char **)sk_value(db->db->data,i); if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; @@ -1501,14 +1526,14 @@ err: OPENSSL_EXIT(ret); } -static void lookup_fail(char *name, char *tag) +static void lookup_fail(const char *name, const char *tag) { BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); } static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) @@ -1564,7 +1589,7 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else BIO_printf(bio_err,"Signature ok\n"); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, multirdn, email_dn, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, selfsign); @@ -1576,7 +1601,7 @@ err: static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e) @@ -1618,7 +1643,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); @@ -1630,7 +1655,7 @@ err: static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, - int multirdn, + unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, @@ -1646,7 +1671,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, X509_NAME_ENTRY *tne,*push; EVP_PKEY *pktmp; int ok= -1,i,j,last,nid; - char *p; + const char *p; CONF_VALUE *cv; char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; char buf[25]; @@ -1663,7 +1688,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (subj) { - X509_NAME *n = parse_name(subj, MBSTRING_ASC, multirdn); + X509_NAME *n = parse_name(subj, chtype, multirdn); if (!n) { @@ -2200,7 +2225,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, char *subj, int multirdn, int email_dn, char *startdate, char *enddate, + BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) { @@ -2341,7 +2366,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); - ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,multirdn,email_dn,startdate,enddate, + ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: @@ -2654,7 +2679,7 @@ err: return (cnt); } -static char *crl_reasons[] = { +static const char *crl_reasons[] = { /* CRL reason strings */ "unspecified", "keyCompromise", @@ -2682,7 +2707,8 @@ static char *crl_reasons[] = { char *make_revocation_str(int rev_type, char *rev_arg) { - char *reason = NULL, *other = NULL, *str; + char *other = NULL, *str; + const char *reason = NULL; ASN1_OBJECT *otmp; ASN1_UTCTIME *revtm = NULL; int i; @@ -2776,7 +2802,7 @@ char *make_revocation_str(int rev_type, char *rev_arg) */ -int make_revoked(X509_REVOKED *rev, char *str) +int make_revoked(X509_REVOKED *rev, const char *str) { char *tmp = NULL; int reason_code = -1; @@ -2869,7 +2895,7 @@ int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) return 1; } -int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str) +int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str) { char *tmp = NULL; char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;