X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fca.c;h=2d71104745159c49667d35c023cf98f4a5a422d5;hb=c29dbb9562f275485c1266af523cd5d59311d583;hp=2e8593468a0706815f3a98ec5ef527c0496faaa5;hpb=35a99b6380231992457f9e4133d3c3e509b85d0d;p=oweals%2Fopenssl.git

diff --git a/apps/ca.c b/apps/ca.c
index 2e8593468a..2d71104745 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -74,7 +74,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
-#include <openssl/engine.h>
 
 #ifndef W_OK
 #  ifdef VMS
@@ -153,8 +152,7 @@ static char *ca_usage[]={
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - private key file\n",
-" -keyform arg    - private key file format (PEM or ENGINE)\n",
+" -keyfile arg    - PEM private key file\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
 " -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
@@ -169,7 +167,6 @@ static char *ca_usage[]={
 " -revoke file    - Revoke a certificate (given in file)\n",
 " -extensions ..  - Extension section (override value in config file)\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
-" -engine e       - use engine e, possibly a hardware device.\n",
 NULL
 };
 
@@ -180,11 +177,11 @@ extern int EF_ALIGNMENT;
 #endif
 
 static void lookup_fail(char *name,char *tag);
-static unsigned long index_serial_hash(const char **a);
-static int index_serial_cmp(const char **a, const char **b);
-static unsigned long index_name_hash(const char **a);
+static unsigned long index_serial_hash(char **a);
+static int index_serial_cmp(char **a, char **b);
+static unsigned long index_name_hash(char **a);
 static int index_name_qual(char **a);
-static int index_name_cmp(const char **a,const char **b);
+static int index_name_cmp(char **a,char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
@@ -215,17 +212,10 @@ static char *section=NULL;
 static int preserve=0;
 static int msie_hack=0;
 
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **);
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **);
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **);
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **);
-
-
 int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 	{
-	ENGINE *e = NULL;
 	char *key=NULL,*passargin=NULL;
 	int total=0;
 	int total_done=0;
@@ -243,7 +233,6 @@ int MAIN(int argc, char **argv)
 	char *policy=NULL;
 	char *keyfile=NULL;
 	char *certfile=NULL;
-	int keyform=FORMAT_PEM;
 	char *infile=NULL;
 	char *spkac_file=NULL;
 	char *ss_cert_file=NULL;
@@ -279,7 +268,6 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
-	char *engine = NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -345,11 +333,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyform=str2fmt(*(++argv));
-			}
 		else if (strcmp(*argv,"-passin") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -436,11 +419,6 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			crl_ext= *(++argv);
 			}
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
 		else
 			{
 bad:
@@ -461,24 +439,6 @@ bad:
 
 	ERR_load_crypto_strings();
 
-	if (engine != NULL)
-		{
-		if((e = ENGINE_by_id(engine)) == NULL)
-			{
-			BIO_printf(bio_err,"invalid engine \"%s\"\n",
-				engine);
-			goto err;
-			}
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(bio_err,"can't use that engine\n");
-			goto err;
-			}
-		BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-
 	/*****************************************************************/
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
@@ -576,31 +536,14 @@ bad:
 		BIO_printf(bio_err,"Error getting password\n");
 		goto err;
 		}
-	if (keyform == FORMAT_ENGINE)
-		{
-		if (!e)
-			{
-			BIO_printf(bio_err,"no engine specified\n");
-			goto err;
-			}
-		pkey = ENGINE_load_private_key(e, keyfile, key);
-		}
-	else if (keyform == FORMAT_PEM)
+	if (BIO_read_filename(in,keyfile) <= 0)
 		{
-		if (BIO_read_filename(in,keyfile) <= 0)
-			{
-			perror(keyfile);
-			BIO_printf(bio_err,"trying to load CA private key\n");
-			goto err;
-			}
-		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
-		}
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for key file\n");
+		perror(keyfile);
+		BIO_printf(bio_err,"trying to load CA private key\n");
 		goto err;
 		}
-	if(key) memset(key,0,strlen(key));
+		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+		if(key) memset(key,0,strlen(key));
 	if (pkey == NULL)
 		{
 		BIO_printf(bio_err,"unable to load CA private key\n");
@@ -759,17 +702,15 @@ bad:
 		BIO_printf(bio_err,"generating index\n");
 		}
 	
-	if (!TXT_DB_create_index(db, DB_serial, NULL,
-			LHASH_HASH_FN(index_serial_hash),
-			LHASH_COMP_FN(index_serial_cmp)))
+	if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
+		index_serial_cmp))
 		{
 		BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
 		goto err;
 		}
 
-	if (!TXT_DB_create_index(db, DB_name, index_name_qual,
-			LHASH_HASH_FN(index_name_hash),
-			LHASH_COMP_FN(index_name_cmp)))
+	if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
+		index_name_cmp))
 		{
 		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
 			db->error,db->arg1,db->arg2);
@@ -1334,31 +1275,31 @@ static void lookup_fail(char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 
-static unsigned long index_serial_hash(const char **a)
+static unsigned long index_serial_hash(char **a)
 	{
-	const char *n;
+	char *n;
 
 	n=a[DB_serial];
 	while (*n == '0') n++;
 	return(lh_strhash(n));
 	}
 
-static int index_serial_cmp(const char **a, const char **b)
+static int index_serial_cmp(char **a, char **b)
 	{
-	const char *aa,*bb;
+	char *aa,*bb;
 
 	for (aa=a[DB_serial]; *aa == '0'; aa++);
 	for (bb=b[DB_serial]; *bb == '0'; bb++);
 	return(strcmp(aa,bb));
 	}
 
-static unsigned long index_name_hash(const char **a)
+static unsigned long index_name_hash(char **a)
 	{ return(lh_strhash(a[DB_name])); }
 
 static int index_name_qual(char **a)
 	{ return(a[0][0] == 'V'); }
 
-static int index_name_cmp(const char **a, const char **b)
+static int index_name_cmp(char **a, char **b)
 	{ return(strcmp(a[DB_name],
 	     b[DB_name])); }
 
@@ -2259,7 +2200,7 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 		goto err;
 
 		}
-	else if (index_name_cmp((const char **)row,(const char **)rrow))
+	else if (index_name_cmp(row,rrow))
 		{
 		BIO_printf(bio_err,"ERROR:name does not match %s\n",
 			   row[DB_name]);