Remove some "WTF??" casts from applications.
Fixes to keep VC++ happy and avoid warnings.
Docs tidy.
Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
+ *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+ [Steve Henson]
+
*) Use a less unusual form of the Miller-Rabin primality test (it used
a binary algorithm for exponentiation integrated into the Miller-Rabin
loop, our standard modexp algorithms are faster).
char *enddate, int days, char *ext_sect,LHASH *conf,
int verbose);
static int fix_data(int nid, int *type);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,
char *startdate, char *enddate, int days, int batch, int verbose,
char *enddate=NULL;
int days=0;
int batch=0;
+ int notext=0;
X509 *x509=NULL;
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
if (--argc < 1) goto bad;
outdir= *(++argv);
}
+ else if (strcmp(*argv,"-notext") == 0)
+ notext=1;
else if (strcmp(*argv,"-batch") == 0)
batch=1;
else if (strcmp(*argv,"-preserveDN") == 0)
perror(buf[2]);
goto err;
}
- write_new_certificate(Cout,x, 0);
- write_new_certificate(Sout,x, output_der);
+ write_new_certificate(Cout,x, 0, notext);
+ write_new_certificate(Sout,x, output_der, notext);
}
if (sk_num(cert_sk))
return(ok);
}
-static void write_new_certificate(BIO *bp, X509 *x, int output_der)
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
{
- char *f;
- char buf[256];
if (output_der)
{
(void)i2d_X509_bio(bp,x);
return;
}
-
+#if 0
+ /* ??? Not needed since X509_print prints all this stuff anyway */
f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
BIO_printf(bp,"issuer :%s\n",f);
BIO_puts(bp,"serial :");
i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
BIO_puts(bp,"\n\n");
- X509_print(bp,x);
- BIO_puts(bp,"\n");
+#endif
+ if(!notext)X509_print(bp,x);
PEM_write_bio_X509(bp,x);
- BIO_puts(bp,"\n");
}
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
* -genkey
*/
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
int MAIN(int argc, char **argv)
{
DSA *dsa=NULL;
assert(need_rand);
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n");
- dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
- dsa_cb,(char *)bio_err);
+ dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
}
else if (informat == FORMAT_ASN1)
dsa=d2i_DSAparams_bio(in,NULL);
EXIT(ret);
}
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
- BIO_write((BIO *)arg,&c,1);
- (void)BIO_flush((BIO *)arg);
+ BIO_write(arg,&c,1);
+ (void)BIO_flush(arg);
#ifdef LINT
p=n;
#endif
}
}
p=(unsigned char *)buf->data;
- rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
+ rsa=d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
BUF_MEM_free(buf);
}
#endif
}
- con=(SSL *)SSL_new(ctx);
+ con=SSL_new(ctx);
/* SSL_set_cipher_list(con,"RC4-MD5"); */
re_start:
#endif
if (con == NULL) {
- con=(SSL *)SSL_new(ctx);
+ con=SSL_new(ctx);
if(context)
SSL_set_session_id_context(con, context,
strlen((char *)context));
/* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
- if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+ if ((con=SSL_new(ctx)) == NULL) goto err;
if(context) SSL_set_session_id_context(con, context,
strlen((char *)context));
BIO_set_conn_hostname(conn,host);
if (scon == NULL)
- serverCon=(SSL *)SSL_new(tm_ctx);
+ serverCon=SSL_new(tm_ctx);
else
{
serverCon=scon;
{
int i,badops=0, ret = 1;
BIO *in = NULL,*out = NULL, *key = NULL;
- int verify=0,noout=0;
+ int verify=0,noout=0,pubkey=0;
char *infile = NULL,*outfile = NULL,*prog;
char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
char *challenge = NULL, *keyfile = NULL;
- LHASH *conf;
+ LHASH *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
+ else if (strcmp(*argv,"-pubkey") == 0)
+ pubkey=1;
else if (strcmp(*argv,"-verify") == 0)
verify=1;
else badops = 1;
if (badops)
{
bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+ BIO_printf(bio_err,"%s [options]\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
- BIO_printf(bio_err," -noout don't print SPKAC\n");
- BIO_printf(bio_err," -verify verify SPKAC signature\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -key arg create SPKAC using private key\n");
+ BIO_printf(bio_err," -challenge arg challenge string\n");
+ BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
+ BIO_printf(bio_err," -noout don't print SPKAC\n");
+ BIO_printf(bio_err," -pubkey output public key\n");
+ BIO_printf(bio_err," -verify verify SPKAC signature\n");
goto end;
}
goto end;
}
BIO_printf(out, "SPKAC=%s\n", spkstr);
+ Free(spkstr);
ret = 0;
goto end;
}
}
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
if(!spki) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
}
if(!noout) NETSCAPE_SPKI_print(out, spki);
+ pkey = NETSCAPE_SPKI_get_pubkey(spki);
if(verify) {
- EVP_PKEY *pktmp;
- pktmp = NETSCAPE_SPKI_get_pubkey(spki);
- i = NETSCAPE_SPKI_verify(spki, pktmp);
- EVP_PKEY_free(pktmp);
+ i = NETSCAPE_SPKI_verify(spki, pkey);
if(i) BIO_printf(bio_err, "Signature OK\n");
else {
BIO_printf(bio_err, "Signature Failure\n");
goto end;
}
}
+ if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
ret = 0;
end:
+ CONF_free(conf);
NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free(out);
BIO_free(key);
EVP_PKEY_free(pkey);
- if(spkstr) Free(spkstr);
EXIT(ret);
}
DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
int *counter_ret, unsigned long *h_ret,void
- (*callback)(),void *cb_arg);
+ (*callback)(int, int, void *),void *cb_arg);
int DSA_generate_key(DSA *a);
int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
#include <openssl/rand.h>
DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret, void (*callback)(),
+ int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *),
void *cb_arg)
{
int ok=0;
#define MS_CALLBACK
#endif
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
* FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
BIO_printf(bio_err,"test generation of DSA parameters\n");
- dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,(char *)bio_err);
+ dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
BIO_printf(bio_err,"seed\n");
for (i=0; i<20; i+=4)
return(0);
}
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg)
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
{
char c='*';
static int ok=0,num=0;
if (p == 1) c='+';
if (p == 2) { c='*'; ok++; }
if (p == 3) c='\n';
- BIO_write((BIO *)arg,&c,1);
- (void)BIO_flush((BIO *)arg);
+ BIO_write(arg,&c,1);
+ (void)BIO_flush(arg);
if (!ok && (p == 0) && (num > 1))
{
return dest;
}
-#endif /*CHARSET_EBCDIC*/
+#else /*CHARSET_EBCDIC*/
+#ifdef PEDANTIC
+static void *dummy=&dummy;
+#endif
+#endif
[B<-cert file>]
[B<-in file>]
[B<-out file>]
+[B<-notext>]
[B<-outdir dir>]
[B<-infiles>]
[B<-spkac file>]
this prints extra details about the operations being performed.
+=item B<-notext>
+
+don't output the text form of a certificate to the output file.
+
=item B<-startdate date>
this allows the start date to be explicitly set. The format of the
[B<-out filename>]
[B<-key keyfile>]
[B<-challenge string>]
+[B<-pubkey>]
[B<-spkac spkacname>]
[B<-spksect section>]
[B<-noout>]
don't output the text version of the SPKAC (not used if an
SPKAC is being created).
+=item B<-pubkey>
+
+output the public key of an SPKAC (not used if an SPKAC is
+being created).
+
=item B<-verify>
verifies the digital signature on the supplied SPKAC.
SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
+Function and reason codes should consist of upper case characters,
+numbers and underscores only. The error file generation script translates
+function codes into function names by looking in the header files
+for an appropriate function name, if none is found it just uses
+the capitalized form such as "SSL23_READ" in the above example.
+
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and and underscores changed to spaces.
+
When you are using new function or reason codes, run B<make errors>.
The necessary B<#define>s will then automatically be added to the
sub-library's header file.
Although a library will normally report errors using its own specific
-macro, a different macro is used. This is normally only done when a
-library wants to include ASN1 code which must user the ASN1 libraries
-error macro.
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include ASN1 code which must use
+the ASN1err() macro.
=head2 Adding new libraries
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
- unsigned int i, list_num;
+ int i, list_num;
SSL_CIPHER *c;
/*
projects / oweals / openssl.git / commitdiff