summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/ca.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/ca.c36
1 files changed, 9 insertions, 27 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index 8645128e42..254d551aa5 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.11 2015/09/10 16:01:06 jsing Exp $ */ 1/* $OpenBSD: ca.c,v 1.12 2015/09/11 14:30:23 bcook Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -135,7 +135,7 @@ static const char *ca_usage[] = {
135 " -md arg - md to use, one of md2, md5, sha or sha1\n", 135 " -md arg - md to use, one of md2, md5, sha or sha1\n",
136 " -policy arg - The CA 'policy' to support\n", 136 " -policy arg - The CA 'policy' to support\n",
137 " -keyfile arg - private key file\n", 137 " -keyfile arg - private key file\n",
138 " -keyform arg - private key file format (PEM or ENGINE)\n", 138 " -keyform arg - private key file format (PEM)\n",
139 " -key arg - key to decode the private key if it is encrypted\n", 139 " -key arg - key to decode the private key if it is encrypted\n",
140 " -cert file - The CA certificate\n", 140 " -cert file - The CA certificate\n",
141 " -selfsign - sign a certificate with the key associated with it\n", 141 " -selfsign - sign a certificate with the key associated with it\n",
@@ -156,9 +156,6 @@ static const char *ca_usage[] = {
156 " -extensions .. - Extension section (override value in config file)\n", 156 " -extensions .. - Extension section (override value in config file)\n",
157 " -extfile file - Configuration file with X509v3 extentions to add\n", 157 " -extfile file - Configuration file with X509v3 extentions to add\n",
158 " -crlexts .. - CRL extension section (override value in config file)\n", 158 " -crlexts .. - CRL extension section (override value in config file)\n",
159#ifndef OPENSSL_NO_ENGINE
160 " -engine e - use engine e, possibly a hardware device.\n",
161#endif
162 " -status serial - Shows certificate status given the serial number\n", 159 " -status serial - Shows certificate status given the serial number\n",
163 " -updatedb - Updates db for expired certificates\n", 160 " -updatedb - Updates db for expired certificates\n",
164 NULL 161 NULL
@@ -178,7 +175,7 @@ static int certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey,
178 unsigned long chtype, int multirdn, int email_dn, char *startdate, 175 unsigned long chtype, int multirdn, int email_dn, char *startdate,
179 char *enddate, long days, int batch, char *ext_sect, CONF * conf, 176 char *enddate, long days, int batch, char *ext_sect, CONF * conf,
180 int verbose, unsigned long certopt, unsigned long nameopt, int default_op, 177 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
181 int ext_copy, ENGINE * e); 178 int ext_copy);
182static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey, 179static int certify_spkac(X509 ** xret, char *infile, EVP_PKEY * pkey,
183 X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts, 180 X509 * x509, const EVP_MD * dgst, STACK_OF(OPENSSL_STRING) * sigopts,
184 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj, 181 STACK_OF(CONF_VALUE) * policy, CA_DB * db, BIGNUM * serial, char *subj,
@@ -213,7 +210,6 @@ static int msie_hack = 0;
213int 210int
214ca_main(int argc, char **argv) 211ca_main(int argc, char **argv)
215{ 212{
216 ENGINE *e = NULL;
217 char *key = NULL, *passargin = NULL; 213 char *key = NULL, *passargin = NULL;
218 int create_ser = 0; 214 int create_ser = 0;
219 int free_key = 0; 215 int free_key = 0;
@@ -286,9 +282,6 @@ ca_main(int argc, char **argv)
286 STACK_OF(OPENSSL_STRING) * sigopts = NULL; 282 STACK_OF(OPENSSL_STRING) * sigopts = NULL;
287#define BUFLEN 256 283#define BUFLEN 256
288 char buf[3][BUFLEN]; 284 char buf[3][BUFLEN];
289#ifndef OPENSSL_NO_ENGINE
290 char *engine = NULL;
291#endif
292 char *tofree = NULL; 285 char *tofree = NULL;
293 const char *errstr = NULL; 286 const char *errstr = NULL;
294 DB_ATTR db_attr; 287 DB_ATTR db_attr;
@@ -478,13 +471,6 @@ ca_main(int argc, char **argv)
478 rev_arg = *(++argv); 471 rev_arg = *(++argv);
479 rev_type = REV_CA_COMPROMISE; 472 rev_type = REV_CA_COMPROMISE;
480 } 473 }
481#ifndef OPENSSL_NO_ENGINE
482 else if (strcmp(*argv, "-engine") == 0) {
483 if (--argc < 1)
484 goto bad;
485 engine = *(++argv);
486 }
487#endif
488 else { 474 else {
489bad: 475bad:
490 if (errstr) 476 if (errstr)
@@ -536,10 +522,6 @@ bad:
536 free(tofree); 522 free(tofree);
537 tofree = NULL; 523 tofree = NULL;
538 524
539#ifndef OPENSSL_NO_ENGINE
540 e = setup_engine(bio_err, engine, 0);
541#endif
542
543 /* Lets get the config section we are using */ 525 /* Lets get the config section we are using */
544 if (section == NULL) { 526 if (section == NULL) {
545 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA); 527 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
@@ -639,7 +621,7 @@ bad:
639 goto err; 621 goto err;
640 } 622 }
641 } 623 }
642 pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key"); 624 pkey = load_key(bio_err, keyfile, keyform, 0, key, "CA private key");
643 if (key) 625 if (key)
644 explicit_bzero(key, strlen(key)); 626 explicit_bzero(key, strlen(key));
645 if (pkey == NULL) { 627 if (pkey == NULL) {
@@ -655,7 +637,7 @@ bad:
655 lookup_fail(section, ENV_CERTIFICATE); 637 lookup_fail(section, ENV_CERTIFICATE);
656 goto err; 638 goto err;
657 } 639 }
658 x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, 640 x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL,
659 "CA certificate"); 641 "CA certificate");
660 if (x509 == NULL) 642 if (x509 == NULL)
661 goto err; 643 goto err;
@@ -1028,7 +1010,7 @@ bad:
1028 sigopts, attribs, db, serial, subj, chtype, 1010 sigopts, attribs, db, serial, subj, chtype,
1029 multirdn, email_dn, startdate, enddate, days, batch, 1011 multirdn, email_dn, startdate, enddate, days, batch,
1030 extensions, conf, verbose, certopt, nameopt, 1012 extensions, conf, verbose, certopt, nameopt,
1031 default_op, ext_copy, e); 1013 default_op, ext_copy);
1032 if (j < 0) 1014 if (j < 0)
1033 goto err; 1015 goto err;
1034 if (j > 0) { 1016 if (j > 0) {
@@ -1314,7 +1296,7 @@ bad:
1314 } else { 1296 } else {
1315 X509 *revcert; 1297 X509 *revcert;
1316 revcert = load_cert(bio_err, infile, FORMAT_PEM, 1298 revcert = load_cert(bio_err, infile, FORMAT_PEM,
1317 NULL, e, infile); 1299 NULL, infile);
1318 if (revcert == NULL) 1300 if (revcert == NULL)
1319 goto err; 1301 goto err;
1320 j = do_revoke(revcert, db, rev_type, rev_arg); 1302 j = do_revoke(revcert, db, rev_type, rev_arg);
@@ -1446,14 +1428,14 @@ certify_cert(X509 ** xret, char *infile, EVP_PKEY * pkey, X509 * x509,
1446 unsigned long chtype, int multirdn, int email_dn, char *startdate, 1428 unsigned long chtype, int multirdn, int email_dn, char *startdate,
1447 char *enddate, long days, int batch, char *ext_sect, CONF * lconf, 1429 char *enddate, long days, int batch, char *ext_sect, CONF * lconf,
1448 int verbose, unsigned long certopt, unsigned long nameopt, int default_op, 1430 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
1449 int ext_copy, ENGINE * e) 1431 int ext_copy)
1450{ 1432{
1451 X509 *req = NULL; 1433 X509 *req = NULL;
1452 X509_REQ *rreq = NULL; 1434 X509_REQ *rreq = NULL;
1453 EVP_PKEY *pktmp = NULL; 1435 EVP_PKEY *pktmp = NULL;
1454 int ok = -1, i; 1436 int ok = -1, i;
1455 1437
1456 if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL, e, 1438 if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL,
1457 infile)) == NULL) 1439 infile)) == NULL)
1458 goto err; 1440 goto err;
1459 if (verbose) 1441 if (verbose)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 09:01:56 +0000