summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/x509.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/x509.c')
-rw-r--r--src/usr.bin/openssl/x509.c448
1 files changed, 224 insertions, 224 deletions
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index e1c69c6798..66cad3ab2c 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.30 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: x509.c,v 1.31 2023/03/06 14:32:06 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -152,58 +152,58 @@ static struct {
152 STACK_OF(ASN1_OBJECT) *trust; 152 STACK_OF(ASN1_OBJECT) *trust;
153 int trustout; 153 int trustout;
154 int x509req; 154 int x509req;
155} x509_config; 155} cfg;
156 156
157static int 157static int
158x509_opt_addreject(char *arg) 158x509_opt_addreject(char *arg)
159{ 159{
160 if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { 160 if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
161 BIO_printf(bio_err, "Invalid reject object value %s\n", arg); 161 BIO_printf(bio_err, "Invalid reject object value %s\n", arg);
162 return (1); 162 return (1);
163 } 163 }
164 164
165 if (x509_config.reject == NULL && 165 if (cfg.reject == NULL &&
166 (x509_config.reject = sk_ASN1_OBJECT_new_null()) == NULL) 166 (cfg.reject = sk_ASN1_OBJECT_new_null()) == NULL)
167 return (1); 167 return (1);
168 168
169 if (!sk_ASN1_OBJECT_push(x509_config.reject, x509_config.objtmp)) 169 if (!sk_ASN1_OBJECT_push(cfg.reject, cfg.objtmp))
170 return (1); 170 return (1);
171 171
172 x509_config.trustout = 1; 172 cfg.trustout = 1;
173 return (0); 173 return (0);
174} 174}
175 175
176static int 176static int
177x509_opt_addtrust(char *arg) 177x509_opt_addtrust(char *arg)
178{ 178{
179 if ((x509_config.objtmp = OBJ_txt2obj(arg, 0)) == NULL) { 179 if ((cfg.objtmp = OBJ_txt2obj(arg, 0)) == NULL) {
180 BIO_printf(bio_err, "Invalid trust object value %s\n", arg); 180 BIO_printf(bio_err, "Invalid trust object value %s\n", arg);
181 return (1); 181 return (1);
182 } 182 }
183 183
184 if (x509_config.trust == NULL && 184 if (cfg.trust == NULL &&
185 (x509_config.trust = sk_ASN1_OBJECT_new_null()) == NULL) 185 (cfg.trust = sk_ASN1_OBJECT_new_null()) == NULL)
186 return (1); 186 return (1);
187 187
188 if (!sk_ASN1_OBJECT_push(x509_config.trust, x509_config.objtmp)) 188 if (!sk_ASN1_OBJECT_push(cfg.trust, cfg.objtmp))
189 return (1); 189 return (1);
190 190
191 x509_config.trustout = 1; 191 cfg.trustout = 1;
192 return (0); 192 return (0);
193} 193}
194 194
195static int 195static int
196x509_opt_ca(char *arg) 196x509_opt_ca(char *arg)
197{ 197{
198 x509_config.CAfile = arg; 198 cfg.CAfile = arg;
199 x509_config.CA_flag = ++x509_config.num; 199 cfg.CA_flag = ++cfg.num;
200 return (0); 200 return (0);
201} 201}
202 202
203static int 203static int
204x509_opt_certopt(char *arg) 204x509_opt_certopt(char *arg)
205{ 205{
206 if (!set_cert_ex(&x509_config.certflag, arg)) 206 if (!set_cert_ex(&cfg.certflag, arg))
207 return (1); 207 return (1);
208 208
209 return (0); 209 return (0);
@@ -214,20 +214,20 @@ x509_opt_checkend(char *arg)
214{ 214{
215 const char *errstr; 215 const char *errstr;
216 216
217 x509_config.checkoffset = strtonum(arg, 0, INT_MAX, &errstr); 217 cfg.checkoffset = strtonum(arg, 0, INT_MAX, &errstr);
218 if (errstr != NULL) { 218 if (errstr != NULL) {
219 BIO_printf(bio_err, "checkend unusable: %s\n", errstr); 219 BIO_printf(bio_err, "checkend unusable: %s\n", errstr);
220 return (1); 220 return (1);
221 } 221 }
222 x509_config.checkend = 1; 222 cfg.checkend = 1;
223 return (0); 223 return (0);
224} 224}
225 225
226static int 226static int
227x509_opt_dates(void) 227x509_opt_dates(void)
228{ 228{
229 x509_config.startdate = ++x509_config.num; 229 cfg.startdate = ++cfg.num;
230 x509_config.enddate = ++x509_config.num; 230 cfg.enddate = ++cfg.num;
231 return (0); 231 return (0);
232} 232}
233 233
@@ -236,7 +236,7 @@ x509_opt_days(char *arg)
236{ 236{
237 const char *errstr; 237 const char *errstr;
238 238
239 x509_config.days = strtonum(arg, 1, INT_MAX, &errstr); 239 cfg.days = strtonum(arg, 1, INT_MAX, &errstr);
240 if (errstr != NULL) { 240 if (errstr != NULL) {
241 BIO_printf(bio_err, "bad number of days: %s\n", errstr); 241 BIO_printf(bio_err, "bad number of days: %s\n", errstr);
242 return (1); 242 return (1);
@@ -252,11 +252,11 @@ x509_opt_digest(int argc, char **argv, int *argsused)
252 if (*name++ != '-') 252 if (*name++ != '-')
253 return (1); 253 return (1);
254 254
255 if ((x509_config.md_alg = EVP_get_digestbyname(name)) != NULL) { 255 if ((cfg.md_alg = EVP_get_digestbyname(name)) != NULL) {
256 x509_config.digest = x509_config.md_alg; 256 cfg.digest = cfg.md_alg;
257 } else { 257 } else {
258 BIO_printf(bio_err, "unknown option %s\n", *argv); 258 BIO_printf(bio_err, "unknown option %s\n", *argv);
259 x509_config.badops = 1; 259 cfg.badops = 1;
260 return (1); 260 return (1);
261 } 261 }
262 262
@@ -267,7 +267,7 @@ x509_opt_digest(int argc, char **argv, int *argsused)
267static int 267static int
268x509_opt_nameopt(char *arg) 268x509_opt_nameopt(char *arg)
269{ 269{
270 if (!set_name_ex(&x509_config.nmflag, arg)) 270 if (!set_name_ex(&cfg.nmflag, arg))
271 return (1); 271 return (1);
272 272
273 return (0); 273 return (0);
@@ -276,8 +276,8 @@ x509_opt_nameopt(char *arg)
276static int 276static int
277x509_opt_set_serial(char *arg) 277x509_opt_set_serial(char *arg)
278{ 278{
279 ASN1_INTEGER_free(x509_config.sno); 279 ASN1_INTEGER_free(cfg.sno);
280 if ((x509_config.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL) 280 if ((cfg.sno = s2i_ASN1_INTEGER(NULL, arg)) == NULL)
281 return (1); 281 return (1);
282 282
283 return (0); 283 return (0);
@@ -286,27 +286,27 @@ x509_opt_set_serial(char *arg)
286static int 286static int
287x509_opt_setalias(char *arg) 287x509_opt_setalias(char *arg)
288{ 288{
289 x509_config.alias = arg; 289 cfg.alias = arg;
290 x509_config.trustout = 1; 290 cfg.trustout = 1;
291 return (0); 291 return (0);
292} 292}
293 293
294static int 294static int
295x509_opt_signkey(char *arg) 295x509_opt_signkey(char *arg)
296{ 296{
297 x509_config.keyfile = arg; 297 cfg.keyfile = arg;
298 x509_config.sign_flag = ++x509_config.num; 298 cfg.sign_flag = ++cfg.num;
299 return (0); 299 return (0);
300} 300}
301 301
302static int 302static int
303x509_opt_sigopt(char *arg) 303x509_opt_sigopt(char *arg)
304{ 304{
305 if (x509_config.sigopts == NULL && 305 if (cfg.sigopts == NULL &&
306 (x509_config.sigopts = sk_OPENSSL_STRING_new_null()) == NULL) 306 (cfg.sigopts = sk_OPENSSL_STRING_new_null()) == NULL)
307 return (1); 307 return (1);
308 308
309 if (!sk_OPENSSL_STRING_push(x509_config.sigopts, arg)) 309 if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg))
310 return (1); 310 return (1);
311 311
312 return (0); 312 return (0);
@@ -317,8 +317,8 @@ static const struct option x509_options[] = {
317 .name = "C", 317 .name = "C",
318 .desc = "Convert the certificate into C code", 318 .desc = "Convert the certificate into C code",
319 .type = OPTION_ORDER, 319 .type = OPTION_ORDER,
320 .opt.order = &x509_config.C, 320 .opt.order = &cfg.C,
321 .order = &x509_config.num, 321 .order = &cfg.num,
322 }, 322 },
323 { 323 {
324 .name = "addreject", 324 .name = "addreject",
@@ -338,8 +338,8 @@ static const struct option x509_options[] = {
338 .name = "alias", 338 .name = "alias",
339 .desc = "Output certificate alias", 339 .desc = "Output certificate alias",
340 .type = OPTION_ORDER, 340 .type = OPTION_ORDER,
341 .opt.order = &x509_config.aliasout, 341 .opt.order = &cfg.aliasout,
342 .order = &x509_config.num, 342 .order = &cfg.num,
343 }, 343 },
344 { 344 {
345 .name = "CA", 345 .name = "CA",
@@ -352,15 +352,15 @@ static const struct option x509_options[] = {
352 .name = "CAcreateserial", 352 .name = "CAcreateserial",
353 .desc = "Create serial number file if it does not exist", 353 .desc = "Create serial number file if it does not exist",
354 .type = OPTION_ORDER, 354 .type = OPTION_ORDER,
355 .opt.order = &x509_config.CA_createserial, 355 .opt.order = &cfg.CA_createserial,
356 .order = &x509_config.num, 356 .order = &cfg.num,
357 }, 357 },
358 { 358 {
359 .name = "CAform", 359 .name = "CAform",
360 .argname = "fmt", 360 .argname = "fmt",
361 .desc = "CA format - default PEM", 361 .desc = "CA format - default PEM",
362 .type = OPTION_ARG_FORMAT, 362 .type = OPTION_ARG_FORMAT,
363 .opt.value = &x509_config.CAformat, 363 .opt.value = &cfg.CAformat,
364 }, 364 },
365 { 365 {
366 .name = "CAkey", 366 .name = "CAkey",
@@ -368,21 +368,21 @@ static const struct option x509_options[] = {
368 .desc = "CA key in PEM format unless -CAkeyform is specified\n" 368 .desc = "CA key in PEM format unless -CAkeyform is specified\n"
369 "if omitted, the key is assumed to be in the CA file", 369 "if omitted, the key is assumed to be in the CA file",
370 .type = OPTION_ARG, 370 .type = OPTION_ARG,
371 .opt.arg = &x509_config.CAkeyfile, 371 .opt.arg = &cfg.CAkeyfile,
372 }, 372 },
373 { 373 {
374 .name = "CAkeyform", 374 .name = "CAkeyform",
375 .argname = "fmt", 375 .argname = "fmt",
376 .desc = "CA key format - default PEM", 376 .desc = "CA key format - default PEM",
377 .type = OPTION_ARG_FORMAT, 377 .type = OPTION_ARG_FORMAT,
378 .opt.value = &x509_config.CAkeyformat, 378 .opt.value = &cfg.CAkeyformat,
379 }, 379 },
380 { 380 {
381 .name = "CAserial", 381 .name = "CAserial",
382 .argname = "file", 382 .argname = "file",
383 .desc = "Serial file", 383 .desc = "Serial file",
384 .type = OPTION_ARG, 384 .type = OPTION_ARG,
385 .opt.arg = &x509_config.CAserial, 385 .opt.arg = &cfg.CAserial,
386 }, 386 },
387 { 387 {
388 .name = "certopt", 388 .name = "certopt",
@@ -403,21 +403,21 @@ static const struct option x509_options[] = {
403 .name = "clrext", 403 .name = "clrext",
404 .desc = "Clear all extensions", 404 .desc = "Clear all extensions",
405 .type = OPTION_FLAG, 405 .type = OPTION_FLAG,
406 .opt.flag = &x509_config.clrext, 406 .opt.flag = &cfg.clrext,
407 }, 407 },
408 { 408 {
409 .name = "clrreject", 409 .name = "clrreject",
410 .desc = "Clear all rejected purposes", 410 .desc = "Clear all rejected purposes",
411 .type = OPTION_ORDER, 411 .type = OPTION_ORDER,
412 .opt.order = &x509_config.clrreject, 412 .opt.order = &cfg.clrreject,
413 .order = &x509_config.num, 413 .order = &cfg.num,
414 }, 414 },
415 { 415 {
416 .name = "clrtrust", 416 .name = "clrtrust",
417 .desc = "Clear all trusted purposes", 417 .desc = "Clear all trusted purposes",
418 .type = OPTION_ORDER, 418 .type = OPTION_ORDER,
419 .opt.order = &x509_config.clrtrust, 419 .opt.order = &cfg.clrtrust,
420 .order = &x509_config.num, 420 .order = &cfg.num,
421 }, 421 },
422 { 422 {
423 .name = "dates", 423 .name = "dates",
@@ -436,79 +436,79 @@ static const struct option x509_options[] = {
436 .name = "email", 436 .name = "email",
437 .desc = "Print email address(es)", 437 .desc = "Print email address(es)",
438 .type = OPTION_ORDER, 438 .type = OPTION_ORDER,
439 .opt.order = &x509_config.email, 439 .opt.order = &cfg.email,
440 .order = &x509_config.num, 440 .order = &cfg.num,
441 }, 441 },
442 { 442 {
443 .name = "enddate", 443 .name = "enddate",
444 .desc = "Print notAfter field", 444 .desc = "Print notAfter field",
445 .type = OPTION_ORDER, 445 .type = OPTION_ORDER,
446 .opt.order = &x509_config.enddate, 446 .opt.order = &cfg.enddate,
447 .order = &x509_config.num, 447 .order = &cfg.num,
448 }, 448 },
449 { 449 {
450 .name = "extensions", 450 .name = "extensions",
451 .argname = "section", 451 .argname = "section",
452 .desc = "Section from config file with X509V3 extensions to add", 452 .desc = "Section from config file with X509V3 extensions to add",
453 .type = OPTION_ARG, 453 .type = OPTION_ARG,
454 .opt.arg = &x509_config.extsect, 454 .opt.arg = &cfg.extsect,
455 }, 455 },
456 { 456 {
457 .name = "extfile", 457 .name = "extfile",
458 .argname = "file", 458 .argname = "file",
459 .desc = "Configuration file with X509V3 extensions to add", 459 .desc = "Configuration file with X509V3 extensions to add",
460 .type = OPTION_ARG, 460 .type = OPTION_ARG,
461 .opt.arg = &x509_config.extfile, 461 .opt.arg = &cfg.extfile,
462 }, 462 },
463 { 463 {
464 .name = "fingerprint", 464 .name = "fingerprint",
465 .desc = "Print the certificate fingerprint", 465 .desc = "Print the certificate fingerprint",
466 .type = OPTION_ORDER, 466 .type = OPTION_ORDER,
467 .opt.order = &x509_config.fingerprint, 467 .opt.order = &cfg.fingerprint,
468 .order = &x509_config.num, 468 .order = &cfg.num,
469 }, 469 },
470 { 470 {
471 .name = "hash", 471 .name = "hash",
472 .desc = "Synonym for -subject_hash", 472 .desc = "Synonym for -subject_hash",
473 .type = OPTION_ORDER, 473 .type = OPTION_ORDER,
474 .opt.order = &x509_config.subject_hash, 474 .opt.order = &cfg.subject_hash,
475 .order = &x509_config.num, 475 .order = &cfg.num,
476 }, 476 },
477 { 477 {
478 .name = "in", 478 .name = "in",
479 .argname = "file", 479 .argname = "file",
480 .desc = "Input file - default stdin", 480 .desc = "Input file - default stdin",
481 .type = OPTION_ARG, 481 .type = OPTION_ARG,
482 .opt.arg = &x509_config.infile, 482 .opt.arg = &cfg.infile,
483 }, 483 },
484 { 484 {
485 .name = "inform", 485 .name = "inform",
486 .argname = "fmt", 486 .argname = "fmt",
487 .desc = "Input format - default PEM (one of DER, NET or PEM)", 487 .desc = "Input format - default PEM (one of DER, NET or PEM)",
488 .type = OPTION_ARG_FORMAT, 488 .type = OPTION_ARG_FORMAT,
489 .opt.value = &x509_config.informat, 489 .opt.value = &cfg.informat,
490 }, 490 },
491 { 491 {
492 .name = "issuer", 492 .name = "issuer",
493 .desc = "Print issuer name", 493 .desc = "Print issuer name",
494 .type = OPTION_ORDER, 494 .type = OPTION_ORDER,
495 .opt.order = &x509_config.issuer, 495 .opt.order = &cfg.issuer,
496 .order = &x509_config.num, 496 .order = &cfg.num,
497 }, 497 },
498 { 498 {
499 .name = "issuer_hash", 499 .name = "issuer_hash",
500 .desc = "Print issuer hash value", 500 .desc = "Print issuer hash value",
501 .type = OPTION_ORDER, 501 .type = OPTION_ORDER,
502 .opt.order = &x509_config.issuer_hash, 502 .opt.order = &cfg.issuer_hash,
503 .order = &x509_config.num, 503 .order = &cfg.num,
504 }, 504 },
505#ifndef OPENSSL_NO_MD5 505#ifndef OPENSSL_NO_MD5
506 { 506 {
507 .name = "issuer_hash_old", 507 .name = "issuer_hash_old",
508 .desc = "Print old-style (MD5) issuer hash value", 508 .desc = "Print old-style (MD5) issuer hash value",
509 .type = OPTION_ORDER, 509 .type = OPTION_ORDER,
510 .opt.order = &x509_config.issuer_hash_old, 510 .opt.order = &cfg.issuer_hash_old,
511 .order = &x509_config.num, 511 .order = &cfg.num,
512 }, 512 },
513#endif 513#endif
514 { 514 {
@@ -516,14 +516,14 @@ static const struct option x509_options[] = {
516 .argname = "fmt", 516 .argname = "fmt",
517 .desc = "Private key format - default PEM", 517 .desc = "Private key format - default PEM",
518 .type = OPTION_ARG_FORMAT, 518 .type = OPTION_ARG_FORMAT,
519 .opt.value = &x509_config.keyformat, 519 .opt.value = &cfg.keyformat,
520 }, 520 },
521 { 521 {
522 .name = "modulus", 522 .name = "modulus",
523 .desc = "Print the RSA key modulus", 523 .desc = "Print the RSA key modulus",
524 .type = OPTION_ORDER, 524 .type = OPTION_ORDER,
525 .opt.order = &x509_config.modulus, 525 .opt.order = &cfg.modulus,
526 .order = &x509_config.num, 526 .order = &cfg.num,
527 }, 527 },
528 { 528 {
529 .name = "nameopt", 529 .name = "nameopt",
@@ -536,77 +536,77 @@ static const struct option x509_options[] = {
536 .name = "next_serial", 536 .name = "next_serial",
537 .desc = "Print the next serial number", 537 .desc = "Print the next serial number",
538 .type = OPTION_ORDER, 538 .type = OPTION_ORDER,
539 .opt.order = &x509_config.next_serial, 539 .opt.order = &cfg.next_serial,
540 .order = &x509_config.num, 540 .order = &cfg.num,
541 }, 541 },
542 { 542 {
543 .name = "noout", 543 .name = "noout",
544 .desc = "No certificate output", 544 .desc = "No certificate output",
545 .type = OPTION_ORDER, 545 .type = OPTION_ORDER,
546 .opt.order = &x509_config.noout, 546 .opt.order = &cfg.noout,
547 .order = &x509_config.num, 547 .order = &cfg.num,
548 }, 548 },
549 { 549 {
550 .name = "ocsp_uri", 550 .name = "ocsp_uri",
551 .desc = "Print OCSP Responder URL(s)", 551 .desc = "Print OCSP Responder URL(s)",
552 .type = OPTION_ORDER, 552 .type = OPTION_ORDER,
553 .opt.order = &x509_config.ocsp_uri, 553 .opt.order = &cfg.ocsp_uri,
554 .order = &x509_config.num, 554 .order = &cfg.num,
555 }, 555 },
556 { 556 {
557 .name = "ocspid", 557 .name = "ocspid",
558 .desc = "Print OCSP hash values for the subject name and public key", 558 .desc = "Print OCSP hash values for the subject name and public key",
559 .type = OPTION_ORDER, 559 .type = OPTION_ORDER,
560 .opt.order = &x509_config.ocspid, 560 .opt.order = &cfg.ocspid,
561 .order = &x509_config.num, 561 .order = &cfg.num,
562 }, 562 },
563 { 563 {
564 .name = "out", 564 .name = "out",
565 .argname = "file", 565 .argname = "file",
566 .desc = "Output file - default stdout", 566 .desc = "Output file - default stdout",
567 .type = OPTION_ARG, 567 .type = OPTION_ARG,
568 .opt.arg = &x509_config.outfile, 568 .opt.arg = &cfg.outfile,
569 }, 569 },
570 { 570 {
571 .name = "outform", 571 .name = "outform",
572 .argname = "fmt", 572 .argname = "fmt",
573 .desc = "Output format - default PEM (one of DER, NET or PEM)", 573 .desc = "Output format - default PEM (one of DER, NET or PEM)",
574 .type = OPTION_ARG_FORMAT, 574 .type = OPTION_ARG_FORMAT,
575 .opt.value = &x509_config.outformat, 575 .opt.value = &cfg.outformat,
576 }, 576 },
577 { 577 {
578 .name = "passin", 578 .name = "passin",
579 .argname = "src", 579 .argname = "src",
580 .desc = "Private key password source", 580 .desc = "Private key password source",
581 .type = OPTION_ARG, 581 .type = OPTION_ARG,
582 .opt.arg = &x509_config.passargin, 582 .opt.arg = &cfg.passargin,
583 }, 583 },
584 { 584 {
585 .name = "pubkey", 585 .name = "pubkey",
586 .desc = "Output the public key", 586 .desc = "Output the public key",
587 .type = OPTION_ORDER, 587 .type = OPTION_ORDER,
588 .opt.order = &x509_config.pubkey, 588 .opt.order = &cfg.pubkey,
589 .order = &x509_config.num, 589 .order = &cfg.num,
590 }, 590 },
591 { 591 {
592 .name = "purpose", 592 .name = "purpose",
593 .desc = "Print out certificate purposes", 593 .desc = "Print out certificate purposes",
594 .type = OPTION_ORDER, 594 .type = OPTION_ORDER,
595 .opt.order = &x509_config.pprint, 595 .opt.order = &cfg.pprint,
596 .order = &x509_config.num, 596 .order = &cfg.num,
597 }, 597 },
598 { 598 {
599 .name = "req", 599 .name = "req",
600 .desc = "Input is a certificate request, sign and output", 600 .desc = "Input is a certificate request, sign and output",
601 .type = OPTION_FLAG, 601 .type = OPTION_FLAG,
602 .opt.flag = &x509_config.reqfile, 602 .opt.flag = &cfg.reqfile,
603 }, 603 },
604 { 604 {
605 .name = "serial", 605 .name = "serial",
606 .desc = "Print serial number value", 606 .desc = "Print serial number value",
607 .type = OPTION_ORDER, 607 .type = OPTION_ORDER,
608 .opt.order = &x509_config.serial, 608 .opt.order = &cfg.serial,
609 .order = &x509_config.num, 609 .order = &cfg.num,
610 }, 610 },
611 { 611 {
612 .name = "set_serial", 612 .name = "set_serial",
@@ -640,51 +640,51 @@ static const struct option x509_options[] = {
640 .name = "startdate", 640 .name = "startdate",
641 .desc = "Print notBefore field", 641 .desc = "Print notBefore field",
642 .type = OPTION_ORDER, 642 .type = OPTION_ORDER,
643 .opt.order = &x509_config.startdate, 643 .opt.order = &cfg.startdate,
644 .order = &x509_config.num, 644 .order = &cfg.num,
645 }, 645 },
646 { 646 {
647 .name = "subject", 647 .name = "subject",
648 .desc = "Print subject name", 648 .desc = "Print subject name",
649 .type = OPTION_ORDER, 649 .type = OPTION_ORDER,
650 .opt.order = &x509_config.subject, 650 .opt.order = &cfg.subject,
651 .order = &x509_config.num, 651 .order = &cfg.num,
652 }, 652 },
653 { 653 {
654 .name = "subject_hash", 654 .name = "subject_hash",
655 .desc = "Print subject hash value", 655 .desc = "Print subject hash value",
656 .type = OPTION_ORDER, 656 .type = OPTION_ORDER,
657 .opt.order = &x509_config.subject_hash, 657 .opt.order = &cfg.subject_hash,
658 .order = &x509_config.num, 658 .order = &cfg.num,
659 }, 659 },
660#ifndef OPENSSL_NO_MD5 660#ifndef OPENSSL_NO_MD5
661 { 661 {
662 .name = "subject_hash_old", 662 .name = "subject_hash_old",
663 .desc = "Print old-style (MD5) subject hash value", 663 .desc = "Print old-style (MD5) subject hash value",
664 .type = OPTION_ORDER, 664 .type = OPTION_ORDER,
665 .opt.order = &x509_config.subject_hash_old, 665 .opt.order = &cfg.subject_hash_old,
666 .order = &x509_config.num, 666 .order = &cfg.num,
667 }, 667 },
668#endif 668#endif
669 { 669 {
670 .name = "text", 670 .name = "text",
671 .desc = "Print the certificate in text form", 671 .desc = "Print the certificate in text form",
672 .type = OPTION_ORDER, 672 .type = OPTION_ORDER,
673 .opt.order = &x509_config.text, 673 .opt.order = &cfg.text,
674 .order = &x509_config.num, 674 .order = &cfg.num,
675 }, 675 },
676 { 676 {
677 .name = "trustout", 677 .name = "trustout",
678 .desc = "Output a trusted certificate", 678 .desc = "Output a trusted certificate",
679 .type = OPTION_FLAG, 679 .type = OPTION_FLAG,
680 .opt.flag = &x509_config.trustout, 680 .opt.flag = &cfg.trustout,
681 }, 681 },
682 { 682 {
683 .name = "x509toreq", 683 .name = "x509toreq",
684 .desc = "Output a certification request object", 684 .desc = "Output a certification request object",
685 .type = OPTION_ORDER, 685 .type = OPTION_ORDER,
686 .opt.order = &x509_config.x509req, 686 .opt.order = &cfg.x509req,
687 .order = &x509_config.num, 687 .order = &cfg.num,
688 }, 688 },
689 { 689 {
690 .name = NULL, 690 .name = NULL,
@@ -740,13 +740,13 @@ x509_main(int argc, char **argv)
740 exit(1); 740 exit(1);
741 } 741 }
742 742
743 memset(&x509_config, 0, sizeof(x509_config)); 743 memset(&cfg, 0, sizeof(cfg));
744 x509_config.days = DEF_DAYS; 744 cfg.days = DEF_DAYS;
745 x509_config.informat = FORMAT_PEM; 745 cfg.informat = FORMAT_PEM;
746 x509_config.outformat = FORMAT_PEM; 746 cfg.outformat = FORMAT_PEM;
747 x509_config.keyformat = FORMAT_PEM; 747 cfg.keyformat = FORMAT_PEM;
748 x509_config.CAformat = FORMAT_PEM; 748 cfg.CAformat = FORMAT_PEM;
749 x509_config.CAkeyformat = FORMAT_PEM; 749 cfg.CAkeyformat = FORMAT_PEM;
750 750
751 STDout = BIO_new_fp(stdout, BIO_NOCLOSE); 751 STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
752 752
@@ -758,13 +758,13 @@ x509_main(int argc, char **argv)
758 if (options_parse(argc, argv, x509_options, NULL, NULL) != 0) 758 if (options_parse(argc, argv, x509_options, NULL, NULL) != 0)
759 goto bad; 759 goto bad;
760 760
761 if (x509_config.badops) { 761 if (cfg.badops) {
762 bad: 762 bad:
763 x509_usage(); 763 x509_usage();
764 goto end; 764 goto end;
765 } 765 }
766 766
767 if (!app_passwd(bio_err, x509_config.passargin, NULL, &passin, NULL)) { 767 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
768 BIO_printf(bio_err, "Error getting password\n"); 768 BIO_printf(bio_err, "Error getting password\n");
769 goto end; 769 goto end;
770 } 770 }
@@ -772,53 +772,53 @@ x509_main(int argc, char **argv)
772 ERR_print_errors(bio_err); 772 ERR_print_errors(bio_err);
773 goto end; 773 goto end;
774 } 774 }
775 if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) && 775 if ((cfg.CAkeyfile == NULL) && (cfg.CA_flag) &&
776 (x509_config.CAformat == FORMAT_PEM)) { 776 (cfg.CAformat == FORMAT_PEM)) {
777 x509_config.CAkeyfile = x509_config.CAfile; 777 cfg.CAkeyfile = cfg.CAfile;
778 } else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) { 778 } else if ((cfg.CA_flag) && (cfg.CAkeyfile == NULL)) {
779 BIO_printf(bio_err, 779 BIO_printf(bio_err,
780 "need to specify a CAkey if using the CA command\n"); 780 "need to specify a CAkey if using the CA command\n");
781 goto end; 781 goto end;
782 } 782 }
783 if (x509_config.extfile != NULL) { 783 if (cfg.extfile != NULL) {
784 long errorline = -1; 784 long errorline = -1;
785 X509V3_CTX ctx2; 785 X509V3_CTX ctx2;
786 extconf = NCONF_new(NULL); 786 extconf = NCONF_new(NULL);
787 if (!NCONF_load(extconf, x509_config.extfile, &errorline)) { 787 if (!NCONF_load(extconf, cfg.extfile, &errorline)) {
788 if (errorline <= 0) 788 if (errorline <= 0)
789 BIO_printf(bio_err, 789 BIO_printf(bio_err,
790 "error loading the config file '%s'\n", 790 "error loading the config file '%s'\n",
791 x509_config.extfile); 791 cfg.extfile);
792 else 792 else
793 BIO_printf(bio_err, 793 BIO_printf(bio_err,
794 "error on line %ld of config file '%s'\n", 794 "error on line %ld of config file '%s'\n",
795 errorline, x509_config.extfile); 795 errorline, cfg.extfile);
796 goto end; 796 goto end;
797 } 797 }
798 if (x509_config.extsect == NULL) { 798 if (cfg.extsect == NULL) {
799 x509_config.extsect = NCONF_get_string(extconf, 799 cfg.extsect = NCONF_get_string(extconf,
800 "default", "extensions"); 800 "default", "extensions");
801 if (x509_config.extsect == NULL) { 801 if (cfg.extsect == NULL) {
802 ERR_clear_error(); 802 ERR_clear_error();
803 x509_config.extsect = "default"; 803 cfg.extsect = "default";
804 } 804 }
805 } 805 }
806 X509V3_set_ctx_test(&ctx2); 806 X509V3_set_ctx_test(&ctx2);
807 X509V3_set_nconf(&ctx2, extconf); 807 X509V3_set_nconf(&ctx2, extconf);
808 if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect, 808 if (!X509V3_EXT_add_nconf(extconf, &ctx2, cfg.extsect,
809 NULL)) { 809 NULL)) {
810 BIO_printf(bio_err, 810 BIO_printf(bio_err,
811 "Error Loading extension section %s\n", 811 "Error Loading extension section %s\n",
812 x509_config.extsect); 812 cfg.extsect);
813 ERR_print_errors(bio_err); 813 ERR_print_errors(bio_err);
814 goto end; 814 goto end;
815 } 815 }
816 } 816 }
817 if (x509_config.reqfile) { 817 if (cfg.reqfile) {
818 EVP_PKEY *pkey; 818 EVP_PKEY *pkey;
819 BIO *in; 819 BIO *in;
820 820
821 if (!x509_config.sign_flag && !x509_config.CA_flag) { 821 if (!cfg.sign_flag && !cfg.CA_flag) {
822 BIO_printf(bio_err, 822 BIO_printf(bio_err,
823 "We need a private key to sign with\n"); 823 "We need a private key to sign with\n");
824 goto end; 824 goto end;
@@ -828,11 +828,11 @@ x509_main(int argc, char **argv)
828 ERR_print_errors(bio_err); 828 ERR_print_errors(bio_err);
829 goto end; 829 goto end;
830 } 830 }
831 if (x509_config.infile == NULL) 831 if (cfg.infile == NULL)
832 BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT); 832 BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
833 else { 833 else {
834 if (BIO_read_filename(in, x509_config.infile) <= 0) { 834 if (BIO_read_filename(in, cfg.infile) <= 0) {
835 perror(x509_config.infile); 835 perror(cfg.infile);
836 BIO_free(in); 836 BIO_free(in);
837 goto end; 837 goto end;
838 } 838 }
@@ -862,21 +862,21 @@ x509_main(int argc, char **argv)
862 BIO_printf(bio_err, "Signature ok\n"); 862 BIO_printf(bio_err, "Signature ok\n");
863 863
864 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), 864 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
865 x509_config.nmflag); 865 cfg.nmflag);
866 866
867 if ((x = X509_new()) == NULL) 867 if ((x = X509_new()) == NULL)
868 goto end; 868 goto end;
869 869
870 if (x509_config.sno == NULL) { 870 if (cfg.sno == NULL) {
871 x509_config.sno = ASN1_INTEGER_new(); 871 cfg.sno = ASN1_INTEGER_new();
872 if (x509_config.sno == NULL || 872 if (cfg.sno == NULL ||
873 !rand_serial(NULL, x509_config.sno)) 873 !rand_serial(NULL, cfg.sno))
874 goto end; 874 goto end;
875 if (!X509_set_serialNumber(x, x509_config.sno)) 875 if (!X509_set_serialNumber(x, cfg.sno))
876 goto end; 876 goto end;
877 ASN1_INTEGER_free(x509_config.sno); 877 ASN1_INTEGER_free(cfg.sno);
878 x509_config.sno = NULL; 878 cfg.sno = NULL;
879 } else if (!X509_set_serialNumber(x, x509_config.sno)) 879 } else if (!X509_set_serialNumber(x, cfg.sno))
880 goto end; 880 goto end;
881 881
882 if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) 882 if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
@@ -886,7 +886,7 @@ x509_main(int argc, char **argv)
886 886
887 if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) 887 if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
888 goto end; 888 goto end;
889 if (X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0, 889 if (X509_time_adj_ex(X509_get_notAfter(x), cfg.days, 0,
890 NULL) == NULL) 890 NULL) == NULL)
891 goto end; 891 goto end;
892 892
@@ -897,19 +897,19 @@ x509_main(int argc, char **argv)
897 goto end; 897 goto end;
898 } 898 }
899 } else { 899 } else {
900 x = load_cert(bio_err, x509_config.infile, x509_config.informat, 900 x = load_cert(bio_err, cfg.infile, cfg.informat,
901 NULL, "Certificate"); 901 NULL, "Certificate");
902 } 902 }
903 if (x == NULL) 903 if (x == NULL)
904 goto end; 904 goto end;
905 905
906 if (x509_config.CA_flag) { 906 if (cfg.CA_flag) {
907 xca = load_cert(bio_err, x509_config.CAfile, 907 xca = load_cert(bio_err, cfg.CAfile,
908 x509_config.CAformat, NULL, "CA Certificate"); 908 cfg.CAformat, NULL, "CA Certificate");
909 if (xca == NULL) 909 if (xca == NULL)
910 goto end; 910 goto end;
911 } 911 }
912 if (!x509_config.noout || x509_config.text || x509_config.next_serial) { 912 if (!cfg.noout || cfg.text || cfg.next_serial) {
913 OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); 913 OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
914 914
915 out = BIO_new(BIO_s_file()); 915 out = BIO_new(BIO_s_file());
@@ -917,57 +917,57 @@ x509_main(int argc, char **argv)
917 ERR_print_errors(bio_err); 917 ERR_print_errors(bio_err);
918 goto end; 918 goto end;
919 } 919 }
920 if (x509_config.outfile == NULL) { 920 if (cfg.outfile == NULL) {
921 BIO_set_fp(out, stdout, BIO_NOCLOSE); 921 BIO_set_fp(out, stdout, BIO_NOCLOSE);
922 } else { 922 } else {
923 if (BIO_write_filename(out, x509_config.outfile) <= 0) { 923 if (BIO_write_filename(out, cfg.outfile) <= 0) {
924 perror(x509_config.outfile); 924 perror(cfg.outfile);
925 goto end; 925 goto end;
926 } 926 }
927 } 927 }
928 } 928 }
929 if (x509_config.alias != NULL) { 929 if (cfg.alias != NULL) {
930 if (!X509_alias_set1(x, (unsigned char *)x509_config.alias, -1)) 930 if (!X509_alias_set1(x, (unsigned char *)cfg.alias, -1))
931 goto end; 931 goto end;
932 } 932 }
933 933
934 if (x509_config.clrtrust) 934 if (cfg.clrtrust)
935 X509_trust_clear(x); 935 X509_trust_clear(x);
936 if (x509_config.clrreject) 936 if (cfg.clrreject)
937 X509_reject_clear(x); 937 X509_reject_clear(x);
938 938
939 if (x509_config.trust != NULL) { 939 if (cfg.trust != NULL) {
940 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { 940 for (i = 0; i < sk_ASN1_OBJECT_num(cfg.trust); i++) {
941 x509_config.objtmp = sk_ASN1_OBJECT_value( 941 cfg.objtmp = sk_ASN1_OBJECT_value(
942 x509_config.trust, i); 942 cfg.trust, i);
943 if (!X509_add1_trust_object(x, x509_config.objtmp)) 943 if (!X509_add1_trust_object(x, cfg.objtmp))
944 goto end; 944 goto end;
945 } 945 }
946 } 946 }
947 if (x509_config.reject != NULL) { 947 if (cfg.reject != NULL) {
948 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { 948 for (i = 0; i < sk_ASN1_OBJECT_num(cfg.reject); i++) {
949 x509_config.objtmp = sk_ASN1_OBJECT_value( 949 cfg.objtmp = sk_ASN1_OBJECT_value(
950 x509_config.reject, i); 950 cfg.reject, i);
951 if (!X509_add1_reject_object(x, x509_config.objtmp)) 951 if (!X509_add1_reject_object(x, cfg.objtmp))
952 goto end; 952 goto end;
953 } 953 }
954 } 954 }
955 if (x509_config.num) { 955 if (cfg.num) {
956 for (i = 1; i <= x509_config.num; i++) { 956 for (i = 1; i <= cfg.num; i++) {
957 if (x509_config.issuer == i) { 957 if (cfg.issuer == i) {
958 print_name(STDout, "issuer= ", 958 print_name(STDout, "issuer= ",
959 X509_get_issuer_name(x), 959 X509_get_issuer_name(x),
960 x509_config.nmflag); 960 cfg.nmflag);
961 } else if (x509_config.subject == i) { 961 } else if (cfg.subject == i) {
962 print_name(STDout, "subject= ", 962 print_name(STDout, "subject= ",
963 X509_get_subject_name(x), 963 X509_get_subject_name(x),
964 x509_config.nmflag); 964 cfg.nmflag);
965 } else if (x509_config.serial == i) { 965 } else if (cfg.serial == i) {
966 BIO_printf(STDout, "serial="); 966 BIO_printf(STDout, "serial=");
967 i2a_ASN1_INTEGER(STDout, 967 i2a_ASN1_INTEGER(STDout,
968 X509_get_serialNumber(x)); 968 X509_get_serialNumber(x));
969 BIO_printf(STDout, "\n"); 969 BIO_printf(STDout, "\n");
970 } else if (x509_config.next_serial == i) { 970 } else if (cfg.next_serial == i) {
971 BIGNUM *bnser; 971 BIGNUM *bnser;
972 ASN1_INTEGER *ser; 972 ASN1_INTEGER *ser;
973 ser = X509_get_serialNumber(x); 973 ser = X509_get_serialNumber(x);
@@ -989,11 +989,11 @@ x509_main(int argc, char **argv)
989 i2a_ASN1_INTEGER(out, ser); 989 i2a_ASN1_INTEGER(out, ser);
990 ASN1_INTEGER_free(ser); 990 ASN1_INTEGER_free(ser);
991 BIO_puts(out, "\n"); 991 BIO_puts(out, "\n");
992 } else if ((x509_config.email == i) || 992 } else if ((cfg.email == i) ||
993 (x509_config.ocsp_uri == i)) { 993 (cfg.ocsp_uri == i)) {
994 int j; 994 int j;
995 STACK_OF(OPENSSL_STRING) *emlst; 995 STACK_OF(OPENSSL_STRING) *emlst;
996 if (x509_config.email == i) 996 if (cfg.email == i)
997 emlst = X509_get1_email(x); 997 emlst = X509_get1_email(x);
998 else 998 else
999 emlst = X509_get1_ocsp(x); 999 emlst = X509_get1_ocsp(x);
@@ -1001,7 +1001,7 @@ x509_main(int argc, char **argv)
1001 BIO_printf(STDout, "%s\n", 1001 BIO_printf(STDout, "%s\n",
1002 sk_OPENSSL_STRING_value(emlst, j)); 1002 sk_OPENSSL_STRING_value(emlst, j));
1003 X509_email_free(emlst); 1003 X509_email_free(emlst);
1004 } else if (x509_config.aliasout == i) { 1004 } else if (cfg.aliasout == i) {
1005 unsigned char *albuf; 1005 unsigned char *albuf;
1006 int buflen; 1006 int buflen;
1007 albuf = X509_alias_get0(x, &buflen); 1007 albuf = X509_alias_get0(x, &buflen);
@@ -1010,27 +1010,27 @@ x509_main(int argc, char **argv)
1010 buflen, albuf); 1010 buflen, albuf);
1011 else 1011 else
1012 BIO_puts(STDout, "<No Alias>\n"); 1012 BIO_puts(STDout, "<No Alias>\n");
1013 } else if (x509_config.subject_hash == i) { 1013 } else if (cfg.subject_hash == i) {
1014 BIO_printf(STDout, "%08lx\n", 1014 BIO_printf(STDout, "%08lx\n",
1015 X509_subject_name_hash(x)); 1015 X509_subject_name_hash(x));
1016 } 1016 }
1017#ifndef OPENSSL_NO_MD5 1017#ifndef OPENSSL_NO_MD5
1018 else if (x509_config.subject_hash_old == i) { 1018 else if (cfg.subject_hash_old == i) {
1019 BIO_printf(STDout, "%08lx\n", 1019 BIO_printf(STDout, "%08lx\n",
1020 X509_subject_name_hash_old(x)); 1020 X509_subject_name_hash_old(x));
1021 } 1021 }
1022#endif 1022#endif
1023 else if (x509_config.issuer_hash == i) { 1023 else if (cfg.issuer_hash == i) {
1024 BIO_printf(STDout, "%08lx\n", 1024 BIO_printf(STDout, "%08lx\n",
1025 X509_issuer_name_hash(x)); 1025 X509_issuer_name_hash(x));
1026 } 1026 }
1027#ifndef OPENSSL_NO_MD5 1027#ifndef OPENSSL_NO_MD5
1028 else if (x509_config.issuer_hash_old == i) { 1028 else if (cfg.issuer_hash_old == i) {
1029 BIO_printf(STDout, "%08lx\n", 1029 BIO_printf(STDout, "%08lx\n",
1030 X509_issuer_name_hash_old(x)); 1030 X509_issuer_name_hash_old(x));
1031 } 1031 }
1032#endif 1032#endif
1033 else if (x509_config.pprint == i) { 1033 else if (cfg.pprint == i) {
1034 X509_PURPOSE *ptmp; 1034 X509_PURPOSE *ptmp;
1035 int j; 1035 int j;
1036 BIO_printf(STDout, "Certificate purposes:\n"); 1036 BIO_printf(STDout, "Certificate purposes:\n");
@@ -1038,7 +1038,7 @@ x509_main(int argc, char **argv)
1038 ptmp = X509_PURPOSE_get0(j); 1038 ptmp = X509_PURPOSE_get0(j);
1039 purpose_print(STDout, x, ptmp); 1039 purpose_print(STDout, x, ptmp);
1040 } 1040 }
1041 } else if (x509_config.modulus == i) { 1041 } else if (cfg.modulus == i) {
1042 EVP_PKEY *pkey; 1042 EVP_PKEY *pkey;
1043 1043
1044 pkey = X509_get0_pubkey(x); 1044 pkey = X509_get0_pubkey(x);
@@ -1066,7 +1066,7 @@ x509_main(int argc, char **argv)
1066 BIO_printf(STDout, 1066 BIO_printf(STDout,
1067 "Wrong Algorithm type"); 1067 "Wrong Algorithm type");
1068 BIO_printf(STDout, "\n"); 1068 BIO_printf(STDout, "\n");
1069 } else if (x509_config.pubkey == i) { 1069 } else if (cfg.pubkey == i) {
1070 EVP_PKEY *pkey; 1070 EVP_PKEY *pkey;
1071 1071
1072 pkey = X509_get0_pubkey(x); 1072 pkey = X509_get0_pubkey(x);
@@ -1077,7 +1077,7 @@ x509_main(int argc, char **argv)
1077 goto end; 1077 goto end;
1078 } 1078 }
1079 PEM_write_bio_PUBKEY(STDout, pkey); 1079 PEM_write_bio_PUBKEY(STDout, pkey);
1080 } else if (x509_config.C == i) { 1080 } else if (cfg.C == i) {
1081 unsigned char *d; 1081 unsigned char *d;
1082 char *m; 1082 char *m;
1083 int y, z; 1083 int y, z;
@@ -1156,11 +1156,11 @@ x509_main(int argc, char **argv)
1156 BIO_printf(STDout, "};\n"); 1156 BIO_printf(STDout, "};\n");
1157 1157
1158 free(m); 1158 free(m);
1159 } else if (x509_config.text == i) { 1159 } else if (cfg.text == i) {
1160 if(!X509_print_ex(STDout, x, x509_config.nmflag, 1160 if(!X509_print_ex(STDout, x, cfg.nmflag,
1161 x509_config.certflag)) 1161 cfg.certflag))
1162 goto end; 1162 goto end;
1163 } else if (x509_config.startdate == i) { 1163 } else if (cfg.startdate == i) {
1164 ASN1_TIME *nB = X509_get_notBefore(x); 1164 ASN1_TIME *nB = X509_get_notBefore(x);
1165 BIO_puts(STDout, "notBefore="); 1165 BIO_puts(STDout, "notBefore=");
1166 if (ASN1_time_parse(nB->data, nB->length, NULL, 1166 if (ASN1_time_parse(nB->data, nB->length, NULL,
@@ -1170,7 +1170,7 @@ x509_main(int argc, char **argv)
1170 else 1170 else
1171 ASN1_TIME_print(STDout, nB); 1171 ASN1_TIME_print(STDout, nB);
1172 BIO_puts(STDout, "\n"); 1172 BIO_puts(STDout, "\n");
1173 } else if (x509_config.enddate == i) { 1173 } else if (cfg.enddate == i) {
1174 ASN1_TIME *nA = X509_get_notAfter(x); 1174 ASN1_TIME *nA = X509_get_notAfter(x);
1175 BIO_puts(STDout, "notAfter="); 1175 BIO_puts(STDout, "notAfter=");
1176 if (ASN1_time_parse(nA->data, nA->length, NULL, 1176 if (ASN1_time_parse(nA->data, nA->length, NULL,
@@ -1180,11 +1180,11 @@ x509_main(int argc, char **argv)
1180 else 1180 else
1181 ASN1_TIME_print(STDout, nA); 1181 ASN1_TIME_print(STDout, nA);
1182 BIO_puts(STDout, "\n"); 1182 BIO_puts(STDout, "\n");
1183 } else if (x509_config.fingerprint == i) { 1183 } else if (cfg.fingerprint == i) {
1184 int j; 1184 int j;
1185 unsigned int n; 1185 unsigned int n;
1186 unsigned char md[EVP_MAX_MD_SIZE]; 1186 unsigned char md[EVP_MAX_MD_SIZE];
1187 const EVP_MD *fdig = x509_config.digest; 1187 const EVP_MD *fdig = cfg.digest;
1188 1188
1189 if (fdig == NULL) 1189 if (fdig == NULL)
1190 fdig = EVP_sha256(); 1190 fdig = EVP_sha256();
@@ -1201,52 +1201,52 @@ x509_main(int argc, char **argv)
1201 } 1201 }
1202 1202
1203 /* should be in the library */ 1203 /* should be in the library */
1204 } else if ((x509_config.sign_flag == i) && 1204 } else if ((cfg.sign_flag == i) &&
1205 (x509_config.x509req == 0)) { 1205 (cfg.x509req == 0)) {
1206 BIO_printf(bio_err, "Getting Private key\n"); 1206 BIO_printf(bio_err, "Getting Private key\n");
1207 if (Upkey == NULL) { 1207 if (Upkey == NULL) {
1208 Upkey = load_key(bio_err, 1208 Upkey = load_key(bio_err,
1209 x509_config.keyfile, 1209 cfg.keyfile,
1210 x509_config.keyformat, 0, passin, 1210 cfg.keyformat, 0, passin,
1211 "Private key"); 1211 "Private key");
1212 if (Upkey == NULL) 1212 if (Upkey == NULL)
1213 goto end; 1213 goto end;
1214 } 1214 }
1215 if (!sign(x, Upkey, x509_config.days, 1215 if (!sign(x, Upkey, cfg.days,
1216 x509_config.clrext, x509_config.digest, 1216 cfg.clrext, cfg.digest,
1217 extconf, x509_config.extsect)) 1217 extconf, cfg.extsect))
1218 goto end; 1218 goto end;
1219 } else if (x509_config.CA_flag == i) { 1219 } else if (cfg.CA_flag == i) {
1220 BIO_printf(bio_err, "Getting CA Private Key\n"); 1220 BIO_printf(bio_err, "Getting CA Private Key\n");
1221 if (x509_config.CAkeyfile != NULL) { 1221 if (cfg.CAkeyfile != NULL) {
1222 CApkey = load_key(bio_err, 1222 CApkey = load_key(bio_err,
1223 x509_config.CAkeyfile, 1223 cfg.CAkeyfile,
1224 x509_config.CAkeyformat, 0, passin, 1224 cfg.CAkeyformat, 0, passin,
1225 "CA Private Key"); 1225 "CA Private Key");
1226 if (CApkey == NULL) 1226 if (CApkey == NULL)
1227 goto end; 1227 goto end;
1228 } 1228 }
1229 if (!x509_certify(ctx, x509_config.CAfile, 1229 if (!x509_certify(ctx, cfg.CAfile,
1230 x509_config.digest, x, xca, CApkey, 1230 cfg.digest, x, xca, CApkey,
1231 x509_config.sigopts, x509_config.CAserial, 1231 cfg.sigopts, cfg.CAserial,
1232 x509_config.CA_createserial, 1232 cfg.CA_createserial,
1233 x509_config.days, x509_config.clrext, 1233 cfg.days, cfg.clrext,
1234 extconf, x509_config.extsect, 1234 extconf, cfg.extsect,
1235 x509_config.sno)) 1235 cfg.sno))
1236 goto end; 1236 goto end;
1237 } else if (x509_config.x509req == i) { 1237 } else if (cfg.x509req == i) {
1238 EVP_PKEY *pk; 1238 EVP_PKEY *pk;
1239 1239
1240 BIO_printf(bio_err, 1240 BIO_printf(bio_err,
1241 "Getting request Private Key\n"); 1241 "Getting request Private Key\n");
1242 if (x509_config.keyfile == NULL) { 1242 if (cfg.keyfile == NULL) {
1243 BIO_printf(bio_err, 1243 BIO_printf(bio_err,
1244 "no request key file specified\n"); 1244 "no request key file specified\n");
1245 goto end; 1245 goto end;
1246 } else { 1246 } else {
1247 pk = load_key(bio_err, 1247 pk = load_key(bio_err,
1248 x509_config.keyfile, 1248 cfg.keyfile,
1249 x509_config.keyformat, 0, passin, 1249 cfg.keyformat, 0, passin,
1250 "request key"); 1250 "request key");
1251 if (pk == NULL) 1251 if (pk == NULL)
1252 goto end; 1252 goto end;
@@ -1255,27 +1255,27 @@ x509_main(int argc, char **argv)
1255 BIO_printf(bio_err, 1255 BIO_printf(bio_err,
1256 "Generating certificate request\n"); 1256 "Generating certificate request\n");
1257 1257
1258 rq = X509_to_X509_REQ(x, pk, x509_config.digest); 1258 rq = X509_to_X509_REQ(x, pk, cfg.digest);
1259 EVP_PKEY_free(pk); 1259 EVP_PKEY_free(pk);
1260 if (rq == NULL) { 1260 if (rq == NULL) {
1261 ERR_print_errors(bio_err); 1261 ERR_print_errors(bio_err);
1262 goto end; 1262 goto end;
1263 } 1263 }
1264 if (!x509_config.noout) { 1264 if (!cfg.noout) {
1265 if (!X509_REQ_print(out, rq)) 1265 if (!X509_REQ_print(out, rq))
1266 goto end; 1266 goto end;
1267 if (!PEM_write_bio_X509_REQ(out, rq)) 1267 if (!PEM_write_bio_X509_REQ(out, rq))
1268 goto end; 1268 goto end;
1269 } 1269 }
1270 x509_config.noout = 1; 1270 cfg.noout = 1;
1271 } else if (x509_config.ocspid == i) { 1271 } else if (cfg.ocspid == i) {
1272 if (!X509_ocspid_print(out, x)) 1272 if (!X509_ocspid_print(out, x))
1273 goto end; 1273 goto end;
1274 } 1274 }
1275 } 1275 }
1276 } 1276 }
1277 if (x509_config.checkend) { 1277 if (cfg.checkend) {
1278 time_t tcheck = time(NULL) + x509_config.checkoffset; 1278 time_t tcheck = time(NULL) + cfg.checkoffset;
1279 int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck); 1279 int timecheck = X509_cmp_time(X509_get_notAfter(x), &tcheck);
1280 if (timecheck == 0) { 1280 if (timecheck == 0) {
1281 BIO_printf(out, "Certificate expiry time is invalid\n"); 1281 BIO_printf(out, "Certificate expiry time is invalid\n");
@@ -1289,14 +1289,14 @@ x509_main(int argc, char **argv)
1289 } 1289 }
1290 goto end; 1290 goto end;
1291 } 1291 }
1292 if (x509_config.noout) { 1292 if (cfg.noout) {
1293 ret = 0; 1293 ret = 0;
1294 goto end; 1294 goto end;
1295 } 1295 }
1296 if (x509_config.outformat == FORMAT_ASN1) 1296 if (cfg.outformat == FORMAT_ASN1)
1297 i = i2d_X509_bio(out, x); 1297 i = i2d_X509_bio(out, x);
1298 else if (x509_config.outformat == FORMAT_PEM) { 1298 else if (cfg.outformat == FORMAT_PEM) {
1299 if (x509_config.trustout) 1299 if (cfg.trustout)
1300 i = PEM_write_bio_X509_AUX(out, x); 1300 i = PEM_write_bio_X509_AUX(out, x);
1301 else 1301 else
1302 i = PEM_write_bio_X509(out, x); 1302 i = PEM_write_bio_X509(out, x);
@@ -1323,11 +1323,11 @@ x509_main(int argc, char **argv)
1323 X509_free(xca); 1323 X509_free(xca);
1324 EVP_PKEY_free(Upkey); 1324 EVP_PKEY_free(Upkey);
1325 EVP_PKEY_free(CApkey); 1325 EVP_PKEY_free(CApkey);
1326 sk_OPENSSL_STRING_free(x509_config.sigopts); 1326 sk_OPENSSL_STRING_free(cfg.sigopts);
1327 X509_REQ_free(rq); 1327 X509_REQ_free(rq);
1328 ASN1_INTEGER_free(x509_config.sno); 1328 ASN1_INTEGER_free(cfg.sno);
1329 sk_ASN1_OBJECT_pop_free(x509_config.trust, ASN1_OBJECT_free); 1329 sk_ASN1_OBJECT_pop_free(cfg.trust, ASN1_OBJECT_free);
1330 sk_ASN1_OBJECT_pop_free(x509_config.reject, ASN1_OBJECT_free); 1330 sk_ASN1_OBJECT_pop_free(cfg.reject, ASN1_OBJECT_free);
1331 free(passin); 1331 free(passin);
1332 1332
1333 return (ret); 1333 return (ret);
@@ -1412,7 +1412,7 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x,
1412 */ 1412 */
1413 X509_STORE_CTX_set_cert(xsc, x); 1413 X509_STORE_CTX_set_cert(xsc, x);
1414 X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); 1414 X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
1415 if (!x509_config.reqfile && X509_verify_cert(xsc) <= 0) 1415 if (!cfg.reqfile && X509_verify_cert(xsc) <= 0)
1416 goto end; 1416 goto end;
1417 1417
1418 if (!X509_check_private_key(xca, pkey)) { 1418 if (!X509_check_private_key(xca, pkey)) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 11:55:49 +0000