aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/apps
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2016-01-28 20:15:22 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2016-01-28 20:15:22 +0000
commit8180e704acbcb94cca5b29bf64a208add3e1edb6 (patch)
treed1486d18bb9fa5f51cadbaccb04f3c3879e273ec /crypto/openssl/apps
parent2cf60b3ce2660556476ac00ecbecead73fb5adca (diff)
parentc188d4cade9cba451816aef2371942bea4ff837f (diff)
downloadsrc-8180e704acbcb94cca5b29bf64a208add3e1edb6.tar.gz
src-8180e704acbcb94cca5b29bf64a208add3e1edb6.zip
Notes
Diffstat (limited to 'crypto/openssl/apps')
-rw-r--r--crypto/openssl/apps/engine.c2
-rw-r--r--crypto/openssl/apps/ocsp.c2
-rw-r--r--crypto/openssl/apps/pkcs12.c42
-rw-r--r--crypto/openssl/apps/pkeyutl.c38
-rw-r--r--crypto/openssl/apps/s_client.c2
-rw-r--r--crypto/openssl/apps/s_server.c2
-rw-r--r--crypto/openssl/apps/speed.c2
-rw-r--r--crypto/openssl/apps/x509.c7
8 files changed, 49 insertions, 48 deletions
diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c
index 460ec60cb14c..f54631b50d81 100644
--- a/crypto/openssl/apps/engine.c
+++ b/crypto/openssl/apps/engine.c
@@ -1,4 +1,4 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* apps/engine.c */
/*
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
* 2000.
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index 6ed255d4b563..5da51df5148c 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+ nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) {
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index e41b445a50b0..cbb75b7d5fe4 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
# define CLCERTS 0x8
# define CACERTS 0x10
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+ STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
@@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
vret = get_cert_chain(ucert, store, &chain2);
X509_STORE_free(store);
- if (!vret) {
+ if (vret == X509_V_OK) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num(chain2); i++)
sk_X509_push(certs, sk_X509_value(chain2, i));
@@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
- if (vret >= 0)
+ if (vret != X509_V_ERR_UNSPECIFIED)
BIO_printf(bio_err, "Error %s getting chain.\n",
X509_verify_cert_error_string(vret));
else
@@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
/* Given a single certificate return a verified chain or NULL if error */
-/* Hope this is OK .... */
-
-int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+ STACK_OF(X509) **chain)
{
X509_STORE_CTX store_ctx;
- STACK_OF(X509) *chn;
+ STACK_OF(X509) *chn = NULL;
int i = 0;
- /*
- * FIXME: Should really check the return status of X509_STORE_CTX_init
- * for an error, but how that fits into the return value of this function
- * is less obvious.
- */
- X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
- if (X509_verify_cert(&store_ctx) <= 0) {
- i = X509_STORE_CTX_get_error(&store_ctx);
- if (i == 0)
- /*
- * avoid returning 0 if X509_verify_cert() did not set an
- * appropriate error value in the context
- */
- i = -1;
- chn = NULL;
- goto err;
- } else
+ if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
+ *chain = NULL;
+ return X509_V_ERR_UNSPECIFIED;
+ }
+
+ if (X509_verify_cert(&store_ctx) > 0)
chn = X509_STORE_CTX_get1_chain(&store_ctx);
- err:
+ else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
+ i = X509_V_ERR_UNSPECIFIED;
+
X509_STORE_CTX_cleanup(&store_ctx);
*chain = chn;
-
return i;
}
diff --git a/crypto/openssl/apps/pkeyutl.c b/crypto/openssl/apps/pkeyutl.c
index aaa90740ad4d..c8d513b44ac4 100644
--- a/crypto/openssl/apps/pkeyutl.c
+++ b/crypto/openssl/apps/pkeyutl.c
@@ -74,10 +74,11 @@ static void usage(void);
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e);
+ char *passargin, int pkey_op, ENGINE *e,
+ int impl);
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file);
+ const char *file, ENGINE* e);
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
unsigned char *out, size_t *poutlen,
@@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
EVP_PKEY_CTX *ctx = NULL;
char *passargin = NULL;
int keysize = -1;
+ int engine_impl = 0;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
size_t buf_outlen;
@@ -137,7 +139,7 @@ int MAIN(int argc, char **argv)
else {
ctx = init_ctx(&keysize,
*(++argv), keyform, key_type,
- passargin, pkey_op, e);
+ passargin, pkey_op, e, engine_impl);
if (!ctx) {
BIO_puts(bio_err, "Error initializing context\n");
ERR_print_errors(bio_err);
@@ -147,7 +149,7 @@ int MAIN(int argc, char **argv)
} else if (!strcmp(*argv, "-peerkey")) {
if (--argc < 1)
badarg = 1;
- else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
+ else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
badarg = 1;
} else if (!strcmp(*argv, "-passin")) {
if (--argc < 1)
@@ -171,6 +173,8 @@ int MAIN(int argc, char **argv)
badarg = 1;
else
e = setup_engine(bio_err, *(++argv), 0);
+ } else if (!strcmp(*argv, "-engine_impl")) {
+ engine_impl = 1;
}
#endif
else if (!strcmp(*argv, "-pubin"))
@@ -368,7 +372,8 @@ static void usage()
BIO_printf(bio_err, "-hexdump hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
- "-engine e use engine e, possibly a hardware device.\n");
+ "-engine e use engine e, maybe a hardware device, for loading keys.\n");
+ BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n");
#endif
BIO_printf(bio_err, "-passin arg pass phrase source\n");
@@ -376,10 +381,12 @@ static void usage()
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
char *keyfile, int keyform, int key_type,
- char *passargin, int pkey_op, ENGINE *e)
+ char *passargin, int pkey_op, ENGINE *e,
+ int engine_impl)
{
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
+ ENGINE *impl = NULL;
char *passin = NULL;
int rv = -1;
X509 *x;
@@ -418,9 +425,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
if (!pkey)
goto end;
-
- ctx = EVP_PKEY_CTX_new(pkey, e);
-
+
+#ifndef OPENSSL_NO_ENGINE
+ if (engine_impl)
+ impl = e;
+#endif
+
+ ctx = EVP_PKEY_CTX_new(pkey, impl);
+
EVP_PKEY_free(pkey);
if (!ctx)
@@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
}
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
- const char *file)
+ const char *file, ENGINE* e)
{
EVP_PKEY *peer = NULL;
+ ENGINE* engine = NULL;
int ret;
if (!ctx) {
BIO_puts(err, "-peerkey command before -inkey\n");
return 0;
}
- peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
+ if (peerform == FORMAT_ENGINE)
+ engine = e;
+
+ peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
if (!peer) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index f80711fd5e58..caf76d35dc5a 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -308,7 +308,7 @@ static void sc_usage(void)
" -connect host:port - who to connect to (default is %s:%s)\n",
SSL_HOST_NAME, PORT_STR);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index f19532b75fab..65cbaaf6eb9b 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -498,7 +498,7 @@ static void sv_usage(void)
BIO_printf(bio_err,
" -accept arg - port to accept on (default is %d)\n", PORT);
BIO_printf(bio_err,
- " -verify_host host - check peer certificate matches \"host\"\n");
+ " -verify_hostname host - check peer certificate matches \"host\"\n");
BIO_printf(bio_err,
" -verify_email email - check peer certificate matches \"email\"\n");
BIO_printf(bio_err,
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index 3697b71ec18b..95adcc19cc15 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -1,4 +1,4 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* apps/speed.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index 864a60dda2e7..7c215bced001 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err;
- /* Lets just make it 12:00am GMT, Jan 1 1970 */
- /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
- /* 28 days to be certified */
-
- if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
- NULL)
+ if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto err;
if (!X509_set_pubkey(x, pkey))
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 01:42:29 +0000