"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "apps/ts.c" between
openssl-1.1.1f.tar.gz and openssl-1.1.1g.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

ts.c  (openssl-1.1.1f):ts.c  (openssl-1.1.1g)
/* /*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at * in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_TS #include <stdio.h>
NON_EMPTY_TRANSLATION_UNIT #include <stdlib.h>
#else #include <string.h>
# include <stdio.h> #include "apps.h"
# include <stdlib.h> #include "progs.h"
# include <string.h> #include <openssl/bio.h>
# include "apps.h" #include <openssl/err.h>
# include "progs.h" #include <openssl/pem.h>
# include <openssl/bio.h> #include <openssl/rand.h>
# include <openssl/err.h> #include <openssl/ts.h>
# include <openssl/pem.h> #include <openssl/bn.h>
# include <openssl/rand.h>
# include <openssl/ts.h>
# include <openssl/bn.h>
/* Request nonce length, in bits (must be a multiple of 8). */ /* Request nonce length, in bits (must be a multiple of 8). */
# define NONCE_LENGTH 64 #define NONCE_LENGTH 64
/* Name of config entry that defines the OID file. */ /* Name of config entry that defines the OID file. */
# define ENV_OID_FILE "oid_file" #define ENV_OID_FILE "oid_file"
/* Is |EXACTLY_ONE| of three pointers set? */ /* Is |EXACTLY_ONE| of three pointers set? */
# define EXACTLY_ONE(a, b, c) \ #define EXACTLY_ONE(a, b, c) \
(( a && !b && !c) || \ (( a && !b && !c) || \
( b && !a && !c) || \ ( b && !a && !c) || \
( c && !a && !b)) ( c && !a && !b))
static ASN1_OBJECT *txt2obj(const char *oid); static ASN1_OBJECT *txt2obj(const char *oid);
static CONF *load_config_file(const char *configfile); static CONF *load_config_file(const char *configfile);
/* Query related functions. */ /* Query related functions. */
static int query_command(const char *data, const char *digest, static int query_command(const char *data, const char *digest,
const EVP_MD *md, const char *policy, int no_nonce, const EVP_MD *md, const char *policy, int no_nonce,
skipping to change at line 117 skipping to change at line 114
{"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"}, {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"inkey", OPT_INKEY, 's', "File with private key for reply"}, {"inkey", OPT_INKEY, 's', "File with private key for reply"},
{"signer", OPT_SIGNER, 's', "Signer certificate file"}, {"signer", OPT_SIGNER, 's', "Signer certificate file"},
{"chain", OPT_CHAIN, '<', "File with signer CA chain"}, {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
{"verify", OPT_VERIFY, '-', "Verify a TS response"}, {"verify", OPT_VERIFY, '-', "Verify a TS response"},
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"}, {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"}, {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"}, {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
{"", OPT_MD, '-', "Any supported digest"}, {"", OPT_MD, '-', "Any supported digest"},
# ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif #endif
{OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"}, {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
OPT_V_OPTIONS, OPT_V_OPTIONS,
{OPT_HELP_STR, 1, '-', "\n"}, {OPT_HELP_STR, 1, '-', "\n"},
{NULL} {NULL}
}; };
/* /*
* This command is so complex, special help is needed. * This command is so complex, special help is needed.
*/ */
static char* opt_helplist[] = { static char* opt_helplist[] = {
"Typical uses:", "Typical uses:",
"ts -query [-rand file...] [-config file] [-data file]", "ts -query [-rand file...] [-config file] [-data file]",
" [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]", " [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]",
" [-in file] [-out file] [-text]", " [-in file] [-out file] [-text]",
" or", " or",
"ts -reply [-config file] [-section tsa_section]", "ts -reply [-config file] [-section tsa_section]",
" [-queryfile file] [-passin password]", " [-queryfile file] [-passin password]",
" [-signer tsa_cert.pem] [-inkey private_key.pem]", " [-signer tsa_cert.pem] [-inkey private_key.pem]",
" [-chain certs_file.pem] [-tspolicy oid]", " [-chain certs_file.pem] [-tspolicy oid]",
" [-in file] [-token_in] [-out file] [-token_out]", " [-in file] [-token_in] [-out file] [-token_out]",
# ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
" [-text] [-engine id]", " [-text] [-engine id]",
# else #else
" [-text]", " [-text]",
# endif #endif
" or", " or",
"ts -verify -CApath dir -CAfile file.pem -untrusted file.pem", "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
" [-data file] [-digest hexstring]", " [-data file] [-digest hexstring]",
" [-queryfile file] -in file [-token_in]", " [-queryfile file] -in file [-token_in]",
" [[options specific to 'ts -verify']]", " [[options specific to 'ts -verify']]",
NULL, NULL,
}; };
int ts_main(int argc, char **argv) int ts_main(int argc, char **argv)
{ {
skipping to change at line 685 skipping to change at line 682
TS_RESP_CTX *resp_ctx = NULL; TS_RESP_CTX *resp_ctx = NULL;
if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL) if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL)
goto end; goto end;
if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL) if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL)
goto end; goto end;
if ((resp_ctx = TS_RESP_CTX_new()) == NULL) if ((resp_ctx = TS_RESP_CTX_new()) == NULL)
goto end; goto end;
if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
goto end; goto end;
# ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
if (!TS_CONF_set_crypto_device(conf, section, engine)) if (!TS_CONF_set_crypto_device(conf, section, engine))
goto end; goto end;
# endif #endif
if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
goto end; goto end;
if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
goto end; goto end;
if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx)) if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
goto end; goto end;
if (md) { if (md) {
if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md)) if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
goto end; goto end;
skipping to change at line 986 skipping to change at line 983
err: err:
X509_STORE_free(cert_ctx); X509_STORE_free(cert_ctx);
return NULL; return NULL;
} }
static int verify_cb(int ok, X509_STORE_CTX *ctx) static int verify_cb(int ok, X509_STORE_CTX *ctx)
{ {
return ok; return ok;
} }
#endif /* ndef OPENSSL_NO_TS */
 End of changes. 13 change blocks. 
25 lines changed or deleted 22 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)