Merge pull request #97 from volkc-basf/master

openssl 1.1.x support

Linux/Makefile

@@ -11,7 +11,7 @@ OPENSSL = ../openssl
 CFLAGS	= -Wall -O $(WITH_DEBUG) -I $(OPENSSL)/include 
 
 LDFLAGS = -L$(OPENSSL)
-LDLIBS = -lcrypto
+LDLIBS = -lcrypto -lpthread
 
 MAN	= sscep.8
 PROG	= sscep
@@ -20,7 +20,7 @@ OBJS    = sscep.o init.o net.o sceputils.o pkcs7.o ias.o fileutils.o configurati
 all: $(PROG)_static $(PROG)_dyn
 
 $(PROG)_static: $(OBJS)
-	$(CC) $(CFLAGS) -o $(PROG)_static $(OBJS) $(OPENSSL)/libcrypto.a -ldl
+	$(CC) $(CFLAGS) -o $(PROG)_static $(OBJS) $(OPENSSL)/libcrypto.a -lpthread -ldl
 
 $(PROG)_dyn: $(OBJS)
 	$(CC) $(CFLAGS) -o $(PROG)_dyn $(OBJS) $(LDLIBS) $(LDFLAGS)

configuration.c

@@ -5,19 +5,19 @@
 #define itoa _itoa
 #endif
 
-NAME_VALUE_PAIR* NAME_VALUE_PAIR_new(char *name, char *value) {
-	NAME_VALUE_PAIR *ret = OPENSSL_malloc(sizeof(NAME_VALUE_PAIR));
-	ret->name = OPENSSL_strdup(name);
-	ret->value = OPENSSL_strdup(value);
-	return ret;
-}
-
-void NAME_VALUE_PAIR_free(NAME_VALUE_PAIR *nvp) {
-	OPENSSL_free(nvp->name);
-	OPENSSL_free(nvp->value);
-	OPENSSL_free(nvp);
-}
-
+NAME_VALUE_PAIR* NAME_VALUE_PAIR_new(char *name, char *value) {
+	NAME_VALUE_PAIR *ret = OPENSSL_malloc(sizeof(NAME_VALUE_PAIR));
+	ret->name = OPENSSL_strdup(name);
+	ret->value = OPENSSL_strdup(value);
+	return ret;
+}
+
+void NAME_VALUE_PAIR_free(NAME_VALUE_PAIR *nvp) {
+	OPENSSL_free(nvp->name);
+	OPENSSL_free(nvp->value);
+	OPENSSL_free(nvp);
+}
+
 int scep_conf_init(char *filename) {
 	long err;
 	CONF *conf;
@@ -54,8 +54,6 @@ int scep_conf_load(CONF *conf) {
 	char *windir;
 #endif
 
-	int ret;
-
 	//load global scep vars
 	if((var = NCONF_get_string(conf, SCEP_CONFIGURATION_SECTION, SCEP_CONFIGURATION_PARAM_CACERTFILE)) && !c_flag) {
 		c_flag = 1;
@@ -112,23 +110,22 @@ int scep_conf_load(CONF *conf) {
 	//loading options for specific operation
 	switch(operation_flag) {
 		case SCEP_OPERATION_ENROLL:
-			ret = scep_conf_load_operation_enroll(conf);
+			scep_conf_load_operation_enroll(conf);
 			break;
 		case SCEP_OPERATION_GETCA:
-			ret = scep_conf_load_operation_getca(conf);
+			scep_conf_load_operation_getca(conf);
 			break;
 		case SCEP_OPERATION_GETCERT:
-			ret = scep_conf_load_operation_getcert(conf);
+			scep_conf_load_operation_getcert(conf);
 			break;
 		case SCEP_OPERATION_GETCRL:
-			ret = scep_conf_load_operation_getcrl(conf);
+			scep_conf_load_operation_getcrl(conf);
 			break;
 		case SCEP_OPERATION_GETNEXTCA:
-			ret = scep_conf_load_operation_getnextca(conf);
+			scep_conf_load_operation_getnextca(conf);
 			break;
 		default:
 			fprintf(stderr, "No operation specified, can't load specific settings!\n");
-			ret = -1;
 			break;
 	}
 
@@ -156,7 +153,7 @@ int scep_conf_load(CONF *conf) {
 			printf("%s: Engine Section %s found and processing it\n", pname, SCEP_CONFIGURATION_PARAM_ENGINE);
 
 		//getting engine ID
-		if(var = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_ID)) {
+		if((var = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_ID))) {
 			if(v_flag)
 				printf("%s: Configuration: Engine ID set to %s\n", pname, var);
 			scep_conf->engine->engine_id = var;
@@ -179,7 +176,7 @@ int scep_conf_load(CONF *conf) {
 		//load capi only option
 		//TODO move
 		if(strncmp(scep_conf->engine->engine_id, "capi", 4) == 0) {
-			if(var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_CAPI_NEWKEYLOCATION)) {
+			if((var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_CAPI_NEWKEYLOCATION))) {
 				if(v_flag)
 					printf("%s: Location of the new key will be in %s\n", pname, var);
 				scep_conf->engine->new_key_location = var;
@@ -189,7 +186,7 @@ int scep_conf_load(CONF *conf) {
 				scep_conf->engine->new_key_location = "REQUEST";
 			}
 
-			if(var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_CAPI_STORELOCATION)) {
+			if((var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_CAPI_STORELOCATION))) {
 				if(v_flag)
 					printf("%s: The store used will be %s\n", pname, var);
 				if(!strncmp(var, "LOCAL_MACHINE", 13)) {
@@ -212,25 +209,25 @@ int scep_conf_load(CONF *conf) {
 		//load JKSEngine only option
 		//TODO move
 		if(strncmp(scep_conf->engine->engine_id, "jksengine", 9) == 0) {
-			if(var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_KEYSTOREPASS)) {
+			if((var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_KEYSTOREPASS))) {
 				if(v_flag)
 					printf("%s: KeyStorePass will be set to %s\n", pname, var);
 				scep_conf->engine->storepass = var;
 			}
 
-			if(var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JCONNPATH)) {
+			if((var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JCONNPATH))) {
 				if(v_flag)
 					printf("%s: JavaConnectorPath will be set to %s\n", pname, var);
 				scep_conf->engine->jconnpath = var;
 			}
 
-			if(var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_PROVIDER)) {
+			if((var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_PROVIDER))) {
 				if(v_flag)
 					printf("%s: KeyStoreProvider will be set to %s\n", pname, var);
 				scep_conf->engine->provider = var;
 			}
 
-			if(var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JAVAPATH)) {
+			if((var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JAVAPATH))) {
 				if(v_flag)
 					printf("%s: JavaPath will be set to %s\n", pname, var);
 				scep_conf->engine->javapath = var;
@@ -241,15 +238,15 @@ int scep_conf_load(CONF *conf) {
 		//TODO move
 		if(strncmp(scep_conf->engine->engine_id, "pkcs11", 6) == 0) {
 			scep_conf->engine->pin = NULL;
-			if(var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_PKCS11_PIN)) {
+			if((var = NCONF_get_string(conf, engine_special_section, SCEP_CONFIGURATION_ENGINE_PKCS11_PIN))) {
 				if(v_flag)
 					printf("%s: Setting PIN to configuration value\n", pname);
 				scep_conf->engine->pin = var;
 			}
 		}
 
 		//loading dynamic path variable
-		if(var = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_DYNPATH)) {
+		if((var = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_DYNPATH))) {
 			if(v_flag)
 				printf("%s: Setting dynamic dll path to %s\n", pname, var);
 			scep_conf->engine->dynamic_path = var;
@@ -270,7 +267,7 @@ int scep_conf_load(CONF *conf) {
 		}
 
 		//loading module path variable
-		if(var = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_MODULEPATH)) {
+		if((var = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_MODULEPATH))) {
 			if(v_flag)
 				printf("%s: Setting module path to %s\n", pname, var);
 			scep_conf->engine->module_path = var;
@@ -280,42 +277,42 @@ int scep_conf_load(CONF *conf) {
 				printf("%s: No module path defined, not using/loading any module\n", pname);
 		}
 
-		// If there is a section specified in 'engine_section/cmds', store all those commands IN ORDER
-		char *cmds_section;
-		if(cmds_section = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_CMDS)) {
-			if(!NCONF_get_section(conf, cmds_section)) {
-				fprintf(stderr, "%s: Section %s defined but not found!\n", pname, cmds_section);
-				exit(SCEP_PKISTATUS_FILE);
-			}
-
-			// A cmds section was specified. Read all values in there and store for later passing to the engine
-			if(d_flag)
-				printf("%s: Engine Cmds Section %s found and processing it\n", pname, cmds_section);
-
-			STACK_OF(CONF_VALUE) *section;
-			section = NCONF_get_section(conf, cmds_section);
-			int number_of_cmds = sk_CONF_VALUE_num(section);
-			if(d_flag)
-				printf("%s: There are %d engine commands\n", pname, number_of_cmds);
-			scep_conf->engine->cmds = OPENSSL_malloc((number_of_cmds+1) * sizeof(NAME_VALUE_PAIR*));
-
-			int i;
-			for(i=0; i<number_of_cmds; i++) {
-				CONF_VALUE* conf_value;
-				conf_value = sk_CONF_VALUE_value(section, i);
-				if(d_flag)
-					printf("%s: Engine cmd: %s = %s\n", pname, conf_value->name, conf_value->value);
-				scep_conf->engine->cmds[i] = NAME_VALUE_PAIR_new(conf_value->name, conf_value->value);
-			}
-
-			// NULL terminate the array to indicate where it ends
-			scep_conf->engine->cmds[number_of_cmds] = NULL;
-		} else {
-			scep_conf->engine->cmds = NULL;
-			if(v_flag)
-				printf("%s: No engine cmds section defined\n", pname);
-		}
-
+		// If there is a section specified in 'engine_section/cmds', store all those commands IN ORDER
+		char *cmds_section;
+		if((cmds_section = NCONF_get_string(conf, engine_section, SCEP_CONFIGURATION_ENGINE_CMDS))) {
+			if(!NCONF_get_section(conf, cmds_section)) {
+				fprintf(stderr, "%s: Section %s defined but not found!\n", pname, cmds_section);
+				exit(SCEP_PKISTATUS_FILE);
+			}
+
+			// A cmds section was specified. Read all values in there and store for later passing to the engine
+			if(d_flag)
+				printf("%s: Engine Cmds Section %s found and processing it\n", pname, cmds_section);
+
+			STACK_OF(CONF_VALUE) *section;
+			section = NCONF_get_section(conf, cmds_section);
+			int number_of_cmds = sk_CONF_VALUE_num(section);
+			if(d_flag)
+				printf("%s: There are %d engine commands\n", pname, number_of_cmds);
+			scep_conf->engine->cmds = OPENSSL_malloc((number_of_cmds+1) * sizeof(NAME_VALUE_PAIR*));
+
+			int i;
+			for(i=0; i<number_of_cmds; i++) {
+				CONF_VALUE* conf_value;
+				conf_value = sk_CONF_VALUE_value(section, i);
+				if(d_flag)
+					printf("%s: Engine cmd: %s = %s\n", pname, conf_value->name, conf_value->value);
+				scep_conf->engine->cmds[i] = NAME_VALUE_PAIR_new(conf_value->name, conf_value->value);
+			}
+
+			// NULL terminate the array to indicate where it ends
+			scep_conf->engine->cmds[number_of_cmds] = NULL;
+		} else {
+			scep_conf->engine->cmds = NULL;
+			if(v_flag)
+				printf("%s: No engine cmds section defined\n", pname);
+		}
+
 	}
 
 
@@ -552,7 +549,7 @@ void scep_dump_conf() {
 				printf("Option: %s, Flag: %i, Value: %s\n", names[i], flags[i], chars[i]);
 		}
 	} else {
-		fprintf(stderr, "Length of Arrays does not match! Flags: %i, Chars: %i, Names: %i\n",
+		fprintf(stderr, "Length of Arrays does not match! Flags: %li, Chars: %li, Names: %li\n",
 			sizeof(flags)/sizeof(int),
 			sizeof(chars)/sizeof(char *),
 			sizeof(names)/sizeof(char *)

fileutils.c

@@ -63,7 +63,7 @@ compare_subject(X509 * cert)
 	char buffer[1024];
 	int rc = X509_NAME_cmp(X509_get_subject_name(cert), X509_REQ_get_subject_name(request));
 	if(d_flag) {
-		fprintf(stderr, "Subject of the returned certificate: %s\n", X509_get_subject_name(cert));
+		fprintf(stderr, "Subject of the returned certificate: %s\n", X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0));
 		fprintf(stderr, "Subject of the request: %s\n",
 				X509_NAME_oneline(X509_REQ_get_subject_name(request), buffer, sizeof(buffer))
 			);

ias.c

@@ -14,47 +14,12 @@
 #include "sscep.h"
 #include "ias.h"
 
-int i2d_pkcs7_issuer_and_subject(pkcs7_issuer_and_subject *a,
-	     unsigned char **pp) {
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SUBJECT) = {
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SUBJECT, subject, X509_NAME),
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SUBJECT, issuer, X509_NAME),
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SUBJECT)
 
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->subject,i2d_X509_NAME);
-	M_ASN1_I2D_seq_total();
-	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_put(a->subject,i2d_X509_NAME);
-	M_ASN1_I2D_finish();
-}
-
-pkcs7_issuer_and_subject *
-d2i_pkcs7_issuer_and_subject(pkcs7_issuer_and_subject **a,
-		unsigned char **pp, long length) {
-
-	M_ASN1_D2I_vars(a, pkcs7_issuer_and_subject *,
-		pkcs7_issuer_and_subject_new);
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
-	M_ASN1_D2I_Finish(a,pkcs7_issuer_and_subject_free, 99);
-}
-
-pkcs7_issuer_and_subject *pkcs7_issuer_and_subject_new(void) {
-
-	pkcs7_issuer_and_subject *ret=NULL;
-	ASN1_CTX c;
-	M_ASN1_New_Malloc(ret,pkcs7_issuer_and_subject);
-	M_ASN1_New(ret->issuer,X509_NAME_new);
-	M_ASN1_New(ret->subject,X509_NAME_new);
-	return(ret);
-	M_ASN1_New_Error(199);
-}
-
-void pkcs7_issuer_and_subject_free(pkcs7_issuer_and_subject *a) {
-
-	if (a == NULL) return;
-	X509_NAME_free(a->issuer);
-	M_ASN1_INTEGER_free(a->subject);
-	OPENSSL_free(a);
-}
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SUBJECT);
+IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7_ISSUER_AND_SUBJECT);
 
+IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7_ISSUER_AND_SERIAL);

ias.h

@@ -7,17 +7,7 @@
 
 /* Macros */
 
-#define i2d_pkcs7_issuer_and_subject_bio(bp, ias) \
-	ASN1_i2d_bio(i2d_pkcs7_issuer_and_subject, bp, (unsigned char *)ias)
-#define i2d_PKCS7_ISSUER_AND_SERIAL_bio(bp, ias)  \
-	ASN1_i2d_bio(i2d_PKCS7_ISSUER_AND_SERIAL, bp, (unsigned char *)ias)
-
-/* Routines */
-int i2d_pkcs7_issuer_and_subject(pkcs7_issuer_and_subject *, unsigned char **);
-pkcs7_issuer_and_subject *
-d2i_pkcs7_issuer_and_subject(pkcs7_issuer_and_subject **, unsigned char **,
-	long length);
-pkcs7_issuer_and_subject *pkcs7_issuer_and_subject_new(void);
-void pkcs7_issuer_and_subject_free(pkcs7_issuer_and_subject *);
-
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SUBJECT);
+DECLARE_ASN1_PRINT_FUNCTION(PKCS7_ISSUER_AND_SUBJECT);
 
+DECLARE_ASN1_PRINT_FUNCTION(PKCS7_ISSUER_AND_SERIAL);

init.c

@@ -15,7 +15,7 @@ void
 init_config(FILE *conf) {
 	char	buff[1024];
 	char	*str1, *str2;
-	int	k, i, lines;
+	int		i, lines;
 
  	lines = 0;
 	while (fgets(buff, 1024, conf)) {
@@ -38,12 +38,11 @@ init_config(FILE *conf) {
 
 		/* fetch key and value: */
 
-		k = 0;
 		str1 = get_string(&buff[i]);
 		i += strlen(&buff[i])+1;
 		for ( ; isspace(buff[i]) ; i++ )
 			;
-		k = 1;
+
 		str2 = get_string(&buff[i]);
 
 		/* if not found... */

net.c

@@ -197,10 +197,10 @@ send_msg(struct http_reply *http,char *msg,char *host,int port,int operation) {
 	return (0);
 
 mime_err:
-if (v_flag)
-	fprintf(stderr, "%s: wrong (or missing) MIME content type\n", pname);
-	return (1);
+	if (v_flag)
+		fprintf(stderr, "%s: wrong (or missing) MIME content type\n", pname);
 
+	return (1);
 }
 
 /* URL-encode the input and return back encoded string */