Change the PEM function implementation to use a common set of macros: this

should make modifying them easier.

Fix the selfsign demo: it was rather ancient and used deleted functions.

CHANGES

@@ -5,6 +5,16 @@
 
  Changes between 0.9.3a and 0.9.4
 
+  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+     to use the new extension code.
+     [Steve Henson]
+
+  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+     with macros. This should make it easier to change their form, add extra
+     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+     constant.
+     [Steve Henson]
+
   *) Add to configuration table a new entry that can specify an alternative
      name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
      according to Mark Crispin <MRC@Panda.COM>.

crypto/pem/pem.h

@@ -182,6 +182,84 @@ typedef struct pem_ctx_st
 	unsigned char *data;
 	} PEM_CTX;
 
+/* These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either:
+ * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ */
+
+#ifdef NO_FP_API
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+
+#else
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb)\
+{ \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,cb)); \
+} \
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
+							 NULL,NULL,0,NULL)); \
+} 
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb) \
+	{ \
+	return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
+		(char *)x,enc,kstr,klen,cb)); \
+	}
+
+#endif
+
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb)\
+{ \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
+							(char **)x,cb)); \
+}
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
+							 NULL,NULL,0,NULL)); \
+}
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb) \
+	{ \
+	return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
+		(char *)x,enc,kstr,klen,cb)); \
+	}
+
+#define IMPLEMENT_PEM_write(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write(name, type, str, asn1)
+
+#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
 #ifdef SSLEAY_MACROS
 
 #define PEM_write_SSL_SESSION(fp,x) \
@@ -410,7 +488,7 @@ int PEM_write_X509(FILE *fp,X509 *x);
 int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
 int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
 #ifndef NO_RSA
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
+int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,const EVP_CIPHER *enc,unsigned char *kstr,
         int klen, pem_password_cb *);
 int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
 #endif
@@ -419,7 +497,7 @@ int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,const EVP_CIPHER *enc,
 			    unsigned char *kstr,
         int klen, pem_password_cb *);
 #endif
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
+int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
 	unsigned char *kstr,int klen, pem_password_cb *);
 int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
 #ifndef NO_DH
@@ -468,7 +546,7 @@ int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
 int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,const EVP_CIPHER *enc,
         unsigned char *kstr,int klen, pem_password_cb *);
 #endif
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
+int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
         unsigned char *kstr,int klen, pem_password_cb *);
 int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
 #ifndef NO_DH

crypto/pem/pem_all.c

@@ -65,405 +65,42 @@
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 
-#ifndef NO_FP_API
-/* The X509 functions */
-X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb)
-	{
-	return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509,
-		PEM_STRING_X509,fp,(char **)x,cb));
-	}
-#endif
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
 
-X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb)
-	{
-	return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509,
-		PEM_STRING_X509,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 
-#ifndef NO_FP_API
-int PEM_write_X509(FILE *fp, X509 *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
 
-int PEM_write_bio_X509(BIO *bp, X509 *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
 
-#ifndef NO_FP_API
-/* The X509_REQ functions */
-X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, pem_password_cb *cb)
-	{
-	return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ,
-		PEM_STRING_X509_REQ,fp,(char **)x,cb));
-	}
-#endif
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
 
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, pem_password_cb *cb)
-	{
-	return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ,
-		PEM_STRING_X509_REQ,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_X509_REQ(FILE *fp, X509_REQ *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-
-#ifndef NO_FP_API
-/* The X509_CRL functions */
-X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, pem_password_cb *cb)
-	{
-	return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL,
-		PEM_STRING_X509_CRL,fp,(char **)x,cb));
-	}
-#endif
-
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, pem_password_cb *cb)
-	{
-	return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL,
-		PEM_STRING_X509_CRL,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_X509_CRL(FILE *fp, X509_CRL *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+							 PKCS8_PRIV_KEY_INFO)
 
 #ifndef NO_RSA
-#ifndef NO_FP_API
-/* The RSAPrivateKey functions */
-RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, pem_password_cb *cb)
-	{
-	return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey,
-		PEM_STRING_RSA,fp,(char **)x,cb));
-	}
 
-RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, pem_password_cb *cb)
-	{
-	return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
+
 #endif
 
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, pem_password_cb *cb)
-	{
-	return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey,
-		PEM_STRING_RSA,bp,(char **)x,cb));
-	}
-
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, pem_password_cb *cb)
-	{
-	return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,
-		(char *)x,enc,kstr,klen,cb));
-	}
-
-int PEM_write_RSAPublicKey(FILE *fp, RSA *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,fp,
-		(char *)x,NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
-
-int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,
-		bp,(char *)x,NULL,NULL,0,NULL));
-	}
-#endif /* !NO_RSA */
-
 #ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAPrivateKey functions */
-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, pem_password_cb *cb)
-	{
-	return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey,
-		PEM_STRING_DSA,fp,(char **)x,cb));
-	}
+
+IMPLEMENT_PEM_rw_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+
 #endif
 
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, pem_password_cb *cb)
-	{
-	return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey,
-		PEM_STRING_DSA,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,
-		(char *)x,enc,kstr,klen,cb));
-	}
-#endif
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
-#endif
-
-#ifndef NO_FP_API
-/* The PrivateKey functions */
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb)
-	{
-	return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey,
-		PEM_STRING_EVP_PKEY,fp,(char **)x,cb));
-	}
-#endif
-
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb)
-	{
-	return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey,
-		PEM_STRING_EVP_PKEY,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_PrivateKey,
-		((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-		fp,(char *)x,enc,kstr,klen,cb));
-	}
-#endif
-
-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
-		((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
-
-#ifndef NO_FP_API
-/* The PKCS7 functions */
-PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb)
-	{
-	return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7,
-		PEM_STRING_PKCS7,fp,(char **)x,cb));
-	}
-#endif
-
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb)
-	{
-	return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7,
-		PEM_STRING_PKCS7,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_PKCS7(FILE *fp, PKCS7 *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-
 #ifndef NO_DH
-#ifndef NO_FP_API
-/* The DHparams functions */
-DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb)
-	{
-	return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams,
-		PEM_STRING_DHPARAMS,fp,(char **)x,cb));
-	}
+
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+
 #endif
 
-DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb)
-	{
-	return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams,
-		PEM_STRING_DHPARAMS,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
 
-#ifndef NO_FP_API
-int PEM_write_DHparams(FILE *fp, DH *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_DHparams(BIO *bp, DH *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-#ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAparams functions */
-DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb)
-	{
-	return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams,
-		PEM_STRING_DSAPARAMS,fp,(char **)x,cb));
-	}
-#endif
-
-DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb)
-	{
-	return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams,
-		PEM_STRING_DSAPARAMS,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_DSAparams(FILE *fp, DSA *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_DSAparams(BIO *bp, DSA *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-/* The Netscape Certificate sequence functions */
-
-#ifndef NO_FP_API
-NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,
-	     NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *cb)
-	{
-	return((NETSCAPE_CERT_SEQUENCE *)
-		PEM_ASN1_read((char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,
-		PEM_STRING_X509,fp,(char **)x,cb));
-	}
-#endif
-
-NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,
-	     NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *cb)
-	{
-	return((NETSCAPE_CERT_SEQUENCE *)
-		PEM_ASN1_read_bio((char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,
-		PEM_STRING_X509,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE,
-		PEM_STRING_X509,fp, (char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE,
-		PEM_STRING_X509,bp, (char *)x, NULL,NULL,0,NULL));
-	}
-
-
-/* The PKCS8 functions */
-
-#ifndef NO_FP_API
-X509_SIG *PEM_read_PKCS8(FILE *fp,
-	     X509_SIG **x, pem_password_cb *cb)
-	{
-	return((X509_SIG *) PEM_ASN1_read((char *(*)())d2i_X509_SIG,
-		PEM_STRING_PKCS8,fp,(char **)x,cb));
-	}
-#endif
-
-X509_SIG *PEM_read_bio_PKCS8(BIO *bp,
-	     X509_SIG **x, pem_password_cb *cb)
-	{
-	return((X509_SIG *)
-		PEM_ASN1_read_bio((char *(*)())d2i_X509_SIG,
-		PEM_STRING_PKCS8,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_PKCS8(FILE *fp, X509_SIG *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509_SIG,
-		PEM_STRING_PKCS8,fp, (char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_PKCS8(BIO *bp, X509_SIG *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509_SIG,
-		PEM_STRING_PKCS8,bp, (char *)x, NULL,NULL,0,NULL));
-	}
-
-#ifndef NO_FP_API
-PKCS8_PRIV_KEY_INFO *PEM_read_PKCS8_PRIV_KEY_INFO(FILE *fp,
-	     PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb)
-	{
-	return((PKCS8_PRIV_KEY_INFO *)
-		PEM_ASN1_read((char *(*)())d2i_PKCS8_PRIV_KEY_INFO,
-		PEM_STRING_PKCS8INF,fp,(char **)x,cb));
-	}
-#endif
-
-PKCS8_PRIV_KEY_INFO *PEM_read_bio_PKCS8_PRIV_KEY_INFO(BIO *bp,
-	     PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb)
-	{
-	return((PKCS8_PRIV_KEY_INFO *)
-		PEM_ASN1_read_bio((char *(*)())d2i_PKCS8_PRIV_KEY_INFO,
-		PEM_STRING_PKCS8INF,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_PKCS8_PRIV_KEY_INFO(FILE *fp, PKCS8_PRIV_KEY_INFO *x)
-	{
-	return(PEM_ASN1_write((int (*)())i2d_PKCS8_PRIV_KEY_INFO,
-		PEM_STRING_PKCS8INF,fp, (char *)x, NULL,NULL,0,NULL));
-	}
-#endif
-
-int PEM_write_bio_PKCS8_PRIV_KEY_INFO(BIO *bp, PKCS8_PRIV_KEY_INFO *x)
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_PKCS8_PRIV_KEY_INFO,
-		PEM_STRING_PKCS8INF,bp, (char *)x, NULL,NULL,0,NULL));
-	}

demos/selfsign.c

@@ -4,13 +4,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include <openssl/buffer.h>
-#include <openssl/crypto.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
 #include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
 
 int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
 
@@ -22,7 +18,7 @@ int main()
 
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-	X509v3_add_netscape_extensions();
+	X509V3_add_standard_extensions();
 
 	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 		BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
@@ -39,7 +35,7 @@ int main()
 	EVP_PKEY_free(pkey);
 	BIO_free(bio_err);
 
-	X509_cleanup_extensions();
+	X509V3_EXT_cleanup();
 
 	CRYPTO_mem_leaks(bio_err);
 	return(0);
@@ -53,9 +49,10 @@ int main()
 #  define MS_FAR
 #endif
 
-static void MS_CALLBACK callback(p, n)
+static void MS_CALLBACK callback(p, n, arg)
 int p;
 int n;
+void *arg;
 	{
 	char c='B';
 
@@ -76,11 +73,9 @@ int days;
 	X509 *x;
 	EVP_PKEY *pk;
 	RSA *rsa;
-	char *s;
 	X509_NAME *name=NULL;
 	X509_NAME_ENTRY *ne=NULL;
 	X509_EXTENSION *ex=NULL;
-	ASN1_OCTET_STRING *data=NULL;
 
 	
 	if ((pkeyp == NULL) || (*pkeyp == NULL))
@@ -135,24 +130,33 @@ int days;
 	/* finished with structure */
 	X509_NAME_free(name);
 
-	data=X509v3_pack_string(NULL,V_ASN1_BIT_STRING,
-		"\001",1);
-	ex=X509_EXTENSION_create_by_NID(NULL,NID_netscape_cert_type,0,data);
+	/* Add extension using V3 code: we can set the config file as NULL
+	 * because we wont reference any other sections. We can also set
+         * the context to NULL because none of these extensions below will need
+	 * to access it.
+	 */
+
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
 	X509_add_ext(x,ex,-1);
 
-	X509v3_pack_string(&data,V_ASN1_IA5STRING,
-		"example comment extension",-1);
-	X509_EXTENSION_create_by_NID(&ex,NID_netscape_comment,0,data);
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
+						"example comment extension");
 	X509_add_ext(x,ex,-1);
 
-	X509v3_pack_string(&data,V_ASN1_BIT_STRING,
-		"www.cryptsoft.com",-1);
-	X509_EXTENSION_create_by_NID(&ex,NID_netscape_ssl_server_name,0,data);
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
+							"www.openssl.org");
+
 	X509_add_ext(x,ex,-1);
+
+#if 0
+	/* might want something like this too.... */
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
+							"critical,CA:TRUE");
+
+
+	X509_add_ext(x,ex,-1);
+#endif
 	
-	X509_EXTENSION_free(ex);
-	ASN1_OCTET_STRING_free(data);
-
 	if (!X509_sign(x,pk,EVP_md5()))
 		goto err;
 
@@ -162,7 +166,3 @@ int days;
 err:
 	return(0);
 	}
-			 
-
-
-