Originaly from Renaud Allard following input from benno, tweaked by me.
OK benno
-/* $Id: extern.h,v 1.13 2019/06/12 11:09:25 gilles Exp $ */
+/* $Id: extern.h,v 1.14 2019/06/14 19:55:08 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
int, int, const char *const *, size_t);
int fileproc(int, const char *, const char *, const char *,
const char *);
-int keyproc(int, const char *, const char **, size_t);
+int keyproc(int, const char *, const char **, size_t,
+ enum keytype);
int netproc(int, int, int, int, int, int, int,
struct authority_c *, const char *const *,
size_t);
*/
int verbose;
-/*
- * Should we switch to ecdsa?
- */
-int ecdsa;
-
/*
* What component is the process within (COMP__MAX for none)?
*/
-/* $Id: keyproc.c,v 1.13 2019/06/12 11:09:25 gilles Exp $ */
+/* $Id: keyproc.c,v 1.14 2019/06/14 19:55:08 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
* jail and, on success, ship it to "netsock" as an X509 request.
*/
int
-keyproc(int netsock, const char *keyfile,
- const char **alts, size_t altsz)
+keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
+ enum keytype keytype)
{
char *der64 = NULL, *der = NULL, *dercp;
char *sans = NULL, *san = NULL;
}
if (newkey) {
- if (ecdsa) {
+ switch (keytype) {
+ case KT_ECDSA:
if ((pkey = ec_key_create(f, keyfile)) == NULL)
goto out;
dodbg("%s: generated ECDSA domain key", keyfile);
- } else {
+ break;
+ case KT_RSA:
if ((pkey = rsa_key_create(f, keyfile)) == NULL)
goto out;
dodbg("%s: generated RSA domain key", keyfile);
+ break;
}
} else {
if ((pkey = key_load(f, keyfile)) == NULL)
-/* $Id: main.c,v 1.48 2019/06/12 11:09:25 gilles Exp $ */
+/* $Id: main.c,v 1.49 2019/06/14 19:55:08 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
int popts = 0;
pid_t pids[COMP__MAX];
extern int verbose;
- extern int ecdsa;
extern enum comp proccomp;
size_t i, altsz, ne;
errx(EXIT_FAILURE, "authority %s not found", auth);
}
- if (domain->keytype == 1) {
- ecdsa = 1;
- }
-
acctkey = authority->account;
if ((chngdir = domain->challengedir) == NULL)
close(file_fds[0]);
close(file_fds[1]);
c = keyproc(key_fds[0], domain->key,
- (const char **)alts, altsz);
+ (const char **)alts, altsz,
+ domain->keytype);
exit(c ? EXIT_SUCCESS : EXIT_FAILURE);
}
-/* $OpenBSD: parse.h,v 1.11 2019/06/12 11:09:25 gilles Exp $ */
+/* $OpenBSD: parse.h,v 1.12 2019/06/14 19:55:08 florian Exp $ */
/*
* Copyright (c) 2016 Sebastian Benoit <benno@openbsd.org>
*
* limit all paths to PATH_MAX
*/
+enum keytype {
+ KT_RSA = 0,
+ KT_ECDSA
+};
+
struct authority_c {
TAILQ_ENTRY(authority_c) entry;
char *name;
struct domain_c {
TAILQ_ENTRY(domain_c) entry;
- TAILQ_HEAD(, altname_c) altname_list;
- int altname_count;
- int keytype;
- char *domain;
- char *key;
- char *cert;
+ TAILQ_HEAD(, altname_c) altname_list;
+ int altname_count;
+ enum keytype keytype;
+ char *domain;
+ char *key;
+ char *cert;
char *chain;
char *fullchain;
- char *auth;
- char *challengedir;
+ char *auth;
+ char *challengedir;
};
struct altname_c {
-/* $OpenBSD: parse.y,v 1.35 2019/06/12 11:09:25 gilles Exp $ */
+/* $OpenBSD: parse.y,v 1.36 2019/06/14 19:55:08 florian Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
%}
%token AUTHORITY URL API ACCOUNT
-%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR KEYTYPE
+%token DOMAIN ALTERNATIVE NAMES CERT FULL CHAIN KEY SIGN WITH CHALLENGEDIR
%token YES NO
%token INCLUDE
%token ERROR
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.string> string
+%type <v.number> keytype
%%
}
;
-keytype : RSA {
- domain->keytype = 0;
- }
- | ECDSA {
- domain->keytype = 1;
- }
- | /* nothing */
+keytype : RSA { $$ = KT_RSA; }
+ | ECDSA { $$ = KT_ECDSA; }
+ | { $$ = KT_RSA; }
;
domainopts_l : domainopts_l domainoptsl nl
YYERROR;
}
domain->key = s;
+ domain->keytype = $4;
}
| DOMAIN CERT STRING {
char *s;
projects / openbsd / commitdiff