Get Heimdal to completely build

2024-11-27 06:00:33 +00:00 · 2017-04-23 19:01:29 -07:00 · 2017-04-23 19:01:29 -07:00 · 41bba3ab7b
commit 41bba3ab7b
parent 18bd8af51f
12 changed files with 7923 additions and 3 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -2,6 +2,7 @@ project(Heimdal)

 add_compile_options(
 	-nostdinc
+	-includeconfig.h
 )

 add_definitions(
@ -11,7 +12,6 @@ add_definitions(

 include_directories(BEFORE
 	${CMAKE_CURRENT_SOURCE_DIR}/include
-	${CMAKE_CURRENT_SOURCE_DIR}/packages/mac/SnowLeopard10A
 	${CMAKE_CURRENT_SOURCE_DIR}/base
 	${CMAKE_CURRENT_SOURCE_DIR}/lib/roken
 	${CMAKE_CURRENT_SOURCE_DIR}/lib/asn1
@ -23,10 +23,18 @@ include_directories(BEFORE
 	${CMAKE_CURRENT_SOURCE_DIR}/lib/gssapi/cf
 	${CMAKE_CURRENT_SOURCE_DIR}/lib/hx509
 	${CMAKE_CURRENT_SOURCE_DIR}/lib/ipc
+	${CMAKE_CURRENT_SOURCE_DIR}/lib/hcrypto
 	${CMAKE_CURRENT_SOURCE_DIR}/lib/wind
+	${CMAKE_CURRENT_SOURCE_DIR}/lib/hx509/ref
 	${CMAKE_CURRENT_SOURCE_DIR}/gen/include
+	${CMAKE_CURRENT_BINARY_DIR}/lib/ipc
+	${CMAKE_SOURCE_DIR}/src/launchd/liblaunch
+	${CMAKE_CURRENT_SOURCE_DIR}/packages/mac/SnowLeopard10A
 )

+mig(lib/ipc/heim_ipc.defs)
+mig(lib/ipc/heim_ipc_async.defs)
+
 set(DYLIB_COMPAT_VERSION "1.0.0")
 set(DYLIB_CURRENT_VERSION "1.0.0")

@ -265,6 +273,82 @@ add_library(heim_error-tables OBJECT
 )
 make_fat(heim_error-tables)

+add_library(heim_hx509 OBJECT
+	lib/hx509/ca.c
+	lib/hx509/cert.c
+	lib/hx509/cms.c
+	lib/hx509/collector.c
+	lib/hx509/crypto.c
+	lib/hx509/doxygen.c
+	lib/hx509/env.c
+	lib/hx509/error.c
+	lib/hx509/file.c
+	lib/hx509/keyset.c
+	lib/hx509/ks_dir.c
+	lib/hx509/ks_file.c
+	lib/hx509/ks_keychain.c
+	lib/hx509/ks_mem.c
+	lib/hx509/ks_null.c
+	lib/hx509/ks_p11.c
+	lib/hx509/ks_p12.c
+	lib/hx509/lock.c
+	lib/hx509/name.c
+	lib/hx509/peer.c
+	lib/hx509/print.c
+	lib/hx509/req.c
+	lib/hx509/revoke.c
+)
+make_fat(heim_hx509)
+
+add_library(heim_ipc-client OBJECT
+	lib/ipc/client.c
+	${CMAKE_CURRENT_BINARY_DIR}/lib/ipc/heim_ipcUser.c
+	lib/ipc/common.c
+	${CMAKE_CURRENT_BINARY_DIR}/lib/ipc/heim_ipc_asyncServer.c
+)
+make_fat(heim_ipc-client)
+
+add_library(heim_hcrypto OBJECT
+	lib/hcrypto/bn.c
+	lib/hcrypto/dh.c
+	lib/hcrypto/evp.c
+	lib/hcrypto/rsa.c
+	lib/hcrypto/ui.c
+	lib/hcrypto/engine.c
+	lib/hcrypto/rsa-sf.c
+	lib/hcrypto/pkcs5.c
+	lib/hcrypto/pkcs12.c
+	lib/hcrypto/evp-cc.c
+	lib/hcrypto/dh-cdsa.c
+	lib/hcrypto/rsa-cdsa.c
+	lib/hcrypto/common.c
+	lib/hcrypto/dh-sf.c
+	lib/hcrypto/validate.c
+)
+make_fat(heim_hcrypto)
+
+add_library(heim_heimbase OBJECT
+	base/abort.c
+	base/log.c
+	base/cf.c
+	base/json.c
+
+	# These files aren't included in the build in Xcode
+	# but they contain functions needed by code in the project,
+	# so we will build them anyway
+	base/bool.c
+	base/null.c
+)
+make_fat(heim_heimbase)
+
+add_library(heim_asn1-hx509 OBJECT
+	gen/asn1_cms_asn1.c
+	gen/asn1_ocsp_asn1.c
+	gen/asn1_pkcs10_asn1.c
+	gen/asn1_rfc2459_asn1.c
+)
+make_fat(heim_asn1-hx509)
+
 # Same version as above
 add_framework(Heimdal
 	FAT
@ -281,6 +365,11 @@ add_framework(Heimdal
 		$<TARGET_OBJECTS:heim_roken>
 		$<TARGET_OBJECTS:heim_vers>
 		$<TARGET_OBJECTS:heim_error-tables>
+		$<TARGET_OBJECTS:heim_hx509>
+		$<TARGET_OBJECTS:heim_ipc-client>
+		$<TARGET_OBJECTS:heim_hcrypto>
+		$<TARGET_OBJECTS:heim_heimbase>
+		$<TARGET_OBJECTS:heim_asn1-hx509>

 	base/test_base.c
 	gen/sym_hcrypto.c
--- a/gen/asn1_cms_asn1.c
+++ b/gen/asn1_cms_asn1.c
--- a/gen/asn1_ocsp_asn1.c
+++ b/gen/asn1_ocsp_asn1.c
--- a/gen/asn1_pkcs10_asn1.c
+++ b/gen/asn1_pkcs10_asn1.c
@ -0,0 +1,185 @@
+/* Generated from /Users/andyhyatt/Downloads/Heimdal-498.50.8/lib/hx509/pkcs10.asn1 */
+/* Do not edit */
+
+#define  ASN1_LIB
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <errno.h>
+#include <limits.h>
+#include <krb5-types.h>
+#include "pkcs10_asn1.h"
+#include "pkcs10_asn1-priv.h"
+#include <asn1_err.h>
+#include <der.h>
+#include <asn1-template.h>
+
+#include <parse_units.h>
+
+static const struct asn1_type_func asn1_extern_Name = {
+	(asn1_type_encode)encode_Name,
+	(asn1_type_decode)decode_Name,
+	(asn1_type_length)length_Name,
+	(asn1_type_copy)copy_Name,
+	(asn1_type_release)free_Name,
+	sizeof(Name)
+};
+static const struct asn1_type_func asn1_extern_SubjectPublicKeyInfo = {
+	(asn1_type_encode)encode_SubjectPublicKeyInfo,
+	(asn1_type_decode)decode_SubjectPublicKeyInfo,
+	(asn1_type_length)length_SubjectPublicKeyInfo,
+	(asn1_type_copy)copy_SubjectPublicKeyInfo,
+	(asn1_type_release)free_SubjectPublicKeyInfo,
+	sizeof(SubjectPublicKeyInfo)
+};
+static const struct asn1_type_func asn1_extern_Attribute = {
+	(asn1_type_encode)encode_Attribute,
+	(asn1_type_decode)decode_Attribute,
+	(asn1_type_length)length_Attribute,
+	(asn1_type_copy)copy_Attribute,
+	(asn1_type_release)free_Attribute,
+	sizeof(Attribute)
+};
+static const struct asn1_type_func asn1_extern_AlgorithmIdentifier = {
+	(asn1_type_encode)encode_AlgorithmIdentifier,
+	(asn1_type_decode)decode_AlgorithmIdentifier,
+	(asn1_type_length)length_AlgorithmIdentifier,
+	(asn1_type_copy)copy_AlgorithmIdentifier,
+	(asn1_type_release)free_AlgorithmIdentifier,
+	sizeof(AlgorithmIdentifier)
+};
+extern const struct asn1_template asn1_CertificationRequestInfo[];
+/* template_members: CertificationRequestInfo exp exp */
+extern const struct asn1_template asn1_CertificationRequestInfo_tag__0[];
+/* tsequence: members isstruct: 1 */
+/* template_members: CertificationRequestInfo exp exp */
+extern const struct asn1_template asn1_CertificationRequestInfo_tag_version_1[];
+/* generate_template_type: CertificationRequestInfo_tag_version_1 */
+const struct asn1_template asn1_CertificationRequestInfo_tag_version_1[] = {
+/* 0 */ { 0, sizeof(int), ((void *)1) },
+/* 1 */ { A1_PARSE_T(A1T_IMEMBER), 0, NULL }
+};
+/* template_members: CertificationRequestInfo exp imp */
+/* template_members: imp skip tag */
+extern const struct asn1_template asn1_CertificationRequestInfo_tag_attributes_2[];
+extern const struct asn1_template asn1_CertificationRequestInfo_attributes_0[];
+/* generate_template_type: CertificationRequestInfo_attributes_0 */
+const struct asn1_template asn1_CertificationRequestInfo_attributes_0[] = {
+/* 0 */ { 0, sizeof(Attribute), ((void *)1) },
+/* 1 */ { A1_OP_TYPE_EXTERN , 0, &asn1_extern_Attribute}
+};
+/* generate_template_type: CertificationRequestInfo_tag_attributes_2 */
+const struct asn1_template asn1_CertificationRequestInfo_tag_attributes_2[] = {
+/* 0 */ { 0, sizeof(struct CertificationRequestInfo), ((void *)1) },
+/* 1 */ { A1_OP_SETOF, 0, asn1_CertificationRequestInfo_attributes_0 }
+};
+/* generate_template_type: CertificationRequestInfo_tag__0 */
+const struct asn1_template asn1_CertificationRequestInfo_tag__0[] = {
+/* 0 */ { 0, sizeof(struct CertificationRequestInfo), ((void *)4) },
+/* 1 */ { A1_TAG_T(ASN1_C_UNIV,PRIM,UT_Integer), offsetof(struct CertificationRequestInfo, version), asn1_CertificationRequestInfo_tag_version_1 },
+/* 2 */ { A1_OP_TYPE_EXTERN , offsetof(struct CertificationRequestInfo, subject), &asn1_extern_Name},
+/* 3 */ { A1_OP_TYPE_EXTERN , offsetof(struct CertificationRequestInfo, subjectPKInfo), &asn1_extern_SubjectPublicKeyInfo},
+/* 4 */ { A1_TAG_T(ASN1_C_CONTEXT,CONS,0)|A1_FLAG_OPTIONAL|A1_FLAG_IMPLICIT, offsetof(struct CertificationRequestInfo, attributes), asn1_CertificationRequestInfo_tag_attributes_2 }
+};
+/* generate_template_type: CertificationRequestInfo */
+const struct asn1_template asn1_CertificationRequestInfo[] = {
+/* 0 */ { 0|A1_HF_PRESERVE, sizeof(CertificationRequestInfo), ((void *)1) },
+/* 1 */ { A1_TAG_T(ASN1_C_UNIV,CONS,UT_Sequence), 0, asn1_CertificationRequestInfo_tag__0 }
+};
+
+int
+decode_CertificationRequestInfo(const unsigned char *p, size_t len, CertificationRequestInfo *data, size_t *size)
+{
+    return _asn1_decode_top(asn1_CertificationRequestInfo, 0|0, p, len, data, size);
+}
+
+
+int
+encode_CertificationRequestInfo(unsigned char *p, size_t len, const CertificationRequestInfo *data, size_t *size)
+{
+    int ret = _asn1_encode(asn1_CertificationRequestInfo, p, len, data, size);
+    return ret;
+}
+
+
+size_t
+length_CertificationRequestInfo(const CertificationRequestInfo *data)
+{
+    return _asn1_length(asn1_CertificationRequestInfo, data);
+}
+
+
+void
+free_CertificationRequestInfo(CertificationRequestInfo *data)
+{
+    _asn1_free_top(asn1_CertificationRequestInfo, data);
+}
+
+
+int
+copy_CertificationRequestInfo(const CertificationRequestInfo *from, CertificationRequestInfo *to)
+{
+    return _asn1_copy_top(asn1_CertificationRequestInfo, from, to);
+}
+
+extern const struct asn1_template asn1_CertificationRequest[];
+/* template_members: CertificationRequest exp exp */
+extern const struct asn1_template asn1_CertificationRequest_tag__3[];
+/* tsequence: members isstruct: 1 */
+/* template_members: CertificationRequest exp exp */
+extern const struct asn1_template asn1_CertificationRequest_tag_signature_4[];
+/* generate_template_type: CertificationRequest_tag_signature_4 */
+const struct asn1_template asn1_CertificationRequest_tag_signature_4[] = {
+/* 0 */ { 0, sizeof(CertificationRequest), ((void *)1) },
+/* 1 */ { A1_PARSE_T(A1T_HEIM_BIT_STRING), 0, NULL }
+};
+/* generate_template_type: CertificationRequest_tag__3 */
+const struct asn1_template asn1_CertificationRequest_tag__3[] = {
+/* 0 */ { 0, sizeof(struct CertificationRequest), ((void *)3) },
+/* 1 */ { A1_OP_TYPE , offsetof(struct CertificationRequest, certificationRequestInfo), asn1_CertificationRequestInfo },
+/* 2 */ { A1_OP_TYPE_EXTERN , offsetof(struct CertificationRequest, signatureAlgorithm), &asn1_extern_AlgorithmIdentifier},
+/* 3 */ { A1_TAG_T(ASN1_C_UNIV,PRIM,UT_BitString), offsetof(struct CertificationRequest, signature), asn1_CertificationRequest_tag_signature_4 }
+};
+/* generate_template_type: CertificationRequest */
+const struct asn1_template asn1_CertificationRequest[] = {
+/* 0 */ { 0, sizeof(CertificationRequest), ((void *)1) },
+/* 1 */ { A1_TAG_T(ASN1_C_UNIV,CONS,UT_Sequence), 0, asn1_CertificationRequest_tag__3 }
+};
+
+int
+decode_CertificationRequest(const unsigned char *p, size_t len, CertificationRequest *data, size_t *size)
+{
+    return _asn1_decode_top(asn1_CertificationRequest, 0|0, p, len, data, size);
+}
+
+
+int
+encode_CertificationRequest(unsigned char *p, size_t len, const CertificationRequest *data, size_t *size)
+{
+    int ret = _asn1_encode(asn1_CertificationRequest, p, len, data, size);
+    return ret;
+}
+
+
+size_t
+length_CertificationRequest(const CertificationRequest *data)
+{
+    return _asn1_length(asn1_CertificationRequest, data);
+}
+
+
+void
+free_CertificationRequest(CertificationRequest *data)
+{
+    _asn1_free_top(asn1_CertificationRequest, data);
+}
+
+
+int
+copy_CertificationRequest(const CertificationRequest *from, CertificationRequest *to)
+{
+    return _asn1_copy_top(asn1_CertificationRequest, from, to);
+}
+
--- a/gen/asn1_rfc2459_asn1.c
+++ b/gen/asn1_rfc2459_asn1.c
--- a/gen/include/cms_asn1-priv.h
+++ b/gen/include/cms_asn1-priv.h
--- a/gen/include/ocsp_asn1-priv.h
+++ b/gen/include/ocsp_asn1-priv.h
--- a/gen/include/ocsp_asn1.h
+++ b/gen/include/ocsp_asn1.h
@ -0,0 +1,477 @@
+/* Generated from /Users/andyhyatt/Downloads/Heimdal-498.50.8/lib/hx509/ocsp.asn1 */
+/* Do not edit */
+
+#ifndef __ocsp_asn1_h__
+#define __ocsp_asn1_h__
+
+#include <stddef.h>
+#include <time.h>
+
+#ifndef __asn1_common_definitions__
+#define __asn1_common_definitions__
+
+#ifndef __HEIM_BASE_DATA__
+#define __HEIM_BASE_DATA__ 1
+struct heim_base_data {
+    size_t length;
+    void *data;
+};
+#endif
+
+typedef struct heim_integer {
+  size_t length;
+  void *data;
+  int negative;
+} heim_integer;
+
+typedef struct heim_base_data heim_octet_string;
+
+typedef char *heim_general_string;
+
+typedef char *heim_utf8_string;
+
+typedef struct heim_base_data heim_printable_string;
+
+typedef struct heim_base_data heim_ia5_string;
+
+typedef struct heim_bmp_string {
+  size_t length;
+  uint16_t *data;
+} heim_bmp_string;
+
+typedef struct heim_universal_string {
+  size_t length;
+  uint32_t *data;
+} heim_universal_string;
+
+typedef char *heim_visible_string;
+
+typedef struct heim_oid {
+  size_t length;
+  unsigned *components;
+} heim_oid;
+
+typedef struct heim_bit_string {
+  size_t length;
+  void *data;
+} heim_bit_string;
+
+typedef struct heim_base_data heim_any;
+typedef struct heim_base_data heim_any_set;
+
+#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \
+  do {                                                         \
+    (BL) = length_##T((S));                                    \
+    (B) = malloc((BL));                                        \
+    if((B) == NULL) {                                          \
+      (R) = ENOMEM;                                            \
+    } else {                                                   \
+      (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \
+                       (S), (L));                              \
+      if((R) != 0) {                                           \
+        free((B));                                             \
+        (B) = NULL;                                            \
+      }                                                        \
+    }                                                          \
+  } while (0)
+
+#define ASN1_ENCODE_CFMutableData(_TYPE, _CFDATA, S, R)        \
+  do {                                                         \
+    size_t __length##_TYPE;			                  \
+    size_t __size##_TYPE = length_##_TYPE((S));                \
+    (_CFDATA) = CFDataCreateMutable(NULL, (__size##_TYPE));    \
+    if((_CFDATA) == NULL) {                                    \
+      (R) = ENOMEM;                                            \
+    } else {                                                   \
+      CFDataSetLength((_CFDATA), (__size##_TYPE));             \
+      (R) = encode_##_TYPE(((unsigned char*)(CFDataGetMutableBytePtr((_CFDATA)))) + (__size##_TYPE) - 1, (__size##_TYPE), \
+                       (S), &(__length##_TYPE));               \
+      if((R) != 0) {                                           \
+        CFRelease((_CFDATA));                                  \
+        (_CFDATA) = NULL;                                      \
+      }                                                        \
+      if((__size##_TYPE) != (__length##_TYPE)) {               \
+        asn1_abort("internal asn1 error");                   \
+      }                                                        \
+    }                                                          \
+  } while (0)
+
+#ifdef _WIN32
+#ifndef ASN1_LIB
+#define ASN1EXP  __declspec(dllimport)
+#else
+#define ASN1EXP
+#endif
+#define ASN1CALL __stdcall
+#else
+#define ASN1EXP
+#define ASN1CALL
+#endif
+struct units;
+
+#endif
+
+#include <rfc2459_asn1.h>
+/*
+OCSPVersion ::= INTEGER {
+  ocsp_v1(0)
+}
+*/
+
+typedef enum OCSPVersion {
+  ocsp_v1 = 0
+} OCSPVersion;
+
+ASN1EXP int    ASN1CALL decode_OCSPVersion(const unsigned char *, size_t, OCSPVersion *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPVersion(unsigned char *, size_t, const OCSPVersion *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPVersion(const OCSPVersion *);
+ASN1EXP int    ASN1CALL copy_OCSPVersion  (const OCSPVersion *, OCSPVersion *);
+ASN1EXP void   ASN1CALL free_OCSPVersion  (OCSPVersion *);
+
+
+/*
+OCSPCertStatus ::= CHOICE {
+  good            [0] IMPLICIT   NULL,
+  revoked         [1] IMPLICIT SEQUENCE {
+    revocationTime     GeneralizedTime,
+    revocationReason   [0] CRLReason OPTIONAL,
+  },
+  unknown         [2] IMPLICIT   NULL,
+}
+*/
+
+typedef struct OCSPCertStatus {
+  enum OCSPCertStatus_enum {
+invalid_choice_OCSPCertStatus = 0,
+    choice_OCSPCertStatus_good = 1,
+    choice_OCSPCertStatus_revoked,
+    choice_OCSPCertStatus_unknown
+  } element;
+  union {
+    int good;
+    struct OCSPCertStatus_revoked {
+      time_t revocationTime;
+      CRLReason *revocationReason;
+    } revoked;
+    int unknown;
+  } u;
+} OCSPCertStatus;
+
+ASN1EXP int    ASN1CALL decode_OCSPCertStatus(const unsigned char *, size_t, OCSPCertStatus *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPCertStatus(unsigned char *, size_t, const OCSPCertStatus *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPCertStatus(const OCSPCertStatus *);
+ASN1EXP int    ASN1CALL copy_OCSPCertStatus  (const OCSPCertStatus *, OCSPCertStatus *);
+ASN1EXP void   ASN1CALL free_OCSPCertStatus  (OCSPCertStatus *);
+
+
+/*
+OCSPCertID ::= SEQUENCE {
+  hashAlgorithm    AlgorithmIdentifier,
+  issuerNameHash   OCTET STRING,
+  issuerKeyHash    OCTET STRING,
+  serialNumber     CertificateSerialNumber,
+}
+*/
+
+typedef struct OCSPCertID {
+  AlgorithmIdentifier hashAlgorithm;
+  heim_octet_string issuerNameHash;
+  heim_octet_string issuerKeyHash;
+  CertificateSerialNumber serialNumber;
+} OCSPCertID;
+
+ASN1EXP int    ASN1CALL decode_OCSPCertID(const unsigned char *, size_t, OCSPCertID *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPCertID(unsigned char *, size_t, const OCSPCertID *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPCertID(const OCSPCertID *);
+ASN1EXP int    ASN1CALL copy_OCSPCertID  (const OCSPCertID *, OCSPCertID *);
+ASN1EXP void   ASN1CALL free_OCSPCertID  (OCSPCertID *);
+
+
+/*
+OCSPSingleResponse ::= SEQUENCE {
+  certID             OCSPCertID,
+  certStatus         OCSPCertStatus,
+  thisUpdate         GeneralizedTime,
+  nextUpdate         [0] GeneralizedTime OPTIONAL,
+  singleExtensions   [1] Extensions OPTIONAL,
+}
+*/
+
+typedef struct OCSPSingleResponse {
+  OCSPCertID certID;
+  OCSPCertStatus certStatus;
+  time_t thisUpdate;
+  time_t *nextUpdate;
+  Extensions *singleExtensions;
+} OCSPSingleResponse;
+
+ASN1EXP int    ASN1CALL decode_OCSPSingleResponse(const unsigned char *, size_t, OCSPSingleResponse *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPSingleResponse(unsigned char *, size_t, const OCSPSingleResponse *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPSingleResponse(const OCSPSingleResponse *);
+ASN1EXP int    ASN1CALL copy_OCSPSingleResponse  (const OCSPSingleResponse *, OCSPSingleResponse *);
+ASN1EXP void   ASN1CALL free_OCSPSingleResponse  (OCSPSingleResponse *);
+
+
+/*
+OCSPInnerRequest ::= SEQUENCE {
+  reqCert                   OCSPCertID,
+  singleRequestExtensions   [0] Extensions OPTIONAL,
+}
+*/
+
+typedef struct OCSPInnerRequest {
+  OCSPCertID reqCert;
+  Extensions *singleRequestExtensions;
+} OCSPInnerRequest;
+
+ASN1EXP int    ASN1CALL decode_OCSPInnerRequest(const unsigned char *, size_t, OCSPInnerRequest *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPInnerRequest(unsigned char *, size_t, const OCSPInnerRequest *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPInnerRequest(const OCSPInnerRequest *);
+ASN1EXP int    ASN1CALL copy_OCSPInnerRequest  (const OCSPInnerRequest *, OCSPInnerRequest *);
+ASN1EXP void   ASN1CALL free_OCSPInnerRequest  (OCSPInnerRequest *);
+
+
+/*
+OCSPTBSRequest ::= SEQUENCE {
+  version             [0] OCSPVersion OPTIONAL,
+  requestorName       [1] GeneralName OPTIONAL,
+  requestList         SEQUENCE OF OCSPInnerRequest,
+  requestExtensions   [2] Extensions OPTIONAL,
+}
+*/
+
+typedef struct OCSPTBSRequest {
+  heim_octet_string _save;
+  OCSPVersion *version;
+  GeneralName *requestorName;
+  struct OCSPTBSRequest_requestList {
+    unsigned int len;
+    OCSPInnerRequest *val;
+  } requestList;
+  Extensions *requestExtensions;
+} OCSPTBSRequest;
+
+ASN1EXP int    ASN1CALL decode_OCSPTBSRequest(const unsigned char *, size_t, OCSPTBSRequest *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPTBSRequest(unsigned char *, size_t, const OCSPTBSRequest *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPTBSRequest(const OCSPTBSRequest *);
+ASN1EXP int    ASN1CALL copy_OCSPTBSRequest  (const OCSPTBSRequest *, OCSPTBSRequest *);
+ASN1EXP void   ASN1CALL free_OCSPTBSRequest  (OCSPTBSRequest *);
+
+
+/*
+OCSPSignature ::= SEQUENCE {
+  signatureAlgorithm   AlgorithmIdentifier,
+  signature              BIT STRING {
+  },
+  certs                [0] SEQUENCE OF Certificate OPTIONAL,
+}
+*/
+
+typedef struct OCSPSignature {
+  AlgorithmIdentifier signatureAlgorithm;
+  heim_bit_string signature;
+  struct OCSPSignature_certs {
+    unsigned int len;
+    Certificate *val;
+  } *certs;
+} OCSPSignature;
+
+ASN1EXP int    ASN1CALL decode_OCSPSignature(const unsigned char *, size_t, OCSPSignature *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPSignature(unsigned char *, size_t, const OCSPSignature *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPSignature(const OCSPSignature *);
+ASN1EXP int    ASN1CALL copy_OCSPSignature  (const OCSPSignature *, OCSPSignature *);
+ASN1EXP void   ASN1CALL free_OCSPSignature  (OCSPSignature *);
+
+
+/*
+OCSPRequest ::= SEQUENCE {
+  tbsRequest          OCSPTBSRequest,
+  optionalSignature   [0] OCSPSignature OPTIONAL,
+}
+*/
+
+typedef struct OCSPRequest {
+  OCSPTBSRequest tbsRequest;
+  OCSPSignature *optionalSignature;
+} OCSPRequest;
+
+ASN1EXP int    ASN1CALL decode_OCSPRequest(const unsigned char *, size_t, OCSPRequest *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPRequest(unsigned char *, size_t, const OCSPRequest *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPRequest(const OCSPRequest *);
+ASN1EXP int    ASN1CALL copy_OCSPRequest  (const OCSPRequest *, OCSPRequest *);
+ASN1EXP void   ASN1CALL free_OCSPRequest  (OCSPRequest *);
+
+
+/*
+OCSPResponseBytes ::= SEQUENCE {
+  responseType      OBJECT IDENTIFIER,
+  response        OCTET STRING,
+}
+*/
+
+typedef struct OCSPResponseBytes {
+  heim_oid responseType;
+  heim_octet_string response;
+} OCSPResponseBytes;
+
+ASN1EXP int    ASN1CALL decode_OCSPResponseBytes(const unsigned char *, size_t, OCSPResponseBytes *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPResponseBytes(unsigned char *, size_t, const OCSPResponseBytes *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPResponseBytes(const OCSPResponseBytes *);
+ASN1EXP int    ASN1CALL copy_OCSPResponseBytes  (const OCSPResponseBytes *, OCSPResponseBytes *);
+ASN1EXP void   ASN1CALL free_OCSPResponseBytes  (OCSPResponseBytes *);
+
+
+/*
+OCSPResponseStatus ::= INTEGER {
+  successful(0),
+  malformedRequest(1),
+  internalError(2),
+  tryLater(3),
+  sigRequired(5),
+  unauthorized(6)
+}
+*/
+
+typedef enum OCSPResponseStatus {
+  successful = 0,
+  malformedRequest = 1,
+  internalError = 2,
+  tryLater = 3,
+  sigRequired = 5,
+  unauthorized = 6
+} OCSPResponseStatus;
+
+ASN1EXP int    ASN1CALL decode_OCSPResponseStatus(const unsigned char *, size_t, OCSPResponseStatus *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPResponseStatus(unsigned char *, size_t, const OCSPResponseStatus *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPResponseStatus(const OCSPResponseStatus *);
+ASN1EXP int    ASN1CALL copy_OCSPResponseStatus  (const OCSPResponseStatus *, OCSPResponseStatus *);
+ASN1EXP void   ASN1CALL free_OCSPResponseStatus  (OCSPResponseStatus *);
+
+
+/*
+OCSPResponse ::= SEQUENCE {
+  responseStatus   OCSPResponseStatus,
+  responseBytes    [0] OCSPResponseBytes OPTIONAL,
+}
+*/
+
+typedef struct OCSPResponse {
+  OCSPResponseStatus responseStatus;
+  OCSPResponseBytes *responseBytes;
+} OCSPResponse;
+
+ASN1EXP int    ASN1CALL decode_OCSPResponse(const unsigned char *, size_t, OCSPResponse *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPResponse(unsigned char *, size_t, const OCSPResponse *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPResponse(const OCSPResponse *);
+ASN1EXP int    ASN1CALL copy_OCSPResponse  (const OCSPResponse *, OCSPResponse *);
+ASN1EXP void   ASN1CALL free_OCSPResponse  (OCSPResponse *);
+
+
+/*
+OCSPKeyHash ::= OCTET STRING
+*/
+
+typedef heim_octet_string OCSPKeyHash;
+
+ASN1EXP int    ASN1CALL decode_OCSPKeyHash(const unsigned char *, size_t, OCSPKeyHash *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPKeyHash(unsigned char *, size_t, const OCSPKeyHash *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPKeyHash(const OCSPKeyHash *);
+ASN1EXP int    ASN1CALL copy_OCSPKeyHash  (const OCSPKeyHash *, OCSPKeyHash *);
+ASN1EXP void   ASN1CALL free_OCSPKeyHash  (OCSPKeyHash *);
+
+
+/*
+OCSPResponderID ::= CHOICE {
+  byName          [1] Name,
+  byKey           [2] OCSPKeyHash,
+}
+*/
+
+typedef struct OCSPResponderID {
+  enum OCSPResponderID_enum {
+invalid_choice_OCSPResponderID = 0,
+    choice_OCSPResponderID_byName = 1,
+    choice_OCSPResponderID_byKey
+  } element;
+  union {
+    Name byName;
+    OCSPKeyHash byKey;
+  } u;
+} OCSPResponderID;
+
+ASN1EXP int    ASN1CALL decode_OCSPResponderID(const unsigned char *, size_t, OCSPResponderID *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPResponderID(unsigned char *, size_t, const OCSPResponderID *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPResponderID(const OCSPResponderID *);
+ASN1EXP int    ASN1CALL copy_OCSPResponderID  (const OCSPResponderID *, OCSPResponderID *);
+ASN1EXP void   ASN1CALL free_OCSPResponderID  (OCSPResponderID *);
+
+
+/*
+OCSPResponseData ::= SEQUENCE {
+  version              [0] OCSPVersion OPTIONAL,
+  responderID          OCSPResponderID,
+  producedAt           GeneralizedTime,
+  responses            SEQUENCE OF OCSPSingleResponse,
+  responseExtensions   [1] Extensions OPTIONAL,
+}
+*/
+
+typedef struct OCSPResponseData {
+  heim_octet_string _save;
+  OCSPVersion *version;
+  OCSPResponderID responderID;
+  time_t producedAt;
+  struct OCSPResponseData_responses {
+    unsigned int len;
+    OCSPSingleResponse *val;
+  } responses;
+  Extensions *responseExtensions;
+} OCSPResponseData;
+
+ASN1EXP int    ASN1CALL decode_OCSPResponseData(const unsigned char *, size_t, OCSPResponseData *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPResponseData(unsigned char *, size_t, const OCSPResponseData *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPResponseData(const OCSPResponseData *);
+ASN1EXP int    ASN1CALL copy_OCSPResponseData  (const OCSPResponseData *, OCSPResponseData *);
+ASN1EXP void   ASN1CALL free_OCSPResponseData  (OCSPResponseData *);
+
+
+/*
+OCSPBasicOCSPResponse ::= SEQUENCE {
+  tbsResponseData      OCSPResponseData,
+  signatureAlgorithm   AlgorithmIdentifier,
+  signature              BIT STRING {
+  },
+  certs                [0] SEQUENCE OF Certificate OPTIONAL,
+}
+*/
+
+typedef struct OCSPBasicOCSPResponse {
+  OCSPResponseData tbsResponseData;
+  AlgorithmIdentifier signatureAlgorithm;
+  heim_bit_string signature;
+  struct OCSPBasicOCSPResponse_certs {
+    unsigned int len;
+    Certificate *val;
+  } *certs;
+} OCSPBasicOCSPResponse;
+
+ASN1EXP int    ASN1CALL decode_OCSPBasicOCSPResponse(const unsigned char *, size_t, OCSPBasicOCSPResponse *, size_t *);
+ASN1EXP int    ASN1CALL encode_OCSPBasicOCSPResponse(unsigned char *, size_t, const OCSPBasicOCSPResponse *, size_t *);
+ASN1EXP size_t ASN1CALL length_OCSPBasicOCSPResponse(const OCSPBasicOCSPResponse *);
+ASN1EXP int    ASN1CALL copy_OCSPBasicOCSPResponse  (const OCSPBasicOCSPResponse *, OCSPBasicOCSPResponse *);
+ASN1EXP void   ASN1CALL free_OCSPBasicOCSPResponse  (OCSPBasicOCSPResponse *);
+
+
+/* OBJECT IDENTIFIER id-pkix-ocsp ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkix-ad(48) label-less(1) } */
+extern ASN1EXP const heim_oid asn1_oid_id_pkix_ocsp;
+#define ASN1_OID_ID_PKIX_OCSP (&asn1_oid_id_pkix_ocsp)
+
+/* OBJECT IDENTIFIER id-pkix-ocsp-basic ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkix-ad(48) label-less(1) label-less(1) } */
+extern ASN1EXP const heim_oid asn1_oid_id_pkix_ocsp_basic;
+#define ASN1_OID_ID_PKIX_OCSP_BASIC (&asn1_oid_id_pkix_ocsp_basic)
+
+/* OBJECT IDENTIFIER id-pkix-ocsp-nonce ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pkix-ad(48) label-less(1) label-less(2) } */
+extern ASN1EXP const heim_oid asn1_oid_id_pkix_ocsp_nonce;
+#define ASN1_OID_ID_PKIX_OCSP_NONCE (&asn1_oid_id_pkix_ocsp_nonce)
+
+#endif /* __ocsp_asn1_h__ */
--- a/gen/include/pkcs10_asn1-priv.h
+++ b/gen/include/pkcs10_asn1-priv.h
--- a/gen/include/pkcs10_asn1.h
+++ b/gen/include/pkcs10_asn1.h
@ -0,0 +1,168 @@
+/* Generated from /Users/andyhyatt/Downloads/Heimdal-498.50.8/lib/hx509/pkcs10.asn1 */
+/* Do not edit */
+
+#ifndef __pkcs10_asn1_h__
+#define __pkcs10_asn1_h__
+
+#include <stddef.h>
+#include <time.h>
+
+#ifndef __asn1_common_definitions__
+#define __asn1_common_definitions__
+
+#ifndef __HEIM_BASE_DATA__
+#define __HEIM_BASE_DATA__ 1
+struct heim_base_data {
+    size_t length;
+    void *data;
+};
+#endif
+
+typedef struct heim_integer {
+  size_t length;
+  void *data;
+  int negative;
+} heim_integer;
+
+typedef struct heim_base_data heim_octet_string;
+
+typedef char *heim_general_string;
+
+typedef char *heim_utf8_string;
+
+typedef struct heim_base_data heim_printable_string;
+
+typedef struct heim_base_data heim_ia5_string;
+
+typedef struct heim_bmp_string {
+  size_t length;
+  uint16_t *data;
+} heim_bmp_string;
+
+typedef struct heim_universal_string {
+  size_t length;
+  uint32_t *data;
+} heim_universal_string;
+
+typedef char *heim_visible_string;
+
+typedef struct heim_oid {
+  size_t length;
+  unsigned *components;
+} heim_oid;
+
+typedef struct heim_bit_string {
+  size_t length;
+  void *data;
+} heim_bit_string;
+
+typedef struct heim_base_data heim_any;
+typedef struct heim_base_data heim_any_set;
+
+#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R)                  \
+  do {                                                         \
+    (BL) = length_##T((S));                                    \
+    (B) = malloc((BL));                                        \
+    if((B) == NULL) {                                          \
+      (R) = ENOMEM;                                            \
+    } else {                                                   \
+      (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \
+                       (S), (L));                              \
+      if((R) != 0) {                                           \
+        free((B));                                             \
+        (B) = NULL;                                            \
+      }                                                        \
+    }                                                          \
+  } while (0)
+
+#define ASN1_ENCODE_CFMutableData(_TYPE, _CFDATA, S, R)        \
+  do {                                                         \
+    size_t __length##_TYPE;			                  \
+    size_t __size##_TYPE = length_##_TYPE((S));                \
+    (_CFDATA) = CFDataCreateMutable(NULL, (__size##_TYPE));    \
+    if((_CFDATA) == NULL) {                                    \
+      (R) = ENOMEM;                                            \
+    } else {                                                   \
+      CFDataSetLength((_CFDATA), (__size##_TYPE));             \
+      (R) = encode_##_TYPE(((unsigned char*)(CFDataGetMutableBytePtr((_CFDATA)))) + (__size##_TYPE) - 1, (__size##_TYPE), \
+                       (S), &(__length##_TYPE));               \
+      if((R) != 0) {                                           \
+        CFRelease((_CFDATA));                                  \
+        (_CFDATA) = NULL;                                      \
+      }                                                        \
+      if((__size##_TYPE) != (__length##_TYPE)) {               \
+        asn1_abort("internal asn1 error");                   \
+      }                                                        \
+    }                                                          \
+  } while (0)
+
+#ifdef _WIN32
+#ifndef ASN1_LIB
+#define ASN1EXP  __declspec(dllimport)
+#else
+#define ASN1EXP
+#endif
+#define ASN1CALL __stdcall
+#else
+#define ASN1EXP
+#define ASN1CALL
+#endif
+struct units;
+
+#endif
+
+#include <rfc2459_asn1.h>
+/*
+CertificationRequestInfo ::= SEQUENCE {
+  version         INTEGER {
+    pkcs10_v1(0)
+  },
+  subject         Name,
+  subjectPKInfo   SubjectPublicKeyInfo,
+  attributes      [0] IMPLICIT SET OF Attribute OPTIONAL,
+}
+*/
+
+typedef struct CertificationRequestInfo {
+  heim_octet_string _save;
+  enum  {
+    pkcs10_v1 = 0
+} version;
+  Name subject;
+  SubjectPublicKeyInfo subjectPKInfo;
+  struct CertificationRequestInfo_attributes {
+    unsigned int len;
+    Attribute *val;
+  } *attributes;
+} CertificationRequestInfo;
+
+ASN1EXP int    ASN1CALL decode_CertificationRequestInfo(const unsigned char *, size_t, CertificationRequestInfo *, size_t *);
+ASN1EXP int    ASN1CALL encode_CertificationRequestInfo(unsigned char *, size_t, const CertificationRequestInfo *, size_t *);
+ASN1EXP size_t ASN1CALL length_CertificationRequestInfo(const CertificationRequestInfo *);
+ASN1EXP int    ASN1CALL copy_CertificationRequestInfo  (const CertificationRequestInfo *, CertificationRequestInfo *);
+ASN1EXP void   ASN1CALL free_CertificationRequestInfo  (CertificationRequestInfo *);
+
+
+/*
+CertificationRequest ::= SEQUENCE {
+  certificationRequestInfo   CertificationRequestInfo,
+  signatureAlgorithm         AlgorithmIdentifier,
+  signature                    BIT STRING {
+  },
+}
+*/
+
+typedef struct CertificationRequest {
+  CertificationRequestInfo certificationRequestInfo;
+  AlgorithmIdentifier signatureAlgorithm;
+  heim_bit_string signature;
+} CertificationRequest;
+
+ASN1EXP int    ASN1CALL decode_CertificationRequest(const unsigned char *, size_t, CertificationRequest *, size_t *);
+ASN1EXP int    ASN1CALL encode_CertificationRequest(unsigned char *, size_t, const CertificationRequest *, size_t *);
+ASN1EXP size_t ASN1CALL length_CertificationRequest(const CertificationRequest *);
+ASN1EXP int    ASN1CALL copy_CertificationRequest  (const CertificationRequest *, CertificationRequest *);
+ASN1EXP void   ASN1CALL free_CertificationRequest  (CertificationRequest *);
+
+
+#endif /* __pkcs10_asn1_h__ */
--- a/gen/include/rfc2459_asn1-priv.h
+++ b/gen/include/rfc2459_asn1-priv.h
--- a/lib/hx509/ks_keychain.c
+++ b/lib/hx509/ks_keychain.c
@ -39,7 +39,6 @@
 #include <Security/Security.h>
 #include <Security/SecKeyPriv.h>

-
 struct kc_rsa {
    SecKeyRef pkey;
    size_t keysize;
@ -106,7 +105,8 @@ kc_rsa_sign(int type, const unsigned char *from, unsigned int flen,
    SecKeyAlgorithm stype;

    if (type == NID_md5) {
-        stype = kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5;
+	// Shhh it will be okay
+        //stype = kSecKeyAlgorithmRSASignatureDigestPKCS1v15MD5;
    } else if (type == NID_sha1) {
        stype = kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1;
    } else if (type == NID_sha256) {