summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/usr.bin/openssl/ca.c46
1 files changed, 18 insertions, 28 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index 80561712ff..d69844620d 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.60 2024/07/08 05:56:17 tb Exp $ */ 1/* $OpenBSD: ca.c,v 1.61 2025/02/25 09:49:33 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -148,7 +148,6 @@ static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
148static int get_certificate_status(const char *serial, CA_DB *db); 148static int get_certificate_status(const char *serial, CA_DB *db);
149static int do_updatedb(CA_DB *db); 149static int do_updatedb(CA_DB *db);
150static int check_time_format(const char *str); 150static int check_time_format(const char *str);
151static char *bin2hex(unsigned char *, size_t);
152char *make_revocation_str(int rev_type, char *rev_arg); 151char *make_revocation_str(int rev_type, char *rev_arg);
153int make_revoked(X509_REVOKED *rev, const char *str); 152int make_revoked(X509_REVOKED *rev, const char *str);
154int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); 153int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
@@ -1254,22 +1253,30 @@ ca_main(int argc, char **argv)
1254 if (cfg.verbose) 1253 if (cfg.verbose)
1255 BIO_printf(bio_err, "writing new certificates\n"); 1254 BIO_printf(bio_err, "writing new certificates\n");
1256 for (i = 0; i < sk_X509_num(cert_sk); i++) { 1255 for (i = 0; i < sk_X509_num(cert_sk); i++) {
1257 ASN1_INTEGER *serialNumber; 1256 BIGNUM *bn;
1258 int k;
1259 char *serialstr; 1257 char *serialstr;
1260 unsigned char *data;
1261 char pempath[PATH_MAX]; 1258 char pempath[PATH_MAX];
1259 int k;
1262 1260
1263 x = sk_X509_value(cert_sk, i); 1261 x = sk_X509_value(cert_sk, i);
1264 1262
1265 serialNumber = X509_get_serialNumber(x); 1263 if ((bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x),
1266 j = ASN1_STRING_length(serialNumber); 1264 NULL)) == NULL)
1267 data = ASN1_STRING_data(serialNumber); 1265 goto err;
1268 1266
1269 if (j > 0) 1267 if (BN_is_zero(bn)) {
1270 serialstr = bin2hex(data, j); 1268 /* For consistency, BN_bn2hex(0) is 0, not 00. */
1271 else
1272 serialstr = strdup("00"); 1269 serialstr = strdup("00");
1270 } else {
1271 /*
1272 * Historical behavior is to ignore the sign
1273 * that shouldn't be there anyway.
1274 */
1275 BN_set_negative(bn, 0);
1276 serialstr = BN_bn2hex(bn);
1277 }
1278 BN_free(bn);
1279
1273 if (serialstr != NULL) { 1280 if (serialstr != NULL) {
1274 k = snprintf(pempath, sizeof(pempath), 1281 k = snprintf(pempath, sizeof(pempath),
1275 "%s/%s.pem", cfg.outdir, serialstr); 1282 "%s/%s.pem", cfg.outdir, serialstr);
@@ -2817,20 +2824,3 @@ unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
2817 2824
2818 return ret; 2825 return ret;
2819} 2826}
2820
2821static char *
2822bin2hex(unsigned char *data, size_t len)
2823{
2824 char *ret = NULL;
2825 char hex[] = "0123456789ABCDEF";
2826 int i;
2827
2828 if ((ret = malloc(len * 2 + 1)) != NULL) {
2829 for (i = 0; i < len; i++) {
2830 ret[i * 2 + 0] = hex[data[i] >> 4];
2831 ret[i * 2 + 1] = hex[data[i] & 0x0F];
2832 }
2833 ret[len * 2] = '\0';
2834 }
2835 return ret;
2836}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 22:00:13 +0000