summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/src/apps/asn1pars.c411
-rw-r--r--src/lib/libssl/src/apps/ca.c3154
2 files changed, 1662 insertions, 1903 deletions
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index 0ff3cdf3a0..246308f127 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,14 +49,14 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59/* A nice addition from Dr Stephen Henson <steve@openssl.org> to 59/* A nice addition from Dr Stephen Henson <steve@openssl.org> to
60 * add the -strparse option which parses nested binary structures 60 * add the -strparse option which parses nested binary structures
61 */ 61 */
62 62
@@ -84,321 +84,300 @@ int MAIN(int, char **);
84 84
85static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf); 85static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
86 86
87int MAIN(int argc, char **argv) 87int
88 { 88MAIN(int argc, char **argv)
89 int i,badops=0,offset=0,ret=1,j; 89{
90 unsigned int length=0; 90 int i, badops = 0, offset = 0, ret = 1, j;
91 long num,tmplen; 91 unsigned int length = 0;
92 BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; 92 long num, tmplen;
93 int informat,indent=0, noout = 0, dump = 0; 93 BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
94 char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; 94 int informat, indent = 0, noout = 0, dump = 0;
95 char *genstr=NULL, *genconf=NULL; 95 char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL;
96 char *genstr = NULL, *genconf = NULL;
96 unsigned char *tmpbuf; 97 unsigned char *tmpbuf;
97 const unsigned char *ctmpbuf; 98 const unsigned char *ctmpbuf;
98 BUF_MEM *buf=NULL; 99 BUF_MEM *buf = NULL;
99 STACK_OF(OPENSSL_STRING) *osk=NULL; 100 STACK_OF(OPENSSL_STRING) *osk = NULL;
100 ASN1_TYPE *at=NULL; 101 ASN1_TYPE *at = NULL;
101 102
102 informat=FORMAT_PEM; 103 informat = FORMAT_PEM;
103 104
104 apps_startup(); 105 apps_startup();
105 106
106 if (bio_err == NULL) 107 if (bio_err == NULL)
107 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 108 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
108 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 109 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
109 110
110 if (!load_config(bio_err, NULL)) 111 if (!load_config(bio_err, NULL))
111 goto end; 112 goto end;
112 113
113 prog=argv[0]; 114 prog = argv[0];
114 argc--; 115 argc--;
115 argv++; 116 argv++;
116 if ((osk=sk_OPENSSL_STRING_new_null()) == NULL) 117 if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
117 { 118 BIO_printf(bio_err, "Memory allocation failure\n");
118 BIO_printf(bio_err,"Memory allocation failure\n");
119 goto end; 119 goto end;
120 } 120 }
121 while (argc >= 1) 121 while (argc >= 1) {
122 { 122 if (strcmp(*argv, "-inform") == 0) {
123 if (strcmp(*argv,"-inform") == 0) 123 if (--argc < 1)
124 { 124 goto bad;
125 if (--argc < 1) goto bad; 125 informat = str2fmt(*(++argv));
126 informat=str2fmt(*(++argv)); 126 } else if (strcmp(*argv, "-in") == 0) {
127 } 127 if (--argc < 1)
128 else if (strcmp(*argv,"-in") == 0) 128 goto bad;
129 {
130 if (--argc < 1) goto bad;
131 infile= *(++argv); 129 infile= *(++argv);
132 } 130 } else if (strcmp(*argv, "-out") == 0) {
133 else if (strcmp(*argv,"-out") == 0) 131 if (--argc < 1)
134 { 132 goto bad;
135 if (--argc < 1) goto bad;
136 derfile= *(++argv); 133 derfile= *(++argv);
137 } 134 } else if (strcmp(*argv, "-i") == 0) {
138 else if (strcmp(*argv,"-i") == 0) 135 indent = 1;
139 { 136 } else
140 indent=1; 137 if (strcmp(*argv, "-noout") == 0) noout = 1;
141 } 138 else if (strcmp(*argv, "-oid") == 0) {
142 else if (strcmp(*argv,"-noout") == 0) noout = 1; 139 if (--argc < 1)
143 else if (strcmp(*argv,"-oid") == 0) 140 goto bad;
144 {
145 if (--argc < 1) goto bad;
146 oidfile= *(++argv); 141 oidfile= *(++argv);
147 } 142 } else if (strcmp(*argv, "-offset") == 0) {
148 else if (strcmp(*argv,"-offset") == 0) 143 if (--argc < 1)
149 { 144 goto bad;
150 if (--argc < 1) goto bad; 145 offset = atoi(*(++argv));
151 offset= atoi(*(++argv)); 146 } else if (strcmp(*argv, "-length") == 0) {
152 } 147 if (--argc < 1)
153 else if (strcmp(*argv,"-length") == 0) 148 goto bad;
154 { 149 length = atoi(*(++argv));
155 if (--argc < 1) goto bad; 150 if (length == 0)
156 length= atoi(*(++argv)); 151 goto bad;
157 if (length == 0) goto bad; 152 } else if (strcmp(*argv, "-dump") == 0) {
158 } 153 dump = -1;
159 else if (strcmp(*argv,"-dump") == 0) 154 } else if (strcmp(*argv, "-dlimit") == 0) {
160 { 155 if (--argc < 1)
161 dump= -1; 156 goto bad;
162 } 157 dump = atoi(*(++argv));
163 else if (strcmp(*argv,"-dlimit") == 0) 158 if (dump <= 0)
164 { 159 goto bad;
165 if (--argc < 1) goto bad; 160 } else if (strcmp(*argv, "-strparse") == 0) {
166 dump= atoi(*(++argv)); 161 if (--argc < 1)
167 if (dump <= 0) goto bad; 162 goto bad;
168 } 163 sk_OPENSSL_STRING_push(osk, *(++argv));
169 else if (strcmp(*argv,"-strparse") == 0) 164 } else if (strcmp(*argv, "-genstr") == 0) {
170 { 165 if (--argc < 1)
171 if (--argc < 1) goto bad; 166 goto bad;
172 sk_OPENSSL_STRING_push(osk,*(++argv));
173 }
174 else if (strcmp(*argv,"-genstr") == 0)
175 {
176 if (--argc < 1) goto bad;
177 genstr= *(++argv); 167 genstr= *(++argv);
178 } 168 } else if (strcmp(*argv, "-genconf") == 0) {
179 else if (strcmp(*argv,"-genconf") == 0) 169 if (--argc < 1)
180 { 170 goto bad;
181 if (--argc < 1) goto bad;
182 genconf= *(++argv); 171 genconf= *(++argv);
183 } 172 } else {
184 else 173 BIO_printf(bio_err, "unknown option %s\n", *argv);
185 { 174 badops = 1;
186 BIO_printf(bio_err,"unknown option %s\n",*argv);
187 badops=1;
188 break; 175 break;
189 } 176 }
190 argc--; 177 argc--;
191 argv++; 178 argv++;
192 } 179 }
193 180
194 if (badops) 181 if (badops) {
195 {
196bad: 182bad:
197 BIO_printf(bio_err,"%s [options] <infile\n",prog); 183 BIO_printf(bio_err, "%s [options] <infile\n", prog);
198 BIO_printf(bio_err,"where options are\n"); 184 BIO_printf(bio_err, "where options are\n");
199 BIO_printf(bio_err," -inform arg input format - one of DER PEM\n"); 185 BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
200 BIO_printf(bio_err," -in arg input file\n"); 186 BIO_printf(bio_err, " -in arg input file\n");
201 BIO_printf(bio_err," -out arg output file (output format is always DER\n"); 187 BIO_printf(bio_err, " -out arg output file (output format is always DER\n");
202 BIO_printf(bio_err," -noout arg don't produce any output\n"); 188 BIO_printf(bio_err, " -noout arg don't produce any output\n");
203 BIO_printf(bio_err," -offset arg offset into file\n"); 189 BIO_printf(bio_err, " -offset arg offset into file\n");
204 BIO_printf(bio_err," -length arg length of section in file\n"); 190 BIO_printf(bio_err, " -length arg length of section in file\n");
205 BIO_printf(bio_err," -i indent entries\n"); 191 BIO_printf(bio_err, " -i indent entries\n");
206 BIO_printf(bio_err," -dump dump unknown data in hex form\n"); 192 BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
207 BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n"); 193 BIO_printf(bio_err, " -dlimit arg dump the first arg bytes of unknown data in hex form\n");
208 BIO_printf(bio_err," -oid file file of extra oid definitions\n"); 194 BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
209 BIO_printf(bio_err," -strparse offset\n"); 195 BIO_printf(bio_err, " -strparse offset\n");
210 BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); 196 BIO_printf(bio_err, " a series of these can be used to 'dig' into multiple\n");
211 BIO_printf(bio_err," ASN1 blob wrappings\n"); 197 BIO_printf(bio_err, " ASN1 blob wrappings\n");
212 BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n"); 198 BIO_printf(bio_err, " -genstr str string to generate ASN1 structure from\n");
213 BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n"); 199 BIO_printf(bio_err, " -genconf file file to generate ASN1 structure from\n");
214 goto end; 200 goto end;
215 } 201 }
216 202
217 ERR_load_crypto_strings(); 203 ERR_load_crypto_strings();
218 204
219 in=BIO_new(BIO_s_file()); 205 in = BIO_new(BIO_s_file());
220 out=BIO_new(BIO_s_file()); 206 out = BIO_new(BIO_s_file());
221 if ((in == NULL) || (out == NULL)) 207 if ((in == NULL) || (out == NULL)) {
222 {
223 ERR_print_errors(bio_err); 208 ERR_print_errors(bio_err);
224 goto end; 209 goto end;
225 } 210 }
226 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); 211 BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
227 212
228 if (oidfile != NULL) 213 if (oidfile != NULL) {
229 { 214 if (BIO_read_filename(in, oidfile) <= 0) {
230 if (BIO_read_filename(in,oidfile) <= 0) 215 BIO_printf(bio_err, "problems opening %s\n", oidfile);
231 {
232 BIO_printf(bio_err,"problems opening %s\n",oidfile);
233 ERR_print_errors(bio_err); 216 ERR_print_errors(bio_err);
234 goto end; 217 goto end;
235 }
236 OBJ_create_objects(in);
237 } 218 }
219 OBJ_create_objects(in);
220 }
238 221
239 if (infile == NULL) 222 if (infile == NULL)
240 BIO_set_fp(in,stdin,BIO_NOCLOSE); 223 BIO_set_fp(in, stdin, BIO_NOCLOSE);
241 else 224 else {
242 { 225 if (BIO_read_filename(in, infile) <= 0) {
243 if (BIO_read_filename(in,infile) <= 0)
244 {
245 perror(infile); 226 perror(infile);
246 goto end; 227 goto end;
247 }
248 } 228 }
229 }
249 230
250 if (derfile) { 231 if (derfile) {
251 if(!(derout = BIO_new_file(derfile, "wb"))) { 232 if (!(derout = BIO_new_file(derfile, "wb"))) {
252 BIO_printf(bio_err,"problems opening %s\n",derfile); 233 BIO_printf(bio_err, "problems opening %s\n", derfile);
253 ERR_print_errors(bio_err); 234 ERR_print_errors(bio_err);
254 goto end; 235 goto end;
255 } 236 }
256 } 237 }
257 238
258 if ((buf=BUF_MEM_new()) == NULL) goto end; 239 if ((buf = BUF_MEM_new()) == NULL)
259 if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ 240 goto end;
241 if (!BUF_MEM_grow(buf, BUFSIZ * 8))
242 goto end; /* Pre-allocate :-) */
260 243
261 if (genstr || genconf) 244 if (genstr || genconf) {
262 {
263 num = do_generate(bio_err, genstr, genconf, buf); 245 num = do_generate(bio_err, genstr, genconf, buf);
264 if (num < 0) 246 if (num < 0) {
265 {
266 ERR_print_errors(bio_err); 247 ERR_print_errors(bio_err);
267 goto end; 248 goto end;
268 }
269 } 249 }
250 } else {
270 251
271 else 252 if (informat == FORMAT_PEM) {
272 {
273
274 if (informat == FORMAT_PEM)
275 {
276 BIO *tmp; 253 BIO *tmp;
277 254
278 if ((b64=BIO_new(BIO_f_base64())) == NULL) 255 if ((b64 = BIO_new(BIO_f_base64())) == NULL)
279 goto end; 256 goto end;
280 BIO_push(b64,in); 257 BIO_push(b64, in);
281 tmp=in; 258 tmp = in;
282 in=b64; 259 in = b64;
283 b64=tmp; 260 b64 = tmp;
284 } 261 }
285 262
286 num=0; 263 num = 0;
287 for (;;) 264 for (;;) {
288 { 265 if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
289 if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; 266 goto end;
290 i=BIO_read(in,&(buf->data[num]),BUFSIZ); 267 i = BIO_read(in, &(buf->data[num]), BUFSIZ);
291 if (i <= 0) break; 268 if (i <= 0)
292 num+=i; 269 break;
293 } 270 num += i;
294 } 271 }
295 str=buf->data; 272 }
273 str = buf->data;
296 274
297 /* If any structs to parse go through in sequence */ 275 /* If any structs to parse go through in sequence */
298 276
299 if (sk_OPENSSL_STRING_num(osk)) 277 if (sk_OPENSSL_STRING_num(osk)) {
300 { 278 tmpbuf = (unsigned char *)str;
301 tmpbuf=(unsigned char *)str; 279 tmplen = num;
302 tmplen=num; 280 for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
303 for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
304 {
305 ASN1_TYPE *atmp; 281 ASN1_TYPE *atmp;
306 int typ; 282 int typ;
307 j=atoi(sk_OPENSSL_STRING_value(osk,i)); 283 j = atoi(sk_OPENSSL_STRING_value(osk, i));
308 if (j == 0) 284 if (j == 0) {
309 { 285 BIO_printf(bio_err,
310 BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i)); 286 "'%s' is an invalid number\n",
287 sk_OPENSSL_STRING_value(osk, i));
311 continue; 288 continue;
312 } 289 }
313 tmpbuf+=j; 290 tmpbuf += j;
314 tmplen-=j; 291 tmplen -= j;
315 atmp = at; 292 atmp = at;
316 ctmpbuf = tmpbuf; 293 ctmpbuf = tmpbuf;
317 at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen); 294 at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
318 ASN1_TYPE_free(atmp); 295 ASN1_TYPE_free(atmp);
319 if(!at) 296 if (!at) {
320 { 297 BIO_printf(bio_err, "Error parsing structure\n");
321 BIO_printf(bio_err,"Error parsing structure\n");
322 ERR_print_errors(bio_err); 298 ERR_print_errors(bio_err);
323 goto end; 299 goto end;
324 } 300 }
325 typ = ASN1_TYPE_get(at); 301 typ = ASN1_TYPE_get(at);
326 if ((typ == V_ASN1_OBJECT) 302 if ((typ == V_ASN1_OBJECT) ||
327 || (typ == V_ASN1_NULL)) 303 (typ == V_ASN1_NULL)) {
328 {
329 BIO_printf(bio_err, "Can't parse %s type\n", 304 BIO_printf(bio_err, "Can't parse %s type\n",
330 typ == V_ASN1_NULL ? "NULL" : "OBJECT"); 305 typ == V_ASN1_NULL ? "NULL" : "OBJECT");
331 ERR_print_errors(bio_err); 306 ERR_print_errors(bio_err);
332 goto end; 307 goto end;
333 }
334 /* hmm... this is a little evil but it works */
335 tmpbuf=at->value.asn1_string->data;
336 tmplen=at->value.asn1_string->length;
337 } 308 }
338 str=(char *)tmpbuf; 309 /* hmm... this is a little evil but it works */
339 num=tmplen; 310 tmpbuf = at->value.asn1_string->data;
311 tmplen = at->value.asn1_string->length;
340 } 312 }
313 str = (char *)tmpbuf;
314 num = tmplen;
315 }
341 316
342 if (offset >= num) 317 if (offset >= num) {
343 {
344 BIO_printf(bio_err, "Error: offset too large\n"); 318 BIO_printf(bio_err, "Error: offset too large\n");
345 goto end; 319 goto end;
346 } 320 }
347 321
348 num -= offset; 322 num -= offset;
349 323
350 if ((length == 0) || ((long)length > num)) length=(unsigned int)num; 324 if ((length == 0) || ((long)length > num))
351 if(derout) { 325 length = (unsigned int)num;
352 if(BIO_write(derout, str + offset, length) != (int)length) { 326 if (derout) {
327 if (BIO_write(derout, str + offset, length) != (int)length) {
353 BIO_printf(bio_err, "Error writing output\n"); 328 BIO_printf(bio_err, "Error writing output\n");
354 ERR_print_errors(bio_err); 329 ERR_print_errors(bio_err);
355 goto end; 330 goto end;
356 } 331 }
357 } 332 }
358 if (!noout && 333 if (!noout &&
359 !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length, 334 !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
360 indent,dump)) 335 indent, dump)) {
361 {
362 ERR_print_errors(bio_err); 336 ERR_print_errors(bio_err);
363 goto end; 337 goto end;
364 } 338 }
365 ret=0; 339 ret = 0;
366end: 340end:
367 BIO_free(derout); 341 BIO_free(derout);
368 if (in != NULL) BIO_free(in); 342 if (in != NULL)
369 if (out != NULL) BIO_free_all(out); 343 BIO_free(in);
370 if (b64 != NULL) BIO_free(b64); 344 if (out != NULL)
345 BIO_free_all(out);
346 if (b64 != NULL)
347 BIO_free(b64);
371 if (ret != 0) 348 if (ret != 0)
372 ERR_print_errors(bio_err); 349 ERR_print_errors(bio_err);
373 if (buf != NULL) BUF_MEM_free(buf); 350 if (buf != NULL)
374 if (at != NULL) ASN1_TYPE_free(at); 351 BUF_MEM_free(buf);
375 if (osk != NULL) sk_OPENSSL_STRING_free(osk); 352 if (at != NULL)
353 ASN1_TYPE_free(at);
354 if (osk != NULL)
355 sk_OPENSSL_STRING_free(osk);
376 OBJ_cleanup(); 356 OBJ_cleanup();
377 apps_shutdown(); 357 apps_shutdown();
378 OPENSSL_EXIT(ret); 358 OPENSSL_EXIT(ret);
379 } 359}
380 360
381static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) 361static int
382 { 362do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
363{
383 CONF *cnf = NULL; 364 CONF *cnf = NULL;
384 int len; 365 int len;
385 long errline; 366 long errline;
386 unsigned char *p; 367 unsigned char *p;
387 ASN1_TYPE *atyp = NULL; 368 ASN1_TYPE *atyp = NULL;
388 369
389 if (genconf) 370 if (genconf) {
390 {
391 cnf = NCONF_new(NULL); 371 cnf = NCONF_new(NULL);
392 if (!NCONF_load(cnf, genconf, &errline)) 372 if (!NCONF_load(cnf, genconf, &errline))
393 goto conferr; 373 goto conferr;
394 if (!genstr) 374 if (!genstr)
395 genstr = NCONF_get_string(cnf, "default", "asn1"); 375 genstr = NCONF_get_string(cnf, "default", "asn1");
396 if (!genstr) 376 if (!genstr) {
397 {
398 BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf); 377 BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
399 goto err; 378 goto err;
400 }
401 } 379 }
380 }
402 381
403 atyp = ASN1_generate_nconf(genstr, cnf); 382 atyp = ASN1_generate_nconf(genstr, cnf);
404 NCONF_free(cnf); 383 NCONF_free(cnf);
@@ -412,10 +391,10 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
412 if (len <= 0) 391 if (len <= 0)
413 goto err; 392 goto err;
414 393
415 if (!BUF_MEM_grow(buf,len)) 394 if (!BUF_MEM_grow(buf, len))
416 goto err; 395 goto err;
417 396
418 p=(unsigned char *)buf->data; 397 p = (unsigned char *)buf->data;
419 398
420 i2d_ASN1_TYPE(atyp, &p); 399 i2d_ASN1_TYPE(atyp, &p);
421 400
@@ -426,7 +405,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
426 405
427 if (errline > 0) 406 if (errline > 0)
428 BIO_printf(bio, "Error on line %ld of config file '%s'\n", 407 BIO_printf(bio, "Error on line %ld of config file '%s'\n",
429 errline, genconf); 408 errline, genconf);
430 else 409 else
431 BIO_printf(bio, "Error loading config file '%s'\n", genconf); 410 BIO_printf(bio, "Error loading config file '%s'\n", genconf);
432 411
@@ -436,4 +415,4 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
436 415
437 return -1; 416 return -1;
438 417
439 } 418}
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 4c71aa2a75..54344a1377 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -137,48 +137,48 @@
137#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ 137#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
138#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ 138#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
139 139
140static const char *ca_usage[]={ 140static const char *ca_usage[] = {
141"usage: ca args\n", 141 "usage: ca args\n",
142"\n", 142 "\n",
143" -verbose - Talk alot while doing things\n", 143 " -verbose - Talk alot while doing things\n",
144" -config file - A config file\n", 144 " -config file - A config file\n",
145" -name arg - The particular CA definition to use\n", 145 " -name arg - The particular CA definition to use\n",
146" -gencrl - Generate a new CRL\n", 146 " -gencrl - Generate a new CRL\n",
147" -crldays days - Days is when the next CRL is due\n", 147 " -crldays days - Days is when the next CRL is due\n",
148" -crlhours hours - Hours is when the next CRL is due\n", 148 " -crlhours hours - Hours is when the next CRL is due\n",
149" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n", 149 " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
150" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n", 150 " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
151" -days arg - number of days to certify the certificate for\n", 151 " -days arg - number of days to certify the certificate for\n",
152" -md arg - md to use, one of md2, md5, sha or sha1\n", 152 " -md arg - md to use, one of md2, md5, sha or sha1\n",
153" -policy arg - The CA 'policy' to support\n", 153 " -policy arg - The CA 'policy' to support\n",
154" -keyfile arg - private key file\n", 154 " -keyfile arg - private key file\n",
155" -keyform arg - private key file format (PEM or ENGINE)\n", 155 " -keyform arg - private key file format (PEM or ENGINE)\n",
156" -key arg - key to decode the private key if it is encrypted\n", 156 " -key arg - key to decode the private key if it is encrypted\n",
157" -cert file - The CA certificate\n", 157 " -cert file - The CA certificate\n",
158" -selfsign - sign a certificate with the key associated with it\n", 158 " -selfsign - sign a certificate with the key associated with it\n",
159" -in file - The input PEM encoded certificate request(s)\n", 159 " -in file - The input PEM encoded certificate request(s)\n",
160" -out file - Where to put the output file(s)\n", 160 " -out file - Where to put the output file(s)\n",
161" -outdir dir - Where to put output certificates\n", 161 " -outdir dir - Where to put output certificates\n",
162" -infiles .... - The last argument, requests to process\n", 162 " -infiles .... - The last argument, requests to process\n",
163" -spkac file - File contains DN and signed public key and challenge\n", 163 " -spkac file - File contains DN and signed public key and challenge\n",
164" -ss_cert file - File contains a self signed cert to sign\n", 164 " -ss_cert file - File contains a self signed cert to sign\n",
165" -preserveDN - Don't re-order the DN\n", 165 " -preserveDN - Don't re-order the DN\n",
166" -noemailDN - Don't add the EMAIL field into certificate' subject\n", 166 " -noemailDN - Don't add the EMAIL field into certificate' subject\n",
167" -batch - Don't ask questions\n", 167 " -batch - Don't ask questions\n",
168" -msie_hack - msie modifications to handle all those universal strings\n", 168 " -msie_hack - msie modifications to handle all those universal strings\n",
169" -revoke file - Revoke a certificate (given in file)\n", 169 " -revoke file - Revoke a certificate (given in file)\n",
170" -subj arg - Use arg instead of request's subject\n", 170 " -subj arg - Use arg instead of request's subject\n",
171" -utf8 - input characters are UTF8 (default ASCII)\n", 171 " -utf8 - input characters are UTF8 (default ASCII)\n",
172" -multivalue-rdn - enable support for multivalued RDNs\n", 172 " -multivalue-rdn - enable support for multivalued RDNs\n",
173" -extensions .. - Extension section (override value in config file)\n", 173 " -extensions .. - Extension section (override value in config file)\n",
174" -extfile file - Configuration file with X509v3 extentions to add\n", 174 " -extfile file - Configuration file with X509v3 extentions to add\n",
175" -crlexts .. - CRL extension section (override value in config file)\n", 175 " -crlexts .. - CRL extension section (override value in config file)\n",
176#ifndef OPENSSL_NO_ENGINE 176#ifndef OPENSSL_NO_ENGINE
177" -engine e - use engine e, possibly a hardware device.\n", 177 " -engine e - use engine e, possibly a hardware device.\n",
178#endif 178#endif
179" -status serial - Shows certificate status given the serial number\n", 179 " -status serial - Shows certificate status given the serial number\n",
180" -updatedb - Updates db for expired certificates\n", 180 " -updatedb - Updates db for expired certificates\n",
181NULL 181 NULL
182}; 182};
183 183
184#ifdef EFENCE 184#ifdef EFENCE
@@ -188,36 +188,34 @@ extern int EF_ALIGNMENT;
188#endif 188#endif
189 189
190static void lookup_fail(const char *name, const char *tag); 190static void lookup_fail(const char *name, const char *tag);
191static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 191static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
192 const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, 192 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
193 STACK_OF(CONF_VALUE) *policy,CA_DB *db, 193 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
194 BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, 194 unsigned long chtype, int multirdn, int email_dn, char *startdate,
195 char *enddate, long days, int batch, char *ext_sect, CONF *conf, 195 char *enddate, long days, int batch, char *ext_sect, CONF *conf,
196 int verbose, unsigned long certopt, unsigned long nameopt, 196 int verbose, unsigned long certopt, unsigned long nameopt,
197 int default_op, int ext_copy, int selfsign); 197 int default_op, int ext_copy, int selfsign);
198static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 198static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
199 const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, 199 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
200 STACK_OF(CONF_VALUE) *policy, 200 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
201 CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, 201 unsigned long chtype, int multirdn, int email_dn, char *startdate,
202 char *startdate, char *enddate, long days, int batch, 202 char *enddate, long days, int batch, char *ext_sect, CONF *conf,
203 char *ext_sect, CONF *conf,int verbose, unsigned long certopt, 203 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
204 unsigned long nameopt, int default_op, int ext_copy, 204 int ext_copy, ENGINE *e);
205 ENGINE *e); 205static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
206static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 206 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
207 const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, 207 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
208 STACK_OF(CONF_VALUE) *policy, 208 unsigned long chtype, int multirdn, int email_dn, char *startdate,
209 CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, 209 char *enddate, long days, char *ext_sect, CONF *conf, int verbose,
210 char *startdate, char *enddate, long days, char *ext_sect, 210 unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy);
211 CONF *conf, int verbose, unsigned long certopt,
212 unsigned long nameopt, int default_op, int ext_copy);
213static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); 211static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
214static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 212static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
215 STACK_OF(OPENSSL_STRING) *sigopts, 213 STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
216 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, 214 BIGNUM *serial, char *subj, unsigned long chtype, int multirdn,
217 int email_dn, char *startdate, char *enddate, long days, int batch, 215 int email_dn, char *startdate, char *enddate, long days, int batch,
218 int verbose, X509_REQ *req, char *ext_sect, CONF *conf, 216 int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
219 unsigned long certopt, unsigned long nameopt, int default_op, 217 unsigned long certopt, unsigned long nameopt, int default_op,
220 int ext_copy, int selfsign); 218 int ext_copy, int selfsign);
221static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); 219static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
222static int get_certificate_status(const char *ser_status, CA_DB *db); 220static int get_certificate_status(const char *ser_status, CA_DB *db);
223static int do_updatedb(CA_DB *db); 221static int do_updatedb(CA_DB *db);
@@ -225,103 +223,104 @@ static int check_time_format(const char *str);
225char *make_revocation_str(int rev_type, char *rev_arg); 223char *make_revocation_str(int rev_type, char *rev_arg);
226int make_revoked(X509_REVOKED *rev, const char *str); 224int make_revoked(X509_REVOKED *rev, const char *str);
227int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); 225int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
228static CONF *conf=NULL; 226static CONF *conf = NULL;
229static CONF *extconf=NULL; 227static CONF *extconf = NULL;
230static char *section=NULL; 228static char *section = NULL;
231 229
232static int preserve=0; 230static int preserve = 0;
233static int msie_hack=0; 231static int msie_hack = 0;
234 232
235 233
236int MAIN(int, char **); 234int MAIN(int, char **);
237 235
238int MAIN(int argc, char **argv) 236int
239 { 237MAIN(int argc, char **argv)
238{
240 ENGINE *e = NULL; 239 ENGINE *e = NULL;
241 char *key=NULL,*passargin=NULL; 240 char *key = NULL, *passargin = NULL;
242 int create_ser = 0; 241 int create_ser = 0;
243 int free_key = 0; 242 int free_key = 0;
244 int total=0; 243 int total = 0;
245 int total_done=0; 244 int total_done = 0;
246 int badops=0; 245 int badops = 0;
247 int ret=1; 246 int ret = 1;
248 int email_dn=1; 247 int email_dn = 1;
249 int req=0; 248 int req = 0;
250 int verbose=0; 249 int verbose = 0;
251 int gencrl=0; 250 int gencrl = 0;
252 int dorevoke=0; 251 int dorevoke = 0;
253 int doupdatedb=0; 252 int doupdatedb = 0;
254 long crldays=0; 253 long crldays = 0;
255 long crlhours=0; 254 long crlhours = 0;
256 long crlsec=0; 255 long crlsec = 0;
257 long errorline= -1; 256 long errorline = -1;
258 char *configfile=NULL; 257 char *configfile = NULL;
259 char *md=NULL; 258 char *md = NULL;
260 char *policy=NULL; 259 char *policy = NULL;
261 char *keyfile=NULL; 260 char *keyfile = NULL;
262 char *certfile=NULL; 261 char *certfile = NULL;
263 int keyform=FORMAT_PEM; 262 int keyform = FORMAT_PEM;
264 char *infile=NULL; 263 char *infile = NULL;
265 char *spkac_file=NULL; 264 char *spkac_file = NULL;
266 char *ss_cert_file=NULL; 265 char *ss_cert_file = NULL;
267 char *ser_status=NULL; 266 char *ser_status = NULL;
268 EVP_PKEY *pkey=NULL; 267 EVP_PKEY *pkey = NULL;
269 int output_der = 0; 268 int output_der = 0;
270 char *outfile=NULL; 269 char *outfile = NULL;
271 char *outdir=NULL; 270 char *outdir = NULL;
272 char *serialfile=NULL; 271 char *serialfile = NULL;
273 char *crlnumberfile=NULL; 272 char *crlnumberfile = NULL;
274 char *extensions=NULL; 273 char *extensions = NULL;
275 char *extfile=NULL; 274 char *extfile = NULL;
276 char *subj=NULL; 275 char *subj = NULL;
277 unsigned long chtype = MBSTRING_ASC; 276 unsigned long chtype = MBSTRING_ASC;
278 int multirdn = 0; 277 int multirdn = 0;
279 char *tmp_email_dn=NULL; 278 char *tmp_email_dn = NULL;
280 char *crl_ext=NULL; 279 char *crl_ext = NULL;
281 int rev_type = REV_NONE; 280 int rev_type = REV_NONE;
282 char *rev_arg = NULL; 281 char *rev_arg = NULL;
283 BIGNUM *serial=NULL; 282 BIGNUM *serial = NULL;
284 BIGNUM *crlnumber=NULL; 283 BIGNUM *crlnumber = NULL;
285 char *startdate=NULL; 284 char *startdate = NULL;
286 char *enddate=NULL; 285 char *enddate = NULL;
287 long days=0; 286 long days = 0;
288 int batch=0; 287 int batch = 0;
289 int notext=0; 288 int notext = 0;
290 unsigned long nameopt = 0, certopt = 0; 289 unsigned long nameopt = 0, certopt = 0;
291 int default_op = 1; 290 int default_op = 1;
292 int ext_copy = EXT_COPY_NONE; 291 int ext_copy = EXT_COPY_NONE;
293 int selfsign = 0; 292 int selfsign = 0;
294 X509 *x509=NULL, *x509p = NULL; 293 X509 *x509 = NULL, *x509p = NULL;
295 X509 *x=NULL; 294 X509 *x = NULL;
296 BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; 295 BIO *in = NULL, *out = NULL, *Sout = NULL, *Cout = NULL;
297 char *dbfile=NULL; 296 char *dbfile = NULL;
298 CA_DB *db=NULL; 297 CA_DB *db = NULL;
299 X509_CRL *crl=NULL; 298 X509_CRL *crl = NULL;
300 X509_REVOKED *r=NULL; 299 X509_REVOKED *r = NULL;
301 ASN1_TIME *tmptm; 300 ASN1_TIME *tmptm;
302 ASN1_INTEGER *tmpser; 301 ASN1_INTEGER *tmpser;
303 char *f; 302 char *f;
304 const char *p; 303 const char *p;
305 char * const *pp; 304 char * const *pp;
306 int i,j; 305 int i, j;
307 const EVP_MD *dgst=NULL; 306 const EVP_MD *dgst = NULL;
308 STACK_OF(CONF_VALUE) *attribs=NULL; 307 STACK_OF(CONF_VALUE) *attribs = NULL;
309 STACK_OF(X509) *cert_sk=NULL; 308 STACK_OF(X509) *cert_sk = NULL;
310 STACK_OF(OPENSSL_STRING) *sigopts = NULL; 309 STACK_OF(OPENSSL_STRING) *sigopts = NULL;
311#undef BSIZE 310#undef BSIZE
312#define BSIZE 256 311#define BSIZE 256
313 char buf[3][BSIZE]; 312 char buf[3][BSIZE];
314 char *randfile=NULL; 313 char *randfile = NULL;
315#ifndef OPENSSL_NO_ENGINE 314#ifndef OPENSSL_NO_ENGINE
316 char *engine = NULL; 315 char *engine = NULL;
317#endif 316#endif
318 char *tofree=NULL; 317 char *tofree = NULL;
319 DB_ATTR db_attr; 318 DB_ATTR db_attr;
320 319
321#ifdef EFENCE 320#ifdef EFENCE
322EF_PROTECT_FREE=1; 321 EF_PROTECT_FREE = 1;
323EF_PROTECT_BELOW=1; 322 EF_PROTECT_BELOW = 1;
324EF_ALIGNMENT=0; 323 EF_ALIGNMENT = 0;
325#endif 324#endif
326 325
327 apps_startup(); 326 apps_startup();
@@ -330,280 +329,242 @@ EF_ALIGNMENT=0;
330 key = NULL; 329 key = NULL;
331 section = NULL; 330 section = NULL;
332 331
333 preserve=0; 332 preserve = 0;
334 msie_hack=0; 333 msie_hack = 0;
335 if (bio_err == NULL) 334 if (bio_err == NULL)
336 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 335 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
337 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 336 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
338 337
339 argc--; 338 argc--;
340 argv++; 339 argv++;
341 while (argc >= 1) 340 while (argc >= 1) {
342 { 341 if (strcmp(*argv, "-verbose") == 0)
343 if (strcmp(*argv,"-verbose") == 0) 342 verbose = 1;
344 verbose=1; 343 else if (strcmp(*argv, "-config") == 0) {
345 else if (strcmp(*argv,"-config") == 0) 344 if (--argc < 1)
346 { 345 goto bad;
347 if (--argc < 1) goto bad;
348 configfile= *(++argv); 346 configfile= *(++argv);
349 } 347 } else if (strcmp(*argv, "-name") == 0) {
350 else if (strcmp(*argv,"-name") == 0) 348 if (--argc < 1)
351 { 349 goto bad;
352 if (--argc < 1) goto bad;
353 section= *(++argv); 350 section= *(++argv);
354 } 351 } else if (strcmp(*argv, "-subj") == 0) {
355 else if (strcmp(*argv,"-subj") == 0) 352 if (--argc < 1)
356 { 353 goto bad;
357 if (--argc < 1) goto bad;
358 subj= *(++argv); 354 subj= *(++argv);
359 /* preserve=1; */ 355 /* preserve=1; */
360 } 356 } else if (strcmp(*argv, "-utf8") == 0)
361 else if (strcmp(*argv,"-utf8") == 0)
362 chtype = MBSTRING_UTF8; 357 chtype = MBSTRING_UTF8;
363 else if (strcmp(*argv,"-create_serial") == 0) 358 else if (strcmp(*argv, "-create_serial") == 0)
364 create_ser = 1; 359 create_ser = 1;
365 else if (strcmp(*argv,"-multivalue-rdn") == 0) 360 else if (strcmp(*argv, "-multivalue-rdn") == 0)
366 multirdn=1; 361 multirdn = 1;
367 else if (strcmp(*argv,"-startdate") == 0) 362 else if (strcmp(*argv, "-startdate") == 0) {
368 { 363 if (--argc < 1)
369 if (--argc < 1) goto bad; 364 goto bad;
370 startdate= *(++argv); 365 startdate= *(++argv);
371 } 366 } else if (strcmp(*argv, "-enddate") == 0) {
372 else if (strcmp(*argv,"-enddate") == 0) 367 if (--argc < 1)
373 { 368 goto bad;
374 if (--argc < 1) goto bad;
375 enddate= *(++argv); 369 enddate= *(++argv);
376 } 370 } else if (strcmp(*argv, "-days") == 0) {
377 else if (strcmp(*argv,"-days") == 0) 371 if (--argc < 1)
378 { 372 goto bad;
379 if (--argc < 1) goto bad; 373 days = atoi(*(++argv));
380 days=atoi(*(++argv)); 374 } else if (strcmp(*argv, "-md") == 0) {
381 } 375 if (--argc < 1)
382 else if (strcmp(*argv,"-md") == 0) 376 goto bad;
383 {
384 if (--argc < 1) goto bad;
385 md= *(++argv); 377 md= *(++argv);
386 } 378 } else if (strcmp(*argv, "-policy") == 0) {
387 else if (strcmp(*argv,"-policy") == 0) 379 if (--argc < 1)
388 { 380 goto bad;
389 if (--argc < 1) goto bad;
390 policy= *(++argv); 381 policy= *(++argv);
391 } 382 } else if (strcmp(*argv, "-keyfile") == 0) {
392 else if (strcmp(*argv,"-keyfile") == 0) 383 if (--argc < 1)
393 { 384 goto bad;
394 if (--argc < 1) goto bad;
395 keyfile= *(++argv); 385 keyfile= *(++argv);
396 } 386 }
397 else if (strcmp(*argv,"-keyform") == 0) 387 else if (strcmp(*argv, "-keyform") == 0) {
398 { 388 if (--argc < 1)
399 if (--argc < 1) goto bad; 389 goto bad;
400 keyform=str2fmt(*(++argv)); 390 keyform = str2fmt(*(++argv));
401 } 391 } else if (strcmp(*argv, "-passin") == 0) {
402 else if (strcmp(*argv,"-passin") == 0) 392 if (--argc < 1)
403 { 393 goto bad;
404 if (--argc < 1) goto bad;
405 passargin= *(++argv); 394 passargin= *(++argv);
406 } 395 } else if (strcmp(*argv, "-key") == 0) {
407 else if (strcmp(*argv,"-key") == 0) 396 if (--argc < 1)
408 { 397 goto bad;
409 if (--argc < 1) goto bad;
410 key= *(++argv); 398 key= *(++argv);
411 } 399 } else if (strcmp(*argv, "-cert") == 0) {
412 else if (strcmp(*argv,"-cert") == 0) 400 if (--argc < 1)
413 { 401 goto bad;
414 if (--argc < 1) goto bad;
415 certfile= *(++argv); 402 certfile= *(++argv);
416 } 403 } else if (strcmp(*argv, "-selfsign") == 0)
417 else if (strcmp(*argv,"-selfsign") == 0) 404 selfsign = 1;
418 selfsign=1; 405 else if (strcmp(*argv, "-in") == 0) {
419 else if (strcmp(*argv,"-in") == 0) 406 if (--argc < 1)
420 { 407 goto bad;
421 if (--argc < 1) goto bad;
422 infile= *(++argv); 408 infile= *(++argv);
423 req=1; 409 req = 1;
424 } 410 } else if (strcmp(*argv, "-out") == 0) {
425 else if (strcmp(*argv,"-out") == 0) 411 if (--argc < 1)
426 { 412 goto bad;
427 if (--argc < 1) goto bad;
428 outfile= *(++argv); 413 outfile= *(++argv);
429 } 414 } else if (strcmp(*argv, "-outdir") == 0) {
430 else if (strcmp(*argv,"-outdir") == 0) 415 if (--argc < 1)
431 { 416 goto bad;
432 if (--argc < 1) goto bad;
433 outdir= *(++argv); 417 outdir= *(++argv);
434 } 418 } else if (strcmp(*argv, "-sigopt") == 0) {
435 else if (strcmp(*argv,"-sigopt") == 0)
436 {
437 if (--argc < 1) 419 if (--argc < 1)
438 goto bad; 420 goto bad;
439 if (!sigopts) 421 if (!sigopts)
440 sigopts = sk_OPENSSL_STRING_new_null(); 422 sigopts = sk_OPENSSL_STRING_new_null();
441 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) 423 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
442 goto bad; 424 goto bad;
443 } 425 } else if (strcmp(*argv, "-notext") == 0)
444 else if (strcmp(*argv,"-notext") == 0) 426 notext = 1;
445 notext=1; 427 else if (strcmp(*argv, "-batch") == 0)
446 else if (strcmp(*argv,"-batch") == 0) 428 batch = 1;
447 batch=1; 429 else if (strcmp(*argv, "-preserveDN") == 0)
448 else if (strcmp(*argv,"-preserveDN") == 0) 430 preserve = 1;
449 preserve=1; 431 else if (strcmp(*argv, "-noemailDN") == 0)
450 else if (strcmp(*argv,"-noemailDN") == 0) 432 email_dn = 0;
451 email_dn=0; 433 else if (strcmp(*argv, "-gencrl") == 0)
452 else if (strcmp(*argv,"-gencrl") == 0) 434 gencrl = 1;
453 gencrl=1; 435 else if (strcmp(*argv, "-msie_hack") == 0)
454 else if (strcmp(*argv,"-msie_hack") == 0) 436 msie_hack = 1;
455 msie_hack=1; 437 else if (strcmp(*argv, "-crldays") == 0) {
456 else if (strcmp(*argv,"-crldays") == 0) 438 if (--argc < 1)
457 { 439 goto bad;
458 if (--argc < 1) goto bad; 440 crldays = atol(*(++argv));
459 crldays= atol(*(++argv)); 441 } else if (strcmp(*argv, "-crlhours") == 0) {
460 } 442 if (--argc < 1)
461 else if (strcmp(*argv,"-crlhours") == 0) 443 goto bad;
462 { 444 crlhours = atol(*(++argv));
463 if (--argc < 1) goto bad; 445 } else if (strcmp(*argv, "-crlsec") == 0) {
464 crlhours= atol(*(++argv)); 446 if (--argc < 1)
465 } 447 goto bad;
466 else if (strcmp(*argv,"-crlsec") == 0)
467 {
468 if (--argc < 1) goto bad;
469 crlsec = atol(*(++argv)); 448 crlsec = atol(*(++argv));
470 } 449 } else if (strcmp(*argv, "-infiles") == 0) {
471 else if (strcmp(*argv,"-infiles") == 0)
472 {
473 argc--; 450 argc--;
474 argv++; 451 argv++;
475 req=1; 452 req = 1;
476 break; 453 break;
477 } 454 } else if (strcmp(*argv, "-ss_cert") == 0) {
478 else if (strcmp(*argv, "-ss_cert") == 0) 455 if (--argc < 1)
479 { 456 goto bad;
480 if (--argc < 1) goto bad;
481 ss_cert_file = *(++argv); 457 ss_cert_file = *(++argv);
482 req=1; 458 req = 1;
483 } 459 } else if (strcmp(*argv, "-spkac") == 0) {
484 else if (strcmp(*argv, "-spkac") == 0) 460 if (--argc < 1)
485 { 461 goto bad;
486 if (--argc < 1) goto bad;
487 spkac_file = *(++argv); 462 spkac_file = *(++argv);
488 req=1; 463 req = 1;
489 } 464 } else if (strcmp(*argv, "-revoke") == 0) {
490 else if (strcmp(*argv,"-revoke") == 0) 465 if (--argc < 1)
491 { 466 goto bad;
492 if (--argc < 1) goto bad;
493 infile= *(++argv); 467 infile= *(++argv);
494 dorevoke=1; 468 dorevoke = 1;
495 } 469 } else if (strcmp(*argv, "-extensions") == 0) {
496 else if (strcmp(*argv,"-extensions") == 0) 470 if (--argc < 1)
497 { 471 goto bad;
498 if (--argc < 1) goto bad;
499 extensions= *(++argv); 472 extensions= *(++argv);
500 } 473 } else if (strcmp(*argv, "-extfile") == 0) {
501 else if (strcmp(*argv,"-extfile") == 0) 474 if (--argc < 1)
502 { 475 goto bad;
503 if (--argc < 1) goto bad;
504 extfile= *(++argv); 476 extfile= *(++argv);
505 } 477 } else if (strcmp(*argv, "-status") == 0) {
506 else if (strcmp(*argv,"-status") == 0) 478 if (--argc < 1)
507 { 479 goto bad;
508 if (--argc < 1) goto bad;
509 ser_status= *(++argv); 480 ser_status= *(++argv);
510 } 481 } else if (strcmp(*argv, "-updatedb") == 0) {
511 else if (strcmp(*argv,"-updatedb") == 0) 482 doupdatedb = 1;
512 { 483 } else if (strcmp(*argv, "-crlexts") == 0) {
513 doupdatedb=1; 484 if (--argc < 1)
514 } 485 goto bad;
515 else if (strcmp(*argv,"-crlexts") == 0)
516 {
517 if (--argc < 1) goto bad;
518 crl_ext= *(++argv); 486 crl_ext= *(++argv);
519 } 487 } else if (strcmp(*argv, "-crl_reason") == 0) {
520 else if (strcmp(*argv,"-crl_reason") == 0) 488 if (--argc < 1)
521 { 489 goto bad;
522 if (--argc < 1) goto bad;
523 rev_arg = *(++argv); 490 rev_arg = *(++argv);
524 rev_type = REV_CRL_REASON; 491 rev_type = REV_CRL_REASON;
525 } 492 } else if (strcmp(*argv, "-crl_hold") == 0) {
526 else if (strcmp(*argv,"-crl_hold") == 0) 493 if (--argc < 1)
527 { 494 goto bad;
528 if (--argc < 1) goto bad;
529 rev_arg = *(++argv); 495 rev_arg = *(++argv);
530 rev_type = REV_HOLD; 496 rev_type = REV_HOLD;
531 } 497 } else if (strcmp(*argv, "-crl_compromise") == 0) {
532 else if (strcmp(*argv,"-crl_compromise") == 0) 498 if (--argc < 1)
533 { 499 goto bad;
534 if (--argc < 1) goto bad;
535 rev_arg = *(++argv); 500 rev_arg = *(++argv);
536 rev_type = REV_KEY_COMPROMISE; 501 rev_type = REV_KEY_COMPROMISE;
537 } 502 } else if (strcmp(*argv, "-crl_CA_compromise") == 0) {
538 else if (strcmp(*argv,"-crl_CA_compromise") == 0) 503 if (--argc < 1)
539 { 504 goto bad;
540 if (--argc < 1) goto bad;
541 rev_arg = *(++argv); 505 rev_arg = *(++argv);
542 rev_type = REV_CA_COMPROMISE; 506 rev_type = REV_CA_COMPROMISE;
543 } 507 }
544#ifndef OPENSSL_NO_ENGINE 508#ifndef OPENSSL_NO_ENGINE
545 else if (strcmp(*argv,"-engine") == 0) 509 else if (strcmp(*argv, "-engine") == 0) {
546 { 510 if (--argc < 1)
547 if (--argc < 1) goto bad; 511 goto bad;
548 engine= *(++argv); 512 engine= *(++argv);
549 } 513 }
550#endif 514#endif
551 else 515 else {
552 {
553bad: 516bad:
554 BIO_printf(bio_err,"unknown option %s\n",*argv); 517 BIO_printf(bio_err, "unknown option %s\n", *argv);
555 badops=1; 518 badops = 1;
556 break; 519 break;
557 } 520 }
558 argc--; 521 argc--;
559 argv++; 522 argv++;
560 } 523 }
561 524
562 if (badops) 525 if (badops) {
563 {
564 const char **pp2; 526 const char **pp2;
565 527
566 for (pp2=ca_usage; (*pp2 != NULL); pp2++) 528 for (pp2 = ca_usage; (*pp2 != NULL); pp2++)
567 BIO_printf(bio_err,"%s",*pp2); 529 BIO_printf(bio_err, "%s", *pp2);
568 goto err; 530 goto err;
569 } 531 }
570 532
571 ERR_load_crypto_strings(); 533 ERR_load_crypto_strings();
572 534
573 /*****************************************************************/ 535 /*****************************************************************/
574 tofree=NULL; 536 tofree = NULL;
575 if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
576 if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
577 if (configfile == NULL) 537 if (configfile == NULL)
578 { 538 configfile = getenv("OPENSSL_CONF");
579 const char *s=X509_get_default_cert_area(); 539 if (configfile == NULL)
540 configfile = getenv("SSLEAY_CONF");
541 if (configfile == NULL) {
542 const char *s = X509_get_default_cert_area();
580 size_t len; 543 size_t len;
581 544
582 len = strlen(s)+sizeof(CONFIG_FILE)+1; 545 len = strlen(s) + sizeof(CONFIG_FILE) + 1;
583 tofree=OPENSSL_malloc(len); 546 tofree = OPENSSL_malloc(len);
584 BUF_strlcpy(tofree,s,len); 547 BUF_strlcpy(tofree, s, len);
585 BUF_strlcat(tofree,"/",len); 548 BUF_strlcat(tofree, "/", len);
586 BUF_strlcat(tofree,CONFIG_FILE,len); 549 BUF_strlcat(tofree, CONFIG_FILE, len);
587 configfile=tofree; 550 configfile = tofree;
588 } 551 }
589 552
590 BIO_printf(bio_err,"Using configuration from %s\n",configfile); 553 BIO_printf(bio_err, "Using configuration from %s\n", configfile);
591 conf = NCONF_new(NULL); 554 conf = NCONF_new(NULL);
592 if (NCONF_load(conf,configfile,&errorline) <= 0) 555 if (NCONF_load(conf, configfile, &errorline) <= 0) {
593 {
594 if (errorline <= 0) 556 if (errorline <= 0)
595 BIO_printf(bio_err,"error loading the config file '%s'\n", 557 BIO_printf(bio_err, "error loading the config file '%s'\n",
596 configfile); 558 configfile);
597 else 559 else
598 BIO_printf(bio_err,"error on line %ld of config file '%s'\n" 560 BIO_printf(bio_err, "error on line %ld of config file '%s'\n"
599 ,errorline,configfile); 561 , errorline, configfile);
600 goto err; 562 goto err;
601 } 563 }
602 if(tofree) 564 if (tofree) {
603 {
604 OPENSSL_free(tofree); 565 OPENSSL_free(tofree);
605 tofree = NULL; 566 tofree = NULL;
606 } 567 }
607 568
608 if (!load_config(bio_err, conf)) 569 if (!load_config(bio_err, conf))
609 goto err; 570 goto err;
@@ -613,46 +574,38 @@ bad:
613#endif 574#endif
614 575
615 /* Lets get the config section we are using */ 576 /* Lets get the config section we are using */
616 if (section == NULL) 577 if (section == NULL) {
617 { 578 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
618 section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); 579 if (section == NULL) {
619 if (section == NULL) 580 lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
620 {
621 lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
622 goto err; 581 goto err;
623 }
624 } 582 }
583 }
625 584
626 if (conf != NULL) 585 if (conf != NULL) {
627 { 586 p = NCONF_get_string(conf, NULL, "oid_file");
628 p=NCONF_get_string(conf,NULL,"oid_file");
629 if (p == NULL) 587 if (p == NULL)
630 ERR_clear_error(); 588 ERR_clear_error();
631 if (p != NULL) 589 if (p != NULL) {
632 {
633 BIO *oid_bio; 590 BIO *oid_bio;
634 591
635 oid_bio=BIO_new_file(p,"r"); 592 oid_bio = BIO_new_file(p, "r");
636 if (oid_bio == NULL) 593 if (oid_bio == NULL) {
637 {
638 /* 594 /*
639 BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); 595 BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
640 ERR_print_errors(bio_err); 596 ERR_print_errors(bio_err);
641 */ 597 */
642 ERR_clear_error(); 598 ERR_clear_error();
643 } 599 } else {
644 else
645 {
646 OBJ_create_objects(oid_bio); 600 OBJ_create_objects(oid_bio);
647 BIO_free(oid_bio); 601 BIO_free(oid_bio);
648 }
649 } 602 }
650 if (!add_oid_section(bio_err,conf)) 603 }
651 { 604 if (!add_oid_section(bio_err, conf)) {
652 ERR_print_errors(bio_err); 605 ERR_print_errors(bio_err);
653 goto err; 606 goto err;
654 }
655 } 607 }
608 }
656 609
657 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 610 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
658 if (randfile == NULL) 611 if (randfile == NULL)
@@ -663,7 +616,7 @@ bad:
663 if (!f) 616 if (!f)
664 ERR_clear_error(); 617 ERR_clear_error();
665 618
666 if(f && !ASN1_STRING_set_default_mask_asc(f)) { 619 if (f && !ASN1_STRING_set_default_mask_asc(f)) {
667 BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); 620 BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
668 goto err; 621 goto err;
669 } 622 }
@@ -678,14 +631,12 @@ bad:
678 631
679 db_attr.unique_subject = 1; 632 db_attr.unique_subject = 1;
680 p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); 633 p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
681 if (p) 634 if (p) {
682 {
683#ifdef RL_DEBUG 635#ifdef RL_DEBUG
684 BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); 636 BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
685#endif 637#endif
686 db_attr.unique_subject = parse_yesno(p,1); 638 db_attr.unique_subject = parse_yesno(p, 1);
687 } 639 } else
688 else
689 ERR_clear_error(); 640 ERR_clear_error();
690#ifdef RL_DEBUG 641#ifdef RL_DEBUG
691 if (!p) 642 if (!p)
@@ -693,153 +644,135 @@ bad:
693#endif 644#endif
694#ifdef RL_DEBUG 645#ifdef RL_DEBUG
695 BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n", 646 BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
696 db_attr.unique_subject); 647 db_attr.unique_subject);
697#endif 648#endif
698 649
699 in=BIO_new(BIO_s_file()); 650 in = BIO_new(BIO_s_file());
700 out=BIO_new(BIO_s_file()); 651 out = BIO_new(BIO_s_file());
701 Sout=BIO_new(BIO_s_file()); 652 Sout = BIO_new(BIO_s_file());
702 Cout=BIO_new(BIO_s_file()); 653 Cout = BIO_new(BIO_s_file());
703 if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) 654 if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) {
704 {
705 ERR_print_errors(bio_err); 655 ERR_print_errors(bio_err);
706 goto err; 656 goto err;
707 } 657 }
708 658
709 /*****************************************************************/ 659 /*****************************************************************/
710 /* report status of cert with serial number given on command line */ 660 /* report status of cert with serial number given on command line */
711 if (ser_status) 661 if (ser_status) {
712 { 662 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
713 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) 663 lookup_fail(section, ENV_DATABASE);
714 { 664 goto err;
715 lookup_fail(section,ENV_DATABASE); 665 }
666 db = load_index(dbfile, &db_attr);
667 if (db == NULL)
716 goto err; 668 goto err;
717 }
718 db = load_index(dbfile,&db_attr);
719 if (db == NULL) goto err;
720 669
721 if (!index_index(db)) goto err; 670 if (!index_index(db))
671 goto err;
722 672
723 if (get_certificate_status(ser_status,db) != 1) 673 if (get_certificate_status(ser_status, db) != 1)
724 BIO_printf(bio_err,"Error verifying serial %s!\n", 674 BIO_printf(bio_err, "Error verifying serial %s!\n",
725 ser_status); 675 ser_status);
726 goto err; 676 goto err;
727 } 677 }
728 678
729 /*****************************************************************/ 679 /*****************************************************************/
730 /* we definitely need a private key, so let's get it */ 680 /* we definitely need a private key, so let's get it */
731 681
732 if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, 682 if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
733 section,ENV_PRIVATE_KEY)) == NULL)) 683 section, ENV_PRIVATE_KEY)) == NULL)) {
734 { 684 lookup_fail(section, ENV_PRIVATE_KEY);
735 lookup_fail(section,ENV_PRIVATE_KEY);
736 goto err; 685 goto err;
737 } 686 }
738 if (!key) 687 if (!key) {
739 {
740 free_key = 1; 688 free_key = 1;
741 if (!app_passwd(bio_err, passargin, NULL, &key, NULL)) 689 if (!app_passwd(bio_err, passargin, NULL, &key, NULL)) {
742 { 690 BIO_printf(bio_err, "Error getting password\n");
743 BIO_printf(bio_err,"Error getting password\n");
744 goto err; 691 goto err;
745 }
746 } 692 }
747 pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 693 }
748 "CA private key"); 694 pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key");
749 if (key) OPENSSL_cleanse(key,strlen(key)); 695 if (key)
750 if (pkey == NULL) 696 OPENSSL_cleanse(key, strlen(key));
751 { 697 if (pkey == NULL) {
752 /* load_key() has already printed an appropriate message */ 698 /* load_key() has already printed an appropriate message */
753 goto err; 699 goto err;
754 } 700 }
755 701
756 /*****************************************************************/ 702 /*****************************************************************/
757 /* we need a certificate */ 703 /* we need a certificate */
758 if (!selfsign || spkac_file || ss_cert_file || gencrl) 704 if (!selfsign || spkac_file || ss_cert_file || gencrl) {
759 { 705 if ((certfile == NULL) &&
760 if ((certfile == NULL) 706 ((certfile = NCONF_get_string(conf,
761 && ((certfile=NCONF_get_string(conf, 707 section, ENV_CERTIFICATE)) == NULL)) {
762 section,ENV_CERTIFICATE)) == NULL)) 708 lookup_fail(section, ENV_CERTIFICATE);
763 {
764 lookup_fail(section,ENV_CERTIFICATE);
765 goto err; 709 goto err;
766 } 710 }
767 x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, 711 x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
768 "CA certificate"); 712 "CA certificate");
769 if (x509 == NULL) 713 if (x509 == NULL)
770 goto err; 714 goto err;
771 715
772 if (!X509_check_private_key(x509,pkey)) 716 if (!X509_check_private_key(x509, pkey)) {
773 { 717 BIO_printf(bio_err, "CA certificate and CA private key do not match\n");
774 BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
775 goto err; 718 goto err;
776 }
777 } 719 }
778 if (!selfsign) x509p = x509; 720 }
721 if (!selfsign)
722 x509p = x509;
779 723
780 f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); 724 f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
781 if (f == NULL) 725 if (f == NULL)
782 ERR_clear_error(); 726 ERR_clear_error();
783 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 727 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
784 preserve=1; 728 preserve = 1;
785 f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); 729 f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
786 if (f == NULL) 730 if (f == NULL)
787 ERR_clear_error(); 731 ERR_clear_error();
788 if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 732 if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
789 msie_hack=1; 733 msie_hack = 1;
790 734
791 f=NCONF_get_string(conf,section,ENV_NAMEOPT); 735 f = NCONF_get_string(conf, section, ENV_NAMEOPT);
792 736
793 if (f) 737 if (f) {
794 { 738 if (!set_name_ex(&nameopt, f)) {
795 if (!set_name_ex(&nameopt, f))
796 {
797 BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); 739 BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
798 goto err; 740 goto err;
799 }
800 default_op = 0;
801 } 741 }
802 else 742 default_op = 0;
743 } else
803 ERR_clear_error(); 744 ERR_clear_error();
804 745
805 f=NCONF_get_string(conf,section,ENV_CERTOPT); 746 f = NCONF_get_string(conf, section, ENV_CERTOPT);
806 747
807 if (f) 748 if (f) {
808 { 749 if (!set_cert_ex(&certopt, f)) {
809 if (!set_cert_ex(&certopt, f))
810 {
811 BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f); 750 BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
812 goto err; 751 goto err;
813 }
814 default_op = 0;
815 } 752 }
816 else 753 default_op = 0;
754 } else
817 ERR_clear_error(); 755 ERR_clear_error();
818 756
819 f=NCONF_get_string(conf,section,ENV_EXTCOPY); 757 f = NCONF_get_string(conf, section, ENV_EXTCOPY);
820 758
821 if (f) 759 if (f) {
822 { 760 if (!set_ext_copy(&ext_copy, f)) {
823 if (!set_ext_copy(&ext_copy, f))
824 {
825 BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f); 761 BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
826 goto err; 762 goto err;
827 }
828 } 763 }
829 else 764 } else
830 ERR_clear_error(); 765 ERR_clear_error();
831 766
832 /*****************************************************************/ 767 /*****************************************************************/
833 /* lookup where to write new certificates */ 768 /* lookup where to write new certificates */
834 if ((outdir == NULL) && (req)) 769 if ((outdir == NULL) && (req)) {
835 {
836 770
837 if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) 771 if ((outdir = NCONF_get_string(conf, section,
838 == NULL) 772 ENV_NEW_CERTS_DIR)) == NULL) {
839 { 773 BIO_printf(bio_err, "there needs to be defined a directory for new certificate to be placed in\n");
840 BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
841 goto err; 774 goto err;
842 } 775 }
843 /* outdir is a directory spec, but access() for VMS demands a 776 /* outdir is a directory spec, but access() for VMS demands a
844 filename. In any case, stat(), below, will catch the problem 777 filename. In any case, stat(), below, will catch the problem
845 if outdir is not a directory spec, and the fopen() or open() 778 if outdir is not a directory spec, and the fopen() or open()
@@ -851,136 +784,121 @@ bad:
851 now. 784 now.
852 */ 785 */
853#ifndef _WIN32 786#ifndef _WIN32
854 if (access(outdir,R_OK|W_OK|X_OK) != 0) 787 if (access(outdir, R_OK|W_OK|X_OK) != 0)
855#else 788#else
856 if (_access(outdir,R_OK|W_OK|X_OK) != 0) 789 if (_access(outdir, R_OK|W_OK|X_OK) != 0)
857#endif 790#endif
858 { 791 {
859 BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir); 792 BIO_printf(bio_err, "I am unable to access the %s directory\n", outdir);
860 perror(outdir); 793 perror(outdir);
861 goto err; 794 goto err;
862 } 795 }
863 796
864 if (app_isdir(outdir)<=0) 797 if (app_isdir(outdir) <= 0) {
865 { 798 BIO_printf(bio_err, "%s need to be a directory\n", outdir);
866 BIO_printf(bio_err,"%s need to be a directory\n",outdir);
867 perror(outdir); 799 perror(outdir);
868 goto err; 800 goto err;
869 }
870 } 801 }
802 }
871 803
872 /*****************************************************************/ 804 /*****************************************************************/
873 /* we need to load the database file */ 805 /* we need to load the database file */
874 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) 806 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
875 { 807 lookup_fail(section, ENV_DATABASE);
876 lookup_fail(section,ENV_DATABASE);
877 goto err; 808 goto err;
878 } 809 }
879 db = load_index(dbfile, &db_attr); 810 db = load_index(dbfile, &db_attr);
880 if (db == NULL) goto err; 811 if (db == NULL)
812 goto err;
881 813
882 /* Lets check some fields */ 814 /* Lets check some fields */
883 for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) 815 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
884 { 816 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
885 pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
886 if ((pp[DB_type][0] != DB_TYPE_REV) && 817 if ((pp[DB_type][0] != DB_TYPE_REV) &&
887 (pp[DB_rev_date][0] != '\0')) 818 (pp[DB_rev_date][0] != '\0')) {
888 { 819 BIO_printf(bio_err, "entry %d: not revoked yet, but has a revocation date\n", i+1);
889 BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
890 goto err; 820 goto err;
891 } 821 }
892 if ((pp[DB_type][0] == DB_TYPE_REV) && 822 if ((pp[DB_type][0] == DB_TYPE_REV) &&
893 !make_revoked(NULL, pp[DB_rev_date])) 823 !make_revoked(NULL, pp[DB_rev_date])) {
894 { 824 BIO_printf(bio_err, " in entry %d\n", i+1);
895 BIO_printf(bio_err," in entry %d\n", i+1);
896 goto err; 825 goto err;
897 } 826 }
898 if (!check_time_format((char *)pp[DB_exp_date])) 827 if (!check_time_format((char *)pp[DB_exp_date])) {
899 { 828 BIO_printf(bio_err, "entry %d: invalid expiry date\n", i+1);
900 BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
901 goto err; 829 goto err;
902 } 830 }
903 p=pp[DB_serial]; 831 p = pp[DB_serial];
904 j=strlen(p); 832 j = strlen(p);
905 if (*p == '-') 833 if (*p == '-') {
906 {
907 p++; 834 p++;
908 j--; 835 j--;
909 } 836 }
910 if ((j&1) || (j < 2)) 837 if ((j&1) || (j < 2)) {
911 { 838 BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", i+1, j);
912 BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
913 goto err; 839 goto err;
914 } 840 }
915 while (*p) 841 while (*p) {
916 {
917 if (!( ((*p >= '0') && (*p <= '9')) || 842 if (!( ((*p >= '0') && (*p <= '9')) ||
918 ((*p >= 'A') && (*p <= 'F')) || 843 ((*p >= 'A') && (*p <= 'F')) ||
919 ((*p >= 'a') && (*p <= 'f'))) ) 844 ((*p >= 'a') && (*p <= 'f'))) ) {
920 { 845 BIO_printf(bio_err, "entry %d: bad serial number characters, char pos %ld, char is '%c'\n", i+1, (long)(p-pp[DB_serial]), *p);
921 BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
922 goto err; 846 goto err;
923 }
924 p++;
925 } 847 }
848 p++;
926 } 849 }
927 if (verbose) 850 }
928 { 851 if (verbose) {
929 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ 852 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
930 TXT_DB_write(out,db->db); 853 TXT_DB_write(out, db->db);
931 BIO_printf(bio_err,"%d entries loaded from the database\n", 854 BIO_printf(bio_err, "%d entries loaded from the database\n",
932 sk_OPENSSL_PSTRING_num(db->db->data)); 855 sk_OPENSSL_PSTRING_num(db->db->data));
933 BIO_printf(bio_err,"generating index\n"); 856 BIO_printf(bio_err, "generating index\n");
934 } 857 }
935 858
936 if (!index_index(db)) goto err; 859 if (!index_index(db))
860 goto err;
937 861
938 /*****************************************************************/ 862 /*****************************************************************/
939 /* Update the db file for expired certificates */ 863 /* Update the db file for expired certificates */
940 if (doupdatedb) 864 if (doupdatedb) {
941 {
942 if (verbose) 865 if (verbose)
943 BIO_printf(bio_err, "Updating %s ...\n", 866 BIO_printf(bio_err, "Updating %s ...\n",
944 dbfile); 867 dbfile);
945 868
946 i = do_updatedb(db); 869 i = do_updatedb(db);
947 if (i == -1) 870 if (i == -1) {
948 { 871 BIO_printf(bio_err, "Malloc failure\n");
949 BIO_printf(bio_err,"Malloc failure\n");
950 goto err; 872 goto err;
951 } 873 } else if (i == 0) {
952 else if (i == 0)
953 {
954 if (verbose) BIO_printf(bio_err, 874 if (verbose) BIO_printf(bio_err,
955 "No entries found to mark expired\n"); 875 "No entries found to mark expired\n");
956 } 876 } else {
957 else 877 if (!save_index(dbfile, "new", db))
958 { 878 goto err;
959 if (!save_index(dbfile,"new",db)) goto err; 879
960 880 if (!rotate_index(dbfile, "new", "old"))
961 if (!rotate_index(dbfile,"new","old")) goto err; 881 goto err;
962 882
963 if (verbose) BIO_printf(bio_err, 883 if (verbose) BIO_printf(bio_err,
964 "Done. %d entries marked as expired\n",i); 884 "Done. %d entries marked as expired\n", i);
965 } 885 }
966 } 886 }
967 887
968 /*****************************************************************/ 888 /*****************************************************************/
969 /* Read extentions config file */ 889 /* Read extentions config file */
970 if (extfile) 890 if (extfile) {
971 {
972 extconf = NCONF_new(NULL); 891 extconf = NCONF_new(NULL);
973 if (NCONF_load(extconf,extfile,&errorline) <= 0) 892 if (NCONF_load(extconf, extfile, &errorline) <= 0) {
974 {
975 if (errorline <= 0) 893 if (errorline <= 0)
976 BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", 894 BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
977 extfile); 895 extfile);
978 else 896 else
979 BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n", 897 BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
980 errorline,extfile); 898 errorline, extfile);
981 ret = 1; 899 ret = 1;
982 goto err; 900 goto err;
983 } 901 }
984 902
985 if (verbose) 903 if (verbose)
986 BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile); 904 BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
@@ -988,431 +906,392 @@ bad:
988 /* We can have sections in the ext file */ 906 /* We can have sections in the ext file */
989 if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) 907 if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
990 extensions = "default"; 908 extensions = "default";
991 } 909 }
992 910
993 /*****************************************************************/ 911 /*****************************************************************/
994 if (req || gencrl) 912 if (req || gencrl) {
995 { 913 if (outfile != NULL) {
996 if (outfile != NULL) 914 if (BIO_write_filename(Sout, outfile) <= 0) {
997 {
998 if (BIO_write_filename(Sout,outfile) <= 0)
999 {
1000 perror(outfile); 915 perror(outfile);
1001 goto err; 916 goto err;
1002 }
1003 }
1004 else
1005 {
1006 BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
1007 } 917 }
918 } else {
919 BIO_set_fp(Sout, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
1008 } 920 }
921 }
1009 922
1010 if ((md == NULL) && ((md=NCONF_get_string(conf, 923 if ((md == NULL) && ((md = NCONF_get_string(conf,
1011 section,ENV_DEFAULT_MD)) == NULL)) 924 section, ENV_DEFAULT_MD)) == NULL)) {
1012 { 925 lookup_fail(section, ENV_DEFAULT_MD);
1013 lookup_fail(section,ENV_DEFAULT_MD);
1014 goto err; 926 goto err;
1015 } 927 }
1016 928
1017 if (!strcmp(md, "default")) 929 if (!strcmp(md, "default")) {
1018 {
1019 int def_nid; 930 int def_nid;
1020 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) 931 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
1021 { 932 BIO_puts(bio_err, "no default digest\n");
1022 BIO_puts(bio_err,"no default digest\n");
1023 goto err; 933 goto err;
1024 }
1025 md = (char *)OBJ_nid2sn(def_nid);
1026 } 934 }
935 md = (char *)OBJ_nid2sn(def_nid);
936 }
1027 937
1028 if ((dgst=EVP_get_digestbyname(md)) == NULL) 938 if ((dgst = EVP_get_digestbyname(md)) == NULL) {
1029 { 939 BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
1030 BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
1031 goto err; 940 goto err;
1032 } 941 }
1033 942
1034 if (req) 943 if (req) {
1035 { 944 if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
1036 if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, 945 section, ENV_DEFAULT_EMAIL_DN)) != NULL )) {
1037 section,ENV_DEFAULT_EMAIL_DN)) != NULL )) 946 if (strcmp(tmp_email_dn, "no") == 0)
1038 { 947 email_dn = 0;
1039 if(strcmp(tmp_email_dn,"no") == 0) 948 }
1040 email_dn=0;
1041 }
1042 if (verbose) 949 if (verbose)
1043 BIO_printf(bio_err,"message digest is %s\n", 950 BIO_printf(bio_err, "message digest is %s\n",
1044 OBJ_nid2ln(dgst->type)); 951 OBJ_nid2ln(dgst->type));
1045 if ((policy == NULL) && ((policy=NCONF_get_string(conf, 952 if ((policy == NULL) && ((policy = NCONF_get_string(conf,
1046 section,ENV_POLICY)) == NULL)) 953 section, ENV_POLICY)) == NULL)) {
1047 { 954 lookup_fail(section, ENV_POLICY);
1048 lookup_fail(section,ENV_POLICY);
1049 goto err; 955 goto err;
1050 } 956 }
1051 if (verbose) 957 if (verbose)
1052 BIO_printf(bio_err,"policy is %s\n",policy); 958 BIO_printf(bio_err, "policy is %s\n", policy);
1053 959
1054 if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL)) 960 if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
1055 == NULL) 961 == NULL) {
1056 { 962 lookup_fail(section, ENV_SERIAL);
1057 lookup_fail(section,ENV_SERIAL);
1058 goto err; 963 goto err;
1059 } 964 }
1060 965
1061 if (!extconf) 966 if (!extconf) {
1062 {
1063 /* no '-extfile' option, so we look for extensions 967 /* no '-extfile' option, so we look for extensions
1064 * in the main configuration file */ 968 * in the main configuration file */
1065 if (!extensions) 969 if (!extensions) {
1066 { 970 extensions = NCONF_get_string(conf, section,
1067 extensions=NCONF_get_string(conf,section, 971 ENV_EXTENSIONS);
1068 ENV_EXTENSIONS);
1069 if (!extensions) 972 if (!extensions)
1070 ERR_clear_error(); 973 ERR_clear_error();
1071 } 974 }
1072 if (extensions) 975 if (extensions) {
1073 {
1074 /* Check syntax of file */ 976 /* Check syntax of file */
1075 X509V3_CTX ctx; 977 X509V3_CTX ctx;
1076 X509V3_set_ctx_test(&ctx); 978 X509V3_set_ctx_test(&ctx);
1077 X509V3_set_nconf(&ctx, conf); 979 X509V3_set_nconf(&ctx, conf);
1078 if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, 980 if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
1079 NULL)) 981 NULL)) {
1080 {
1081 BIO_printf(bio_err, 982 BIO_printf(bio_err,
1082 "Error Loading extension section %s\n", 983 "Error Loading extension section %s\n",
1083 extensions); 984 extensions);
1084 ret = 1; 985 ret = 1;
1085 goto err; 986 goto err;
1086 }
1087 } 987 }
1088 } 988 }
989 }
1089 990
1090 if (startdate == NULL) 991 if (startdate == NULL) {
1091 { 992 startdate = NCONF_get_string(conf, section,
1092 startdate=NCONF_get_string(conf,section, 993 ENV_DEFAULT_STARTDATE);
1093 ENV_DEFAULT_STARTDATE);
1094 if (startdate == NULL) 994 if (startdate == NULL)
1095 ERR_clear_error(); 995 ERR_clear_error();
1096 } 996 }
1097 if (startdate && !ASN1_TIME_set_string(NULL, startdate)) 997 if (startdate && !ASN1_TIME_set_string(NULL, startdate)) {
1098 { 998 BIO_printf(bio_err, "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
1099 BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
1100 goto err; 999 goto err;
1101 } 1000 }
1102 if (startdate == NULL) startdate="today"; 1001 if (startdate == NULL)
1002 startdate="today";
1103 1003
1104 if (enddate == NULL) 1004 if (enddate == NULL) {
1105 { 1005 enddate = NCONF_get_string(conf, section,
1106 enddate=NCONF_get_string(conf,section, 1006 ENV_DEFAULT_ENDDATE);
1107 ENV_DEFAULT_ENDDATE);
1108 if (enddate == NULL) 1007 if (enddate == NULL)
1109 ERR_clear_error(); 1008 ERR_clear_error();
1110 } 1009 }
1111 if (enddate && !ASN1_TIME_set_string(NULL, enddate)) 1010 if (enddate && !ASN1_TIME_set_string(NULL, enddate)) {
1112 { 1011 BIO_printf(bio_err, "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
1113 BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
1114 goto err; 1012 goto err;
1115 } 1013 }
1116 1014
1117 if (days == 0) 1015 if (days == 0) {
1118 { 1016 if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
1119 if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
1120 days = 0; 1017 days = 0;
1121 } 1018 }
1122 if (!enddate && (days == 0)) 1019 if (!enddate && (days == 0)) {
1123 { 1020 BIO_printf(bio_err, "cannot lookup how many days to certify for\n");
1124 BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
1125 goto err; 1021 goto err;
1126 } 1022 }
1127 1023
1128 if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL) 1024 if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
1129 { 1025 BIO_printf(bio_err, "error while loading serial number\n");
1130 BIO_printf(bio_err,"error while loading serial number\n");
1131 goto err; 1026 goto err;
1132 } 1027 }
1133 if (verbose) 1028 if (verbose) {
1134 {
1135 if (BN_is_zero(serial)) 1029 if (BN_is_zero(serial))
1136 BIO_printf(bio_err,"next serial number is 00\n"); 1030 BIO_printf(bio_err, "next serial number is 00\n");
1137 else 1031 else {
1138 { 1032 if ((f = BN_bn2hex(serial)) == NULL)
1139 if ((f=BN_bn2hex(serial)) == NULL) goto err; 1033 goto err;
1140 BIO_printf(bio_err,"next serial number is %s\n",f); 1034 BIO_printf(bio_err, "next serial number is %s\n", f);
1141 OPENSSL_free(f); 1035 OPENSSL_free(f);
1142 }
1143 } 1036 }
1037 }
1144 1038
1145 if ((attribs=NCONF_get_section(conf,policy)) == NULL) 1039 if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
1146 { 1040 BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
1147 BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
1148 goto err; 1041 goto err;
1149 } 1042 }
1150 1043
1151 if ((cert_sk=sk_X509_new_null()) == NULL) 1044 if ((cert_sk = sk_X509_new_null()) == NULL) {
1152 { 1045 BIO_printf(bio_err, "Memory allocation failure\n");
1153 BIO_printf(bio_err,"Memory allocation failure\n");
1154 goto err; 1046 goto err;
1155 } 1047 }
1156 if (spkac_file != NULL) 1048 if (spkac_file != NULL) {
1157 {
1158 total++; 1049 total++;
1159 j=certify_spkac(&x,spkac_file,pkey,x509,dgst,sigopts, 1050 j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
1160 attribs,db, serial,subj,chtype,multirdn, 1051 attribs, db, serial, subj, chtype, multirdn,
1161 email_dn,startdate,enddate,days,extensions, 1052 email_dn, startdate, enddate, days, extensions,
1162 conf,verbose,certopt,nameopt,default_op,ext_copy); 1053 conf, verbose, certopt, nameopt, default_op, ext_copy);
1163 if (j < 0) goto err; 1054 if (j < 0)
1164 if (j > 0) 1055 goto err;
1165 { 1056 if (j > 0) {
1166 total_done++; 1057 total_done++;
1167 BIO_printf(bio_err,"\n"); 1058 BIO_printf(bio_err, "\n");
1168 if (!BN_add_word(serial,1)) goto err; 1059 if (!BN_add_word(serial, 1))
1169 if (!sk_X509_push(cert_sk,x))
1170 {
1171 BIO_printf(bio_err,"Memory allocation failure\n");
1172 goto err; 1060 goto err;
1173 } 1061 if (!sk_X509_push(cert_sk, x)) {
1174 if (outfile) 1062 BIO_printf(bio_err, "Memory allocation failure\n");
1175 { 1063 goto err;
1064 }
1065 if (outfile) {
1176 output_der = 1; 1066 output_der = 1;
1177 batch = 1; 1067 batch = 1;
1178 }
1179 } 1068 }
1180 } 1069 }
1181 if (ss_cert_file != NULL) 1070 }
1182 { 1071 if (ss_cert_file != NULL) {
1183 total++; 1072 total++;
1184 j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,sigopts, 1073 j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, sigopts,
1185 attribs, 1074 attribs,
1186 db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, 1075 db, serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch,
1187 extensions,conf,verbose, certopt, nameopt, 1076 extensions, conf, verbose, certopt, nameopt,
1188 default_op, ext_copy, e); 1077 default_op, ext_copy, e);
1189 if (j < 0) goto err; 1078 if (j < 0)
1190 if (j > 0) 1079 goto err;
1191 { 1080 if (j > 0) {
1192 total_done++; 1081 total_done++;
1193 BIO_printf(bio_err,"\n"); 1082 BIO_printf(bio_err, "\n");
1194 if (!BN_add_word(serial,1)) goto err; 1083 if (!BN_add_word(serial, 1))
1195 if (!sk_X509_push(cert_sk,x)) 1084 goto err;
1196 { 1085 if (!sk_X509_push(cert_sk, x)) {
1197 BIO_printf(bio_err,"Memory allocation failure\n"); 1086 BIO_printf(bio_err, "Memory allocation failure\n");
1198 goto err; 1087 goto err;
1199 }
1200 } 1088 }
1201 } 1089 }
1202 if (infile != NULL) 1090 }
1203 { 1091 if (infile != NULL) {
1204 total++; 1092 total++;
1205 j=certify(&x,infile,pkey,x509p,dgst,sigopts, attribs,db, 1093 j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
1206 serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, 1094 serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch,
1207 extensions,conf,verbose, certopt, nameopt, 1095 extensions, conf, verbose, certopt, nameopt,
1208 default_op, ext_copy, selfsign); 1096 default_op, ext_copy, selfsign);
1209 if (j < 0) goto err; 1097 if (j < 0)
1210 if (j > 0) 1098 goto err;
1211 { 1099 if (j > 0) {
1212 total_done++; 1100 total_done++;
1213 BIO_printf(bio_err,"\n"); 1101 BIO_printf(bio_err, "\n");
1214 if (!BN_add_word(serial,1)) goto err; 1102 if (!BN_add_word(serial, 1))
1215 if (!sk_X509_push(cert_sk,x)) 1103 goto err;
1216 { 1104 if (!sk_X509_push(cert_sk, x)) {
1217 BIO_printf(bio_err,"Memory allocation failure\n"); 1105 BIO_printf(bio_err, "Memory allocation failure\n");
1218 goto err; 1106 goto err;
1219 }
1220 } 1107 }
1221 } 1108 }
1222 for (i=0; i<argc; i++) 1109 }
1223 { 1110 for (i = 0; i < argc; i++) {
1224 total++; 1111 total++;
1225 j=certify(&x,argv[i],pkey,x509p,dgst,sigopts,attribs,db, 1112 j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
1226 serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, 1113 serial, subj, chtype, multirdn, email_dn, startdate, enddate, days, batch,
1227 extensions,conf,verbose, certopt, nameopt, 1114 extensions, conf, verbose, certopt, nameopt,
1228 default_op, ext_copy, selfsign); 1115 default_op, ext_copy, selfsign);
1229 if (j < 0) goto err; 1116 if (j < 0)
1230 if (j > 0) 1117 goto err;
1231 { 1118 if (j > 0) {
1232 total_done++; 1119 total_done++;
1233 BIO_printf(bio_err,"\n"); 1120 BIO_printf(bio_err, "\n");
1234 if (!BN_add_word(serial,1)) goto err; 1121 if (!BN_add_word(serial, 1))
1235 if (!sk_X509_push(cert_sk,x)) 1122 goto err;
1236 { 1123 if (!sk_X509_push(cert_sk, x)) {
1237 BIO_printf(bio_err,"Memory allocation failure\n"); 1124 BIO_printf(bio_err, "Memory allocation failure\n");
1238 goto err; 1125 goto err;
1239 }
1240 } 1126 }
1241 } 1127 }
1128 }
1242 /* we have a stack of newly certified certificates 1129 /* we have a stack of newly certified certificates
1243 * and a data base and serial number that need 1130 * and a data base and serial number that need
1244 * updating */ 1131 * updating */
1245 1132
1246 if (sk_X509_num(cert_sk) > 0) 1133 if (sk_X509_num(cert_sk) > 0) {
1247 { 1134 if (!batch) {
1248 if (!batch) 1135 BIO_printf(bio_err, "\n%d out of %d certificate requests certified, commit? [y/n]", total_done, total);
1249 {
1250 BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
1251 (void)BIO_flush(bio_err); 1136 (void)BIO_flush(bio_err);
1252 buf[0][0]='\0'; 1137 buf[0][0] = '\0';
1253 if (!fgets(buf[0],10,stdin)) 1138 if (!fgets(buf[0], 10, stdin)) {
1254 { 1139 BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
1255 BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n"); 1140 ret = 0;
1256 ret=0;
1257 goto err; 1141 goto err;
1258 } 1142 }
1259 if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) 1143 if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) {
1260 { 1144 BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
1261 BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 1145 ret = 0;
1262 ret=0;
1263 goto err; 1146 goto err;
1264 }
1265 } 1147 }
1148 }
1266 1149
1267 BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); 1150 BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk));
1268 1151
1269 if (!save_serial(serialfile,"new",serial,NULL)) goto err; 1152 if (!save_serial(serialfile, "new", serial, NULL))
1153 goto err;
1154
1155 if (!save_index(dbfile, "new", db))
1156 goto err;
1157 }
1270 1158
1271 if (!save_index(dbfile, "new", db)) goto err;
1272 }
1273
1274 if (verbose) 1159 if (verbose)
1275 BIO_printf(bio_err,"writing new certificates\n"); 1160 BIO_printf(bio_err, "writing new certificates\n");
1276 for (i=0; i<sk_X509_num(cert_sk); i++) 1161 for (i = 0; i < sk_X509_num(cert_sk); i++) {
1277 {
1278 int k; 1162 int k;
1279 char *n; 1163 char *n;
1280 1164
1281 x=sk_X509_value(cert_sk,i); 1165 x = sk_X509_value(cert_sk, i);
1166
1167 j = x->cert_info->serialNumber->length;
1168 p = (const char *)x->cert_info->serialNumber->data;
1282 1169
1283 j=x->cert_info->serialNumber->length; 1170 if (strlen(outdir) >= (size_t)(j ? BSIZE - j*2 - 6 : BSIZE - 8)) {
1284 p=(const char *)x->cert_info->serialNumber->data; 1171 BIO_printf(bio_err, "certificate file name too long\n");
1285
1286 if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
1287 {
1288 BIO_printf(bio_err,"certificate file name too long\n");
1289 goto err; 1172 goto err;
1290 } 1173 }
1291 1174
1292 strlcpy(buf[2],outdir,sizeof(buf[2])); 1175 strlcpy(buf[2], outdir, sizeof(buf[2]));
1293 1176
1294 BUF_strlcat(buf[2],"/",sizeof(buf[2])); 1177 BUF_strlcat(buf[2], "/", sizeof(buf[2]));
1295 1178
1296 n=(char *)&(buf[2][strlen(buf[2])]); 1179 n = (char *)&(buf[2][strlen(buf[2])]);
1297 if (j > 0) 1180 if (j > 0) {
1298 { 1181 for (k = 0; k < j; k++) {
1299 for (k=0; k<j; k++)
1300 {
1301 if (n >= &(buf[2][sizeof(buf[2])])) 1182 if (n >= &(buf[2][sizeof(buf[2])]))
1302 break; 1183 break;
1303 (void) snprintf(n, 1184 (void) snprintf(n,
1304 &buf[2][0] + sizeof(buf[2]) - n, 1185 &buf[2][0] + sizeof(buf[2]) - n,
1305 "%02X",(unsigned char)*(p++)); 1186 "%02X", (unsigned char)*(p++));
1306 n+=2; 1187 n += 2;
1307 }
1308 } 1188 }
1309 else 1189 } else {
1310 { 1190 *(n++) = '0';
1311 *(n++)='0'; 1191 *(n++) = '0';
1312 *(n++)='0'; 1192 }
1313 } 1193 *(n++) = '.';
1314 *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m'; 1194 *(n++) = 'p';
1315 *n='\0'; 1195 *(n++) = 'e';
1196 *(n++) = 'm';
1197 *n = '\0';
1316 if (verbose) 1198 if (verbose)
1317 BIO_printf(bio_err,"writing %s\n",buf[2]); 1199 BIO_printf(bio_err, "writing %s\n", buf[2]);
1318 1200
1319 if (BIO_write_filename(Cout,buf[2]) <= 0) 1201 if (BIO_write_filename(Cout, buf[2]) <= 0) {
1320 {
1321 perror(buf[2]); 1202 perror(buf[2]);
1322 goto err; 1203 goto err;
1323 }
1324 write_new_certificate(Cout,x, 0, notext);
1325 write_new_certificate(Sout,x, output_der, notext);
1326 } 1204 }
1205 write_new_certificate(Cout, x, 0, notext);
1206 write_new_certificate(Sout, x, output_der, notext);
1207 }
1327 1208
1328 if (sk_X509_num(cert_sk)) 1209 if (sk_X509_num(cert_sk)) {
1329 {
1330 /* Rename the database and the serial file */ 1210 /* Rename the database and the serial file */
1331 if (!rotate_serial(serialfile,"new","old")) goto err; 1211 if (!rotate_serial(serialfile, "new", "old"))
1212 goto err;
1332 1213
1333 if (!rotate_index(dbfile,"new","old")) goto err; 1214 if (!rotate_index(dbfile, "new", "old"))
1215 goto err;
1334 1216
1335 BIO_printf(bio_err,"Data Base Updated\n"); 1217 BIO_printf(bio_err, "Data Base Updated\n");
1336 }
1337 } 1218 }
1338 1219 }
1220
1339 /*****************************************************************/ 1221 /*****************************************************************/
1340 if (gencrl) 1222 if (gencrl) {
1341 {
1342 int crl_v2 = 0; 1223 int crl_v2 = 0;
1343 if (!crl_ext) 1224 if (!crl_ext) {
1344 { 1225 crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT);
1345 crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
1346 if (!crl_ext) 1226 if (!crl_ext)
1347 ERR_clear_error(); 1227 ERR_clear_error();
1348 } 1228 }
1349 if (crl_ext) 1229 if (crl_ext) {
1350 {
1351 /* Check syntax of file */ 1230 /* Check syntax of file */
1352 X509V3_CTX ctx; 1231 X509V3_CTX ctx;
1353 X509V3_set_ctx_test(&ctx); 1232 X509V3_set_ctx_test(&ctx);
1354 X509V3_set_nconf(&ctx, conf); 1233 X509V3_set_nconf(&ctx, conf);
1355 if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) 1234 if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
1356 {
1357 BIO_printf(bio_err, 1235 BIO_printf(bio_err,
1358 "Error Loading CRL extension section %s\n", 1236 "Error Loading CRL extension section %s\n",
1359 crl_ext); 1237 crl_ext);
1360 ret = 1; 1238 ret = 1;
1361 goto err; 1239 goto err;
1362 }
1363 } 1240 }
1241 }
1364 1242
1365 if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) 1243 if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
1366 != NULL) 1244 != NULL)
1367 if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL) 1245 if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
1368 { 1246 BIO_printf(bio_err, "error while loading CRL number\n");
1369 BIO_printf(bio_err,"error while loading CRL number\n"); 1247 goto err;
1370 goto err; 1248 }
1371 }
1372 1249
1373 if (!crldays && !crlhours && !crlsec) 1250 if (!crldays && !crlhours && !crlsec) {
1374 { 1251 if (!NCONF_get_number(conf, section,
1375 if (!NCONF_get_number(conf,section, 1252 ENV_DEFAULT_CRL_DAYS, &crldays))
1376 ENV_DEFAULT_CRL_DAYS, &crldays))
1377 crldays = 0; 1253 crldays = 0;
1378 if (!NCONF_get_number(conf,section, 1254 if (!NCONF_get_number(conf, section,
1379 ENV_DEFAULT_CRL_HOURS, &crlhours)) 1255 ENV_DEFAULT_CRL_HOURS, &crlhours))
1380 crlhours = 0; 1256 crlhours = 0;
1381 ERR_clear_error(); 1257 ERR_clear_error();
1382 } 1258 }
1383 if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) 1259 if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
1384 { 1260 BIO_printf(bio_err, "cannot lookup how long until the next CRL is issued\n");
1385 BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
1386 goto err; 1261 goto err;
1387 } 1262 }
1388 1263
1389 if (verbose) BIO_printf(bio_err,"making CRL\n"); 1264 if (verbose)
1390 if ((crl=X509_CRL_new()) == NULL) goto err; 1265 BIO_printf(bio_err, "making CRL\n");
1391 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; 1266 if ((crl = X509_CRL_new()) == NULL)
1267 goto err;
1268 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
1269 goto err;
1392 1270
1393 tmptm = ASN1_TIME_new(); 1271 tmptm = ASN1_TIME_new();
1394 if (!tmptm) goto err; 1272 if (!tmptm)
1395 X509_gmtime_adj(tmptm,0); 1273 goto err;
1396 X509_CRL_set_lastUpdate(crl, tmptm); 1274 X509_gmtime_adj(tmptm, 0);
1275 X509_CRL_set_lastUpdate(crl, tmptm);
1397 if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, 1276 if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
1398 NULL)) 1277 NULL)) {
1399 {
1400 BIO_puts(bio_err, "error setting CRL nextUpdate\n"); 1278 BIO_puts(bio_err, "error setting CRL nextUpdate\n");
1401 goto err; 1279 goto err;
1402 } 1280 }
1403 X509_CRL_set_nextUpdate(crl, tmptm); 1281 X509_CRL_set_nextUpdate(crl, tmptm);
1404 1282
1405 ASN1_TIME_free(tmptm); 1283 ASN1_TIME_free(tmptm);
1406 1284
1407 for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) 1285 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
1408 { 1286 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
1409 pp=sk_OPENSSL_PSTRING_value(db->db->data,i); 1287 if (pp[DB_type][0] == DB_TYPE_REV) {
1410 if (pp[DB_type][0] == DB_TYPE_REV) 1288 if ((r = X509_REVOKED_new()) == NULL)
1411 { 1289 goto err;
1412 if ((r=X509_REVOKED_new()) == NULL) goto err;
1413 j = make_revoked(r, pp[DB_rev_date]); 1290 j = make_revoked(r, pp[DB_rev_date]);
1414 if (!j) goto err; 1291 if (!j)
1415 if (j == 2) crl_v2 = 1; 1292 goto err;
1293 if (j == 2)
1294 crl_v2 = 1;
1416 if (!BN_hex2bn(&serial, pp[DB_serial])) 1295 if (!BN_hex2bn(&serial, pp[DB_serial]))
1417 goto err; 1296 goto err;
1418 tmpser = BN_to_ASN1_INTEGER(serial, NULL); 1297 tmpser = BN_to_ASN1_INTEGER(serial, NULL);
@@ -1422,92 +1301,93 @@ bad:
1422 goto err; 1301 goto err;
1423 X509_REVOKED_set_serialNumber(r, tmpser); 1302 X509_REVOKED_set_serialNumber(r, tmpser);
1424 ASN1_INTEGER_free(tmpser); 1303 ASN1_INTEGER_free(tmpser);
1425 X509_CRL_add0_revoked(crl,r); 1304 X509_CRL_add0_revoked(crl, r);
1426 }
1427 } 1305 }
1306 }
1428 1307
1429 /* sort the data so it will be written in serial 1308 /* sort the data so it will be written in serial
1430 * number order */ 1309 * number order */
1431 X509_CRL_sort(crl); 1310 X509_CRL_sort(crl);
1432 1311
1433 /* we now have a CRL */ 1312 /* we now have a CRL */
1434 if (verbose) BIO_printf(bio_err,"signing CRL\n"); 1313 if (verbose)
1314 BIO_printf(bio_err, "signing CRL\n");
1435 1315
1436 /* Add any extensions asked for */ 1316 /* Add any extensions asked for */
1437 1317
1438 if (crl_ext || crlnumberfile != NULL) 1318 if (crl_ext || crlnumberfile != NULL) {
1439 {
1440 X509V3_CTX crlctx; 1319 X509V3_CTX crlctx;
1441 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); 1320 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
1442 X509V3_set_nconf(&crlctx, conf); 1321 X509V3_set_nconf(&crlctx, conf);
1443 1322
1444 if (crl_ext) 1323 if (crl_ext)
1445 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, 1324 if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
1446 crl_ext, crl)) goto err; 1325 crl_ext, crl)) goto err;
1447 if (crlnumberfile != NULL) 1326 if (crlnumberfile != NULL) {
1448 {
1449 tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); 1327 tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
1450 if (!tmpser) goto err; 1328 if (!tmpser)
1451 X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0); 1329 goto err;
1330 X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
1452 ASN1_INTEGER_free(tmpser); 1331 ASN1_INTEGER_free(tmpser);
1453 crl_v2 = 1; 1332 crl_v2 = 1;
1454 if (!BN_add_word(crlnumber,1)) goto err; 1333 if (!BN_add_word(crlnumber, 1))
1455 } 1334 goto err;
1456 } 1335 }
1457 if (crl_ext || crl_v2) 1336 }
1458 { 1337 if (crl_ext || crl_v2) {
1459 if (!X509_CRL_set_version(crl, 1)) 1338 if (!X509_CRL_set_version(crl, 1))
1460 goto err; /* version 2 CRL */ 1339 goto err; /* version 2 CRL */
1461 } 1340 }
1341
1462 1342
1463
1464 if (crlnumberfile != NULL) /* we have a CRL number that need updating */ 1343 if (crlnumberfile != NULL) /* we have a CRL number that need updating */
1465 if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; 1344 if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
1345 goto err;
1466 1346
1467 if (crlnumber) 1347 if (crlnumber) {
1468 {
1469 BN_free(crlnumber); 1348 BN_free(crlnumber);
1470 crlnumber = NULL; 1349 crlnumber = NULL;
1471 } 1350 }
1472 1351
1473 if (!do_X509_CRL_sign(bio_err,crl,pkey,dgst,sigopts)) goto err; 1352 if (!do_X509_CRL_sign(bio_err, crl, pkey, dgst, sigopts))
1353 goto err;
1474 1354
1475 PEM_write_bio_X509_CRL(Sout,crl); 1355 PEM_write_bio_X509_CRL(Sout, crl);
1476 1356
1477 if (crlnumberfile != NULL) /* Rename the crlnumber file */ 1357 if (crlnumberfile != NULL) /* Rename the crlnumber file */
1478 if (!rotate_serial(crlnumberfile,"new","old")) goto err; 1358 if (!rotate_serial(crlnumberfile, "new", "old"))
1359 goto err;
1479 1360
1480 } 1361 }
1481 /*****************************************************************/ 1362 /*****************************************************************/
1482 if (dorevoke) 1363 if (dorevoke) {
1483 { 1364 if (infile == NULL) {
1484 if (infile == NULL) 1365 BIO_printf(bio_err, "no input files\n");
1485 {
1486 BIO_printf(bio_err,"no input files\n");
1487 goto err; 1366 goto err;
1488 } 1367 } else {
1489 else
1490 {
1491 X509 *revcert; 1368 X509 *revcert;
1492 revcert=load_cert(bio_err, infile, FORMAT_PEM, 1369 revcert = load_cert(bio_err, infile, FORMAT_PEM,
1493 NULL, e, infile); 1370 NULL, e, infile);
1494 if (revcert == NULL) 1371 if (revcert == NULL)
1495 goto err; 1372 goto err;
1496 j=do_revoke(revcert,db, rev_type, rev_arg); 1373 j = do_revoke(revcert, db, rev_type, rev_arg);
1497 if (j <= 0) goto err; 1374 if (j <= 0)
1375 goto err;
1498 X509_free(revcert); 1376 X509_free(revcert);
1499 1377
1500 if (!save_index(dbfile, "new", db)) goto err; 1378 if (!save_index(dbfile, "new", db))
1379 goto err;
1501 1380
1502 if (!rotate_index(dbfile, "new", "old")) goto err; 1381 if (!rotate_index(dbfile, "new", "old"))
1382 goto err;
1503 1383
1504 BIO_printf(bio_err,"Data Base Updated\n"); 1384 BIO_printf(bio_err, "Data Base Updated\n");
1505 }
1506 } 1385 }
1386 }
1507 /*****************************************************************/ 1387 /*****************************************************************/
1508 ret=0; 1388 ret = 0;
1509err: 1389err:
1510 if(tofree) 1390 if (tofree)
1511 OPENSSL_free(tofree); 1391 OPENSSL_free(tofree);
1512 BIO_free_all(Cout); 1392 BIO_free_all(Cout);
1513 BIO_free_all(Sout); 1393 BIO_free_all(Sout);
@@ -1515,9 +1395,10 @@ err:
1515 BIO_free_all(in); 1395 BIO_free_all(in);
1516 1396
1517 if (cert_sk) 1397 if (cert_sk)
1518 sk_X509_pop_free(cert_sk,X509_free); 1398 sk_X509_pop_free(cert_sk, X509_free);
1519 1399
1520 if (ret) ERR_print_errors(bio_err); 1400 if (ret)
1401 ERR_print_errors(bio_err);
1521 app_RAND_write_file(randfile, bio_err); 1402 app_RAND_write_file(randfile, bio_err);
1522 if (free_key && key) 1403 if (free_key && key)
1523 OPENSSL_free(key); 1404 OPENSSL_free(key);
@@ -1527,222 +1408,213 @@ err:
1527 if (sigopts) 1408 if (sigopts)
1528 sk_OPENSSL_STRING_free(sigopts); 1409 sk_OPENSSL_STRING_free(sigopts);
1529 EVP_PKEY_free(pkey); 1410 EVP_PKEY_free(pkey);
1530 if (x509) X509_free(x509); 1411 if (x509)
1412 X509_free(x509);
1531 X509_CRL_free(crl); 1413 X509_CRL_free(crl);
1532 NCONF_free(conf); 1414 NCONF_free(conf);
1533 NCONF_free(extconf); 1415 NCONF_free(extconf);
1534 OBJ_cleanup(); 1416 OBJ_cleanup();
1535 apps_shutdown(); 1417 apps_shutdown();
1536 OPENSSL_EXIT(ret); 1418 OPENSSL_EXIT(ret);
1537 } 1419}
1538 1420
1539static void lookup_fail(const char *name, const char *tag) 1421static void
1540 { 1422lookup_fail(const char *name, const char *tag)
1541 BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); 1423{
1542 } 1424 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
1543 1425}
1544static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1426
1545 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 1427static int
1546 STACK_OF(CONF_VALUE) *policy, CA_DB *db, 1428certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
1547 BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, 1429 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
1548 int email_dn, char *startdate, char *enddate, 1430 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
1549 long days, int batch, char *ext_sect, CONF *lconf, int verbose, 1431 unsigned long chtype, int multirdn, int email_dn, char *startdate,
1550 unsigned long certopt, unsigned long nameopt, int default_op, 1432 char *enddate, long days, int batch, char *ext_sect, CONF *lconf,
1551 int ext_copy, int selfsign) 1433 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
1552 { 1434 int ext_copy, int selfsign)
1553 X509_REQ *req=NULL; 1435{
1554 BIO *in=NULL; 1436 X509_REQ *req = NULL;
1555 EVP_PKEY *pktmp=NULL; 1437 BIO *in = NULL;
1556 int ok= -1,i; 1438 EVP_PKEY *pktmp = NULL;
1557 1439 int ok = -1, i;
1558 in=BIO_new(BIO_s_file()); 1440
1559 1441 in = BIO_new(BIO_s_file());
1560 if (BIO_read_filename(in,infile) <= 0) 1442
1561 { 1443 if (BIO_read_filename(in, infile) <= 0) {
1562 perror(infile); 1444 perror(infile);
1563 goto err; 1445 goto err;
1564 } 1446 }
1565 if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL) 1447 if ((req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL)) == NULL) {
1566 { 1448 BIO_printf(bio_err, "Error reading certificate request in %s\n",
1567 BIO_printf(bio_err,"Error reading certificate request in %s\n", 1449 infile);
1568 infile);
1569 goto err; 1450 goto err;
1570 } 1451 }
1571 if (verbose) 1452 if (verbose)
1572 X509_REQ_print(bio_err,req); 1453 X509_REQ_print(bio_err, req);
1573 1454
1574 BIO_printf(bio_err,"Check that the request matches the signature\n"); 1455 BIO_printf(bio_err, "Check that the request matches the signature\n");
1575 1456
1576 if (selfsign && !X509_REQ_check_private_key(req,pkey)) 1457 if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
1577 { 1458 BIO_printf(bio_err, "Certificate request and CA private key do not match\n");
1578 BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); 1459 ok = 0;
1579 ok=0;
1580 goto err; 1460 goto err;
1581 } 1461 }
1582 if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) 1462 if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
1583 { 1463 BIO_printf(bio_err, "error unpacking public key\n");
1584 BIO_printf(bio_err,"error unpacking public key\n");
1585 goto err; 1464 goto err;
1586 } 1465 }
1587 i=X509_REQ_verify(req,pktmp); 1466 i = X509_REQ_verify(req, pktmp);
1588 EVP_PKEY_free(pktmp); 1467 EVP_PKEY_free(pktmp);
1589 if (i < 0) 1468 if (i < 0) {
1590 { 1469 ok = 0;
1591 ok=0; 1470 BIO_printf(bio_err, "Signature verification problems....\n");
1592 BIO_printf(bio_err,"Signature verification problems....\n");
1593 goto err; 1471 goto err;
1594 } 1472 }
1595 if (i == 0) 1473 if (i == 0) {
1596 { 1474 ok = 0;
1597 ok=0; 1475 BIO_printf(bio_err, "Signature did not match the certificate request\n");
1598 BIO_printf(bio_err,"Signature did not match the certificate request\n");
1599 goto err; 1476 goto err;
1600 } 1477 } else
1601 else 1478 BIO_printf(bio_err, "Signature ok\n");
1602 BIO_printf(bio_err,"Signature ok\n");
1603 1479
1604 ok=do_body(xret,pkey,x509,dgst,sigopts, policy,db,serial,subj,chtype, 1480 ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype,
1605 multirdn, email_dn, 1481 multirdn, email_dn,
1606 startdate,enddate,days,batch,verbose,req,ext_sect,lconf, 1482 startdate, enddate, days, batch, verbose, req, ext_sect, lconf,
1607 certopt, nameopt, default_op, ext_copy, selfsign); 1483 certopt, nameopt, default_op, ext_copy, selfsign);
1608 1484
1609err: 1485err:
1610 if (req != NULL) X509_REQ_free(req); 1486 if (req != NULL)
1611 if (in != NULL) BIO_free(in); 1487 X509_REQ_free(req);
1612 return(ok); 1488 if (in != NULL)
1613 } 1489 BIO_free(in);
1614 1490 return (ok);
1615static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1491}
1616 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 1492
1617 STACK_OF(CONF_VALUE) *policy, CA_DB *db, 1493static int
1618 BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, 1494certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
1619 long days, int batch, char *ext_sect, CONF *lconf, int verbose, 1495 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
1620 unsigned long certopt, unsigned long nameopt, int default_op, 1496 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
1621 int ext_copy, ENGINE *e) 1497 unsigned long chtype, int multirdn, int email_dn, char *startdate,
1622 { 1498 char *enddate, long days, int batch, char *ext_sect, CONF *lconf,
1623 X509 *req=NULL; 1499 int verbose, unsigned long certopt, unsigned long nameopt, int default_op,
1624 X509_REQ *rreq=NULL; 1500 int ext_copy, ENGINE *e)
1625 EVP_PKEY *pktmp=NULL; 1501{
1626 int ok= -1,i; 1502 X509 *req = NULL;
1627 1503 X509_REQ *rreq = NULL;
1628 if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL) 1504 EVP_PKEY *pktmp = NULL;
1505 int ok = -1, i;
1506
1507 if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
1629 goto err; 1508 goto err;
1630 if (verbose) 1509 if (verbose)
1631 X509_print(bio_err,req); 1510 X509_print(bio_err, req);
1632 1511
1633 BIO_printf(bio_err,"Check that the request matches the signature\n"); 1512 BIO_printf(bio_err, "Check that the request matches the signature\n");
1634 1513
1635 if ((pktmp=X509_get_pubkey(req)) == NULL) 1514 if ((pktmp = X509_get_pubkey(req)) == NULL) {
1636 { 1515 BIO_printf(bio_err, "error unpacking public key\n");
1637 BIO_printf(bio_err,"error unpacking public key\n");
1638 goto err; 1516 goto err;
1639 } 1517 }
1640 i=X509_verify(req,pktmp); 1518 i = X509_verify(req, pktmp);
1641 EVP_PKEY_free(pktmp); 1519 EVP_PKEY_free(pktmp);
1642 if (i < 0) 1520 if (i < 0) {
1643 { 1521 ok = 0;
1644 ok=0; 1522 BIO_printf(bio_err, "Signature verification problems....\n");
1645 BIO_printf(bio_err,"Signature verification problems....\n");
1646 goto err; 1523 goto err;
1647 } 1524 }
1648 if (i == 0) 1525 if (i == 0) {
1649 { 1526 ok = 0;
1650 ok=0; 1527 BIO_printf(bio_err, "Signature did not match the certificate\n");
1651 BIO_printf(bio_err,"Signature did not match the certificate\n");
1652 goto err; 1528 goto err;
1653 } 1529 } else
1654 else 1530 BIO_printf(bio_err, "Signature ok\n");
1655 BIO_printf(bio_err,"Signature ok\n");
1656 1531
1657 if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) 1532 if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
1658 goto err; 1533 goto err;
1659 1534
1660 ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, 1535 ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype, multirdn, email_dn, startdate, enddate,
1661 days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, 1536 days, batch, verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
1662 ext_copy, 0); 1537 ext_copy, 0);
1663 1538
1664err: 1539err:
1665 if (rreq != NULL) X509_REQ_free(rreq); 1540 if (rreq != NULL)
1666 if (req != NULL) X509_free(req); 1541 X509_REQ_free(rreq);
1667 return(ok); 1542 if (req != NULL)
1668 } 1543 X509_free(req);
1669 1544 return (ok);
1670static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 1545}
1671 STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, 1546
1672 CA_DB *db, BIGNUM *serial, char *subj, 1547static int
1673 unsigned long chtype, int multirdn, 1548do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1674 int email_dn, char *startdate, char *enddate, long days, int batch, 1549 STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,
1675 int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, 1550 CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn,
1676 unsigned long certopt, unsigned long nameopt, int default_op, 1551 int email_dn, char *startdate, char *enddate, long days, int batch,
1677 int ext_copy, int selfsign) 1552 int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
1678 { 1553 unsigned long certopt, unsigned long nameopt, int default_op,
1679 X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; 1554 int ext_copy, int selfsign)
1680 ASN1_UTCTIME *tm,*tmptm; 1555{
1681 ASN1_STRING *str,*str2; 1556 X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = NULL;
1557 ASN1_UTCTIME *tm, *tmptm;
1558 ASN1_STRING *str, *str2;
1682 ASN1_OBJECT *obj; 1559 ASN1_OBJECT *obj;
1683 X509 *ret=NULL; 1560 X509 *ret = NULL;
1684 X509_CINF *ci; 1561 X509_CINF *ci;
1685 X509_NAME_ENTRY *ne; 1562 X509_NAME_ENTRY *ne;
1686 X509_NAME_ENTRY *tne,*push; 1563 X509_NAME_ENTRY *tne, *push;
1687 EVP_PKEY *pktmp; 1564 EVP_PKEY *pktmp;
1688 int ok= -1,i,j,last,nid; 1565 int ok = -1, i, j, last, nid;
1689 const char *p; 1566 const char *p;
1690 CONF_VALUE *cv; 1567 CONF_VALUE *cv;
1691 OPENSSL_STRING row[DB_NUMBER]; 1568 OPENSSL_STRING row[DB_NUMBER];
1692 OPENSSL_STRING *irow=NULL; 1569 OPENSSL_STRING *irow = NULL;
1693 OPENSSL_STRING *rrow=NULL; 1570 OPENSSL_STRING *rrow = NULL;
1694 char buf[25]; 1571 char buf[25];
1695 1572
1696 tmptm=ASN1_UTCTIME_new(); 1573 tmptm = ASN1_UTCTIME_new();
1697 if (tmptm == NULL) 1574 if (tmptm == NULL) {
1698 { 1575 BIO_printf(bio_err, "malloc error\n");
1699 BIO_printf(bio_err,"malloc error\n"); 1576 return (0);
1700 return(0); 1577 }
1701 }
1702 1578
1703 for (i=0; i<DB_NUMBER; i++) 1579 for (i = 0; i < DB_NUMBER; i++)
1704 row[i]=NULL; 1580 row[i] = NULL;
1705 1581
1706 if (subj) 1582 if (subj) {
1707 {
1708 X509_NAME *n = parse_name(subj, chtype, multirdn); 1583 X509_NAME *n = parse_name(subj, chtype, multirdn);
1709 1584
1710 if (!n) 1585 if (!n) {
1711 {
1712 ERR_print_errors(bio_err); 1586 ERR_print_errors(bio_err);
1713 goto err; 1587 goto err;
1714 } 1588 }
1715 X509_REQ_set_subject_name(req,n); 1589 X509_REQ_set_subject_name(req, n);
1716 req->req_info->enc.modified = 1; 1590 req->req_info->enc.modified = 1;
1717 X509_NAME_free(n); 1591 X509_NAME_free(n);
1718 } 1592 }
1719 1593
1720 if (default_op) 1594 if (default_op)
1721 BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n"); 1595 BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n");
1722 1596
1723 name=X509_REQ_get_subject_name(req); 1597 name = X509_REQ_get_subject_name(req);
1724 for (i=0; i<X509_NAME_entry_count(name); i++) 1598 for (i = 0; i < X509_NAME_entry_count(name); i++) {
1725 { 1599 ne = X509_NAME_get_entry(name, i);
1726 ne= X509_NAME_get_entry(name,i); 1600 str = X509_NAME_ENTRY_get_data(ne);
1727 str=X509_NAME_ENTRY_get_data(ne); 1601 obj = X509_NAME_ENTRY_get_object(ne);
1728 obj=X509_NAME_ENTRY_get_object(ne);
1729 1602
1730 if (msie_hack) 1603 if (msie_hack) {
1731 {
1732 /* assume all type should be strings */ 1604 /* assume all type should be strings */
1733 nid=OBJ_obj2nid(ne->object); 1605 nid = OBJ_obj2nid(ne->object);
1734 1606
1735 if (str->type == V_ASN1_UNIVERSALSTRING) 1607 if (str->type == V_ASN1_UNIVERSALSTRING)
1736 ASN1_UNIVERSALSTRING_to_string(str); 1608 ASN1_UNIVERSALSTRING_to_string(str);
1737 1609
1738 if ((str->type == V_ASN1_IA5STRING) && 1610 if ((str->type == V_ASN1_IA5STRING) &&
1739 (nid != NID_pkcs9_emailAddress)) 1611 (nid != NID_pkcs9_emailAddress))
1740 str->type=V_ASN1_T61STRING; 1612 str->type = V_ASN1_T61STRING;
1741 1613
1742 if ((nid == NID_pkcs9_emailAddress) && 1614 if ((nid == NID_pkcs9_emailAddress) &&
1743 (str->type == V_ASN1_PRINTABLESTRING)) 1615 (str->type == V_ASN1_PRINTABLESTRING))
1744 str->type=V_ASN1_IA5STRING; 1616 str->type = V_ASN1_IA5STRING;
1745 } 1617 }
1746 1618
1747 /* If no EMAIL is wanted in the subject */ 1619 /* If no EMAIL is wanted in the subject */
1748 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn)) 1620 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
@@ -1750,213 +1622,182 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1750 1622
1751 /* check some things */ 1623 /* check some things */
1752 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && 1624 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
1753 (str->type != V_ASN1_IA5STRING)) 1625 (str->type != V_ASN1_IA5STRING)) {
1754 { 1626 BIO_printf(bio_err, "\nemailAddress type needs to be of type IA5STRING\n");
1755 BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
1756 goto err; 1627 goto err;
1757 } 1628 }
1758 if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) 1629 if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) {
1759 { 1630 j = ASN1_PRINTABLE_type(str->data, str->length);
1760 j=ASN1_PRINTABLE_type(str->data,str->length); 1631 if (((j == V_ASN1_T61STRING) &&
1761 if ( ((j == V_ASN1_T61STRING) && 1632 (str->type != V_ASN1_T61STRING)) ||
1762 (str->type != V_ASN1_T61STRING)) || 1633 ((j == V_ASN1_IA5STRING) &&
1763 ((j == V_ASN1_IA5STRING) && 1634 (str->type == V_ASN1_PRINTABLESTRING))) {
1764 (str->type == V_ASN1_PRINTABLESTRING))) 1635 BIO_printf(bio_err, "\nThe string contains characters that are illegal for the ASN.1 type\n");
1765 {
1766 BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
1767 goto err; 1636 goto err;
1768 }
1769 } 1637 }
1638 }
1770 1639
1771 if (default_op) 1640 if (default_op)
1772 old_entry_print(bio_err, obj, str); 1641 old_entry_print(bio_err, obj, str);
1773 } 1642 }
1774 1643
1775 /* Ok, now we check the 'policy' stuff. */ 1644 /* Ok, now we check the 'policy' stuff. */
1776 if ((subject=X509_NAME_new()) == NULL) 1645 if ((subject = X509_NAME_new()) == NULL) {
1777 { 1646 BIO_printf(bio_err, "Memory allocation failure\n");
1778 BIO_printf(bio_err,"Memory allocation failure\n");
1779 goto err; 1647 goto err;
1780 } 1648 }
1781 1649
1782 /* take a copy of the issuer name before we mess with it. */ 1650 /* take a copy of the issuer name before we mess with it. */
1783 if (selfsign) 1651 if (selfsign)
1784 CAname=X509_NAME_dup(name); 1652 CAname = X509_NAME_dup(name);
1785 else 1653 else
1786 CAname=X509_NAME_dup(x509->cert_info->subject); 1654 CAname = X509_NAME_dup(x509->cert_info->subject);
1787 if (CAname == NULL) goto err; 1655 if (CAname == NULL)
1788 str=str2=NULL; 1656 goto err;
1657 str = str2 = NULL;
1789 1658
1790 for (i=0; i<sk_CONF_VALUE_num(policy); i++) 1659 for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
1791 {
1792 cv=sk_CONF_VALUE_value(policy,i); /* get the object id */ 1660 cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
1793 if ((j=OBJ_txt2nid(cv->name)) == NID_undef) 1661 if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
1794 { 1662 BIO_printf(bio_err, "%s:unknown object type in 'policy' configuration\n", cv->name);
1795 BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
1796 goto err; 1663 goto err;
1797 } 1664 }
1798 obj=OBJ_nid2obj(j); 1665 obj = OBJ_nid2obj(j);
1799 1666
1800 last= -1; 1667 last = -1;
1801 for (;;) 1668 for (;;) {
1802 {
1803 /* lookup the object in the supplied name list */ 1669 /* lookup the object in the supplied name list */
1804 j=X509_NAME_get_index_by_OBJ(name,obj,last); 1670 j = X509_NAME_get_index_by_OBJ(name, obj, last);
1805 if (j < 0) 1671 if (j < 0) {
1806 { 1672 if (last != -1)
1807 if (last != -1) break; 1673 break;
1808 tne=NULL; 1674 tne = NULL;
1809 } 1675 } else {
1810 else 1676 tne = X509_NAME_get_entry(name, j);
1811 { 1677 }
1812 tne=X509_NAME_get_entry(name,j); 1678 last = j;
1813 }
1814 last=j;
1815 1679
1816 /* depending on the 'policy', decide what to do. */ 1680 /* depending on the 'policy', decide what to do. */
1817 push=NULL; 1681 push = NULL;
1818 if (strcmp(cv->value,"optional") == 0) 1682 if (strcmp(cv->value, "optional") == 0) {
1819 {
1820 if (tne != NULL) 1683 if (tne != NULL)
1821 push=tne; 1684 push = tne;
1822 } 1685 } else if (strcmp(cv->value, "supplied") == 0) {
1823 else if (strcmp(cv->value,"supplied") == 0) 1686 if (tne == NULL) {
1824 { 1687 BIO_printf(bio_err, "The %s field needed to be supplied and was missing\n", cv->name);
1825 if (tne == NULL)
1826 {
1827 BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
1828 goto err; 1688 goto err;
1829 } 1689 } else
1830 else 1690 push = tne;
1831 push=tne; 1691 } else if (strcmp(cv->value, "match") == 0) {
1832 }
1833 else if (strcmp(cv->value,"match") == 0)
1834 {
1835 int last2; 1692 int last2;
1836 1693
1837 if (tne == NULL) 1694 if (tne == NULL) {
1838 { 1695 BIO_printf(bio_err, "The mandatory %s field was missing\n", cv->name);
1839 BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
1840 goto err; 1696 goto err;
1841 } 1697 }
1842 1698
1843 last2= -1; 1699 last2 = -1;
1844 1700
1845again2: 1701again2:
1846 j=X509_NAME_get_index_by_OBJ(CAname,obj,last2); 1702 j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
1847 if ((j < 0) && (last2 == -1)) 1703 if ((j < 0) && (last2 == -1)) {
1848 { 1704 BIO_printf(bio_err, "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n", cv->name);
1849 BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
1850 goto err; 1705 goto err;
1851 } 1706 }
1852 if (j >= 0) 1707 if (j >= 0) {
1853 { 1708 push = X509_NAME_get_entry(CAname, j);
1854 push=X509_NAME_get_entry(CAname,j); 1709 str = X509_NAME_ENTRY_get_data(tne);
1855 str=X509_NAME_ENTRY_get_data(tne); 1710 str2 = X509_NAME_ENTRY_get_data(push);
1856 str2=X509_NAME_ENTRY_get_data(push); 1711 last2 = j;
1857 last2=j; 1712 if (ASN1_STRING_cmp(str, str2) != 0)
1858 if (ASN1_STRING_cmp(str,str2) != 0)
1859 goto again2; 1713 goto again2;
1860 } 1714 }
1861 if (j < 0) 1715 if (j < 0) {
1862 { 1716 BIO_printf(bio_err, "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", cv->name, ((str2 == NULL)?"NULL":(char *)str2->data), ((str == NULL)?"NULL":(char *)str->data));
1863 BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
1864 goto err; 1717 goto err;
1865 }
1866 } 1718 }
1867 else 1719 } else {
1868 { 1720 BIO_printf(bio_err, "%s:invalid type in 'policy' configuration\n", cv->value);
1869 BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
1870 goto err; 1721 goto err;
1871 } 1722 }
1872 1723
1873 if (push != NULL) 1724 if (push != NULL) {
1874 { 1725 if (!X509_NAME_add_entry(subject, push, -1, 0)) {
1875 if (!X509_NAME_add_entry(subject,push, -1, 0))
1876 {
1877 if (push != NULL) 1726 if (push != NULL)
1878 X509_NAME_ENTRY_free(push); 1727 X509_NAME_ENTRY_free(push);
1879 BIO_printf(bio_err,"Memory allocation failure\n"); 1728 BIO_printf(bio_err, "Memory allocation failure\n");
1880 goto err; 1729 goto err;
1881 }
1882 } 1730 }
1883 if (j < 0) break;
1884 } 1731 }
1732 if (j < 0)
1733 break;
1885 } 1734 }
1735 }
1886 1736
1887 if (preserve) 1737 if (preserve) {
1888 {
1889 X509_NAME_free(subject); 1738 X509_NAME_free(subject);
1890 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ 1739 /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
1891 subject=X509_NAME_dup(name); 1740 subject = X509_NAME_dup(name);
1892 if (subject == NULL) goto err; 1741 if (subject == NULL)
1893 } 1742 goto err;
1743 }
1894 1744
1895 if (verbose) 1745 if (verbose)
1896 BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n"); 1746 BIO_printf(bio_err, "The subject name appears to be ok, checking data base for clashes\n");
1897 1747
1898 /* Build the correct Subject if no e-mail is wanted in the subject */ 1748 /* Build the correct Subject if no e-mail is wanted in the subject */
1899 /* and add it later on because of the method extensions are added (altName) */ 1749 /* and add it later on because of the method extensions are added (altName) */
1900 1750
1901 if (email_dn) 1751 if (email_dn)
1902 dn_subject = subject; 1752 dn_subject = subject;
1903 else 1753 else {
1904 {
1905 X509_NAME_ENTRY *tmpne; 1754 X509_NAME_ENTRY *tmpne;
1906 /* Its best to dup the subject DN and then delete any email 1755 /* Its best to dup the subject DN and then delete any email
1907 * addresses because this retains its structure. 1756 * addresses because this retains its structure.
1908 */ 1757 */
1909 if (!(dn_subject = X509_NAME_dup(subject))) 1758 if (!(dn_subject = X509_NAME_dup(subject))) {
1910 { 1759 BIO_printf(bio_err, "Memory allocation failure\n");
1911 BIO_printf(bio_err,"Memory allocation failure\n");
1912 goto err; 1760 goto err;
1913 } 1761 }
1914 while((i = X509_NAME_get_index_by_NID(dn_subject, 1762 while ((i = X509_NAME_get_index_by_NID(dn_subject,
1915 NID_pkcs9_emailAddress, -1)) >= 0) 1763 NID_pkcs9_emailAddress, -1)) >= 0) {
1916 {
1917 tmpne = X509_NAME_get_entry(dn_subject, i); 1764 tmpne = X509_NAME_get_entry(dn_subject, i);
1918 X509_NAME_delete_entry(dn_subject, i); 1765 X509_NAME_delete_entry(dn_subject, i);
1919 X509_NAME_ENTRY_free(tmpne); 1766 X509_NAME_ENTRY_free(tmpne);
1920 }
1921 } 1767 }
1768 }
1922 1769
1923 if (BN_is_zero(serial)) 1770 if (BN_is_zero(serial))
1924 row[DB_serial]=BUF_strdup("00"); 1771 row[DB_serial] = BUF_strdup("00");
1925 else 1772 else
1926 row[DB_serial]=BN_bn2hex(serial); 1773 row[DB_serial] = BN_bn2hex(serial);
1927 if (row[DB_serial] == NULL) 1774 if (row[DB_serial] == NULL) {
1928 { 1775 BIO_printf(bio_err, "Memory allocation failure\n");
1929 BIO_printf(bio_err,"Memory allocation failure\n");
1930 goto err; 1776 goto err;
1931 } 1777 }
1932 1778
1933 if (db->attributes.unique_subject) 1779 if (db->attributes.unique_subject) {
1934 { 1780 OPENSSL_STRING *crow = row;
1935 OPENSSL_STRING *crow=row;
1936 1781
1937 rrow=TXT_DB_get_by_index(db->db,DB_name,crow); 1782 rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
1938 if (rrow != NULL) 1783 if (rrow != NULL) {
1939 {
1940 BIO_printf(bio_err, 1784 BIO_printf(bio_err,
1941 "ERROR:There is already a certificate for %s\n", 1785 "ERROR:There is already a certificate for %s\n",
1942 row[DB_name]); 1786 row[DB_name]);
1943 }
1944 } 1787 }
1945 if (rrow == NULL) 1788 }
1946 { 1789 if (rrow == NULL) {
1947 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 1790 rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
1948 if (rrow != NULL) 1791 if (rrow != NULL) {
1949 { 1792 BIO_printf(bio_err, "ERROR:Serial number %s has already been issued,\n",
1950 BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", 1793 row[DB_serial]);
1951 row[DB_serial]); 1794 BIO_printf(bio_err, " check the database/serial_file for corruption\n");
1952 BIO_printf(bio_err," check the database/serial_file for corruption\n");
1953 }
1954 } 1795 }
1796 }
1955 1797
1956 if (rrow != NULL) 1798 if (rrow != NULL) {
1957 {
1958 BIO_printf(bio_err, 1799 BIO_printf(bio_err,
1959 "The matching entry has the following details\n"); 1800 "The matching entry has the following details\n");
1960 if (rrow[DB_type][0] == 'E') 1801 if (rrow[DB_type][0] == 'E')
1961 p="Expired"; 1802 p="Expired";
1962 else if (rrow[DB_type][0] == 'R') 1803 else if (rrow[DB_type][0] == 'R')
@@ -1965,70 +1806,71 @@ again2:
1965 p="Valid"; 1806 p="Valid";
1966 else 1807 else
1967 p="\ninvalid type, Data base error\n"; 1808 p="\ninvalid type, Data base error\n";
1968 BIO_printf(bio_err,"Type :%s\n",p); 1809 BIO_printf(bio_err, "Type :%s\n", p);
1969 if (rrow[DB_type][0] == 'R') 1810 if (rrow[DB_type][0] == 'R') {
1970 { 1811 p = rrow[DB_exp_date]; if (p == NULL) p="undef";
1971 p=rrow[DB_exp_date]; if (p == NULL) p="undef"; 1812 BIO_printf(bio_err, "Was revoked on:%s\n", p);
1972 BIO_printf(bio_err,"Was revoked on:%s\n",p); 1813 }
1973 } 1814 p = rrow[DB_exp_date]; if (p == NULL) p="undef";
1974 p=rrow[DB_exp_date]; if (p == NULL) p="undef"; 1815 BIO_printf(bio_err, "Expires on :%s\n", p);
1975 BIO_printf(bio_err,"Expires on :%s\n",p); 1816 p = rrow[DB_serial]; if (p == NULL) p="undef";
1976 p=rrow[DB_serial]; if (p == NULL) p="undef"; 1817 BIO_printf(bio_err, "Serial Number :%s\n", p);
1977 BIO_printf(bio_err,"Serial Number :%s\n",p); 1818 p = rrow[DB_file]; if (p == NULL) p="undef";
1978 p=rrow[DB_file]; if (p == NULL) p="undef"; 1819 BIO_printf(bio_err, "File name :%s\n", p);
1979 BIO_printf(bio_err,"File name :%s\n",p); 1820 p = rrow[DB_name]; if (p == NULL) p="undef";
1980 p=rrow[DB_name]; if (p == NULL) p="undef"; 1821 BIO_printf(bio_err, "Subject Name :%s\n", p);
1981 BIO_printf(bio_err,"Subject Name :%s\n",p);
1982 ok= -1; /* This is now a 'bad' error. */ 1822 ok= -1; /* This is now a 'bad' error. */
1983 goto err; 1823 goto err;
1984 } 1824 }
1985 1825
1986 /* We are now totally happy, lets make and sign the certificate */ 1826 /* We are now totally happy, lets make and sign the certificate */
1987 if (verbose) 1827 if (verbose)
1988 BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n"); 1828 BIO_printf(bio_err, "Everything appears to be ok, creating and signing the certificate\n");
1989 1829
1990 if ((ret=X509_new()) == NULL) goto err; 1830 if ((ret = X509_new()) == NULL)
1991 ci=ret->cert_info; 1831 goto err;
1832 ci = ret->cert_info;
1992 1833
1993#ifdef X509_V3 1834#ifdef X509_V3
1994 /* Make it an X509 v3 certificate. */ 1835 /* Make it an X509 v3 certificate. */
1995 if (!X509_set_version(ret,2)) goto err; 1836 if (!X509_set_version(ret, 2))
1837 goto err;
1996#endif 1838#endif
1997 1839
1998 if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) 1840 if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL)
1999 goto err; 1841 goto err;
2000 if (selfsign) 1842 if (selfsign) {
2001 { 1843 if (!X509_set_issuer_name(ret, subject))
2002 if (!X509_set_issuer_name(ret,subject))
2003 goto err; 1844 goto err;
2004 } 1845 } else {
2005 else 1846 if (!X509_set_issuer_name(ret, X509_get_subject_name(x509)))
2006 {
2007 if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
2008 goto err; 1847 goto err;
2009 } 1848 }
2010 1849
2011 if (strcmp(startdate,"today") == 0) 1850 if (strcmp(startdate, "today") == 0)
2012 X509_gmtime_adj(X509_get_notBefore(ret),0); 1851 X509_gmtime_adj(X509_get_notBefore(ret), 0);
2013 else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate); 1852 else
1853 ASN1_TIME_set_string(X509_get_notBefore(ret), startdate);
2014 1854
2015 if (enddate == NULL) 1855 if (enddate == NULL)
2016 X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL); 1856 X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
2017 else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate); 1857 else
1858 ASN1_TIME_set_string(X509_get_notAfter(ret), enddate);
2018 1859
2019 if (!X509_set_subject_name(ret,subject)) goto err; 1860 if (!X509_set_subject_name(ret, subject))
1861 goto err;
2020 1862
2021 pktmp=X509_REQ_get_pubkey(req); 1863 pktmp = X509_REQ_get_pubkey(req);
2022 i = X509_set_pubkey(ret,pktmp); 1864 i = X509_set_pubkey(ret, pktmp);
2023 EVP_PKEY_free(pktmp); 1865 EVP_PKEY_free(pktmp);
2024 if (!i) goto err; 1866 if (!i)
1867 goto err;
2025 1868
2026 /* Lets add the extensions, if there are any */ 1869 /* Lets add the extensions, if there are any */
2027 if (ext_sect) 1870 if (ext_sect) {
2028 {
2029 X509V3_CTX ctx; 1871 X509V3_CTX ctx;
2030 if (ci->version == NULL) 1872 if (ci->version == NULL)
2031 if ((ci->version=ASN1_INTEGER_new()) == NULL) 1873 if ((ci->version = ASN1_INTEGER_new()) == NULL)
2032 goto err; 1874 goto err;
2033 ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */ 1875 ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
2034 1876
@@ -2036,7 +1878,7 @@ again2:
2036 * be any I believe */ 1878 * be any I believe */
2037 if (ci->extensions != NULL) 1879 if (ci->extensions != NULL)
2038 sk_X509_EXTENSION_pop_free(ci->extensions, 1880 sk_X509_EXTENSION_pop_free(ci->extensions,
2039 X509_EXTENSION_free); 1881 X509_EXTENSION_free);
2040 1882
2041 ci->extensions = NULL; 1883 ci->extensions = NULL;
2042 1884
@@ -2046,150 +1888,138 @@ again2:
2046 else 1888 else
2047 X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); 1889 X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
2048 1890
2049 if (extconf) 1891 if (extconf) {
2050 {
2051 if (verbose) 1892 if (verbose)
2052 BIO_printf(bio_err, "Extra configuration file found\n"); 1893 BIO_printf(bio_err, "Extra configuration file found\n");
2053 1894
2054 /* Use the extconf configuration db LHASH */ 1895 /* Use the extconf configuration db LHASH */
2055 X509V3_set_nconf(&ctx, extconf); 1896 X509V3_set_nconf(&ctx, extconf);
2056 1897
2057 /* Test the structure (needed?) */ 1898 /* Test the structure (needed?) */
2058 /* X509V3_set_ctx_test(&ctx); */ 1899 /* X509V3_set_ctx_test(&ctx); */
2059 1900
2060 /* Adds exts contained in the configuration file */ 1901 /* Adds exts contained in the configuration file */
2061 if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret)) 1902 if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect, ret)) {
2062 {
2063 BIO_printf(bio_err, 1903 BIO_printf(bio_err,
2064 "ERROR: adding extensions in section %s\n", 1904 "ERROR: adding extensions in section %s\n",
2065 ext_sect); 1905 ext_sect);
2066 ERR_print_errors(bio_err); 1906 ERR_print_errors(bio_err);
2067 goto err; 1907 goto err;
2068 } 1908 }
2069 if (verbose) 1909 if (verbose)
2070 BIO_printf(bio_err, "Successfully added extensions from file.\n"); 1910 BIO_printf(bio_err, "Successfully added extensions from file.\n");
2071 } 1911 } else if (ext_sect) {
2072 else if (ext_sect)
2073 {
2074 /* We found extensions to be set from config file */ 1912 /* We found extensions to be set from config file */
2075 X509V3_set_nconf(&ctx, lconf); 1913 X509V3_set_nconf(&ctx, lconf);
2076 1914
2077 if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) 1915 if (!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) {
2078 {
2079 BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); 1916 BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
2080 ERR_print_errors(bio_err); 1917 ERR_print_errors(bio_err);
2081 goto err; 1918 goto err;
2082 } 1919 }
2083 1920
2084 if (verbose) 1921 if (verbose)
2085 BIO_printf(bio_err, "Successfully added extensions from config\n"); 1922 BIO_printf(bio_err, "Successfully added extensions from config\n");
2086 }
2087 } 1923 }
1924 }
2088 1925
2089 /* Copy extensions from request (if any) */ 1926 /* Copy extensions from request (if any) */
2090 1927
2091 if (!copy_extensions(ret, req, ext_copy)) 1928 if (!copy_extensions(ret, req, ext_copy)) {
2092 {
2093 BIO_printf(bio_err, "ERROR: adding extensions from request\n"); 1929 BIO_printf(bio_err, "ERROR: adding extensions from request\n");
2094 ERR_print_errors(bio_err); 1930 ERR_print_errors(bio_err);
2095 goto err; 1931 goto err;
2096 } 1932 }
2097 1933
2098 /* Set the right value for the noemailDN option */ 1934 /* Set the right value for the noemailDN option */
2099 if( email_dn == 0 ) 1935 if (email_dn == 0 ) {
2100 { 1936 if (!X509_set_subject_name(ret, dn_subject))
2101 if (!X509_set_subject_name(ret,dn_subject)) goto err; 1937 goto err;
2102 } 1938 }
2103 1939
2104 if (!default_op) 1940 if (!default_op) {
2105 {
2106 BIO_printf(bio_err, "Certificate Details:\n"); 1941 BIO_printf(bio_err, "Certificate Details:\n");
2107 /* Never print signature details because signature not present */ 1942 /* Never print signature details because signature not present */
2108 certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME; 1943 certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
2109 X509_print_ex(bio_err, ret, nameopt, certopt); 1944 X509_print_ex(bio_err, ret, nameopt, certopt);
2110 } 1945 }
2111 1946
2112 BIO_printf(bio_err,"Certificate is to be certified until "); 1947 BIO_printf(bio_err, "Certificate is to be certified until ");
2113 ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); 1948 ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
2114 if (days) BIO_printf(bio_err," (%ld days)",days); 1949 if (days)
1950 BIO_printf(bio_err, " (%ld days)", days);
2115 BIO_printf(bio_err, "\n"); 1951 BIO_printf(bio_err, "\n");
2116 1952
2117 if (!batch) 1953 if (!batch) {
2118 {
2119 1954
2120 BIO_printf(bio_err,"Sign the certificate? [y/n]:"); 1955 BIO_printf(bio_err, "Sign the certificate? [y/n]:");
2121 (void)BIO_flush(bio_err); 1956 (void)BIO_flush(bio_err);
2122 buf[0]='\0'; 1957 buf[0] = '\0';
2123 if (!fgets(buf,sizeof(buf)-1,stdin)) 1958 if (!fgets(buf, sizeof(buf) - 1, stdin)) {
2124 { 1959 BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
2125 BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); 1960 ok = 0;
2126 ok=0;
2127 goto err; 1961 goto err;
2128 } 1962 }
2129 if (!((buf[0] == 'y') || (buf[0] == 'Y'))) 1963 if (!((buf[0] == 'y') || (buf[0] == 'Y'))) {
2130 { 1964 BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n");
2131 BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); 1965 ok = 0;
2132 ok=0;
2133 goto err; 1966 goto err;
2134 }
2135 } 1967 }
1968 }
2136 1969
2137 pktmp=X509_get_pubkey(ret); 1970 pktmp = X509_get_pubkey(ret);
2138 if (EVP_PKEY_missing_parameters(pktmp) && 1971 if (EVP_PKEY_missing_parameters(pktmp) &&
2139 !EVP_PKEY_missing_parameters(pkey)) 1972 !EVP_PKEY_missing_parameters(pkey))
2140 EVP_PKEY_copy_parameters(pktmp,pkey); 1973 EVP_PKEY_copy_parameters(pktmp, pkey);
2141 EVP_PKEY_free(pktmp); 1974 EVP_PKEY_free(pktmp);
2142 1975
2143 if (!do_X509_sign(bio_err, ret,pkey,dgst, sigopts)) 1976 if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))
2144 goto err; 1977 goto err;
2145 1978
2146 /* We now just add it to the database */ 1979 /* We now just add it to the database */
2147 row[DB_type]=(char *)OPENSSL_malloc(2); 1980 row[DB_type] = (char *)OPENSSL_malloc(2);
2148 1981
2149 tm=X509_get_notAfter(ret); 1982 tm = X509_get_notAfter(ret);
2150 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); 1983 row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
2151 memcpy(row[DB_exp_date],tm->data,tm->length); 1984 memcpy(row[DB_exp_date], tm->data, tm->length);
2152 row[DB_exp_date][tm->length]='\0'; 1985 row[DB_exp_date][tm->length] = '\0';
2153 1986
2154 row[DB_rev_date]=NULL; 1987 row[DB_rev_date] = NULL;
2155 1988
2156 /* row[DB_serial] done already */ 1989 /* row[DB_serial] done already */
2157 row[DB_file]=(char *)OPENSSL_malloc(8); 1990 row[DB_file] = (char *)OPENSSL_malloc(8);
2158 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0); 1991 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
2159 1992
2160 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 1993 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
2161 (row[DB_file] == NULL) || (row[DB_name] == NULL)) 1994 (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
2162 { 1995 BIO_printf(bio_err, "Memory allocation failure\n");
2163 BIO_printf(bio_err,"Memory allocation failure\n");
2164 goto err; 1996 goto err;
2165 } 1997 }
2166 BUF_strlcpy(row[DB_file],"unknown",8); 1998 BUF_strlcpy(row[DB_file], "unknown", 8);
2167 row[DB_type][0]='V'; 1999 row[DB_type][0] = 'V';
2168 row[DB_type][1]='\0'; 2000 row[DB_type][1] = '\0';
2169 2001
2170 if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) 2002 if ((irow = (char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) {
2171 { 2003 BIO_printf(bio_err, "Memory allocation failure\n");
2172 BIO_printf(bio_err,"Memory allocation failure\n");
2173 goto err; 2004 goto err;
2174 } 2005 }
2175 2006
2176 for (i=0; i<DB_NUMBER; i++) 2007 for (i = 0; i < DB_NUMBER; i++) {
2177 { 2008 irow[i] = row[i];
2178 irow[i]=row[i]; 2009 row[i] = NULL;
2179 row[i]=NULL; 2010 }
2180 } 2011 irow[DB_NUMBER] = NULL;
2181 irow[DB_NUMBER]=NULL;
2182 2012
2183 if (!TXT_DB_insert(db->db,irow)) 2013 if (!TXT_DB_insert(db->db, irow)) {
2184 { 2014 BIO_printf(bio_err, "failed to update database\n");
2185 BIO_printf(bio_err,"failed to update database\n"); 2015 BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
2186 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
2187 goto err; 2016 goto err;
2188 } 2017 }
2189 ok=1; 2018 ok = 1;
2190err: 2019err:
2191 for (i=0; i<DB_NUMBER; i++) 2020 for (i = 0; i < DB_NUMBER; i++)
2192 if (row[i] != NULL) OPENSSL_free(row[i]); 2021 if (row[i] != NULL)
2022 OPENSSL_free(row[i]);
2193 2023
2194 if (CAname != NULL) 2024 if (CAname != NULL)
2195 X509_NAME_free(CAname); 2025 X509_NAME_free(CAname);
@@ -2199,58 +2029,58 @@ err:
2199 X509_NAME_free(dn_subject); 2029 X509_NAME_free(dn_subject);
2200 if (tmptm != NULL) 2030 if (tmptm != NULL)
2201 ASN1_UTCTIME_free(tmptm); 2031 ASN1_UTCTIME_free(tmptm);
2202 if (ok <= 0) 2032 if (ok <= 0) {
2203 { 2033 if (ret != NULL)
2204 if (ret != NULL) X509_free(ret); 2034 X509_free(ret);
2205 ret=NULL; 2035 ret = NULL;
2206 } 2036 } else
2207 else 2037 *xret = ret;
2208 *xret=ret; 2038 return (ok);
2209 return(ok); 2039}
2210 } 2040
2211 2041static void
2212static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) 2042write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
2213 { 2043{
2214 2044 if (output_der) {
2215 if (output_der) 2045 (void)i2d_X509_bio(bp, x);
2216 {
2217 (void)i2d_X509_bio(bp,x);
2218 return; 2046 return;
2219 } 2047 }
2220#if 0 2048#if 0
2221 /* ??? Not needed since X509_print prints all this stuff anyway */ 2049 /* ??? Not needed since X509_print prints all this stuff anyway */
2222 f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256); 2050 f = X509_NAME_oneline(X509_get_issuer_name(x), buf, 256);
2223 BIO_printf(bp,"issuer :%s\n",f); 2051 BIO_printf(bp, "issuer :%s\n", f);
2224 2052
2225 f=X509_NAME_oneline(X509_get_subject_name(x),buf,256); 2053 f = X509_NAME_oneline(X509_get_subject_name(x), buf, 256);
2226 BIO_printf(bp,"subject:%s\n",f); 2054 BIO_printf(bp, "subject:%s\n", f);
2227 2055
2228 BIO_puts(bp,"serial :"); 2056 BIO_puts(bp, "serial :");
2229 i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber); 2057 i2a_ASN1_INTEGER(bp, x->cert_info->serialNumber);
2230 BIO_puts(bp,"\n\n"); 2058 BIO_puts(bp, "\n\n");
2231#endif 2059#endif
2232 if (!notext)X509_print(bp,x); 2060 if (!notext)
2233 PEM_write_bio_X509(bp,x); 2061 X509_print(bp, x);
2234 } 2062 PEM_write_bio_X509(bp, x);
2235 2063}
2236static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 2064
2237 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 2065static int
2238 STACK_OF(CONF_VALUE) *policy, CA_DB *db, 2066certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2239 BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, 2067 const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
2240 long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, 2068 STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
2241 unsigned long nameopt, int default_op, int ext_copy) 2069 unsigned long chtype, int multirdn, int email_dn, char *startdate,
2242 { 2070 char *enddate, long days, char *ext_sect, CONF *lconf, int verbose,
2243 STACK_OF(CONF_VALUE) *sk=NULL; 2071 unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy)
2244 LHASH_OF(CONF_VALUE) *parms=NULL; 2072{
2245 X509_REQ *req=NULL; 2073 STACK_OF(CONF_VALUE) *sk = NULL;
2246 CONF_VALUE *cv=NULL; 2074 LHASH_OF(CONF_VALUE) *parms = NULL;
2075 X509_REQ *req = NULL;
2076 CONF_VALUE *cv = NULL;
2247 NETSCAPE_SPKI *spki = NULL; 2077 NETSCAPE_SPKI *spki = NULL;
2248 X509_REQ_INFO *ri; 2078 X509_REQ_INFO *ri;
2249 char *type,*buf; 2079 char *type, *buf;
2250 EVP_PKEY *pktmp=NULL; 2080 EVP_PKEY *pktmp = NULL;
2251 X509_NAME *n=NULL; 2081 X509_NAME *n = NULL;
2252 X509_NAME_ENTRY *ne=NULL; 2082 X509_NAME_ENTRY *ne = NULL;
2253 int ok= -1,i,j; 2083 int ok = -1, i, j;
2254 long errline; 2084 long errline;
2255 int nid; 2085 int nid;
2256 2086
@@ -2259,21 +2089,19 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2259 * way to read and parse the file, then put it into a convenient 2089 * way to read and parse the file, then put it into a convenient
2260 * STACK format). 2090 * STACK format).
2261 */ 2091 */
2262 parms=CONF_load(NULL,infile,&errline); 2092 parms = CONF_load(NULL, infile, &errline);
2263 if (parms == NULL) 2093 if (parms == NULL) {
2264 { 2094 BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile);
2265 BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
2266 ERR_print_errors(bio_err); 2095 ERR_print_errors(bio_err);
2267 goto err; 2096 goto err;
2268 } 2097 }
2269 2098
2270 sk=CONF_get_section(parms, "default"); 2099 sk = CONF_get_section(parms, "default");
2271 if (sk_CONF_VALUE_num(sk) == 0) 2100 if (sk_CONF_VALUE_num(sk) == 0) {
2272 {
2273 BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); 2101 BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
2274 CONF_free(parms); 2102 CONF_free(parms);
2275 goto err; 2103 goto err;
2276 } 2104 }
2277 2105
2278 /* 2106 /*
2279 * Now create a dummy X509 request structure. We don't actually 2107 * Now create a dummy X509 request structure. We don't actually
@@ -2282,325 +2110,294 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
2282 * put these components into the right X509 request structure 2110 * put these components into the right X509 request structure
2283 * and we can use the same code as if you had a real X509 request. 2111 * and we can use the same code as if you had a real X509 request.
2284 */ 2112 */
2285 req=X509_REQ_new(); 2113 req = X509_REQ_new();
2286 if (req == NULL) 2114 if (req == NULL) {
2287 {
2288 ERR_print_errors(bio_err); 2115 ERR_print_errors(bio_err);
2289 goto err; 2116 goto err;
2290 } 2117 }
2291 2118
2292 /* 2119 /*
2293 * Build up the subject name set. 2120 * Build up the subject name set.
2294 */ 2121 */
2295 ri=req->req_info; 2122 ri = req->req_info;
2296 n = ri->subject; 2123 n = ri->subject;
2297 2124
2298 for (i = 0; ; i++) 2125 for (i = 0; ; i++) {
2299 { 2126 if (sk_CONF_VALUE_num(sk) <= i)
2300 if (sk_CONF_VALUE_num(sk) <= i) break; 2127 break;
2301 2128
2302 cv=sk_CONF_VALUE_value(sk,i); 2129 cv = sk_CONF_VALUE_value(sk, i);
2303 type=cv->name; 2130 type = cv->name;
2304 /* Skip past any leading X. X: X, etc to allow for 2131 /* Skip past any leading X. X: X, etc to allow for
2305 * multiple instances 2132 * multiple instances
2306 */ 2133 */
2307 for (buf = cv->name; *buf ; buf++) 2134 for (buf = cv->name; *buf; buf++)
2308 if ((*buf == ':') || (*buf == ',') || (*buf == '.')) 2135 if ((*buf == ':') || (*buf == ', ') || (*buf == '.')) {
2309 { 2136 buf++;
2310 buf++; 2137 if (*buf)
2311 if (*buf) type = buf; 2138 type = buf;
2312 break; 2139 break;
2313 } 2140 }
2314 2141
2315 buf=cv->value; 2142 buf = cv->value;
2316 if ((nid=OBJ_txt2nid(type)) == NID_undef) 2143 if ((nid = OBJ_txt2nid(type)) == NID_undef) {
2317 { 2144 if (strcmp(type, "SPKAC") == 0) {
2318 if (strcmp(type, "SPKAC") == 0)
2319 {
2320 spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); 2145 spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
2321 if (spki == NULL) 2146 if (spki == NULL) {
2322 { 2147 BIO_printf(bio_err, "unable to load Netscape SPKAC structure\n");
2323 BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
2324 ERR_print_errors(bio_err); 2148 ERR_print_errors(bio_err);
2325 goto err; 2149 goto err;
2326 }
2327 } 2150 }
2328 continue;
2329 } 2151 }
2152 continue;
2153 }
2330 2154
2331 if (!X509_NAME_add_entry_by_NID(n, nid, chtype, 2155 if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
2332 (unsigned char *)buf, -1, -1, 0)) 2156 (unsigned char *)buf, -1, -1, 0))
2333 goto err; 2157 goto err;
2334 } 2158 }
2335 if (spki == NULL) 2159 if (spki == NULL) {
2336 { 2160 BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n",
2337 BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n", 2161 infile);
2338 infile);
2339 goto err; 2162 goto err;
2340 } 2163 }
2341 2164
2342 /* 2165 /*
2343 * Now extract the key from the SPKI structure. 2166 * Now extract the key from the SPKI structure.
2344 */ 2167 */
2345 2168
2346 BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n"); 2169 BIO_printf(bio_err, "Check that the SPKAC request matches the signature\n");
2347 2170
2348 if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL) 2171 if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) {
2349 { 2172 BIO_printf(bio_err, "error unpacking SPKAC public key\n");
2350 BIO_printf(bio_err,"error unpacking SPKAC public key\n");
2351 goto err; 2173 goto err;
2352 } 2174 }
2353 2175
2354 j = NETSCAPE_SPKI_verify(spki, pktmp); 2176 j = NETSCAPE_SPKI_verify(spki, pktmp);
2355 if (j <= 0) 2177 if (j <= 0) {
2356 { 2178 BIO_printf(bio_err, "signature verification failed on SPKAC public key\n");
2357 BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
2358 goto err; 2179 goto err;
2359 } 2180 }
2360 BIO_printf(bio_err,"Signature ok\n"); 2181 BIO_printf(bio_err, "Signature ok\n");
2361 2182
2362 X509_REQ_set_pubkey(req,pktmp); 2183 X509_REQ_set_pubkey(req, pktmp);
2363 EVP_PKEY_free(pktmp); 2184 EVP_PKEY_free(pktmp);
2364 ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype, 2185 ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, chtype,
2365 multirdn,email_dn,startdate,enddate, days,1,verbose,req, 2186 multirdn, email_dn, startdate, enddate, days, 1, verbose, req,
2366 ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); 2187 ext_sect, lconf, certopt, nameopt, default_op, ext_copy, 0);
2367err: 2188err:
2368 if (req != NULL) X509_REQ_free(req); 2189 if (req != NULL)
2369 if (parms != NULL) CONF_free(parms); 2190 X509_REQ_free(req);
2370 if (spki != NULL) NETSCAPE_SPKI_free(spki); 2191 if (parms != NULL)
2371 if (ne != NULL) X509_NAME_ENTRY_free(ne); 2192 CONF_free(parms);
2193 if (spki != NULL)
2194 NETSCAPE_SPKI_free(spki);
2195 if (ne != NULL)
2196 X509_NAME_ENTRY_free(ne);
2372 2197
2373 return(ok); 2198 return (ok);
2374 } 2199}
2375 2200
2376static int check_time_format(const char *str) 2201static int
2377 { 2202check_time_format(const char *str)
2203{
2378 return ASN1_TIME_set_string(NULL, str); 2204 return ASN1_TIME_set_string(NULL, str);
2379 } 2205}
2380 2206
2381static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) 2207static int
2382 { 2208do_revoke(X509 *x509, CA_DB *db, int type, char *value)
2383 ASN1_UTCTIME *tm=NULL; 2209{
2384 char *row[DB_NUMBER],**rrow,**irow; 2210 ASN1_UTCTIME *tm = NULL;
2211 char *row[DB_NUMBER], **rrow, **irow;
2385 char *rev_str = NULL; 2212 char *rev_str = NULL;
2386 BIGNUM *bn = NULL; 2213 BIGNUM *bn = NULL;
2387 int ok=-1,i; 2214 int ok = -1, i;
2388 2215
2389 for (i=0; i<DB_NUMBER; i++) 2216 for (i = 0; i < DB_NUMBER; i++)
2390 row[i]=NULL; 2217 row[i] = NULL;
2391 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); 2218 row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
2392 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); 2219 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
2393 if (!bn) 2220 if (!bn)
2394 goto err; 2221 goto err;
2395 if (BN_is_zero(bn)) 2222 if (BN_is_zero(bn))
2396 row[DB_serial]=BUF_strdup("00"); 2223 row[DB_serial] = BUF_strdup("00");
2397 else 2224 else
2398 row[DB_serial]=BN_bn2hex(bn); 2225 row[DB_serial] = BN_bn2hex(bn);
2399 BN_free(bn); 2226 BN_free(bn);
2400 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) 2227 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
2401 { 2228 BIO_printf(bio_err, "Memory allocation failure\n");
2402 BIO_printf(bio_err,"Memory allocation failure\n");
2403 goto err; 2229 goto err;
2404 } 2230 }
2405 /* We have to lookup by serial number because name lookup 2231 /* We have to lookup by serial number because name lookup
2406 * skips revoked certs 2232 * skips revoked certs
2407 */ 2233 */
2408 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 2234 rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
2409 if (rrow == NULL) 2235 if (rrow == NULL) {
2410 { 2236 BIO_printf(bio_err, "Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
2411 BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
2412 2237
2413 /* We now just add it to the database */ 2238 /* We now just add it to the database */
2414 row[DB_type]=(char *)OPENSSL_malloc(2); 2239 row[DB_type] = (char *)OPENSSL_malloc(2);
2415 2240
2416 tm=X509_get_notAfter(x509); 2241 tm = X509_get_notAfter(x509);
2417 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); 2242 row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
2418 memcpy(row[DB_exp_date],tm->data,tm->length); 2243 memcpy(row[DB_exp_date], tm->data, tm->length);
2419 row[DB_exp_date][tm->length]='\0'; 2244 row[DB_exp_date][tm->length] = '\0';
2420 2245
2421 row[DB_rev_date]=NULL; 2246 row[DB_rev_date] = NULL;
2422 2247
2423 /* row[DB_serial] done already */ 2248 /* row[DB_serial] done already */
2424 row[DB_file]=(char *)OPENSSL_malloc(8); 2249 row[DB_file] = (char *)OPENSSL_malloc(8);
2425 2250
2426 /* row[DB_name] done already */ 2251 /* row[DB_name] done already */
2427 2252
2428 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 2253 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
2429 (row[DB_file] == NULL)) 2254 (row[DB_file] == NULL)) {
2430 { 2255 BIO_printf(bio_err, "Memory allocation failure\n");
2431 BIO_printf(bio_err,"Memory allocation failure\n");
2432 goto err; 2256 goto err;
2433 } 2257 }
2434 BUF_strlcpy(row[DB_file],"unknown",8); 2258 BUF_strlcpy(row[DB_file], "unknown", 8);
2435 row[DB_type][0]='V'; 2259 row[DB_type][0] = 'V';
2436 row[DB_type][1]='\0'; 2260 row[DB_type][1] = '\0';
2437 2261
2438 if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) 2262 if ((irow = (char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER + 1))) == NULL) {
2439 { 2263 BIO_printf(bio_err, "Memory allocation failure\n");
2440 BIO_printf(bio_err,"Memory allocation failure\n");
2441 goto err; 2264 goto err;
2442 } 2265 }
2443 2266
2444 for (i=0; i<DB_NUMBER; i++) 2267 for (i = 0; i < DB_NUMBER; i++) {
2445 { 2268 irow[i] = row[i];
2446 irow[i]=row[i]; 2269 row[i] = NULL;
2447 row[i]=NULL; 2270 }
2448 } 2271 irow[DB_NUMBER] = NULL;
2449 irow[DB_NUMBER]=NULL;
2450 2272
2451 if (!TXT_DB_insert(db->db,irow)) 2273 if (!TXT_DB_insert(db->db, irow)) {
2452 { 2274 BIO_printf(bio_err, "failed to update database\n");
2453 BIO_printf(bio_err,"failed to update database\n"); 2275 BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
2454 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
2455 goto err; 2276 goto err;
2456 } 2277 }
2457 2278
2458 /* Revoke Certificate */ 2279 /* Revoke Certificate */
2459 ok = do_revoke(x509,db, type, value); 2280 ok = do_revoke(x509, db, type, value);
2460 2281
2461 goto err; 2282 goto err;
2462 2283
2463 } 2284 } else if (index_name_cmp_noconst(row, rrow)) {
2464 else if (index_name_cmp_noconst(row, rrow)) 2285 BIO_printf(bio_err, "ERROR:name does not match %s\n",
2465 { 2286 row[DB_name]);
2466 BIO_printf(bio_err,"ERROR:name does not match %s\n",
2467 row[DB_name]);
2468 goto err; 2287 goto err;
2469 } 2288 } else if (rrow[DB_type][0]=='R') {
2470 else if (rrow[DB_type][0]=='R') 2289 BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
2471 { 2290 row[DB_serial]);
2472 BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
2473 row[DB_serial]);
2474 goto err; 2291 goto err;
2475 } 2292 } else {
2476 else 2293 BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
2477 {
2478 BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
2479 rev_str = make_revocation_str(type, value); 2294 rev_str = make_revocation_str(type, value);
2480 if (!rev_str) 2295 if (!rev_str) {
2481 {
2482 BIO_printf(bio_err, "Error in revocation arguments\n"); 2296 BIO_printf(bio_err, "Error in revocation arguments\n");
2483 goto err; 2297 goto err;
2484 }
2485 rrow[DB_type][0]='R';
2486 rrow[DB_type][1]='\0';
2487 rrow[DB_rev_date] = rev_str;
2488 } 2298 }
2489 ok=1; 2299 rrow[DB_type][0] = 'R';
2300 rrow[DB_type][1] = '\0';
2301 rrow[DB_rev_date] = rev_str;
2302 }
2303 ok = 1;
2490err: 2304err:
2491 for (i=0; i<DB_NUMBER; i++) 2305 for (i = 0; i < DB_NUMBER; i++) {
2492 { 2306 if (row[i] != NULL)
2493 if (row[i] != NULL)
2494 OPENSSL_free(row[i]); 2307 OPENSSL_free(row[i]);
2495 }
2496 return(ok);
2497 } 2308 }
2309 return (ok);
2310}
2498 2311
2499static int get_certificate_status(const char *serial, CA_DB *db) 2312static int
2500 { 2313get_certificate_status(const char *serial, CA_DB *db)
2501 char *row[DB_NUMBER],**rrow; 2314{
2502 int ok=-1,i; 2315 char *row[DB_NUMBER], **rrow;
2316 int ok = -1, i;
2503 2317
2504 /* Free Resources */ 2318 /* Free Resources */
2505 for (i=0; i<DB_NUMBER; i++) 2319 for (i = 0; i < DB_NUMBER; i++)
2506 row[i]=NULL; 2320 row[i] = NULL;
2507 2321
2508 /* Malloc needed char spaces */ 2322 /* Malloc needed char spaces */
2509 row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2); 2323 row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
2510 if (row[DB_serial] == NULL) 2324 if (row[DB_serial] == NULL) {
2511 { 2325 BIO_printf(bio_err, "Malloc failure\n");
2512 BIO_printf(bio_err,"Malloc failure\n");
2513 goto err; 2326 goto err;
2514 } 2327 }
2515 2328
2516 if (strlen(serial) % 2) 2329 if (strlen(serial) % 2) {
2517 {
2518 /* Set the first char to 0 */; 2330 /* Set the first char to 0 */;
2519 row[DB_serial][0]='0'; 2331 row[DB_serial][0]='0';
2520 2332
2521 /* Copy String from serial to row[DB_serial] */ 2333 /* Copy String from serial to row[DB_serial] */
2522 memcpy(row[DB_serial]+1, serial, strlen(serial)); 2334 memcpy(row[DB_serial]+1, serial, strlen(serial));
2523 row[DB_serial][strlen(serial)+1]='\0'; 2335 row[DB_serial][strlen(serial) + 1] = '\0';
2524 } 2336 } else {
2525 else
2526 {
2527 /* Copy String from serial to row[DB_serial] */ 2337 /* Copy String from serial to row[DB_serial] */
2528 memcpy(row[DB_serial], serial, strlen(serial)); 2338 memcpy(row[DB_serial], serial, strlen(serial));
2529 row[DB_serial][strlen(serial)]='\0'; 2339 row[DB_serial][strlen(serial)] = '\0';
2530 } 2340 }
2531 2341
2532 /* Make it Upper Case */ 2342 /* Make it Upper Case */
2533 for (i=0; row[DB_serial][i] != '\0'; i++) 2343 for (i = 0; row[DB_serial][i] != '\0'; i++)
2534 row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]); 2344 row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
2535
2536 2345
2537 ok=1; 2346
2347 ok = 1;
2538 2348
2539 /* Search for the certificate */ 2349 /* Search for the certificate */
2540 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 2350 rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
2541 if (rrow == NULL) 2351 if (rrow == NULL) {
2542 { 2352 BIO_printf(bio_err, "Serial %s not present in db.\n",
2543 BIO_printf(bio_err,"Serial %s not present in db.\n", 2353 row[DB_serial]);
2544 row[DB_serial]); 2354 ok = -1;
2545 ok=-1;
2546 goto err; 2355 goto err;
2547 } 2356 } else if (rrow[DB_type][0]=='V') {
2548 else if (rrow[DB_type][0]=='V') 2357 BIO_printf(bio_err, "%s = Valid (%c)\n",
2549 { 2358 row[DB_serial], rrow[DB_type][0]);
2550 BIO_printf(bio_err,"%s=Valid (%c)\n",
2551 row[DB_serial], rrow[DB_type][0]);
2552 goto err; 2359 goto err;
2553 } 2360 } else if (rrow[DB_type][0]=='R') {
2554 else if (rrow[DB_type][0]=='R') 2361 BIO_printf(bio_err, "%s = Revoked (%c)\n",
2555 { 2362 row[DB_serial], rrow[DB_type][0]);
2556 BIO_printf(bio_err,"%s=Revoked (%c)\n",
2557 row[DB_serial], rrow[DB_type][0]);
2558 goto err; 2363 goto err;
2559 } 2364 } else if (rrow[DB_type][0]=='E') {
2560 else if (rrow[DB_type][0]=='E') 2365 BIO_printf(bio_err, "%s = Expired (%c)\n",
2561 { 2366 row[DB_serial], rrow[DB_type][0]);
2562 BIO_printf(bio_err,"%s=Expired (%c)\n",
2563 row[DB_serial], rrow[DB_type][0]);
2564 goto err; 2367 goto err;
2565 } 2368 } else if (rrow[DB_type][0]=='S') {
2566 else if (rrow[DB_type][0]=='S') 2369 BIO_printf(bio_err, "%s = Suspended (%c)\n",
2567 { 2370 row[DB_serial], rrow[DB_type][0]);
2568 BIO_printf(bio_err,"%s=Suspended (%c)\n",
2569 row[DB_serial], rrow[DB_type][0]);
2570 goto err; 2371 goto err;
2571 } 2372 } else {
2572 else 2373 BIO_printf(bio_err, "%s = Unknown (%c).\n",
2573 { 2374 row[DB_serial], rrow[DB_type][0]);
2574 BIO_printf(bio_err,"%s=Unknown (%c).\n", 2375 ok = -1;
2575 row[DB_serial], rrow[DB_type][0]); 2376 }
2576 ok=-1;
2577 }
2578err: 2377err:
2579 for (i=0; i<DB_NUMBER; i++) 2378 for (i = 0; i < DB_NUMBER; i++) {
2580 {
2581 if (row[i] != NULL) 2379 if (row[i] != NULL)
2582 OPENSSL_free(row[i]); 2380 OPENSSL_free(row[i]);
2583 }
2584 return(ok);
2585 } 2381 }
2382 return (ok);
2383}
2586 2384
2587static int do_updatedb (CA_DB *db) 2385static int do_updatedb (CA_DB *db)
2588 { 2386{
2589 ASN1_UTCTIME *a_tm = NULL; 2387 ASN1_UTCTIME *a_tm = NULL;
2590 int i, cnt = 0; 2388 int i, cnt = 0;
2591 int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ 2389 int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
2592 char **rrow, *a_tm_s; 2390 char **rrow, *a_tm_s;
2593 2391
2594 a_tm = ASN1_UTCTIME_new(); 2392 a_tm = ASN1_UTCTIME_new();
2595 2393
2596 /* get actual time and make a string */ 2394 /* get actual time and make a string */
2597 a_tm = X509_gmtime_adj(a_tm, 0); 2395 a_tm = X509_gmtime_adj(a_tm, 0);
2598 a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1); 2396 a_tm_s = (char *) OPENSSL_malloc(a_tm->length + 1);
2599 if (a_tm_s == NULL) 2397 if (a_tm_s == NULL) {
2600 {
2601 cnt = -1; 2398 cnt = -1;
2602 goto err; 2399 goto err;
2603 } 2400 }
2604 2401
2605 memcpy(a_tm_s, a_tm->data, a_tm->length); 2402 memcpy(a_tm_s, a_tm->data, a_tm->length);
2606 a_tm_s[a_tm->length] = '\0'; 2403 a_tm_s[a_tm->length] = '\0';
@@ -2610,51 +2407,44 @@ static int do_updatedb (CA_DB *db)
2610 else 2407 else
2611 a_y2k = 0; 2408 a_y2k = 0;
2612 2409
2613 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) 2410 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
2614 {
2615 rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); 2411 rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
2616 2412
2617 if (rrow[DB_type][0] == 'V') 2413 if (rrow[DB_type][0] == 'V') {
2618 {
2619 /* ignore entries that are not valid */ 2414 /* ignore entries that are not valid */
2620 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) 2415 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
2621 db_y2k = 1; 2416 db_y2k = 1;
2622 else 2417 else
2623 db_y2k = 0; 2418 db_y2k = 0;
2624 2419
2625 if (db_y2k == a_y2k) 2420 if (db_y2k == a_y2k) {
2626 {
2627 /* all on the same y2k side */ 2421 /* all on the same y2k side */
2628 if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) 2422 if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
2629 { 2423 rrow[DB_type][0] = 'E';
2630 rrow[DB_type][0] = 'E'; 2424 rrow[DB_type][1] = '\0';
2631 rrow[DB_type][1] = '\0'; 2425 cnt++;
2632 cnt++; 2426
2633 2427 BIO_printf(bio_err, "%s = Expired\n",
2634 BIO_printf(bio_err, "%s=Expired\n", 2428 rrow[DB_serial]);
2635 rrow[DB_serial]);
2636 }
2637 }
2638 else if (db_y2k < a_y2k)
2639 {
2640 rrow[DB_type][0] = 'E';
2641 rrow[DB_type][1] = '\0';
2642 cnt++;
2643
2644 BIO_printf(bio_err, "%s=Expired\n",
2645 rrow[DB_serial]);
2646 } 2429 }
2430 } else if (db_y2k < a_y2k) {
2431 rrow[DB_type][0] = 'E';
2432 rrow[DB_type][1] = '\0';
2433 cnt++;
2647 2434
2435 BIO_printf(bio_err, "%s = Expired\n",
2436 rrow[DB_serial]);
2648 } 2437 }
2649 }
2650 2438
2651err: 2439 }
2440 }
2652 2441
2442err:
2653 ASN1_UTCTIME_free(a_tm); 2443 ASN1_UTCTIME_free(a_tm);
2654 OPENSSL_free(a_tm_s); 2444 OPENSSL_free(a_tm_s);
2655 2445
2656 return (cnt); 2446 return (cnt);
2657 } 2447}
2658 2448
2659static const char *crl_reasons[] = { 2449static const char *crl_reasons[] = {
2660 /* CRL reason strings */ 2450 /* CRL reason strings */
@@ -2662,7 +2452,7 @@ static const char *crl_reasons[] = {
2662 "keyCompromise", 2452 "keyCompromise",
2663 "CACompromise", 2453 "CACompromise",
2664 "affiliationChanged", 2454 "affiliationChanged",
2665 "superseded", 2455 "superseded",
2666 "cessationOfOperation", 2456 "cessationOfOperation",
2667 "certificateHold", 2457 "certificateHold",
2668 "removeFromCRL", 2458 "removeFromCRL",
@@ -2682,32 +2472,29 @@ static const char *crl_reasons[] = {
2682 * argument 2472 * argument
2683 */ 2473 */
2684 2474
2685char *make_revocation_str(int rev_type, char *rev_arg) 2475char *
2686 { 2476make_revocation_str(int rev_type, char *rev_arg)
2477{
2687 char *other = NULL, *str; 2478 char *other = NULL, *str;
2688 const char *reason = NULL; 2479 const char *reason = NULL;
2689 ASN1_OBJECT *otmp; 2480 ASN1_OBJECT *otmp;
2690 ASN1_UTCTIME *revtm = NULL; 2481 ASN1_UTCTIME *revtm = NULL;
2691 int i; 2482 int i;
2692 switch (rev_type) 2483 switch (rev_type) {
2693 {
2694 case REV_NONE: 2484 case REV_NONE:
2695 break; 2485 break;
2696 2486
2697 case REV_CRL_REASON: 2487 case REV_CRL_REASON:
2698 for (i = 0; i < 8; i++) 2488 for (i = 0; i < 8; i++) {
2699 { 2489 if (!strcasecmp(rev_arg, crl_reasons[i])) {
2700 if (!strcasecmp(rev_arg, crl_reasons[i]))
2701 {
2702 reason = crl_reasons[i]; 2490 reason = crl_reasons[i];
2703 break; 2491 break;
2704 }
2705 } 2492 }
2706 if (reason == NULL) 2493 }
2707 { 2494 if (reason == NULL) {
2708 BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg); 2495 BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
2709 return NULL; 2496 return NULL;
2710 } 2497 }
2711 break; 2498 break;
2712 2499
2713 case REV_HOLD: 2500 case REV_HOLD:
@@ -2716,71 +2503,70 @@ char *make_revocation_str(int rev_type, char *rev_arg)
2716 otmp = OBJ_txt2obj(rev_arg, 0); 2503 otmp = OBJ_txt2obj(rev_arg, 0);
2717 ASN1_OBJECT_free(otmp); 2504 ASN1_OBJECT_free(otmp);
2718 2505
2719 if (otmp == NULL) 2506 if (otmp == NULL) {
2720 {
2721 BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg); 2507 BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
2722 return NULL; 2508 return NULL;
2723 } 2509 }
2724 2510
2725 reason = "holdInstruction"; 2511 reason = "holdInstruction";
2726 other = rev_arg; 2512 other = rev_arg;
2727 break; 2513 break;
2728 2514
2729 case REV_KEY_COMPROMISE: 2515 case REV_KEY_COMPROMISE:
2730 case REV_CA_COMPROMISE: 2516 case REV_CA_COMPROMISE:
2731 2517
2732 /* Argument is the key compromise time */ 2518 /* Argument is the key compromise time */
2733 if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) 2519 if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
2734 {
2735 BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg); 2520 BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
2736 return NULL; 2521 return NULL;
2737 } 2522 }
2738 other = rev_arg; 2523 other = rev_arg;
2739 if (rev_type == REV_KEY_COMPROMISE) 2524 if (rev_type == REV_KEY_COMPROMISE)
2740 reason = "keyTime"; 2525 reason = "keyTime";
2741 else 2526 else
2742 reason = "CAkeyTime"; 2527 reason = "CAkeyTime";
2743 2528
2744 break; 2529 break;
2745 2530
2746 } 2531 }
2747 2532
2748 revtm = X509_gmtime_adj(NULL, 0); 2533 revtm = X509_gmtime_adj(NULL, 0);
2749 2534
2750 i = revtm->length + 1; 2535 i = revtm->length + 1;
2751 2536
2752 if (reason) i += strlen(reason) + 1; 2537 if (reason) i += strlen(reason)
2753 if (other) i += strlen(other) + 1; 2538 + 1;
2539 if (other) i += strlen(other)
2540 + 1;
2754 2541
2755 str = OPENSSL_malloc(i); 2542 str = OPENSSL_malloc(i);
2756 2543
2757 if (!str) return NULL; 2544 if (!str)
2545 return NULL;
2758 2546
2759 BUF_strlcpy(str, (char *)revtm->data, i); 2547 BUF_strlcpy(str, (char *)revtm->data, i);
2760 if (reason) 2548 if (reason) {
2761 { 2549 BUF_strlcat(str, ", ", i);
2762 BUF_strlcat(str, ",", i);
2763 BUF_strlcat(str, reason, i); 2550 BUF_strlcat(str, reason, i);
2764 } 2551 }
2765 if (other) 2552 if (other) {
2766 { 2553 BUF_strlcat(str, ", ", i);
2767 BUF_strlcat(str, ",", i);
2768 BUF_strlcat(str, other, i); 2554 BUF_strlcat(str, other, i);
2769 } 2555 }
2770 ASN1_UTCTIME_free(revtm); 2556 ASN1_UTCTIME_free(revtm);
2771 return str; 2557 return str;
2772 } 2558}
2773 2559
2774/* Convert revocation field to X509_REVOKED entry 2560/* Convert revocation field to X509_REVOKED entry
2775 * return code: 2561 * return code:
2776 * 0 error 2562 * 0 error
2777 * 1 OK 2563 * 1 OK
2778 * 2 OK and some extensions added (i.e. V2 CRL) 2564 * 2 OK and some extensions added (i.e. V2 CRL)
2779 */ 2565 */
2780 2566
2781 2567int
2782int make_revoked(X509_REVOKED *rev, const char *str) 2568make_revoked(X509_REVOKED *rev, const char *str)
2783 { 2569{
2784 char *tmp = NULL; 2570 char *tmp = NULL;
2785 int reason_code = -1; 2571 int reason_code = -1;
2786 int i, ret = 0; 2572 int i, ret = 0;
@@ -2798,82 +2584,84 @@ int make_revoked(X509_REVOKED *rev, const char *str)
2798 if (rev && !X509_REVOKED_set_revocationDate(rev, revDate)) 2584 if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
2799 goto err; 2585 goto err;
2800 2586
2801 if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) 2587 if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
2802 {
2803 rtmp = ASN1_ENUMERATED_new(); 2588 rtmp = ASN1_ENUMERATED_new();
2804 if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code)) 2589 if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
2805 goto err; 2590 goto err;
2806 if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0)) 2591 if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
2807 goto err; 2592 goto err;
2808 } 2593 }
2809 2594
2810 if (rev && comp_time) 2595 if (rev && comp_time) {
2811 {
2812 if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0)) 2596 if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
2813 goto err; 2597 goto err;
2814 } 2598 }
2815 if (rev && hold) 2599 if (rev && hold) {
2816 {
2817 if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0)) 2600 if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
2818 goto err; 2601 goto err;
2819 } 2602 }
2820 2603
2821 if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS) 2604 if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
2822 ret = 2; 2605 ret = 2;
2823 else ret = 1; 2606 else
2607 ret = 1;
2824 2608
2825 err: 2609err:
2826 2610
2827 if (tmp) OPENSSL_free(tmp); 2611 if (tmp)
2612 OPENSSL_free(tmp);
2828 ASN1_OBJECT_free(hold); 2613 ASN1_OBJECT_free(hold);
2829 ASN1_GENERALIZEDTIME_free(comp_time); 2614 ASN1_GENERALIZEDTIME_free(comp_time);
2830 ASN1_ENUMERATED_free(rtmp); 2615 ASN1_ENUMERATED_free(rtmp);
2831 ASN1_TIME_free(revDate); 2616 ASN1_TIME_free(revDate);
2832 2617
2833 return ret; 2618 return ret;
2834 } 2619}
2835 2620
2836int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) 2621int
2837 { 2622old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
2838 char buf[25],*pbuf, *p; 2623{
2624 char buf[25], *pbuf, *p;
2839 int j; 2625 int j;
2840 j=i2a_ASN1_OBJECT(bp,obj); 2626 j = i2a_ASN1_OBJECT(bp, obj);
2841 pbuf=buf; 2627 pbuf = buf;
2842 for (j=22-j; j>0; j--) 2628 for (j = 22 - j; j > 0; j--)
2843 *(pbuf++)=' '; 2629 *(pbuf++) = ' ';
2844 *(pbuf++)=':'; 2630 *(pbuf++) = ':';
2845 *(pbuf++)='\0'; 2631 *(pbuf++) = '\0';
2846 BIO_puts(bp,buf); 2632 BIO_puts(bp, buf);
2847 2633
2848 if (str->type == V_ASN1_PRINTABLESTRING) 2634 if (str->type == V_ASN1_PRINTABLESTRING)
2849 BIO_printf(bp,"PRINTABLE:'"); 2635 BIO_printf(bp, "PRINTABLE:'");
2850 else if (str->type == V_ASN1_T61STRING) 2636 else if (str->type == V_ASN1_T61STRING)
2851 BIO_printf(bp,"T61STRING:'"); 2637 BIO_printf(bp, "T61STRING:'");
2852 else if (str->type == V_ASN1_IA5STRING) 2638 else if (str->type == V_ASN1_IA5STRING)
2853 BIO_printf(bp,"IA5STRING:'"); 2639 BIO_printf(bp, "IA5STRING:'");
2854 else if (str->type == V_ASN1_UNIVERSALSTRING) 2640 else if (str->type == V_ASN1_UNIVERSALSTRING)
2855 BIO_printf(bp,"UNIVERSALSTRING:'"); 2641 BIO_printf(bp, "UNIVERSALSTRING:'");
2856 else 2642 else
2857 BIO_printf(bp,"ASN.1 %2d:'",str->type); 2643 BIO_printf(bp, "ASN.1 %2d:'", str->type);
2858 2644
2859 p=(char *)str->data; 2645 p = (char *)str->data;
2860 for (j=str->length; j>0; j--) 2646 for (j = str->length; j > 0; j--) {
2861 {
2862 if ((*p >= ' ') && (*p <= '~')) 2647 if ((*p >= ' ') && (*p <= '~'))
2863 BIO_printf(bp,"%c",*p); 2648 BIO_printf(bp, "%c", *p);
2864 else if (*p & 0x80) 2649 else if (*p & 0x80)
2865 BIO_printf(bp,"\\0x%02X",*p); 2650 BIO_printf(bp, "\\0x%02X", *p);
2866 else if ((unsigned char)*p == 0xf7) 2651 else if ((unsigned char)*p == 0xf7)
2867 BIO_printf(bp,"^?"); 2652 BIO_printf(bp, "^?");
2868 else BIO_printf(bp,"^%c",*p+'@'); 2653 else
2654 BIO_printf(bp, "^%c", *p+'@');
2869 p++; 2655 p++;
2870 }
2871 BIO_printf(bp,"'\n");
2872 return 1;
2873 } 2656 }
2657 BIO_printf(bp, "'\n");
2658 return 1;
2659}
2874 2660
2875int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str) 2661int
2876 { 2662unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
2663 ASN1_GENERALIZEDTIME **pinvtm, const char *str)
2664{
2877 char *tmp = NULL; 2665 char *tmp = NULL;
2878 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; 2666 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
2879 int reason_code = -1; 2667 int reason_code = -1;
@@ -2883,98 +2671,90 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
2883 ASN1_GENERALIZEDTIME *comp_time = NULL; 2671 ASN1_GENERALIZEDTIME *comp_time = NULL;
2884 tmp = BUF_strdup(str); 2672 tmp = BUF_strdup(str);
2885 2673
2886 p = strchr(tmp, ','); 2674 p = strchr(tmp, ', ');
2887 2675
2888 rtime_str = tmp; 2676 rtime_str = tmp;
2889 2677
2890 if (p) 2678 if (p) {
2891 {
2892 *p = '\0'; 2679 *p = '\0';
2893 p++; 2680 p++;
2894 reason_str = p; 2681 reason_str = p;
2895 p = strchr(p, ','); 2682 p = strchr(p, ', ');
2896 if (p) 2683 if (p) {
2897 {
2898 *p = '\0'; 2684 *p = '\0';
2899 arg_str = p + 1; 2685 arg_str = p + 1;
2900 }
2901 } 2686 }
2687 }
2902 2688
2903 if (prevtm) 2689 if (prevtm) {
2904 {
2905 *prevtm = ASN1_UTCTIME_new(); 2690 *prevtm = ASN1_UTCTIME_new();
2906 if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) 2691 if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
2907 {
2908 BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); 2692 BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
2909 goto err; 2693 goto err;
2910 }
2911 } 2694 }
2912 if (reason_str) 2695 }
2913 { 2696 if (reason_str) {
2914 for (i = 0; i < NUM_REASONS; i++) 2697 for (i = 0; i < NUM_REASONS; i++) {
2915 { 2698 if (!strcasecmp(reason_str, crl_reasons[i])) {
2916 if(!strcasecmp(reason_str, crl_reasons[i]))
2917 {
2918 reason_code = i; 2699 reason_code = i;
2919 break; 2700 break;
2920 }
2921 } 2701 }
2922 if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) 2702 }
2923 { 2703 if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) {
2924 BIO_printf(bio_err, "invalid reason code %s\n", reason_str); 2704 BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
2925 goto err; 2705 goto err;
2926 } 2706 }
2927 2707
2928 if (reason_code == 7) 2708 if (reason_code == 7)
2929 reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; 2709 reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
2930 else if (reason_code == 8) /* Hold instruction */ 2710 else if (reason_code == 8) /* Hold instruction */
2931 { 2711 {
2932 if (!arg_str) 2712 if (!arg_str) {
2933 {
2934 BIO_printf(bio_err, "missing hold instruction\n"); 2713 BIO_printf(bio_err, "missing hold instruction\n");
2935 goto err; 2714 goto err;
2936 } 2715 }
2937 reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD; 2716 reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
2938 hold = OBJ_txt2obj(arg_str, 0); 2717 hold = OBJ_txt2obj(arg_str, 0);
2939 2718
2940 if (!hold) 2719 if (!hold) {
2941 {
2942 BIO_printf(bio_err, "invalid object identifier %s\n", arg_str); 2720 BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
2943 goto err; 2721 goto err;
2944 }
2945 if (phold) *phold = hold;
2946 } 2722 }
2947 else if ((reason_code == 9) || (reason_code == 10)) 2723 if (phold)
2948 { 2724 *phold = hold;
2949 if (!arg_str) 2725 } else if ((reason_code == 9) || (reason_code == 10)) {
2950 { 2726 if (!arg_str) {
2951 BIO_printf(bio_err, "missing compromised time\n"); 2727 BIO_printf(bio_err, "missing compromised time\n");
2952 goto err; 2728 goto err;
2953 } 2729 }
2954 comp_time = ASN1_GENERALIZEDTIME_new(); 2730 comp_time = ASN1_GENERALIZEDTIME_new();
2955 if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) 2731 if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
2956 {
2957 BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); 2732 BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
2958 goto err; 2733 goto err;
2959 } 2734 }
2960 if (reason_code == 9) 2735 if (reason_code == 9)
2961 reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE; 2736 reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
2962 else 2737 else
2963 reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE; 2738 reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
2964 }
2965 } 2739 }
2740 }
2966 2741
2967 if (preason) *preason = reason_code; 2742 if (preason)
2968 if (pinvtm) *pinvtm = comp_time; 2743 *preason = reason_code;
2969 else ASN1_GENERALIZEDTIME_free(comp_time); 2744 if (pinvtm)
2745 *pinvtm = comp_time;
2746 else
2747 ASN1_GENERALIZEDTIME_free(comp_time);
2970 2748
2971 ret = 1; 2749 ret = 1;
2972 2750
2973 err: 2751err:
2974 2752 if (tmp)
2975 if (tmp) OPENSSL_free(tmp); 2753 OPENSSL_free(tmp);
2976 if (!phold) ASN1_OBJECT_free(hold); 2754 if (!phold)
2977 if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); 2755 ASN1_OBJECT_free(hold);
2756 if (!pinvtm)
2757 ASN1_GENERALIZEDTIME_free(comp_time);
2978 2758
2979 return ret; 2759 return ret;
2980 } 2760}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:36:37 +0000