1 files changed, 127 insertions, 41 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index 86efbdb657..dbdd43c6a7 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.35 2021/07/24 13:21:04 inoguchi Exp $ */
+/* $OpenBSD: ca.c,v 1.36 2021/08/28 02:11:18 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -141,7 +141,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
    unsigned long chtype, int multirdn, int email_dn, char *startdate,
    char *enddate, long days, char *ext_sect, CONF *conf, int verbose,
    unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der,
+static int write_new_certificate(BIO *bp, X509 *x, int output_der,
    int notext);
 static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
    const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
@@ -1065,6 +1065,8 @@ ca_main(int argc, char **argv)
                        goto err;
                }
                ca_config.md = (char *) OBJ_nid2sn(def_nid);
+                if (ca_config.md == NULL)
+                        goto err;
        }
        if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) {
                BIO_printf(bio_err,
@@ -1350,9 +1352,12 @@ ca_main(int argc, char **argv)
                                perror(pempath);
                                goto err;
                        }
-                        write_new_certificate(Cout, x, 0, ca_config.notext);
+                        if (!write_new_certificate(Cout, x, 0,
-                        write_new_certificate(Sout, x, output_der,
+                            ca_config.notext))
-                            ca_config.notext);
+                                goto err;
+                        if (!write_new_certificate(Sout, x, output_der,
+                            ca_config.notext))
+                                goto err;
                }
                if (sk_X509_num(cert_sk)) {
@@ -1423,16 +1428,25 @@ ca_main(int argc, char **argv)
                tmptm = ASN1_TIME_new();
                if (tmptm == NULL)
                        goto err;
-                X509_gmtime_adj(tmptm, 0);
+                if (X509_gmtime_adj(tmptm, 0) == NULL) {
-                X509_CRL_set_lastUpdate(crl, tmptm);
+                        ASN1_TIME_free(tmptm);
+                        goto err;
+                }
+                if (!X509_CRL_set_lastUpdate(crl, tmptm)) {
+                        ASN1_TIME_free(tmptm);
+                        goto err;
+                }
                if (X509_time_adj_ex(tmptm, ca_config.crldays,
                    ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) ==
                    NULL) {
                        BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+                        ASN1_TIME_free(tmptm);
+                        goto err;
+                }
+                if (!X509_CRL_set_nextUpdate(crl, tmptm)) {
+                        ASN1_TIME_free(tmptm);
                        goto err;
                }
-                X509_CRL_set_nextUpdate(crl, tmptm);
                ASN1_TIME_free(tmptm);
                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
@@ -1452,9 +1466,13 @@ ca_main(int argc, char **argv)
                                serial = NULL;
                                if (tmpserial == NULL)
                                        goto err;
-                                X509_REVOKED_set_serialNumber(r, tmpserial);
+                                if (!X509_REVOKED_set_serialNumber(r, tmpserial)) {
+                                        ASN1_INTEGER_free(tmpserial);
+                                        goto err;
+                                }
                                ASN1_INTEGER_free(tmpserial);
-                                X509_CRL_add0_revoked(crl, r);
+                                if (!X509_CRL_add0_revoked(crl, r))
+                                        goto err;
                        }
                }
@@ -1482,8 +1500,11 @@ ca_main(int argc, char **argv)
                                tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL);
                                if (tmpserial == NULL)
                                        goto err;
-                                X509_CRL_add1_ext_i2d(crl, NID_crl_number,
+                                if (!X509_CRL_add1_ext_i2d(crl, NID_crl_number,
-                                    tmpserial, 0, 0);
+                                    tmpserial, 0, 0)) {
+                                        ASN1_INTEGER_free(tmpserial);
+                                        goto err;
+                                }
                                ASN1_INTEGER_free(tmpserial);
                                crl_v2 = 1;
                                if (!BN_add_word(crlnumber, 1))
@@ -1507,7 +1528,8 @@ ca_main(int argc, char **argv)
                    ca_config.sigopts))
                        goto err;
-                PEM_write_bio_X509_CRL(Sout, crl);
+                if (!PEM_write_bio_X509_CRL(Sout, crl))
+                        goto err;
                if (crlnumberfile != NULL)      /* Rename the crlnumber file */
                        if (!rotate_serial(crlnumberfile, "new", "old"))
@@ -1605,8 +1627,10 @@ certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                    infile);
                goto err;
        }
-        if (verbose)
+        if (verbose) {
-                X509_REQ_print(bio_err, req);
+                if (!X509_REQ_print(bio_err, req))
+                        goto err;
+        }
        BIO_printf(bio_err, "Check that the request matches the signature\n");
@@ -1665,8 +1689,10 @@ certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
        if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL,
            infile)) == NULL)
                goto err;
-        if (verbose)
+        if (verbose) {
-                X509_print(bio_err, req);
+                if (!X509_print(bio_err, req))
+                        goto err;
+        }
        BIO_printf(bio_err, "Check that the request matches the signature\n");
@@ -1746,7 +1772,10 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                        ERR_print_errors(bio_err);
                        goto err;
                }
-                X509_REQ_set_subject_name(req, n);
+                if (!X509_REQ_set_subject_name(req, n)) {
+                        X509_NAME_free(n);
+                        goto err;
+                }
                req->req_info->enc.modified = 1;
                X509_NAME_free(n);
        }
@@ -1757,12 +1786,20 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        name = X509_REQ_get_subject_name(req);
        for (i = 0; i < X509_NAME_entry_count(name); i++) {
                ne = X509_NAME_get_entry(name, i);
+                if (ne == NULL)
+                        goto err;
                str = X509_NAME_ENTRY_get_data(ne);
+                if (str == NULL)
+                        goto err;
                obj = X509_NAME_ENTRY_get_object(ne);
+                if (obj == NULL)
+                        goto err;
                if (ca_config.msie_hack) {
                        /* assume all type should be strings */
                        nid = OBJ_obj2nid(ne->object);
+                        if (nid == NID_undef)
+                                goto err;
                        if (str->type == V_ASN1_UNIVERSALSTRING)
                                ASN1_UNIVERSALSTRING_to_string(str);
@@ -1825,6 +1862,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                        goto err;
                }
                obj = OBJ_nid2obj(j);
+                if (obj == NULL)
+                        goto err;
                last = -1;
                for (;;) {
@@ -1836,6 +1875,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                                tne = NULL;
                        } else {
                                tne = X509_NAME_get_entry(name, j);
+                                if (tne == NULL)
+                                        goto err;
                        }
                        last = j;
@@ -1874,8 +1915,14 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                                }
                                if (j >= 0) {
                                        push = X509_NAME_get_entry(CAname, j);
+                                        if (push == NULL)
+                                                goto err;
                                        str = X509_NAME_ENTRY_get_data(tne);
+                                        if (str == NULL)
+                                                goto err;
                                        str2 = X509_NAME_ENTRY_get_data(push);
+                                        if (str2 == NULL)
+                                                goto err;
                                        last2 = j;
                                        if (ASN1_STRING_cmp(str, str2) != 0)
                                                goto again2;
@@ -1943,7 +1990,12 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                while ((i = X509_NAME_get_index_by_NID(dn_subject,
                    NID_pkcs9_emailAddress, -1)) >= 0) {
                        tmpne = X509_NAME_get_entry(dn_subject, i);
-                        X509_NAME_delete_entry(dn_subject, i);
+                        if (tmpne == NULL)
+                                goto err;
+                        if (X509_NAME_delete_entry(dn_subject, i) == NULL) {
+                                X509_NAME_ENTRY_free(tmpne);
+                                goto err;
+                        }
                        X509_NAME_ENTRY_free(tmpne);
                }
        }
@@ -2039,17 +2091,20 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                        goto err;
        }
-        if (strcmp(startdate, "today") == 0)
+        if (strcmp(startdate, "today") == 0) {
-                X509_gmtime_adj(X509_get_notBefore(ret), 0);
+                if (X509_gmtime_adj(X509_get_notBefore(ret), 0) == NULL)
-        else if (setCertificateTime(X509_get_notBefore(ret), startdate) == -1) {
+                        goto err;
+        } else if (setCertificateTime(X509_get_notBefore(ret), startdate) == -1) {
                BIO_printf(bio_err, "Invalid start date %s\n",
                    startdate);
                goto err;
        }
-        if (enddate == NULL)
+        if (enddate == NULL) {
-                X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
+                if (X509_time_adj_ex(X509_get_notAfter(ret), days, 0,
-        else if (setCertificateTime(X509_get_notAfter(ret), enddate) == -1) {
+                    NULL) == NULL)
+                        goto err;
+        } else if (setCertificateTime(X509_get_notAfter(ret), enddate) == -1) {
                BIO_printf(bio_err, "Invalid end date %s\n",
                    enddate);
                goto err;
@@ -2059,6 +2114,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                goto err;
        pktmp = X509_REQ_get_pubkey(req);
+        if (pktmp == NULL)
+                goto err;
        i = X509_set_pubkey(ret, pktmp);
        EVP_PKEY_free(pktmp);
        if (!i)
@@ -2070,7 +2128,10 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                if (ci->version == NULL)
                        if ((ci->version = ASN1_INTEGER_new()) == NULL)
                                goto err;
-                ASN1_INTEGER_set(ci->version, 2);       /* version 3 certificate */
+                /* version 3 certificate */
+                if (!ASN1_INTEGER_set(ci->version, 2))
+                        goto err;
                /*
                 * Free the current entries if any, there should not be any I
@@ -2146,7 +2207,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                 * present
                 */
                certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
-                X509_print_ex(bio_err, ret, nameopt, certopt);
+                if (!X509_print_ex(bio_err, ret, nameopt, certopt))
+                        goto err;
        }
        BIO_printf(bio_err, "Certificate is to be certified until ");
        ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
@@ -2172,10 +2234,18 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                        goto err;
                }
        }
        pktmp = X509_get_pubkey(ret);
+        if (pktmp == NULL)
+                goto err;
        if (EVP_PKEY_missing_parameters(pktmp) &&
-            !EVP_PKEY_missing_parameters(pkey))
+            !EVP_PKEY_missing_parameters(pkey)) {
-                EVP_PKEY_copy_parameters(pktmp, pkey);
+                if (!EVP_PKEY_copy_parameters(pktmp, pkey)) {
+                        EVP_PKEY_free(pktmp);
+                        goto err;
+                }
+        }
        EVP_PKEY_free(pktmp);
        if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))
@@ -2247,16 +2317,19 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        return (ok);
 }
-static void
+static int
 write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 {
        if (output_der) {
-                (void) i2d_X509_bio(bp, x);
+                if (!i2d_X509_bio(bp, x))
-                return;
+                        return (0);
        }
-        if (!notext)
+        if (!notext) {
-                X509_print(bp, x);
+                if (!X509_print(bp, x))
-        PEM_write_bio_X509(bp, x);
+                        return (0);
+        }
+        return PEM_write_bio_X509(bp, x);
 }
 static int
@@ -2377,7 +2450,10 @@ certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
        }
        BIO_printf(bio_err, "Signature ok\n");
-        X509_REQ_set_pubkey(req, pktmp);
+        if (!X509_REQ_set_pubkey(req, pktmp)) {
+                EVP_PKEY_free(pktmp);
+                goto err;
+        }
        EVP_PKEY_free(pktmp);
        ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial,
            subj, chtype, multirdn, email_dn, startdate, enddate, days, 1,
@@ -2591,12 +2667,20 @@ do_updatedb(CA_DB *db)
        ASN1_UTCTIME *a_tm = NULL;
        int i, cnt = 0;
        int db_y2k, a_y2k;      /* flags = 1 if y >= 2000 */
-        char **rrow, *a_tm_s;
+        char **rrow, *a_tm_s = NULL;
        a_tm = ASN1_UTCTIME_new();
+        if (a_tm == NULL) {
+                cnt = -1;
+                goto err;
+        }
        /* get actual time and make a string */
        a_tm = X509_gmtime_adj(a_tm, 0);
+        if (a_tm == NULL) {
+                cnt = -1;
+                goto err;
+        }
        a_tm_s = malloc(a_tm->length + 1);
        if (a_tm_s == NULL) {
                cnt = -1;
@@ -2701,7 +2785,6 @@ make_revocation_str(int rev_type, char *rev_arg)
        case REV_HOLD:
                /* Argument is an OID */
                otmp = OBJ_txt2obj(rev_arg, 0);
                ASN1_OBJECT_free(otmp);
@@ -2716,7 +2799,6 @@ make_revocation_str(int rev_type, char *rev_arg)
        case REV_KEY_COMPROMISE:
        case REV_CA_COMPROMISE:
                /* Argument is the key compromise time  */
                if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
                        BIO_printf(bio_err,
@@ -2731,15 +2813,19 @@ make_revocation_str(int rev_type, char *rev_arg)
                        reason = "CAkeyTime";
                break;
        }
        revtm = X509_gmtime_adj(NULL, 0);
+        if (revtm == NULL)
+                return NULL;
        if (asprintf(&str, "%s%s%s%s%s", revtm->data,
            reason ? "," : "", reason ? reason : "",
            other ? "," : "", other ? other : "") == -1)
                str = NULL;
        ASN1_UTCTIME_free(revtm);
        return str;
 }

diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c index 86efbdb657..dbdd43c6a7 100644 --- a/src/usr.bin/openssl/ca.c +++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ca.c,v 1.35 2021/07/24 13:21:04 inoguchi Exp $ */	1	/* $OpenBSD: ca.c,v 1.36 2021/08/28 02:11:18 inoguchi Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -141,7 +141,7 @@ static int certify_spkac(X509 *xret, char infile, EVP_PKEY *pkey,
141	unsigned long chtype, int multirdn, int email_dn, char *startdate,	141	unsigned long chtype, int multirdn, int email_dn, char *startdate,
142	char enddate, long days, char ext_sect, CONF *conf, int verbose,	142	char enddate, long days, char ext_sect, CONF *conf, int verbose,
143	unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy);	143	unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy);
144	static void write_new_certificate(BIO bp, X509 x, int output_der,	144	static int write_new_certificate(BIO bp, X509 x, int output_der,
145	int notext);	145	int notext);
146	static int do_body(X509 *xret, EVP_PKEY pkey, X509 *x509,	146	static int do_body(X509 *xret, EVP_PKEY pkey, X509 *x509,
147	const EVP_MD dgst, STACK_OF(OPENSSL_STRING) sigopts,	147	const EVP_MD dgst, STACK_OF(OPENSSL_STRING) sigopts,
@@ -1065,6 +1065,8 @@ ca_main(int argc, char **argv)
1065	goto err;	1065	goto err;
1066	}	1066	}
1067	ca_config.md = (char *) OBJ_nid2sn(def_nid);	1067	ca_config.md = (char *) OBJ_nid2sn(def_nid);
		1068	if (ca_config.md == NULL)
		1069	goto err;
1068	}	1070	}
1069	if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) {	1071	if ((dgst = EVP_get_digestbyname(ca_config.md)) == NULL) {
1070	BIO_printf(bio_err,	1072	BIO_printf(bio_err,
@@ -1350,9 +1352,12 @@ ca_main(int argc, char **argv)
1350	perror(pempath);	1352	perror(pempath);
1351	goto err;	1353	goto err;
1352	}	1354	}
1353	write_new_certificate(Cout, x, 0, ca_config.notext);	1355	if (!write_new_certificate(Cout, x, 0,
1354	write_new_certificate(Sout, x, output_der,	1356	ca_config.notext))
1355	ca_config.notext);	1357	goto err;
		1358	if (!write_new_certificate(Sout, x, output_der,
		1359	ca_config.notext))
		1360	goto err;
1356	}	1361	}
1357		1362
1358	if (sk_X509_num(cert_sk)) {	1363	if (sk_X509_num(cert_sk)) {
@@ -1423,16 +1428,25 @@ ca_main(int argc, char **argv)
1423	tmptm = ASN1_TIME_new();	1428	tmptm = ASN1_TIME_new();
1424	if (tmptm == NULL)	1429	if (tmptm == NULL)
1425	goto err;	1430	goto err;
1426	X509_gmtime_adj(tmptm, 0);	1431	if (X509_gmtime_adj(tmptm, 0) == NULL) {
1427	X509_CRL_set_lastUpdate(crl, tmptm);	1432	ASN1_TIME_free(tmptm);
		1433	goto err;
		1434	}
		1435	if (!X509_CRL_set_lastUpdate(crl, tmptm)) {
		1436	ASN1_TIME_free(tmptm);
		1437	goto err;
		1438	}
1428	if (X509_time_adj_ex(tmptm, ca_config.crldays,	1439	if (X509_time_adj_ex(tmptm, ca_config.crldays,
1429	ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) ==	1440	ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) ==
1430	NULL) {	1441	NULL) {
1431	BIO_puts(bio_err, "error setting CRL nextUpdate\n");	1442	BIO_puts(bio_err, "error setting CRL nextUpdate\n");
		1443	ASN1_TIME_free(tmptm);
		1444	goto err;
		1445	}
		1446	if (!X509_CRL_set_nextUpdate(crl, tmptm)) {
		1447	ASN1_TIME_free(tmptm);
1432	goto err;	1448	goto err;
1433	}	1449	}
1434	X509_CRL_set_nextUpdate(crl, tmptm);
1435
1436	ASN1_TIME_free(tmptm);	1450	ASN1_TIME_free(tmptm);
1437		1451
1438	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {	1452	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
@@ -1452,9 +1466,13 @@ ca_main(int argc, char **argv)
1452	serial = NULL;	1466	serial = NULL;
1453	if (tmpserial == NULL)	1467	if (tmpserial == NULL)
1454	goto err;	1468	goto err;
1455	X509_REVOKED_set_serialNumber(r, tmpserial);	1469	if (!X509_REVOKED_set_serialNumber(r, tmpserial)) {
		1470	ASN1_INTEGER_free(tmpserial);
		1471	goto err;
		1472	}
1456	ASN1_INTEGER_free(tmpserial);	1473	ASN1_INTEGER_free(tmpserial);
1457	X509_CRL_add0_revoked(crl, r);	1474	if (!X509_CRL_add0_revoked(crl, r))
		1475	goto err;
1458	}	1476	}
1459	}	1477	}
1460		1478
@@ -1482,8 +1500,11 @@ ca_main(int argc, char **argv)
1482	tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL);	1500	tmpserial = BN_to_ASN1_INTEGER(crlnumber, NULL);
1483	if (tmpserial == NULL)	1501	if (tmpserial == NULL)
1484	goto err;	1502	goto err;
1485	X509_CRL_add1_ext_i2d(crl, NID_crl_number,	1503	if (!X509_CRL_add1_ext_i2d(crl, NID_crl_number,
1486	tmpserial, 0, 0);	1504	tmpserial, 0, 0)) {
		1505	ASN1_INTEGER_free(tmpserial);
		1506	goto err;
		1507	}
1487	ASN1_INTEGER_free(tmpserial);	1508	ASN1_INTEGER_free(tmpserial);
1488	crl_v2 = 1;	1509	crl_v2 = 1;
1489	if (!BN_add_word(crlnumber, 1))	1510	if (!BN_add_word(crlnumber, 1))
@@ -1507,7 +1528,8 @@ ca_main(int argc, char **argv)
1507	ca_config.sigopts))	1528	ca_config.sigopts))
1508	goto err;	1529	goto err;
1509		1530
1510	PEM_write_bio_X509_CRL(Sout, crl);	1531	if (!PEM_write_bio_X509_CRL(Sout, crl))
		1532	goto err;
1511		1533
1512	if (crlnumberfile != NULL) /* Rename the crlnumber file */	1534	if (crlnumberfile != NULL) /* Rename the crlnumber file */
1513	if (!rotate_serial(crlnumberfile, "new", "old"))	1535	if (!rotate_serial(crlnumberfile, "new", "old"))
@@ -1605,8 +1627,10 @@ certify(X509 *xret, char infile, EVP_PKEY pkey, X509 x509,
1605	infile);	1627	infile);
1606	goto err;	1628	goto err;
1607	}	1629	}
1608	if (verbose)	1630	if (verbose) {
1609	X509_REQ_print(bio_err, req);	1631	if (!X509_REQ_print(bio_err, req))
		1632	goto err;
		1633	}
1610		1634
1611	BIO_printf(bio_err, "Check that the request matches the signature\n");	1635	BIO_printf(bio_err, "Check that the request matches the signature\n");
1612		1636
@@ -1665,8 +1689,10 @@ certify_cert(X509 *xret, char infile, EVP_PKEY pkey, X509 x509,
1665	if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL,	1689	if ((req = load_cert(bio_err, infile, FORMAT_PEM, NULL,
1666	infile)) == NULL)	1690	infile)) == NULL)
1667	goto err;	1691	goto err;
1668	if (verbose)	1692	if (verbose) {
1669	X509_print(bio_err, req);	1693	if (!X509_print(bio_err, req))
		1694	goto err;
		1695	}
1670		1696
1671	BIO_printf(bio_err, "Check that the request matches the signature\n");	1697	BIO_printf(bio_err, "Check that the request matches the signature\n");
1672		1698
@@ -1746,7 +1772,10 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
1746	ERR_print_errors(bio_err);	1772	ERR_print_errors(bio_err);
1747	goto err;	1773	goto err;
1748	}	1774	}
1749	X509_REQ_set_subject_name(req, n);	1775	if (!X509_REQ_set_subject_name(req, n)) {
		1776	X509_NAME_free(n);
		1777	goto err;
		1778	}
1750	req->req_info->enc.modified = 1;	1779	req->req_info->enc.modified = 1;
1751	X509_NAME_free(n);	1780	X509_NAME_free(n);
1752	}	1781	}
@@ -1757,12 +1786,20 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
1757	name = X509_REQ_get_subject_name(req);	1786	name = X509_REQ_get_subject_name(req);
1758	for (i = 0; i < X509_NAME_entry_count(name); i++) {	1787	for (i = 0; i < X509_NAME_entry_count(name); i++) {
1759	ne = X509_NAME_get_entry(name, i);	1788	ne = X509_NAME_get_entry(name, i);
		1789	if (ne == NULL)
		1790	goto err;
1760	str = X509_NAME_ENTRY_get_data(ne);	1791	str = X509_NAME_ENTRY_get_data(ne);
		1792	if (str == NULL)
		1793	goto err;
1761	obj = X509_NAME_ENTRY_get_object(ne);	1794	obj = X509_NAME_ENTRY_get_object(ne);
		1795	if (obj == NULL)
		1796	goto err;
1762		1797
1763	if (ca_config.msie_hack) {	1798	if (ca_config.msie_hack) {
1764	/* assume all type should be strings */	1799	/* assume all type should be strings */
1765	nid = OBJ_obj2nid(ne->object);	1800	nid = OBJ_obj2nid(ne->object);
		1801	if (nid == NID_undef)
		1802	goto err;
1766		1803
1767	if (str->type == V_ASN1_UNIVERSALSTRING)	1804	if (str->type == V_ASN1_UNIVERSALSTRING)
1768	ASN1_UNIVERSALSTRING_to_string(str);	1805	ASN1_UNIVERSALSTRING_to_string(str);
@@ -1825,6 +1862,8 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
1825	goto err;	1862	goto err;
1826	}	1863	}
1827	obj = OBJ_nid2obj(j);	1864	obj = OBJ_nid2obj(j);
		1865	if (obj == NULL)
		1866	goto err;
1828		1867
1829	last = -1;	1868	last = -1;
1830	for (;;) {	1869	for (;;) {
@@ -1836,6 +1875,8 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
1836	tne = NULL;	1875	tne = NULL;
1837	} else {	1876	} else {
1838	tne = X509_NAME_get_entry(name, j);	1877	tne = X509_NAME_get_entry(name, j);
		1878	if (tne == NULL)
		1879	goto err;
1839	}	1880	}
1840	last = j;	1881	last = j;
1841		1882
@@ -1874,8 +1915,14 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
1874	}	1915	}
1875	if (j >= 0) {	1916	if (j >= 0) {
1876	push = X509_NAME_get_entry(CAname, j);	1917	push = X509_NAME_get_entry(CAname, j);
		1918	if (push == NULL)
		1919	goto err;
1877	str = X509_NAME_ENTRY_get_data(tne);	1920	str = X509_NAME_ENTRY_get_data(tne);
		1921	if (str == NULL)
		1922	goto err;
1878	str2 = X509_NAME_ENTRY_get_data(push);	1923	str2 = X509_NAME_ENTRY_get_data(push);
		1924	if (str2 == NULL)
		1925	goto err;
1879	last2 = j;	1926	last2 = j;
1880	if (ASN1_STRING_cmp(str, str2) != 0)	1927	if (ASN1_STRING_cmp(str, str2) != 0)
1881	goto again2;	1928	goto again2;
@@ -1943,7 +1990,12 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
1943	while ((i = X509_NAME_get_index_by_NID(dn_subject,	1990	while ((i = X509_NAME_get_index_by_NID(dn_subject,
1944	NID_pkcs9_emailAddress, -1)) >= 0) {	1991	NID_pkcs9_emailAddress, -1)) >= 0) {
1945	tmpne = X509_NAME_get_entry(dn_subject, i);	1992	tmpne = X509_NAME_get_entry(dn_subject, i);
1946	X509_NAME_delete_entry(dn_subject, i);	1993	if (tmpne == NULL)
		1994	goto err;
		1995	if (X509_NAME_delete_entry(dn_subject, i) == NULL) {
		1996	X509_NAME_ENTRY_free(tmpne);
		1997	goto err;
		1998	}
1947	X509_NAME_ENTRY_free(tmpne);	1999	X509_NAME_ENTRY_free(tmpne);
1948	}	2000	}
1949	}	2001	}
@@ -2039,17 +2091,20 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2039	goto err;	2091	goto err;
2040	}	2092	}
2041		2093
2042	if (strcmp(startdate, "today") == 0)	2094	if (strcmp(startdate, "today") == 0) {
2043	X509_gmtime_adj(X509_get_notBefore(ret), 0);	2095	if (X509_gmtime_adj(X509_get_notBefore(ret), 0) == NULL)
2044	else if (setCertificateTime(X509_get_notBefore(ret), startdate) == -1) {	2096	goto err;
		2097	} else if (setCertificateTime(X509_get_notBefore(ret), startdate) == -1) {
2045	BIO_printf(bio_err, "Invalid start date %s\n",	2098	BIO_printf(bio_err, "Invalid start date %s\n",
2046	startdate);	2099	startdate);
2047	goto err;	2100	goto err;
2048	}	2101	}
2049		2102
2050	if (enddate == NULL)	2103	if (enddate == NULL) {
2051	X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);	2104	if (X509_time_adj_ex(X509_get_notAfter(ret), days, 0,
2052	else if (setCertificateTime(X509_get_notAfter(ret), enddate) == -1) {	2105	NULL) == NULL)
		2106	goto err;
		2107	} else if (setCertificateTime(X509_get_notAfter(ret), enddate) == -1) {
2053	BIO_printf(bio_err, "Invalid end date %s\n",	2108	BIO_printf(bio_err, "Invalid end date %s\n",
2054	enddate);	2109	enddate);
2055	goto err;	2110	goto err;
@@ -2059,6 +2114,9 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2059	goto err;	2114	goto err;
2060		2115
2061	pktmp = X509_REQ_get_pubkey(req);	2116	pktmp = X509_REQ_get_pubkey(req);
		2117	if (pktmp == NULL)
		2118	goto err;
		2119
2062	i = X509_set_pubkey(ret, pktmp);	2120	i = X509_set_pubkey(ret, pktmp);
2063	EVP_PKEY_free(pktmp);	2121	EVP_PKEY_free(pktmp);
2064	if (!i)	2122	if (!i)
@@ -2070,7 +2128,10 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2070	if (ci->version == NULL)	2128	if (ci->version == NULL)
2071	if ((ci->version = ASN1_INTEGER_new()) == NULL)	2129	if ((ci->version = ASN1_INTEGER_new()) == NULL)
2072	goto err;	2130	goto err;
2073	ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */	2131
		2132	/* version 3 certificate */
		2133	if (!ASN1_INTEGER_set(ci->version, 2))
		2134	goto err;
2074		2135
2075	/*	2136	/*
2076	* Free the current entries if any, there should not be any I	2137	* Free the current entries if any, there should not be any I
@@ -2146,7 +2207,8 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2146	* present	2207	* present
2147	*/	2208	*/
2148	certopt \|= X509_FLAG_NO_SIGDUMP \| X509_FLAG_NO_SIGNAME;	2209	certopt \|= X509_FLAG_NO_SIGDUMP \| X509_FLAG_NO_SIGNAME;
2149	X509_print_ex(bio_err, ret, nameopt, certopt);	2210	if (!X509_print_ex(bio_err, ret, nameopt, certopt))
		2211	goto err;
2150	}	2212	}
2151	BIO_printf(bio_err, "Certificate is to be certified until ");	2213	BIO_printf(bio_err, "Certificate is to be certified until ");
2152	ASN1_TIME_print(bio_err, X509_get_notAfter(ret));	2214	ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
@@ -2172,10 +2234,18 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2172	goto err;	2234	goto err;
2173	}	2235	}
2174	}	2236	}
		2237
2175	pktmp = X509_get_pubkey(ret);	2238	pktmp = X509_get_pubkey(ret);
		2239	if (pktmp == NULL)
		2240	goto err;
		2241
2176	if (EVP_PKEY_missing_parameters(pktmp) &&	2242	if (EVP_PKEY_missing_parameters(pktmp) &&
2177	!EVP_PKEY_missing_parameters(pkey))	2243	!EVP_PKEY_missing_parameters(pkey)) {
2178	EVP_PKEY_copy_parameters(pktmp, pkey);	2244	if (!EVP_PKEY_copy_parameters(pktmp, pkey)) {
		2245	EVP_PKEY_free(pktmp);
		2246	goto err;
		2247	}
		2248	}
2179	EVP_PKEY_free(pktmp);	2249	EVP_PKEY_free(pktmp);
2180		2250
2181	if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))	2251	if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))
@@ -2247,16 +2317,19 @@ do_body(X509 *xret, EVP_PKEY pkey, X509 x509, const EVP_MD dgst,
2247	return (ok);	2317	return (ok);
2248	}	2318	}
2249		2319
2250	static void	2320	static int
2251	write_new_certificate(BIO bp, X509 x, int output_der, int notext)	2321	write_new_certificate(BIO bp, X509 x, int output_der, int notext)
2252	{	2322	{
2253	if (output_der) {	2323	if (output_der) {
2254	(void) i2d_X509_bio(bp, x);	2324	if (!i2d_X509_bio(bp, x))
2255	return;	2325	return (0);
2256	}	2326	}
2257	if (!notext)	2327	if (!notext) {
2258	X509_print(bp, x);	2328	if (!X509_print(bp, x))
2259	PEM_write_bio_X509(bp, x);	2329	return (0);
		2330	}
		2331
		2332	return PEM_write_bio_X509(bp, x);
2260	}	2333	}
2261		2334
2262	static int	2335	static int
@@ -2377,7 +2450,10 @@ certify_spkac(X509 *xret, char infile, EVP_PKEY pkey, X509 x509,
2377	}	2450	}
2378	BIO_printf(bio_err, "Signature ok\n");	2451	BIO_printf(bio_err, "Signature ok\n");
2379		2452
2380	X509_REQ_set_pubkey(req, pktmp);	2453	if (!X509_REQ_set_pubkey(req, pktmp)) {
		2454	EVP_PKEY_free(pktmp);
		2455	goto err;
		2456	}
2381	EVP_PKEY_free(pktmp);	2457	EVP_PKEY_free(pktmp);
2382	ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial,	2458	ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial,
2383	subj, chtype, multirdn, email_dn, startdate, enddate, days, 1,	2459	subj, chtype, multirdn, email_dn, startdate, enddate, days, 1,
@@ -2591,12 +2667,20 @@ do_updatedb(CA_DB *db)
2591	ASN1_UTCTIME *a_tm = NULL;	2667	ASN1_UTCTIME *a_tm = NULL;
2592	int i, cnt = 0;	2668	int i, cnt = 0;
2593	int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */	2669	int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
2594	char *rrow, a_tm_s;	2670	char *rrow, a_tm_s = NULL;
2595		2671
2596	a_tm = ASN1_UTCTIME_new();	2672	a_tm = ASN1_UTCTIME_new();
		2673	if (a_tm == NULL) {
		2674	cnt = -1;
		2675	goto err;
		2676	}
2597		2677
2598	/* get actual time and make a string */	2678	/* get actual time and make a string */
2599	a_tm = X509_gmtime_adj(a_tm, 0);	2679	a_tm = X509_gmtime_adj(a_tm, 0);
		2680	if (a_tm == NULL) {
		2681	cnt = -1;
		2682	goto err;
		2683	}
2600	a_tm_s = malloc(a_tm->length + 1);	2684	a_tm_s = malloc(a_tm->length + 1);
2601	if (a_tm_s == NULL) {	2685	if (a_tm_s == NULL) {
2602	cnt = -1;	2686	cnt = -1;
@@ -2701,7 +2785,6 @@ make_revocation_str(int rev_type, char *rev_arg)
2701		2785
2702	case REV_HOLD:	2786	case REV_HOLD:
2703	/* Argument is an OID */	2787	/* Argument is an OID */
2704
2705	otmp = OBJ_txt2obj(rev_arg, 0);	2788	otmp = OBJ_txt2obj(rev_arg, 0);
2706	ASN1_OBJECT_free(otmp);	2789	ASN1_OBJECT_free(otmp);
2707		2790
@@ -2716,7 +2799,6 @@ make_revocation_str(int rev_type, char *rev_arg)
2716		2799
2717	case REV_KEY_COMPROMISE:	2800	case REV_KEY_COMPROMISE:
2718	case REV_CA_COMPROMISE:	2801	case REV_CA_COMPROMISE:
2719
2720	/* Argument is the key compromise time */	2802	/* Argument is the key compromise time */
2721	if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {	2803	if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
2722	BIO_printf(bio_err,	2804	BIO_printf(bio_err,
@@ -2731,15 +2813,19 @@ make_revocation_str(int rev_type, char *rev_arg)
2731	reason = "CAkeyTime";	2813	reason = "CAkeyTime";
2732		2814
2733	break;	2815	break;
2734
2735	}	2816	}
2736		2817
2737	revtm = X509_gmtime_adj(NULL, 0);	2818	revtm = X509_gmtime_adj(NULL, 0);
		2819	if (revtm == NULL)
		2820	return NULL;
		2821
2738	if (asprintf(&str, "%s%s%s%s%s", revtm->data,	2822	if (asprintf(&str, "%s%s%s%s%s", revtm->data,
2739	reason ? "," : "", reason ? reason : "",	2823	reason ? "," : "", reason ? reason : "",
2740	other ? "," : "", other ? other : "") == -1)	2824	other ? "," : "", other ? other : "") == -1)
2741	str = NULL;	2825	str = NULL;
		2826
2742	ASN1_UTCTIME_free(revtm);	2827	ASN1_UTCTIME_free(revtm);
		2828
2743	return str;	2829	return str;
2744	}	2830	}
2745		2831