diff options
Diffstat (limited to 'src/usr.bin/openssl/ca.c')
| -rw-r--r-- | src/usr.bin/openssl/ca.c | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c index b644b746b9..525596ae7c 100644 --- a/src/usr.bin/openssl/ca.c +++ b/src/usr.bin/openssl/ca.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ca.c,v 1.62 2025/04/14 08:39:27 tb Exp $ */ | 1 | /* $OpenBSD: ca.c,v 1.63 2025/11/27 08:24:30 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -69,6 +69,7 @@ | |||
| 69 | 69 | ||
| 70 | #include "apps.h" | 70 | #include "apps.h" |
| 71 | 71 | ||
| 72 | #include <openssl/asn1.h> | ||
| 72 | #include <openssl/bio.h> | 73 | #include <openssl/bio.h> |
| 73 | #include <openssl/bn.h> | 74 | #include <openssl/bn.h> |
| 74 | #include <openssl/conf.h> | 75 | #include <openssl/conf.h> |
| @@ -1717,18 +1718,19 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1717 | 1718 | ||
| 1718 | /* check some things */ | 1719 | /* check some things */ |
| 1719 | if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && | 1720 | if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && |
| 1720 | (str->type != V_ASN1_IA5STRING)) { | 1721 | (ASN1_STRING_type(str) != V_ASN1_IA5STRING)) { |
| 1721 | BIO_printf(bio_err, | 1722 | BIO_printf(bio_err, |
| 1722 | "\nemailAddress type needs to be of type IA5STRING\n"); | 1723 | "\nemailAddress type needs to be of type IA5STRING\n"); |
| 1723 | goto err; | 1724 | goto err; |
| 1724 | } | 1725 | } |
| 1725 | if ((str->type != V_ASN1_BMPSTRING) && | 1726 | if ((ASN1_STRING_type(str) != V_ASN1_BMPSTRING) && |
| 1726 | (str->type != V_ASN1_UTF8STRING)) { | 1727 | (ASN1_STRING_type(str) != V_ASN1_UTF8STRING)) { |
| 1727 | j = ASN1_PRINTABLE_type(str->data, str->length); | 1728 | j = ASN1_PRINTABLE_type(ASN1_STRING_get0_data(str), |
| 1729 | ASN1_STRING_length(str)); | ||
| 1728 | if (((j == V_ASN1_T61STRING) && | 1730 | if (((j == V_ASN1_T61STRING) && |
| 1729 | (str->type != V_ASN1_T61STRING)) || | 1731 | (ASN1_STRING_type(str) != V_ASN1_T61STRING)) || |
| 1730 | ((j == V_ASN1_IA5STRING) && | 1732 | ((j == V_ASN1_IA5STRING) && |
| 1731 | (str->type == V_ASN1_PRINTABLESTRING))) { | 1733 | (ASN1_STRING_type(str) == V_ASN1_PRINTABLESTRING))) { |
| 1732 | BIO_printf(bio_err, | 1734 | BIO_printf(bio_err, |
| 1733 | "\nThe string contains characters that are illegal for the ASN.1 type\n"); | 1735 | "\nThe string contains characters that are illegal for the ASN.1 type\n"); |
| 1734 | goto err; | 1736 | goto err; |
| @@ -1830,9 +1832,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1830 | BIO_printf(bio_err, | 1832 | BIO_printf(bio_err, |
| 1831 | "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", | 1833 | "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", |
| 1832 | cv->name, ((str2 == NULL) ? | 1834 | cv->name, ((str2 == NULL) ? |
| 1833 | "NULL" : (char *) str2->data), | 1835 | "NULL" : (const char *) ASN1_STRING_get0_data(str2)), |
| 1834 | ((str == NULL) ? | 1836 | ((str == NULL) ? |
| 1835 | "NULL" : (char *) str->data)); | 1837 | "NULL" : (const char *) ASN1_STRING_get0_data(str))); |
| 1836 | goto err; | 1838 | goto err; |
| 1837 | } | 1839 | } |
| 1838 | } else { | 1840 | } else { |
| @@ -2153,7 +2155,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 2153 | 2155 | ||
| 2154 | if ((tm = X509_get_notAfter(ret)) == NULL) | 2156 | if ((tm = X509_get_notAfter(ret)) == NULL) |
| 2155 | goto err; | 2157 | goto err; |
| 2156 | row[DB_exp_date] = strndup(tm->data, tm->length); | 2158 | row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm), |
| 2159 | ASN1_STRING_length(tm)); | ||
| 2157 | if (row[DB_type] == NULL || row[DB_exp_date] == NULL) { | 2160 | if (row[DB_type] == NULL || row[DB_exp_date] == NULL) { |
| 2158 | BIO_printf(bio_err, "Memory allocation failure\n"); | 2161 | BIO_printf(bio_err, "Memory allocation failure\n"); |
| 2159 | goto err; | 2162 | goto err; |
| @@ -2280,7 +2283,8 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value) | |||
| 2280 | 2283 | ||
| 2281 | if ((tm = X509_get_notAfter(x509)) == NULL) | 2284 | if ((tm = X509_get_notAfter(x509)) == NULL) |
| 2282 | goto err; | 2285 | goto err; |
| 2283 | row[DB_exp_date] = strndup(tm->data, tm->length); | 2286 | row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm), |
| 2287 | ASN1_STRING_length(tm)); | ||
| 2284 | if (row[DB_type] == NULL || row[DB_exp_date] == NULL) { | 2288 | if (row[DB_type] == NULL || row[DB_exp_date] == NULL) { |
| 2285 | BIO_printf(bio_err, "Memory allocation failure\n"); | 2289 | BIO_printf(bio_err, "Memory allocation failure\n"); |
| 2286 | goto err; | 2290 | goto err; |
| @@ -2443,7 +2447,7 @@ do_updatedb(CA_DB *db) | |||
| 2443 | cnt = -1; | 2447 | cnt = -1; |
| 2444 | goto err; | 2448 | goto err; |
| 2445 | } | 2449 | } |
| 2446 | a_tm_s = strndup(a_tm->data, a_tm->length); | 2450 | a_tm_s = strndup(ASN1_STRING_get0_data(a_tm), ASN1_STRING_length(a_tm)); |
| 2447 | if (a_tm_s == NULL) { | 2451 | if (a_tm_s == NULL) { |
| 2448 | cnt = -1; | 2452 | cnt = -1; |
| 2449 | goto err; | 2453 | goto err; |
| @@ -2579,7 +2583,7 @@ make_revocation_str(int rev_type, char *rev_arg) | |||
| 2579 | if (revtm == NULL) | 2583 | if (revtm == NULL) |
| 2580 | return NULL; | 2584 | return NULL; |
| 2581 | 2585 | ||
| 2582 | if (asprintf(&str, "%s%s%s%s%s", revtm->data, | 2586 | if (asprintf(&str, "%s%s%s%s%s", ASN1_STRING_get0_data(revtm), |
| 2583 | reason ? "," : "", reason ? reason : "", | 2587 | reason ? "," : "", reason ? reason : "", |
| 2584 | other ? "," : "", other ? other : "") == -1) | 2588 | other ? "," : "", other ? other : "") == -1) |
| 2585 | str = NULL; | 2589 | str = NULL; |
| @@ -2652,7 +2656,8 @@ make_revoked(X509_REVOKED *rev, const char *str) | |||
| 2652 | int | 2656 | int |
| 2653 | old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) | 2657 | old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) |
| 2654 | { | 2658 | { |
| 2655 | char buf[25], *pbuf, *p; | 2659 | const char *p; |
| 2660 | char buf[25], *pbuf; | ||
| 2656 | int j; | 2661 | int j; |
| 2657 | 2662 | ||
| 2658 | j = i2a_ASN1_OBJECT(bp, obj); | 2663 | j = i2a_ASN1_OBJECT(bp, obj); |
| @@ -2663,19 +2668,19 @@ old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) | |||
| 2663 | *(pbuf++) = '\0'; | 2668 | *(pbuf++) = '\0'; |
| 2664 | BIO_puts(bp, buf); | 2669 | BIO_puts(bp, buf); |
| 2665 | 2670 | ||
| 2666 | if (str->type == V_ASN1_PRINTABLESTRING) | 2671 | if (ASN1_STRING_type(str) == V_ASN1_PRINTABLESTRING) |
| 2667 | BIO_printf(bp, "PRINTABLE:'"); | 2672 | BIO_printf(bp, "PRINTABLE:'"); |
| 2668 | else if (str->type == V_ASN1_T61STRING) | 2673 | else if (ASN1_STRING_type(str) == V_ASN1_T61STRING) |
| 2669 | BIO_printf(bp, "T61STRING:'"); | 2674 | BIO_printf(bp, "T61STRING:'"); |
| 2670 | else if (str->type == V_ASN1_IA5STRING) | 2675 | else if (ASN1_STRING_type(str) == V_ASN1_IA5STRING) |
| 2671 | BIO_printf(bp, "IA5STRING:'"); | 2676 | BIO_printf(bp, "IA5STRING:'"); |
| 2672 | else if (str->type == V_ASN1_UNIVERSALSTRING) | 2677 | else if (ASN1_STRING_type(str) == V_ASN1_UNIVERSALSTRING) |
| 2673 | BIO_printf(bp, "UNIVERSALSTRING:'"); | 2678 | BIO_printf(bp, "UNIVERSALSTRING:'"); |
| 2674 | else | 2679 | else |
| 2675 | BIO_printf(bp, "ASN.1 %2d:'", str->type); | 2680 | BIO_printf(bp, "ASN.1 %2d:'", ASN1_STRING_type(str)); |
| 2676 | 2681 | ||
| 2677 | p = (char *) str->data; | 2682 | p = (const char *) ASN1_STRING_get0_data(str); |
| 2678 | for (j = str->length; j > 0; j--) { | 2683 | for (j = ASN1_STRING_length(str); j > 0; j--) { |
| 2679 | if ((*p >= ' ') && (*p <= '~')) | 2684 | if ((*p >= ' ') && (*p <= '~')) |
| 2680 | BIO_printf(bp, "%c", *p); | 2685 | BIO_printf(bp, "%c", *p); |
| 2681 | else if (*p & 0x80) | 2686 | else if (*p & 0x80) |