summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/src/apps/ts.c68
-rw-r--r--src/lib/libssl/src/apps/verify.c20
-rw-r--r--src/lib/libssl/src/apps/version.c4
-rw-r--r--src/lib/libssl/src/apps/x509.c95
4 files changed, 92 insertions, 95 deletions
diff --git a/src/lib/libssl/src/apps/ts.c b/src/lib/libssl/src/apps/ts.c
index c271bdb226..bfd675bbc7 100644
--- a/src/lib/libssl/src/apps/ts.c
+++ b/src/lib/libssl/src/apps/ts.c
@@ -119,7 +119,7 @@ static int verify_cb(int ok, X509_STORE_CTX * ctx);
119/* Main function definition. */ 119/* Main function definition. */
120int ts_main(int, char **); 120int ts_main(int, char **);
121 121
122int 122int
123ts_main(int argc, char **argv) 123ts_main(int argc, char **argv)
124{ 124{
125 int ret = 1; 125 int ret = 1;
@@ -306,10 +306,9 @@ ts_main(int argc, char **argv)
306 in, token_in, out, token_out, text); 306 in, token_in, out, token_out, text);
307 break; 307 break;
308 case CMD_VERIFY: 308 case CMD_VERIFY:
309 ret = !(((queryfile && !data && !digest) 309 ret = !(((queryfile && !data && !digest) ||
310 || (!queryfile && data && !digest) 310 (!queryfile && data && !digest) ||
311 || (!queryfile && !data && digest)) 311 (!queryfile && !data && digest)) && in != NULL);
312 && in != NULL);
313 if (ret) 312 if (ret)
314 goto usage; 313 goto usage;
315 314
@@ -379,7 +378,7 @@ load_config_file(const char *configfile)
379 378
380 if (configfile && 379 if (configfile &&
381 (!(conf = NCONF_new(NULL)) || 380 (!(conf = NCONF_new(NULL)) ||
382 NCONF_load(conf, configfile, &errorline) <= 0)) { 381 NCONF_load(conf, configfile, &errorline) <= 0)) {
383 if (errorline <= 0) 382 if (errorline <= 0)
384 BIO_printf(bio_err, "error loading the config file " 383 BIO_printf(bio_err, "error loading the config file "
385 "'%s'\n", configfile); 384 "'%s'\n", configfile);
@@ -390,7 +389,8 @@ load_config_file(const char *configfile)
390 if (conf != NULL) { 389 if (conf != NULL) {
391 const char *p; 390 const char *p;
392 391
393 BIO_printf(bio_err, "Using configuration from %s\n", configfile); 392 BIO_printf(bio_err, "Using configuration from %s\n",
393 configfile);
394 p = NCONF_get_string(conf, NULL, ENV_OID_FILE); 394 p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
395 if (p != NULL) { 395 if (p != NULL) {
396 BIO *oid_bio = BIO_new_file(p, "r"); 396 BIO *oid_bio = BIO_new_file(p, "r");
@@ -412,10 +412,10 @@ load_config_file(const char *configfile)
412 * Query-related method definitions. 412 * Query-related method definitions.
413 */ 413 */
414 414
415static int 415static int
416query_command(const char *data, char *digest, const EVP_MD * md, 416query_command(const char *data, char *digest, const EVP_MD * md,
417 const char *policy, int no_nonce, 417 const char *policy, int no_nonce, int cert, const char *in,
418 int cert, const char *in, const char *out, int text) 418 const char *out, int text)
419{ 419{
420 int ret = 0; 420 int ret = 0;
421 TS_REQ *query = NULL; 421 TS_REQ *query = NULL;
@@ -430,8 +430,8 @@ query_command(const char *data, char *digest, const EVP_MD * md,
430 query = d2i_TS_REQ_bio(in_bio, NULL); 430 query = d2i_TS_REQ_bio(in_bio, NULL);
431 } else { 431 } else {
432 /* Open the file if no explicit digest bytes were specified. */ 432 /* Open the file if no explicit digest bytes were specified. */
433 if (!digest 433 if (!digest &&
434 && !(data_bio = BIO_open_with_default(data, "rb", stdin))) 434 !(data_bio = BIO_open_with_default(data, "rb", stdin)))
435 goto end; 435 goto end;
436 /* Creating the query object. */ 436 /* Creating the query object. */
437 query = create_query(data_bio, digest, md, 437 query = create_query(data_bio, digest, md,
@@ -469,12 +469,10 @@ end:
469} 469}
470 470
471static BIO * 471static BIO *
472BIO_open_with_default(const char *file, const char *mode, 472BIO_open_with_default(const char *file, const char *mode, FILE * default_fp)
473 FILE * default_fp)
474{ 473{
475 return file == NULL ? 474 return file == NULL ? BIO_new_fp(default_fp, BIO_NOCLOSE) :
476 BIO_new_fp(default_fp, BIO_NOCLOSE) 475 BIO_new_file(file, mode);
477 : BIO_new_file(file, mode);
478} 476}
479 477
480static TS_REQ * 478static TS_REQ *
@@ -543,6 +541,7 @@ create_query(BIO * data_bio, char *digest, const EVP_MD * md,
543 goto err; 541 goto err;
544 542
545 ret = 1; 543 ret = 1;
544
546err: 545err:
547 if (!ret) { 546 if (!ret) {
548 TS_REQ_free(ts_req); 547 TS_REQ_free(ts_req);
@@ -557,7 +556,7 @@ err:
557 return ts_req; 556 return ts_req;
558} 557}
559 558
560static int 559static int
561create_digest(BIO * input, char *digest, const EVP_MD * md, 560create_digest(BIO * input, char *digest, const EVP_MD * md,
562 unsigned char **md_value) 561 unsigned char **md_value)
563{ 562{
@@ -614,7 +613,8 @@ create_nonce(int bits)
614 goto err; 613 goto err;
615 614
616 /* Find the first non-zero byte and creating ASN1_INTEGER object. */ 615 /* Find the first non-zero byte and creating ASN1_INTEGER object. */
617 for (i = 0; i < len && !buf[i]; ++i); 616 for (i = 0; i < len && !buf[i]; ++i)
617 ;
618 if (!(nonce = ASN1_INTEGER_new())) 618 if (!(nonce = ASN1_INTEGER_new()))
619 goto err; 619 goto err;
620 free(nonce->data); 620 free(nonce->data);
@@ -625,6 +625,7 @@ create_nonce(int bits)
625 memcpy(nonce->data, buf + i, nonce->length); 625 memcpy(nonce->data, buf + i, nonce->length);
626 626
627 return nonce; 627 return nonce;
628
628err: 629err:
629 BIO_printf(bio_err, "could not create nonce\n"); 630 BIO_printf(bio_err, "could not create nonce\n");
630 ASN1_INTEGER_free(nonce); 631 ASN1_INTEGER_free(nonce);
@@ -634,12 +635,10 @@ err:
634 * Reply-related method definitions. 635 * Reply-related method definitions.
635 */ 636 */
636 637
637static int 638static int
638reply_command(CONF * conf, char *section, char *engine, 639reply_command(CONF * conf, char *section, char *engine, char *queryfile,
639 char *queryfile, char *passin, char *inkey, 640 char *passin, char *inkey, char *signer, char *chain, const char *policy,
640 char *signer, char *chain, const char *policy, 641 char *in, int token_in, char *out, int token_out, int text)
641 char *in, int token_in,
642 char *out, int token_out, int text)
643{ 642{
644 int ret = 0; 643 int ret = 0;
645 TS_RESP *response = NULL; 644 TS_RESP *response = NULL;
@@ -913,7 +912,7 @@ err:
913 return serial; 912 return serial;
914} 913}
915 914
916static int 915static int
917save_ts_serial(const char *serialfile, ASN1_INTEGER * serial) 916save_ts_serial(const char *serialfile, ASN1_INTEGER * serial)
918{ 917{
919 int ret = 0; 918 int ret = 0;
@@ -938,10 +937,9 @@ err:
938 * Verify-related method definitions. 937 * Verify-related method definitions.
939 */ 938 */
940 939
941static int 940static int
942verify_command(char *data, char *digest, char *queryfile, 941verify_command(char *data, char *digest, char *queryfile, char *in,
943 char *in, int token_in, 942 int token_in, char *ca_path, char *ca_file, char *untrusted)
944 char *ca_path, char *ca_file, char *untrusted)
945{ 943{
946 BIO *in_bio = NULL; 944 BIO *in_bio = NULL;
947 PKCS7 *token = NULL; 945 PKCS7 *token = NULL;
@@ -961,7 +959,7 @@ verify_command(char *data, char *digest, char *queryfile,
961 } 959 }
962 960
963 if (!(verify_ctx = create_verify_ctx(data, digest, queryfile, 961 if (!(verify_ctx = create_verify_ctx(data, digest, queryfile,
964 ca_path, ca_file, untrusted))) 962 ca_path, ca_file, untrusted)))
965 goto end; 963 goto end;
966 964
967 /* Checking the token or response against the request. */ 965 /* Checking the token or response against the request. */
@@ -988,10 +986,8 @@ end:
988} 986}
989 987
990static TS_VERIFY_CTX * 988static TS_VERIFY_CTX *
991create_verify_ctx(char *data, char *digest, 989create_verify_ctx(char *data, char *digest, char *queryfile, char *ca_path,
992 char *queryfile, 990 char *ca_file, char *untrusted)
993 char *ca_path, char *ca_file,
994 char *untrusted)
995{ 991{
996 TS_VERIFY_CTX *ctx = NULL; 992 TS_VERIFY_CTX *ctx = NULL;
997 BIO *input = NULL; 993 BIO *input = NULL;
@@ -1099,7 +1095,7 @@ err:
1099 return NULL; 1095 return NULL;
1100} 1096}
1101 1097
1102static int 1098static int
1103verify_cb(int ok, X509_STORE_CTX * ctx) 1099verify_cb(int ok, X509_STORE_CTX * ctx)
1104{ 1100{
1105 /* 1101 /*
diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c
index 79feec9a4b..7094989177 100644
--- a/src/lib/libssl/src/apps/verify.c
+++ b/src/lib/libssl/src/apps/verify.c
@@ -68,9 +68,8 @@
68 68
69 69
70static int cb(int ok, X509_STORE_CTX * ctx); 70static int cb(int ok, X509_STORE_CTX * ctx);
71static int check(X509_STORE * ctx, char *file, 71static int check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain,
72 STACK_OF(X509) * uchain, STACK_OF(X509) * tchain, 72 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls, ENGINE * e);
73 STACK_OF(X509_CRL) * crls, ENGINE * e);
74static int v_verbose = 0, vflags = 0; 73static int v_verbose = 0, vflags = 0;
75 74
76int verify_main(int, char **); 75int verify_main(int, char **);
@@ -120,7 +119,7 @@ verify_main(int argc, char **argv)
120 goto end; 119 goto end;
121 CAfile = *(++argv); 120 CAfile = *(++argv);
122 } else if (args_verify(&argv, &argc, &badarg, bio_err, 121 } else if (args_verify(&argv, &argc, &badarg, bio_err,
123 &vpm)) { 122 &vpm)) {
124 if (badarg) 123 if (badarg)
125 goto end; 124 goto end;
126 continue; 125 continue;
@@ -217,7 +216,8 @@ verify_main(int argc, char **argv)
217 ret = -1; 216 ret = -1;
218 } else { 217 } else {
219 for (i = 0; i < argc; i++) 218 for (i = 0; i < argc; i++)
220 if (1 != check(cert_ctx, argv[i], untrusted, trusted, crls, e)) 219 if (1 != check(cert_ctx, argv[i], untrusted, trusted,
220 crls, e))
221 ret = -1; 221 ret = -1;
222 } 222 }
223 223
@@ -250,10 +250,9 @@ end:
250 return (ret < 0 ? 2 : ret); 250 return (ret < 0 ? 2 : ret);
251} 251}
252 252
253static int 253static int
254check(X509_STORE * ctx, char *file, 254check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain,
255 STACK_OF(X509) * uchain, STACK_OF(X509) * tchain, 255 STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls, ENGINE * e)
256 STACK_OF(X509_CRL) * crls, ENGINE * e)
257{ 256{
258 X509 *x = NULL; 257 X509 *x = NULL;
259 int i = 0, ret = 0; 258 int i = 0, ret = 0;
@@ -282,6 +281,7 @@ check(X509_STORE * ctx, char *file,
282 X509_STORE_CTX_free(csc); 281 X509_STORE_CTX_free(csc);
283 282
284 ret = 0; 283 ret = 0;
284
285end: 285end:
286 if (i > 0) { 286 if (i > 0) {
287 fprintf(stdout, "OK\n"); 287 fprintf(stdout, "OK\n");
@@ -294,7 +294,7 @@ end:
294 return (ret); 294 return (ret);
295} 295}
296 296
297static int 297static int
298cb(int ok, X509_STORE_CTX * ctx) 298cb(int ok, X509_STORE_CTX * ctx)
299{ 299{
300 int cert_error = X509_STORE_CTX_get_error(ctx); 300 int cert_error = X509_STORE_CTX_get_error(ctx);
diff --git a/src/lib/libssl/src/apps/version.c b/src/lib/libssl/src/apps/version.c
index 41fb22bc8c..91a27326b5 100644
--- a/src/lib/libssl/src/apps/version.c
+++ b/src/lib/libssl/src/apps/version.c
@@ -135,12 +135,12 @@
135 135
136int version_main(int, char **); 136int version_main(int, char **);
137 137
138int 138int
139version_main(int argc, char **argv) 139version_main(int argc, char **argv)
140{ 140{
141 int i, ret = 0; 141 int i, ret = 0;
142 int cflags = 0, version = 0, date = 0, options = 0, platform = 0, 142 int cflags = 0, version = 0, date = 0, options = 0, platform = 0,
143 dir = 0; 143 dir = 0;
144 144
145 apps_startup(); 145 apps_startup();
146 146
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 18b9e71586..f714b818ea 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -151,15 +151,14 @@ static const char *x509_usage[] = {
151 NULL 151 NULL
152}; 152};
153 153
154static int callb(int ok, X509_STORE_CTX * ctx); 154static int callb(int ok, X509_STORE_CTX *ctx);
155static int sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, 155static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
156 const EVP_MD * digest, CONF * conf, char *section); 156 const EVP_MD *digest, CONF *conf, char *section);
157static int x509_certify(X509_STORE * ctx, char *CAfile, const EVP_MD * digest, 157static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
158 X509 * x, X509 * xca, EVP_PKEY * pkey, 158 X509 *x, X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts,
159 STACK_OF(OPENSSL_STRING) * sigopts, 159 char *serial, int create, int days, int clrext, CONF *conf, char *section,
160 char *serial, int create, int days, int clrext, 160 ASN1_INTEGER *sno);
161 CONF * conf, char *section, ASN1_INTEGER * sno); 161static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
162static int purpose_print(BIO * bio, X509 * cert, X509_PURPOSE * pt);
163static int reqfile = 0; 162static int reqfile = 0;
164 163
165int x509_main(int, char **); 164int x509_main(int, char **);
@@ -172,26 +171,26 @@ x509_main(int argc, char **argv)
172 X509_REQ *req = NULL; 171 X509_REQ *req = NULL;
173 X509 *x = NULL, *xca = NULL; 172 X509 *x = NULL, *xca = NULL;
174 ASN1_OBJECT *objtmp; 173 ASN1_OBJECT *objtmp;
175 STACK_OF(OPENSSL_STRING) * sigopts = NULL; 174 STACK_OF(OPENSSL_STRING) *sigopts = NULL;
176 EVP_PKEY *Upkey = NULL, *CApkey = NULL; 175 EVP_PKEY *Upkey = NULL, *CApkey = NULL;
177 ASN1_INTEGER *sno = NULL; 176 ASN1_INTEGER *sno = NULL;
178 int i, num, badops = 0; 177 int i, num, badops = 0;
179 BIO *out = NULL; 178 BIO *out = NULL;
180 BIO *STDout = NULL; 179 BIO *STDout = NULL;
181 STACK_OF(ASN1_OBJECT) * trust = NULL, *reject = NULL; 180 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
182 int informat, outformat, keyformat, CAformat, CAkeyformat; 181 int informat, outformat, keyformat, CAformat, CAkeyformat;
183 char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL; 182 char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
184 char *CAkeyfile = NULL, *CAserial = NULL; 183 char *CAkeyfile = NULL, *CAserial = NULL;
185 char *alias = NULL; 184 char *alias = NULL;
186 int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, 185 int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0,
187 enddate = 0; 186 enddate = 0;
188 int next_serial = 0; 187 int next_serial = 0;
189 int subject_hash = 0, issuer_hash = 0, ocspid = 0; 188 int subject_hash = 0, issuer_hash = 0, ocspid = 0;
190#ifndef OPENSSL_NO_MD5 189#ifndef OPENSSL_NO_MD5
191 int subject_hash_old = 0, issuer_hash_old = 0; 190 int subject_hash_old = 0, issuer_hash_old = 0;
192#endif 191#endif
193 int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, 192 int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0,
194 email = 0; 193 email = 0;
195 int ocsp_uri = 0; 194 int ocsp_uri = 0;
196 int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0; 195 int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;
197 int C = 0; 196 int C = 0;
@@ -382,8 +381,8 @@ x509_main(int argc, char **argv)
382 x509req = ++num; 381 x509req = ++num;
383 else if (strcmp(*argv, "-text") == 0) 382 else if (strcmp(*argv, "-text") == 0)
384 text = ++num; 383 text = ++num;
385 else if (strcmp(*argv, "-hash") == 0 384 else if (strcmp(*argv, "-hash") == 0 ||
386 || strcmp(*argv, "-subject_hash") == 0) 385 strcmp(*argv, "-subject_hash") == 0)
387 subject_hash = ++num; 386 subject_hash = ++num;
388#ifndef OPENSSL_NO_MD5 387#ifndef OPENSSL_NO_MD5
389 else if (strcmp(*argv, "-subject_hash_old") == 0) 388 else if (strcmp(*argv, "-subject_hash_old") == 0)
@@ -473,7 +472,8 @@ bad:
473 if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) { 472 if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
474 CAkeyfile = CAfile; 473 CAkeyfile = CAfile;
475 } else if ((CA_flag) && (CAkeyfile == NULL)) { 474 } else if ((CA_flag) && (CAkeyfile == NULL)) {
476 BIO_printf(bio_err, "need to specify a CAkey if using the CA command\n"); 475 BIO_printf(bio_err,
476 "need to specify a CAkey if using the CA command\n");
477 goto end; 477 goto end;
478 } 478 }
479 if (extfile) { 479 if (extfile) {
@@ -487,12 +487,13 @@ bad:
487 extfile); 487 extfile);
488 else 488 else
489 BIO_printf(bio_err, 489 BIO_printf(bio_err,
490 "error on line %ld of config file '%s'\n" 490 "error on line %ld of config file '%s'\n",
491 ,errorline, extfile); 491 errorline, extfile);
492 goto end; 492 goto end;
493 } 493 }
494 if (!extsect) { 494 if (!extsect) {
495 extsect = NCONF_get_string(extconf, "default", "extensions"); 495 extsect = NCONF_get_string(extconf, "default",
496 "extensions");
496 if (!extsect) { 497 if (!extsect) {
497 ERR_clear_error(); 498 ERR_clear_error();
498 extsect = "default"; 499 extsect = "default";
@@ -668,7 +669,7 @@ bad:
668 BIO_puts(out, "\n"); 669 BIO_puts(out, "\n");
669 } else if ((email == i) || (ocsp_uri == i)) { 670 } else if ((email == i) || (ocsp_uri == i)) {
670 int j; 671 int j;
671 STACK_OF(OPENSSL_STRING) * emlst; 672 STACK_OF(OPENSSL_STRING) *emlst;
672 if (email == i) 673 if (email == i)
673 emlst = X509_get1_email(x); 674 emlst = X509_get1_email(x);
674 else 675 else
@@ -724,11 +725,11 @@ bad:
724 else 725 else
725#endif 726#endif
726#ifndef OPENSSL_NO_DSA 727#ifndef OPENSSL_NO_DSA
727 if (pkey->type == EVP_PKEY_DSA) 728 if (pkey->type == EVP_PKEY_DSA)
728 BN_print(STDout, pkey->pkey.dsa->pub_key); 729 BN_print(STDout, pkey->pkey.dsa->pub_key);
729 else 730 else
730#endif 731#endif
731 BIO_printf(STDout, "Wrong Algorithm type"); 732 BIO_printf(STDout, "Wrong Algorithm type");
732 BIO_printf(STDout, "\n"); 733 BIO_printf(STDout, "\n");
733 EVP_PKEY_free(pkey); 734 EVP_PKEY_free(pkey);
734 } else if (pubkey == i) { 735 } else if (pubkey == i) {
@@ -823,8 +824,7 @@ bad:
823 OBJ_nid2sn(EVP_MD_type(fdig))); 824 OBJ_nid2sn(EVP_MD_type(fdig)));
824 for (j = 0; j < (int) n; j++) { 825 for (j = 0; j < (int) n; j++) {
825 BIO_printf(STDout, "%02X%c", md[j], 826 BIO_printf(STDout, "%02X%c", md[j],
826 (j + 1 == (int) n) 827 (j + 1 == (int)n) ? '\n' : ':');
827 ? '\n' : ':');
828 } 828 }
829 } 829 }
830 /* should be in the library */ 830 /* should be in the library */
@@ -838,7 +838,7 @@ bad:
838 goto end; 838 goto end;
839 } 839 }
840 if (!sign(x, Upkey, days, clrext, digest, 840 if (!sign(x, Upkey, days, clrext, digest,
841 extconf, extsect)) 841 extconf, extsect))
842 goto end; 842 goto end;
843 } else if (CA_flag == i) { 843 } else if (CA_flag == i) {
844 BIO_printf(bio_err, "Getting CA Private Key\n"); 844 BIO_printf(bio_err, "Getting CA Private Key\n");
@@ -851,9 +851,9 @@ bad:
851 goto end; 851 goto end;
852 } 852 }
853 if (!x509_certify(ctx, CAfile, digest, x, xca, 853 if (!x509_certify(ctx, CAfile, digest, x, xca,
854 CApkey, sigopts, 854 CApkey, sigopts,
855 CAserial, CA_createserial, days, clrext, 855 CAserial, CA_createserial, days, clrext,
856 extconf, extsect, sno)) 856 extconf, extsect, sno))
857 goto end; 857 goto end;
858 } else if (x509req == i) { 858 } else if (x509req == i) {
859 EVP_PKEY *pk; 859 EVP_PKEY *pk;
@@ -931,6 +931,7 @@ bad:
931 goto end; 931 goto end;
932 } 932 }
933 ret = 0; 933 ret = 0;
934
934end: 935end:
935 OBJ_cleanup(); 936 OBJ_cleanup();
936 NCONF_free(extconf); 937 NCONF_free(extconf);
@@ -962,9 +963,8 @@ x509_load_serial(char *CAfile, char *serialfile, int create)
962 BIGNUM *serial = NULL; 963 BIGNUM *serial = NULL;
963 size_t len; 964 size_t len;
964 965
965 len = ((serialfile == NULL) 966 len = ((serialfile == NULL) ? (strlen(CAfile) + strlen(POSTFIX) + 1) :
966 ? (strlen(CAfile) + strlen(POSTFIX) + 1) 967 (strlen(serialfile))) + 1;
967 : (strlen(serialfile))) + 1;
968 buf = malloc(len); 968 buf = malloc(len);
969 if (buf == NULL) { 969 if (buf == NULL) {
970 BIO_printf(bio_err, "out of mem\n"); 970 BIO_printf(bio_err, "out of mem\n");
@@ -999,13 +999,11 @@ end:
999 return bs; 999 return bs;
1000} 1000}
1001 1001
1002static int 1002static int
1003x509_certify(X509_STORE * ctx, char *CAfile, const EVP_MD * digest, 1003x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x,
1004 X509 * x, X509 * xca, EVP_PKEY * pkey, 1004 X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts,
1005 STACK_OF(OPENSSL_STRING) * sigopts, 1005 char *serialfile, int create, int days, int clrext, CONF *conf,
1006 char *serialfile, int create, 1006 char *section, ASN1_INTEGER *sno)
1007 int days, int clrext, CONF * conf, char *section,
1008 ASN1_INTEGER * sno)
1009{ 1007{
1010 int ret = 0; 1008 int ret = 0;
1011 ASN1_INTEGER *bs = NULL; 1009 ASN1_INTEGER *bs = NULL;
@@ -1076,8 +1074,8 @@ end:
1076 return ret; 1074 return ret;
1077} 1075}
1078 1076
1079static int 1077static int
1080callb(int ok, X509_STORE_CTX * ctx) 1078callb(int ok, X509_STORE_CTX *ctx)
1081{ 1079{
1082 int err; 1080 int err;
1083 X509 *err_cert; 1081 X509 *err_cert;
@@ -1110,9 +1108,9 @@ callb(int ok, X509_STORE_CTX * ctx)
1110} 1108}
1111 1109
1112/* self sign */ 1110/* self sign */
1113static int 1111static int
1114sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest, 1112sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
1115 CONF * conf, char *section) 1113 CONF *conf, char *section)
1116{ 1114{
1117 1115
1118 EVP_PKEY *pktmp; 1116 EVP_PKEY *pktmp;
@@ -1131,7 +1129,8 @@ sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest,
1131 /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ 1129 /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
1132 /* 28 days to be certified */ 1130 /* 28 days to be certified */
1133 1131
1134 if (X509_gmtime_adj(X509_get_notAfter(x), (long) 60 * 60 * 24 * days) == NULL) 1132 if (X509_gmtime_adj(X509_get_notAfter(x),
1133 (long) 60 * 60 * 24 * days) == NULL)
1135 goto err; 1134 goto err;
1136 1135
1137 if (!X509_set_pubkey(x, pkey)) 1136 if (!X509_set_pubkey(x, pkey))
@@ -1151,16 +1150,18 @@ sign(X509 * x, EVP_PKEY * pkey, int days, int clrext, const EVP_MD * digest,
1151 if (!X509_sign(x, pkey, digest)) 1150 if (!X509_sign(x, pkey, digest))
1152 goto err; 1151 goto err;
1153 return 1; 1152 return 1;
1153
1154err: 1154err:
1155 ERR_print_errors(bio_err); 1155 ERR_print_errors(bio_err);
1156 return 0; 1156 return 0;
1157} 1157}
1158 1158
1159static int 1159static int
1160purpose_print(BIO * bio, X509 * cert, X509_PURPOSE * pt) 1160purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
1161{ 1161{
1162 int id, i, idret; 1162 int id, i, idret;
1163 char *pname; 1163 char *pname;
1164
1164 id = X509_PURPOSE_get_id(pt); 1165 id = X509_PURPOSE_get_id(pt);
1165 pname = X509_PURPOSE_get0_name(pt); 1166 pname = X509_PURPOSE_get0_name(pt);
1166 for (i = 0; i < 2; i++) { 1167 for (i = 0; i < 2; i++) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 08:26:33 +0000