ca.c (59191) | ca.c (68651) |
---|---|
1/* apps/ca.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 162 unchanged lines hidden (view full) --- 171}; 172 173#ifdef EFENCE 174extern int EF_PROTECT_FREE; 175extern int EF_PROTECT_BELOW; 176extern int EF_ALIGNMENT; 177#endif 178 | 1/* apps/ca.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 162 unchanged lines hidden (view full) --- 171}; 172 173#ifdef EFENCE 174extern int EF_PROTECT_FREE; 175extern int EF_PROTECT_BELOW; 176extern int EF_ALIGNMENT; 177#endif 178 |
179static int add_oid_section(LHASH *conf); | |
180static void lookup_fail(char *name,char *tag); 181static unsigned long index_serial_hash(char **a); 182static int index_serial_cmp(char **a, char **b); 183static unsigned long index_name_hash(char **a); 184static int index_name_qual(char **a); 185static int index_name_cmp(char **a,char **b); 186static BIGNUM *load_serial(char *serialfile); 187static int save_serial(char *serialfile, BIGNUM *serial); --- 24 unchanged lines hidden (view full) --- 212 213static int preserve=0; 214static int msie_hack=0; 215 216int MAIN(int, char **); 217 218int MAIN(int argc, char **argv) 219 { | 179static void lookup_fail(char *name,char *tag); 180static unsigned long index_serial_hash(char **a); 181static int index_serial_cmp(char **a, char **b); 182static unsigned long index_name_hash(char **a); 183static int index_name_qual(char **a); 184static int index_name_cmp(char **a,char **b); 185static BIGNUM *load_serial(char *serialfile); 186static int save_serial(char *serialfile, BIGNUM *serial); --- 24 unchanged lines hidden (view full) --- 211 212static int preserve=0; 213static int msie_hack=0; 214 215int MAIN(int, char **); 216 217int MAIN(int argc, char **argv) 218 { |
220 char *key=NULL; | 219 char *key=NULL,*passargin=NULL; |
221 int total=0; 222 int total_done=0; 223 int badops=0; 224 int ret=1; 225 int req=0; 226 int verbose=0; 227 int gencrl=0; 228 int dorevoke=0; --- 29 unchanged lines hidden (view full) --- 258 X509_CRL *crl=NULL; 259 X509_CRL_INFO *ci=NULL; 260 X509_REVOKED *r=NULL; 261 char **pp,*p,*f; 262 int i,j; 263 long l; 264 const EVP_MD *dgst=NULL; 265 STACK_OF(CONF_VALUE) *attribs=NULL; | 220 int total=0; 221 int total_done=0; 222 int badops=0; 223 int ret=1; 224 int req=0; 225 int verbose=0; 226 int gencrl=0; 227 int dorevoke=0; --- 29 unchanged lines hidden (view full) --- 257 X509_CRL *crl=NULL; 258 X509_CRL_INFO *ci=NULL; 259 X509_REVOKED *r=NULL; 260 char **pp,*p,*f; 261 int i,j; 262 long l; 263 const EVP_MD *dgst=NULL; 264 STACK_OF(CONF_VALUE) *attribs=NULL; |
266 STACK *cert_sk=NULL; | 265 STACK_OF(X509) *cert_sk=NULL; |
267 BIO *hex=NULL; 268#undef BSIZE 269#define BSIZE 256 270 MS_STATIC char buf[3][BSIZE]; 271 char *randfile=NULL; 272 273#ifdef EFENCE 274EF_PROTECT_FREE=1; --- 54 unchanged lines hidden (view full) --- 329 if (--argc < 1) goto bad; 330 policy= *(++argv); 331 } 332 else if (strcmp(*argv,"-keyfile") == 0) 333 { 334 if (--argc < 1) goto bad; 335 keyfile= *(++argv); 336 } | 266 BIO *hex=NULL; 267#undef BSIZE 268#define BSIZE 256 269 MS_STATIC char buf[3][BSIZE]; 270 char *randfile=NULL; 271 272#ifdef EFENCE 273EF_PROTECT_FREE=1; --- 54 unchanged lines hidden (view full) --- 328 if (--argc < 1) goto bad; 329 policy= *(++argv); 330 } 331 else if (strcmp(*argv,"-keyfile") == 0) 332 { 333 if (--argc < 1) goto bad; 334 keyfile= *(++argv); 335 } |
336 else if (strcmp(*argv,"-passin") == 0) 337 { 338 if (--argc < 1) goto bad; 339 passargin= *(++argv); 340 } |
|
337 else if (strcmp(*argv,"-key") == 0) 338 { 339 if (--argc < 1) goto bad; 340 key= *(++argv); 341 } 342 else if (strcmp(*argv,"-cert") == 0) 343 { 344 if (--argc < 1) goto bad; --- 148 unchanged lines hidden (view full) --- 493 ERR_clear_error(); 494 } 495 else 496 { 497 OBJ_create_objects(oid_bio); 498 BIO_free(oid_bio); 499 } 500 } | 341 else if (strcmp(*argv,"-key") == 0) 342 { 343 if (--argc < 1) goto bad; 344 key= *(++argv); 345 } 346 else if (strcmp(*argv,"-cert") == 0) 347 { 348 if (--argc < 1) goto bad; --- 148 unchanged lines hidden (view full) --- 497 ERR_clear_error(); 498 } 499 else 500 { 501 OBJ_create_objects(oid_bio); 502 BIO_free(oid_bio); 503 } 504 } |
501 if(!add_oid_section(conf)) | 505 if(!add_oid_section(bio_err,conf)) |
502 { 503 ERR_print_errors(bio_err); 504 goto err; 505 } 506 } 507 508 randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE"); 509 app_RAND_load_file(randfile, bio_err, 0); --- 12 unchanged lines hidden (view full) --- 522 /* we definitely need an public key, so lets get it */ 523 524 if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, 525 section,ENV_PRIVATE_KEY)) == NULL)) 526 { 527 lookup_fail(section,ENV_PRIVATE_KEY); 528 goto err; 529 } | 506 { 507 ERR_print_errors(bio_err); 508 goto err; 509 } 510 } 511 512 randfile = CONF_get_string(conf, BASE_SECTION, "RANDFILE"); 513 app_RAND_load_file(randfile, bio_err, 0); --- 12 unchanged lines hidden (view full) --- 526 /* we definitely need an public key, so lets get it */ 527 528 if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf, 529 section,ENV_PRIVATE_KEY)) == NULL)) 530 { 531 lookup_fail(section,ENV_PRIVATE_KEY); 532 goto err; 533 } |
534 if(!key && !app_passwd(bio_err, passargin, NULL, &key, NULL)) 535 { 536 BIO_printf(bio_err,"Error getting password\n"); 537 goto err; 538 } |
|
530 if (BIO_read_filename(in,keyfile) <= 0) 531 { 532 perror(keyfile); 533 BIO_printf(bio_err,"trying to load CA private key\n"); 534 goto err; 535 } 536 pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); 537 if(key) memset(key,0,strlen(key)); --- 138 unchanged lines hidden (view full) --- 676 goto err; 677 } 678 p++; 679 } 680 } 681 if (verbose) 682 { 683 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ | 539 if (BIO_read_filename(in,keyfile) <= 0) 540 { 541 perror(keyfile); 542 BIO_printf(bio_err,"trying to load CA private key\n"); 543 goto err; 544 } 545 pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key); 546 if(key) memset(key,0,strlen(key)); --- 138 unchanged lines hidden (view full) --- 685 goto err; 686 } 687 p++; 688 } 689 } 690 if (verbose) 691 { 692 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ |
693#ifdef VMS 694 { 695 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 696 out = BIO_push(tmpbio, out); 697 } 698#endif |
|
684 TXT_DB_write(out,db); 685 BIO_printf(bio_err,"%d entries loaded from the database\n", 686 db->data->num); 687 BIO_printf(bio_err,"generating index\n"); 688 } 689 690 if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, 691 index_serial_cmp)) --- 18 unchanged lines hidden (view full) --- 710 711 if (BIO_write_filename(Sout,outfile) <= 0) 712 { 713 perror(outfile); 714 goto err; 715 } 716 } 717 else | 699 TXT_DB_write(out,db); 700 BIO_printf(bio_err,"%d entries loaded from the database\n", 701 db->data->num); 702 BIO_printf(bio_err,"generating index\n"); 703 } 704 705 if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash, 706 index_serial_cmp)) --- 18 unchanged lines hidden (view full) --- 725 726 if (BIO_write_filename(Sout,outfile) <= 0) 727 { 728 perror(outfile); 729 goto err; 730 } 731 } 732 else |
733 { |
|
718 BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT); | 734 BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT); |
735#ifdef VMS 736 { 737 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 738 Sout = BIO_push(tmpbio, Sout); 739 } 740#endif 741 } |
|
719 } 720 721 if (req) 722 { 723 if ((md == NULL) && ((md=CONF_get_string(conf, 724 section,ENV_DEFAULT_MD)) == NULL)) 725 { 726 lookup_fail(section,ENV_DEFAULT_MD); --- 76 unchanged lines hidden (view full) --- 803 { 804 BIO_printf(bio_err,"error while loading serial number\n"); 805 goto err; 806 } 807 if (verbose) 808 { 809 if ((f=BN_bn2hex(serial)) == NULL) goto err; 810 BIO_printf(bio_err,"next serial number is %s\n",f); | 742 } 743 744 if (req) 745 { 746 if ((md == NULL) && ((md=CONF_get_string(conf, 747 section,ENV_DEFAULT_MD)) == NULL)) 748 { 749 lookup_fail(section,ENV_DEFAULT_MD); --- 76 unchanged lines hidden (view full) --- 826 { 827 BIO_printf(bio_err,"error while loading serial number\n"); 828 goto err; 829 } 830 if (verbose) 831 { 832 if ((f=BN_bn2hex(serial)) == NULL) goto err; 833 BIO_printf(bio_err,"next serial number is %s\n",f); |
811 Free(f); | 834 OPENSSL_free(f); |
812 } 813 814 if ((attribs=CONF_get_section(conf,policy)) == NULL) 815 { 816 BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); 817 goto err; 818 } 819 | 835 } 836 837 if ((attribs=CONF_get_section(conf,policy)) == NULL) 838 { 839 BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); 840 goto err; 841 } 842 |
820 if ((cert_sk=sk_new_null()) == NULL) | 843 if ((cert_sk=sk_X509_new_null()) == NULL) |
821 { | 844 { |
822 BIO_printf(bio_err,"Malloc failure\n"); | 845 BIO_printf(bio_err,"Memory allocation failure\n"); |
823 goto err; 824 } 825 if (spkac_file != NULL) 826 { 827 total++; 828 j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, 829 serial,startdate,enddate, days,extensions,conf, 830 verbose); 831 if (j < 0) goto err; 832 if (j > 0) 833 { 834 total_done++; 835 BIO_printf(bio_err,"\n"); 836 if (!BN_add_word(serial,1)) goto err; | 846 goto err; 847 } 848 if (spkac_file != NULL) 849 { 850 total++; 851 j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, 852 serial,startdate,enddate, days,extensions,conf, 853 verbose); 854 if (j < 0) goto err; 855 if (j > 0) 856 { 857 total_done++; 858 BIO_printf(bio_err,"\n"); 859 if (!BN_add_word(serial,1)) goto err; |
837 if (!sk_push(cert_sk,(char *)x)) | 860 if (!sk_X509_push(cert_sk,x)) |
838 { | 861 { |
839 BIO_printf(bio_err,"Malloc failure\n"); | 862 BIO_printf(bio_err,"Memory allocation failure\n"); |
840 goto err; 841 } 842 if (outfile) 843 { 844 output_der = 1; 845 batch = 1; 846 } 847 } --- 5 unchanged lines hidden (view full) --- 853 db,serial,startdate,enddate,days,batch, 854 extensions,conf,verbose); 855 if (j < 0) goto err; 856 if (j > 0) 857 { 858 total_done++; 859 BIO_printf(bio_err,"\n"); 860 if (!BN_add_word(serial,1)) goto err; | 863 goto err; 864 } 865 if (outfile) 866 { 867 output_der = 1; 868 batch = 1; 869 } 870 } --- 5 unchanged lines hidden (view full) --- 876 db,serial,startdate,enddate,days,batch, 877 extensions,conf,verbose); 878 if (j < 0) goto err; 879 if (j > 0) 880 { 881 total_done++; 882 BIO_printf(bio_err,"\n"); 883 if (!BN_add_word(serial,1)) goto err; |
861 if (!sk_push(cert_sk,(char *)x)) | 884 if (!sk_X509_push(cert_sk,x)) |
862 { | 885 { |
863 BIO_printf(bio_err,"Malloc failure\n"); | 886 BIO_printf(bio_err,"Memory allocation failure\n"); |
864 goto err; 865 } 866 } 867 } 868 if (infile != NULL) 869 { 870 total++; 871 j=certify(&x,infile,pkey,x509,dgst,attribs,db, 872 serial,startdate,enddate,days,batch, 873 extensions,conf,verbose); 874 if (j < 0) goto err; 875 if (j > 0) 876 { 877 total_done++; 878 BIO_printf(bio_err,"\n"); 879 if (!BN_add_word(serial,1)) goto err; | 887 goto err; 888 } 889 } 890 } 891 if (infile != NULL) 892 { 893 total++; 894 j=certify(&x,infile,pkey,x509,dgst,attribs,db, 895 serial,startdate,enddate,days,batch, 896 extensions,conf,verbose); 897 if (j < 0) goto err; 898 if (j > 0) 899 { 900 total_done++; 901 BIO_printf(bio_err,"\n"); 902 if (!BN_add_word(serial,1)) goto err; |
880 if (!sk_push(cert_sk,(char *)x)) | 903 if (!sk_X509_push(cert_sk,x)) |
881 { | 904 { |
882 BIO_printf(bio_err,"Malloc failure\n"); | 905 BIO_printf(bio_err,"Memory allocation failure\n"); |
883 goto err; 884 } 885 } 886 } 887 for (i=0; i<argc; i++) 888 { 889 total++; 890 j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, 891 serial,startdate,enddate,days,batch, 892 extensions,conf,verbose); 893 if (j < 0) goto err; 894 if (j > 0) 895 { 896 total_done++; 897 BIO_printf(bio_err,"\n"); 898 if (!BN_add_word(serial,1)) goto err; | 906 goto err; 907 } 908 } 909 } 910 for (i=0; i<argc; i++) 911 { 912 total++; 913 j=certify(&x,argv[i],pkey,x509,dgst,attribs,db, 914 serial,startdate,enddate,days,batch, 915 extensions,conf,verbose); 916 if (j < 0) goto err; 917 if (j > 0) 918 { 919 total_done++; 920 BIO_printf(bio_err,"\n"); 921 if (!BN_add_word(serial,1)) goto err; |
899 if (!sk_push(cert_sk,(char *)x)) | 922 if (!sk_X509_push(cert_sk,x)) |
900 { | 923 { |
901 BIO_printf(bio_err,"Malloc failure\n"); | 924 BIO_printf(bio_err,"Memory allocation failure\n"); |
902 goto err; 903 } 904 } 905 } 906 /* we have a stack of newly certified certificates 907 * and a data base and serial number that need 908 * updating */ 909 | 925 goto err; 926 } 927 } 928 } 929 /* we have a stack of newly certified certificates 930 * and a data base and serial number that need 931 * updating */ 932 |
910 if (sk_num(cert_sk) > 0) | 933 if (sk_X509_num(cert_sk) > 0) |
911 { 912 if (!batch) 913 { 914 BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); 915 (void)BIO_flush(bio_err); 916 buf[0][0]='\0'; 917 fgets(buf[0],10,stdin); 918 if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) 919 { 920 BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 921 ret=0; 922 goto err; 923 } 924 } 925 | 934 { 935 if (!batch) 936 { 937 BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); 938 (void)BIO_flush(bio_err); 939 buf[0][0]='\0'; 940 fgets(buf[0],10,stdin); 941 if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) 942 { 943 BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 944 ret=0; 945 goto err; 946 } 947 } 948 |
926 BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk)); | 949 BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); |
927 928 strncpy(buf[0],serialfile,BSIZE-4); 929 930#ifdef VMS 931 strcat(buf[0],"-new"); 932#else 933 strcat(buf[0],".new"); 934#endif --- 15 unchanged lines hidden (view full) --- 950 goto err; 951 } 952 l=TXT_DB_write(out,db); 953 if (l <= 0) goto err; 954 } 955 956 if (verbose) 957 BIO_printf(bio_err,"writing new certificates\n"); | 950 951 strncpy(buf[0],serialfile,BSIZE-4); 952 953#ifdef VMS 954 strcat(buf[0],"-new"); 955#else 956 strcat(buf[0],".new"); 957#endif --- 15 unchanged lines hidden (view full) --- 973 goto err; 974 } 975 l=TXT_DB_write(out,db); 976 if (l <= 0) goto err; 977 } 978 979 if (verbose) 980 BIO_printf(bio_err,"writing new certificates\n"); |
958 for (i=0; i | 981 for (i=0; i<sk_X509_num(cert_sk); i++) |
959 { 960 int k; 961 unsigned char *n; 962 | 982 { 983 int k; 984 unsigned char *n; 985 |
963 x=(X509 *)sk_value(cert_sk,i); | 986 x=sk_X509_value(cert_sk,i); |
964 965 j=x->cert_info->serialNumber->length; 966 p=(char *)x->cert_info->serialNumber->data; 967 968 strncpy(buf[2],outdir,BSIZE-(j*2)-6); 969 970#ifndef VMS 971 strcat(buf[2],"/"); --- 22 unchanged lines hidden (view full) --- 994 { 995 perror(buf[2]); 996 goto err; 997 } 998 write_new_certificate(Cout,x, 0, notext); 999 write_new_certificate(Sout,x, output_der, notext); 1000 } 1001 | 987 988 j=x->cert_info->serialNumber->length; 989 p=(char *)x->cert_info->serialNumber->data; 990 991 strncpy(buf[2],outdir,BSIZE-(j*2)-6); 992 993#ifndef VMS 994 strcat(buf[2],"/"); --- 22 unchanged lines hidden (view full) --- 1017 { 1018 perror(buf[2]); 1019 goto err; 1020 } 1021 write_new_certificate(Cout,x, 0, notext); 1022 write_new_certificate(Sout,x, output_der, notext); 1023 } 1024 |
1002 if (sk_num(cert_sk)) | 1025 if (sk_X509_num(cert_sk)) |
1003 { 1004 /* Rename the database and the serial file */ 1005 strncpy(buf[2],serialfile,BSIZE-4); 1006 1007#ifdef VMS 1008 strcat(buf[2],"-old"); 1009#else 1010 strcat(buf[2],".old"); 1011#endif 1012 1013 BIO_free(in); | 1026 { 1027 /* Rename the database and the serial file */ 1028 strncpy(buf[2],serialfile,BSIZE-4); 1029 1030#ifdef VMS 1031 strcat(buf[2],"-old"); 1032#else 1033 strcat(buf[2],".old"); 1034#endif 1035 1036 BIO_free(in); |
1014 BIO_free(out); | 1037 BIO_free_all(out); |
1015 in=NULL; 1016 out=NULL; 1017 if (rename(serialfile,buf[2]) < 0) 1018 { 1019 BIO_printf(bio_err,"unable to rename %s to %s\n", 1020 serialfile,buf[2]); 1021 perror("reason"); 1022 goto err; --- 200 unchanged lines hidden (view full) --- 1223 } 1224 BIO_printf(bio_err,"Data Base Updated\n"); 1225 } 1226 } 1227 /*****************************************************************/ 1228 ret=0; 1229err: 1230 BIO_free(hex); | 1038 in=NULL; 1039 out=NULL; 1040 if (rename(serialfile,buf[2]) < 0) 1041 { 1042 BIO_printf(bio_err,"unable to rename %s to %s\n", 1043 serialfile,buf[2]); 1044 perror("reason"); 1045 goto err; --- 200 unchanged lines hidden (view full) --- 1246 } 1247 BIO_printf(bio_err,"Data Base Updated\n"); 1248 } 1249 } 1250 /*****************************************************************/ 1251 ret=0; 1252err: 1253 BIO_free(hex); |
1231 BIO_free(Cout); 1232 BIO_free(Sout); 1233 BIO_free(out); | 1254 BIO_free_all(Cout); 1255 BIO_free_all(Sout); 1256 BIO_free_all(out); |
1234 BIO_free(in); 1235 | 1257 BIO_free(in); 1258 |
1236 sk_pop_free(cert_sk,X509_free); | 1259 sk_X509_pop_free(cert_sk,X509_free); |
1237 1238 if (ret) ERR_print_errors(bio_err); 1239 app_RAND_write_file(randfile, bio_err); 1240 BN_free(serial); 1241 TXT_DB_free(db); 1242 EVP_PKEY_free(pkey); 1243 X509_free(x509); 1244 X509_CRL_free(crl); --- 95 unchanged lines hidden (view full) --- 1340 { 1341 BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); 1342 goto err; 1343 } 1344 i2a_ASN1_INTEGER(out,ai); 1345 BIO_puts(out,"\n"); 1346 ret=1; 1347err: | 1260 1261 if (ret) ERR_print_errors(bio_err); 1262 app_RAND_write_file(randfile, bio_err); 1263 BN_free(serial); 1264 TXT_DB_free(db); 1265 EVP_PKEY_free(pkey); 1266 X509_free(x509); 1267 X509_CRL_free(crl); --- 95 unchanged lines hidden (view full) --- 1363 { 1364 BIO_printf(bio_err,"error converting serial to ASN.1 format\n"); 1365 goto err; 1366 } 1367 i2a_ASN1_INTEGER(out,ai); 1368 BIO_puts(out,"\n"); 1369 ret=1; 1370err: |
1348 if (out != NULL) BIO_free(out); | 1371 if (out != NULL) BIO_free_all(out); |
1349 if (ai != NULL) ASN1_INTEGER_free(ai); 1350 return(ret); 1351 } 1352 1353static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1354 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, 1355 BIGNUM *serial, char *startdate, char *enddate, int days, 1356 int batch, char *ext_sect, LHASH *lconf, int verbose) --- 218 unchanged lines hidden (view full) --- 1575 p++; 1576 } 1577 BIO_printf(bio_err,"'\n"); 1578 } 1579 1580 /* Ok, now we check the 'policy' stuff. */ 1581 if ((subject=X509_NAME_new()) == NULL) 1582 { | 1372 if (ai != NULL) ASN1_INTEGER_free(ai); 1373 return(ret); 1374 } 1375 1376static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1377 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db, 1378 BIGNUM *serial, char *startdate, char *enddate, int days, 1379 int batch, char *ext_sect, LHASH *lconf, int verbose) --- 218 unchanged lines hidden (view full) --- 1598 p++; 1599 } 1600 BIO_printf(bio_err,"'\n"); 1601 } 1602 1603 /* Ok, now we check the 'policy' stuff. */ 1604 if ((subject=X509_NAME_new()) == NULL) 1605 { |
1583 BIO_printf(bio_err,"Malloc failure\n"); | 1606 BIO_printf(bio_err,"Memory allocation failure\n"); |
1584 goto err; 1585 } 1586 1587 /* take a copy of the issuer name before we mess with it. */ 1588 CAname=X509_NAME_dup(x509->cert_info->subject); 1589 if (CAname == NULL) goto err; 1590 str=str2=NULL; 1591 --- 81 unchanged lines hidden (view full) --- 1673 } 1674 1675 if (push != NULL) 1676 { 1677 if (!X509_NAME_add_entry(subject,push, -1, 0)) 1678 { 1679 if (push != NULL) 1680 X509_NAME_ENTRY_free(push); | 1607 goto err; 1608 } 1609 1610 /* take a copy of the issuer name before we mess with it. */ 1611 CAname=X509_NAME_dup(x509->cert_info->subject); 1612 if (CAname == NULL) goto err; 1613 str=str2=NULL; 1614 --- 81 unchanged lines hidden (view full) --- 1696 } 1697 1698 if (push != NULL) 1699 { 1700 if (!X509_NAME_add_entry(subject,push, -1, 0)) 1701 { 1702 if (push != NULL) 1703 X509_NAME_ENTRY_free(push); |
1681 BIO_printf(bio_err,"Malloc failure\n"); | 1704 BIO_printf(bio_err,"Memory allocation failure\n"); |
1682 goto err; 1683 } 1684 } 1685 if (j < 0) break; 1686 } 1687 } 1688 1689 if (preserve) --- 5 unchanged lines hidden (view full) --- 1695 1696 if (verbose) 1697 BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n"); 1698 1699 row[DB_name]=X509_NAME_oneline(subject,NULL,0); 1700 row[DB_serial]=BN_bn2hex(serial); 1701 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) 1702 { | 1705 goto err; 1706 } 1707 } 1708 if (j < 0) break; 1709 } 1710 } 1711 1712 if (preserve) --- 5 unchanged lines hidden (view full) --- 1718 1719 if (verbose) 1720 BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n"); 1721 1722 row[DB_name]=X509_NAME_oneline(subject,NULL,0); 1723 row[DB_serial]=BN_bn2hex(serial); 1724 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) 1725 { |
1703 BIO_printf(bio_err,"Malloc failure\n"); | 1726 BIO_printf(bio_err,"Memory allocation failure\n"); |
1704 goto err; 1705 } 1706 1707 rrow=TXT_DB_get_by_index(db,DB_name,row); 1708 if (rrow != NULL) 1709 { 1710 BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", 1711 row[DB_name]); --- 124 unchanged lines hidden (view full) --- 1836 EVP_PKEY_copy_parameters(pktmp,pkey); 1837 EVP_PKEY_free(pktmp); 1838#endif 1839 1840 if (!X509_sign(ret,pkey,dgst)) 1841 goto err; 1842 1843 /* We now just add it to the database */ | 1727 goto err; 1728 } 1729 1730 rrow=TXT_DB_get_by_index(db,DB_name,row); 1731 if (rrow != NULL) 1732 { 1733 BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n", 1734 row[DB_name]); --- 124 unchanged lines hidden (view full) --- 1859 EVP_PKEY_copy_parameters(pktmp,pkey); 1860 EVP_PKEY_free(pktmp); 1861#endif 1862 1863 if (!X509_sign(ret,pkey,dgst)) 1864 goto err; 1865 1866 /* We now just add it to the database */ |
1844 row[DB_type]=(char *)Malloc(2); | 1867 row[DB_type]=(char *)OPENSSL_malloc(2); |
1845 1846 tm=X509_get_notAfter(ret); | 1868 1869 tm=X509_get_notAfter(ret); |
1847 row[DB_exp_date]=(char *)Malloc(tm->length+1); | 1870 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); |
1848 memcpy(row[DB_exp_date],tm->data,tm->length); 1849 row[DB_exp_date][tm->length]='\0'; 1850 1851 row[DB_rev_date]=NULL; 1852 1853 /* row[DB_serial] done already */ | 1871 memcpy(row[DB_exp_date],tm->data,tm->length); 1872 row[DB_exp_date][tm->length]='\0'; 1873 1874 row[DB_rev_date]=NULL; 1875 1876 /* row[DB_serial] done already */ |
1854 row[DB_file]=(char *)Malloc(8); | 1877 row[DB_file]=(char *)OPENSSL_malloc(8); |
1855 /* row[DB_name] done already */ 1856 1857 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 1858 (row[DB_file] == NULL)) 1859 { | 1878 /* row[DB_name] done already */ 1879 1880 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 1881 (row[DB_file] == NULL)) 1882 { |
1860 BIO_printf(bio_err,"Malloc failure\n"); | 1883 BIO_printf(bio_err,"Memory allocation failure\n"); |
1861 goto err; 1862 } 1863 strcpy(row[DB_file],"unknown"); 1864 row[DB_type][0]='V'; 1865 row[DB_type][1]='\0'; 1866 | 1884 goto err; 1885 } 1886 strcpy(row[DB_file],"unknown"); 1887 row[DB_type][0]='V'; 1888 row[DB_type][1]='\0'; 1889 |
1867 if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) | 1890 if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) |
1868 { | 1891 { |
1869 BIO_printf(bio_err,"Malloc failure\n"); | 1892 BIO_printf(bio_err,"Memory allocation failure\n"); |
1870 goto err; 1871 } 1872 1873 for (i=0; i<DB_NUMBER; i++) 1874 { 1875 irow[i]=row[i]; 1876 row[i]=NULL; 1877 } 1878 irow[DB_NUMBER]=NULL; 1879 1880 if (!TXT_DB_insert(db,irow)) 1881 { 1882 BIO_printf(bio_err,"failed to update database\n"); 1883 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); 1884 goto err; 1885 } 1886 ok=1; 1887err: 1888 for (i=0; i<DB_NUMBER; i++) | 1893 goto err; 1894 } 1895 1896 for (i=0; i<DB_NUMBER; i++) 1897 { 1898 irow[i]=row[i]; 1899 row[i]=NULL; 1900 } 1901 irow[DB_NUMBER]=NULL; 1902 1903 if (!TXT_DB_insert(db,irow)) 1904 { 1905 BIO_printf(bio_err,"failed to update database\n"); 1906 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error); 1907 goto err; 1908 } 1909 ok=1; 1910err: 1911 for (i=0; i<DB_NUMBER; i++) |
1889 if (row[i] != NULL) Free(row[i]); | 1912 if (row[i] != NULL) OPENSSL_free(row[i]); |
1890 1891 if (CAname != NULL) 1892 X509_NAME_free(CAname); 1893 if (subject != NULL) 1894 X509_NAME_free(subject); 1895 if (tmptm != NULL) 1896 ASN1_UTCTIME_free(tmptm); 1897 if (ok <= 0) --- 197 unchanged lines hidden (view full) --- 2095 ASN1_UTCTIME tm; 2096 2097 tm.data=(unsigned char *)str; 2098 tm.length=strlen(str); 2099 tm.type=V_ASN1_UTCTIME; 2100 return(ASN1_UTCTIME_check(&tm)); 2101 } 2102 | 1913 1914 if (CAname != NULL) 1915 X509_NAME_free(CAname); 1916 if (subject != NULL) 1917 X509_NAME_free(subject); 1918 if (tmptm != NULL) 1919 ASN1_UTCTIME_free(tmptm); 1920 if (ok <= 0) --- 197 unchanged lines hidden (view full) --- 2118 ASN1_UTCTIME tm; 2119 2120 tm.data=(unsigned char *)str; 2121 tm.length=strlen(str); 2122 tm.type=V_ASN1_UTCTIME; 2123 return(ASN1_UTCTIME_check(&tm)); 2124 } 2125 |
2103static int add_oid_section(LHASH *hconf) 2104{ 2105 char *p; 2106 STACK_OF(CONF_VALUE) *sktmp; 2107 CONF_VALUE *cnf; 2108 int i; 2109 if(!(p=CONF_get_string(hconf,NULL,"oid_section"))) return 1; 2110 if(!(sktmp = CONF_get_section(hconf, p))) { 2111 BIO_printf(bio_err, "problem loading oid section %s\n", p); 2112 return 0; 2113 } 2114 for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { 2115 cnf = sk_CONF_VALUE_value(sktmp, i); 2116 if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { 2117 BIO_printf(bio_err, "problem creating object %s=%s\n", 2118 cnf->name, cnf->value); 2119 return 0; 2120 } 2121 } 2122 return 1; 2123} 2124 | |
2125static int do_revoke(X509 *x509, TXT_DB *db) 2126{ 2127 ASN1_UTCTIME *tm=NULL, *revtm=NULL; 2128 char *row[DB_NUMBER],**rrow,**irow; 2129 BIGNUM *bn = NULL; 2130 int ok=-1,i; 2131 2132 for (i=0; i<DB_NUMBER; i++) 2133 row[i]=NULL; 2134 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); 2135 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); 2136 row[DB_serial]=BN_bn2hex(bn); 2137 BN_free(bn); 2138 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) 2139 { | 2126static int do_revoke(X509 *x509, TXT_DB *db) 2127{ 2128 ASN1_UTCTIME *tm=NULL, *revtm=NULL; 2129 char *row[DB_NUMBER],**rrow,**irow; 2130 BIGNUM *bn = NULL; 2131 int ok=-1,i; 2132 2133 for (i=0; i<DB_NUMBER; i++) 2134 row[i]=NULL; 2135 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); 2136 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); 2137 row[DB_serial]=BN_bn2hex(bn); 2138 BN_free(bn); 2139 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) 2140 { |
2140 BIO_printf(bio_err,"Malloc failure\n"); | 2141 BIO_printf(bio_err,"Memory allocation failure\n"); |
2141 goto err; 2142 } 2143 /* We have to lookup by serial number because name lookup 2144 * skips revoked certs 2145 */ 2146 rrow=TXT_DB_get_by_index(db,DB_serial,row); 2147 if (rrow == NULL) 2148 { 2149 BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); 2150 2151 /* We now just add it to the database */ | 2142 goto err; 2143 } 2144 /* We have to lookup by serial number because name lookup 2145 * skips revoked certs 2146 */ 2147 rrow=TXT_DB_get_by_index(db,DB_serial,row); 2148 if (rrow == NULL) 2149 { 2150 BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); 2151 2152 /* We now just add it to the database */ |
2152 row[DB_type]=(char *)Malloc(2); | 2153 row[DB_type]=(char *)OPENSSL_malloc(2); |
2153 2154 tm=X509_get_notAfter(x509); | 2154 2155 tm=X509_get_notAfter(x509); |
2155 row[DB_exp_date]=(char *)Malloc(tm->length+1); | 2156 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); |
2156 memcpy(row[DB_exp_date],tm->data,tm->length); 2157 row[DB_exp_date][tm->length]='\0'; 2158 2159 row[DB_rev_date]=NULL; 2160 2161 /* row[DB_serial] done already */ | 2157 memcpy(row[DB_exp_date],tm->data,tm->length); 2158 row[DB_exp_date][tm->length]='\0'; 2159 2160 row[DB_rev_date]=NULL; 2161 2162 /* row[DB_serial] done already */ |
2162 row[DB_file]=(char *)Malloc(8); | 2163 row[DB_file]=(char *)OPENSSL_malloc(8); |
2163 2164 /* row[DB_name] done already */ 2165 2166 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 2167 (row[DB_file] == NULL)) 2168 { | 2164 2165 /* row[DB_name] done already */ 2166 2167 if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 2168 (row[DB_file] == NULL)) 2169 { |
2169 BIO_printf(bio_err,"Malloc failure\n"); | 2170 BIO_printf(bio_err,"Memory allocation failure\n"); |
2170 goto err; 2171 } 2172 strcpy(row[DB_file],"unknown"); 2173 row[DB_type][0]='V'; 2174 row[DB_type][1]='\0'; 2175 | 2171 goto err; 2172 } 2173 strcpy(row[DB_file],"unknown"); 2174 row[DB_type][0]='V'; 2175 row[DB_type][1]='\0'; 2176 |
2176 if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) | 2177 if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) |
2177 { | 2178 { |
2178 BIO_printf(bio_err,"Malloc failure\n"); | 2179 BIO_printf(bio_err,"Memory allocation failure\n"); |
2179 goto err; 2180 } 2181 2182 for (i=0; i<DB_NUMBER; i++) 2183 { 2184 irow[i]=row[i]; 2185 row[i]=NULL; 2186 } --- 26 unchanged lines hidden (view full) --- 2213 } 2214 else 2215 { 2216 BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]); 2217 revtm = ASN1_UTCTIME_new(); 2218 revtm=X509_gmtime_adj(revtm,0); 2219 rrow[DB_type][0]='R'; 2220 rrow[DB_type][1]='\0'; | 2180 goto err; 2181 } 2182 2183 for (i=0; i<DB_NUMBER; i++) 2184 { 2185 irow[i]=row[i]; 2186 row[i]=NULL; 2187 } --- 26 unchanged lines hidden (view full) --- 2214 } 2215 else 2216 { 2217 BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]); 2218 revtm = ASN1_UTCTIME_new(); 2219 revtm=X509_gmtime_adj(revtm,0); 2220 rrow[DB_type][0]='R'; 2221 rrow[DB_type][1]='\0'; |
2221 rrow[DB_rev_date]=(char *)Malloc(revtm->length+1); | 2222 rrow[DB_rev_date]=(char *)OPENSSL_malloc(revtm->length+1); |
2222 memcpy(rrow[DB_rev_date],revtm->data,revtm->length); 2223 rrow[DB_rev_date][revtm->length]='\0'; 2224 ASN1_UTCTIME_free(revtm); 2225 } 2226 ok=1; 2227err: 2228 for (i=0; i<DB_NUMBER; i++) 2229 { 2230 if (row[i] != NULL) | 2223 memcpy(rrow[DB_rev_date],revtm->data,revtm->length); 2224 rrow[DB_rev_date][revtm->length]='\0'; 2225 ASN1_UTCTIME_free(revtm); 2226 } 2227 ok=1; 2228err: 2229 for (i=0; i<DB_NUMBER; i++) 2230 { 2231 if (row[i] != NULL) |
2231 Free(row[i]); | 2232 OPENSSL_free(row[i]); |
2232 } 2233 return(ok); 2234} 2235 | 2233 } 2234 return(ok); 2235} 2236 |