| OLD | NEW |
|---|
| 1 /* apps/ca.c */ | 1 /* apps/ca.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
| 57 */ | 57 */ |
| 58 | 58 |
| 59 /* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */ | 59 /* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */ |
| 60 | 60 |
| 61 #include <stdio.h> | 61 #include <stdio.h> |
| 62 #include <stdlib.h> | 62 #include <stdlib.h> |
| 63 #include <string.h> | 63 #include <string.h> |
| 64 #include <ctype.h> | 64 #include <ctype.h> |
| 65 #include <sys/types.h> | 65 #include <sys/types.h> |
| 66 #include <sys/stat.h> | |
| 67 #include <openssl/conf.h> | 66 #include <openssl/conf.h> |
| 68 #include <openssl/bio.h> | 67 #include <openssl/bio.h> |
| 69 #include <openssl/err.h> | 68 #include <openssl/err.h> |
| 70 #include <openssl/bn.h> | 69 #include <openssl/bn.h> |
| 71 #include <openssl/txt_db.h> | 70 #include <openssl/txt_db.h> |
| 72 #include <openssl/evp.h> | 71 #include <openssl/evp.h> |
| 73 #include <openssl/x509.h> | 72 #include <openssl/x509.h> |
| 74 #include <openssl/x509v3.h> | 73 #include <openssl/x509v3.h> |
| 75 #include <openssl/objects.h> | 74 #include <openssl/objects.h> |
| 76 #include <openssl/ocsp.h> | 75 #include <openssl/ocsp.h> |
| 77 #include <openssl/pem.h> | 76 #include <openssl/pem.h> |
| 78 | 77 |
| 79 #ifndef W_OK | 78 #ifndef W_OK |
| 80 # ifdef OPENSSL_SYS_VMS | 79 # ifdef OPENSSL_SYS_VMS |
| 81 # if defined(__DECC) | 80 # if defined(__DECC) |
| 82 # include <unistd.h> | 81 # include <unistd.h> |
| 83 # else | 82 # else |
| 84 # include <unixlib.h> | 83 # include <unixlib.h> |
| 85 # endif | 84 # endif |
| 86 # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defin
ed(OPENSSL_SYS_NETWARE) && !defined(__TANDEM) | 85 # elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defin
ed(OPENSSL_SYS_NETWARE) |
| 87 # include <sys/file.h> | 86 # include <sys/file.h> |
| 88 # endif | 87 # endif |
| 89 #endif | 88 #endif |
| 90 | 89 |
| 91 #include "apps.h" | 90 #include "apps.h" |
| 92 | 91 |
| 93 #ifndef W_OK | 92 #ifndef W_OK |
| 94 # define F_OK 0 | 93 # define F_OK 0 |
| 95 # define X_OK 1 | 94 # define X_OK 1 |
| 96 # define W_OK 2 | 95 # define W_OK 2 |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 251 int badops=0; | 250 int badops=0; |
| 252 int ret=1; | 251 int ret=1; |
| 253 int email_dn=1; | 252 int email_dn=1; |
| 254 int req=0; | 253 int req=0; |
| 255 int verbose=0; | 254 int verbose=0; |
| 256 int gencrl=0; | 255 int gencrl=0; |
| 257 int dorevoke=0; | 256 int dorevoke=0; |
| 258 int doupdatedb=0; | 257 int doupdatedb=0; |
| 259 long crldays=0; | 258 long crldays=0; |
| 260 long crlhours=0; | 259 long crlhours=0; |
| 260 long crlsec=0; |
| 261 long errorline= -1; | 261 long errorline= -1; |
| 262 char *configfile=NULL; | 262 char *configfile=NULL; |
| 263 char *md=NULL; | 263 char *md=NULL; |
| 264 char *policy=NULL; | 264 char *policy=NULL; |
| 265 char *keyfile=NULL; | 265 char *keyfile=NULL; |
| 266 char *certfile=NULL; | 266 char *certfile=NULL; |
| 267 int keyform=FORMAT_PEM; | 267 int keyform=FORMAT_PEM; |
| 268 char *infile=NULL; | 268 char *infile=NULL; |
| 269 char *spkac_file=NULL; | 269 char *spkac_file=NULL; |
| 270 char *ss_cert_file=NULL; | 270 char *ss_cert_file=NULL; |
| (...skipping 27 matching lines...) Expand all Loading... |
| 298 X509 *x509=NULL, *x509p = NULL; | 298 X509 *x509=NULL, *x509p = NULL; |
| 299 X509 *x=NULL; | 299 X509 *x=NULL; |
| 300 BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; | 300 BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; |
| 301 char *dbfile=NULL; | 301 char *dbfile=NULL; |
| 302 CA_DB *db=NULL; | 302 CA_DB *db=NULL; |
| 303 X509_CRL *crl=NULL; | 303 X509_CRL *crl=NULL; |
| 304 X509_REVOKED *r=NULL; | 304 X509_REVOKED *r=NULL; |
| 305 ASN1_TIME *tmptm; | 305 ASN1_TIME *tmptm; |
| 306 ASN1_INTEGER *tmpser; | 306 ASN1_INTEGER *tmpser; |
| 307 char *f; | 307 char *f; |
| 308 » const char *p, **pp; | 308 » const char *p; |
| 309 » char * const *pp; |
| 309 int i,j; | 310 int i,j; |
| 310 const EVP_MD *dgst=NULL; | 311 const EVP_MD *dgst=NULL; |
| 311 STACK_OF(CONF_VALUE) *attribs=NULL; | 312 STACK_OF(CONF_VALUE) *attribs=NULL; |
| 312 STACK_OF(X509) *cert_sk=NULL; | 313 STACK_OF(X509) *cert_sk=NULL; |
| 313 #undef BSIZE | 314 #undef BSIZE |
| 314 #define BSIZE 256 | 315 #define BSIZE 256 |
| 315 MS_STATIC char buf[3][BSIZE]; | 316 MS_STATIC char buf[3][BSIZE]; |
| 316 char *randfile=NULL; | 317 char *randfile=NULL; |
| 317 #ifndef OPENSSL_NO_ENGINE | 318 #ifndef OPENSSL_NO_ENGINE |
| 318 char *engine = NULL; | 319 char *engine = NULL; |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 449 else if (strcmp(*argv,"-crldays") == 0) | 450 else if (strcmp(*argv,"-crldays") == 0) |
| 450 { | 451 { |
| 451 if (--argc < 1) goto bad; | 452 if (--argc < 1) goto bad; |
| 452 crldays= atol(*(++argv)); | 453 crldays= atol(*(++argv)); |
| 453 } | 454 } |
| 454 else if (strcmp(*argv,"-crlhours") == 0) | 455 else if (strcmp(*argv,"-crlhours") == 0) |
| 455 { | 456 { |
| 456 if (--argc < 1) goto bad; | 457 if (--argc < 1) goto bad; |
| 457 crlhours= atol(*(++argv)); | 458 crlhours= atol(*(++argv)); |
| 458 } | 459 } |
| 460 else if (strcmp(*argv,"-crlsec") == 0) |
| 461 { |
| 462 if (--argc < 1) goto bad; |
| 463 crlsec = atol(*(++argv)); |
| 464 } |
| 459 else if (strcmp(*argv,"-infiles") == 0) | 465 else if (strcmp(*argv,"-infiles") == 0) |
| 460 { | 466 { |
| 461 argc--; | 467 argc--; |
| 462 argv++; | 468 argv++; |
| 463 req=1; | 469 req=1; |
| 464 break; | 470 break; |
| 465 } | 471 } |
| 466 else if (strcmp(*argv, "-ss_cert") == 0) | 472 else if (strcmp(*argv, "-ss_cert") == 0) |
| 467 { | 473 { |
| 468 if (--argc < 1) goto bad; | 474 if (--argc < 1) goto bad; |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 542 BIO_printf(bio_err,"unknown option %s\n",*argv); | 548 BIO_printf(bio_err,"unknown option %s\n",*argv); |
| 543 badops=1; | 549 badops=1; |
| 544 break; | 550 break; |
| 545 } | 551 } |
| 546 argc--; | 552 argc--; |
| 547 argv++; | 553 argv++; |
| 548 } | 554 } |
| 549 | 555 |
| 550 if (badops) | 556 if (badops) |
| 551 { | 557 { |
| 552 » » for (pp=ca_usage; (*pp != NULL); pp++) | 558 » » const char **pp2; |
| 553 » » » BIO_printf(bio_err,"%s",*pp); | 559 |
| 560 » » for (pp2=ca_usage; (*pp2 != NULL); pp2++) |
| 561 » » » BIO_printf(bio_err,"%s",*pp2); |
| 554 goto err; | 562 goto err; |
| 555 } | 563 } |
| 556 | 564 |
| 557 ERR_load_crypto_strings(); | 565 ERR_load_crypto_strings(); |
| 558 | 566 |
| 559 /*****************************************************************/ | 567 /*****************************************************************/ |
| 560 tofree=NULL; | 568 tofree=NULL; |
| 561 if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); | 569 if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); |
| 562 if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); | 570 if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); |
| 563 if (configfile == NULL) | 571 if (configfile == NULL) |
| (...skipping 254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 818 goto err; | 826 goto err; |
| 819 } | 827 } |
| 820 } | 828 } |
| 821 else | 829 else |
| 822 ERR_clear_error(); | 830 ERR_clear_error(); |
| 823 | 831 |
| 824 /*****************************************************************/ | 832 /*****************************************************************/ |
| 825 /* lookup where to write new certificates */ | 833 /* lookup where to write new certificates */ |
| 826 if ((outdir == NULL) && (req)) | 834 if ((outdir == NULL) && (req)) |
| 827 { | 835 { |
| 828 struct stat sb; | |
| 829 | 836 |
| 830 if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) | 837 if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) |
| 831 == NULL) | 838 == NULL) |
| 832 { | 839 { |
| 833 BIO_printf(bio_err,"there needs to be defined a director
y for new certificate to be placed in\n"); | 840 BIO_printf(bio_err,"there needs to be defined a director
y for new certificate to be placed in\n"); |
| 834 goto err; | 841 goto err; |
| 835 } | 842 } |
| 836 #ifndef OPENSSL_SYS_VMS | 843 #ifndef OPENSSL_SYS_VMS |
| 837 /* outdir is a directory spec, but access() for VMS demands a | 844 /* outdir is a directory spec, but access() for VMS demands a |
| 838 filename. In any case, stat(), below, will catch the problem | 845 filename. In any case, stat(), below, will catch the problem |
| 839 if outdir is not a directory spec, and the fopen() or open() | 846 if outdir is not a directory spec, and the fopen() or open() |
| 840 will catch an error if there is no write access. | 847 will catch an error if there is no write access. |
| 841 | 848 |
| 842 Presumably, this problem could also be solved by using the DEC | 849 Presumably, this problem could also be solved by using the DEC |
| 843 C routines to convert the directory syntax to Unixly, and give | 850 C routines to convert the directory syntax to Unixly, and give |
| 844 that to access(). However, time's too short to do that just | 851 that to access(). However, time's too short to do that just |
| 845 now. | 852 now. |
| 846 */ | 853 */ |
| 854 #ifndef _WIN32 |
| 847 if (access(outdir,R_OK|W_OK|X_OK) != 0) | 855 if (access(outdir,R_OK|W_OK|X_OK) != 0) |
| 856 #else |
| 857 if (_access(outdir,R_OK|W_OK|X_OK) != 0) |
| 858 #endif |
| 848 { | 859 { |
| 849 BIO_printf(bio_err,"I am unable to access the %s directo
ry\n",outdir); | 860 BIO_printf(bio_err,"I am unable to access the %s directo
ry\n",outdir); |
| 850 perror(outdir); | 861 perror(outdir); |
| 851 goto err; | 862 goto err; |
| 852 } | 863 } |
| 853 | 864 |
| 854 » » if (stat(outdir,&sb) != 0) | 865 » » if (app_isdir(outdir)<=0) |
| 855 » » » { | |
| 856 » » » BIO_printf(bio_err,"unable to stat(%s)\n",outdir); | |
| 857 » » » perror(outdir); | |
| 858 » » » goto err; | |
| 859 » » » } | |
| 860 #ifdef S_ISDIR | |
| 861 » » if (!S_ISDIR(sb.st_mode)) | |
| 862 { | 866 { |
| 863 BIO_printf(bio_err,"%s need to be a directory\n",outdir)
; | 867 BIO_printf(bio_err,"%s need to be a directory\n",outdir)
; |
| 864 perror(outdir); | 868 perror(outdir); |
| 865 goto err; | 869 goto err; |
| 866 } | 870 } |
| 867 #endif | 871 #endif |
| 868 #endif | |
| 869 } | 872 } |
| 870 | 873 |
| 871 /*****************************************************************/ | 874 /*****************************************************************/ |
| 872 /* we need to load the database file */ | 875 /* we need to load the database file */ |
| 873 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) | 876 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) |
| 874 { | 877 { |
| 875 lookup_fail(section,ENV_DATABASE); | 878 lookup_fail(section,ENV_DATABASE); |
| 876 goto err; | 879 goto err; |
| 877 } | 880 } |
| 878 db = load_index(dbfile, &db_attr); | 881 db = load_index(dbfile, &db_attr); |
| 879 if (db == NULL) goto err; | 882 if (db == NULL) goto err; |
| 880 | 883 |
| 881 /* Lets check some fields */ | 884 /* Lets check some fields */ |
| 882 » for (i=0; i<sk_num(db->db->data); i++) | 885 » for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) |
| 883 { | 886 { |
| 884 » » pp=(const char **)sk_value(db->db->data,i); | 887 » » pp=sk_OPENSSL_PSTRING_value(db->db->data,i); |
| 885 if ((pp[DB_type][0] != DB_TYPE_REV) && | 888 if ((pp[DB_type][0] != DB_TYPE_REV) && |
| 886 (pp[DB_rev_date][0] != '\0')) | 889 (pp[DB_rev_date][0] != '\0')) |
| 887 { | 890 { |
| 888 BIO_printf(bio_err,"entry %d: not revoked yet, but has a
revocation date\n",i+1); | 891 BIO_printf(bio_err,"entry %d: not revoked yet, but has a
revocation date\n",i+1); |
| 889 goto err; | 892 goto err; |
| 890 } | 893 } |
| 891 if ((pp[DB_type][0] == DB_TYPE_REV) && | 894 if ((pp[DB_type][0] == DB_TYPE_REV) && |
| 892 !make_revoked(NULL, pp[DB_rev_date])) | 895 !make_revoked(NULL, pp[DB_rev_date])) |
| 893 { | 896 { |
| 894 BIO_printf(bio_err," in entry %d\n", i+1); | 897 BIO_printf(bio_err," in entry %d\n", i+1); |
| 895 goto err; | 898 goto err; |
| 896 } | 899 } |
| 897 » » if (!check_time_format(pp[DB_exp_date])) | 900 » » if (!check_time_format((char *)pp[DB_exp_date])) |
| 898 { | 901 { |
| 899 BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1
); | 902 BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1
); |
| 900 goto err; | 903 goto err; |
| 901 } | 904 } |
| 902 p=pp[DB_serial]; | 905 p=pp[DB_serial]; |
| 903 j=strlen(p); | 906 j=strlen(p); |
| 904 if (*p == '-') | 907 if (*p == '-') |
| 905 { | 908 { |
| 906 p++; | 909 p++; |
| 907 j--; | 910 j--; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 927 { | 930 { |
| 928 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail *
/ | 931 BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail *
/ |
| 929 #ifdef OPENSSL_SYS_VMS | 932 #ifdef OPENSSL_SYS_VMS |
| 930 { | 933 { |
| 931 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | 934 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
| 932 out = BIO_push(tmpbio, out); | 935 out = BIO_push(tmpbio, out); |
| 933 } | 936 } |
| 934 #endif | 937 #endif |
| 935 TXT_DB_write(out,db->db); | 938 TXT_DB_write(out,db->db); |
| 936 BIO_printf(bio_err,"%d entries loaded from the database\n", | 939 BIO_printf(bio_err,"%d entries loaded from the database\n", |
| 937 » » » db->db->data->num); | 940 » » » sk_OPENSSL_PSTRING_num(db->db->data)); |
| 938 BIO_printf(bio_err,"generating index\n"); | 941 BIO_printf(bio_err,"generating index\n"); |
| 939 } | 942 } |
| 940 | 943 |
| 941 if (!index_index(db)) goto err; | 944 if (!index_index(db)) goto err; |
| 942 | 945 |
| 943 /*****************************************************************/ | 946 /*****************************************************************/ |
| 944 /* Update the db file for expired certificates */ | 947 /* Update the db file for expired certificates */ |
| 945 if (doupdatedb) | 948 if (doupdatedb) |
| 946 { | 949 { |
| 947 if (verbose) | 950 if (verbose) |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1018 } | 1021 } |
| 1019 } | 1022 } |
| 1020 | 1023 |
| 1021 if ((md == NULL) && ((md=NCONF_get_string(conf, | 1024 if ((md == NULL) && ((md=NCONF_get_string(conf, |
| 1022 section,ENV_DEFAULT_MD)) == NULL)) | 1025 section,ENV_DEFAULT_MD)) == NULL)) |
| 1023 { | 1026 { |
| 1024 lookup_fail(section,ENV_DEFAULT_MD); | 1027 lookup_fail(section,ENV_DEFAULT_MD); |
| 1025 goto err; | 1028 goto err; |
| 1026 } | 1029 } |
| 1027 | 1030 |
| 1031 if (!strcmp(md, "default")) |
| 1032 { |
| 1033 int def_nid; |
| 1034 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) |
| 1035 { |
| 1036 BIO_puts(bio_err,"no default digest\n"); |
| 1037 goto err; |
| 1038 } |
| 1039 md = (char *)OBJ_nid2sn(def_nid); |
| 1040 } |
| 1041 |
| 1028 if ((dgst=EVP_get_digestbyname(md)) == NULL) | 1042 if ((dgst=EVP_get_digestbyname(md)) == NULL) |
| 1029 { | 1043 { |
| 1030 BIO_printf(bio_err,"%s is an unsupported message digest type\n",
md); | 1044 BIO_printf(bio_err,"%s is an unsupported message digest type\n",
md); |
| 1031 goto err; | 1045 goto err; |
| 1032 } | 1046 } |
| 1033 | 1047 |
| 1034 if (req) | 1048 if (req) |
| 1035 { | 1049 { |
| 1036 if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, | 1050 if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, |
| 1037 section,ENV_DEFAULT_EMAIL_DN)) != NULL )) | 1051 section,ENV_DEFAULT_EMAIL_DN)) != NULL )) |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1087 } | 1101 } |
| 1088 } | 1102 } |
| 1089 | 1103 |
| 1090 if (startdate == NULL) | 1104 if (startdate == NULL) |
| 1091 { | 1105 { |
| 1092 startdate=NCONF_get_string(conf,section, | 1106 startdate=NCONF_get_string(conf,section, |
| 1093 ENV_DEFAULT_STARTDATE); | 1107 ENV_DEFAULT_STARTDATE); |
| 1094 if (startdate == NULL) | 1108 if (startdate == NULL) |
| 1095 ERR_clear_error(); | 1109 ERR_clear_error(); |
| 1096 } | 1110 } |
| 1097 » » if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate)) | 1111 » » if (startdate && !ASN1_TIME_set_string(NULL, startdate)) |
| 1098 { | 1112 { |
| 1099 » » » BIO_printf(bio_err,"start date is invalid, it should be
YYMMDDHHMMSSZ\n"); | 1113 » » » BIO_printf(bio_err,"start date is invalid, it should be
YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); |
| 1100 goto err; | 1114 goto err; |
| 1101 } | 1115 } |
| 1102 if (startdate == NULL) startdate="today"; | 1116 if (startdate == NULL) startdate="today"; |
| 1103 | 1117 |
| 1104 if (enddate == NULL) | 1118 if (enddate == NULL) |
| 1105 { | 1119 { |
| 1106 enddate=NCONF_get_string(conf,section, | 1120 enddate=NCONF_get_string(conf,section, |
| 1107 ENV_DEFAULT_ENDDATE); | 1121 ENV_DEFAULT_ENDDATE); |
| 1108 if (enddate == NULL) | 1122 if (enddate == NULL) |
| 1109 ERR_clear_error(); | 1123 ERR_clear_error(); |
| 1110 } | 1124 } |
| 1111 » » if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate)) | 1125 » » if (enddate && !ASN1_TIME_set_string(NULL, enddate)) |
| 1112 { | 1126 { |
| 1113 » » » BIO_printf(bio_err,"end date is invalid, it should be YY
MMDDHHMMSSZ\n"); | 1127 » » » BIO_printf(bio_err,"end date is invalid, it should be YY
MMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); |
| 1114 goto err; | 1128 goto err; |
| 1115 } | 1129 } |
| 1116 | 1130 |
| 1117 if (days == 0) | 1131 if (days == 0) |
| 1118 { | 1132 { |
| 1119 if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &da
ys)) | 1133 if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &da
ys)) |
| 1120 days = 0; | 1134 days = 0; |
| 1121 } | 1135 } |
| 1122 if (!enddate && (days == 0)) | 1136 if (!enddate && (days == 0)) |
| 1123 { | 1137 { |
| (...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1363 } | 1377 } |
| 1364 | 1378 |
| 1365 if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) | 1379 if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) |
| 1366 != NULL) | 1380 != NULL) |
| 1367 if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NUL
L) | 1381 if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NUL
L) |
| 1368 { | 1382 { |
| 1369 BIO_printf(bio_err,"error while loading CRL numb
er\n"); | 1383 BIO_printf(bio_err,"error while loading CRL numb
er\n"); |
| 1370 goto err; | 1384 goto err; |
| 1371 } | 1385 } |
| 1372 | 1386 |
| 1373 » » if (!crldays && !crlhours) | 1387 » » if (!crldays && !crlhours && !crlsec) |
| 1374 { | 1388 { |
| 1375 if (!NCONF_get_number(conf,section, | 1389 if (!NCONF_get_number(conf,section, |
| 1376 ENV_DEFAULT_CRL_DAYS, &crldays)) | 1390 ENV_DEFAULT_CRL_DAYS, &crldays)) |
| 1377 crldays = 0; | 1391 crldays = 0; |
| 1378 if (!NCONF_get_number(conf,section, | 1392 if (!NCONF_get_number(conf,section, |
| 1379 ENV_DEFAULT_CRL_HOURS, &crlhours)) | 1393 ENV_DEFAULT_CRL_HOURS, &crlhours)) |
| 1380 crlhours = 0; | 1394 crlhours = 0; |
| 1381 } | 1395 } |
| 1382 » » if ((crldays == 0) && (crlhours == 0)) | 1396 » » if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) |
| 1383 { | 1397 { |
| 1384 BIO_printf(bio_err,"cannot lookup how long until the nex
t CRL is issued\n"); | 1398 BIO_printf(bio_err,"cannot lookup how long until the nex
t CRL is issued\n"); |
| 1385 goto err; | 1399 goto err; |
| 1386 } | 1400 } |
| 1387 | 1401 |
| 1388 if (verbose) BIO_printf(bio_err,"making CRL\n"); | 1402 if (verbose) BIO_printf(bio_err,"making CRL\n"); |
| 1389 if ((crl=X509_CRL_new()) == NULL) goto err; | 1403 if ((crl=X509_CRL_new()) == NULL) goto err; |
| 1390 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
goto err; | 1404 if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
goto err; |
| 1391 | 1405 |
| 1392 tmptm = ASN1_TIME_new(); | 1406 tmptm = ASN1_TIME_new(); |
| 1393 if (!tmptm) goto err; | 1407 if (!tmptm) goto err; |
| 1394 X509_gmtime_adj(tmptm,0); | 1408 X509_gmtime_adj(tmptm,0); |
| 1395 X509_CRL_set_lastUpdate(crl, tmptm); | 1409 X509_CRL_set_lastUpdate(crl, tmptm); |
| 1396 » » X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60); | 1410 » » if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, |
| 1411 » » » NULL)) |
| 1412 » » » { |
| 1413 » » » BIO_puts(bio_err, "error setting CRL nextUpdate\n"); |
| 1414 » » » goto err; |
| 1415 » » » } |
| 1397 X509_CRL_set_nextUpdate(crl, tmptm); | 1416 X509_CRL_set_nextUpdate(crl, tmptm); |
| 1398 | 1417 |
| 1399 ASN1_TIME_free(tmptm); | 1418 ASN1_TIME_free(tmptm); |
| 1400 | 1419 |
| 1401 » » for (i=0; i<sk_num(db->db->data); i++) | 1420 » » for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) |
| 1402 { | 1421 { |
| 1403 » » » pp=(const char **)sk_value(db->db->data,i); | 1422 » » » pp=sk_OPENSSL_PSTRING_value(db->db->data,i); |
| 1404 if (pp[DB_type][0] == DB_TYPE_REV) | 1423 if (pp[DB_type][0] == DB_TYPE_REV) |
| 1405 { | 1424 { |
| 1406 if ((r=X509_REVOKED_new()) == NULL) goto err; | 1425 if ((r=X509_REVOKED_new()) == NULL) goto err; |
| 1407 j = make_revoked(r, pp[DB_rev_date]); | 1426 j = make_revoked(r, pp[DB_rev_date]); |
| 1408 if (!j) goto err; | 1427 if (!j) goto err; |
| 1409 if (j == 2) crl_v2 = 1; | 1428 if (j == 2) crl_v2 = 1; |
| 1410 if (!BN_hex2bn(&serial, pp[DB_serial])) | 1429 if (!BN_hex2bn(&serial, pp[DB_serial])) |
| 1411 goto err; | 1430 goto err; |
| 1412 tmpser = BN_to_ASN1_INTEGER(serial, NULL); | 1431 tmpser = BN_to_ASN1_INTEGER(serial, NULL); |
| 1413 BN_free(serial); | 1432 BN_free(serial); |
| 1414 serial = NULL; | 1433 serial = NULL; |
| 1415 if (!tmpser) | 1434 if (!tmpser) |
| 1416 goto err; | 1435 goto err; |
| 1417 X509_REVOKED_set_serialNumber(r, tmpser); | 1436 X509_REVOKED_set_serialNumber(r, tmpser); |
| 1418 ASN1_INTEGER_free(tmpser); | 1437 ASN1_INTEGER_free(tmpser); |
| 1419 X509_CRL_add0_revoked(crl,r); | 1438 X509_CRL_add0_revoked(crl,r); |
| 1420 } | 1439 } |
| 1421 } | 1440 } |
| 1422 | 1441 |
| 1423 /* sort the data so it will be written in serial | 1442 /* sort the data so it will be written in serial |
| 1424 * number order */ | 1443 * number order */ |
| 1425 X509_CRL_sort(crl); | 1444 X509_CRL_sort(crl); |
| 1426 | 1445 |
| 1427 /* we now have a CRL */ | 1446 /* we now have a CRL */ |
| 1428 if (verbose) BIO_printf(bio_err,"signing CRL\n"); | 1447 if (verbose) BIO_printf(bio_err,"signing CRL\n"); |
| 1429 #ifndef OPENSSL_NO_DSA | |
| 1430 if (pkey->type == EVP_PKEY_DSA) | |
| 1431 dgst=EVP_dss1(); | |
| 1432 else | |
| 1433 #endif | |
| 1434 #ifndef OPENSSL_NO_ECDSA | |
| 1435 if (pkey->type == EVP_PKEY_EC) | |
| 1436 dgst=EVP_ecdsa(); | |
| 1437 #endif | |
| 1438 | 1448 |
| 1439 /* Add any extensions asked for */ | 1449 /* Add any extensions asked for */ |
| 1440 | 1450 |
| 1441 if (crl_ext || crlnumberfile != NULL) | 1451 if (crl_ext || crlnumberfile != NULL) |
| 1442 { | 1452 { |
| 1443 X509V3_CTX crlctx; | 1453 X509V3_CTX crlctx; |
| 1444 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); | 1454 X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); |
| 1445 X509V3_set_nconf(&crlctx, conf); | 1455 X509V3_set_nconf(&crlctx, conf); |
| 1446 | 1456 |
| 1447 if (crl_ext) | 1457 if (crl_ext) |
| (...skipping 12 matching lines...) Expand all Loading... |
| 1460 if (crl_ext || crl_v2) | 1470 if (crl_ext || crl_v2) |
| 1461 { | 1471 { |
| 1462 if (!X509_CRL_set_version(crl, 1)) | 1472 if (!X509_CRL_set_version(crl, 1)) |
| 1463 goto err; /* version 2 CRL */ | 1473 goto err; /* version 2 CRL */ |
| 1464 } | 1474 } |
| 1465 | 1475 |
| 1466 | 1476 |
| 1467 if (crlnumberfile != NULL) /* we have a CRL number that nee
d updating */ | 1477 if (crlnumberfile != NULL) /* we have a CRL number that nee
d updating */ |
| 1468 if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) go
to err; | 1478 if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) go
to err; |
| 1469 | 1479 |
| 1480 if (crlnumber) |
| 1481 { |
| 1482 BN_free(crlnumber); |
| 1483 crlnumber = NULL; |
| 1484 } |
| 1485 |
| 1470 if (!X509_CRL_sign(crl,pkey,dgst)) goto err; | 1486 if (!X509_CRL_sign(crl,pkey,dgst)) goto err; |
| 1471 | 1487 |
| 1472 PEM_write_bio_X509_CRL(Sout,crl); | 1488 PEM_write_bio_X509_CRL(Sout,crl); |
| 1473 | 1489 |
| 1474 if (crlnumberfile != NULL) /* Rename the crlnumber file */ | 1490 if (crlnumberfile != NULL) /* Rename the crlnumber file */ |
| 1475 if (!rotate_serial(crlnumberfile,"new","old")) goto err; | 1491 if (!rotate_serial(crlnumberfile,"new","old")) goto err; |
| 1476 | 1492 |
| 1477 } | 1493 } |
| 1478 /*****************************************************************/ | 1494 /*****************************************************************/ |
| 1479 if (dorevoke) | 1495 if (dorevoke) |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1512 BIO_free_all(in); | 1528 BIO_free_all(in); |
| 1513 | 1529 |
| 1514 if (cert_sk) | 1530 if (cert_sk) |
| 1515 sk_X509_pop_free(cert_sk,X509_free); | 1531 sk_X509_pop_free(cert_sk,X509_free); |
| 1516 | 1532 |
| 1517 if (ret) ERR_print_errors(bio_err); | 1533 if (ret) ERR_print_errors(bio_err); |
| 1518 app_RAND_write_file(randfile, bio_err); | 1534 app_RAND_write_file(randfile, bio_err); |
| 1519 if (free_key && key) | 1535 if (free_key && key) |
| 1520 OPENSSL_free(key); | 1536 OPENSSL_free(key); |
| 1521 BN_free(serial); | 1537 BN_free(serial); |
| 1538 BN_free(crlnumber); |
| 1522 free_index(db); | 1539 free_index(db); |
| 1523 EVP_PKEY_free(pkey); | 1540 EVP_PKEY_free(pkey); |
| 1524 if (x509) X509_free(x509); | 1541 if (x509) X509_free(x509); |
| 1525 X509_CRL_free(crl); | 1542 X509_CRL_free(crl); |
| 1526 NCONF_free(conf); | 1543 NCONF_free(conf); |
| 1527 NCONF_free(extconf); | 1544 NCONF_free(extconf); |
| 1528 OBJ_cleanup(); | 1545 OBJ_cleanup(); |
| 1529 apps_shutdown(); | 1546 apps_shutdown(); |
| 1530 OPENSSL_EXIT(ret); | 1547 OPENSSL_EXIT(ret); |
| 1531 } | 1548 } |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1670 ASN1_STRING *str,*str2; | 1687 ASN1_STRING *str,*str2; |
| 1671 ASN1_OBJECT *obj; | 1688 ASN1_OBJECT *obj; |
| 1672 X509 *ret=NULL; | 1689 X509 *ret=NULL; |
| 1673 X509_CINF *ci; | 1690 X509_CINF *ci; |
| 1674 X509_NAME_ENTRY *ne; | 1691 X509_NAME_ENTRY *ne; |
| 1675 X509_NAME_ENTRY *tne,*push; | 1692 X509_NAME_ENTRY *tne,*push; |
| 1676 EVP_PKEY *pktmp; | 1693 EVP_PKEY *pktmp; |
| 1677 int ok= -1,i,j,last,nid; | 1694 int ok= -1,i,j,last,nid; |
| 1678 const char *p; | 1695 const char *p; |
| 1679 CONF_VALUE *cv; | 1696 CONF_VALUE *cv; |
| 1680 » char *row[DB_NUMBER],**rrow=NULL,**irow=NULL; | 1697 » OPENSSL_STRING row[DB_NUMBER]; |
| 1698 » OPENSSL_STRING *irow=NULL; |
| 1699 » OPENSSL_STRING *rrow=NULL; |
| 1681 char buf[25]; | 1700 char buf[25]; |
| 1682 | 1701 |
| 1683 tmptm=ASN1_UTCTIME_new(); | 1702 tmptm=ASN1_UTCTIME_new(); |
| 1684 if (tmptm == NULL) | 1703 if (tmptm == NULL) |
| 1685 { | 1704 { |
| 1686 BIO_printf(bio_err,"malloc error\n"); | 1705 BIO_printf(bio_err,"malloc error\n"); |
| 1687 return(0); | 1706 return(0); |
| 1688 } | 1707 } |
| 1689 | 1708 |
| 1690 for (i=0; i<DB_NUMBER; i++) | 1709 for (i=0; i<DB_NUMBER; i++) |
| (...skipping 221 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1912 else | 1931 else |
| 1913 row[DB_serial]=BN_bn2hex(serial); | 1932 row[DB_serial]=BN_bn2hex(serial); |
| 1914 if (row[DB_serial] == NULL) | 1933 if (row[DB_serial] == NULL) |
| 1915 { | 1934 { |
| 1916 BIO_printf(bio_err,"Memory allocation failure\n"); | 1935 BIO_printf(bio_err,"Memory allocation failure\n"); |
| 1917 goto err; | 1936 goto err; |
| 1918 } | 1937 } |
| 1919 | 1938 |
| 1920 if (db->attributes.unique_subject) | 1939 if (db->attributes.unique_subject) |
| 1921 { | 1940 { |
| 1922 » » rrow=TXT_DB_get_by_index(db->db,DB_name,row); | 1941 » » OPENSSL_STRING *crow=row; |
| 1942 |
| 1943 » » rrow=TXT_DB_get_by_index(db->db,DB_name,crow); |
| 1923 if (rrow != NULL) | 1944 if (rrow != NULL) |
| 1924 { | 1945 { |
| 1925 BIO_printf(bio_err, | 1946 BIO_printf(bio_err, |
| 1926 "ERROR:There is already a certificate for %s\n", | 1947 "ERROR:There is already a certificate for %s\n", |
| 1927 row[DB_name]); | 1948 row[DB_name]); |
| 1928 } | 1949 } |
| 1929 } | 1950 } |
| 1930 if (rrow == NULL) | 1951 if (rrow == NULL) |
| 1931 { | 1952 { |
| 1932 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); | 1953 rrow=TXT_DB_get_by_index(db->db,DB_serial,row); |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1988 goto err; | 2009 goto err; |
| 1989 } | 2010 } |
| 1990 else | 2011 else |
| 1991 { | 2012 { |
| 1992 if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) | 2013 if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) |
| 1993 goto err; | 2014 goto err; |
| 1994 } | 2015 } |
| 1995 | 2016 |
| 1996 if (strcmp(startdate,"today") == 0) | 2017 if (strcmp(startdate,"today") == 0) |
| 1997 X509_gmtime_adj(X509_get_notBefore(ret),0); | 2018 X509_gmtime_adj(X509_get_notBefore(ret),0); |
| 1998 » else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate); | 2019 » else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate); |
| 1999 | 2020 |
| 2000 if (enddate == NULL) | 2021 if (enddate == NULL) |
| 2001 » » X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days); | 2022 » » X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL); |
| 2002 » else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate); | 2023 » else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate); |
| 2003 | 2024 |
| 2004 if (!X509_set_subject_name(ret,subject)) goto err; | 2025 if (!X509_set_subject_name(ret,subject)) goto err; |
| 2005 | 2026 |
| 2006 pktmp=X509_REQ_get_pubkey(req); | 2027 pktmp=X509_REQ_get_pubkey(req); |
| 2007 i = X509_set_pubkey(ret,pktmp); | 2028 i = X509_set_pubkey(ret,pktmp); |
| 2008 EVP_PKEY_free(pktmp); | 2029 EVP_PKEY_free(pktmp); |
| 2009 if (!i) goto err; | 2030 if (!i) goto err; |
| 2010 | 2031 |
| 2011 /* Lets add the extensions, if there are any */ | 2032 /* Lets add the extensions, if there are any */ |
| 2012 if (ext_sect) | 2033 if (ext_sect) |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2112 goto err; | 2133 goto err; |
| 2113 } | 2134 } |
| 2114 if (!((buf[0] == 'y') || (buf[0] == 'Y'))) | 2135 if (!((buf[0] == 'y') || (buf[0] == 'Y'))) |
| 2115 { | 2136 { |
| 2116 BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"
); | 2137 BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"
); |
| 2117 ok=0; | 2138 ok=0; |
| 2118 goto err; | 2139 goto err; |
| 2119 } | 2140 } |
| 2120 } | 2141 } |
| 2121 | 2142 |
| 2122 | |
| 2123 #ifndef OPENSSL_NO_DSA | |
| 2124 if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1(); | |
| 2125 pktmp=X509_get_pubkey(ret); | 2143 pktmp=X509_get_pubkey(ret); |
| 2126 if (EVP_PKEY_missing_parameters(pktmp) && | 2144 if (EVP_PKEY_missing_parameters(pktmp) && |
| 2127 !EVP_PKEY_missing_parameters(pkey)) | 2145 !EVP_PKEY_missing_parameters(pkey)) |
| 2128 EVP_PKEY_copy_parameters(pktmp,pkey); | 2146 EVP_PKEY_copy_parameters(pktmp,pkey); |
| 2129 EVP_PKEY_free(pktmp); | 2147 EVP_PKEY_free(pktmp); |
| 2130 #endif | |
| 2131 #ifndef OPENSSL_NO_ECDSA | |
| 2132 if (pkey->type == EVP_PKEY_EC) | |
| 2133 dgst = EVP_ecdsa(); | |
| 2134 pktmp = X509_get_pubkey(ret); | |
| 2135 if (EVP_PKEY_missing_parameters(pktmp) && | |
| 2136 !EVP_PKEY_missing_parameters(pkey)) | |
| 2137 EVP_PKEY_copy_parameters(pktmp, pkey); | |
| 2138 EVP_PKEY_free(pktmp); | |
| 2139 #endif | |
| 2140 | |
| 2141 | 2148 |
| 2142 if (!X509_sign(ret,pkey,dgst)) | 2149 if (!X509_sign(ret,pkey,dgst)) |
| 2143 goto err; | 2150 goto err; |
| 2144 | 2151 |
| 2145 /* We now just add it to the database */ | 2152 /* We now just add it to the database */ |
| 2146 row[DB_type]=(char *)OPENSSL_malloc(2); | 2153 row[DB_type]=(char *)OPENSSL_malloc(2); |
| 2147 | 2154 |
| 2148 tm=X509_get_notAfter(ret); | 2155 tm=X509_get_notAfter(ret); |
| 2149 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); | 2156 row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); |
| 2150 memcpy(row[DB_exp_date],tm->data,tm->length); | 2157 memcpy(row[DB_exp_date],tm->data,tm->length); |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2232 PEM_write_bio_X509(bp,x); | 2239 PEM_write_bio_X509(bp,x); |
| 2233 } | 2240 } |
| 2234 | 2241 |
| 2235 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, | 2242 static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, |
| 2236 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, | 2243 const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, |
| 2237 BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int
email_dn, char *startdate, char *enddate, | 2244 BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int
email_dn, char *startdate, char *enddate, |
| 2238 long days, char *ext_sect, CONF *lconf, int verbose, unsigned long
certopt, | 2245 long days, char *ext_sect, CONF *lconf, int verbose, unsigned long
certopt, |
| 2239 unsigned long nameopt, int default_op, int ext_copy) | 2246 unsigned long nameopt, int default_op, int ext_copy) |
| 2240 { | 2247 { |
| 2241 STACK_OF(CONF_VALUE) *sk=NULL; | 2248 STACK_OF(CONF_VALUE) *sk=NULL; |
| 2242 » LHASH *parms=NULL; | 2249 » LHASH_OF(CONF_VALUE) *parms=NULL; |
| 2243 X509_REQ *req=NULL; | 2250 X509_REQ *req=NULL; |
| 2244 CONF_VALUE *cv=NULL; | 2251 CONF_VALUE *cv=NULL; |
| 2245 NETSCAPE_SPKI *spki = NULL; | 2252 NETSCAPE_SPKI *spki = NULL; |
| 2246 X509_REQ_INFO *ri; | 2253 X509_REQ_INFO *ri; |
| 2247 char *type,*buf; | 2254 char *type,*buf; |
| 2248 EVP_PKEY *pktmp=NULL; | 2255 EVP_PKEY *pktmp=NULL; |
| 2249 X509_NAME *n=NULL; | 2256 X509_NAME *n=NULL; |
| 2250 X509_NAME_ENTRY *ne=NULL; | 2257 X509_NAME_ENTRY *ne=NULL; |
| 2251 int ok= -1,i,j; | 2258 int ok= -1,i,j; |
| 2252 long errline; | 2259 long errline; |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2366 if (req != NULL) X509_REQ_free(req); | 2373 if (req != NULL) X509_REQ_free(req); |
| 2367 if (parms != NULL) CONF_free(parms); | 2374 if (parms != NULL) CONF_free(parms); |
| 2368 if (spki != NULL) NETSCAPE_SPKI_free(spki); | 2375 if (spki != NULL) NETSCAPE_SPKI_free(spki); |
| 2369 if (ne != NULL) X509_NAME_ENTRY_free(ne); | 2376 if (ne != NULL) X509_NAME_ENTRY_free(ne); |
| 2370 | 2377 |
| 2371 return(ok); | 2378 return(ok); |
| 2372 } | 2379 } |
| 2373 | 2380 |
| 2374 static int check_time_format(const char *str) | 2381 static int check_time_format(const char *str) |
| 2375 { | 2382 { |
| 2376 » ASN1_TIME tm; | 2383 » return ASN1_TIME_set_string(NULL, str); |
| 2377 | |
| 2378 » tm.data=(unsigned char *)str; | |
| 2379 » tm.length=strlen(str); | |
| 2380 » tm.type=V_ASN1_UTCTIME; | |
| 2381 » if (ASN1_TIME_check(&tm)) | |
| 2382 » » return 1; | |
| 2383 » tm.type=V_ASN1_GENERALIZEDTIME; | |
| 2384 » return ASN1_TIME_check(&tm); | |
| 2385 } | 2384 } |
| 2386 | 2385 |
| 2387 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) | 2386 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) |
| 2388 { | 2387 { |
| 2389 ASN1_UTCTIME *tm=NULL; | 2388 ASN1_UTCTIME *tm=NULL; |
| 2390 char *row[DB_NUMBER],**rrow,**irow; | 2389 char *row[DB_NUMBER],**rrow,**irow; |
| 2391 char *rev_str = NULL; | 2390 char *rev_str = NULL; |
| 2392 BIGNUM *bn = NULL; | 2391 BIGNUM *bn = NULL; |
| 2393 int ok=-1,i; | 2392 int ok=-1,i; |
| 2394 | 2393 |
| 2395 for (i=0; i<DB_NUMBER; i++) | 2394 for (i=0; i<DB_NUMBER; i++) |
| 2396 row[i]=NULL; | 2395 row[i]=NULL; |
| 2397 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); | 2396 row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); |
| 2398 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); | 2397 bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); |
| 2398 if (!bn) |
| 2399 goto err; |
| 2399 if (BN_is_zero(bn)) | 2400 if (BN_is_zero(bn)) |
| 2400 row[DB_serial]=BUF_strdup("00"); | 2401 row[DB_serial]=BUF_strdup("00"); |
| 2401 else | 2402 else |
| 2402 row[DB_serial]=BN_bn2hex(bn); | 2403 row[DB_serial]=BN_bn2hex(bn); |
| 2403 BN_free(bn); | 2404 BN_free(bn); |
| 2404 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) | 2405 if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) |
| 2405 { | 2406 { |
| 2406 BIO_printf(bio_err,"Memory allocation failure\n"); | 2407 BIO_printf(bio_err,"Memory allocation failure\n"); |
| 2407 goto err; | 2408 goto err; |
| 2408 } | 2409 } |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2458 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->e
rror); | 2459 BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->e
rror); |
| 2459 goto err; | 2460 goto err; |
| 2460 } | 2461 } |
| 2461 | 2462 |
| 2462 /* Revoke Certificate */ | 2463 /* Revoke Certificate */ |
| 2463 ok = do_revoke(x509,db, type, value); | 2464 ok = do_revoke(x509,db, type, value); |
| 2464 | 2465 |
| 2465 goto err; | 2466 goto err; |
| 2466 | 2467 |
| 2467 } | 2468 } |
| 2468 » else if (index_name_cmp((const char **)row,(const char **)rrow)) | 2469 » else if (index_name_cmp_noconst(row, rrow)) |
| 2469 { | 2470 { |
| 2470 BIO_printf(bio_err,"ERROR:name does not match %s\n", | 2471 BIO_printf(bio_err,"ERROR:name does not match %s\n", |
| 2471 row[DB_name]); | 2472 row[DB_name]); |
| 2472 goto err; | 2473 goto err; |
| 2473 } | 2474 } |
| 2474 else if (rrow[DB_type][0]=='R') | 2475 else if (rrow[DB_type][0]=='R') |
| 2475 { | 2476 { |
| 2476 BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", | 2477 BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", |
| 2477 row[DB_serial]); | 2478 row[DB_serial]); |
| 2478 goto err; | 2479 goto err; |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2607 } | 2608 } |
| 2608 | 2609 |
| 2609 memcpy(a_tm_s, a_tm->data, a_tm->length); | 2610 memcpy(a_tm_s, a_tm->data, a_tm->length); |
| 2610 a_tm_s[a_tm->length] = '\0'; | 2611 a_tm_s[a_tm->length] = '\0'; |
| 2611 | 2612 |
| 2612 if (strncmp(a_tm_s, "49", 2) <= 0) | 2613 if (strncmp(a_tm_s, "49", 2) <= 0) |
| 2613 a_y2k = 1; | 2614 a_y2k = 1; |
| 2614 else | 2615 else |
| 2615 a_y2k = 0; | 2616 a_y2k = 0; |
| 2616 | 2617 |
| 2617 » for (i = 0; i < sk_num(db->db->data); i++) | 2618 » for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) |
| 2618 { | 2619 { |
| 2619 » » rrow = (char **) sk_value(db->db->data, i); | 2620 » » rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); |
| 2620 | 2621 |
| 2621 if (rrow[DB_type][0] == 'V') | 2622 if (rrow[DB_type][0] == 'V') |
| 2622 { | 2623 { |
| 2623 /* ignore entries that are not valid */ | 2624 /* ignore entries that are not valid */ |
| 2624 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) | 2625 if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) |
| 2625 db_y2k = 1; | 2626 db_y2k = 1; |
| 2626 else | 2627 else |
| 2627 db_y2k = 0; | 2628 db_y2k = 0; |
| 2628 | 2629 |
| 2629 if (db_y2k == a_y2k) | 2630 if (db_y2k == a_y2k) |
| (...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2856 else if (str->type == V_ASN1_IA5STRING) | 2857 else if (str->type == V_ASN1_IA5STRING) |
| 2857 BIO_printf(bp,"IA5STRING:'"); | 2858 BIO_printf(bp,"IA5STRING:'"); |
| 2858 else if (str->type == V_ASN1_UNIVERSALSTRING) | 2859 else if (str->type == V_ASN1_UNIVERSALSTRING) |
| 2859 BIO_printf(bp,"UNIVERSALSTRING:'"); | 2860 BIO_printf(bp,"UNIVERSALSTRING:'"); |
| 2860 else | 2861 else |
| 2861 BIO_printf(bp,"ASN.1 %2d:'",str->type); | 2862 BIO_printf(bp,"ASN.1 %2d:'",str->type); |
| 2862 | 2863 |
| 2863 p=(char *)str->data; | 2864 p=(char *)str->data; |
| 2864 for (j=str->length; j>0; j--) | 2865 for (j=str->length; j>0; j--) |
| 2865 { | 2866 { |
| 2866 #ifdef CHARSET_EBCDIC | |
| 2867 if ((*p >= 0x20) && (*p <= 0x7e)) | |
| 2868 BIO_printf(bp,"%c",os_toebcdic[*p]); | |
| 2869 #else | |
| 2870 if ((*p >= ' ') && (*p <= '~')) | 2867 if ((*p >= ' ') && (*p <= '~')) |
| 2871 BIO_printf(bp,"%c",*p); | 2868 BIO_printf(bp,"%c",*p); |
| 2872 #endif | |
| 2873 else if (*p & 0x80) | 2869 else if (*p & 0x80) |
| 2874 BIO_printf(bp,"\\0x%02X",*p); | 2870 BIO_printf(bp,"\\0x%02X",*p); |
| 2875 else if ((unsigned char)*p == 0xf7) | 2871 else if ((unsigned char)*p == 0xf7) |
| 2876 BIO_printf(bp,"^?"); | 2872 BIO_printf(bp,"^?"); |
| 2877 #ifdef CHARSET_EBCDIC | |
| 2878 else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]); | |
| 2879 #else | |
| 2880 else BIO_printf(bp,"^%c",*p+'@'); | 2873 else BIO_printf(bp,"^%c",*p+'@'); |
| 2881 #endif | |
| 2882 p++; | 2874 p++; |
| 2883 } | 2875 } |
| 2884 BIO_printf(bp,"'\n"); | 2876 BIO_printf(bp,"'\n"); |
| 2885 return 1; | 2877 return 1; |
| 2886 } | 2878 } |
| 2887 | 2879 |
| 2888 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
ENERALIZEDTIME **pinvtm, const char *str) | 2880 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
ENERALIZEDTIME **pinvtm, const char *str) |
| 2889 { | 2881 { |
| 2890 char *tmp = NULL; | 2882 char *tmp = NULL; |
| 2891 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; | 2883 char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2984 ret = 1; | 2976 ret = 1; |
| 2985 | 2977 |
| 2986 err: | 2978 err: |
| 2987 | 2979 |
| 2988 if (tmp) OPENSSL_free(tmp); | 2980 if (tmp) OPENSSL_free(tmp); |
| 2989 if (!phold) ASN1_OBJECT_free(hold); | 2981 if (!phold) ASN1_OBJECT_free(hold); |
| 2990 if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); | 2982 if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); |
| 2991 | 2983 |
| 2992 return ret; | 2984 return ret; |
| 2993 } | 2985 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/