| Index: openssl/apps/ca.c
|
| ===================================================================
|
| --- openssl/apps/ca.c (revision 105093)
|
| +++ openssl/apps/ca.c (working copy)
|
| @@ -63,7 +63,6 @@
|
| #include <string.h>
|
| #include <ctype.h>
|
| #include <sys/types.h>
|
| -#include <sys/stat.h>
|
| #include <openssl/conf.h>
|
| #include <openssl/bio.h>
|
| #include <openssl/err.h>
|
| @@ -83,7 +82,7 @@
|
| # else
|
| # include <unixlib.h>
|
| # endif
|
| -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
|
| +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
|
| # include <sys/file.h>
|
| # endif
|
| #endif
|
| @@ -258,6 +257,7 @@
|
| int doupdatedb=0;
|
| long crldays=0;
|
| long crlhours=0;
|
| + long crlsec=0;
|
| long errorline= -1;
|
| char *configfile=NULL;
|
| char *md=NULL;
|
| @@ -305,7 +305,8 @@
|
| ASN1_TIME *tmptm;
|
| ASN1_INTEGER *tmpser;
|
| char *f;
|
| - const char *p, **pp;
|
| + const char *p;
|
| + char * const *pp;
|
| int i,j;
|
| const EVP_MD *dgst=NULL;
|
| STACK_OF(CONF_VALUE) *attribs=NULL;
|
| @@ -456,6 +457,11 @@
|
| if (--argc < 1) goto bad;
|
| crlhours= atol(*(++argv));
|
| }
|
| + else if (strcmp(*argv,"-crlsec") == 0)
|
| + {
|
| + if (--argc < 1) goto bad;
|
| + crlsec = atol(*(++argv));
|
| + }
|
| else if (strcmp(*argv,"-infiles") == 0)
|
| {
|
| argc--;
|
| @@ -549,8 +555,10 @@
|
|
|
| if (badops)
|
| {
|
| - for (pp=ca_usage; (*pp != NULL); pp++)
|
| - BIO_printf(bio_err,"%s",*pp);
|
| + const char **pp2;
|
| +
|
| + for (pp2=ca_usage; (*pp2 != NULL); pp2++)
|
| + BIO_printf(bio_err,"%s",*pp2);
|
| goto err;
|
| }
|
|
|
| @@ -825,7 +833,6 @@
|
| /* lookup where to write new certificates */
|
| if ((outdir == NULL) && (req))
|
| {
|
| - struct stat sb;
|
|
|
| if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
|
| == NULL)
|
| @@ -844,28 +851,24 @@
|
| that to access(). However, time's too short to do that just
|
| now.
|
| */
|
| +#ifndef _WIN32
|
| if (access(outdir,R_OK|W_OK|X_OK) != 0)
|
| +#else
|
| + if (_access(outdir,R_OK|W_OK|X_OK) != 0)
|
| +#endif
|
| {
|
| BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
|
| perror(outdir);
|
| goto err;
|
| }
|
|
|
| - if (stat(outdir,&sb) != 0)
|
| + if (app_isdir(outdir)<=0)
|
| {
|
| - BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
|
| - perror(outdir);
|
| - goto err;
|
| - }
|
| -#ifdef S_ISDIR
|
| - if (!S_ISDIR(sb.st_mode))
|
| - {
|
| BIO_printf(bio_err,"%s need to be a directory\n",outdir);
|
| perror(outdir);
|
| goto err;
|
| }
|
| #endif
|
| -#endif
|
| }
|
|
|
| /*****************************************************************/
|
| @@ -879,9 +882,9 @@
|
| if (db == NULL) goto err;
|
|
|
| /* Lets check some fields */
|
| - for (i=0; i<sk_num(db->db->data); i++)
|
| + for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
| {
|
| - pp=(const char **)sk_value(db->db->data,i);
|
| + pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
|
| if ((pp[DB_type][0] != DB_TYPE_REV) &&
|
| (pp[DB_rev_date][0] != '\0'))
|
| {
|
| @@ -894,7 +897,7 @@
|
| BIO_printf(bio_err," in entry %d\n", i+1);
|
| goto err;
|
| }
|
| - if (!check_time_format(pp[DB_exp_date]))
|
| + if (!check_time_format((char *)pp[DB_exp_date]))
|
| {
|
| BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
|
| goto err;
|
| @@ -934,7 +937,7 @@
|
| #endif
|
| TXT_DB_write(out,db->db);
|
| BIO_printf(bio_err,"%d entries loaded from the database\n",
|
| - db->db->data->num);
|
| + sk_OPENSSL_PSTRING_num(db->db->data));
|
| BIO_printf(bio_err,"generating index\n");
|
| }
|
|
|
| @@ -1025,6 +1028,17 @@
|
| goto err;
|
| }
|
|
|
| + if (!strcmp(md, "default"))
|
| + {
|
| + int def_nid;
|
| + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
|
| + {
|
| + BIO_puts(bio_err,"no default digest\n");
|
| + goto err;
|
| + }
|
| + md = (char *)OBJ_nid2sn(def_nid);
|
| + }
|
| +
|
| if ((dgst=EVP_get_digestbyname(md)) == NULL)
|
| {
|
| BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
|
| @@ -1094,9 +1108,9 @@
|
| if (startdate == NULL)
|
| ERR_clear_error();
|
| }
|
| - if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
|
| + if (startdate && !ASN1_TIME_set_string(NULL, startdate))
|
| {
|
| - BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
|
| + BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
|
| goto err;
|
| }
|
| if (startdate == NULL) startdate="today";
|
| @@ -1108,9 +1122,9 @@
|
| if (enddate == NULL)
|
| ERR_clear_error();
|
| }
|
| - if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
|
| + if (enddate && !ASN1_TIME_set_string(NULL, enddate))
|
| {
|
| - BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
|
| + BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
|
| goto err;
|
| }
|
|
|
| @@ -1370,7 +1384,7 @@
|
| goto err;
|
| }
|
|
|
| - if (!crldays && !crlhours)
|
| + if (!crldays && !crlhours && !crlsec)
|
| {
|
| if (!NCONF_get_number(conf,section,
|
| ENV_DEFAULT_CRL_DAYS, &crldays))
|
| @@ -1379,7 +1393,7 @@
|
| ENV_DEFAULT_CRL_HOURS, &crlhours))
|
| crlhours = 0;
|
| }
|
| - if ((crldays == 0) && (crlhours == 0))
|
| + if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
|
| {
|
| BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
|
| goto err;
|
| @@ -1393,14 +1407,19 @@
|
| if (!tmptm) goto err;
|
| X509_gmtime_adj(tmptm,0);
|
| X509_CRL_set_lastUpdate(crl, tmptm);
|
| - X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
|
| + if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
|
| + NULL))
|
| + {
|
| + BIO_puts(bio_err, "error setting CRL nextUpdate\n");
|
| + goto err;
|
| + }
|
| X509_CRL_set_nextUpdate(crl, tmptm);
|
|
|
| ASN1_TIME_free(tmptm);
|
|
|
| - for (i=0; i<sk_num(db->db->data); i++)
|
| + for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
| {
|
| - pp=(const char **)sk_value(db->db->data,i);
|
| + pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
|
| if (pp[DB_type][0] == DB_TYPE_REV)
|
| {
|
| if ((r=X509_REVOKED_new()) == NULL) goto err;
|
| @@ -1426,15 +1445,6 @@
|
|
|
| /* we now have a CRL */
|
| if (verbose) BIO_printf(bio_err,"signing CRL\n");
|
| -#ifndef OPENSSL_NO_DSA
|
| - if (pkey->type == EVP_PKEY_DSA)
|
| - dgst=EVP_dss1();
|
| - else
|
| -#endif
|
| -#ifndef OPENSSL_NO_ECDSA
|
| - if (pkey->type == EVP_PKEY_EC)
|
| - dgst=EVP_ecdsa();
|
| -#endif
|
|
|
| /* Add any extensions asked for */
|
|
|
| @@ -1467,6 +1477,12 @@
|
| if (crlnumberfile != NULL) /* we have a CRL number that need updating */
|
| if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
|
|
|
| + if (crlnumber)
|
| + {
|
| + BN_free(crlnumber);
|
| + crlnumber = NULL;
|
| + }
|
| +
|
| if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
|
|
|
| PEM_write_bio_X509_CRL(Sout,crl);
|
| @@ -1519,6 +1535,7 @@
|
| if (free_key && key)
|
| OPENSSL_free(key);
|
| BN_free(serial);
|
| + BN_free(crlnumber);
|
| free_index(db);
|
| EVP_PKEY_free(pkey);
|
| if (x509) X509_free(x509);
|
| @@ -1677,7 +1694,9 @@
|
| int ok= -1,i,j,last,nid;
|
| const char *p;
|
| CONF_VALUE *cv;
|
| - char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
|
| + OPENSSL_STRING row[DB_NUMBER];
|
| + OPENSSL_STRING *irow=NULL;
|
| + OPENSSL_STRING *rrow=NULL;
|
| char buf[25];
|
|
|
| tmptm=ASN1_UTCTIME_new();
|
| @@ -1919,7 +1938,9 @@
|
|
|
| if (db->attributes.unique_subject)
|
| {
|
| - rrow=TXT_DB_get_by_index(db->db,DB_name,row);
|
| + OPENSSL_STRING *crow=row;
|
| +
|
| + rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
|
| if (rrow != NULL)
|
| {
|
| BIO_printf(bio_err,
|
| @@ -1995,11 +2016,11 @@
|
|
|
| if (strcmp(startdate,"today") == 0)
|
| X509_gmtime_adj(X509_get_notBefore(ret),0);
|
| - else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
|
| + else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
|
|
|
| if (enddate == NULL)
|
| - X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
|
| - else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
|
| + X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
|
| + else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
|
|
|
| if (!X509_set_subject_name(ret,subject)) goto err;
|
|
|
| @@ -2119,26 +2140,12 @@
|
| }
|
| }
|
|
|
| -
|
| -#ifndef OPENSSL_NO_DSA
|
| - if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
|
| pktmp=X509_get_pubkey(ret);
|
| if (EVP_PKEY_missing_parameters(pktmp) &&
|
| !EVP_PKEY_missing_parameters(pkey))
|
| EVP_PKEY_copy_parameters(pktmp,pkey);
|
| EVP_PKEY_free(pktmp);
|
| -#endif
|
| -#ifndef OPENSSL_NO_ECDSA
|
| - if (pkey->type == EVP_PKEY_EC)
|
| - dgst = EVP_ecdsa();
|
| - pktmp = X509_get_pubkey(ret);
|
| - if (EVP_PKEY_missing_parameters(pktmp) &&
|
| - !EVP_PKEY_missing_parameters(pkey))
|
| - EVP_PKEY_copy_parameters(pktmp, pkey);
|
| - EVP_PKEY_free(pktmp);
|
| -#endif
|
|
|
| -
|
| if (!X509_sign(ret,pkey,dgst))
|
| goto err;
|
|
|
| @@ -2239,7 +2246,7 @@
|
| unsigned long nameopt, int default_op, int ext_copy)
|
| {
|
| STACK_OF(CONF_VALUE) *sk=NULL;
|
| - LHASH *parms=NULL;
|
| + LHASH_OF(CONF_VALUE) *parms=NULL;
|
| X509_REQ *req=NULL;
|
| CONF_VALUE *cv=NULL;
|
| NETSCAPE_SPKI *spki = NULL;
|
| @@ -2373,15 +2380,7 @@
|
|
|
| static int check_time_format(const char *str)
|
| {
|
| - ASN1_TIME tm;
|
| -
|
| - tm.data=(unsigned char *)str;
|
| - tm.length=strlen(str);
|
| - tm.type=V_ASN1_UTCTIME;
|
| - if (ASN1_TIME_check(&tm))
|
| - return 1;
|
| - tm.type=V_ASN1_GENERALIZEDTIME;
|
| - return ASN1_TIME_check(&tm);
|
| + return ASN1_TIME_set_string(NULL, str);
|
| }
|
|
|
| static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
|
| @@ -2396,6 +2395,8 @@
|
| row[i]=NULL;
|
| row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
|
| bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
|
| + if (!bn)
|
| + goto err;
|
| if (BN_is_zero(bn))
|
| row[DB_serial]=BUF_strdup("00");
|
| else
|
| @@ -2465,7 +2466,7 @@
|
| goto err;
|
|
|
| }
|
| - else if (index_name_cmp((const char **)row,(const char **)rrow))
|
| + else if (index_name_cmp_noconst(row, rrow))
|
| {
|
| BIO_printf(bio_err,"ERROR:name does not match %s\n",
|
| row[DB_name]);
|
| @@ -2614,9 +2615,9 @@
|
| else
|
| a_y2k = 0;
|
|
|
| - for (i = 0; i < sk_num(db->db->data); i++)
|
| + for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
|
| {
|
| - rrow = (char **) sk_value(db->db->data, i);
|
| + rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
|
|
| if (rrow[DB_type][0] == 'V')
|
| {
|
| @@ -2863,22 +2864,13 @@
|
| p=(char *)str->data;
|
| for (j=str->length; j>0; j--)
|
| {
|
| -#ifdef CHARSET_EBCDIC
|
| - if ((*p >= 0x20) && (*p <= 0x7e))
|
| - BIO_printf(bp,"%c",os_toebcdic[*p]);
|
| -#else
|
| if ((*p >= ' ') && (*p <= '~'))
|
| BIO_printf(bp,"%c",*p);
|
| -#endif
|
| else if (*p & 0x80)
|
| BIO_printf(bp,"\\0x%02X",*p);
|
| else if ((unsigned char)*p == 0xf7)
|
| BIO_printf(bp,"^?");
|
| -#ifdef CHARSET_EBCDIC
|
| - else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
|
| -#else
|
| else BIO_printf(bp,"^%c",*p+'@');
|
| -#endif
|
| p++;
|
| }
|
| BIO_printf(bp,"'\n");
|
|
|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/