Reset the version number of the issuer certificate? I believe this

[oweals/openssl.git] / apps / ca.c

diff --git a/apps/ca.c b/apps/ca.c
index c413a0318f393be2c50920950a1bd51dfdfe59ba..7ed60c7a9ac159f04399fc0d4f732e8ed8401f15 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -196,7 +196,9 @@ static char *ca_usage[]={
 " -extensions ..  - Extension section (override value in config file)\n",
 " -extfile file   - Configuration file with X509v3 extentions to add\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
+#ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
+#endif
 " -status serial  - Shows certificate status given the serial number\n",
 " -updatedb       - Updates db for expired certificates\n",
 NULL
@@ -333,7 +335,9 @@ int MAIN(int argc, char **argv)
 #define BSIZE 256
        MS_STATIC char buf[3][BSIZE];
        char *randfile=NULL;
+#ifndef OPENSSL_NO_ENGINE
        char *engine = NULL;
+#endif
        char *tofree=NULL;
 
 #ifdef EFENCE
@@ -537,11 +541,13 @@ EF_ALIGNMENT=0;
                        rev_arg = *(++argv);
                        rev_type = REV_CA_COMPROMISE;
                        }
+#ifndef OPENSSL_NO_ENGINE
                else if (strcmp(*argv,"-engine") == 0)
                        {
                        if (--argc < 1) goto bad;
                        engine= *(++argv);
                        }
+#endif
                else
                        {
 bad:
@@ -562,7 +568,9 @@ bad:
 
        ERR_load_crypto_strings();
 
+#ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
+#endif
 
        /*****************************************************************/
        tofree=NULL;
@@ -597,7 +605,10 @@ bad:
                goto err;
                }
        if(tofree)
+               {
                OPENSSL_free(tofree);
+               tofree = NULL;
+               }
 
        if (!load_config(bio_err, conf))
                goto err;
@@ -1532,11 +1543,6 @@ bad:
                        if (pkey->type == EVP_PKEY_DSA) 
                                dgst=EVP_dss1();
                        else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                       if (pkey->type == EVP_PKEY_EC)
-                               dgst=EVP_ecdsa();
-                       else
 #endif
                                dgst=EVP_md5();
                        }
@@ -1601,6 +1607,10 @@ bad:
                                }
                        j=TXT_DB_write(out,db);
                        if (j <= 0) goto err;
+                       BIO_free_all(out);
+                       out = NULL;
+                       BIO_free_all(in);
+                       in = NULL;
                        strncpy(buf[1],dbfile,BSIZE-4);
                        buf[1][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
@@ -1608,10 +1618,6 @@ bad:
 #else
                        strcat(buf[1],"-old");
 #endif
-                       BIO_free(in);
-                       in = NULL;
-                       BIO_free(out);
-                       out = NULL;
                        if (rename(dbfile,buf[1]) < 0)
                                {
                                BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -1638,11 +1644,12 @@ err:
        BIO_free_all(out);
        BIO_free_all(in);
 
-       sk_X509_pop_free(cert_sk,X509_free);
+       if (cert_sk)
+               sk_X509_pop_free(cert_sk,X509_free);
 
        if (ret) ERR_print_errors(bio_err);
        app_RAND_write_file(randfile, bio_err);
-       if (free_key)
+       if (free_key && key)
                OPENSSL_free(key);
        BN_free(serial);
        TXT_DB_free(db);
@@ -2186,7 +2193,7 @@ again2:
 
 #ifdef X509_V3
        /* Make it an X509 v3 certificate. */
-       if (!X509_set_version(x509,2)) goto err;
+       if (!X509_set_version(ret,2)) goto err;
 #endif
 
        if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
@@ -2321,16 +2328,6 @@ again2:
                EVP_PKEY_copy_parameters(pktmp,pkey);
        EVP_PKEY_free(pktmp);
 #endif
-#ifndef OPENSSL_NO_ECDSA
-       if (pkey->type == EVP_PKEY_EC)
-               dgst = EVP_ecdsa();
-       pktmp = X509_get_pubkey(ret);
-       if (EVP_PKEY_missing_parameters(pktmp) &&
-               !EVP_PKEY_missing_parameters(pkey))
-               EVP_PKEY_copy_parameters(pktmp, pkey);
-       EVP_PKEY_free(pktmp);
-#endif
-
 
        if (!X509_sign(ret,pkey,dgst))
                goto err;
@@ -3076,16 +3073,16 @@ X509_NAME *do_subject(char *subject, long chtype)
        int nid;
 
        if (!buf || !ne_types || !ne_values)
-               {
+       {
                BIO_printf(bio_err, "malloc error\n");
                goto error;
-               }       
+       }
 
        if (*subject != '/')
-               {
+       {
                BIO_printf(bio_err, "Subject does not start with '/'.\n");
                goto error;
-               }
+       }
        sp++; /* skip leading / */
 
        while (*sp)
@@ -3098,12 +3095,12 @@ X509_NAME *do_subject(char *subject, long chtype)
                                {
                                if (*++sp)
                                        *bp++ = *sp++;
-                               else    
+                               else
                                        {
                                        BIO_printf(bio_err, "escape character at end of string\n");
                                        goto error;
                                        }
-                               }       
+                               }
                        else if (*sp == '=')
                                {
                                sp++;
@@ -3141,7 +3138,7 @@ X509_NAME *do_subject(char *subject, long chtype)
                        }
                *bp++ = '\0';
                ne_num++;
-               }       
+               }
 
        if (!(n = X509_NAME_new()))
                goto error;