#undef PROG
#define PROG ca_main
-#define BASE_SECTION "ca"
-#define CONFIG_FILE "openssl.cnf"
+#define BASE_SECTION "ca"
+#define CONFIG_FILE "openssl.cnf"
#define ENV_DEFAULT_CA "default_ca"
-#define STRING_MASK "string_mask"
+#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
#define ENV_DEFAULT_DAYS "default_days"
#define ENV_DEFAULT_STARTDATE "default_startdate"
#define ENV_DEFAULT_ENDDATE "default_enddate"
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
char *tofree = NULL;
DB_ATTR db_attr;
#ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len);
+ if (!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
strcpy(tofree, s);
#else
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len);
+ if (!tofree) {
+ BIO_printf(bio_err, "Out of memory\n");
+ goto err;
+ }
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
#endif
if (!load_config(bio_err, conf))
goto err;
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
/* Lets get the config section we are using */
if (section == NULL) {
oid_bio = BIO_new_file(p, "r");
if (oid_bio == NULL) {
- /*-
- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
- ERR_print_errors(bio_err);
- */
+ /*-
+ BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+ ERR_print_errors(bio_err);
+ */
ERR_clear_error();
} else {
OBJ_create_objects(oid_bio);
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
+ release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
- if (ci->version == NULL)
- if ((ci->version = ASN1_INTEGER_new()) == NULL)
- goto err;
- ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/*
* Free the current entries if any, there should not be any I believe
goto err;
}
+ {
+ STACK_OF(X509_EXTENSION) *exts = ci->extensions;
+
+ if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(ret, 2))
+ goto err;
+ }
+
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))
goto err;
/* We now just add it to the database */
- row[DB_type] = (char *)OPENSSL_malloc(2);
-
tm = X509_get_notAfter(ret);
- row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
- memcpy(row[DB_exp_date], tm->data, tm->length);
- row[DB_exp_date][tm->length] = '\0';
-
- row[DB_rev_date] = NULL;
-
- /* row[DB_serial] done already */
- row[DB_file] = (char *)OPENSSL_malloc(8);
+ row[DB_type] = OPENSSL_malloc(2);
+ row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
+ row[DB_rev_date] = OPENSSL_malloc(1);
+ row[DB_file] = OPENSSL_malloc(8);
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
-
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+ (row[DB_rev_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
- BUF_strlcpy(row[DB_file], "unknown", 8);
+
+ memcpy(row[DB_exp_date], tm->data, tm->length);
+ row[DB_exp_date][tm->length] = '\0';
+ row[DB_rev_date][0] = '\0';
+ strcpy(row[DB_file], "unknown");
row[DB_type][0] = 'V';
row[DB_type][1] = '\0';
goto err;
}
- for (i = 0; i < DB_NUMBER; i++) {
+ for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
- row[i] = NULL;
- }
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
goto err;
}
+ irow = NULL;
ok = 1;
err:
- for (i = 0; i < DB_NUMBER; i++)
- if (row[i] != NULL)
+ if (irow != NULL) {
+ for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
+ OPENSSL_free(irow);
+ }
if (CAname != NULL)
X509_NAME_free(CAname);
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
- CONF_free(parms);
goto err;
}
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
+ EVP_PKEY_free(pktmp);
BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
goto err;
goto err;
}
- for (i = 0; i < DB_NUMBER; i++) {
+ for (i = 0; i < DB_NUMBER; i++)
irow[i] = row[i];
- row[i] = NULL;
- }
irow[DB_NUMBER] = NULL;
if (!TXT_DB_insert(db->db, irow)) {
BIO_printf(bio_err, "failed to update database\n");
BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+ OPENSSL_free(irow);
goto err;
}
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+
/* Revoke Certificate */
if (type == -1)
ok = 1;
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
+ if (a_tm == NULL)
+ return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
ASN1_GENERALIZEDTIME *comp_time = NULL;
tmp = BUF_strdup(str);
+ if (!tmp) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
+
p = strchr(tmp, ',');
rtime_str = tmp;
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
+ if (!*prevtm) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
goto err;
goto err;
}
comp_time = ASN1_GENERALIZEDTIME_new();
+ if (!comp_time) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
goto err;