X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fca.c;h=811413df4aa487465e771b92bff53c1327a6108b;hb=9fa15b6ff88dc33a705fed7fc044639143dd394e;hp=db4652069697354dbb167dc9ffb192b7ba16850a;hpb=9335a5f7c07cf16d3d167edee078b33c8dab725d;p=oweals%2Fopenssl.git

diff --git a/apps/ca.c b/apps/ca.c
index db46520696..811413df4a 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -64,7 +64,6 @@
 #include <ctype.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include "apps.h"
 #include <openssl/conf.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
@@ -94,11 +93,13 @@
 #    else
 #      include <unixlib.h>
 #    endif
-#  elif !defined(OPENSSL_SYS_VXWORKS)
+#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
 #    include <sys/file.h>
 #  endif
 #endif
 
+#include "apps.h"
+
 #ifndef W_OK
 #  define F_OK 0
 #  define X_OK 1
@@ -333,6 +334,7 @@ int MAIN(int argc, char **argv)
 	MS_STATIC char buf[3][BSIZE];
 	char *randfile=NULL;
 	char *engine = NULL;
+	char *tofree=NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -560,25 +562,26 @@ bad:
 
 	ERR_load_crypto_strings();
 
-        e = setup_engine(bio_err, engine, 0);
+	e = setup_engine(bio_err, engine, 0);
 
 	/*****************************************************************/
+	tofree=NULL;
 	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
 	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 	if (configfile == NULL)
 		{
-		/* We will just use 'buf[0]' as a temporary buffer.  */
+		const char *s=X509_get_default_cert_area();
+
 #ifdef OPENSSL_SYS_VMS
-		strncpy(buf[0],X509_get_default_cert_area(),
-			sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+		strcpy(tofree,s);
 #else
-		strncpy(buf[0],X509_get_default_cert_area(),
-			sizeof(buf[0])-2-sizeof(CONFIG_FILE));
-		buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0';
-		strcat(buf[0],"/");
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+		strcpy(tofree,s);
+		strcat(tofree,"/");
 #endif
-		strcat(buf[0],CONFIG_FILE);
-		configfile=buf[0];
+		strcat(tofree,CONFIG_FILE);
+		configfile=tofree;
 		}
 
 	BIO_printf(bio_err,"Using configuration from %s\n",configfile);
@@ -593,6 +596,8 @@ bad:
 				,errorline,configfile);
 		goto err;
 		}
+	if(tofree)
+		OPENSSL_free(tofree);
 
 	if (!load_config(bio_err, conf))
 		goto err;
@@ -699,9 +704,9 @@ bad:
 			goto err;
 			}
 		}
-	pkey = load_key(bio_err, keyfile, keyform, key, e, 
+	pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
 		"CA private key");
-	if (key) memset(key,0,strlen(key));
+	if (key) OPENSSL_cleanse(key,strlen(key));
 	if (pkey == NULL)
 		{
 		/* load_key() has already printed an appropriate message */
@@ -1158,9 +1163,14 @@ bad:
 			}
 		if (verbose)
 			{
-			if ((f=BN_bn2hex(serial)) == NULL) goto err;
-			BIO_printf(bio_err,"next serial number is %s\n",f);
-			OPENSSL_free(f);
+			if (BN_is_zero(serial))
+				BIO_printf(bio_err,"next serial number is 00\n");
+			else
+				{
+				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+				BIO_printf(bio_err,"next serial number is %s\n",f);
+				OPENSSL_free(f);
+				}
 			}
 
 		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
@@ -1280,8 +1290,13 @@ bad:
 
 			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
 
-			strncpy(buf[0],serialfile,BSIZE-4);
-			buf[0][BSIZE-4]='\0';
+			if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"file name too long\n");
+				goto err;
+				}
+
+			strcpy(buf[0],serialfile);
 
 #ifdef OPENSSL_SYS_VMS
 			strcat(buf[0],"-new");
@@ -1291,8 +1306,7 @@ bad:
 
 			if (!save_serial(buf[0],serial)) goto err;
 
-			strncpy(buf[1],dbfile,BSIZE-4);
-			buf[1][BSIZE-4]='\0';
+			strcpy(buf[1],dbfile);
 
 #ifdef OPENSSL_SYS_VMS
 			strcat(buf[1],"-new");
@@ -1322,8 +1336,13 @@ bad:
 			j=x->cert_info->serialNumber->length;
 			p=(char *)x->cert_info->serialNumber->data;
 			
-			strncpy(buf[2],outdir,BSIZE-(j*2)-6);
-			buf[2][BSIZE-(j*2)-6]='\0';
+			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
+				{
+				BIO_printf(bio_err,"certificate file name too long\n");
+				goto err;
+				}
+
+			strcpy(buf[2],outdir);
 
 #ifndef OPENSSL_SYS_VMS
 			strcat(buf[2],"/");
@@ -1454,13 +1473,13 @@ bad:
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
 			goto err;
 			}
 
 		if (verbose) BIO_printf(bio_err,"making CRL\n");
 		if ((crl=X509_CRL_new()) == NULL) goto err;
-		if (!X509_CRL_set_issuer_name(crl, X509_get_issuer_name(x509))) goto err;
+		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
 
 		tmptm = ASN1_TIME_new();
 		if (!tmptm) goto err;
@@ -1513,11 +1532,6 @@ bad:
 			if (pkey->type == EVP_PKEY_DSA) 
 				dgst=EVP_dss1();
 			else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_ECDSA)
-				dgst=EVP_ecdsa();
-			else
 #endif
 				dgst=EVP_md5();
 			}
@@ -1562,8 +1576,13 @@ bad:
 			if (j <= 0) goto err;
 			X509_free(revcert);
 
-			strncpy(buf[0],dbfile,BSIZE-4);
-			buf[0][BSIZE-4]='\0';
+			if(strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"filename too long\n");
+				goto err;
+				}
+
+			strcpy(buf[0],dbfile);
 #ifndef OPENSSL_SYS_VMS
 			strcat(buf[0],".new");
 #else
@@ -1577,6 +1596,10 @@ bad:
 				}
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
+			BIO_free_all(out);
+			out = NULL;
+			BIO_free_all(in);
+			in = NULL;
 			strncpy(buf[1],dbfile,BSIZE-4);
 			buf[1][BSIZE-4]='\0';
 #ifndef OPENSSL_SYS_VMS
@@ -1584,10 +1607,6 @@ bad:
 #else
 			strcat(buf[1],"-old");
 #endif
-			BIO_free(in);
-			in = NULL;
-			BIO_free(out);
-			out = NULL;
 			if (rename(dbfile,buf[1]) < 0)
 				{
 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
@@ -1607,6 +1626,8 @@ bad:
 	/*****************************************************************/
 	ret=0;
 err:
+	if(tofree)
+		OPENSSL_free(tofree);
 	BIO_free_all(Cout);
 	BIO_free_all(Sout);
 	BIO_free_all(out);
@@ -1691,7 +1712,7 @@ static BIGNUM *load_serial(char *serialfile)
 	ret=ASN1_INTEGER_to_BN(ai,NULL);
 	if (ret == NULL)
 		{
-		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
 		goto err;
 		}
 err:
@@ -2094,9 +2115,11 @@ again2:
 			}
 		}
 
-	row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0);
-	row[DB_serial]=BN_bn2hex(serial);
-	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+	if (BN_is_zero(serial))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(serial);
+	if (row[DB_serial] == NULL)
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
@@ -2293,16 +2316,6 @@ again2:
 		EVP_PKEY_copy_parameters(pktmp,pkey);
 	EVP_PKEY_free(pktmp);
 #endif
-#ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_ECDSA)
-		dgst = EVP_ecdsa();
-	pktmp = X509_get_pubkey(ret);
-	if (EVP_PKEY_missing_parameters(pktmp) &&
-		!EVP_PKEY_missing_parameters(pkey))
-		EVP_PKEY_copy_parameters(pktmp, pkey);
-	EVP_PKEY_free(pktmp);
-#endif
-
 
 	if (!X509_sign(ret,pkey,dgst))
 		goto err;
@@ -2319,10 +2332,10 @@ again2:
 
 	/* row[DB_serial] done already */
 	row[DB_file]=(char *)OPENSSL_malloc(8);
-	/* row[DB_name] done already */
+	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
 
 	if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-		(row[DB_file] == NULL))
+		(row[DB_file] == NULL) || (row[DB_name] == NULL))
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
@@ -2589,7 +2602,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
 		row[i]=NULL;
 	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
 	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
-	row[DB_serial]=BN_bn2hex(bn);
+	if (BN_is_zero(bn))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(bn);
 	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
@@ -3058,55 +3074,59 @@ X509_NAME *do_subject(char *subject, long chtype)
 	sp++; /* skip leading / */
 
 	while (*sp)
-	{
+		{
 		/* collect type */
 		ne_types[ne_num] = bp;
 		while (*sp)
-		{
+			{
 			if (*sp == '\\') /* is there anything to escape in the type...? */
+				{
 				if (*++sp)
 					*bp++ = *sp++;
 				else
-				{
+					{
 					BIO_printf(bio_err, "escape character at end of string\n");
 					goto error;
+					}
 				}
 			else if (*sp == '=')
-			{
+				{
 				sp++;
 				*bp++ = '\0';
 				break;
-			}
+				}
 			else
 				*bp++ = *sp++;
-		}
+			}
 		if (!*sp)
-		{
+			{
 			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
 			goto error;
-		}
+			}
 		ne_values[ne_num] = bp;
 		while (*sp)
-		{
+			{
 			if (*sp == '\\')
+				{
 				if (*++sp)
 					*bp++ = *sp++;
 				else
-				{
+					{
 					BIO_printf(bio_err, "escape character at end of string\n");
 					goto error;
+					}
 				}
 			else if (*sp == '/')
-			{
+				{
 				sp++;
 				break;
-			}
+				}
 			else
 				*bp++ = *sp++;
-		}
+			}
 		*bp++ = '\0';
 		ne_num++;
-	}
+		}
 
 	if (!(n = X509_NAME_new()))
 		goto error;