diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-08 13:58:08 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-08 13:58:08 +0000 |
commit | a0ad17bb6cccef6eb7ff0b25403ec2bbc0bd122e (patch) | |
tree | 463e559c53a5e7f8dafaa4c3f1416ea8ce23f104 /apps | |
parent | ce1b4fe14648007bf054cf54846c0620e4605251 (diff) |
Fix to the -revoke option in ca. It was leaking memory, crashing and just
plain not working :-(
Also fix some memory leaks in the new X509_NAME code.
Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/app_rand.c | 2 | ||||
-rw-r--r-- | apps/ca.c | 54 | ||||
-rw-r--r-- | apps/req.c | 1 | ||||
-rw-r--r-- | apps/x509.c | 1 |
4 files changed, 29 insertions, 29 deletions
diff --git a/apps/app_rand.c b/apps/app_rand.c index 2543a64057..9e29e54954 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -109,10 +109,10 @@ * */ +#include "apps.h" #include <openssl/bio.h> #include <openssl/rand.h> -#include "apps.h" static int seeded = 0; @@ -1169,13 +1169,6 @@ bad: /*****************************************************************/ if (dorevoke) { - in=BIO_new(BIO_s_file()); - out=BIO_new(BIO_s_file()); - if ((in == NULL) || (out == NULL)) - { - ERR_print_errors(bio_err); - goto err; - } if (infile == NULL) { BIO_printf(bio_err,"no input files\n"); @@ -1183,19 +1176,22 @@ bad: } else { + X509 *revcert; if (BIO_read_filename(in,infile) <= 0) { perror(infile); BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile); goto err; } - x509=PEM_read_bio_X509(in,NULL,NULL,NULL); - if (x509 == NULL) + revcert=PEM_read_bio_X509(in,NULL,NULL,NULL); + if (revcert == NULL) { BIO_printf(bio_err,"unable to load '%s' certificate\n",infile); goto err; } - j=do_revoke(x509,db); + j=do_revoke(revcert,db); + if (j <= 0) goto err; + X509_free(revcert); strncpy(buf[0],dbfile,BSIZE-4); strcat(buf[0],".new"); @@ -1207,10 +1203,6 @@ bad: } j=TXT_DB_write(out,db); if (j <= 0) goto err; - BIO_free(in); - BIO_free(out); - in=NULL; - out=NULL; strncpy(buf[1],dbfile,BSIZE-4); strcat(buf[1],".old"); if (rename(dbfile,buf[1]) < 0) @@ -2143,20 +2135,26 @@ static int add_oid_section(LHASH *hconf) static int do_revoke(X509 *x509, TXT_DB *db) { - ASN1_UTCTIME *tm=NULL; + ASN1_UTCTIME *tm=NULL, *revtm=NULL; char *row[DB_NUMBER],**rrow,**irow; + BIGNUM *bn = NULL; int ok=-1,i; for (i=0; i<DB_NUMBER; i++) row[i]=NULL; - row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0); - row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL)); + row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); + bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); + row[DB_serial]=BN_bn2hex(bn); + BN_free(bn); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err,"Malloc failure\n"); goto err; } - rrow=TXT_DB_get_by_index(db,DB_name,row); + /* We have to lookup by serial number because name lookup + * skips revoked certs + */ + rrow=TXT_DB_get_by_index(db,DB_serial,row); if (rrow == NULL) { BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]); @@ -2207,16 +2205,15 @@ static int do_revoke(X509 *x509, TXT_DB *db) } /* Revoke Certificate */ - do_revoke(x509,db); + ok = do_revoke(x509,db); - ok=1; goto err; } - else if (index_serial_cmp(row,rrow)) + else if (index_name_cmp(row,rrow)) { - BIO_printf(bio_err,"ERROR:no same serial number %s\n", - row[DB_serial]); + BIO_printf(bio_err,"ERROR:name does not match %s\n", + row[DB_name]); goto err; } else if (rrow[DB_type][0]=='R') @@ -2228,12 +2225,14 @@ static int do_revoke(X509 *x509, TXT_DB *db) else { BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]); - tm=X509_gmtime_adj(tm,0); + revtm = ASN1_UTCTIME_new(); + revtm=X509_gmtime_adj(revtm,0); rrow[DB_type][0]='R'; rrow[DB_type][1]='\0'; - rrow[DB_rev_date]=(char *)Malloc(tm->length+1); - memcpy(rrow[DB_rev_date],tm->data,tm->length); - rrow[DB_rev_date][tm->length]='\0'; + rrow[DB_rev_date]=(char *)Malloc(revtm->length+1); + memcpy(rrow[DB_rev_date],revtm->data,revtm->length); + rrow[DB_rev_date][revtm->length]='\0'; + ASN1_UTCTIME_free(revtm); } ok=1; err: @@ -2242,7 +2241,6 @@ err: if (row[i] != NULL) Free(row[i]); } - ASN1_UTCTIME_free(tm); return(ok); } diff --git a/apps/req.c b/apps/req.c index a395c39f4b..cf91012cf4 100644 --- a/apps/req.c +++ b/apps/req.c @@ -845,6 +845,7 @@ end: X509_free(x509ss); X509V3_EXT_cleanup(); OBJ_cleanup(); + ASN1_STRING_TABLE_cleanup(); #ifndef NO_DSA if (dsa_params != NULL) DSA_free(dsa_params); #endif diff --git a/apps/x509.c b/apps/x509.c index a7f25f0b68..f56244c5c7 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -268,6 +268,7 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; CAfile= *(++argv); CA_flag= ++num; + need_rand = 1; } else if (strcmp(*argv,"-CAkey") == 0) { |