X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fca.c;h=028dd98d31cf40bc5b1dd9e73f6bd70ac354c4d7;hb=08cb96bba2831a8fc3dbda697ab65d64bb05a371;hp=ad02e0072b98718f3d64ea3113707c021a0fe875;hpb=87e8feca95165a5f4d21a385cf5ff7a1f13c43c8;p=openssl.git diff --git a/apps/ca.c b/apps/ca.c index ad02e0072b..028dd98d31 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -64,7 +64,6 @@ #include #include #include -#include "apps.h" #include #include #include @@ -94,11 +93,13 @@ # else # include # endif -# elif !defined(OPENSSL_SYS_VXWORKS) +# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) # include # endif #endif +#include "apps.h" + #ifndef W_OK # define F_OK 0 # define X_OK 1 @@ -333,6 +334,7 @@ int MAIN(int argc, char **argv) MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; char *engine = NULL; + char *tofree=NULL; #ifdef EFENCE EF_PROTECT_FREE=1; @@ -560,25 +562,26 @@ bad: ERR_load_crypto_strings(); - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); /*****************************************************************/ + tofree=NULL; if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); if (configfile == NULL) { - /* We will just use 'buf[0]' as a temporary buffer. */ + const char *s=X509_get_default_cert_area(); + #ifdef OPENSSL_SYS_VMS - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-1-sizeof(CONFIG_FILE)); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)); + strcpy(tofree,s); #else - strncpy(buf[0],X509_get_default_cert_area(), - sizeof(buf[0])-2-sizeof(CONFIG_FILE)); - buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0'; - strcat(buf[0],"/"); + tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1); + strcpy(tofree,s); + strcat(tofree,"/"); #endif - strcat(buf[0],CONFIG_FILE); - configfile=buf[0]; + strcat(tofree,CONFIG_FILE); + configfile=tofree; } BIO_printf(bio_err,"Using configuration from %s\n",configfile); @@ -593,6 +596,11 @@ bad: ,errorline,configfile); goto err; } + if(tofree) + { + OPENSSL_free(tofree); + tofree = NULL; + } if (!load_config(bio_err, conf)) goto err; @@ -699,9 +707,9 @@ bad: goto err; } } - pkey = load_key(bio_err, keyfile, keyform, key, e, + pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key"); - if (key) memset(key,0,strlen(key)); + if (key) OPENSSL_cleanse(key,strlen(key)); if (pkey == NULL) { /* load_key() has already printed an appropriate message */ @@ -1016,7 +1024,7 @@ bad: } if (verbose) - BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile); + BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile); /* We can have sections in the ext file */ if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) @@ -1158,9 +1166,14 @@ bad: } if (verbose) { - if ((f=BN_bn2hex(serial)) == NULL) goto err; - BIO_printf(bio_err,"next serial number is %s\n",f); - OPENSSL_free(f); + if (BN_is_zero(serial)) + BIO_printf(bio_err,"next serial number is 00\n"); + else + { + if ((f=BN_bn2hex(serial)) == NULL) goto err; + BIO_printf(bio_err,"next serial number is %s\n",f); + OPENSSL_free(f); + } } if ((attribs=NCONF_get_section(conf,policy)) == NULL) @@ -1280,8 +1293,13 @@ bad: BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); - strncpy(buf[0],serialfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"file name too long\n"); + goto err; + } + + strcpy(buf[0],serialfile); #ifdef OPENSSL_SYS_VMS strcat(buf[0],"-new"); @@ -1291,8 +1309,7 @@ bad: if (!save_serial(buf[0],serial)) goto err; - strncpy(buf[1],dbfile,BSIZE-4); - buf[1][BSIZE-4]='\0'; + strcpy(buf[1],dbfile); #ifdef OPENSSL_SYS_VMS strcat(buf[1],"-new"); @@ -1322,8 +1339,13 @@ bad: j=x->cert_info->serialNumber->length; p=(char *)x->cert_info->serialNumber->data; - strncpy(buf[2],outdir,BSIZE-(j*2)-6); - buf[2][BSIZE-(j*2)-6]='\0'; + if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) + { + BIO_printf(bio_err,"certificate file name too long\n"); + goto err; + } + + strcpy(buf[2],outdir); #ifndef OPENSSL_SYS_VMS strcat(buf[2],"/"); @@ -1515,7 +1537,7 @@ bad: else #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) dgst=EVP_ecdsa(); else #endif @@ -1562,8 +1584,13 @@ bad: if (j <= 0) goto err; X509_free(revcert); - strncpy(buf[0],dbfile,BSIZE-4); - buf[0][BSIZE-4]='\0'; + if(strlen(dbfile) > BSIZE-5) + { + BIO_printf(bio_err,"filename too long\n"); + goto err; + } + + strcpy(buf[0],dbfile); #ifndef OPENSSL_SYS_VMS strcat(buf[0],".new"); #else @@ -1607,6 +1634,8 @@ bad: /*****************************************************************/ ret=0; err: + if(tofree) + OPENSSL_free(tofree); BIO_free_all(Cout); BIO_free_all(Sout); BIO_free_all(out); @@ -1616,7 +1645,7 @@ err: if (ret) ERR_print_errors(bio_err); app_RAND_write_file(randfile, bio_err); - if (free_key) + if (free_key && key) OPENSSL_free(key); BN_free(serial); TXT_DB_free(db); @@ -1626,7 +1655,7 @@ err: NCONF_free(conf); OBJ_cleanup(); apps_shutdown(); - EXIT(ret); + OPENSSL_EXIT(ret); } static void lookup_fail(char *name, char *tag) @@ -1691,7 +1720,7 @@ static BIGNUM *load_serial(char *serialfile) ret=ASN1_INTEGER_to_BN(ai,NULL); if (ret == NULL) { - BIO_printf(bio_err,"error converting number from bin to BIGNUM"); + BIO_printf(bio_err,"error converting number from bin to BIGNUM\n"); goto err; } err: @@ -2094,7 +2123,10 @@ again2: } } - row[DB_serial]=BN_bn2hex(serial); + if (BN_is_zero(serial)) + row[DB_serial]=BUF_strdup("00"); + else + row[DB_serial]=BN_bn2hex(serial); if (row[DB_serial] == NULL) { BIO_printf(bio_err,"Memory allocation failure\n"); @@ -2293,7 +2325,7 @@ again2: EVP_PKEY_free(pktmp); #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_ECDSA) + if (pkey->type == EVP_PKEY_EC) dgst = EVP_ecdsa(); pktmp = X509_get_pubkey(ret); if (EVP_PKEY_missing_parameters(pktmp) && @@ -2588,7 +2620,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value) row[i]=NULL; row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); - row[DB_serial]=BN_bn2hex(bn); + if (BN_is_zero(bn)) + row[DB_serial]=BUF_strdup("00"); + else + row[DB_serial]=BN_bn2hex(bn); BN_free(bn); if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { @@ -3044,68 +3079,72 @@ X509_NAME *do_subject(char *subject, long chtype) int nid; if (!buf || !ne_types || !ne_values) - { + { BIO_printf(bio_err, "malloc error\n"); goto error; - } + } if (*subject != '/') - { + { BIO_printf(bio_err, "Subject does not start with '/'.\n"); goto error; - } + } sp++; /* skip leading / */ while (*sp) - { + { /* collect type */ ne_types[ne_num] = bp; while (*sp) - { + { if (*sp == '\\') /* is there anything to escape in the type...? */ + { if (*++sp) *bp++ = *sp++; - else - { + else + { BIO_printf(bio_err, "escape character at end of string\n"); goto error; - } + } + } else if (*sp == '=') - { + { sp++; *bp++ = '\0'; break; - } + } else *bp++ = *sp++; - } + } if (!*sp) - { + { BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num); goto error; - } + } ne_values[ne_num] = bp; while (*sp) - { + { if (*sp == '\\') + { if (*++sp) *bp++ = *sp++; else - { + { BIO_printf(bio_err, "escape character at end of string\n"); goto error; + } } else if (*sp == '/') - { + { sp++; break; - } + } else *bp++ = *sp++; - } + } *bp++ = '\0'; ne_num++; - } + } if (!(n = X509_NAME_new())) goto error;