X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fx509.c;h=2a7188f121d412f2c36be4fa8e6f1ef880e367fe;hp=94d57bb3d23441964a1c3881f18d3239597c8379;hb=e778802f53c8d47e96a6e4cbc776eb6e1d4c461a;hpb=31b8d8684441e6cd5138832bb1b2ddb10acd6ba6 diff --git a/apps/x509.c b/apps/x509.c index 94d57bb3d2..2a7188f121 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -69,6 +69,7 @@ #include "bn.h" #include "evp.h" #include "x509.h" +#include "x509v3.h" #include "objects.h" #include "pem.h" @@ -110,7 +111,7 @@ static char *x509_usage[]={ " missing, it is asssumed to be in the CA file.\n", " -CAcreateserial - create serial number file if it does not exist\n", " -CAserial - serial file\n", -" -text - print the certitificate in text form\n", +" -text - print the certificate in text form\n", " -C - print out C code forms\n", " -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n", NULL @@ -120,9 +121,10 @@ NULL static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); static EVP_PKEY *load_key(char *file, int format); static X509 *load_cert(char *file, int format); -static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest); -static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x, - X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days); +static int sign (X509 *x, EVP_PKEY *pkey,int days,const EVP_MD *digest); +static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, + X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial, + int create,int days); #else static int MS_CALLBACK callb(); static EVP_PKEY *load_key(); @@ -156,7 +158,7 @@ char **argv; X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; - EVP_MD *md_alg,*digest=EVP_md5(); + const EVP_MD *md_alg,*digest=EVP_md5(); reqfile=0; @@ -305,6 +307,7 @@ bad: } ERR_load_crypto_strings(); + X509V3_add_standard_extensions(); if (!X509_STORE_set_default_paths(ctx)) { @@ -368,6 +371,7 @@ bad: goto end; } i=X509_REQ_verify(req,pkey); + EVP_PKEY_free(pkey); if (i < 0) { BIO_printf(bio_err,"Signature verification error\n"); @@ -400,7 +404,9 @@ bad: ci->key=req->req_info->pubkey; req->req_info->pubkey=NULL; #else - X509_set_pubkey(x,X509_REQ_get_pubkey(req)); + pkey = X509_REQ_get_pubkey(req); + X509_set_pubkey(x,pkey); + EVP_PKEY_free(pkey); #endif } else @@ -463,7 +469,6 @@ bad: BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } else -#ifndef NO_RSA if (modulus == i) { EVP_PKEY *pkey; @@ -476,14 +481,21 @@ bad: goto end; } BIO_printf(STDout,"Modulus="); +#ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) BN_print(STDout,pkey->pkey.rsa->n); else +#endif +#ifndef NO_DSA + if (pkey->type == EVP_PKEY_DSA) + BN_print(STDout,pkey->pkey.dsa->pub_key); + else +#endif BIO_printf(STDout,"Wrong Algorithm type"); BIO_printf(STDout,"\n"); + EVP_PKEY_free(pkey); } else -#endif if (C == i) { unsigned char *d; @@ -545,13 +557,13 @@ bad: else if (startdate == i) { BIO_puts(STDout,"notBefore="); - ASN1_UTCTIME_print(STDout,X509_get_notBefore(x)); + ASN1_TIME_print(STDout,X509_get_notBefore(x)); BIO_puts(STDout,"\n"); } else if (enddate == i) { BIO_puts(STDout,"notAfter="); - ASN1_UTCTIME_print(STDout,X509_get_notAfter(x)); + ASN1_TIME_print(STDout,X509_get_notAfter(x)); BIO_puts(STDout,"\n"); } else if (fingerprint == i) @@ -688,13 +700,14 @@ end: if (Upkey != NULL) EVP_PKEY_free(Upkey); if (CApkey != NULL) EVP_PKEY_free(CApkey); if (rq != NULL) X509_REQ_free(rq); + X509V3_EXT_cleanup(); EXIT(ret); } static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days) X509_STORE *ctx; char *CAfile; -EVP_MD *digest; +const EVP_MD *digest; X509 *x; X509 *xca; EVP_PKEY *pkey; @@ -711,7 +724,9 @@ int days; X509_STORE_CTX xsc; EVP_PKEY *upkey; - EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey); + upkey = X509_get_pubkey(xca); + EVP_PKEY_copy_parameters(upkey,pkey); + EVP_PKEY_free(upkey); X509_STORE_CTX_init(&xsc,ctx,x,NULL); buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+ @@ -829,6 +844,7 @@ int days; /* Force a re-write */ X509_set_pubkey(x,upkey); } + EVP_PKEY_free(upkey); if (!X509_sign(x,pkey,digest)) goto end; ret=1; @@ -1026,11 +1042,15 @@ static int sign(x, pkey, days, digest) X509 *x; EVP_PKEY *pkey; int days; -EVP_MD *digest; +const EVP_MD *digest; { - EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey); - EVP_PKEY_save_parameters(X509_get_pubkey(x),1); + EVP_PKEY *pktmp; + + pktmp = X509_get_pubkey(x); + EVP_PKEY_copy_parameters(pktmp,pkey); + EVP_PKEY_save_parameters(pktmp,1); + EVP_PKEY_free(pktmp); if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err; if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;