1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* apps/ca.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */ 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdlib.h> 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <string.h> 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <ctype.h> 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <sys/types.h> 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/conf.h> 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bio.h> 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/err.h> 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/txt_db.h> 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509.h> 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509v3.h> 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ocsp.h> 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/pem.h> 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef W_OK 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# ifdef OPENSSL_SYS_VMS 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# if defined(__DECC) 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# include <unistd.h> 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# else 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# include <unixlib.h> 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# endif 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# include <sys/file.h> 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# endif 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "apps.h" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef W_OK 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# define F_OK 0 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# define X_OK 1 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# define W_OK 2 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project# define R_OK 4 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef PROG 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define PROG ca_main 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define BASE_SECTION "ca" 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define CONFIG_FILE "openssl.cnf" 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_CA "default_ca" 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define STRING_MASK "string_mask" 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define UTF8_IN "utf8" 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DIR "dir" 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CERTS "certs" 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CRL_DIR "crl_dir" 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CA_DB "CA_DB" 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_NEW_CERTS_DIR "new_certs_dir" 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CERTIFICATE "certificate" 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_SERIAL "serial" 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CRLNUMBER "crlnumber" 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CRL "crl" 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_PRIVATE_KEY "private_key" 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_RANDFILE "RANDFILE" 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_DAYS "default_days" 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_STARTDATE "default_startdate" 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_ENDDATE "default_enddate" 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_CRL_DAYS "default_crl_days" 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_CRL_HOURS "default_crl_hours" 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_MD "default_md" 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DEFAULT_EMAIL_DN "email_in_dn" 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_PRESERVE "preserve" 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_POLICY "policy" 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_EXTENSIONS "x509_extensions" 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CRLEXT "crl_extensions" 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_MSIE_HACK "msie_hack" 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_NAMEOPT "name_opt" 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_CERTOPT "cert_opt" 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_EXTCOPY "copy_extensions" 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_UNIQUE_SUBJECT "unique_subject" 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define ENV_DATABASE "database" 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Additional revocation information types */ 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define REV_NONE 0 /* No addditional information */ 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define REV_CRL_REASON 1 /* Value is CRL reason code */ 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define REV_HOLD 2 /* Value is hold instruction */ 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */ 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */ 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic const char *ca_usage[]={ 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project"usage: ca args\n", 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project"\n", 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -verbose - Talk alot while doing things\n", 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -config file - A config file\n", 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -name arg - The particular CA definition to use\n", 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -gencrl - Generate a new CRL\n", 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -crldays days - Days is when the next CRL is due\n", 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -crlhours hours - Hours is when the next CRL is due\n", 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n", 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n", 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -days arg - number of days to certify the certificate for\n", 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -md arg - md to use, one of md2, md5, sha or sha1\n", 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -policy arg - The CA 'policy' to support\n", 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -keyfile arg - private key file\n", 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -keyform arg - private key file format (PEM or ENGINE)\n", 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -key arg - key to decode the private key if it is encrypted\n", 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -cert file - The CA certificate\n", 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -selfsign - sign a certificate with the key associated with it\n", 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -in file - The input PEM encoded certificate request(s)\n", 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -out file - Where to put the output file(s)\n", 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -outdir dir - Where to put output certificates\n", 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -infiles .... - The last argument, requests to process\n", 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -spkac file - File contains DN and signed public key and challenge\n", 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -ss_cert file - File contains a self signed cert to sign\n", 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -preserveDN - Don't re-order the DN\n", 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -noemailDN - Don't add the EMAIL field into certificate' subject\n", 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -batch - Don't ask questions\n", 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -msie_hack - msie modifications to handle all those universal strings\n", 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -revoke file - Revoke a certificate (given in file)\n", 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -subj arg - Use arg instead of request's subject\n", 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -utf8 - input characters are UTF8 (default ASCII)\n", 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -multivalue-rdn - enable support for multivalued RDNs\n", 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -extensions .. - Extension section (override value in config file)\n", 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -extfile file - Configuration file with X509v3 extentions to add\n", 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -crlexts .. - CRL extension section (override value in config file)\n", 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -engine e - use engine e, possibly a hardware device.\n", 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -status serial - Shows certificate status given the serial number\n", 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project" -updatedb - Updates db for expired certificates\n", 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectNULL 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project}; 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef EFENCE 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectextern int EF_PROTECT_FREE; 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectextern int EF_PROTECT_BELOW; 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectextern int EF_ALIGNMENT; 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void lookup_fail(const char *name, const char *tag); 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 200392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, 201392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(CONF_VALUE) *policy,CA_DB *db, 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *enddate, long days, int batch, char *ext_sect, CONF *conf, 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int verbose, unsigned long certopt, unsigned long nameopt, 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int default_op, int ext_copy, int selfsign); 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 207392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, 208392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(CONF_VALUE) *policy, 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *startdate, char *enddate, long days, int batch, 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *ext_sect, CONF *conf,int verbose, unsigned long certopt, 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long nameopt, int default_op, int ext_copy, 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENGINE *e); 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, 215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, 216392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(CONF_VALUE) *policy, 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *startdate, char *enddate, long days, char *ext_sect, 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CONF *conf, int verbose, unsigned long certopt, 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long nameopt, int default_op, int ext_copy); 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 223392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(OPENSSL_STRING) *sigopts, 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int email_dn, char *startdate, char *enddate, long days, int batch, 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int verbose, X509_REQ *req, char *ext_sect, CONF *conf, 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long certopt, unsigned long nameopt, int default_op, 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ext_copy, int selfsign); 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval); 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int get_certificate_status(const char *ser_status, CA_DB *db); 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_updatedb(CA_DB *db); 23298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromstatic int check_time_format(const char *str); 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectchar *make_revocation_str(int rev_type, char *rev_arg); 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint make_revoked(X509_REVOKED *rev, const char *str); 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str); 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic CONF *conf=NULL; 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic CONF *extconf=NULL; 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char *section=NULL; 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int preserve=0; 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int msie_hack=0; 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int, char **); 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int argc, char **argv) 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENGINE *e = NULL; 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *key=NULL,*passargin=NULL; 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int create_ser = 0; 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int free_key = 0; 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int total=0; 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int total_done=0; 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int badops=0; 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=1; 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int email_dn=1; 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req=0; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int verbose=0; 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int gencrl=0; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int dorevoke=0; 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int doupdatedb=0; 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long crldays=0; 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long crlhours=0; 264221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom long crlsec=0; 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long errorline= -1; 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *configfile=NULL; 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *md=NULL; 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *policy=NULL; 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *keyfile=NULL; 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *certfile=NULL; 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int keyform=FORMAT_PEM; 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *infile=NULL; 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *spkac_file=NULL; 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *ss_cert_file=NULL; 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *ser_status=NULL; 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pkey=NULL; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int output_der = 0; 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *outfile=NULL; 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *outdir=NULL; 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *serialfile=NULL; 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *crlnumberfile=NULL; 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *extensions=NULL; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *extfile=NULL; 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *subj=NULL; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long chtype = MBSTRING_ASC; 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int multirdn = 0; 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *tmp_email_dn=NULL; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *crl_ext=NULL; 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int rev_type = REV_NONE; 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *rev_arg = NULL; 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *serial=NULL; 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *crlnumber=NULL; 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *startdate=NULL; 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *enddate=NULL; 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long days=0; 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int batch=0; 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int notext=0; 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long nameopt = 0, certopt = 0; 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int default_op = 1; 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ext_copy = EXT_COPY_NONE; 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int selfsign = 0; 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x509=NULL, *x509p = NULL; 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x=NULL; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL; 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *dbfile=NULL; 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CA_DB *db=NULL; 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CRL *crl=NULL; 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REVOKED *r=NULL; 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME *tmptm; 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER *tmpser; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *f; 312221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const char *p; 313221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom char * const *pp; 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,j; 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const EVP_MD *dgst=NULL; 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(CONF_VALUE) *attribs=NULL; 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509) *cert_sk=NULL; 318392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(OPENSSL_STRING) *sigopts = NULL; 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef BSIZE 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define BSIZE 256 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project MS_STATIC char buf[3][BSIZE]; 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *randfile=NULL; 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *engine = NULL; 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *tofree=NULL; 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DB_ATTR db_attr; 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef EFENCE 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectEF_PROTECT_FREE=1; 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectEF_PROTECT_BELOW=1; 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectEF_ALIGNMENT=0; 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project apps_startup(); 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project conf = NULL; 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project key = NULL; 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section = NULL; 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project preserve=0; 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project msie_hack=0; 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio_err == NULL) 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((bio_err=BIO_new(BIO_s_file())) != NULL) 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argc--; 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argv++; 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (argc >= 1) 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strcmp(*argv,"-verbose") == 0) 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verbose=1; 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-config") == 0) 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project configfile= *(++argv); 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-name") == 0) 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section= *(++argv); 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-subj") == 0) 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project subj= *(++argv); 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* preserve=1; */ 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-utf8") == 0) 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project chtype = MBSTRING_UTF8; 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-create_serial") == 0) 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project create_ser = 1; 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-multivalue-rdn") == 0) 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project multirdn=1; 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-startdate") == 0) 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project startdate= *(++argv); 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-enddate") == 0) 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project enddate= *(++argv); 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-days") == 0) 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project days=atoi(*(++argv)); 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-md") == 0) 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project md= *(++argv); 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-policy") == 0) 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project policy= *(++argv); 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-keyfile") == 0) 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project keyfile= *(++argv); 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-keyform") == 0) 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project keyform=str2fmt(*(++argv)); 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-passin") == 0) 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project passargin= *(++argv); 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-key") == 0) 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project key= *(++argv); 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-cert") == 0) 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project certfile= *(++argv); 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-selfsign") == 0) 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project selfsign=1; 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-in") == 0) 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project infile= *(++argv); 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req=1; 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-out") == 0) 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project outfile= *(++argv); 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-outdir") == 0) 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project outdir= *(++argv); 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 443392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-sigopt") == 0) 444392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 445392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (--argc < 1) 446392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto bad; 447392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!sigopts) 448392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sigopts = sk_OPENSSL_STRING_new_null(); 449392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) 450392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto bad; 451392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-notext") == 0) 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project notext=1; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-batch") == 0) 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project batch=1; 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-preserveDN") == 0) 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project preserve=1; 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-noemailDN") == 0) 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project email_dn=0; 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-gencrl") == 0) 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project gencrl=1; 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-msie_hack") == 0) 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project msie_hack=1; 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crldays") == 0) 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crldays= atol(*(++argv)); 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crlhours") == 0) 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crlhours= atol(*(++argv)); 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 474221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (strcmp(*argv,"-crlsec") == 0) 475221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 476221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (--argc < 1) goto bad; 477221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom crlsec = atol(*(++argv)); 478221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-infiles") == 0) 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argc--; 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argv++; 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req=1; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv, "-ss_cert") == 0) 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ss_cert_file = *(++argv); 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req=1; 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv, "-spkac") == 0) 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project spkac_file = *(++argv); 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req=1; 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-revoke") == 0) 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project infile= *(++argv); 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dorevoke=1; 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-extensions") == 0) 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extensions= *(++argv); 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-extfile") == 0) 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extfile= *(++argv); 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-status") == 0) 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ser_status= *(++argv); 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-updatedb") == 0) 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project doupdatedb=1; 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crlexts") == 0) 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crl_ext= *(++argv); 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crl_reason") == 0) 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_arg = *(++argv); 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_type = REV_CRL_REASON; 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crl_hold") == 0) 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_arg = *(++argv); 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_type = REV_HOLD; 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crl_compromise") == 0) 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_arg = *(++argv); 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_type = REV_KEY_COMPROMISE; 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crl_CA_compromise") == 0) 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_arg = *(++argv); 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_type = REV_CA_COMPROMISE; 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-engine") == 0) 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project engine= *(++argv); 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectbad: 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"unknown option %s\n",*argv); 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badops=1; 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argc--; 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argv++; 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (badops) 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 572221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const char **pp2; 573221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 574221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (pp2=ca_usage; (*pp2 != NULL); pp2++) 575221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"%s",*pp2); 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_load_crypto_strings(); 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tofree=NULL; 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (configfile == NULL) 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *s=X509_get_default_cert_area(); 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t len; 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_SYS_VMS 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = strlen(s)+sizeof(CONFIG_FILE); 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tofree=OPENSSL_malloc(len); 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strcpy(tofree,s); 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project len = strlen(s)+sizeof(CONFIG_FILE)+1; 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tofree=OPENSSL_malloc(len); 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcpy(tofree,s,len); 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcat(tofree,"/",len); 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcat(tofree,CONFIG_FILE,len); 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project configfile=tofree; 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Using configuration from %s\n",configfile); 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project conf = NCONF_new(NULL); 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (NCONF_load(conf,configfile,&errorline) <= 0) 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (errorline <= 0) 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error loading the config file '%s'\n", 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project configfile); 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error on line %ld of config file '%s'\n" 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ,errorline,configfile); 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(tofree) 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(tofree); 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tofree = NULL; 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!load_config(bio_err, conf)) 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project e = setup_engine(bio_err, engine, 0); 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Lets get the config section we are using */ 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (section == NULL) 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA); 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (section == NULL) 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(BASE_SECTION,ENV_DEFAULT_CA); 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (conf != NULL) 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=NCONF_get_string(conf,NULL,"oid_file"); 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p == NULL) 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p != NULL) 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *oid_bio; 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project oid_bio=BIO_new_file(p,"r"); 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (oid_bio == NULL) 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OBJ_create_objects(oid_bio); 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(oid_bio); 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!add_oid_section(bio_err,conf)) 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (randfile == NULL) 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project app_RAND_load_file(randfile, bio_err, 0); 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f = NCONF_get_string(conf, section, STRING_MASK); 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!f) 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(f && !ASN1_STRING_set_default_mask_asc(f)) { 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (chtype != MBSTRING_UTF8){ 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f = NCONF_get_string(conf, section, UTF8_IN); 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!f) 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(f, "yes")) 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project chtype = MBSTRING_UTF8; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db_attr.unique_subject = 1; 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p) 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef RL_DEBUG 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p); 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db_attr.unique_subject = parse_yesno(p,1); 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef RL_DEBUG 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!p) 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p); 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef RL_DEBUG 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n", 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db_attr.unique_subject); 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project in=BIO_new(BIO_s_file()); 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project out=BIO_new(BIO_s_file()); 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Sout=BIO_new(BIO_s_file()); 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Cout=BIO_new(BIO_s_file()); 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* report status of cert with serial number given on command line */ 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ser_status) 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(section,ENV_DATABASE); 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db = load_index(dbfile,&db_attr); 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (db == NULL) goto err; 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!index_index(db)) goto err; 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (get_certificate_status(ser_status,db) != 1) 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Error verifying serial %s!\n", 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ser_status); 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we definitely need a private key, so let's get it */ 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf, 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section,ENV_PRIVATE_KEY)) == NULL)) 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(section,ENV_PRIVATE_KEY); 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!key) 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project free_key = 1; 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!app_passwd(bio_err, passargin, NULL, &key, NULL)) 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Error getting password\n"); 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "CA private key"); 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (key) OPENSSL_cleanse(key,strlen(key)); 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pkey == NULL) 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* load_key() has already printed an appropriate message */ 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we need a certificate */ 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!selfsign || spkac_file || ss_cert_file || gencrl) 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((certfile == NULL) 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && ((certfile=NCONF_get_string(conf, 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section,ENV_CERTIFICATE)) == NULL)) 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(section,ENV_CERTIFICATE); 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e, 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "CA certificate"); 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x509 == NULL) 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_check_private_key(x509,pkey)) 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"CA certificate and CA private key do not match\n"); 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!selfsign) x509p = x509; 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE); 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (f == NULL) 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project preserve=1; 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK); 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (f == NULL) 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project msie_hack=1; 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f=NCONF_get_string(conf,section,ENV_NAMEOPT); 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (f) 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!set_name_ex(&nameopt, f)) 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default_op = 0; 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f=NCONF_get_string(conf,section,ENV_CERTOPT); 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (f) 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!set_cert_ex(&certopt, f)) 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f); 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default_op = 0; 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f=NCONF_get_string(conf,section,ENV_EXTCOPY); 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (f) 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!set_ext_copy(&ext_copy, f)) 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f); 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* lookup where to write new certificates */ 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((outdir == NULL) && (req)) 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR)) 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project == NULL) 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n"); 855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_SYS_VMS 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* outdir is a directory spec, but access() for VMS demands a 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project filename. In any case, stat(), below, will catch the problem 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if outdir is not a directory spec, and the fopen() or open() 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project will catch an error if there is no write access. 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Presumably, this problem could also be solved by using the DEC 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project C routines to convert the directory syntax to Unixly, and give 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project that to access(). However, time's too short to do that just 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project now. 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 868221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef _WIN32 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (access(outdir,R_OK|W_OK|X_OK) != 0) 870221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#else 871221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (_access(outdir,R_OK|W_OK|X_OK) != 0) 872221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir); 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project perror(outdir); 876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 879221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (app_isdir(outdir)<=0) 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s need to be a directory\n",outdir); 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project perror(outdir); 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we need to load the database file */ 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(section,ENV_DATABASE); 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db = load_index(dbfile, &db_attr); 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (db == NULL) goto err; 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Lets check some fields */ 899221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) 900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 901221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom pp=sk_OPENSSL_PSTRING_value(db->db->data,i); 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((pp[DB_type][0] != DB_TYPE_REV) && 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (pp[DB_rev_date][0] != '\0')) 904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1); 906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((pp[DB_type][0] == DB_TYPE_REV) && 909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !make_revoked(NULL, pp[DB_rev_date])) 910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," in entry %d\n", i+1); 912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 914221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!check_time_format((char *)pp[DB_exp_date])) 915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1); 917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=pp[DB_serial]; 920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=strlen(p); 921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*p == '-') 922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p++; 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j--; 925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((j&1) || (j < 2)) 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j); 929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (*p) 932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!( ((*p >= '0') && (*p <= '9')) || 934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((*p >= 'A') && (*p <= 'F')) || 935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((*p >= 'a') && (*p <= 'f'))) ) 936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p); 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p++; 941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */ 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_SYS_VMS 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project out = BIO_push(tmpbio, out); 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TXT_DB_write(out,db->db); 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%d entries loaded from the database\n", 954221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sk_OPENSSL_PSTRING_num(db->db->data)); 955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"generating index\n"); 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!index_index(db)) goto err; 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Update the db file for expired certificates */ 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (doupdatedb) 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Updating %s ...\n", 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dbfile); 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = do_updatedb(db); 969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == -1) 970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Malloc failure\n"); 972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (i == 0) 975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) BIO_printf(bio_err, 977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "No entries found to mark expired\n"); 978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!save_index(dbfile,"new",db)) goto err; 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rotate_index(dbfile,"new","old")) goto err; 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) BIO_printf(bio_err, 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Done. %d entries marked as expired\n",i); 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Read extentions config file */ 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extfile) 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extconf = NCONF_new(NULL); 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (NCONF_load(extconf,extfile,&errorline) <= 0) 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (errorline <= 0) 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extfile); 1000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n", 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project errorline,extfile); 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile); 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We can have sections in the ext file */ 1011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions"))) 1012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extensions = "default"; 1013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 1016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req || gencrl) 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (outfile != NULL) 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_write_filename(Sout,outfile) <= 0) 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project perror(outfile); 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT); 1029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_SYS_VMS 1030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 1032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Sout = BIO_push(tmpbio, Sout); 1033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((md == NULL) && ((md=NCONF_get_string(conf, 1039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section,ENV_DEFAULT_MD)) == NULL)) 1040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(section,ENV_DEFAULT_MD); 1042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1045221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!strcmp(md, "default")) 1046221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1047221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int def_nid; 1048221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) 1049221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1050221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_puts(bio_err,"no default digest\n"); 1051221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1052221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1053221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom md = (char *)OBJ_nid2sn(def_nid); 1054221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1055221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dgst=EVP_get_digestbyname(md)) == NULL) 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); 1059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req) 1063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf, 1065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section,ENV_DEFAULT_EMAIL_DN)) != NULL )) 1066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(strcmp(tmp_email_dn,"no") == 0) 1068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project email_dn=0; 1069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"message digest is %s\n", 1072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OBJ_nid2ln(dgst->type)); 1073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((policy == NULL) && ((policy=NCONF_get_string(conf, 1074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project section,ENV_POLICY)) == NULL)) 1075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(section,ENV_POLICY); 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"policy is %s\n",policy); 1081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL)) 1083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project == NULL) 1084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lookup_fail(section,ENV_SERIAL); 1086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!extconf) 1090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* no '-extfile' option, so we look for extensions 1092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in the main configuration file */ 1093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!extensions) 1094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extensions=NCONF_get_string(conf,section, 1096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENV_EXTENSIONS); 1097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!extensions) 1098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 1099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extensions) 1101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check syntax of file */ 1103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_CTX ctx; 1104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_ctx_test(&ctx); 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_nconf(&ctx, conf); 1106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, 1107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL)) 1108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Error Loading extension section %s\n", 1111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extensions); 1112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 1113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (startdate == NULL) 1119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project startdate=NCONF_get_string(conf,section, 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENV_DEFAULT_STARTDATE); 1122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (startdate == NULL) 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1125221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (startdate && !ASN1_TIME_set_string(NULL, startdate)) 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (startdate == NULL) startdate="today"; 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (enddate == NULL) 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project enddate=NCONF_get_string(conf,section, 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENV_DEFAULT_ENDDATE); 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (enddate == NULL) 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (enddate && !ASN1_TIME_set_string(NULL, enddate)) 1140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); 1142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (days == 0) 1146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days)) 1148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project days = 0; 1149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!enddate && (days == 0)) 1151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"cannot lookup how many days to certify for\n"); 1153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL) 1157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error while loading serial number\n"); 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(serial)) 1164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"next serial number is 00\n"); 1165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((f=BN_bn2hex(serial)) == NULL) goto err; 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"next serial number is %s\n",f); 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(f); 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((attribs=NCONF_get_section(conf,policy)) == NULL) 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"unable to find 'section' for %s\n",policy); 1176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((cert_sk=sk_X509_new_null()) == NULL) 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (spkac_file != NULL) 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total++; 1187392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom j=certify_spkac(&x,spkac_file,pkey,x509,dgst,sigopts, 1188392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom attribs,db, serial,subj,chtype,multirdn, 1189392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom email_dn,startdate,enddate,days,extensions, 1190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project conf,verbose,certopt,nameopt,default_op,ext_copy); 1191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j < 0) goto err; 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j > 0) 1193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total_done++; 1195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 1196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add_word(serial,1)) goto err; 1197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_X509_push(cert_sk,x)) 1198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (outfile) 1203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project output_der = 1; 1205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project batch = 1; 1206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ss_cert_file != NULL) 1210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total++; 1212392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,sigopts, 1213392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom attribs, 1214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, 1215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extensions,conf,verbose, certopt, nameopt, 1216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default_op, ext_copy, e); 1217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j < 0) goto err; 1218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j > 0) 1219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total_done++; 1221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 1222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add_word(serial,1)) goto err; 1223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_X509_push(cert_sk,x)) 1224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (infile != NULL) 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total++; 1233392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom j=certify(&x,infile,pkey,x509p,dgst,sigopts, attribs,db, 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extensions,conf,verbose, certopt, nameopt, 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default_op, ext_copy, selfsign); 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j < 0) goto err; 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j > 0) 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total_done++; 1241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 1242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add_word(serial,1)) goto err; 1243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_X509_push(cert_sk,x)) 1244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<argc; i++) 1251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total++; 1253392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom j=certify(&x,argv[i],pkey,x509p,dgst,sigopts,attribs,db, 1254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, 1255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extensions,conf,verbose, certopt, nameopt, 1256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default_op, ext_copy, selfsign); 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j < 0) goto err; 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j > 0) 1259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total_done++; 1261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 1262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add_word(serial,1)) goto err; 1263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_X509_push(cert_sk,x)) 1264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we have a stack of newly certified certificates 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and a data base and serial number that need 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * updating */ 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_X509_num(cert_sk) > 0) 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!batch) 1277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total); 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio_err); 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[0][0]='\0'; 128198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!fgets(buf[0],10,stdin)) 128298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 128398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n"); 128498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ret=0; 128598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto err; 128698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=0; 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk)); 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!save_serial(serialfile,"new",serial,NULL)) goto err; 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!save_index(dbfile, "new", db)) goto err; 1300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"writing new certificates\n"); 1304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<sk_X509_num(cert_sk); i++) 1305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int k; 1307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *n; 1308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x=sk_X509_value(cert_sk,i); 1310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=x->cert_info->serialNumber->length; 1312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=(const char *)x->cert_info->serialNumber->data; 1313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8)) 1315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"certificate file name too long\n"); 1317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strcpy(buf[2],outdir); 1321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_SYS_VMS 1323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcat(buf[2],"/",sizeof(buf[2])); 1324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=(char *)&(buf[2][strlen(buf[2])]); 1327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j > 0) 1328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (k=0; k<j; k++) 1330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n >= &(buf[2][sizeof(buf[2])])) 1332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_snprintf(n, 1334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &buf[2][0] + sizeof(buf[2]) - n, 1335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "%02X",(unsigned char)*(p++)); 1336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n+=2; 1337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(n++)='0'; 1342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(n++)='0'; 1343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m'; 1345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *n='\0'; 1346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"writing %s\n",buf[2]); 1348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_write_filename(Cout,buf[2]) <= 0) 1350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project perror(buf[2]); 1352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project write_new_certificate(Cout,x, 0, notext); 1355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project write_new_certificate(Sout,x, output_der, notext); 1356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_X509_num(cert_sk)) 1359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Rename the database and the serial file */ 1361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rotate_serial(serialfile,"new","old")) goto err; 1362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rotate_index(dbfile,"new","old")) goto err; 1364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Data Base Updated\n"); 1366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 1370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (gencrl) 1371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int crl_v2 = 0; 1373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!crl_ext) 1374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT); 1376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!crl_ext) 1377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 1378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (crl_ext) 1380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check syntax of file */ 1382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_CTX ctx; 1383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_ctx_test(&ctx); 1384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_nconf(&ctx, conf); 1385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) 1386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Error Loading CRL extension section %s\n", 1389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crl_ext); 1390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 1391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER)) 1396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project != NULL) 1397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL) 1398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error while loading CRL number\n"); 1400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1403221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!crldays && !crlhours && !crlsec) 1404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!NCONF_get_number(conf,section, 1406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENV_DEFAULT_CRL_DAYS, &crldays)) 1407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crldays = 0; 1408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!NCONF_get_number(conf,section, 1409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENV_DEFAULT_CRL_HOURS, &crlhours)) 1410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crlhours = 0; 1411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1412221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) 1413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n"); 1415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) BIO_printf(bio_err,"making CRL\n"); 1419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((crl=X509_CRL_new()) == NULL) goto err; 1420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err; 1421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmptm = ASN1_TIME_new(); 1423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!tmptm) goto err; 1424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_gmtime_adj(tmptm,0); 1425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CRL_set_lastUpdate(crl, tmptm); 1426221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, 1427221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom NULL)) 1428221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1429221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_puts(bio_err, "error setting CRL nextUpdate\n"); 1430221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 1431221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CRL_set_nextUpdate(crl, tmptm); 1433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(tmptm); 1435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1436221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++) 1437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1438221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom pp=sk_OPENSSL_PSTRING_value(db->db->data,i); 1439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pp[DB_type][0] == DB_TYPE_REV) 1440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((r=X509_REVOKED_new()) == NULL) goto err; 1442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j = make_revoked(r, pp[DB_rev_date]); 1443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!j) goto err; 1444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j == 2) crl_v2 = 1; 1445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_hex2bn(&serial, pp[DB_serial])) 1446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmpser = BN_to_ASN1_INTEGER(serial, NULL); 1448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(serial); 1449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project serial = NULL; 1450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!tmpser) 1451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REVOKED_set_serialNumber(r, tmpser); 1453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER_free(tmpser); 1454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CRL_add0_revoked(crl,r); 1455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* sort the data so it will be written in serial 1459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * number order */ 1460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CRL_sort(crl); 1461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* we now have a CRL */ 1463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) BIO_printf(bio_err,"signing CRL\n"); 1464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Add any extensions asked for */ 1466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (crl_ext || crlnumberfile != NULL) 1468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_CTX crlctx; 1470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); 1471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_nconf(&crlctx, conf); 1472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (crl_ext) 1474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, 1475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crl_ext, crl)) goto err; 1476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (crlnumberfile != NULL) 1477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); 1479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!tmpser) goto err; 1480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0); 1481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER_free(tmpser); 1482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project crl_v2 = 1; 1483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add_word(crlnumber,1)) goto err; 1484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (crl_ext || crl_v2) 1487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_CRL_set_version(crl, 1)) 1489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; /* version 2 CRL */ 1490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (crlnumberfile != NULL) /* we have a CRL number that need updating */ 1494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err; 1495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1496221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (crlnumber) 1497221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1498221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BN_free(crlnumber); 1499221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom crlnumber = NULL; 1500221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1501221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1502392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!do_X509_CRL_sign(bio_err,crl,pkey,dgst,sigopts)) goto err; 1503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project PEM_write_bio_X509_CRL(Sout,crl); 1505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (crlnumberfile != NULL) /* Rename the crlnumber file */ 1507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rotate_serial(crlnumberfile,"new","old")) goto err; 1508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 1511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dorevoke) 1512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (infile == NULL) 1514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"no input files\n"); 1516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *revcert; 1521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project revcert=load_cert(bio_err, infile, FORMAT_PEM, 1522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, infile); 1523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (revcert == NULL) 1524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=do_revoke(revcert,db, rev_type, rev_arg); 1526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j <= 0) goto err; 1527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(revcert); 1528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!save_index(dbfile, "new", db)) goto err; 1530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rotate_index(dbfile, "new", "old")) goto err; 1532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Data Base Updated\n"); 1534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /*****************************************************************/ 1537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=0; 1538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(tofree) 1540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(tofree); 1541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(Cout); 1542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(Sout); 1543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(out); 1544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free_all(in); 1545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert_sk) 1547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_pop_free(cert_sk,X509_free); 1548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret) ERR_print_errors(bio_err); 1550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project app_RAND_write_file(randfile, bio_err); 1551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (free_key && key) 1552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(key); 1553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(serial); 1554221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BN_free(crlnumber); 1555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project free_index(db); 1556392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (sigopts) 1557392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom sk_OPENSSL_STRING_free(sigopts); 1558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pkey); 1559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x509) X509_free(x509); 1560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CRL_free(crl); 1561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NCONF_free(conf); 1562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NCONF_free(extconf); 1563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OBJ_cleanup(); 1564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project apps_shutdown(); 1565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_EXIT(ret); 1566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void lookup_fail(const char *name, const char *tag) 1569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); 1571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1574392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 1575392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(CONF_VALUE) *policy, CA_DB *db, 1576392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, 1577392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom int email_dn, char *startdate, char *enddate, 1578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long days, int batch, char *ext_sect, CONF *lconf, int verbose, 1579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long certopt, unsigned long nameopt, int default_op, 1580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ext_copy, int selfsign) 1581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REQ *req=NULL; 1583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *in=NULL; 1584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pktmp=NULL; 1585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok= -1,i; 1586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project in=BIO_new(BIO_s_file()); 1588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_read_filename(in,infile) <= 0) 1590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project perror(infile); 1592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL) 1595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Error reading certificate request in %s\n", 1597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project infile); 1598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REQ_print(bio_err,req); 1602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Check that the request matches the signature\n"); 1604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (selfsign && !X509_REQ_check_private_key(req,pkey)) 1606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Certificate request and CA private key do not match\n"); 1608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 1609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((pktmp=X509_REQ_get_pubkey(req)) == NULL) 1612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error unpacking public key\n"); 1614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=X509_REQ_verify(req,pktmp); 1617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pktmp); 1618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 1619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 1621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Signature verification problems....\n"); 1622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 1625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 1627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Signature did not match the certificate request\n"); 1628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Signature ok\n"); 1632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1633392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ok=do_body(xret,pkey,x509,dgst,sigopts, policy,db,serial,subj,chtype, 1634392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom multirdn, email_dn, 1635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project startdate,enddate,days,batch,verbose,req,ext_sect,lconf, 1636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project certopt, nameopt, default_op, ext_copy, selfsign); 1637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req != NULL) X509_REQ_free(req); 1640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (in != NULL) BIO_free(in); 1641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ok); 1642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 1645392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 1646392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(CONF_VALUE) *policy, CA_DB *db, 1647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, 1648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long days, int batch, char *ext_sect, CONF *lconf, int verbose, 1649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long certopt, unsigned long nameopt, int default_op, 1650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ext_copy, ENGINE *e) 1651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *req=NULL; 1653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REQ *rreq=NULL; 1654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pktmp=NULL; 1655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok= -1,i; 1656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL) 1658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_print(bio_err,req); 1661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Check that the request matches the signature\n"); 1663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((pktmp=X509_get_pubkey(req)) == NULL) 1665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error unpacking public key\n"); 1667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=X509_verify(req,pktmp); 1670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pktmp); 1671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 1672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 1674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Signature verification problems....\n"); 1675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 1678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 1680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Signature did not match the certificate\n"); 1681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Signature ok\n"); 1685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) 1687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1689392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, 1690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, 1691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_copy, 0); 1692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 1694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rreq != NULL) X509_REQ_free(rreq); 1695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req != NULL) X509_free(req); 1696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ok); 1697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 1700392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, 1701392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom CA_DB *db, BIGNUM *serial, char *subj, 1702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long chtype, int multirdn, 1703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int email_dn, char *startdate, char *enddate, long days, int batch, 1704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, 1705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long certopt, unsigned long nameopt, int default_op, 1706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ext_copy, int selfsign) 1707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL; 1709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UTCTIME *tm,*tmptm; 1710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_STRING *str,*str2; 1711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT *obj; 1712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *ret=NULL; 1713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_CINF *ci; 1714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_ENTRY *ne; 1715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_ENTRY *tne,*push; 1716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pktmp; 1717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok= -1,i,j,last,nid; 1718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *p; 1719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CONF_VALUE *cv; 1720221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_STRING row[DB_NUMBER]; 1721221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_STRING *irow=NULL; 1722221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_STRING *rrow=NULL; 1723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char buf[25]; 1724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmptm=ASN1_UTCTIME_new(); 1726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tmptm == NULL) 1727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"malloc error\n"); 1729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 1730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 1733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[i]=NULL; 1734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (subj) 1736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *n = parse_name(subj, chtype, multirdn); 1738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!n) 1740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REQ_set_subject_name(req,n); 1745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req->req_info->enc.modified = 1; 1746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(n); 1747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (default_op) 1750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n"); 1751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project name=X509_REQ_get_subject_name(req); 1753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<X509_NAME_entry_count(name); i++) 1754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ne= X509_NAME_get_entry(name,i); 1756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str=X509_NAME_ENTRY_get_data(ne); 1757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project obj=X509_NAME_ENTRY_get_object(ne); 1758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (msie_hack) 1760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* assume all type should be strings */ 1762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nid=OBJ_obj2nid(ne->object); 1763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (str->type == V_ASN1_UNIVERSALSTRING) 1765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UNIVERSALSTRING_to_string(str); 1766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((str->type == V_ASN1_IA5STRING) && 1768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (nid != NID_pkcs9_emailAddress)) 1769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str->type=V_ASN1_T61STRING; 1770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((nid == NID_pkcs9_emailAddress) && 1772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (str->type == V_ASN1_PRINTABLESTRING)) 1773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str->type=V_ASN1_IA5STRING; 1774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If no EMAIL is wanted in the subject */ 1777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn)) 1778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 1779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* check some things */ 1781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && 1782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (str->type != V_ASN1_IA5STRING)) 1783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n"); 1785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING)) 1788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=ASN1_PRINTABLE_type(str->data,str->length); 1790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( ((j == V_ASN1_T61STRING) && 1791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (str->type != V_ASN1_T61STRING)) || 1792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((j == V_ASN1_IA5STRING) && 1793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (str->type == V_ASN1_PRINTABLESTRING))) 1794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n"); 1796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (default_op) 1801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project old_entry_print(bio_err, obj, str); 1802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Ok, now we check the 'policy' stuff. */ 1805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((subject=X509_NAME_new()) == NULL) 1806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* take a copy of the issuer name before we mess with it. */ 1812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (selfsign) 1813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CAname=X509_NAME_dup(name); 1814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CAname=X509_NAME_dup(x509->cert_info->subject); 1816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (CAname == NULL) goto err; 1817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str=str2=NULL; 1818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<sk_CONF_VALUE_num(policy); i++) 1820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cv=sk_CONF_VALUE_value(policy,i); /* get the object id */ 1822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((j=OBJ_txt2nid(cv->name)) == NID_undef) 1823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name); 1825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project obj=OBJ_nid2obj(j); 1828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project last= -1; 1830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 1831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* lookup the object in the supplied name list */ 1833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=X509_NAME_get_index_by_OBJ(name,obj,last); 1834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j < 0) 1835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (last != -1) break; 1837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tne=NULL; 1838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tne=X509_NAME_get_entry(name,j); 1842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project last=j; 1844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* depending on the 'policy', decide what to do. */ 1846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project push=NULL; 1847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strcmp(cv->value,"optional") == 0) 1848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tne != NULL) 1850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project push=tne; 1851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(cv->value,"supplied") == 0) 1853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tne == NULL) 1855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name); 1857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project push=tne; 1861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(cv->value,"match") == 0) 1863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int last2; 1865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tne == NULL) 1867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name); 1869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project last2= -1; 1873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectagain2: 1875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=X509_NAME_get_index_by_OBJ(CAname,obj,last2); 1876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((j < 0) && (last2 == -1)) 1877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name); 1879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j >= 0) 1882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project push=X509_NAME_get_entry(CAname,j); 1884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str=X509_NAME_ENTRY_get_data(tne); 1885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str2=X509_NAME_ENTRY_get_data(push); 1886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project last2=j; 1887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ASN1_STRING_cmp(str,str2) != 0) 1888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto again2; 1889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j < 0) 1891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data)); 1893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value); 1899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (push != NULL) 1903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_NAME_add_entry(subject,push, -1, 0)) 1905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (push != NULL) 1907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_ENTRY_free(push); 1908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j < 0) break; 1913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (preserve) 1917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(subject); 1919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ 1920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project subject=X509_NAME_dup(name); 1921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (subject == NULL) goto err; 1922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 1925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n"); 1926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Build the correct Subject if no e-mail is wanted in the subject */ 1928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* and add it later on because of the method extensions are added (altName) */ 1929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (email_dn) 1931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dn_subject = subject; 1932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_ENTRY *tmpne; 1935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Its best to dup the subject DN and then delete any email 1936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * addresses because this retains its structure. 1937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(dn_subject = X509_NAME_dup(subject))) 1939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while((i = X509_NAME_get_index_by_NID(dn_subject, 1944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NID_pkcs9_emailAddress, -1)) >= 0) 1945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmpne = X509_NAME_get_entry(dn_subject, i); 1947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_delete_entry(dn_subject, i); 1948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_ENTRY_free(tmpne); 1949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(serial)) 1953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial]=BUF_strdup("00"); 1954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial]=BN_bn2hex(serial); 1956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (row[DB_serial] == NULL) 1957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 1959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (db->attributes.unique_subject) 1963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1964221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_STRING *crow=row; 1965221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1966221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom rrow=TXT_DB_get_by_index(db->db,DB_name,crow); 1967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow != NULL) 1968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "ERROR:There is already a certificate for %s\n", 1971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_name]); 1972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow == NULL) 1975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 1977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow != NULL) 1978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n", 1980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial]); 1981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," check the database/serial_file for corruption\n"); 1982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow != NULL) 1986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "The matching entry has the following details\n"); 1989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow[DB_type][0] == 'E') 1990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p="Expired"; 1991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (rrow[DB_type][0] == 'R') 1992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p="Revoked"; 1993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (rrow[DB_type][0] == 'V') 1994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p="Valid"; 1995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p="\ninvalid type, Data base error\n"; 1997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Type :%s\n",p);; 1998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow[DB_type][0] == 'R') 1999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=rrow[DB_exp_date]; if (p == NULL) p="undef"; 2001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Was revoked on:%s\n",p); 2002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=rrow[DB_exp_date]; if (p == NULL) p="undef"; 2004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Expires on :%s\n",p); 2005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=rrow[DB_serial]; if (p == NULL) p="undef"; 2006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Serial Number :%s\n",p); 2007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=rrow[DB_file]; if (p == NULL) p="undef"; 2008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"File name :%s\n",p); 2009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=rrow[DB_name]; if (p == NULL) p="undef"; 2010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Subject Name :%s\n",p); 2011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok= -1; /* This is now a 'bad' error. */ 2012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We are now totally happy, lets make and sign the certificate */ 2016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 2017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n"); 2018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret=X509_new()) == NULL) goto err; 2020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ci=ret->cert_info; 2021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef X509_V3 2023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Make it an X509 v3 certificate. */ 2024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_set_version(ret,2)) goto err; 2025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL) 2028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (selfsign) 2030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_set_issuer_name(ret,subject)) 2032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_set_issuer_name(ret,X509_get_subject_name(x509))) 2037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strcmp(startdate,"today") == 0) 2041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_gmtime_adj(X509_get_notBefore(ret),0); 2042221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate); 2043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (enddate == NULL) 2045221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL); 2046221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate); 2047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_set_subject_name(ret,subject)) goto err; 2049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pktmp=X509_REQ_get_pubkey(req); 2051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = X509_set_pubkey(ret,pktmp); 2052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pktmp); 2053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!i) goto err; 2054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Lets add the extensions, if there are any */ 2056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ext_sect) 2057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_CTX ctx; 2059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ci->version == NULL) 2060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ci->version=ASN1_INTEGER_new()) == NULL) 2061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */ 2063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Free the current entries if any, there should not 2065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * be any I believe */ 2066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ci->extensions != NULL) 2067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_EXTENSION_pop_free(ci->extensions, 2068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION_free); 2069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ci->extensions = NULL; 2071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Initialize the context structure */ 2073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (selfsign) 2074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0); 2075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0); 2077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (extconf) 2079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 2081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Extra configuration file found\n"); 2082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Use the extconf configuration db LHASH */ 2084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_nconf(&ctx, extconf); 2085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Test the structure (needed?) */ 2087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* X509V3_set_ctx_test(&ctx); */ 2088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Adds exts contained in the configuration file */ 2090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret)) 2091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 2093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "ERROR: adding extensions in section %s\n", 2094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_sect); 2095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 2099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Successfully added extensions from file.\n"); 2100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (ext_sect) 2102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We found extensions to be set from config file */ 2104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509V3_set_nconf(&ctx, lconf); 2105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) 2107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect); 2109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verbose) 2114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Successfully added extensions from config\n"); 2115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Copy extensions from request (if any) */ 2119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!copy_extensions(ret, req, ext_copy)) 2121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "ERROR: adding extensions from request\n"); 2123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set the right value for the noemailDN option */ 2128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if( email_dn == 0 ) 2129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_set_subject_name(ret,dn_subject)) goto err; 2131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!default_op) 2134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Certificate Details:\n"); 2136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Never print signature details because signature not present */ 2137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME; 2138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_print_ex(bio_err, ret, nameopt, certopt); 2139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Certificate is to be certified until "); 214298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); 2143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (days) BIO_printf(bio_err," (%ld days)",days); 2144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "\n"); 2145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!batch) 2147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Sign the certificate? [y/n]:"); 2150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio_err); 2151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[0]='\0'; 215298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!fgets(buf,sizeof(buf)-1,stdin)) 215398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 215498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); 215598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom ok=0; 215698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom goto err; 215798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 2158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!((buf[0] == 'y') || (buf[0] == 'Y'))) 2159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n"); 2161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 2162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pktmp=X509_get_pubkey(ret); 2167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (EVP_PKEY_missing_parameters(pktmp) && 2168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !EVP_PKEY_missing_parameters(pkey)) 2169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_copy_parameters(pktmp,pkey); 2170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pktmp); 2171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2172392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!do_X509_sign(bio_err, ret,pkey,dgst, sigopts)) 2173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We now just add it to the database */ 2176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_type]=(char *)OPENSSL_malloc(2); 2177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tm=X509_get_notAfter(ret); 2179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); 2180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(row[DB_exp_date],tm->data,tm->length); 2181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_exp_date][tm->length]='\0'; 2182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_rev_date]=NULL; 2184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* row[DB_serial] done already */ 2186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_file]=(char *)OPENSSL_malloc(8); 2187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0); 2188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 2190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (row[DB_file] == NULL) || (row[DB_name] == NULL)) 2191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 2193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcpy(row[DB_file],"unknown",8); 2196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_type][0]='V'; 2197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_type][1]='\0'; 2198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) 2200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 2202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 2206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project irow[i]=row[i]; 2208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[i]=NULL; 2209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project irow[DB_NUMBER]=NULL; 2211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!TXT_DB_insert(db->db,irow)) 2213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"failed to update database\n"); 2215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); 2216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=1; 2219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 2221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (row[i] != NULL) OPENSSL_free(row[i]); 2222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (CAname != NULL) 2224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(CAname); 2225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (subject != NULL) 2226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(subject); 2227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dn_subject != NULL) && !email_dn) 2228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_free(dn_subject); 2229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tmptm != NULL) 2230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UTCTIME_free(tmptm); 2231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ok <= 0) 2232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != NULL) X509_free(ret); 2234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=NULL; 2235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *xret=ret; 2238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ok); 2239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) 2242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (output_der) 2245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)i2d_X509_bio(bp,x); 2247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 2248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 2250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ??? Not needed since X509_print prints all this stuff anyway */ 2251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256); 2252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"issuer :%s\n",f); 2253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f=X509_NAME_oneline(X509_get_subject_name(x),buf,256); 2255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"subject:%s\n",f); 2256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(bp,"serial :"); 2258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber); 2259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(bp,"\n\n"); 2260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!notext)X509_print(bp,x); 2262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project PEM_write_bio_X509(bp,x); 2263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, 2266392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, 2267392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom STACK_OF(CONF_VALUE) *policy, CA_DB *db, 2268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, 2269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, 2270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long nameopt, int default_op, int ext_copy) 2271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(CONF_VALUE) *sk=NULL; 2273221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom LHASH_OF(CONF_VALUE) *parms=NULL; 2274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REQ *req=NULL; 2275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CONF_VALUE *cv=NULL; 2276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NETSCAPE_SPKI *spki = NULL; 2277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REQ_INFO *ri; 2278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *type,*buf; 2279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pktmp=NULL; 2280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME *n=NULL; 2281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_ENTRY *ne=NULL; 2282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok= -1,i,j; 2283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long errline; 2284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nid; 2285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 2287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Load input file into a hash table. (This is just an easy 2288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * way to read and parse the file, then put it into a convenient 2289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STACK format). 2290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project parms=CONF_load(NULL,infile,&errline); 2292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (parms == NULL) 2293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile); 2295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=CONF_get_section(parms, "default"); 2300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_CONF_VALUE_num(sk) == 0) 2301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); 2303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CONF_free(parms); 2304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 2308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Now create a dummy X509 request structure. We don't actually 2309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * have an X509 request, but we have many of the components 2310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (a public key, various DN components). The idea is that we 2311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * put these components into the right X509 request structure 2312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and we can use the same code as if you had a real X509 request. 2313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req=X509_REQ_new(); 2315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req == NULL) 2316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 2322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Build up the subject name set. 2323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ri=req->req_info; 2325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n = ri->subject; 2326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; ; i++) 2328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_CONF_VALUE_num(sk) <= i) break; 2330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cv=sk_CONF_VALUE_value(sk,i); 2332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project type=cv->name; 2333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Skip past any leading X. X: X, etc to allow for 2334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * multiple instances 2335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (buf = cv->name; *buf ; buf++) 2337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((*buf == ':') || (*buf == ',') || (*buf == '.')) 2338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf++; 2340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*buf) type = buf; 2341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf=cv->value; 2345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((nid=OBJ_txt2nid(type)) == NID_undef) 2346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strcmp(type, "SPKAC") == 0) 2348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); 2350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (spki == NULL) 2351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n"); 2353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 2358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 236098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!X509_NAME_add_entry_by_NID(n, nid, chtype, 236198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (unsigned char *)buf, -1, -1, 0)) 2362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (spki == NULL) 2365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n", 2367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project infile); 2368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 2372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Now extract the key from the SPKI structure. 2373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n"); 2376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL) 2378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error unpacking SPKAC public key\n"); 2380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j = NETSCAPE_SPKI_verify(spki, pktmp); 2384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (j <= 0) 2385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"signature verification failed on SPKAC public key\n"); 2387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Signature ok\n"); 2390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_REQ_set_pubkey(req,pktmp); 2392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pktmp); 2393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype, 2394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom multirdn,email_dn,startdate,enddate, days,1,verbose,req, 2395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); 2396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req != NULL) X509_REQ_free(req); 2398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (parms != NULL) CONF_free(parms); 2399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (spki != NULL) NETSCAPE_SPKI_free(spki); 2400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ne != NULL) X509_NAME_ENTRY_free(ne); 2401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ok); 2403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 240598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromstatic int check_time_format(const char *str) 2406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2407221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return ASN1_TIME_set_string(NULL, str); 2408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_revoke(X509 *x509, CA_DB *db, int type, char *value) 2411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UTCTIME *tm=NULL; 2413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *row[DB_NUMBER],**rrow,**irow; 2414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *rev_str = NULL; 2415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *bn = NULL; 2416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok=-1,i; 2417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 2419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[i]=NULL; 2420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0); 2421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL); 2422221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!bn) 2423221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 2424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_zero(bn)) 2425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial]=BUF_strdup("00"); 2426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial]=BN_bn2hex(bn); 2428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(bn); 2429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) 2430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 2432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We have to lookup by serial number because name lookup 2435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * skips revoked certs 2436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 2438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow == NULL) 2439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]); 2441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We now just add it to the database */ 2443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_type]=(char *)OPENSSL_malloc(2); 2444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tm=X509_get_notAfter(x509); 2446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1); 2447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(row[DB_exp_date],tm->data,tm->length); 2448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_exp_date][tm->length]='\0'; 2449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_rev_date]=NULL; 2451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* row[DB_serial] done already */ 2453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_file]=(char *)OPENSSL_malloc(8); 2454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* row[DB_name] done already */ 2456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || 2458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (row[DB_file] == NULL)) 2459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 2461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcpy(row[DB_file],"unknown",8); 2464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_type][0]='V'; 2465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_type][1]='\0'; 2466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) 2468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Memory allocation failure\n"); 2470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 2474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project irow[i]=row[i]; 2476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[i]=NULL; 2477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project irow[DB_NUMBER]=NULL; 2479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!TXT_DB_insert(db->db,irow)) 2481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"failed to update database\n"); 2483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error); 2484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Revoke Certificate */ 2488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok = do_revoke(x509,db, type, value); 2489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2493221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (index_name_cmp_noconst(row, rrow)) 2494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"ERROR:name does not match %s\n", 2496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_name]); 2497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (rrow[DB_type][0]=='R') 2500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n", 2502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial]); 2503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]); 2508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rev_str = make_revocation_str(type, value); 2509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rev_str) 2510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error in revocation arguments\n"); 2512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_type][0]='R'; 2515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_type][1]='\0'; 2516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_rev_date] = rev_str; 2517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=1; 2519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 2521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (row[i] != NULL) 2523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(row[i]); 2524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ok); 2526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int get_certificate_status(const char *serial, CA_DB *db) 2529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *row[DB_NUMBER],**rrow; 2531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok=-1,i; 2532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Free Resources */ 2534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 2535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[i]=NULL; 2536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Malloc needed char spaces */ 2538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2); 2539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (row[DB_serial] == NULL) 2540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Malloc failure\n"); 2542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strlen(serial) % 2) 2546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set the first char to 0 */; 2548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial][0]='0'; 2549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Copy String from serial to row[DB_serial] */ 2551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(row[DB_serial]+1, serial, strlen(serial)); 2552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial][strlen(serial)+1]='\0'; 2553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Copy String from serial to row[DB_serial] */ 2557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(row[DB_serial], serial, strlen(serial)); 2558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial][strlen(serial)]='\0'; 2559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Make it Upper Case */ 2562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; row[DB_serial][i] != '\0'; i++) 25637d3d122363e2a85d516db314892f3d6112cb1377Brian Carlstrom row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]); 2564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=1; 2567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Search for the certificate */ 2569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow=TXT_DB_get_by_index(db->db,DB_serial,row); 2570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow == NULL) 2571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Serial %s not present in db.\n", 2573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial]); 2574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=-1; 2575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (rrow[DB_type][0]=='V') 2578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s=Valid (%c)\n", 2580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial], rrow[DB_type][0]); 2581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (rrow[DB_type][0]=='R') 2584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s=Revoked (%c)\n", 2586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial], rrow[DB_type][0]); 2587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (rrow[DB_type][0]=='E') 2590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s=Expired (%c)\n", 2592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial], rrow[DB_type][0]); 2593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (rrow[DB_type][0]=='S') 2596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s=Suspended (%c)\n", 2598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial], rrow[DB_type][0]); 2599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s=Unknown (%c).\n", 2604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project row[DB_serial], rrow[DB_type][0]); 2605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=-1; 2606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<DB_NUMBER; i++) 2609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (row[i] != NULL) 2611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(row[i]); 2612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ok); 2614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int do_updatedb (CA_DB *db) 2617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UTCTIME *a_tm = NULL; 2619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i, cnt = 0; 2620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ 2621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char **rrow, *a_tm_s; 2622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a_tm = ASN1_UTCTIME_new(); 2624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* get actual time and make a string */ 2626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a_tm = X509_gmtime_adj(a_tm, 0); 2627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1); 2628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a_tm_s == NULL) 2629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cnt = -1; 2631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(a_tm_s, a_tm->data, a_tm->length); 2635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a_tm_s[a_tm->length] = '\0'; 2636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strncmp(a_tm_s, "49", 2) <= 0) 2638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a_y2k = 1; 2639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a_y2k = 0; 2641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2642221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) 2643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2644221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); 2645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rrow[DB_type][0] == 'V') 2647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* ignore entries that are not valid */ 2649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) 2650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db_y2k = 1; 2651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project db_y2k = 0; 2653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (db_y2k == a_y2k) 2655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* all on the same y2k side */ 2657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) 2658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_type][0] = 'E'; 2660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_type][1] = '\0'; 2661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cnt++; 2662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "%s=Expired\n", 2664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_serial]); 2665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (db_y2k < a_y2k) 2668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_type][0] = 'E'; 2670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_type][1] = '\0'; 2671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cnt++; 2672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "%s=Expired\n", 2674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rrow[DB_serial]); 2675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UTCTIME_free(a_tm); 2683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(a_tm_s); 2684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return (cnt); 2686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic const char *crl_reasons[] = { 2689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* CRL reason strings */ 2690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "unspecified", 2691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "keyCompromise", 2692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "CACompromise", 2693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "affiliationChanged", 2694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "superseded", 2695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "cessationOfOperation", 2696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "certificateHold", 2697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "removeFromCRL", 2698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Additional pseudo reasons */ 2699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "holdInstruction", 2700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "keyTime", 2701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "CAkeyTime" 2702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project}; 2703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *)) 2705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Given revocation information convert to a DB string. 2707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The format of the string is: 2708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * revtime[,reason,extra]. Where 'revtime' is the 2709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * revocation time (the current time). 'reason' is the 2710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * optional CRL reason and 'extra' is any additional 2711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * argument 2712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectchar *make_revocation_str(int rev_type, char *rev_arg) 2715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *other = NULL, *str; 2717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *reason = NULL; 2718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT *otmp; 2719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UTCTIME *revtm = NULL; 2720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 2721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (rev_type) 2722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case REV_NONE: 2724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case REV_CRL_REASON: 2727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < 8; i++) 2728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!strcasecmp(rev_arg, crl_reasons[i])) 2730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason = crl_reasons[i]; 2732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason == NULL) 2736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg); 2738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 2739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case REV_HOLD: 2743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Argument is an OID */ 2744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project otmp = OBJ_txt2obj(rev_arg, 0); 2746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT_free(otmp); 2747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (otmp == NULL) 2749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg); 2751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 2752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason = "holdInstruction"; 2755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project other = rev_arg; 2756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case REV_KEY_COMPROMISE: 2759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case REV_CA_COMPROMISE: 2760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Argument is the key compromise time */ 2762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) 2763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg); 2765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 2766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project other = rev_arg; 2768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rev_type == REV_KEY_COMPROMISE) 2769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason = "keyTime"; 2770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason = "CAkeyTime"; 2772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project revtm = X509_gmtime_adj(NULL, 0); 2778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = revtm->length + 1; 2780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason) i += strlen(reason) + 1; 2782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (other) i += strlen(other) + 1; 2783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str = OPENSSL_malloc(i); 2785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!str) return NULL; 2787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcpy(str, (char *)revtm->data, i); 2789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason) 2790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcat(str, ",", i); 2792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcat(str, reason, i); 2793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (other) 2795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcat(str, ",", i); 2797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BUF_strlcat(str, other, i); 2798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_UTCTIME_free(revtm); 2800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return str; 2801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Convert revocation field to X509_REVOKED entry 2804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * return code: 2805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 0 error 2806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1 OK 2807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2 OK and some extensions added (i.e. V2 CRL) 2808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint make_revoked(X509_REVOKED *rev, const char *str) 2812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *tmp = NULL; 2814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int reason_code = -1; 2815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i, ret = 0; 2816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT *hold = NULL; 2817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME *comp_time = NULL; 2818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_ENUMERATED *rtmp = NULL; 2819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME *revDate = NULL; 2821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str); 2823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i == 0) 2825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rev && !X509_REVOKED_set_revocationDate(rev, revDate)) 2828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) 2831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rtmp = ASN1_ENUMERATED_new(); 2833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code)) 2834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0)) 2836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rev && comp_time) 2840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0)) 2842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rev && hold) 2845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0)) 2847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS) 2851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 2; 2852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else ret = 1; 2853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 2855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tmp) OPENSSL_free(tmp); 2857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT_free(hold); 2858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME_free(comp_time); 2859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_ENUMERATED_free(rtmp); 2860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_TIME_free(revDate); 2861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 2863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) 2866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char buf[25],*pbuf, *p; 2868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int j; 2869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=i2a_ASN1_OBJECT(bp,obj); 2870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pbuf=buf; 2871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (j=22-j; j>0; j--) 2872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(pbuf++)=' '; 2873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(pbuf++)=':'; 2874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *(pbuf++)='\0'; 2875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(bp,buf); 2876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (str->type == V_ASN1_PRINTABLESTRING) 2878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"PRINTABLE:'"); 2879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (str->type == V_ASN1_T61STRING) 2880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"T61STRING:'"); 2881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (str->type == V_ASN1_IA5STRING) 2882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"IA5STRING:'"); 2883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (str->type == V_ASN1_UNIVERSALSTRING) 2884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"UNIVERSALSTRING:'"); 2885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"ASN.1 %2d:'",str->type); 2887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=(char *)str->data; 2889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (j=str->length; j>0; j--) 2890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((*p >= ' ') && (*p <= '~')) 2892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"%c",*p); 2893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (*p & 0x80) 2894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"\\0x%02X",*p); 2895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((unsigned char)*p == 0xf7) 2896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"^?"); 2897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else BIO_printf(bp,"^%c",*p+'@'); 2898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p++; 2899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bp,"'\n"); 2901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 2902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str) 2905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *tmp = NULL; 2907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; 2908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int reason_code = -1; 2909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 0; 2910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int i; 2911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT *hold = NULL; 2912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME *comp_time = NULL; 2913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp = BUF_strdup(str); 2914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = strchr(tmp, ','); 2916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rtime_str = tmp; 2918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p) 2920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = '\0'; 2922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p++; 2923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason_str = p; 2924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = strchr(p, ','); 2925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p) 2926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *p = '\0'; 2928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project arg_str = p + 1; 2929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (prevtm) 2933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *prevtm = ASN1_UTCTIME_new(); 2935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) 2936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); 2938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason_str) 2942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < NUM_REASONS; i++) 2944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!strcasecmp(reason_str, crl_reasons[i])) 2946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason_code = i; 2948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) 2952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "invalid reason code %s\n", reason_str); 2954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason_code == 7) 2958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; 2959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (reason_code == 8) /* Hold instruction */ 2960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!arg_str) 2962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "missing hold instruction\n"); 2964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD; 2967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project hold = OBJ_txt2obj(arg_str, 0); 2968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!hold) 2970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "invalid object identifier %s\n", arg_str); 2972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (phold) *phold = hold; 2975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((reason_code == 9) || (reason_code == 10)) 2977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!arg_str) 2979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "missing compromised time\n"); 2981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project comp_time = ASN1_GENERALIZEDTIME_new(); 2984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) 2985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); 2987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (reason_code == 9) 2990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE; 2991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE; 2993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (preason) *preason = reason_code; 2997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pinvtm) *pinvtm = comp_time; 2998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else ASN1_GENERALIZEDTIME_free(comp_time); 2999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 3001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 3003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tmp) OPENSSL_free(tmp); 3005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!phold) ASN1_OBJECT_free(hold); 3006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time); 3007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 3009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3010