Fix to the -revoke option in ca. It was leaking memory, crashing and just

plain not working :-(

Also fix some memory leaks in the new X509_NAME code.

Fix so new app_rand code doesn't crash 'x509' and move #include so it compiles
under Win32.

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Fix the -revoke option in ca. It was freeing up memory twice,
+     leaking and not finding already revoked certificates.
+     [Steve Henson]
+
   *) Extensive changes to support certificate auxiliary information.
      This involves the use of X509_CERT_AUX structure and X509_AUX
      functions. An X509_AUX function such as PEM_read_X509_AUX()

apps/app_rand.c

@@ -109,10 +109,10 @@
  *
  */
 
+#include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/rand.h>
 
-#include "apps.h"
 
 static int seeded = 0;
 

apps/ca.c

@@ -1169,13 +1169,6 @@ bad:
 	/*****************************************************************/
 	if (dorevoke)
 		{
-		in=BIO_new(BIO_s_file());
-		out=BIO_new(BIO_s_file());
-		if ((in == NULL) || (out == NULL))
-			{
-			ERR_print_errors(bio_err);
-			goto err;
-			}
 		if (infile == NULL) 
 			{
 			BIO_printf(bio_err,"no input files\n");
@@ -1183,19 +1176,22 @@ bad:
 			}
 		else
 			{
+			X509 *revcert;
 			if (BIO_read_filename(in,infile) <= 0)
 				{
 				perror(infile);
 				BIO_printf(bio_err,"error trying to load '%s' certificate\n",infile);
 				goto err;
 				}
-			x509=PEM_read_bio_X509(in,NULL,NULL,NULL);
-			if (x509 == NULL)
+			revcert=PEM_read_bio_X509(in,NULL,NULL,NULL);
+			if (revcert == NULL)
 				{
 				BIO_printf(bio_err,"unable to load '%s' certificate\n",infile);
 				goto err;
 				}
-			j=do_revoke(x509,db);
+			j=do_revoke(revcert,db);
+			if (j <= 0) goto err;
+			X509_free(revcert);
 
 			strncpy(buf[0],dbfile,BSIZE-4);
 			strcat(buf[0],".new");
@@ -1207,10 +1203,6 @@ bad:
 				}
 			j=TXT_DB_write(out,db);
 			if (j <= 0) goto err;
-			BIO_free(in);
-			BIO_free(out);
-			in=NULL;
-			out=NULL;
 			strncpy(buf[1],dbfile,BSIZE-4);
 			strcat(buf[1],".old");
 			if (rename(dbfile,buf[1]) < 0)
@@ -2143,20 +2135,26 @@ static int add_oid_section(LHASH *hconf)
 
 static int do_revoke(X509 *x509, TXT_DB *db)
 {
-	ASN1_UTCTIME *tm=NULL;
+	ASN1_UTCTIME *tm=NULL, *revtm=NULL;
 	char *row[DB_NUMBER],**rrow,**irow;
+	BIGNUM *bn = NULL;
 	int ok=-1,i;
 
 	for (i=0; i<DB_NUMBER; i++)
 		row[i]=NULL;
-	row[DB_name]=X509_NAME_oneline(x509->cert_info->subject,NULL,0);
-	row[DB_serial]=BN_bn2hex(ASN1_INTEGER_to_BN(x509->cert_info->serialNumber,NULL));
+	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+	row[DB_serial]=BN_bn2hex(bn);
+	BN_free(bn);
 	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
 		BIO_printf(bio_err,"Malloc failure\n");
 		goto err;
 		}
-	rrow=TXT_DB_get_by_index(db,DB_name,row);
+	/* We have to lookup by serial number because name lookup
+	 * skips revoked certs
+ 	 */
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
 	if (rrow == NULL)
 		{
 		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
@@ -2207,16 +2205,15 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 			}
 
 		/* Revoke Certificate */
-		do_revoke(x509,db);
+		ok = do_revoke(x509,db);
 
-		ok=1;
 		goto err;
 
 		}
-	else if (index_serial_cmp(row,rrow))
+	else if (index_name_cmp(row,rrow))
 		{
-		BIO_printf(bio_err,"ERROR:no same serial number %s\n",
-			   row[DB_serial]);
+		BIO_printf(bio_err,"ERROR:name does not match %s\n",
+			   row[DB_name]);
 		goto err;
 		}
 	else if (rrow[DB_type][0]=='R')
@@ -2228,12 +2225,14 @@ static int do_revoke(X509 *x509, TXT_DB *db)
 	else
 		{
 		BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
-		tm=X509_gmtime_adj(tm,0);
+		revtm = ASN1_UTCTIME_new();
+		revtm=X509_gmtime_adj(revtm,0);
 		rrow[DB_type][0]='R';
 		rrow[DB_type][1]='\0';
-		rrow[DB_rev_date]=(char *)Malloc(tm->length+1);
-		memcpy(rrow[DB_rev_date],tm->data,tm->length);
-		rrow[DB_rev_date][tm->length]='\0';
+		rrow[DB_rev_date]=(char *)Malloc(revtm->length+1);
+		memcpy(rrow[DB_rev_date],revtm->data,revtm->length);
+		rrow[DB_rev_date][revtm->length]='\0';
+		ASN1_UTCTIME_free(revtm);
 		}
 	ok=1;
 err:
@@ -2242,7 +2241,6 @@ err:
 		if (row[i] != NULL) 
 			Free(row[i]);
 		}
-	ASN1_UTCTIME_free(tm);
 	return(ok);
 }
 

apps/req.c

@@ -845,6 +845,7 @@ end:
 	X509_free(x509ss);
 	X509V3_EXT_cleanup();
 	OBJ_cleanup();
+	ASN1_STRING_TABLE_cleanup();
 #ifndef NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif

apps/x509.c

@@ -268,6 +268,7 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			CA_flag= ++num;
+			need_rand = 1;
 			}
 		else if (strcmp(*argv,"-CAkey") == 0)
 			{

crypto/asn1/a_strnid.c

@@ -188,6 +188,7 @@ void ASN1_STRING_TABLE_cleanup(void)
 {
 	STACK_OF(ASN1_STRING_TABLE) *tmp;
 	tmp = stable;
+	if(!tmp) return;
 	stable = NULL;
 	sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
 }

crypto/asn1/x_x509a.c

@@ -117,6 +117,7 @@ void X509_CERT_AUX_free(X509_CERT_AUX *a)
 	sk_ASN1_OBJECT_pop_free(a->othernotrust, ASN1_OBJECT_free);
 	ASN1_UTF8STRING_free(a->alias);
 	ASN1_TYPE_free(a->other);
+	Free((char *)a);
 }
 
 int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp)

crypto/x509/x509name.c

@@ -175,27 +175,36 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
 			unsigned char *bytes, int len, int loc, int set)
 {
 	X509_NAME_ENTRY *ne;
+	int ret;
 	ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
 	if(!ne) return 0;
-	return X509_NAME_add_entry(name, ne, loc, set);
+	ret = X509_NAME_add_entry(name, ne, loc, set);
+	X509_NAME_ENTRY_free(ne);
+	return ret;
 }
 
 int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
 			unsigned char *bytes, int len, int loc, int set)
 {
 	X509_NAME_ENTRY *ne;
+	int ret;
 	ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
 	if(!ne) return 0;
-	return X509_NAME_add_entry(name, ne, loc, set);
+	ret = X509_NAME_add_entry(name, ne, loc, set);
+	X509_NAME_ENTRY_free(ne);
+	return ret;
 }
 
 int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
 			unsigned char *bytes, int len, int loc, int set)
 {
 	X509_NAME_ENTRY *ne;
+	int ret;
 	ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
 	if(!ne) return 0;
-	return X509_NAME_add_entry(name, ne, loc, set);
+	ret = X509_NAME_add_entry(name, ne, loc, set);
+	X509_NAME_ENTRY_free(ne);
+	return ret;
 }
 
 /* if set is -1, append to previous set, 0 'a new one', and 1,
@@ -267,6 +276,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
 		char *field, int type, unsigned char *bytes, int len)
 	{
 	ASN1_OBJECT *obj;
+	X509_NAME_ENTRY *nentry;
 
 	obj=OBJ_txt2obj(field, 0);
 	if (obj == NULL)
@@ -275,13 +285,16 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
 						X509_R_INVALID_FIELD_NAME);
 		return(NULL);
 		}
-	return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
+	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
+	ASN1_OBJECT_free(obj);
+	return nentry;
 	}
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
 	     int type, unsigned char *bytes, int len)
 	{
 	ASN1_OBJECT *obj;
+	X509_NAME_ENTRY *nentry;
 
 	obj=OBJ_nid2obj(nid);
 	if (obj == NULL)
@@ -289,7 +302,9 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
 		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
 		return(NULL);
 		}
-	return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
+	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
+	ASN1_OBJECT_free(obj);
+	return nentry;
 	}
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,

demos/ssl/cli.cpp

@@ -14,7 +14,6 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 
-#include "rsa.h"       /* SSLeay stuff */
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>

util/libeay.num

@@ -1998,3 +1998,25 @@ X509_NAME_add_entry_by_txt              2022
 X509_NAME_add_entry_by_NID              2023
 X509_NAME_add_entry_by_OBJ              2024
 X509_NAME_ENTRY_create_by_txt           2025
+PEM_read_X509_AUX                       2026
+X509_CERT_AUX_free                      2027
+X509_alias_set                          2028
+PEM_read_bio_X509_AUX                   2029
+X509_trust_set_bit_asc                  2030
+d2i_X509_AUX                            2031
+X509_CERT_AUX_print                     2032
+ASN1_BIT_STRING_num_asc                 2033
+X509_CERT_AUX_new                       2034
+ASN1_BIT_STRING_set_asc                 2035
+i2d_X509_CERT_AUX                       2036
+PEM_write_X509_AUX                      2037
+X509_notrust_set_bit                    2038
+X509_add_notrust_object                 2039
+PEM_write_bio_X509_AUX                  2040
+X509_alias_get                          2041
+X509_trust_set_bit                      2042
+d2i_X509_CERT_AUX                       2043
+X509_notrust_set_bit_asc                2044
+i2d_X509_AUX                            2045
+ASN1_BIT_STRING_name_print              2046
+X509_add_trust_object                   2047