===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/x509.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -c -r1.20 -r1.21
*** src/usr.bin/openssl/x509.c	2021/03/26 13:46:25	1.20
--- src/usr.bin/openssl/x509.c	2021/04/01 10:47:38	1.21
***************
*** 1,4 ****
! /* $OpenBSD: x509.c,v 1.20 2021/03/26 13:46:25 inoguchi Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
--- 1,4 ----
! /* $OpenBSD: x509.c,v 1.21 2021/04/01 10:47:38 inoguchi Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
***************
*** 782,788 ****
  		    "need to specify a CAkey if using the CA command\n");
  		goto end;
  	}
! 	if (x509_config.extfile) {
  		long errorline = -1;
  		X509V3_CTX ctx2;
  		extconf = NCONF_new(NULL);
--- 782,788 ----
  		    "need to specify a CAkey if using the CA command\n");
  		goto end;
  	}
! 	if (x509_config.extfile != NULL) {
  		long errorline = -1;
  		X509V3_CTX ctx2;
  		extconf = NCONF_new(NULL);
***************
*** 797,806 ****
  				    errorline, x509_config.extfile);
  			goto end;
  		}
! 		if (!x509_config.extsect) {
  			x509_config.extsect = NCONF_get_string(extconf,
  			    "default", "extensions");
! 			if (!x509_config.extsect) {
  				ERR_clear_error();
  				x509_config.extsect = "default";
  			}
--- 797,806 ----
  				    errorline, x509_config.extfile);
  			goto end;
  		}
! 		if (x509_config.extsect == NULL) {
  			x509_config.extsect = NCONF_get_string(extconf,
  			    "default", "extensions");
! 			if (x509_config.extsect == NULL) {
  				ERR_clear_error();
  				x509_config.extsect = "default";
  			}
***************
*** 882,888 ****
  
  		if (x509_config.sno == NULL) {
  			x509_config.sno = ASN1_INTEGER_new();
! 			if (!x509_config.sno ||
  			    !rand_serial(NULL, x509_config.sno))
  				goto end;
  			if (!X509_set_serialNumber(x, x509_config.sno))
--- 882,888 ----
  
  		if (x509_config.sno == NULL) {
  			x509_config.sno = ASN1_INTEGER_new();
! 			if (x509_config.sno == NULL ||
  			    !rand_serial(NULL, x509_config.sno))
  				goto end;
  			if (!X509_set_serialNumber(x, x509_config.sno))
***************
*** 933,939 ****
  			}
  		}
  	}
! 	if (x509_config.alias)
  		X509_alias_set1(x, (unsigned char *) x509_config.alias, -1);
  
  	if (x509_config.clrtrust)
--- 933,939 ----
  			}
  		}
  	}
! 	if (x509_config.alias != NULL)
  		X509_alias_set1(x, (unsigned char *) x509_config.alias, -1);
  
  	if (x509_config.clrtrust)
***************
*** 941,954 ****
  	if (x509_config.clrreject)
  		X509_reject_clear(x);
  
! 	if (x509_config.trust) {
  		for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) {
  			x509_config.objtmp = sk_ASN1_OBJECT_value(
  			    x509_config.trust, i);
  			X509_add1_trust_object(x, x509_config.objtmp);
  		}
  	}
! 	if (x509_config.reject) {
  		for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) {
  			x509_config.objtmp = sk_ASN1_OBJECT_value(
  			    x509_config.reject, i);
--- 941,954 ----
  	if (x509_config.clrreject)
  		X509_reject_clear(x);
  
! 	if (x509_config.trust != NULL) {
  		for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) {
  			x509_config.objtmp = sk_ASN1_OBJECT_value(
  			    x509_config.trust, i);
  			X509_add1_trust_object(x, x509_config.objtmp);
  		}
  	}
! 	if (x509_config.reject != NULL) {
  		for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) {
  			x509_config.objtmp = sk_ASN1_OBJECT_value(
  			    x509_config.reject, i);
***************
*** 975,986 ****
  				ASN1_INTEGER *ser;
  				ser = X509_get_serialNumber(x);
  				bnser = ASN1_INTEGER_to_BN(ser, NULL);
! 				if (!bnser)
  					goto end;
  				if (!BN_add_word(bnser, 1))
  					goto end;
  				ser = BN_to_ASN1_INTEGER(bnser, NULL);
! 				if (!ser)
  					goto end;
  				BN_free(bnser);
  				i2a_ASN1_INTEGER(out, ser);
--- 975,986 ----
  				ASN1_INTEGER *ser;
  				ser = X509_get_serialNumber(x);
  				bnser = ASN1_INTEGER_to_BN(ser, NULL);
! 				if (bnser == NULL)
  					goto end;
  				if (!BN_add_word(bnser, 1))
  					goto end;
  				ser = BN_to_ASN1_INTEGER(bnser, NULL);
! 				if (ser == NULL)
  					goto end;
  				BN_free(bnser);
  				i2a_ASN1_INTEGER(out, ser);
***************
*** 1001,1007 ****
  			} else if (x509_config.aliasout == i) {
  				unsigned char *alstr;
  				alstr = X509_alias_get0(x, NULL);
! 				if (alstr)
  					BIO_printf(STDout, "%s\n", alstr);
  				else
  					BIO_puts(STDout, "<No Alias>\n");
--- 1001,1007 ----
  			} else if (x509_config.aliasout == i) {
  				unsigned char *alstr;
  				alstr = X509_alias_get0(x, NULL);
! 				if (alstr != NULL)
  					BIO_printf(STDout, "%s\n", alstr);
  				else
  					BIO_puts(STDout, "<No Alias>\n");
***************
*** 1155,1161 ****
  				unsigned char md[EVP_MAX_MD_SIZE];
  				const EVP_MD *fdig = x509_config.digest;
  
! 				if (!fdig)
  					fdig = EVP_sha256();
  
  				if (!X509_digest(x, fdig, md, &n)) {
--- 1155,1161 ----
  				unsigned char md[EVP_MAX_MD_SIZE];
  				const EVP_MD *fdig = x509_config.digest;
  
! 				if (fdig == NULL)
  					fdig = EVP_sha256();
  
  				if (!X509_digest(x, fdig, md, &n)) {
***************
*** 1372,1380 ****
  		BIO_printf(bio_err, "Error initialising X509 store\n");
  		goto end;
  	}
! 	if (sno)
  		bs = sno;
! 	else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
  		goto end;
  
  /*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
--- 1372,1380 ----
  		BIO_printf(bio_err, "Error initialising X509 store\n");
  		goto end;
  	}
! 	if (sno != NULL)
  		bs = sno;
! 	else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL)
  		goto end;
  
  /*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
***************
*** 1409,1415 ****
  		while (X509_get_ext_count(x) > 0)
  			X509_delete_ext(x, 0);
  	}
! 	if (conf) {
  		X509V3_CTX ctx2;
  		X509_set_version(x, 2);	/* version 3 certificate */
  		X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
--- 1409,1415 ----
  		while (X509_get_ext_count(x) > 0)
  			X509_delete_ext(x, 0);
  	}
! 	if (conf != NULL) {
  		X509V3_CTX ctx2;
  		X509_set_version(x, 2);	/* version 3 certificate */
  		X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
***************
*** 1424,1430 ****
  	X509_STORE_CTX_cleanup(&xsc);
  	if (!ret)
  		ERR_print_errors(bio_err);
! 	if (!sno)
  		ASN1_INTEGER_free(bs);
  	return ret;
  }
--- 1424,1430 ----
  	X509_STORE_CTX_cleanup(&xsc);
  	if (!ret)
  		ERR_print_errors(bio_err);
! 	if (sno == NULL)
  		ASN1_INTEGER_free(bs);
  	return ret;
  }
***************
*** 1469,1475 ****
  sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
      CONF *conf, char *section)
  {
- 
  	EVP_PKEY *pktmp;
  
  	pktmp = X509_get_pubkey(x);
--- 1469,1474 ----
***************
*** 1496,1502 ****
  		while (X509_get_ext_count(x) > 0)
  			X509_delete_ext(x, 0);
  	}
! 	if (conf) {
  		X509V3_CTX ctx;
  		X509_set_version(x, 2);	/* version 3 certificate */
  		X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
--- 1495,1501 ----
  		while (X509_get_ext_count(x) > 0)
  			X509_delete_ext(x, 0);
  	}
! 	if (conf != NULL) {
  		X509V3_CTX ctx;
  		X509_set_version(x, 2);	/* version 3 certificate */
  		X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);