X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=apps%2Freq.c;h=267a0a025adede10c50e6bffd89f0eccff5a6f9e;hb=6e59a892db781658c050e5217127c4147c116ac9;hp=a0e0cc905a1caf6128db918eabafcc57d4b31034;hpb=cc01d21756cc9c79231ef21039782c5fe42008a2;p=openssl.git

diff --git a/apps/req.c b/apps/req.c
index a0e0cc905a..267a0a025a 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -125,9 +125,9 @@ typedef enum OPTION_choice {
     OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_RAND, OPT_NEWKEY,
     OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
     OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
-    OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJECT, OPT_TEXT, OPT_X509,
-    OPT_ASN1_KLUDGE, OPT_NO_ASN1_KLUDGE, OPT_MULTIVALUE_RDN,
-    OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS, OPT_REQEXTS, OPT_MD
+    OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
+    OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS,
+    OPT_REQEXTS, OPT_MD
 } OPTION_CHOICE;
 
 OPTIONS req_options[] = {
@@ -163,24 +163,22 @@ OPTIONS req_options[] = {
     {"text", OPT_TEXT, '-', "Text form of request"},
     {"x509", OPT_X509, '-',
      "Output a x509 structure instead of a cert request"},
-    {"asn1-kludge", OPT_ASN1_KLUDGE, '-',
-     "Output the request in a format that is wrong"},
     {OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
-    {"no-asn1-kludge", OPT_NO_ASN1_KLUDGE, '-'},
-    {"subject", OPT_SUBJECT, 's', "Output the request's subject"},
+    {"subj", OPT_SUBJ, 's', "Set or modify request subject"},
+    {"subject", OPT_SUBJECT, '-', "Output the request's subject"},
     {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
      "Enable support for multivalued RDNs"},
     {"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
-    {"set-serial", OPT_SET_SERIAL, 'p', "Serial number to use"},
+    {"set_serial", OPT_SET_SERIAL, 'p', "Serial number to use"},
     {"extensions", OPT_EXTENSIONS, 's',
      "Cert extension section (override value in config file)"},
     {"reqexts", OPT_REQEXTS, 's',
      "Request extension section (override value in config file)"},
+    {"", OPT_MD, '-', "Any supported digest"},
 #ifndef OPENSSL_NO_ENGINE
     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
     {"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
 #endif
-    {"", OPT_MD, '-', "Any supported digest"},
     {NULL}
 };
 
@@ -203,13 +201,14 @@ int req_main(int argc, char **argv)
     char *template = default_config_file, *keyout = NULL;
     const char *keyalg = NULL;
     OPTION_CHOICE o;
-    int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose =
-        0, pkey_type = -1;
+    int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose = 0;
+    int pkey_type = -1, private = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
     int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
-    int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
+    int nodes = 0, newhdr = 0, subject = 0, pubkey = 0;
     long newkey = -1;
     unsigned long chtype = MBSTRING_ASC, nmflag = 0, reqflag = 0;
+    char nmflag_set = 0;
 
 #ifndef OPENSSL_NO_DES
     cipher = EVP_des_ede3_cbc();
@@ -322,6 +321,7 @@ int req_main(int argc, char **argv)
             chtype = MBSTRING_UTF8;
             break;
         case OPT_NAMEOPT:
+            nmflag_set = 1;
             if (!set_name_ex(&nmflag, opt_arg()))
                 goto opthelp;
             break;
@@ -335,13 +335,6 @@ int req_main(int argc, char **argv)
         case OPT_X509:
             x509 = 1;
             break;
-        case OPT_ASN1_KLUDGE:
-            kludge = 1;
-            break;
-        case OPT_NO_ASN1_KLUDGE:
-            kludge = 0;
-            break;
-            multirdn = 1;
         case OPT_DAYS:
             days = atoi(opt_arg());
             break;
@@ -351,6 +344,9 @@ int req_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_SUBJECT:
+            subject = 1;
+            break;
+        case OPT_SUBJ:
             subj = opt_arg();
             break;
         case OPT_MULTIVALUE_RDN:
@@ -372,6 +368,11 @@ int req_main(int argc, char **argv)
     argc = opt_num_rest();
     argv = opt_rest();
 
+    if (!nmflag_set)
+        nmflag = XN_FLAG_ONELINE;
+
+    private = newreq && (pkey == NULL) ? 1 : 0;
+
     if (!app_passwd(passargin, passargout, &passin, &passout)) {
         BIO_printf(bio_err, "Error getting passwords\n");
         goto end;
@@ -380,6 +381,9 @@ int req_main(int argc, char **argv)
     if (verbose)
         BIO_printf(bio_err, "Using configuration from %s\n", template);
     req_conf = app_load_config(template);
+    if (!app_load_modules(req_conf))
+        goto end;
+
     if (req_conf != NULL) {
         p = NCONF_get_string(req_conf, NULL, "oid_file");
         if (p == NULL)
@@ -562,7 +566,7 @@ int req_main(int argc, char **argv)
             BIO_printf(bio_err, "writing new private key to stdout\n");
         else
             BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
-        out = bio_open_default(keyout, "w");
+        out = bio_open_owner(keyout, outformat, private);
         if (out == NULL)
             goto end;
 
@@ -580,6 +584,7 @@ int req_main(int argc, char **argv)
 
         i = 0;
  loop:
+        assert(private);
         if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
                                       NULL, 0, NULL, passout)) {
             if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -591,16 +596,12 @@ int req_main(int argc, char **argv)
             goto end;
         }
         BIO_free(out);
+        out = NULL;
         BIO_printf(bio_err, "-----\n");
     }
 
     if (!newreq) {
-        /*
-         * Since we are using a pre-existing certificate request, the kludge
-         * 'format' info should not be changed.
-         */
-        kludge = -1;
-        in = bio_open_default(infile, RB(informat));
+        in = bio_open_default(infile, 'r', informat);
         if (in == NULL)
             goto end;
 
@@ -628,11 +629,6 @@ int req_main(int argc, char **argv)
 
             i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
             subj = NULL;        /* done processing '-subj' option */
-            if ((kludge > 0)
-                && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) {
-                sk_X509_ATTRIBUTE_free(req->req_info->attributes);
-                req->req_info->attributes = NULL;
-            }
             if (!i) {
                 BIO_printf(bio_err, "problems making Certificate Request\n");
                 goto end;
@@ -730,8 +726,6 @@ int req_main(int argc, char **argv)
             goto end;
         }
 
-        req->req_info->enc.modified = 1;
-
         if (verbose) {
             print_name(bio_err, "new subject=",
                        X509_REQ_get_subject_name(req), nmflag);
@@ -770,7 +764,8 @@ int req_main(int argc, char **argv)
 
     out = bio_open_default(outfile,
                            keyout != NULL && outfile != NULL &&
-                           strcmp(keyout, outfile) == 0 ? "a" : "w");
+                           strcmp(keyout, outfile) == 0 ? 'a' : 'w',
+                           outformat);
     if (out == NULL)
         goto end;
 
@@ -1447,7 +1442,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
     } else
         gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
 
-    if (!gctx) {
+    if (gctx == NULL) {
         BIO_puts(bio_err, "Error allocating keygen context\n");
         ERR_print_errors(bio_err);
         return NULL;
@@ -1497,7 +1492,8 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
     EVP_PKEY_CTX *pkctx = NULL;
     int i;
 
-    EVP_MD_CTX_init(ctx);
+    if (ctx == NULL)
+        return 0;
     if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
         return 0;
     for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
@@ -1515,13 +1511,16 @@ int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
                  STACK_OF(OPENSSL_STRING) *sigopts)
 {
     int rv;
-    EVP_MD_CTX mctx;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_create();
 
-    EVP_MD_CTX_init(&mctx);
-    rv = do_sign_init(&mctx, pkey, md, sigopts);
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    /* Note: X509_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
+     * the EVP_MD_CTX we send it, so only destroy it here if the former
+     * isn't called */
     if (rv > 0)
-        rv = X509_sign_ctx(x, &mctx);
-    EVP_MD_CTX_cleanup(&mctx);
+        rv = X509_sign_ctx(x, mctx);
+    else
+        EVP_MD_CTX_destroy(mctx);
     return rv > 0 ? 1 : 0;
 }
 
@@ -1529,13 +1528,15 @@ int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
                      STACK_OF(OPENSSL_STRING) *sigopts)
 {
     int rv;
-    EVP_MD_CTX mctx;
-
-    EVP_MD_CTX_init(&mctx);
-    rv = do_sign_init(&mctx, pkey, md, sigopts);
+    EVP_MD_CTX *mctx = EVP_MD_CTX_create();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    /* Note: X509_REQ_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
+     * the EVP_MD_CTX we send it, so only destroy it here if the former
+     * isn't called */
     if (rv > 0)
-        rv = X509_REQ_sign_ctx(x, &mctx);
-    EVP_MD_CTX_cleanup(&mctx);
+        rv = X509_REQ_sign_ctx(x, mctx);
+    else
+        EVP_MD_CTX_destroy(mctx);
     return rv > 0 ? 1 : 0;
 }
 
@@ -1543,12 +1544,14 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
                      STACK_OF(OPENSSL_STRING) *sigopts)
 {
     int rv;
-    EVP_MD_CTX mctx;
-
-    EVP_MD_CTX_init(&mctx);
-    rv = do_sign_init(&mctx, pkey, md, sigopts);
+    EVP_MD_CTX *mctx = EVP_MD_CTX_create();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    /* Note: X509_CRL_sign_ctx() calls ASN1_item_sign_ctx(), which destroys
+     * the EVP_MD_CTX we send it, so only destroy it here if the former
+     * isn't called */
     if (rv > 0)
-        rv = X509_CRL_sign_ctx(x, &mctx);
-    EVP_MD_CTX_cleanup(&mctx);
+        rv = X509_CRL_sign_ctx(x, mctx);
+    else
+        EVP_MD_CTX_destroy(mctx);
     return rv > 0 ? 1 : 0;
 }