The fix for CVE-2012-2110 did not take into account that the

[openssl.git] / apps / req.c
diff --git a/apps/req.c b/apps/req.c

index 511be7de74fb610e5deaa3fe92655e0777fb55cd..9f55cdeabd4cff0c0014d6322fb5a34fc6e7e715 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -79,6 +79,13 @@
  #include <openssl/x509v3.h>
  #include <openssl/objects.h>
  #include <openssl/pem.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
  
  #define SECTION                "req"
  
@@ -712,8 +719,7 @@ bad:
                            message */
                         goto end;
                         }
-               if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
-                       EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
+               else
                         {
                         char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                         if (randfile == NULL)
@@ -724,7 +730,9 @@ bad:
  
         if (newreq && (pkey == NULL))
                 {
+#ifndef OPENSSL_NO_RSA
                 BN_GENCB cb;
+#endif
                 char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
                 if (randfile == NULL)
                         ERR_clear_error();
@@ -1425,11 +1433,17 @@ start2:                 for (;;)
  
                                 BIO_snprintf(buf,sizeof buf,"%s_min",type);
                                 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+                                       {
+                                       ERR_clear_error();
                                         n_min = -1;
+                                       }
  
                                 BIO_snprintf(buf,sizeof buf,"%s_max",type);
                                 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+                                       {
+                                       ERR_clear_error();
                                         n_max = -1;
+                                       }
  
                                 if (!add_attribute_object(req,
                                         v->value,def,value,nid,n_min,n_max, chtype))
@@ -1530,7 +1544,8 @@ start:
                 buf[0]='\0';
                 if (!batch)
                         {
-                       fgets(buf,sizeof buf,stdin);
+                       if (!fgets(buf,sizeof buf,stdin))
+                               return 0;
                         }
                 else
                         {
@@ -1588,7 +1603,8 @@ start:
                 buf[0]='\0';
                 if (!batch)
                         {
-                       fgets(buf,sizeof buf,stdin);
+                       if (!fgets(buf,sizeof buf,stdin))
+                               return 0;
                         }
                 else
                         {