Typo (PR2959).

[openssl.git] / apps / req.c

diff --git a/apps/req.c b/apps/req.c
index b97a9f187bf7e64e57cf2d83cd9e31aeb6fad56b..de1de4c76825ca1b8967250f771df6559e163073 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -165,7 +165,7 @@ int MAIN(int argc, char **argv)
        EVP_PKEY_CTX *genctx = NULL;
        const char *keyalg = NULL;
        char *keyalgstr = NULL;
-       STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
+       STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
        EVP_PKEY *pkey=NULL;
        int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
        long newkey = -1;
@@ -310,6 +310,15 @@ int MAIN(int argc, char **argv)
                        if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
                                goto bad;
                        }
+               else if (strcmp(*argv,"-sigopt") == 0)
+                       {
+                       if (--argc < 1)
+                               goto bad;
+                       if (!sigopts)
+                               sigopts = sk_OPENSSL_STRING_new_null();
+                       if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
+                               goto bad;
+                       }
                else if (strcmp(*argv,"-batch") == 0)
                        batch=1;
                else if (strcmp(*argv,"-newhdr") == 0)
@@ -858,8 +867,9 @@ loop:
                                        extensions);
                                goto end;
                                }
-                       
-                       if (!(i=X509_sign(x509ss,pkey,digest)))
+
+                       i=do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
+                       if (!i)
                                {
                                ERR_print_errors(bio_err);
                                goto end;
@@ -883,7 +893,8 @@ loop:
                                        req_exts);
                                goto end;
                                }
-                       if (!(i=X509_REQ_sign(req,pkey,digest)))
+                       i=do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
+                       if (!i)
                                {
                                ERR_print_errors(bio_err);
                                goto end;
@@ -1084,6 +1095,8 @@ end:
                EVP_PKEY_CTX_free(genctx);
        if (pkeyopts)
                sk_OPENSSL_STRING_free(pkeyopts);
+       if (sigopts)
+               sk_OPENSSL_STRING_free(sigopts);
 #ifndef OPENSSL_NO_ENGINE
        if (gen_eng)
                ENGINE_free(gen_eng);
@@ -1146,15 +1159,12 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
        /* setup version number */
        if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
 
-       if (no_prompt) 
+       if (subj)
+               i = build_subject(req, subj, chtype, multirdn);
+       else if (no_prompt) 
                i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
-       else 
-               {
-               if (subj)
-                       i = build_subject(req, subj, chtype, multirdn);
-               else
-                       i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
-               }
+       else
+               i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
        if(!i) goto err;
 
        if (!X509_REQ_set_pubkey(req,pkey)) goto err;
@@ -1336,11 +1346,17 @@ start2:                 for (;;)
 
                                BIO_snprintf(buf,sizeof buf,"%s_min",type);
                                if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+                                       {
+                                       ERR_clear_error();
                                        n_min = -1;
+                                       }
 
                                BIO_snprintf(buf,sizeof buf,"%s_max",type);
                                if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+                                       {
+                                       ERR_clear_error();
                                        n_max = -1;
+                                       }
 
                                if (!add_attribute_object(req,
                                        v->value,def,value,nid,n_min,n_max, chtype))
@@ -1441,7 +1457,8 @@ start:
                buf[0]='\0';
                if (!batch)
                        {
-                       fgets(buf,sizeof buf,stdin);
+                       if (!fgets(buf,sizeof buf,stdin))
+                               return 0;
                        }
                else
                        {
@@ -1499,7 +1516,8 @@ start:
                buf[0]='\0';
                if (!batch)
                        {
-                       fgets(buf,sizeof buf,stdin);
+                       if (!fgets(buf,sizeof buf,stdin))
+                               return 0;
                        }
                else
                        {
@@ -1748,3 +1766,68 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
 #endif
        return 1;
        }
+
+static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
+                       const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
+       {
+       EVP_PKEY_CTX *pkctx = NULL;
+       int i;
+       EVP_MD_CTX_init(ctx);
+       if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
+               return 0;
+       for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
+               {
+               char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+               if (pkey_ctrl_string(pkctx, sigopt) <= 0)
+                       {
+                       BIO_printf(err, "parameter error \"%s\"\n", sigopt);
+                       ERR_print_errors(bio_err);
+                       return 0;
+                       }
+               }
+       return 1;
+       }
+
+int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+                       STACK_OF(OPENSSL_STRING) *sigopts)
+       {
+       int rv;
+       EVP_MD_CTX mctx;
+       EVP_MD_CTX_init(&mctx);
+       rv = do_sign_init(err, &mctx, pkey, md, sigopts);
+       if (rv > 0)
+               rv = X509_sign_ctx(x, &mctx);
+       EVP_MD_CTX_cleanup(&mctx);
+       return rv > 0 ? 1 : 0;
+       }
+
+
+int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+                       STACK_OF(OPENSSL_STRING) *sigopts)
+       {
+       int rv;
+       EVP_MD_CTX mctx;
+       EVP_MD_CTX_init(&mctx);
+       rv = do_sign_init(err, &mctx, pkey, md, sigopts);
+       if (rv > 0)
+               rv = X509_REQ_sign_ctx(x, &mctx);
+       EVP_MD_CTX_cleanup(&mctx);
+       return rv > 0 ? 1 : 0;
+       }
+               
+       
+
+int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+                       STACK_OF(OPENSSL_STRING) *sigopts)
+       {
+       int rv;
+       EVP_MD_CTX mctx;
+       EVP_MD_CTX_init(&mctx);
+       rv = do_sign_init(err, &mctx, pkey, md, sigopts);
+       if (rv > 0)
+               rv = X509_CRL_sign_ctx(x, &mctx);
+       EVP_MD_CTX_cleanup(&mctx);
+       return rv > 0 ? 1 : 0;
+       }
+               
+