/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
-#include <openssl/bn.h>
#include <openssl/lhash.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
{
char *p;
+ size_t off;
/* Check syntax. */
- if (strchr(kv, '=') == NULL)
- return 1;
-
/* Skip leading whitespace, make a copy. */
while (*kv && isspace(*kv))
if (*++kv == '\0')
return 1;
+ if ((p = strchr(kv, '=')) == NULL)
+ return 1;
+ off = p - kv;
if ((kv = OPENSSL_strdup(kv)) == NULL)
return -1;
/* Skip trailing space before the equal sign. */
- for (p = strchr(kv, '='); p > kv; --p)
- if (p[-1] != ' ' && p[-1] != '\t')
+ for (p = kv + off; p > kv; --p)
+ if (!isspace(p[-1]))
break;
if (p == kv) {
OPENSSL_free(kv);
}
*p = '\0';
- /* Finally have a clean "key"; see if it's there. */
- if (lh_OPENSSL_STRING_retrieve(addexts, (OPENSSL_STRING*)kv) != NULL) {
- BIO_printf(bio_err, "Extension \"%s\" repeated\n", kv);
- OPENSSL_free(kv);
- return 1;
+ /* Finally have a clean "key"; see if it's there [by attempt to add it]. */
+ if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))
+ != NULL || lh_OPENSSL_STRING_error(addexts)) {
+ OPENSSL_free(p != NULL ? p : kv);
+ return -1;
}
- /* Not found; add it. */
- if (lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv) == NULL)
- return -1;
return 0;
}
if (pkey_type == EVP_PKEY_EC) {
BIO_printf(bio_err, "Generating an EC private key\n");
} else {
- BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
- newkey, keyalgstr);
+ BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
}
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
ERR_print_errors(bio_err);
}
NCONF_free(req_conf);
+ NCONF_free(addext_conf);
BIO_free(addext_bio);
BIO_free(in);
BIO_free_all(out);
const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
{
EVP_PKEY_CTX *pkctx = NULL;
- int i;
+ int i, def_nid;
if (ctx == NULL)
return 0;
+ /*
+ * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory
+ * for this algorithm.
+ */
+ if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2
+ && def_nid == NID_undef) {
+ /* The signing algorithm requires there to be no digest */
+ md = NULL;
+ }
if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
return 0;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {