X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Freq.c;h=c2bada07c8f649c2ad33b899a82b278d121bb459;hb=9fa15b6ff88dc33a705fed7fc044639143dd394e;hp=5631a3839b0880d5de2dfcb9a9e7751c72bf82e5;hpb=7448f5e5ed24a08d27c683130ab83cffd6a5a651;p=oweals%2Fopenssl.git diff --git a/apps/req.c b/apps/req.c index 5631a3839b..c2bada07c8 100644 --- a/apps/req.c +++ b/apps/req.c @@ -73,6 +73,7 @@ #include #include #include +#include "../crypto/cryptlib.h" #define SECTION "req" @@ -151,7 +152,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA DSA *dsa_params=NULL; #endif - unsigned long nmflag = 0; + unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; @@ -176,7 +177,7 @@ int MAIN(int argc, char **argv) const EVP_MD *md_alg=NULL,*digest=EVP_md5(); unsigned long chtype = MBSTRING_ASC; #ifndef MONOLITH - MS_STATIC char config_name[256]; + char *to_free; long errline; #endif @@ -356,6 +357,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } + else if (strcmp(*argv,"-reqopt") == 0) + { + if (--argc < 1) goto bad; + if (!set_cert_ex(&reqflag, *(++argv))) goto bad; + } else if (strcmp(*argv,"-subject") == 0) subject=1; else if (strcmp(*argv,"-text") == 0) @@ -448,7 +454,8 @@ bad: BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -464,14 +471,7 @@ bad: if (p == NULL) p=getenv("SSLEAY_CONF"); if (p == NULL) - { - strcpy(config_name,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(config_name,"/"); -#endif - strcat(config_name,OPENSSL_CONF); - p=config_name; - } + p=to_free=make_config_name(); default_config_file=p; config=NCONF_new(NULL); i=NCONF_load(config, p, &errline); @@ -479,7 +479,7 @@ bad: if (template != NULL) { - long errline; + long errline = -1; if( verbose ) BIO_printf(bio_err,"Using configuration from %s\n",template); @@ -622,7 +622,7 @@ bad: if (keyfile != NULL) { - pkey = load_key(bio_err, keyfile, keyform, passin, e, + pkey = load_key(bio_err, keyfile, keyform, 0, passin, e, "Private Key"); if (!pkey) { @@ -981,9 +981,9 @@ loop: if (text) { if (x509) - X509_print(out,x509ss); + X509_print_ex(out, x509ss, nmflag, reqflag); else - X509_REQ_print(out,req); + X509_REQ_print_ex(out, req, nmflag, reqflag); } if(subject) @@ -1053,6 +1053,10 @@ loop: } ex=0; end: +#ifndef MONOLITH + if(to_free) + OPENSSL_free(to_free); +#endif if (ex) { ERR_print_errors(bio_err); @@ -1212,13 +1216,19 @@ start: for (;;) } /* If OBJ not recognised ignore it */ if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; + + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",v->name); if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { ERR_clear_error(); def=""; } - sprintf(buf,"%s_value",v->name); if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) { @@ -1265,6 +1275,12 @@ start2: for (;;) if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; + if(strlen(v->name) > sizeof buf-9) + { + BIO_printf(bio_err,"Name '%s' too long\n",v->name); + return 0; + } + sprintf(buf,"%s_default",type); if ((def=NCONF_get_string(req_conf,attr_sect,buf)) == NULL) @@ -1368,6 +1384,7 @@ start: (void)BIO_flush(bio_err); if(value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1377,7 +1394,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else { @@ -1426,6 +1443,7 @@ start: (void)BIO_flush(bio_err); if (value != NULL) { + OPENSSL_assert(strlen(value) < sizeof buf-2); strcpy(buf,value); strcat(buf,"\n"); BIO_printf(bio_err,"%s\n",value); @@ -1435,7 +1453,7 @@ start: buf[0]='\0'; if (!batch) { - fgets(buf,1024,stdin); + fgets(buf,sizeof buf,stdin); } else {