root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

apps/x509.c: re-add ERR queue printing on errors
GitHub CI / check_update (push) Waiting to run Details
GitHub CI / check_docs (push) Waiting to run Details
GitHub CI / check-ansi (push) Waiting to run Details
GitHub CI / basic_gcc (push) Waiting to run Details
GitHub CI / basic_clang (push) Waiting to run Details
GitHub CI / linux-arm64 (push) Waiting to run Details
GitHub CI / freebsd-x86_64 (push) Waiting to run Details
GitHub CI / minimal (push) Waiting to run Details
GitHub CI / no-deprecated (push) Waiting to run Details
GitHub CI / no-shared-ubuntu (push) Waiting to run Details
GitHub CI / no-shared-macos (macos-13) (push) Waiting to run Details
GitHub CI / no-shared-macos (macos-14) (push) Waiting to run Details
GitHub CI / non-caching (push) Waiting to run Details
GitHub CI / address_ub_sanitizer (push) Waiting to run Details
GitHub CI / fuzz_tests (push) Waiting to run Details
GitHub CI / memory_sanitizer (push) Waiting to run Details
GitHub CI / threads_sanitizer (push) Waiting to run Details
GitHub CI / enable_non-default_options (push) Waiting to run Details
GitHub CI / full_featured (push) Waiting to run Details
GitHub CI / no-legacy (push) Waiting to run Details
GitHub CI / legacy (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run Details
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run Details
GitHub CI / external-tests-misc (push) Waiting to run Details
GitHub CI / external-tests-providers (push) Waiting to run Details
GitHub CI / external-tests-pyca (3.9, 1.51.0) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run Details
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run Details
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run Details
CIFuzz / Fuzzing (push) Waiting to run Details
Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run Details
Run-checker CI / run-checker (no-cmp) (push) Waiting to run Details
Run-checker CI / run-checker (no-cms) (push) Waiting to run Details
Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run Details
Run-checker CI / run-checker (no-dgram) (push) Waiting to run Details
Run-checker CI / run-checker (no-dh) (push) Waiting to run Details
Run-checker CI / run-checker (no-dtls) (push) Waiting to run Details
Run-checker CI / run-checker (no-ec) (push) Waiting to run Details
Run-checker CI / run-checker (no-ecx) (push) Waiting to run Details
Run-checker CI / run-checker (no-http) (push) Waiting to run Details
Run-checker CI / run-checker (no-legacy) (push) Waiting to run Details
Run-checker CI / run-checker (no-ml-dsa) (push) Waiting to run Details
Run-checker CI / run-checker (no-ml-kem) (push) Waiting to run Details
Run-checker CI / run-checker (no-quic) (push) Waiting to run Details
Run-checker CI / run-checker (no-sock) (push) Waiting to run Details
Run-checker CI / run-checker (no-ssl-trace) (push) Waiting to run Details
Run-checker CI / run-checker (no-stdio) (push) Waiting to run Details
Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run Details
Run-checker CI / run-checker (no-threads) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run Details
Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run Details
Run-checker CI / run-checker (no-ui) (push) Waiting to run Details
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details
Run-checker merge / run-checker (enable-pie) (push) Waiting to run Details
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run Details
Run-checker merge / run-checker (enable-zlib) (push) Waiting to run Details
Run-checker merge / run-checker (no-dso) (push) Waiting to run Details
Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run Details
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run Details
Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run Details
Run-checker merge / run-checker (no-err) (push) Waiting to run Details
Run-checker merge / run-checker (no-filenames) (push) Waiting to run Details
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run Details
Run-checker merge / run-checker (no-module) (push) Waiting to run Details
Run-checker merge / run-checker (no-ocsp) (push) Waiting to run Details
Run-checker merge / run-checker (no-pinshared) (push) Waiting to run Details
Run-checker merge / run-checker (no-srp) (push) Waiting to run Details
Run-checker merge / run-checker (no-srtp) (push) Waiting to run Details
Run-checker merge / run-checker (no-ts) (push) Waiting to run Details
Run-checker merge / jitter (push) Waiting to run Details
Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2025]) (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2025]) (push) Waiting to run Details
Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2022]) (push) Waiting to run Details
Windows GitHub CI / plain (windows-2022) (push) Waiting to run Details
Windows GitHub CI / minimal (windows-2022) (push) Waiting to run Details
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run Details
Trigger docs.openssl.org deployment / trigger (push) Has been cancelled Details
Windows Compression GitHub CI / zstd (push) Has been cancelled Details
Windows Compression GitHub CI / brotli (push) Has been cancelled Details 

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27739)

(cherry picked from commit ac85974bc3)
This commit is contained in:
Dr. David von Oheimb 2025-06-01 16:35:31 +02:00 committed by Tomas Mraz
parent 5307a21b49
commit 5e5ab0a32f
1 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
apps/x509.c
View File

@ -447,26 +447,26 @@ int x509_main(int argc, char **argv)
break; break;
case OPT_ADDTRUST: case OPT_ADDTRUST:
if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL) if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
goto end; goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid trust object value %s\n", BIO_printf(bio_err, "%s: Invalid trust object value %s\n",
prog, opt_arg()); prog, opt_arg());
goto opthelp; goto opthelp;
} }
if (!sk_ASN1_OBJECT_push(trust, objtmp)) if (!sk_ASN1_OBJECT_push(trust, objtmp))
goto end; goto err;
trustout = 1; trustout = 1;
break; break;
case OPT_ADDREJECT: case OPT_ADDREJECT:
if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL) if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
goto end; goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid reject object value %s\n", BIO_printf(bio_err, "%s: Invalid reject object value %s\n",
prog, opt_arg()); prog, opt_arg());
goto opthelp; goto opthelp;
} }
if (!sk_ASN1_OBJECT_push(reject, objtmp)) if (!sk_ASN1_OBJECT_push(reject, objtmp))
goto end; goto err;
trustout = 1; trustout = 1;
break; break;
case OPT_SETALIAS: case OPT_SETALIAS:
@ -618,7 +618,7 @@ int x509_main(int argc, char **argv)
goto opthelp; goto opthelp;
if (!app_RAND_load()) if (!app_RAND_load())
goto end; goto err;
if (!opt_check_md(digest)) if (!opt_check_md(digest))
goto opthelp; goto opthelp;
@ -647,7 +647,7 @@ int x509_main(int argc, char **argv)
if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(), if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
app_get0_propq())) app_get0_propq()))
goto end; goto err;
if (newcert && infile != NULL) { if (newcert && infile != NULL) {
BIO_printf(bio_err, "The -in option cannot be used with -new\n"); BIO_printf(bio_err, "The -in option cannot be used with -new\n");
@ -660,12 +660,12 @@ int x509_main(int argc, char **argv)
if (privkeyfile != NULL) { if (privkeyfile != NULL) {
privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key"); privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key");
if (privkey == NULL) if (privkey == NULL)
goto end; goto err;
} }
if (pubkeyfile != NULL) { if (pubkeyfile != NULL) {
if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e, if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
"explicitly set public key")) == NULL) "explicitly set public key")) == NULL)
goto end; goto err;
} }
if (newcert) { if (newcert) {
@ -682,10 +682,10 @@ int x509_main(int argc, char **argv)
} }
if (issu != NULL if (issu != NULL
&& (fissu = parse_name(issu, chtype, multirdn, "issuer")) == NULL) && (fissu = parse_name(issu, chtype, multirdn, "issuer")) == NULL)
goto end; goto err;
if (subj != NULL if (subj != NULL
&& (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL) && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
goto end; goto err;
if (CAkeyfile == NULL) if (CAkeyfile == NULL)
CAkeyfile = CAfile; CAkeyfile = CAfile;
@ -717,7 +717,7 @@ int x509_main(int argc, char **argv)
X509V3_CTX ctx2; X509V3_CTX ctx2;
if ((extconf = app_load_config(extfile)) == NULL) if ((extconf = app_load_config(extfile)) == NULL)
goto end; goto err;
if (extsect == NULL) { if (extsect == NULL) {
extsect = app_conf_try_string(extconf, "default", "extensions"); extsect = app_conf_try_string(extconf, "default", "extensions");
if (extsect == NULL) if (extsect == NULL)
@ -739,7 +739,7 @@ int x509_main(int argc, char **argv)
req = load_csr_autofmt(infile, informat, vfyopts, req = load_csr_autofmt(infile, informat, vfyopts,
"certificate request input"); "certificate request input");
if (req == NULL) if (req == NULL)
goto end; goto err;
if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) { if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "Error unpacking public key from CSR\n"); BIO_printf(bio_err, "Error unpacking public key from CSR\n");
@ -770,11 +770,11 @@ int x509_main(int argc, char **argv)
goto err; goto err;
} }
if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end; goto err;
if (CAfile == NULL && sno == NULL) { if (CAfile == NULL && sno == NULL) {
sno = ASN1_INTEGER_new(); sno = ASN1_INTEGER_new();
if (sno == NULL || !rand_serial(NULL, sno)) if (sno == NULL || !rand_serial(NULL, sno))
goto end; goto err;
} }
if (req != NULL && ext_copy != EXT_COPY_UNSET) { if (req != NULL && ext_copy != EXT_COPY_UNSET) {
if (clrext && ext_copy != EXT_COPY_NONE) { if (clrext && ext_copy != EXT_COPY_NONE) {
@ -791,27 +791,27 @@ int x509_main(int argc, char **argv)
"Warning: Reading certificate from stdin since no -in or -new option is given\n"); "Warning: Reading certificate from stdin since no -in or -new option is given\n");
x = load_cert_pass(infile, informat, 1, passin, "certificate"); x = load_cert_pass(infile, informat, 1, passin, "certificate");
if (x == NULL) if (x == NULL)
goto end; goto err;
} }
if ((fsubj != NULL || req != NULL) if ((fsubj != NULL || req != NULL)
&& !X509_set_subject_name(x, fsubj != NULL ? fsubj : && !X509_set_subject_name(x, fsubj != NULL ? fsubj :
X509_REQ_get_subject_name(req))) X509_REQ_get_subject_name(req)))
goto end; goto err;
if ((pubkey != NULL || privkey != NULL || req != NULL) if ((pubkey != NULL || privkey != NULL || req != NULL)
&& !X509_set_pubkey(x, pubkey != NULL ? pubkey : && !X509_set_pubkey(x, pubkey != NULL ? pubkey :
privkey != NULL ? privkey : privkey != NULL ? privkey :
X509_REQ_get0_pubkey(req))) X509_REQ_get0_pubkey(req)))
goto end; goto err;
if (CAfile != NULL) { if (CAfile != NULL) {
xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate"); xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
if (xca == NULL) if (xca == NULL)
goto end; goto err;
} }
out = bio_open_default(outfile, 'w', outformat); out = bio_open_default(outfile, 'w', outformat);
if (out == NULL) if (out == NULL)
goto end; goto err;
if (alias) if (alias)
X509_alias_set1(x, (unsigned char *)alias, -1); X509_alias_set1(x, (unsigned char *)alias, -1);
@ -847,9 +847,9 @@ int x509_main(int argc, char **argv)
if (sno == NULL) if (sno == NULL)
sno = x509_load_serial(CAfile, CAserial, CA_createserial); sno = x509_load_serial(CAfile, CAserial, CA_createserial);
if (sno == NULL) if (sno == NULL)
goto end; goto err;
if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x)) if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x))
goto end; goto err;
} else { } else {
if (privkey != NULL && !cert_matches_key(x, privkey)) if (privkey != NULL && !cert_matches_key(x, privkey))
BIO_printf(bio_err, BIO_printf(bio_err,
@ -857,17 +857,17 @@ int x509_main(int argc, char **argv)
} }
if (sno != NULL && !X509_set_serialNumber(x, sno)) if (sno != NULL && !X509_set_serialNumber(x, sno))
goto end; goto err;
if (reqfile || newcert || privkey != NULL || CAfile != NULL) { if (reqfile || newcert || privkey != NULL || CAfile != NULL) {
if (!preserve_dates && !set_cert_times(x, not_before, not_after, days, 1)) if (!preserve_dates && !set_cert_times(x, not_before, not_after, days, 1))
goto end; goto err;
if (fissu != NULL) { if (fissu != NULL) {
if (!X509_set_issuer_name(x, fissu)) if (!X509_set_issuer_name(x, fissu))
goto end; goto err;
} else { } else {
if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert))) if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert)))
goto end; goto err;
} }
} }
@ -875,7 +875,7 @@ int x509_main(int argc, char **argv)
/* prepare fallback for AKID, but only if issuer cert equals subject cert */ /* prepare fallback for AKID, but only if issuer cert equals subject cert */
if (CAfile == NULL) { if (CAfile == NULL) {
if (!X509V3_set_issuer_pkey(&ext_ctx, privkey)) if (!X509V3_set_issuer_pkey(&ext_ctx, privkey))
goto end; goto err;
} }
if (extconf != NULL && !x509toreq) { if (extconf != NULL && !x509toreq) {
X509V3_set_nconf(&ext_ctx, extconf); X509V3_set_nconf(&ext_ctx, extconf);
@ -904,7 +904,7 @@ int x509_main(int argc, char **argv)
goto err; goto err;
} }
if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL) if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
goto end; goto err;
if (extconf != NULL) { if (extconf != NULL) {
X509V3_set_nconf(&ext_ctx, extconf); X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) { if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
@ -914,7 +914,7 @@ int x509_main(int argc, char **argv)
} }
} }
if (!do_X509_REQ_sign(rq, privkey, digest, sigopts)) if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
goto end; goto err;
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) { if (outformat == FORMAT_ASN1) {
X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT); X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
@ -932,7 +932,7 @@ int x509_main(int argc, char **argv)
} else if (CAfile != NULL) { } else if (CAfile != NULL) {
if ((CAkey = load_key(CAkeyfile, CAkeyformat, if ((CAkey = load_key(CAkeyfile, CAkeyformat,
0, passin, e, "CA private key")) == NULL) 0, passin, e, "CA private key")) == NULL)
goto end; goto err;
if (!X509_check_private_key(xca, CAkey)) { if (!X509_check_private_key(xca, CAkey)) {
BIO_printf(bio_err, BIO_printf(bio_err,
"CA certificate and CA private key do not match\n"); "CA certificate and CA private key do not match\n");
@ -940,10 +940,10 @@ int x509_main(int argc, char **argv)
} }
if (!do_X509_sign(x, 0, CAkey, digest, sigopts, &ext_ctx)) if (!do_X509_sign(x, 0, CAkey, digest, sigopts, &ext_ctx))
goto end; goto err;
} else if (privkey != NULL) { } else if (privkey != NULL) {
if (!do_X509_sign(x, 0, privkey, digest, sigopts, &ext_ctx)) if (!do_X509_sign(x, 0, privkey, digest, sigopts, &ext_ctx))
goto end; goto err;
} }
if (badsig) { if (badsig) {
const ASN1_BIT_STRING *signature; const ASN1_BIT_STRING *signature;
@ -967,11 +967,11 @@ int x509_main(int argc, char **argv)
BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
if (bnser == NULL) if (bnser == NULL)
goto end; goto err;
if (!BN_add_word(bnser, 1) if (!BN_add_word(bnser, 1)
|| (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) { || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
BN_free(bnser); BN_free(bnser);
goto end; goto err;
} }
BN_free(bnser); BN_free(bnser);
i2a_ASN1_INTEGER(out, ser); i2a_ASN1_INTEGER(out, ser);