summaryrefslogtreecommitdiff
path: root/src/usr.bin
diff options
context:
space:
mode:
authorkenjiro <>2026-02-08 22:25:16 +0000
committerkenjiro <>2026-02-08 22:25:16 +0000
commitfbe52a57d923d0b51fc6d79f9ebda770455b831f (patch)
tree9a812325434c580a4d7d3418c3e7378b29313b09 /src/usr.bin
parentc1d87b1072b9f7d2783c4658953f787fb56f26a1 (diff)
downloadopenbsd-fbe52a57d923d0b51fc6d79f9ebda770455b831f.tar.gz
openbsd-fbe52a57d923d0b51fc6d79f9ebda770455b831f.tar.bz2
openbsd-fbe52a57d923d0b51fc6d79f9ebda770455b831f.zip
openssl x509: send -text output to the file specified by -out
In the x509 command, `-text` output is not written to the file specified by `-out`, whereas in other OpenSSL/LibreSSL subcommands it is. With this change, STDout is removed, and `-text` output is written entirely to the file specified by `-out`, making the behavior consistent with other subcommands. Fix https://github.com/libressl/portable/issues/1228 ok tb jsing
Diffstat (limited to 'src/usr.bin')
-rw-r--r--src/usr.bin/openssl/x509.c94
1 files changed, 44 insertions, 50 deletions
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index e430d16f1f..64f1a6df3e 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.42 2025/01/19 13:14:22 tb Exp $ */ 1/* $OpenBSD: x509.c,v 1.43 2026/02/08 22:25:16 kenjiro Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -787,7 +787,6 @@ x509_main(int argc, char **argv)
787 EVP_PKEY *pkey; 787 EVP_PKEY *pkey;
788 int i; 788 int i;
789 BIO *out = NULL; 789 BIO *out = NULL;
790 BIO *STDout = NULL;
791 X509_STORE *ctx = NULL; 790 X509_STORE *ctx = NULL;
792 X509_REQ *rq = NULL; 791 X509_REQ *rq = NULL;
793 CONF *extconf = NULL; 792 CONF *extconf = NULL;
@@ -807,8 +806,6 @@ x509_main(int argc, char **argv)
807 cfg.CAformat = FORMAT_PEM; 806 cfg.CAformat = FORMAT_PEM;
808 cfg.CAkeyformat = FORMAT_PEM; 807 cfg.CAkeyformat = FORMAT_PEM;
809 808
810 STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
811
812 ctx = X509_STORE_new(); 809 ctx = X509_STORE_new();
813 if (ctx == NULL) 810 if (ctx == NULL)
814 goto end; 811 goto end;
@@ -823,6 +820,18 @@ x509_main(int argc, char **argv)
823 goto end; 820 goto end;
824 } 821 }
825 822
823 out = BIO_new(BIO_s_file());
824 if (out == NULL) {
825 ERR_print_errors(bio_err);
826 goto end;
827 }
828 if (cfg.outfile == NULL) {
829 BIO_set_fp(out, stdout, BIO_NOCLOSE);
830 } else if (BIO_write_filename(out, cfg.outfile) <= 0) {
831 perror(cfg.outfile);
832 goto end;
833 }
834
826 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { 835 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
827 BIO_printf(bio_err, "Error getting password\n"); 836 BIO_printf(bio_err, "Error getting password\n");
828 goto end; 837 goto end;
@@ -1007,20 +1016,6 @@ x509_main(int argc, char **argv)
1007 } 1016 }
1008 if (!cfg.noout || cfg.text || cfg.next_serial) { 1017 if (!cfg.noout || cfg.text || cfg.next_serial) {
1009 OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); 1018 OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
1010
1011 out = BIO_new(BIO_s_file());
1012 if (out == NULL) {
1013 ERR_print_errors(bio_err);
1014 goto end;
1015 }
1016 if (cfg.outfile == NULL) {
1017 BIO_set_fp(out, stdout, BIO_NOCLOSE);
1018 } else {
1019 if (BIO_write_filename(out, cfg.outfile) <= 0) {
1020 perror(cfg.outfile);
1021 goto end;
1022 }
1023 }
1024 } 1019 }
1025 if (cfg.alias != NULL) { 1020 if (cfg.alias != NULL) {
1026 if (!X509_alias_set1(x, (unsigned char *)cfg.alias, -1)) 1021 if (!X509_alias_set1(x, (unsigned char *)cfg.alias, -1))
@@ -1049,16 +1044,16 @@ x509_main(int argc, char **argv)
1049 if (cfg.num) { 1044 if (cfg.num) {
1050 for (i = 1; i <= cfg.num; i++) { 1045 for (i = 1; i <= cfg.num; i++) {
1051 if (cfg.issuer == i) { 1046 if (cfg.issuer == i) {
1052 print_name(STDout, "issuer= ", 1047 print_name(out, "issuer= ",
1053 X509_get_issuer_name(x), cfg.nmflag); 1048 X509_get_issuer_name(x), cfg.nmflag);
1054 } else if (cfg.subject == i) { 1049 } else if (cfg.subject == i) {
1055 print_name(STDout, "subject= ", 1050 print_name(out, "subject= ",
1056 X509_get_subject_name(x), cfg.nmflag); 1051 X509_get_subject_name(x), cfg.nmflag);
1057 } else if (cfg.serial == i) { 1052 } else if (cfg.serial == i) {
1058 BIO_printf(STDout, "serial="); 1053 BIO_printf(out, "serial=");
1059 i2a_ASN1_INTEGER(STDout, 1054 i2a_ASN1_INTEGER(out,
1060 X509_get_serialNumber(x)); 1055 X509_get_serialNumber(x));
1061 BIO_printf(STDout, "\n"); 1056 BIO_printf(out, "\n");
1062 } else if (cfg.next_serial == i) { 1057 } else if (cfg.next_serial == i) {
1063 BIGNUM *bnser; 1058 BIGNUM *bnser;
1064 ASN1_INTEGER *ser; 1059 ASN1_INTEGER *ser;
@@ -1091,7 +1086,7 @@ x509_main(int argc, char **argv)
1091 else 1086 else
1092 emlst = X509_get1_ocsp(x); 1087 emlst = X509_get1_ocsp(x);
1093 for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) 1088 for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
1094 BIO_printf(STDout, "%s\n", 1089 BIO_printf(out, "%s\n",
1095 sk_OPENSSL_STRING_value(emlst, j)); 1090 sk_OPENSSL_STRING_value(emlst, j));
1096 X509_email_free(emlst); 1091 X509_email_free(emlst);
1097 } else if (cfg.aliasout == i) { 1092 } else if (cfg.aliasout == i) {
@@ -1099,27 +1094,27 @@ x509_main(int argc, char **argv)
1099 int buflen; 1094 int buflen;
1100 albuf = X509_alias_get0(x, &buflen); 1095 albuf = X509_alias_get0(x, &buflen);
1101 if (albuf != NULL) 1096 if (albuf != NULL)
1102 BIO_printf(STDout, "%.*s\n", 1097 BIO_printf(out, "%.*s\n",
1103 buflen, albuf); 1098 buflen, albuf);
1104 else 1099 else
1105 BIO_puts(STDout, "<No Alias>\n"); 1100 BIO_puts(out, "<No Alias>\n");
1106 } else if (cfg.subject_hash == i) { 1101 } else if (cfg.subject_hash == i) {
1107 BIO_printf(STDout, "%08lx\n", 1102 BIO_printf(out, "%08lx\n",
1108 X509_subject_name_hash(x)); 1103 X509_subject_name_hash(x));
1109 } 1104 }
1110#ifndef OPENSSL_NO_MD5 1105#ifndef OPENSSL_NO_MD5
1111 else if (cfg.subject_hash_old == i) { 1106 else if (cfg.subject_hash_old == i) {
1112 BIO_printf(STDout, "%08lx\n", 1107 BIO_printf(out, "%08lx\n",
1113 X509_subject_name_hash_old(x)); 1108 X509_subject_name_hash_old(x));
1114 } 1109 }
1115#endif 1110#endif
1116 else if (cfg.issuer_hash == i) { 1111 else if (cfg.issuer_hash == i) {
1117 BIO_printf(STDout, "%08lx\n", 1112 BIO_printf(out, "%08lx\n",
1118 X509_issuer_name_hash(x)); 1113 X509_issuer_name_hash(x));
1119 } 1114 }
1120#ifndef OPENSSL_NO_MD5 1115#ifndef OPENSSL_NO_MD5
1121 else if (cfg.issuer_hash_old == i) { 1116 else if (cfg.issuer_hash_old == i) {
1122 BIO_printf(STDout, "%08lx\n", 1117 BIO_printf(out, "%08lx\n",
1123 X509_issuer_name_hash_old(x)); 1118 X509_issuer_name_hash_old(x));
1124 } 1119 }
1125#endif 1120#endif
@@ -1127,10 +1122,10 @@ x509_main(int argc, char **argv)
1127 const X509_PURPOSE *ptmp; 1122 const X509_PURPOSE *ptmp;
1128 int j; 1123 int j;
1129 1124
1130 BIO_printf(STDout, "Certificate purposes:\n"); 1125 BIO_printf(out, "Certificate purposes:\n");
1131 for (j = 0; j < X509_PURPOSE_get_count(); j++) { 1126 for (j = 0; j < X509_PURPOSE_get_count(); j++) {
1132 ptmp = X509_PURPOSE_get0(j); 1127 ptmp = X509_PURPOSE_get0(j);
1133 purpose_print(STDout, x, ptmp); 1128 purpose_print(out, x, ptmp);
1134 } 1129 }
1135 } else if (cfg.modulus == i) { 1130 } else if (cfg.modulus == i) {
1136 EVP_PKEY *pubkey; 1131 EVP_PKEY *pubkey;
@@ -1141,24 +1136,24 @@ x509_main(int argc, char **argv)
1141 ERR_print_errors(bio_err); 1136 ERR_print_errors(bio_err);
1142 goto end; 1137 goto end;
1143 } 1138 }
1144 BIO_printf(STDout, "Modulus="); 1139 BIO_printf(out, "Modulus=");
1145 if (EVP_PKEY_id(pubkey) == EVP_PKEY_RSA) { 1140 if (EVP_PKEY_id(pubkey) == EVP_PKEY_RSA) {
1146 RSA *rsa = EVP_PKEY_get0_RSA(pubkey); 1141 RSA *rsa = EVP_PKEY_get0_RSA(pubkey);
1147 const BIGNUM *n = NULL; 1142 const BIGNUM *n = NULL;
1148 1143
1149 RSA_get0_key(rsa, &n, NULL, NULL); 1144 RSA_get0_key(rsa, &n, NULL, NULL);
1150 BN_print(STDout, n); 1145 BN_print(out, n);
1151 } else if (EVP_PKEY_id(pubkey) == EVP_PKEY_DSA) { 1146 } else if (EVP_PKEY_id(pubkey) == EVP_PKEY_DSA) {
1152 DSA *dsa = EVP_PKEY_get0_DSA(pubkey); 1147 DSA *dsa = EVP_PKEY_get0_DSA(pubkey);
1153 const BIGNUM *dsa_pub_key = NULL; 1148 const BIGNUM *dsa_pub_key = NULL;
1154 1149
1155 DSA_get0_key(dsa, &dsa_pub_key, NULL); 1150 DSA_get0_key(dsa, &dsa_pub_key, NULL);
1156 1151
1157 BN_print(STDout, dsa_pub_key); 1152 BN_print(out, dsa_pub_key);
1158 } else 1153 } else
1159 BIO_printf(STDout, 1154 BIO_printf(out,
1160 "Wrong Algorithm type"); 1155 "Wrong Algorithm type");
1161 BIO_printf(STDout, "\n"); 1156 BIO_printf(out, "\n");
1162 } else if (cfg.pubkey == i) { 1157 } else if (cfg.pubkey == i) {
1163 EVP_PKEY *pubkey; 1158 EVP_PKEY *pubkey;
1164 1159
@@ -1168,31 +1163,31 @@ x509_main(int argc, char **argv)
1168 ERR_print_errors(bio_err); 1163 ERR_print_errors(bio_err);
1169 goto end; 1164 goto end;
1170 } 1165 }
1171 PEM_write_bio_PUBKEY(STDout, pubkey); 1166 PEM_write_bio_PUBKEY(out, pubkey);
1172 } else if (cfg.text == i) { 1167 } else if (cfg.text == i) {
1173 if(!X509_print_ex(STDout, x, cfg.nmflag, 1168 if(!X509_print_ex(out, x, cfg.nmflag,
1174 cfg.certflag)) 1169 cfg.certflag))
1175 goto end; 1170 goto end;
1176 } else if (cfg.startdate == i) { 1171 } else if (cfg.startdate == i) {
1177 ASN1_TIME *nB = X509_get_notBefore(x); 1172 ASN1_TIME *nB = X509_get_notBefore(x);
1178 1173
1179 BIO_puts(STDout, "notBefore="); 1174 BIO_puts(out, "notBefore=");
1180 if (!ASN1_TIME_to_tm(nB, NULL)) 1175 if (!ASN1_TIME_to_tm(nB, NULL))
1181 BIO_puts(STDout, 1176 BIO_puts(out,
1182 "INVALID RFC5280 TIME"); 1177 "INVALID RFC5280 TIME");
1183 else 1178 else
1184 ASN1_TIME_print(STDout, nB); 1179 ASN1_TIME_print(out, nB);
1185 BIO_puts(STDout, "\n"); 1180 BIO_puts(out, "\n");
1186 } else if (cfg.enddate == i) { 1181 } else if (cfg.enddate == i) {
1187 ASN1_TIME *nA = X509_get_notAfter(x); 1182 ASN1_TIME *nA = X509_get_notAfter(x);
1188 1183
1189 BIO_puts(STDout, "notAfter="); 1184 BIO_puts(out, "notAfter=");
1190 if (!ASN1_TIME_to_tm(nA, NULL)) 1185 if (!ASN1_TIME_to_tm(nA, NULL))
1191 BIO_puts(STDout, 1186 BIO_puts(out,
1192 "INVALID RFC5280 TIME"); 1187 "INVALID RFC5280 TIME");
1193 else 1188 else
1194 ASN1_TIME_print(STDout, nA); 1189 ASN1_TIME_print(out, nA);
1195 BIO_puts(STDout, "\n"); 1190 BIO_puts(out, "\n");
1196 } else if (cfg.fingerprint == i) { 1191 } else if (cfg.fingerprint == i) {
1197 int j; 1192 int j;
1198 unsigned int n; 1193 unsigned int n;
@@ -1206,10 +1201,10 @@ x509_main(int argc, char **argv)
1206 BIO_printf(bio_err, "out of memory\n"); 1201 BIO_printf(bio_err, "out of memory\n");
1207 goto end; 1202 goto end;
1208 } 1203 }
1209 BIO_printf(STDout, "%s Fingerprint=", 1204 BIO_printf(out, "%s Fingerprint=",
1210 OBJ_nid2sn(EVP_MD_type(fdig))); 1205 OBJ_nid2sn(EVP_MD_type(fdig)));
1211 for (j = 0; j < (int) n; j++) { 1206 for (j = 0; j < (int) n; j++) {
1212 BIO_printf(STDout, "%02X%c", md[j], 1207 BIO_printf(out, "%02X%c", md[j],
1213 (j + 1 == (int)n) ? '\n' : ':'); 1208 (j + 1 == (int)n) ? '\n' : ':');
1214 } 1209 }
1215 } else if (cfg.sign_flag == i && cfg.x509req == 0) { 1210 } else if (cfg.sign_flag == i && cfg.x509req == 0) {
@@ -1319,7 +1314,6 @@ x509_main(int argc, char **argv)
1319 OBJ_cleanup(); 1314 OBJ_cleanup();
1320 NCONF_free(extconf); 1315 NCONF_free(extconf);
1321 BIO_free_all(out); 1316 BIO_free_all(out);
1322 BIO_free_all(STDout);
1323 X509_NAME_free(iname); 1317 X509_NAME_free(iname);
1324 X509_NAME_free(sname); 1318 X509_NAME_free(sname);
1325 X509_STORE_free(ctx); 1319 X509_STORE_free(ctx);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-06-02 15:29:22 +0000