summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/apps/req.c
diff options
context:
space:
mode:
authorbeck <>2000-12-15 02:58:47 +0000
committerbeck <>2000-12-15 02:58:47 +0000
commit9200bb13d15da4b2a23e6bc92c20e95b74aa2113 (patch)
tree5c52d628ec1e34be76e7ef2a4235d248b7c44d24 /src/lib/libssl/src/apps/req.c
parente131d25072e3d4197ba4b9bcc0d1b27d34d6488d (diff)
downloadopenbsd-9200bb13d15da4b2a23e6bc92c20e95b74aa2113.tar.gz
openbsd-9200bb13d15da4b2a23e6bc92c20e95b74aa2113.tar.bz2
openbsd-9200bb13d15da4b2a23e6bc92c20e95b74aa2113.zip
openssl-engine-0.9.6 merge
Diffstat (limited to 'src/lib/libssl/src/apps/req.c')
-rw-r--r--src/lib/libssl/src/apps/req.c127
1 files changed, 91 insertions, 36 deletions
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index eb338eeb1b..0751d92201 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -73,6 +73,7 @@
73#include <openssl/x509v3.h> 73#include <openssl/x509v3.h>
74#include <openssl/objects.h> 74#include <openssl/objects.h>
75#include <openssl/pem.h> 75#include <openssl/pem.h>
76#include <openssl/engine.h>
76 77
77#define SECTION "req" 78#define SECTION "req"
78 79
@@ -102,6 +103,7 @@
102 * -config file - Load configuration file. 103 * -config file - Load configuration file.
103 * -key file - make a request using key in file (or use it for verification). 104 * -key file - make a request using key in file (or use it for verification).
104 * -keyform - key file format. 105 * -keyform - key file format.
106 * -rand file(s) - load the file(s) into the PRNG.
105 * -newkey - make a key and a request. 107 * -newkey - make a key and a request.
106 * -modulus - print RSA modulus. 108 * -modulus - print RSA modulus.
107 * -x509 - output a self signed X509 structure instead. 109 * -x509 - output a self signed X509 structure instead.
@@ -125,7 +127,6 @@ static void MS_CALLBACK req_cb(int p,int n,void *arg);
125#endif 127#endif
126static int req_check_len(int len,int min,int max); 128static int req_check_len(int len,int min,int max);
127static int check_end(char *str, char *end); 129static int check_end(char *str, char *end);
128static int add_oid_section(LHASH *conf);
129#ifndef MONOLITH 130#ifndef MONOLITH
130static char *default_config_file=NULL; 131static char *default_config_file=NULL;
131static LHASH *config=NULL; 132static LHASH *config=NULL;
@@ -140,6 +141,7 @@ int MAIN(int, char **);
140 141
141int MAIN(int argc, char **argv) 142int MAIN(int argc, char **argv)
142 { 143 {
144 ENGINE *e = NULL;
143#ifndef NO_DSA 145#ifndef NO_DSA
144 DSA *dsa_params=NULL; 146 DSA *dsa_params=NULL;
145#endif 147#endif
@@ -152,10 +154,12 @@ int MAIN(int argc, char **argv)
152 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; 154 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
153 int nodes=0,kludge=0,newhdr=0; 155 int nodes=0,kludge=0,newhdr=0;
154 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; 156 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
157 char *engine=NULL;
155 char *extensions = NULL; 158 char *extensions = NULL;
156 char *req_exts = NULL; 159 char *req_exts = NULL;
157 EVP_CIPHER *cipher=NULL; 160 EVP_CIPHER *cipher=NULL;
158 int modulus=0; 161 int modulus=0;
162 char *inrand=NULL;
159 char *passargin = NULL, *passargout = NULL; 163 char *passargin = NULL, *passargout = NULL;
160 char *passin = NULL, *passout = NULL; 164 char *passin = NULL, *passout = NULL;
161 char *p; 165 char *p;
@@ -194,6 +198,11 @@ int MAIN(int argc, char **argv)
194 if (--argc < 1) goto bad; 198 if (--argc < 1) goto bad;
195 outformat=str2fmt(*(++argv)); 199 outformat=str2fmt(*(++argv));
196 } 200 }
201 else if (strcmp(*argv,"-engine") == 0)
202 {
203 if (--argc < 1) goto bad;
204 engine= *(++argv);
205 }
197 else if (strcmp(*argv,"-key") == 0) 206 else if (strcmp(*argv,"-key") == 0)
198 { 207 {
199 if (--argc < 1) goto bad; 208 if (--argc < 1) goto bad;
@@ -239,6 +248,11 @@ int MAIN(int argc, char **argv)
239 if (--argc < 1) goto bad; 248 if (--argc < 1) goto bad;
240 passargout= *(++argv); 249 passargout= *(++argv);
241 } 250 }
251 else if (strcmp(*argv,"-rand") == 0)
252 {
253 if (--argc < 1) goto bad;
254 inrand= *(++argv);
255 }
242 else if (strcmp(*argv,"-newkey") == 0) 256 else if (strcmp(*argv,"-newkey") == 0)
243 { 257 {
244 int is_numeric; 258 int is_numeric;
@@ -369,9 +383,13 @@ bad:
369 BIO_printf(bio_err," -verify verify signature on REQ\n"); 383 BIO_printf(bio_err," -verify verify signature on REQ\n");
370 BIO_printf(bio_err," -modulus RSA modulus\n"); 384 BIO_printf(bio_err," -modulus RSA modulus\n");
371 BIO_printf(bio_err," -nodes don't encrypt the output key\n"); 385 BIO_printf(bio_err," -nodes don't encrypt the output key\n");
386 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
372 BIO_printf(bio_err," -key file use the private key contained in file\n"); 387 BIO_printf(bio_err," -key file use the private key contained in file\n");
373 BIO_printf(bio_err," -keyform arg key file format\n"); 388 BIO_printf(bio_err," -keyform arg key file format\n");
374 BIO_printf(bio_err," -keyout arg file to send the key to\n"); 389 BIO_printf(bio_err," -keyout arg file to send the key to\n");
390 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
391 BIO_printf(bio_err," load the file (or the files in the directory) into\n");
392 BIO_printf(bio_err," the random number generator\n");
375 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); 393 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
376 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); 394 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
377 395
@@ -457,7 +475,7 @@ bad:
457 } 475 }
458 } 476 }
459 } 477 }
460 if(!add_oid_section(req_conf)) goto end; 478 if(!add_oid_section(bio_err, req_conf)) goto end;
461 479
462 if ((md_alg == NULL) && 480 if ((md_alg == NULL) &&
463 ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) 481 ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
@@ -513,24 +531,55 @@ bad:
513 if ((in == NULL) || (out == NULL)) 531 if ((in == NULL) || (out == NULL))
514 goto end; 532 goto end;
515 533
516 if (keyfile != NULL) 534 if (engine != NULL)
517 { 535 {
518 if (BIO_read_filename(in,keyfile) <= 0) 536 if((e = ENGINE_by_id(engine)) == NULL)
519 { 537 {
520 perror(keyfile); 538 BIO_printf(bio_err,"invalid engine \"%s\"\n",
539 engine);
521 goto end; 540 goto end;
522 } 541 }
542 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
543 {
544 BIO_printf(bio_err,"can't use that engine\n");
545 goto end;
546 }
547 BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
548 /* Free our "structural" reference. */
549 ENGINE_free(e);
550 }
523 551
524 if (keyform == FORMAT_ASN1) 552 if (keyfile != NULL)
525 pkey=d2i_PrivateKey_bio(in,NULL); 553 {
526 else if (keyform == FORMAT_PEM) 554 if (keyform == FORMAT_ENGINE)
527 { 555 {
528 pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin); 556 if (!e)
557 {
558 BIO_printf(bio_err,"no engine specified\n");
559 goto end;
560 }
561 pkey = ENGINE_load_private_key(e, keyfile, NULL);
529 } 562 }
530 else 563 else
531 { 564 {
532 BIO_printf(bio_err,"bad input format specified for X509 request\n"); 565 if (BIO_read_filename(in,keyfile) <= 0)
533 goto end; 566 {
567 perror(keyfile);
568 goto end;
569 }
570
571 if (keyform == FORMAT_ASN1)
572 pkey=d2i_PrivateKey_bio(in,NULL);
573 else if (keyform == FORMAT_PEM)
574 {
575 pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
576 passin);
577 }
578 else
579 {
580 BIO_printf(bio_err,"bad input format specified for X509 request\n");
581 goto end;
582 }
534 } 583 }
535 584
536 if (pkey == NULL) 585 if (pkey == NULL)
@@ -538,12 +587,19 @@ bad:
538 BIO_printf(bio_err,"unable to load Private key\n"); 587 BIO_printf(bio_err,"unable to load Private key\n");
539 goto end; 588 goto end;
540 } 589 }
590 if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
591 {
592 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
593 app_RAND_load_file(randfile, bio_err, 0);
594 }
541 } 595 }
542 596
543 if (newreq && (pkey == NULL)) 597 if (newreq && (pkey == NULL))
544 { 598 {
545 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); 599 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
546 app_RAND_load_file(randfile, bio_err, 0); 600 app_RAND_load_file(randfile, bio_err, 0);
601 if (inrand)
602 app_RAND_load_files(inrand);
547 603
548 if (newkey <= 0) 604 if (newkey <= 0)
549 { 605 {
@@ -593,6 +649,12 @@ bad:
593 { 649 {
594 BIO_printf(bio_err,"writing new private key to stdout\n"); 650 BIO_printf(bio_err,"writing new private key to stdout\n");
595 BIO_set_fp(out,stdout,BIO_NOCLOSE); 651 BIO_set_fp(out,stdout,BIO_NOCLOSE);
652#ifdef VMS
653 {
654 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
655 out = BIO_push(tmpbio, out);
656 }
657#endif
596 } 658 }
597 else 659 else
598 { 660 {
@@ -788,7 +850,15 @@ loop:
788 } 850 }
789 851
790 if (outfile == NULL) 852 if (outfile == NULL)
853 {
791 BIO_set_fp(out,stdout,BIO_NOCLOSE); 854 BIO_set_fp(out,stdout,BIO_NOCLOSE);
855#ifdef VMS
856 {
857 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
858 out = BIO_push(tmpbio, out);
859 }
860#endif
861 }
792 else 862 else
793 { 863 {
794 if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) 864 if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@@ -874,12 +944,12 @@ end:
874 } 944 }
875 if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); 945 if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
876 BIO_free(in); 946 BIO_free(in);
877 BIO_free(out); 947 BIO_free_all(out);
878 EVP_PKEY_free(pkey); 948 EVP_PKEY_free(pkey);
879 X509_REQ_free(req); 949 X509_REQ_free(req);
880 X509_free(x509ss); 950 X509_free(x509ss);
881 if(passargin && passin) Free(passin); 951 if(passargin && passin) OPENSSL_free(passin);
882 if(passargout && passout) Free(passout); 952 if(passargout && passout) OPENSSL_free(passout);
883 OBJ_cleanup(); 953 OBJ_cleanup();
884#ifndef NO_DSA 954#ifndef NO_DSA
885 if (dsa_params != NULL) DSA_free(dsa_params); 955 if (dsa_params != NULL) DSA_free(dsa_params);
@@ -1083,7 +1153,11 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
1083 * multiple instances 1153 * multiple instances
1084 */ 1154 */
1085 for(p = v->name; *p ; p++) 1155 for(p = v->name; *p ; p++)
1156#ifndef CHARSET_EBCDIC
1086 if ((*p == ':') || (*p == ',') || (*p == '.')) { 1157 if ((*p == ':') || (*p == ',') || (*p == '.')) {
1158#else
1159 if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
1160#endif
1087 p++; 1161 p++;
1088 if(*p) type = p; 1162 if(*p) type = p;
1089 break; 1163 break;
@@ -1199,6 +1273,9 @@ start:
1199 return(0); 1273 return(0);
1200 } 1274 }
1201 buf[--i]='\0'; 1275 buf[--i]='\0';
1276#ifdef CHARSET_EBCDIC
1277 ebcdic2ascii(buf, buf, i);
1278#endif
1202 if(!req_check_len(i, min, max)) goto start; 1279 if(!req_check_len(i, min, max)) goto start;
1203 1280
1204 if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC, 1281 if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC,
@@ -1256,25 +1333,3 @@ static int check_end(char *str, char *end)
1256 tmp = str + slen - elen; 1333 tmp = str + slen - elen;
1257 return strcmp(tmp, end); 1334 return strcmp(tmp, end);
1258} 1335}
1259
1260static int add_oid_section(LHASH *conf)
1261{
1262 char *p;
1263 STACK_OF(CONF_VALUE) *sktmp;
1264 CONF_VALUE *cnf;
1265 int i;
1266 if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1;
1267 if(!(sktmp = CONF_get_section(conf, p))) {
1268 BIO_printf(bio_err, "problem loading oid section %s\n", p);
1269 return 0;
1270 }
1271 for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
1272 cnf = sk_CONF_VALUE_value(sktmp, i);
1273 if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
1274 BIO_printf(bio_err, "problem creating object %s=%s\n",
1275 cnf->name, cnf->value);
1276 return 0;
1277 }
1278 }
1279 return 1;
1280}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-07 23:00:14 +0000