summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/apps/req.c
diff options
context:
space:
mode:
authorbeck <>2002-05-15 02:29:21 +0000
committerbeck <>2002-05-15 02:29:21 +0000
commitb64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9 (patch)
treefa27cf82a1250b64ed3bf5f4a18c7354d470bbcc /src/lib/libssl/src/apps/req.c
parente471e1ea98d673597b182ea85f29e30c97cd08b5 (diff)
downloadopenbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.gz
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.tar.bz2
openbsd-b64270d1e45fe7f3241e4c9b6ce60d5ac89bc2e9.zip
OpenSSL 0.9.7 stable 2002 05 08 merge
Diffstat (limited to 'src/lib/libssl/src/apps/req.c')
-rw-r--r--src/lib/libssl/src/apps/req.c705
1 files changed, 498 insertions, 207 deletions
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index ca8dc87957..790aa90eb6 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -60,7 +60,7 @@
60#include <stdlib.h> 60#include <stdlib.h>
61#include <time.h> 61#include <time.h>
62#include <string.h> 62#include <string.h>
63#ifdef NO_STDIO 63#ifdef OPENSSL_NO_STDIO
64#define APPS_WIN16 64#define APPS_WIN16
65#endif 65#endif
66#include "apps.h" 66#include "apps.h"
@@ -73,7 +73,6 @@
73#include <openssl/x509v3.h> 73#include <openssl/x509v3.h>
74#include <openssl/objects.h> 74#include <openssl/objects.h>
75#include <openssl/pem.h> 75#include <openssl/pem.h>
76#include <openssl/engine.h>
77 76
78#define SECTION "req" 77#define SECTION "req"
79 78
@@ -85,6 +84,7 @@
85#define V3_EXTENSIONS "x509_extensions" 84#define V3_EXTENSIONS "x509_extensions"
86#define REQ_EXTENSIONS "req_extensions" 85#define REQ_EXTENSIONS "req_extensions"
87#define STRING_MASK "string_mask" 86#define STRING_MASK "string_mask"
87#define UTF8_IN "utf8"
88 88
89#define DEFAULT_KEY_LENGTH 512 89#define DEFAULT_KEY_LENGTH 512
90#define MIN_KEY_LENGTH 384 90#define MIN_KEY_LENGTH 384
@@ -102,36 +102,42 @@
102 * -nodes - no des encryption 102 * -nodes - no des encryption
103 * -config file - Load configuration file. 103 * -config file - Load configuration file.
104 * -key file - make a request using key in file (or use it for verification). 104 * -key file - make a request using key in file (or use it for verification).
105 * -keyform - key file format. 105 * -keyform arg - key file format.
106 * -rand file(s) - load the file(s) into the PRNG. 106 * -rand file(s) - load the file(s) into the PRNG.
107 * -newkey - make a key and a request. 107 * -newkey - make a key and a request.
108 * -modulus - print RSA modulus. 108 * -modulus - print RSA modulus.
109 * -pubkey - output Public Key.
109 * -x509 - output a self signed X509 structure instead. 110 * -x509 - output a self signed X509 structure instead.
110 * -asn1-kludge - output new certificate request in a format that some CA's 111 * -asn1-kludge - output new certificate request in a format that some CA's
111 * require. This format is wrong 112 * require. This format is wrong
112 */ 113 */
113 114
114static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); 115static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs,
116 unsigned long chtype);
117static int build_subject(X509_REQ *req, char *subj, unsigned long chtype);
115static int prompt_info(X509_REQ *req, 118static int prompt_info(X509_REQ *req,
116 STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, 119 STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
117 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs); 120 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
121 unsigned long chtype);
118static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, 122static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
119 STACK_OF(CONF_VALUE) *attr, int attribs); 123 STACK_OF(CONF_VALUE) *attr, int attribs,
124 unsigned long chtype);
120static int add_attribute_object(X509_REQ *req, char *text, 125static int add_attribute_object(X509_REQ *req, char *text,
121 char *def, char *value, int nid, int min, 126 char *def, char *value, int nid, int n_min,
122 int max); 127 int n_max, unsigned long chtype);
123static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, 128static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
124 int nid,int min,int max); 129 int nid,int n_min,int n_max, unsigned long chtype);
125#ifndef NO_RSA 130#ifndef OPENSSL_NO_RSA
126static void MS_CALLBACK req_cb(int p,int n,void *arg); 131static void MS_CALLBACK req_cb(int p,int n,void *arg);
127#endif 132#endif
128static int req_check_len(int len,int min,int max); 133static int req_check_len(int len,int n_min,int n_max);
129static int check_end(char *str, char *end); 134static int check_end(char *str, char *end);
130#ifndef MONOLITH 135#ifndef MONOLITH
131static char *default_config_file=NULL; 136static char *default_config_file=NULL;
132static LHASH *config=NULL; 137static CONF *config=NULL;
133#endif 138#endif
134static LHASH *req_conf=NULL; 139static CONF *req_conf=NULL;
140static int batch=0;
135 141
136#define TYPE_RSA 1 142#define TYPE_RSA 1
137#define TYPE_DSA 2 143#define TYPE_DSA 2
@@ -142,34 +148,40 @@ int MAIN(int, char **);
142int MAIN(int argc, char **argv) 148int MAIN(int argc, char **argv)
143 { 149 {
144 ENGINE *e = NULL; 150 ENGINE *e = NULL;
145#ifndef NO_DSA 151#ifndef OPENSSL_NO_DSA
146 DSA *dsa_params=NULL; 152 DSA *dsa_params=NULL;
147#endif 153#endif
154 unsigned long nmflag = 0;
148 int ex=1,x509=0,days=30; 155 int ex=1,x509=0,days=30;
149 X509 *x509ss=NULL; 156 X509 *x509ss=NULL;
150 X509_REQ *req=NULL; 157 X509_REQ *req=NULL;
151 EVP_PKEY *pkey=NULL; 158 EVP_PKEY *pkey=NULL;
152 int i,badops=0,newreq=0,newkey= -1,pkey_type=0; 159 int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
160 long newkey = -1;
153 BIO *in=NULL,*out=NULL; 161 BIO *in=NULL,*out=NULL;
154 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; 162 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
155 int nodes=0,kludge=0,newhdr=0; 163 int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
156 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; 164 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
157 char *engine=NULL; 165 char *engine=NULL;
158 char *extensions = NULL; 166 char *extensions = NULL;
159 char *req_exts = NULL; 167 char *req_exts = NULL;
160 EVP_CIPHER *cipher=NULL; 168 const EVP_CIPHER *cipher=NULL;
169 ASN1_INTEGER *serial = NULL;
161 int modulus=0; 170 int modulus=0;
162 char *inrand=NULL; 171 char *inrand=NULL;
163 char *passargin = NULL, *passargout = NULL; 172 char *passargin = NULL, *passargout = NULL;
164 char *passin = NULL, *passout = NULL; 173 char *passin = NULL, *passout = NULL;
165 char *p; 174 char *p;
175 char *subj = NULL;
166 const EVP_MD *md_alg=NULL,*digest=EVP_md5(); 176 const EVP_MD *md_alg=NULL,*digest=EVP_md5();
177 unsigned long chtype = MBSTRING_ASC;
167#ifndef MONOLITH 178#ifndef MONOLITH
168 MS_STATIC char config_name[256]; 179 MS_STATIC char config_name[256];
180 long errline;
169#endif 181#endif
170 182
171 req_conf = NULL; 183 req_conf = NULL;
172#ifndef NO_DES 184#ifndef OPENSSL_NO_DES
173 cipher=EVP_des_ede3_cbc(); 185 cipher=EVP_des_ede3_cbc();
174#endif 186#endif
175 apps_startup(); 187 apps_startup();
@@ -208,9 +220,12 @@ int MAIN(int argc, char **argv)
208 if (--argc < 1) goto bad; 220 if (--argc < 1) goto bad;
209 keyfile= *(++argv); 221 keyfile= *(++argv);
210 } 222 }
223 else if (strcmp(*argv,"-pubkey") == 0)
224 {
225 pubkey=1;
226 }
211 else if (strcmp(*argv,"-new") == 0) 227 else if (strcmp(*argv,"-new") == 0)
212 { 228 {
213 pkey_type=TYPE_RSA;
214 newreq=1; 229 newreq=1;
215 } 230 }
216 else if (strcmp(*argv,"-config") == 0) 231 else if (strcmp(*argv,"-config") == 0)
@@ -268,7 +283,7 @@ int MAIN(int argc, char **argv)
268 newkey= atoi(p); 283 newkey= atoi(p);
269 } 284 }
270 else 285 else
271#ifndef NO_DSA 286#ifndef OPENSSL_NO_DSA
272 if (strncmp("dsa:",p,4) == 0) 287 if (strncmp("dsa:",p,4) == 0)
273 { 288 {
274 X509 *xtmp=NULL; 289 X509 *xtmp=NULL;
@@ -291,7 +306,7 @@ int MAIN(int argc, char **argv)
291 goto end; 306 goto end;
292 } 307 }
293 308
294 dtmp=X509_get_pubkey(xtmp); 309 if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
295 if (dtmp->type == EVP_PKEY_DSA) 310 if (dtmp->type == EVP_PKEY_DSA)
296 dsa_params=DSAparams_dup(dtmp->pkey.dsa); 311 dsa_params=DSAparams_dup(dtmp->pkey.dsa);
297 EVP_PKEY_free(dtmp); 312 EVP_PKEY_free(dtmp);
@@ -308,7 +323,7 @@ int MAIN(int argc, char **argv)
308 } 323 }
309 else 324 else
310#endif 325#endif
311#ifndef NO_DH 326#ifndef OPENSSL_NO_DH
312 if (strncmp("dh:",p,4) == 0) 327 if (strncmp("dh:",p,4) == 0)
313 { 328 {
314 pkey_type=TYPE_DH; 329 pkey_type=TYPE_DH;
@@ -320,6 +335,8 @@ int MAIN(int argc, char **argv)
320 335
321 newreq=1; 336 newreq=1;
322 } 337 }
338 else if (strcmp(*argv,"-batch") == 0)
339 batch=1;
323 else if (strcmp(*argv,"-newhdr") == 0) 340 else if (strcmp(*argv,"-newhdr") == 0)
324 newhdr=1; 341 newhdr=1;
325 else if (strcmp(*argv,"-modulus") == 0) 342 else if (strcmp(*argv,"-modulus") == 0)
@@ -330,6 +347,17 @@ int MAIN(int argc, char **argv)
330 nodes=1; 347 nodes=1;
331 else if (strcmp(*argv,"-noout") == 0) 348 else if (strcmp(*argv,"-noout") == 0)
332 noout=1; 349 noout=1;
350 else if (strcmp(*argv,"-verbose") == 0)
351 verbose=1;
352 else if (strcmp(*argv,"-utf8") == 0)
353 chtype = MBSTRING_UTF8;
354 else if (strcmp(*argv,"-nameopt") == 0)
355 {
356 if (--argc < 1) goto bad;
357 if (!set_name_ex(&nmflag, *(++argv))) goto bad;
358 }
359 else if (strcmp(*argv,"-subject") == 0)
360 subject=1;
333 else if (strcmp(*argv,"-text") == 0) 361 else if (strcmp(*argv,"-text") == 0)
334 text=1; 362 text=1;
335 else if (strcmp(*argv,"-x509") == 0) 363 else if (strcmp(*argv,"-x509") == 0)
@@ -338,12 +366,23 @@ int MAIN(int argc, char **argv)
338 kludge=1; 366 kludge=1;
339 else if (strcmp(*argv,"-no-asn1-kludge") == 0) 367 else if (strcmp(*argv,"-no-asn1-kludge") == 0)
340 kludge=0; 368 kludge=0;
369 else if (strcmp(*argv,"-subj") == 0)
370 {
371 if (--argc < 1) goto bad;
372 subj= *(++argv);
373 }
341 else if (strcmp(*argv,"-days") == 0) 374 else if (strcmp(*argv,"-days") == 0)
342 { 375 {
343 if (--argc < 1) goto bad; 376 if (--argc < 1) goto bad;
344 days= atoi(*(++argv)); 377 days= atoi(*(++argv));
345 if (days == 0) days=30; 378 if (days == 0) days=30;
346 } 379 }
380 else if (strcmp(*argv,"-set_serial") == 0)
381 {
382 if (--argc < 1) goto bad;
383 serial = s2i_ASN1_INTEGER(NULL, *(++argv));
384 if (!serial) goto bad;
385 }
347 else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) 386 else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
348 { 387 {
349 /* ok */ 388 /* ok */
@@ -379,12 +418,15 @@ bad:
379 BIO_printf(bio_err," -in arg input file\n"); 418 BIO_printf(bio_err," -in arg input file\n");
380 BIO_printf(bio_err," -out arg output file\n"); 419 BIO_printf(bio_err," -out arg output file\n");
381 BIO_printf(bio_err," -text text form of request\n"); 420 BIO_printf(bio_err," -text text form of request\n");
421 BIO_printf(bio_err," -pubkey output public key\n");
382 BIO_printf(bio_err," -noout do not output REQ\n"); 422 BIO_printf(bio_err," -noout do not output REQ\n");
383 BIO_printf(bio_err," -verify verify signature on REQ\n"); 423 BIO_printf(bio_err," -verify verify signature on REQ\n");
384 BIO_printf(bio_err," -modulus RSA modulus\n"); 424 BIO_printf(bio_err," -modulus RSA modulus\n");
385 BIO_printf(bio_err," -nodes don't encrypt the output key\n"); 425 BIO_printf(bio_err," -nodes don't encrypt the output key\n");
386 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); 426 BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
387 BIO_printf(bio_err," -key file use the private key contained in file\n"); 427 BIO_printf(bio_err," -subject output the request's subject\n");
428 BIO_printf(bio_err," -passin private key password source\n");
429 BIO_printf(bio_err," -key file use the private key contained in file\n");
388 BIO_printf(bio_err," -keyform arg key file format\n"); 430 BIO_printf(bio_err," -keyform arg key file format\n");
389 BIO_printf(bio_err," -keyout arg file to send the key to\n"); 431 BIO_printf(bio_err," -keyout arg file to send the key to\n");
390 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 432 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
@@ -392,17 +434,21 @@ bad:
392 BIO_printf(bio_err," the random number generator\n"); 434 BIO_printf(bio_err," the random number generator\n");
393 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); 435 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
394 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); 436 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
395 437 BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
396 BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n");
397 BIO_printf(bio_err," -config file request template file.\n"); 438 BIO_printf(bio_err," -config file request template file.\n");
439 BIO_printf(bio_err," -subj arg set or modify request subject\n");
398 BIO_printf(bio_err," -new new request.\n"); 440 BIO_printf(bio_err," -new new request.\n");
441 BIO_printf(bio_err," -batch do not ask anything during request generation\n");
399 BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); 442 BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
400 BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); 443 BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n");
444 BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n");
401 BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n"); 445 BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
402 BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n"); 446 BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
403 BIO_printf(bio_err," have been reported as requiring\n"); 447 BIO_printf(bio_err," have been reported as requiring\n");
404 BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); 448 BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
405 BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); 449 BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
450 BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
451 BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
406 goto end; 452 goto end;
407 } 453 }
408 454
@@ -420,23 +466,26 @@ bad:
420 if (p == NULL) 466 if (p == NULL)
421 { 467 {
422 strcpy(config_name,X509_get_default_cert_area()); 468 strcpy(config_name,X509_get_default_cert_area());
423#ifndef VMS 469#ifndef OPENSSL_SYS_VMS
424 strcat(config_name,"/"); 470 strcat(config_name,"/");
425#endif 471#endif
426 strcat(config_name,OPENSSL_CONF); 472 strcat(config_name,OPENSSL_CONF);
427 p=config_name; 473 p=config_name;
428 } 474 }
429 default_config_file=p; 475 default_config_file=p;
430 config=CONF_load(config,p,NULL); 476 config=NCONF_new(NULL);
477 i=NCONF_load(config, p, &errline);
431#endif 478#endif
432 479
433 if (template != NULL) 480 if (template != NULL)
434 { 481 {
435 long errline; 482 long errline;
436 483
437 BIO_printf(bio_err,"Using configuration from %s\n",template); 484 if( verbose )
438 req_conf=CONF_load(NULL,template,&errline); 485 BIO_printf(bio_err,"Using configuration from %s\n",template);
439 if (req_conf == NULL) 486 req_conf=NCONF_new(NULL);
487 i=NCONF_load(req_conf,template,&errline);
488 if (i == 0)
440 { 489 {
441 BIO_printf(bio_err,"error on line %ld of %s\n",errline,template); 490 BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
442 goto end; 491 goto end;
@@ -445,7 +494,8 @@ bad:
445 else 494 else
446 { 495 {
447 req_conf=config; 496 req_conf=config;
448 BIO_printf(bio_err,"Using configuration from %s\n", 497 if( verbose )
498 BIO_printf(bio_err,"Using configuration from %s\n",
449 default_config_file); 499 default_config_file);
450 if (req_conf == NULL) 500 if (req_conf == NULL)
451 { 501 {
@@ -455,7 +505,11 @@ bad:
455 505
456 if (req_conf != NULL) 506 if (req_conf != NULL)
457 { 507 {
458 p=CONF_get_string(req_conf,NULL,"oid_file"); 508 if (!load_config(bio_err, req_conf))
509 goto end;
510 p=NCONF_get_string(req_conf,NULL,"oid_file");
511 if (p == NULL)
512 ERR_clear_error();
459 if (p != NULL) 513 if (p != NULL)
460 { 514 {
461 BIO *oid_bio; 515 BIO *oid_bio;
@@ -475,23 +529,32 @@ bad:
475 } 529 }
476 } 530 }
477 } 531 }
478 if(!add_oid_section(bio_err, req_conf)) goto end; 532 if(!add_oid_section(bio_err, req_conf)) goto end;
479 533
480 if ((md_alg == NULL) && 534 if (md_alg == NULL)
481 ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
482 { 535 {
483 if ((md_alg=EVP_get_digestbyname(p)) != NULL) 536 p=NCONF_get_string(req_conf,SECTION,"default_md");
484 digest=md_alg; 537 if (p == NULL)
538 ERR_clear_error();
539 if (p != NULL)
540 {
541 if ((md_alg=EVP_get_digestbyname(p)) != NULL)
542 digest=md_alg;
543 }
485 } 544 }
486 545
487 if(!extensions) 546 if (!extensions)
488 extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS); 547 {
489 if(extensions) { 548 extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
549 if (!extensions)
550 ERR_clear_error();
551 }
552 if (extensions) {
490 /* Check syntax of file */ 553 /* Check syntax of file */
491 X509V3_CTX ctx; 554 X509V3_CTX ctx;
492 X509V3_set_ctx_test(&ctx); 555 X509V3_set_ctx_test(&ctx);
493 X509V3_set_conf_lhash(&ctx, req_conf); 556 X509V3_set_nconf(&ctx, req_conf);
494 if(!X509V3_EXT_add_conf(req_conf, &ctx, extensions, NULL)) { 557 if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
495 BIO_printf(bio_err, 558 BIO_printf(bio_err,
496 "Error Loading extension section %s\n", extensions); 559 "Error Loading extension section %s\n", extensions);
497 goto end; 560 goto end;
@@ -499,26 +562,50 @@ bad:
499 } 562 }
500 563
501 if(!passin) 564 if(!passin)
502 passin = CONF_get_string(req_conf, SECTION, "input_password"); 565 {
503 566 passin = NCONF_get_string(req_conf, SECTION, "input_password");
567 if (!passin)
568 ERR_clear_error();
569 }
570
504 if(!passout) 571 if(!passout)
505 passout = CONF_get_string(req_conf, SECTION, "output_password"); 572 {
573 passout = NCONF_get_string(req_conf, SECTION, "output_password");
574 if (!passout)
575 ERR_clear_error();
576 }
506 577
507 p = CONF_get_string(req_conf, SECTION, STRING_MASK); 578 p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
579 if (!p)
580 ERR_clear_error();
508 581
509 if(p && !ASN1_STRING_set_default_mask_asc(p)) { 582 if(p && !ASN1_STRING_set_default_mask_asc(p)) {
510 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); 583 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
511 goto end; 584 goto end;
512 } 585 }
513 586
587 if (chtype != MBSTRING_UTF8)
588 {
589 p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
590 if (!p)
591 ERR_clear_error();
592 else if (!strcmp(p, "yes"))
593 chtype = MBSTRING_UTF8;
594 }
595
596
514 if(!req_exts) 597 if(!req_exts)
515 req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); 598 {
599 req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
600 if (!req_exts)
601 ERR_clear_error();
602 }
516 if(req_exts) { 603 if(req_exts) {
517 /* Check syntax of file */ 604 /* Check syntax of file */
518 X509V3_CTX ctx; 605 X509V3_CTX ctx;
519 X509V3_set_ctx_test(&ctx); 606 X509V3_set_ctx_test(&ctx);
520 X509V3_set_conf_lhash(&ctx, req_conf); 607 X509V3_set_nconf(&ctx, req_conf);
521 if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { 608 if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
522 BIO_printf(bio_err, 609 BIO_printf(bio_err,
523 "Error Loading request extension section %s\n", 610 "Error Loading request extension section %s\n",
524 req_exts); 611 req_exts);
@@ -531,80 +618,39 @@ bad:
531 if ((in == NULL) || (out == NULL)) 618 if ((in == NULL) || (out == NULL))
532 goto end; 619 goto end;
533 620
534 if (engine != NULL) 621 e = setup_engine(bio_err, engine, 0);
535 {
536 if((e = ENGINE_by_id(engine)) == NULL)
537 {
538 BIO_printf(bio_err,"invalid engine \"%s\"\n",
539 engine);
540 goto end;
541 }
542 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
543 {
544 BIO_printf(bio_err,"can't use that engine\n");
545 goto end;
546 }
547 BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
548 /* Free our "structural" reference. */
549 ENGINE_free(e);
550 }
551 622
552 if (keyfile != NULL) 623 if (keyfile != NULL)
553 { 624 {
554 if (keyform == FORMAT_ENGINE) 625 pkey = load_key(bio_err, keyfile, keyform, passin, e,
555 { 626 "Private Key");
556 if (!e) 627 if (!pkey)
557 {
558 BIO_printf(bio_err,"no engine specified\n");
559 goto end;
560 }
561 pkey = ENGINE_load_private_key(e, keyfile, NULL);
562 }
563 else
564 {
565 if (BIO_read_filename(in,keyfile) <= 0)
566 {
567 perror(keyfile);
568 goto end;
569 }
570
571 if (keyform == FORMAT_ASN1)
572 pkey=d2i_PrivateKey_bio(in,NULL);
573 else if (keyform == FORMAT_PEM)
574 {
575 pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
576 passin);
577 }
578 else
579 {
580 BIO_printf(bio_err,"bad input format specified for X509 request\n");
581 goto end;
582 }
583 }
584
585 if (pkey == NULL)
586 { 628 {
587 BIO_printf(bio_err,"unable to load Private key\n"); 629 /* load_key() has already printed an appropriate
630 message */
588 goto end; 631 goto end;
589 } 632 }
590 if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) 633 if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
591 { 634 {
592 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); 635 char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
636 if (randfile == NULL)
637 ERR_clear_error();
593 app_RAND_load_file(randfile, bio_err, 0); 638 app_RAND_load_file(randfile, bio_err, 0);
594 } 639 }
595 } 640 }
596 641
597 if (newreq && (pkey == NULL)) 642 if (newreq && (pkey == NULL))
598 { 643 {
599 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); 644 char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
645 if (randfile == NULL)
646 ERR_clear_error();
600 app_RAND_load_file(randfile, bio_err, 0); 647 app_RAND_load_file(randfile, bio_err, 0);
601 if (inrand) 648 if (inrand)
602 app_RAND_load_files(inrand); 649 app_RAND_load_files(inrand);
603 650
604 if (newkey <= 0) 651 if (newkey <= 0)
605 { 652 {
606 newkey=(int)CONF_get_number(req_conf,SECTION,BITS); 653 if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
607 if (newkey <= 0)
608 newkey=DEFAULT_KEY_LENGTH; 654 newkey=DEFAULT_KEY_LENGTH;
609 } 655 }
610 656
@@ -619,7 +665,7 @@ bad:
619 665
620 if ((pkey=EVP_PKEY_new()) == NULL) goto end; 666 if ((pkey=EVP_PKEY_new()) == NULL) goto end;
621 667
622#ifndef NO_RSA 668#ifndef OPENSSL_NO_RSA
623 if (pkey_type == TYPE_RSA) 669 if (pkey_type == TYPE_RSA)
624 { 670 {
625 if (!EVP_PKEY_assign_RSA(pkey, 671 if (!EVP_PKEY_assign_RSA(pkey,
@@ -629,7 +675,7 @@ bad:
629 } 675 }
630 else 676 else
631#endif 677#endif
632#ifndef NO_DSA 678#ifndef OPENSSL_NO_DSA
633 if (pkey_type == TYPE_DSA) 679 if (pkey_type == TYPE_DSA)
634 { 680 {
635 if (!DSA_generate_key(dsa_params)) goto end; 681 if (!DSA_generate_key(dsa_params)) goto end;
@@ -643,13 +689,17 @@ bad:
643 if (pkey == NULL) goto end; 689 if (pkey == NULL) goto end;
644 690
645 if (keyout == NULL) 691 if (keyout == NULL)
646 keyout=CONF_get_string(req_conf,SECTION,KEYFILE); 692 {
647 693 keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
694 if (keyout == NULL)
695 ERR_clear_error();
696 }
697
648 if (keyout == NULL) 698 if (keyout == NULL)
649 { 699 {
650 BIO_printf(bio_err,"writing new private key to stdout\n"); 700 BIO_printf(bio_err,"writing new private key to stdout\n");
651 BIO_set_fp(out,stdout,BIO_NOCLOSE); 701 BIO_set_fp(out,stdout,BIO_NOCLOSE);
652#ifdef VMS 702#ifdef OPENSSL_SYS_VMS
653 { 703 {
654 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 704 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
655 out = BIO_push(tmpbio, out); 705 out = BIO_push(tmpbio, out);
@@ -666,9 +716,14 @@ bad:
666 } 716 }
667 } 717 }
668 718
669 p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key"); 719 p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
670 if (p == NULL) 720 if (p == NULL)
671 p=CONF_get_string(req_conf,SECTION,"encrypt_key"); 721 {
722 ERR_clear_error();
723 p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
724 if (p == NULL)
725 ERR_clear_error();
726 }
672 if ((p != NULL) && (strcmp(p,"no") == 0)) 727 if ((p != NULL) && (strcmp(p,"no") == 0))
673 cipher=NULL; 728 cipher=NULL;
674 if (nodes) cipher=NULL; 729 if (nodes) cipher=NULL;
@@ -730,7 +785,7 @@ loop:
730 BIO_printf(bio_err,"you need to specify a private key\n"); 785 BIO_printf(bio_err,"you need to specify a private key\n");
731 goto end; 786 goto end;
732 } 787 }
733#ifndef NO_DSA 788#ifndef OPENSSL_NO_DSA
734 if (pkey->type == EVP_PKEY_DSA) 789 if (pkey->type == EVP_PKEY_DSA)
735 digest=EVP_dss1(); 790 digest=EVP_dss1();
736#endif 791#endif
@@ -742,9 +797,13 @@ loop:
742 goto end; 797 goto end;
743 } 798 }
744 799
745 i=make_REQ(req,pkey,!x509); 800 i=make_REQ(req,pkey,subj,!x509, chtype);
746 if (kludge >= 0) 801 subj=NULL; /* done processing '-subj' option */
747 req->req_info->req_kludge=kludge; 802 if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
803 {
804 sk_X509_ATTRIBUTE_free(req->req_info->attributes);
805 req->req_info->attributes = NULL;
806 }
748 if (!i) 807 if (!i)
749 { 808 {
750 BIO_printf(bio_err,"problems making Certificate Request\n"); 809 BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -759,34 +818,38 @@ loop:
759 818
760 /* Set version to V3 */ 819 /* Set version to V3 */
761 if(!X509_set_version(x509ss, 2)) goto end; 820 if(!X509_set_version(x509ss, 2)) goto end;
762 ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L); 821 if (serial)
763 822 {
764 X509_set_issuer_name(x509ss, 823 if (!X509_set_serialNumber(x509ss, serial)) goto end;
765 X509_REQ_get_subject_name(req)); 824 }
766 X509_gmtime_adj(X509_get_notBefore(x509ss),0); 825 else
767 X509_gmtime_adj(X509_get_notAfter(x509ss), 826 {
768 (long)60*60*24*days); 827 if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
769 X509_set_subject_name(x509ss, 828 }
770 X509_REQ_get_subject_name(req)); 829
830 if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
831 if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
832 if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
833 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
771 tmppkey = X509_REQ_get_pubkey(req); 834 tmppkey = X509_REQ_get_pubkey(req);
772 X509_set_pubkey(x509ss,tmppkey); 835 if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
773 EVP_PKEY_free(tmppkey); 836 EVP_PKEY_free(tmppkey);
774 837
775 /* Set up V3 context struct */ 838 /* Set up V3 context struct */
776 839
777 X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); 840 X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
778 X509V3_set_conf_lhash(&ext_ctx, req_conf); 841 X509V3_set_nconf(&ext_ctx, req_conf);
779 842
780 /* Add extensions */ 843 /* Add extensions */
781 if(extensions && !X509V3_EXT_add_conf(req_conf, 844 if(extensions && !X509V3_EXT_add_nconf(req_conf,
782 &ext_ctx, extensions, x509ss)) 845 &ext_ctx, extensions, x509ss))
783 { 846 {
784 BIO_printf(bio_err, 847 BIO_printf(bio_err,
785 "Error Loading extension section %s\n", 848 "Error Loading extension section %s\n",
786 extensions); 849 extensions);
787 goto end; 850 goto end;
788 } 851 }
789 852
790 if (!(i=X509_sign(x509ss,pkey,digest))) 853 if (!(i=X509_sign(x509ss,pkey,digest)))
791 goto end; 854 goto end;
792 } 855 }
@@ -797,22 +860,51 @@ loop:
797 /* Set up V3 context struct */ 860 /* Set up V3 context struct */
798 861
799 X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); 862 X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
800 X509V3_set_conf_lhash(&ext_ctx, req_conf); 863 X509V3_set_nconf(&ext_ctx, req_conf);
801 864
802 /* Add extensions */ 865 /* Add extensions */
803 if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 866 if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
804 &ext_ctx, req_exts, req)) 867 &ext_ctx, req_exts, req))
805 { 868 {
806 BIO_printf(bio_err, 869 BIO_printf(bio_err,
807 "Error Loading extension section %s\n", 870 "Error Loading extension section %s\n",
808 req_exts); 871 req_exts);
809 goto end; 872 goto end;
810 } 873 }
811 if (!(i=X509_REQ_sign(req,pkey,digest))) 874 if (!(i=X509_REQ_sign(req,pkey,digest)))
812 goto end; 875 goto end;
813 } 876 }
814 } 877 }
815 878
879 if (subj && x509)
880 {
881 BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
882 goto end;
883 }
884
885 if (subj && !x509)
886 {
887 if (verbose)
888 {
889 BIO_printf(bio_err, "Modifying Request's Subject\n");
890 print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
891 }
892
893 if (build_subject(req, subj, chtype) == 0)
894 {
895 BIO_printf(bio_err, "ERROR: cannot modify subject\n");
896 ex=1;
897 goto end;
898 }
899
900 req->req_info->enc.modified = 1;
901
902 if (verbose)
903 {
904 print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
905 }
906 }
907
816 if (verify && !x509) 908 if (verify && !x509)
817 { 909 {
818 int tmp=0; 910 int tmp=0;
@@ -837,12 +929,13 @@ loop:
837 else if (i == 0) 929 else if (i == 0)
838 { 930 {
839 BIO_printf(bio_err,"verify failure\n"); 931 BIO_printf(bio_err,"verify failure\n");
932 ERR_print_errors(bio_err);
840 } 933 }
841 else /* if (i > 0) */ 934 else /* if (i > 0) */
842 BIO_printf(bio_err,"verify OK\n"); 935 BIO_printf(bio_err,"verify OK\n");
843 } 936 }
844 937
845 if (noout && !text && !modulus) 938 if (noout && !text && !modulus && !subject && !pubkey)
846 { 939 {
847 ex=0; 940 ex=0;
848 goto end; 941 goto end;
@@ -851,7 +944,7 @@ loop:
851 if (outfile == NULL) 944 if (outfile == NULL)
852 { 945 {
853 BIO_set_fp(out,stdout,BIO_NOCLOSE); 946 BIO_set_fp(out,stdout,BIO_NOCLOSE);
854#ifdef VMS 947#ifdef OPENSSL_SYS_VMS
855 { 948 {
856 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 949 BIO *tmpbio = BIO_new(BIO_f_linebuffer());
857 out = BIO_push(tmpbio, out); 950 out = BIO_push(tmpbio, out);
@@ -871,6 +964,20 @@ loop:
871 } 964 }
872 } 965 }
873 966
967 if (pubkey)
968 {
969 EVP_PKEY *tpubkey;
970 tpubkey=X509_REQ_get_pubkey(req);
971 if (tpubkey == NULL)
972 {
973 BIO_printf(bio_err,"Error getting public key\n");
974 ERR_print_errors(bio_err);
975 goto end;
976 }
977 PEM_write_bio_PUBKEY(out, tpubkey);
978 EVP_PKEY_free(tpubkey);
979 }
980
874 if (text) 981 if (text)
875 { 982 {
876 if (x509) 983 if (x509)
@@ -879,26 +986,35 @@ loop:
879 X509_REQ_print(out,req); 986 X509_REQ_print(out,req);
880 } 987 }
881 988
989 if(subject)
990 {
991 if(x509)
992 print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
993 else
994 print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
995 }
996
882 if (modulus) 997 if (modulus)
883 { 998 {
884 EVP_PKEY *pubkey; 999 EVP_PKEY *tpubkey;
885 1000
886 if (x509) 1001 if (x509)
887 pubkey=X509_get_pubkey(x509ss); 1002 tpubkey=X509_get_pubkey(x509ss);
888 else 1003 else
889 pubkey=X509_REQ_get_pubkey(req); 1004 tpubkey=X509_REQ_get_pubkey(req);
890 if (pubkey == NULL) 1005 if (tpubkey == NULL)
891 { 1006 {
892 fprintf(stdout,"Modulus=unavailable\n"); 1007 fprintf(stdout,"Modulus=unavailable\n");
893 goto end; 1008 goto end;
894 } 1009 }
895 fprintf(stdout,"Modulus="); 1010 fprintf(stdout,"Modulus=");
896#ifndef NO_RSA 1011#ifndef OPENSSL_NO_RSA
897 if (pubkey->type == EVP_PKEY_RSA) 1012 if (tpubkey->type == EVP_PKEY_RSA)
898 BN_print(out,pubkey->pkey.rsa->n); 1013 BN_print(out,tpubkey->pkey.rsa->n);
899 else 1014 else
900#endif 1015#endif
901 fprintf(stdout,"Wrong Algorithm type"); 1016 fprintf(stdout,"Wrong Algorithm type");
1017 EVP_PKEY_free(tpubkey);
902 fprintf(stdout,"\n"); 1018 fprintf(stdout,"\n");
903 } 1019 }
904 1020
@@ -941,51 +1057,59 @@ end:
941 { 1057 {
942 ERR_print_errors(bio_err); 1058 ERR_print_errors(bio_err);
943 } 1059 }
944 if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); 1060 if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
945 BIO_free(in); 1061 BIO_free(in);
946 BIO_free_all(out); 1062 BIO_free_all(out);
947 EVP_PKEY_free(pkey); 1063 EVP_PKEY_free(pkey);
948 X509_REQ_free(req); 1064 X509_REQ_free(req);
949 X509_free(x509ss); 1065 X509_free(x509ss);
1066 ASN1_INTEGER_free(serial);
950 if(passargin && passin) OPENSSL_free(passin); 1067 if(passargin && passin) OPENSSL_free(passin);
951 if(passargout && passout) OPENSSL_free(passout); 1068 if(passargout && passout) OPENSSL_free(passout);
952 OBJ_cleanup(); 1069 OBJ_cleanup();
953#ifndef NO_DSA 1070#ifndef OPENSSL_NO_DSA
954 if (dsa_params != NULL) DSA_free(dsa_params); 1071 if (dsa_params != NULL) DSA_free(dsa_params);
955#endif 1072#endif
1073 apps_shutdown();
956 EXIT(ex); 1074 EXIT(ex);
957 } 1075 }
958 1076
959static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) 1077static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,
1078 unsigned long chtype)
960 { 1079 {
961 int ret=0,i; 1080 int ret=0,i;
962 char no_prompt = 0; 1081 char no_prompt = 0;
963 STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; 1082 STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
964 char *tmp, *dn_sect,*attr_sect; 1083 char *tmp, *dn_sect,*attr_sect;
965 1084
966 tmp=CONF_get_string(req_conf,SECTION,PROMPT); 1085 tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
1086 if (tmp == NULL)
1087 ERR_clear_error();
967 if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1; 1088 if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
968 1089
969 dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); 1090 dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
970 if (dn_sect == NULL) 1091 if (dn_sect == NULL)
971 { 1092 {
972 BIO_printf(bio_err,"unable to find '%s' in config\n", 1093 BIO_printf(bio_err,"unable to find '%s' in config\n",
973 DISTINGUISHED_NAME); 1094 DISTINGUISHED_NAME);
974 goto err; 1095 goto err;
975 } 1096 }
976 dn_sk=CONF_get_section(req_conf,dn_sect); 1097 dn_sk=NCONF_get_section(req_conf,dn_sect);
977 if (dn_sk == NULL) 1098 if (dn_sk == NULL)
978 { 1099 {
979 BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect); 1100 BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
980 goto err; 1101 goto err;
981 } 1102 }
982 1103
983 attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES); 1104 attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
984 if (attr_sect == NULL) 1105 if (attr_sect == NULL)
1106 {
1107 ERR_clear_error();
985 attr_sk=NULL; 1108 attr_sk=NULL;
1109 }
986 else 1110 else
987 { 1111 {
988 attr_sk=CONF_get_section(req_conf,attr_sect); 1112 attr_sk=NCONF_get_section(req_conf,attr_sect);
989 if (attr_sk == NULL) 1113 if (attr_sk == NULL)
990 { 1114 {
991 BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect); 1115 BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
@@ -996,37 +1120,172 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
996 /* setup version number */ 1120 /* setup version number */
997 if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */ 1121 if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
998 1122
999 if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs); 1123 if (no_prompt)
1000 else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs); 1124 i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
1125 else
1126 {
1127 if (subj)
1128 i = build_subject(req, subj, chtype);
1129 else
1130 i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
1131 }
1001 if(!i) goto err; 1132 if(!i) goto err;
1002 1133
1003 X509_REQ_set_pubkey(req,pkey); 1134 if (!X509_REQ_set_pubkey(req,pkey)) goto err;
1004 1135
1005 ret=1; 1136 ret=1;
1006err: 1137err:
1007 return(ret); 1138 return(ret);
1008 } 1139 }
1009 1140
1141/*
1142 * subject is expected to be in the format /type0=value0/type1=value1/type2=...
1143 * where characters may be escaped by \
1144 */
1145static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
1146 {
1147 size_t buflen = strlen (subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
1148 char *buf = malloc (buflen);
1149 size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
1150 char **ne_types = malloc (max_ne * sizeof (char *));
1151 char **ne_values = malloc (max_ne * sizeof (char *));
1152
1153 char *sp = subject, *bp = buf;
1154 int i, ne_num = 0;
1155
1156 X509_NAME *n = NULL;
1157 int nid;
1158
1159 if (!buf || !ne_types || !ne_values)
1160 {
1161 BIO_printf(bio_err, "malloc error\n");
1162 goto error0;
1163 }
1164
1165 if (*subject != '/')
1166 {
1167 BIO_printf(bio_err, "Subject does not start with '/'.\n");
1168 goto error0;
1169 }
1170 sp++; /* skip leading / */
1171
1172 while (*sp)
1173 {
1174 /* collect type */
1175 ne_types[ne_num] = bp;
1176 while (*sp)
1177 {
1178 if (*sp == '\\') /* is there anything to escape in the type...? */
1179 if (*++sp)
1180 *bp++ = *sp++;
1181 else
1182 {
1183 BIO_printf(bio_err, "escape character at end of string\n");
1184 goto error0;
1185 }
1186 else if (*sp == '=')
1187 {
1188 sp++;
1189 *bp++ = '\0';
1190 break;
1191 }
1192 else
1193 *bp++ = *sp++;
1194 }
1195 if (!*sp)
1196 {
1197 BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
1198 goto error0;
1199 }
1200 ne_values[ne_num] = bp;
1201 while (*sp)
1202 {
1203 if (*sp == '\\')
1204 if (*++sp)
1205 *bp++ = *sp++;
1206 else
1207 {
1208 BIO_printf(bio_err, "escape character at end of string\n");
1209 goto error0;
1210 }
1211 else if (*sp == '/')
1212 {
1213 sp++;
1214 *bp++ = '\0';
1215 break;
1216 }
1217 else
1218 *bp++ = *sp++;
1219 }
1220 *bp++ = '\0';
1221 ne_num++;
1222 }
1223
1224 if (!(n = X509_NAME_new()))
1225 goto error0;
1226
1227 for(i = 0; i < ne_num; i++)
1228 {
1229 if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
1230 {
1231 BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
1232 continue;
1233 }
1234
1235 if (!*ne_values[i])
1236 {
1237 BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
1238 continue;
1239 }
1240
1241 if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
1242 goto error1;
1243
1244 }
1245
1246 if (!X509_REQ_set_subject_name(req, n))
1247 goto error1;
1248 X509_NAME_free(n);
1249 free (ne_values);
1250 free (ne_types);
1251 free (buf);
1252 return 1;
1253
1254error1:
1255 X509_NAME_free(n);
1256error0:
1257 free (ne_values);
1258 free (ne_types);
1259 free (buf);
1260 return 0;
1261}
1262
1010 1263
1011static int prompt_info(X509_REQ *req, 1264static int prompt_info(X509_REQ *req,
1012 STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect, 1265 STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
1013 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs) 1266 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
1267 unsigned long chtype)
1014 { 1268 {
1015 int i; 1269 int i;
1016 char *p,*q; 1270 char *p,*q;
1017 char buf[100]; 1271 char buf[100];
1018 int nid,min,max; 1272 int nid;
1273 long n_min,n_max;
1019 char *type,*def,*value; 1274 char *type,*def,*value;
1020 CONF_VALUE *v; 1275 CONF_VALUE *v;
1021 X509_NAME *subj; 1276 X509_NAME *subj;
1022 subj = X509_REQ_get_subject_name(req); 1277 subj = X509_REQ_get_subject_name(req);
1023 BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n"); 1278
1024 BIO_printf(bio_err,"into your certificate request.\n"); 1279 if(!batch)
1025 BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n"); 1280 {
1026 BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n"); 1281 BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
1027 BIO_printf(bio_err,"For some fields there will be a default value,\n"); 1282 BIO_printf(bio_err,"into your certificate request.\n");
1028 BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n"); 1283 BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
1029 BIO_printf(bio_err,"-----\n"); 1284 BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
1285 BIO_printf(bio_err,"For some fields there will be a default value,\n");
1286 BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
1287 BIO_printf(bio_err,"-----\n");
1288 }
1030 1289
1031 1290
1032 if (sk_CONF_VALUE_num(dn_sk)) 1291 if (sk_CONF_VALUE_num(dn_sk))
@@ -1056,21 +1315,29 @@ start: for (;;)
1056 /* If OBJ not recognised ignore it */ 1315 /* If OBJ not recognised ignore it */
1057 if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; 1316 if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
1058 sprintf(buf,"%s_default",v->name); 1317 sprintf(buf,"%s_default",v->name);
1059 if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL) 1318 if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
1319 {
1320 ERR_clear_error();
1060 def=""; 1321 def="";
1322 }
1061 1323
1062 sprintf(buf,"%s_value",v->name); 1324 sprintf(buf,"%s_value",v->name);
1063 if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL) 1325 if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
1326 {
1327 ERR_clear_error();
1064 value=NULL; 1328 value=NULL;
1329 }
1065 1330
1066 sprintf(buf,"%s_min",v->name); 1331 sprintf(buf,"%s_min",v->name);
1067 min=(int)CONF_get_number(req_conf,dn_sect,buf); 1332 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
1333 n_min = -1;
1068 1334
1069 sprintf(buf,"%s_max",v->name); 1335 sprintf(buf,"%s_max",v->name);
1070 max=(int)CONF_get_number(req_conf,dn_sect,buf); 1336 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
1337 n_max = -1;
1071 1338
1072 if (!add_DN_object(subj,v->value,def,value,nid, 1339 if (!add_DN_object(subj,v->value,def,value,nid,
1073 min,max)) 1340 n_min,n_max, chtype))
1074 return 0; 1341 return 0;
1075 } 1342 }
1076 if (X509_NAME_entry_count(subj) == 0) 1343 if (X509_NAME_entry_count(subj) == 0)
@@ -1081,7 +1348,7 @@ start: for (;;)
1081 1348
1082 if (attribs) 1349 if (attribs)
1083 { 1350 {
1084 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)) 1351 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
1085 { 1352 {
1086 BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); 1353 BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
1087 BIO_printf(bio_err,"to be sent with your certificate request\n"); 1354 BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -1101,23 +1368,32 @@ start2: for (;;)
1101 goto start2; 1368 goto start2;
1102 1369
1103 sprintf(buf,"%s_default",type); 1370 sprintf(buf,"%s_default",type);
1104 if ((def=CONF_get_string(req_conf,attr_sect,buf)) 1371 if ((def=NCONF_get_string(req_conf,attr_sect,buf))
1105 == NULL) 1372 == NULL)
1373 {
1374 ERR_clear_error();
1106 def=""; 1375 def="";
1376 }
1377
1107 1378
1108 sprintf(buf,"%s_value",type); 1379 sprintf(buf,"%s_value",type);
1109 if ((value=CONF_get_string(req_conf,attr_sect,buf)) 1380 if ((value=NCONF_get_string(req_conf,attr_sect,buf))
1110 == NULL) 1381 == NULL)
1382 {
1383 ERR_clear_error();
1111 value=NULL; 1384 value=NULL;
1385 }
1112 1386
1113 sprintf(buf,"%s_min",type); 1387 sprintf(buf,"%s_min",type);
1114 min=(int)CONF_get_number(req_conf,attr_sect,buf); 1388 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
1389 n_min = -1;
1115 1390
1116 sprintf(buf,"%s_max",type); 1391 sprintf(buf,"%s_max",type);
1117 max=(int)CONF_get_number(req_conf,attr_sect,buf); 1392 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
1393 n_max = -1;
1118 1394
1119 if (!add_attribute_object(req, 1395 if (!add_attribute_object(req,
1120 v->value,def,value,nid,min,max)) 1396 v->value,def,value,nid,n_min,n_max, chtype))
1121 return 0; 1397 return 0;
1122 } 1398 }
1123 } 1399 }
@@ -1133,7 +1409,7 @@ start2: for (;;)
1133 } 1409 }
1134 1410
1135static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, 1411static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
1136 STACK_OF(CONF_VALUE) *attr_sk, int attribs) 1412 STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
1137 { 1413 {
1138 int i; 1414 int i;
1139 char *p,*q; 1415 char *p,*q;
@@ -1161,7 +1437,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
1161 if(*p) type = p; 1437 if(*p) type = p;
1162 break; 1438 break;
1163 } 1439 }
1164 if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC, 1440 if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
1165 (unsigned char *) v->value,-1,-1,0)) return 0; 1441 (unsigned char *) v->value,-1,-1,0)) return 0;
1166 1442
1167 } 1443 }
@@ -1176,7 +1452,7 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
1176 for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) 1452 for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
1177 { 1453 {
1178 v=sk_CONF_VALUE_value(attr_sk,i); 1454 v=sk_CONF_VALUE_value(attr_sk,i);
1179 if(!X509_REQ_add1_attr_by_txt(req, v->name, MBSTRING_ASC, 1455 if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
1180 (unsigned char *)v->value, -1)) return 0; 1456 (unsigned char *)v->value, -1)) return 0;
1181 } 1457 }
1182 } 1458 }
@@ -1185,14 +1461,14 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
1185 1461
1186 1462
1187static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, 1463static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
1188 int nid, int min, int max) 1464 int nid, int n_min, int n_max, unsigned long chtype)
1189 { 1465 {
1190 int i,ret=0; 1466 int i,ret=0;
1191 MS_STATIC char buf[1024]; 1467 MS_STATIC char buf[1024];
1192start: 1468start:
1193 BIO_printf(bio_err,"%s [%s]:",text,def); 1469 if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
1194 (void)BIO_flush(bio_err); 1470 (void)BIO_flush(bio_err);
1195 if (value != NULL) 1471 if(value != NULL)
1196 { 1472 {
1197 strcpy(buf,value); 1473 strcpy(buf,value);
1198 strcat(buf,"\n"); 1474 strcat(buf,"\n");
@@ -1201,7 +1477,15 @@ start:
1201 else 1477 else
1202 { 1478 {
1203 buf[0]='\0'; 1479 buf[0]='\0';
1204 fgets(buf,1024,stdin); 1480 if (!batch)
1481 {
1482 fgets(buf,1024,stdin);
1483 }
1484 else
1485 {
1486 buf[0] = '\n';
1487 buf[1] = '\0';
1488 }
1205 } 1489 }
1206 1490
1207 if (buf[0] == '\0') return(0); 1491 if (buf[0] == '\0') return(0);
@@ -1221,12 +1505,11 @@ start:
1221 return(0); 1505 return(0);
1222 } 1506 }
1223 buf[--i]='\0'; 1507 buf[--i]='\0';
1224
1225#ifdef CHARSET_EBCDIC 1508#ifdef CHARSET_EBCDIC
1226 ebcdic2ascii(buf, buf, i); 1509 ebcdic2ascii(buf, buf, i);
1227#endif 1510#endif
1228 if(!req_check_len(i, min, max)) goto start; 1511 if(!req_check_len(i, n_min, n_max)) goto start;
1229 if (!X509_NAME_add_entry_by_NID(n,nid, MBSTRING_ASC, 1512 if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
1230 (unsigned char *) buf, -1,-1,0)) goto err; 1513 (unsigned char *) buf, -1,-1,0)) goto err;
1231 ret=1; 1514 ret=1;
1232err: 1515err:
@@ -1234,14 +1517,14 @@ err:
1234 } 1517 }
1235 1518
1236static int add_attribute_object(X509_REQ *req, char *text, 1519static int add_attribute_object(X509_REQ *req, char *text,
1237 char *def, char *value, int nid, int min, 1520 char *def, char *value, int nid, int n_min,
1238 int max) 1521 int n_max, unsigned long chtype)
1239 { 1522 {
1240 int i; 1523 int i;
1241 static char buf[1024]; 1524 static char buf[1024];
1242 1525
1243start: 1526start:
1244 BIO_printf(bio_err,"%s [%s]:",text,def); 1527 if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
1245 (void)BIO_flush(bio_err); 1528 (void)BIO_flush(bio_err);
1246 if (value != NULL) 1529 if (value != NULL)
1247 { 1530 {
@@ -1252,7 +1535,15 @@ start:
1252 else 1535 else
1253 { 1536 {
1254 buf[0]='\0'; 1537 buf[0]='\0';
1255 fgets(buf,1024,stdin); 1538 if (!batch)
1539 {
1540 fgets(buf,1024,stdin);
1541 }
1542 else
1543 {
1544 buf[0] = '\n';
1545 buf[1] = '\0';
1546 }
1256 } 1547 }
1257 1548
1258 if (buf[0] == '\0') return(0); 1549 if (buf[0] == '\0') return(0);
@@ -1275,9 +1566,9 @@ start:
1275#ifdef CHARSET_EBCDIC 1566#ifdef CHARSET_EBCDIC
1276 ebcdic2ascii(buf, buf, i); 1567 ebcdic2ascii(buf, buf, i);
1277#endif 1568#endif
1278 if(!req_check_len(i, min, max)) goto start; 1569 if(!req_check_len(i, n_min, n_max)) goto start;
1279 1570
1280 if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC, 1571 if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
1281 (unsigned char *)buf, -1)) { 1572 (unsigned char *)buf, -1)) {
1282 BIO_printf(bio_err, "Error adding attribute\n"); 1573 BIO_printf(bio_err, "Error adding attribute\n");
1283 ERR_print_errors(bio_err); 1574 ERR_print_errors(bio_err);
@@ -1289,7 +1580,7 @@ err:
1289 return(0); 1580 return(0);
1290 } 1581 }
1291 1582
1292#ifndef NO_RSA 1583#ifndef OPENSSL_NO_RSA
1293static void MS_CALLBACK req_cb(int p, int n, void *arg) 1584static void MS_CALLBACK req_cb(int p, int n, void *arg)
1294 { 1585 {
1295 char c='*'; 1586 char c='*';
@@ -1306,16 +1597,16 @@ static void MS_CALLBACK req_cb(int p, int n, void *arg)
1306 } 1597 }
1307#endif 1598#endif
1308 1599
1309static int req_check_len(int len, int min, int max) 1600static int req_check_len(int len, int n_min, int n_max)
1310 { 1601 {
1311 if (len < min) 1602 if ((n_min > 0) && (len < n_min))
1312 { 1603 {
1313 BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min); 1604 BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
1314 return(0); 1605 return(0);
1315 } 1606 }
1316 if ((max != 0) && (len > max)) 1607 if ((n_max >= 0) && (len > n_max))
1317 { 1608 {
1318 BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",max); 1609 BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
1319 return(0); 1610 return(0);
1320 } 1611 }
1321 return(1); 1612 return(1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-29 05:32:35 +0000