summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/req.c950
1 files changed, 572 insertions, 378 deletions
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 7bfb90d14b..dfba8e28c4 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: req.c,v 1.18 2019/11/06 11:16:16 inoguchi Exp $ */ 1/* $OpenBSD: req.c,v 1.19 2020/08/09 16:38:24 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -101,26 +101,6 @@
101#define DEFAULT_KEY_LENGTH 2048 101#define DEFAULT_KEY_LENGTH 2048
102#define MIN_KEY_LENGTH 384 102#define MIN_KEY_LENGTH 384
103 103
104
105/* -inform arg - input format - default PEM (DER or PEM)
106 * -outform arg - output format - default PEM
107 * -in arg - input file - default stdin
108 * -out arg - output file - default stdout
109 * -verify - check request signature
110 * -noout - don't print stuff out.
111 * -text - print out human readable text.
112 * -nodes - no des encryption
113 * -config file - Load configuration file.
114 * -key file - make a request using key in file (or use it for verification).
115 * -keyform arg - key file format.
116 * -newkey - make a key and a request.
117 * -modulus - print RSA modulus.
118 * -pubkey - output Public Key.
119 * -x509 - output a self signed X509 structure instead.
120 * -asn1-kludge - output new certificate request in a format that some CA's
121 * require. This format is wrong
122 */
123
124static int make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *dn, int multirdn, 104static int make_REQ(X509_REQ * req, EVP_PKEY * pkey, char *dn, int multirdn,
125 int attribs, unsigned long chtype); 105 int attribs, unsigned long chtype);
126static int build_subject(X509_REQ * req, char *subj, unsigned long chtype, 106static int build_subject(X509_REQ * req, char *subj, unsigned long chtype,
@@ -148,41 +128,453 @@ static void exts_cleanup(OPENSSL_STRING *x);
148static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv); 128static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv);
149static CONF *req_conf = NULL; 129static CONF *req_conf = NULL;
150static CONF *addext_conf = NULL; 130static CONF *addext_conf = NULL;
151static int batch = 0; 131
132struct {
133 LHASH_OF(OPENSSL_STRING) *addexts;
134 BIO *addext_bio;
135 int batch;
136 unsigned long chtype;
137 int days;
138 const EVP_MD *digest;
139 char *extensions;
140 char *infile;
141 int informat;
142 char *keyalg;
143 char *keyfile;
144 int keyform;
145 char *keyout;
146 int kludge;
147 int modulus;
148 int multirdn;
149 int newhdr;
150 long newkey;
151 int newreq;
152 unsigned long nmflag;
153 int nodes;
154 int noout;
155 char *outfile;
156 int outformat;
157 char *passargin;
158 char *passargout;
159 STACK_OF(OPENSSL_STRING) *pkeyopts;
160 int pubkey;
161 char *req_exts;
162 unsigned long reqflag;
163 ASN1_INTEGER *serial;
164 STACK_OF(OPENSSL_STRING) *sigopts;
165 char *subj;
166 int subject;
167 char *template;
168 int text;
169 int verbose;
170 int verify;
171 int x509;
172} req_config;
173
174static int
175req_opt_addext(char *arg)
176{
177 int i;
178
179 if (req_config.addexts == NULL) {
180 req_config.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new(
181 (LHASH_HASH_FN_TYPE)ext_name_hash,
182 (LHASH_COMP_FN_TYPE)ext_name_cmp);
183 req_config.addext_bio = BIO_new(BIO_s_mem());
184 if (req_config.addexts == NULL ||
185 req_config.addext_bio == NULL)
186 return (1);
187 }
188 i = duplicated(req_config.addexts, arg);
189 if (i == 1)
190 return (1);
191 if (i < 0 || BIO_printf(req_config.addext_bio, "%s\n", arg) < 0)
192 return (1);
193
194 return (0);
195}
196
197static int
198req_opt_days(char *arg)
199{
200 const char *errstr;
201
202 req_config.days = strtonum(arg, 1, INT_MAX, &errstr);
203 if (errstr != NULL) {
204 BIO_printf(bio_err, "bad -days %s, using 0: %s\n",
205 arg, errstr);
206 req_config.days = 30;
207 }
208 return (0);
209}
210
211static int
212req_opt_digest(int argc, char **argv, int *argsused)
213{
214 char *name = argv[0];
215
216 if (*name++ != '-')
217 return (1);
218
219 if ((req_config.digest = EVP_get_digestbyname(name)) == NULL)
220 return (1);
221
222 *argsused = 1;
223 return (0);
224}
225
226static int
227req_opt_newkey(char *arg)
228{
229 req_config.keyalg = arg;
230 req_config.newreq = 1;
231 return (0);
232}
233
234static int
235req_opt_nameopt(char *arg)
236{
237 if (!set_name_ex(&req_config.nmflag, arg))
238 return (1);
239 return (0);
240}
241
242static int
243req_opt_pkeyopt(char *arg)
244{
245 if (req_config.pkeyopts == NULL)
246 req_config.pkeyopts = sk_OPENSSL_STRING_new_null();
247 if (req_config.pkeyopts == NULL)
248 return (1);
249 if (!sk_OPENSSL_STRING_push(req_config.pkeyopts, arg))
250 return (1);
251 return (0);
252}
253
254static int
255req_opt_reqopt(char *arg)
256{
257 if (!set_cert_ex(&req_config.reqflag, arg))
258 return (1);
259 return (0);
260}
261
262static int
263req_opt_set_serial(char *arg)
264{
265 req_config.serial = s2i_ASN1_INTEGER(NULL, arg);
266 if (req_config.serial == NULL)
267 return (1);
268 return (0);
269}
270
271static int
272req_opt_sigopt(char *arg)
273{
274 if (req_config.sigopts == NULL)
275 req_config.sigopts = sk_OPENSSL_STRING_new_null();
276 if (req_config.sigopts == NULL)
277 return (1);
278 if (!sk_OPENSSL_STRING_push(req_config.sigopts, arg))
279 return (1);
280 return (0);
281}
282
283static int
284req_opt_utf8(void)
285{
286 req_config.chtype = MBSTRING_UTF8;
287 return (0);
288}
289
290static const struct option req_options[] = {
291 {
292 .name = "addext",
293 .argname = "key=value",
294 .desc = "Additional certificate extension (may be repeated)",
295 .type = OPTION_ARG_FUNC,
296 .opt.argfunc = req_opt_addext,
297 },
298 {
299 .name = "asn1-kludge",
300 .type = OPTION_VALUE,
301 .opt.value = &req_config.kludge,
302 .value = 1,
303 },
304 {
305 .name = "batch",
306 .desc = "Operate in batch mode",
307 .type = OPTION_FLAG,
308 .opt.flag = &req_config.batch,
309 },
310 {
311 .name = "config",
312 .argname = "file",
313 .desc = "Configuration file to use as request template",
314 .type = OPTION_ARG,
315 .opt.arg = &req_config.template,
316 },
317 {
318 .name = "days",
319 .argname = "number",
320 .desc = "Number of days generated certificate is valid for",
321 .type = OPTION_ARG_FUNC,
322 .opt.argfunc = req_opt_days,
323 },
324 {
325 .name = "extensions",
326 .argname = "section",
327 .desc = "Config section to use for certificate extensions",
328 .type = OPTION_ARG,
329 .opt.arg = &req_config.extensions,
330 },
331 {
332 .name = "in",
333 .argname = "file",
334 .desc = "Input file (default stdin)",
335 .type = OPTION_ARG,
336 .opt.arg = &req_config.infile,
337 },
338 {
339 .name = "inform",
340 .argname = "format",
341 .desc = "Input format (DER or PEM (default))",
342 .type = OPTION_ARG_FORMAT,
343 .opt.value = &req_config.informat,
344 },
345 {
346 .name = "key",
347 .argname = "file",
348 .desc = "Private key file",
349 .type = OPTION_ARG,
350 .opt.arg = &req_config.keyfile,
351 },
352 {
353 .name = "keyform",
354 .argname = "format",
355 .desc = "Private key format (DER or PEM (default))",
356 .type = OPTION_ARG_FORMAT,
357 .opt.value = &req_config.keyform,
358 },
359 {
360 .name = "keyout",
361 .argname = "file",
362 .desc = "Private key output file",
363 .type = OPTION_ARG,
364 .opt.arg = &req_config.keyout,
365 },
366 {
367 .name = "modulus",
368 .desc = "Print RSA modulus",
369 .type = OPTION_FLAG,
370 .opt.flag = &req_config.modulus,
371 },
372 {
373 .name = "multivalue-rdn",
374 .desc = "Enable support for multivalued RDNs",
375 .type = OPTION_FLAG,
376 .opt.flag = &req_config.multirdn,
377 },
378 {
379 .name = "nameopt",
380 .argname = "arg",
381 .desc = "Certificate name options",
382 .type = OPTION_ARG_FUNC,
383 .opt.argfunc = req_opt_nameopt,
384 },
385 {
386 .name = "new",
387 .desc = "New request",
388 .type = OPTION_FLAG,
389 .opt.flag = &req_config.newreq,
390 },
391 {
392 .name = "newhdr",
393 .desc = "Include 'NEW' in header lines",
394 .type = OPTION_FLAG,
395 .opt.flag = &req_config.newhdr,
396 },
397 {
398 .name = "newkey",
399 .argname = "param",
400 .desc = "Generate a new key using given parameters",
401 .type = OPTION_ARG_FUNC,
402 .opt.argfunc = req_opt_newkey,
403 },
404 {
405 .name = "no-asn1-kludge",
406 .type = OPTION_VALUE,
407 .opt.value = &req_config.kludge,
408 .value = 0,
409 },
410 {
411 .name = "nodes",
412 .desc = "Do not encrypt output private key",
413 .type = OPTION_FLAG,
414 .opt.flag = &req_config.nodes,
415 },
416 {
417 .name = "noout",
418 .desc = "Do not output request",
419 .type = OPTION_FLAG,
420 .opt.flag = &req_config.noout,
421 },
422 {
423 .name = "out",
424 .argname = "file",
425 .desc = "Output file (default stdout)",
426 .type = OPTION_ARG,
427 .opt.arg = &req_config.outfile,
428 },
429 {
430 .name = "outform",
431 .argname = "format",
432 .desc = "Output format (DER or PEM (default))",
433 .type = OPTION_ARG_FORMAT,
434 .opt.value = &req_config.outformat,
435 },
436 {
437 .name = "passin",
438 .argname = "source",
439 .desc = "Private key input password source",
440 .type = OPTION_ARG,
441 .opt.arg = &req_config.passargin,
442 },
443 {
444 .name = "passout",
445 .argname = "source",
446 .desc = "Private key output password source",
447 .type = OPTION_ARG,
448 .opt.arg = &req_config.passargout,
449 },
450 {
451 .name = "pkeyopt",
452 .argname = "opt:val",
453 .desc = "Set the public key algorithm option opt to val",
454 .type = OPTION_ARG_FUNC,
455 .opt.argfunc = req_opt_pkeyopt,
456 },
457 {
458 .name = "pubkey",
459 .desc = "Output the public key",
460 .type = OPTION_FLAG,
461 .opt.flag = &req_config.pubkey,
462 },
463 {
464 .name = "reqexts",
465 .argname = "section",
466 .desc = "Config section to use for request extensions",
467 .type = OPTION_ARG,
468 .opt.arg = &req_config.req_exts,
469 },
470 {
471 .name = "reqopt",
472 .argname = "option",
473 .desc = "Request text options",
474 .type = OPTION_ARG_FUNC,
475 .opt.argfunc = req_opt_reqopt,
476 },
477 {
478 .name = "set_serial",
479 .argname = "serial",
480 .desc = "Serial number to use for generated certificate",
481 .type = OPTION_ARG_FUNC,
482 .opt.argfunc = req_opt_set_serial,
483 },
484 {
485 .name = "sigopt",
486 .argname = "name:val",
487 .desc = "Signature options",
488 .type = OPTION_ARG_FUNC,
489 .opt.argfunc = req_opt_sigopt,
490 },
491 {
492 .name = "subj",
493 .argname = "name",
494 .desc = "Set or modify the request subject",
495 .type = OPTION_ARG,
496 .opt.arg = &req_config.subj,
497 },
498 {
499 .name = "subject",
500 .desc = "Output the subject of the request",
501 .type = OPTION_FLAG,
502 .opt.flag = &req_config.subject,
503 },
504 {
505 .name = "text",
506 .desc = "Print request in text form",
507 .type = OPTION_FLAG,
508 .opt.flag = &req_config.text,
509 },
510 {
511 .name = "utf8",
512 .desc = "Input characters are in UTF-8 (default ASCII)",
513 .type = OPTION_FUNC,
514 .opt.func = req_opt_utf8,
515 },
516 {
517 .name = "verbose",
518 .desc = "Verbose",
519 .type = OPTION_FLAG,
520 .opt.flag = &req_config.verbose,
521 },
522 {
523 .name = "verify",
524 .desc = "Verify signature on request",
525 .type = OPTION_FLAG,
526 .opt.flag = &req_config.verify,
527 },
528 {
529 .name = "x509",
530 .desc = "Output an X.509 structure instead of a certificate request",
531 .type = OPTION_FLAG,
532 .opt.flag = &req_config.x509,
533 },
534 {
535 .name = NULL,
536 .desc = "",
537 .type = OPTION_ARGV_FUNC,
538 .opt.argvfunc = req_opt_digest,
539 },
540 { NULL },
541};
542
543static void
544req_usage(void)
545{
546 fprintf(stderr,
547 "usage: req [-addext ext] [-asn1-kludge] [-batch] [-config file]\n"
548 " [-days n] [-extensions section] [-in file]\n"
549 " [-inform der | pem] [-key keyfile] [-keyform der | pem]\n"
550 " [-keyout file] [-md4 | -md5 | -sha1] [-modulus]\n"
551 " [-multivalue-rdn] [-nameopt option] [-new] [-newhdr]\n"
552 " [-newkey arg] [-no-asn1-kludge] [-nodes] [-noout]\n"
553 " [-out file] [-outform der | pem] [-passin arg]\n"
554 " [-passout arg] [-pkeyopt opt:value] [-pubkey]\n"
555 " [-reqexts section] [-reqopt option] [-set_serial n]\n"
556 " [-sigopt nm:v] [-subj arg] [-subject] [-text] [-utf8]\n"
557 " [-verbose] [-verify] [-x509]\n\n");
558
559 options_usage(req_options);
560 fprintf(stderr, "\n");
561}
152 562
153int 563int
154req_main(int argc, char **argv) 564req_main(int argc, char **argv)
155{ 565{
156 unsigned long nmflag = 0, reqflag = 0; 566 int ex = 1;
157 int ex = 1, x509 = 0, days = 30;
158 X509 *x509ss = NULL; 567 X509 *x509ss = NULL;
159 X509_REQ *req = NULL; 568 X509_REQ *req = NULL;
160 EVP_PKEY_CTX *genctx = NULL; 569 EVP_PKEY_CTX *genctx = NULL;
161 const char *keyalg = NULL;
162 char *keyalgstr = NULL; 570 char *keyalgstr = NULL;
163 STACK_OF(OPENSSL_STRING) * pkeyopts = NULL, *sigopts = NULL; 571 const EVP_CIPHER *cipher = NULL;
164 LHASH_OF(OPENSSL_STRING) *addexts = NULL;
165 EVP_PKEY *pkey = NULL; 572 EVP_PKEY *pkey = NULL;
166 int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = -1; 573 int i = 0, pkey_type = -1;
167 long newkey = -1;
168 BIO *in = NULL, *out = NULL; 574 BIO *in = NULL, *out = NULL;
169 int informat, outformat, verify = 0, noout = 0, text = 0, keyform = FORMAT_PEM;
170 int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
171 char *infile, *outfile, *prog, *keyfile = NULL, *template = NULL,
172 *keyout = NULL;
173 BIO *addext_bio = NULL;
174 char *extensions = NULL;
175 char *req_exts = NULL;
176 const EVP_CIPHER *cipher = NULL;
177 ASN1_INTEGER *serial = NULL;
178 int modulus = 0;
179 char *passargin = NULL, *passargout = NULL;
180 char *passin = NULL, *passout = NULL; 575 char *passin = NULL, *passout = NULL;
576 const EVP_MD *md_alg = NULL;
181 char *p; 577 char *p;
182 char *subj = NULL;
183 int multirdn = 0;
184 const EVP_MD *md_alg = NULL, *digest = NULL;
185 unsigned long chtype = MBSTRING_ASC;
186 578
187 if (single_execution) { 579 if (single_execution) {
188 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 580 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
@@ -191,235 +583,37 @@ req_main(int argc, char **argv)
191 } 583 }
192 } 584 }
193 585
194 req_conf = NULL; 586 memset(&req_config, 0, sizeof(req_config));
195 cipher = EVP_aes_256_cbc();
196 digest = EVP_sha256();
197
198 infile = NULL;
199 outfile = NULL;
200 informat = FORMAT_PEM;
201 outformat = FORMAT_PEM;
202
203 prog = argv[0];
204 argc--;
205 argv++;
206 while (argc >= 1) {
207 if (strcmp(*argv, "-inform") == 0) {
208 if (--argc < 1)
209 goto bad;
210 informat = str2fmt(*(++argv));
211 } else if (strcmp(*argv, "-outform") == 0) {
212 if (--argc < 1)
213 goto bad;
214 outformat = str2fmt(*(++argv));
215 }
216 else if (strcmp(*argv, "-key") == 0) {
217 if (--argc < 1)
218 goto bad;
219 keyfile = *(++argv);
220 } else if (strcmp(*argv, "-pubkey") == 0) {
221 pubkey = 1;
222 } else if (strcmp(*argv, "-new") == 0) {
223 newreq = 1;
224 } else if (strcmp(*argv, "-config") == 0) {
225 if (--argc < 1)
226 goto bad;
227 template = *(++argv);
228 } else if (strcmp(*argv, "-keyform") == 0) {
229 if (--argc < 1)
230 goto bad;
231 keyform = str2fmt(*(++argv));
232 } else if (strcmp(*argv, "-in") == 0) {
233 if (--argc < 1)
234 goto bad;
235 infile = *(++argv);
236 } else if (strcmp(*argv, "-out") == 0) {
237 if (--argc < 1)
238 goto bad;
239 outfile = *(++argv);
240 } else if (strcmp(*argv, "-keyout") == 0) {
241 if (--argc < 1)
242 goto bad;
243 keyout = *(++argv);
244 } else if (strcmp(*argv, "-passin") == 0) {
245 if (--argc < 1)
246 goto bad;
247 passargin = *(++argv);
248 } else if (strcmp(*argv, "-passout") == 0) {
249 if (--argc < 1)
250 goto bad;
251 passargout = *(++argv);
252 } else if (strcmp(*argv, "-newkey") == 0) {
253 if (--argc < 1)
254 goto bad;
255 keyalg = *(++argv);
256 newreq = 1;
257 } else if (strcmp(*argv, "-pkeyopt") == 0) {
258 if (--argc < 1)
259 goto bad;
260 if (!pkeyopts)
261 pkeyopts = sk_OPENSSL_STRING_new_null();
262 if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
263 goto bad;
264 } else if (strcmp(*argv, "-sigopt") == 0) {
265 if (--argc < 1)
266 goto bad;
267 if (!sigopts)
268 sigopts = sk_OPENSSL_STRING_new_null();
269 if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
270 goto bad;
271 } else if (strcmp(*argv, "-batch") == 0)
272 batch = 1;
273 else if (strcmp(*argv, "-newhdr") == 0)
274 newhdr = 1;
275 else if (strcmp(*argv, "-modulus") == 0)
276 modulus = 1;
277 else if (strcmp(*argv, "-verify") == 0)
278 verify = 1;
279 else if (strcmp(*argv, "-nodes") == 0)
280 nodes = 1;
281 else if (strcmp(*argv, "-noout") == 0)
282 noout = 1;
283 else if (strcmp(*argv, "-verbose") == 0)
284 verbose = 1;
285 else if (strcmp(*argv, "-utf8") == 0)
286 chtype = MBSTRING_UTF8;
287 else if (strcmp(*argv, "-nameopt") == 0) {
288 if (--argc < 1)
289 goto bad;
290 if (!set_name_ex(&nmflag, *(++argv)))
291 goto bad;
292 } else if (strcmp(*argv, "-reqopt") == 0) {
293 if (--argc < 1)
294 goto bad;
295 if (!set_cert_ex(&reqflag, *(++argv)))
296 goto bad;
297 } else if (strcmp(*argv, "-subject") == 0)
298 subject = 1;
299 else if (strcmp(*argv, "-text") == 0)
300 text = 1;
301 else if (strcmp(*argv, "-x509") == 0)
302 x509 = 1;
303 else if (strcmp(*argv, "-asn1-kludge") == 0)
304 kludge = 1;
305 else if (strcmp(*argv, "-no-asn1-kludge") == 0)
306 kludge = 0;
307 else if (strcmp(*argv, "-subj") == 0) {
308 if (--argc < 1)
309 goto bad;
310 subj = *(++argv);
311 } else if (strcmp(*argv, "-multivalue-rdn") == 0)
312 multirdn = 1;
313 else if (strcmp(*argv, "-days") == 0) {
314 const char *errstr;
315
316 if (--argc < 1)
317 goto bad;
318 days = strtonum(*(++argv), 1, INT_MAX, &errstr);
319 if (errstr) {
320 BIO_printf(bio_err, "bad -days %s, using 0: %s\n",
321 *argv, errstr);
322 days = 30;
323 }
324 } else if (strcmp(*argv, "-set_serial") == 0) {
325 if (--argc < 1)
326 goto bad;
327 serial = s2i_ASN1_INTEGER(NULL, *(++argv));
328 if (!serial)
329 goto bad;
330 } else if (strcmp(*argv, "-addext") == 0) {
331 if (--argc < 1)
332 goto bad;
333 p = *(++argv);
334 if (addexts == NULL) {
335 addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new(
336 (LHASH_HASH_FN_TYPE)ext_name_hash,
337 (LHASH_COMP_FN_TYPE)ext_name_cmp);
338 addext_bio = BIO_new(BIO_s_mem());
339 if (addexts == NULL || addext_bio == NULL)
340 goto bad;
341 }
342 i = duplicated(addexts, p);
343 if (i == 1)
344 goto bad;
345 if (i < 0 || BIO_printf(addext_bio, "%s\n", p) < 0)
346 goto bad;
347 } else if (strcmp(*argv, "-extensions") == 0) {
348 if (--argc < 1)
349 goto bad;
350 extensions = *(++argv);
351 } else if (strcmp(*argv, "-reqexts") == 0) {
352 if (--argc < 1)
353 goto bad;
354 req_exts = *(++argv);
355 } else if ((md_alg = EVP_get_digestbyname(&((*argv)[1]))) != NULL) {
356 /* ok */
357 digest = md_alg;
358 } else {
359 BIO_printf(bio_err, "unknown option %s\n", *argv);
360 badops = 1;
361 break;
362 }
363 argc--;
364 argv++;
365 }
366 587
367 if (badops) { 588 req_config.chtype = MBSTRING_ASC;
368 bad: 589 req_config.days = 30;
369 BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog); 590 req_config.digest = EVP_sha256();
370 BIO_printf(bio_err, "where options are\n"); 591 req_config.newkey = -1;
371 BIO_printf(bio_err, " -inform arg input format - DER or PEM\n"); 592 req_config.informat = FORMAT_PEM;
372 BIO_printf(bio_err, " -outform arg output format - DER or PEM\n"); 593 req_config.keyform = FORMAT_PEM;
373 BIO_printf(bio_err, " -in arg input file\n"); 594 req_config.outformat = FORMAT_PEM;
374 BIO_printf(bio_err, " -out arg output file\n"); 595
375 BIO_printf(bio_err, " -text text form of request\n"); 596 if (options_parse(argc, argv, req_options, NULL, NULL) != 0) {
376 BIO_printf(bio_err, " -pubkey output public key\n"); 597 req_usage();
377 BIO_printf(bio_err, " -noout do not output REQ\n"); 598 return (1);
378 BIO_printf(bio_err, " -verify verify signature on REQ\n");
379 BIO_printf(bio_err, " -modulus RSA modulus\n");
380 BIO_printf(bio_err, " -nodes don't encrypt the output key\n");
381 BIO_printf(bio_err, " -subject output the request's subject\n");
382 BIO_printf(bio_err, " -passin private key password source\n");
383 BIO_printf(bio_err, " -key file use the private key contained in file\n");
384 BIO_printf(bio_err, " -keyform arg key file format\n");
385 BIO_printf(bio_err, " -keyout arg file to send the key to\n");
386 BIO_printf(bio_err, " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
387 BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
388 BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
389 BIO_printf(bio_err, " -[digest] Digest to sign with (md5, sha1, md4)\n");
390 BIO_printf(bio_err, " -config file request template file.\n");
391 BIO_printf(bio_err, " -subj arg set or modify request subject\n");
392 BIO_printf(bio_err, " -multivalue-rdn enable support for multivalued RDNs\n");
393 BIO_printf(bio_err, " -new new request.\n");
394 BIO_printf(bio_err, " -batch do not ask anything during request generation\n");
395 BIO_printf(bio_err, " -x509 output a x509 structure instead of a cert. req.\n");
396 BIO_printf(bio_err, " -days number of days a certificate generated by -x509 is valid for.\n");
397 BIO_printf(bio_err, " -set_serial serial number to use for a certificate generated by -x509.\n");
398 BIO_printf(bio_err, " -newhdr output \"NEW\" in the header lines\n");
399 BIO_printf(bio_err, " -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
400 BIO_printf(bio_err, " have been reported as requiring\n");
401 BIO_printf(bio_err, " -addext .. additional cert extension key=value pair (may be given more than once)\n");
402 BIO_printf(bio_err, " -extensions .. specify certificate extension section (override value in config file)\n");
403 BIO_printf(bio_err, " -reqexts .. specify request extension section (override value in config file)\n");
404 BIO_printf(bio_err, " -utf8 input characters are UTF8 (default ASCII)\n");
405 BIO_printf(bio_err, " -nameopt arg - various certificate name options\n");
406 BIO_printf(bio_err, " -reqopt arg - various request text options\n\n");
407 goto end;
408 } 599 }
409 600
410 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 601 req_conf = NULL;
602 cipher = EVP_aes_256_cbc();
603
604 if (!app_passwd(bio_err, req_config.passargin, req_config.passargout, &passin, &passout)) {
411 BIO_printf(bio_err, "Error getting passwords\n"); 605 BIO_printf(bio_err, "Error getting passwords\n");
412 goto end; 606 goto end;
413 } 607 }
414 if (template != NULL) { 608 if (req_config.template != NULL) {
415 long errline = -1; 609 long errline = -1;
416 610
417 if (verbose) 611 if (req_config.verbose)
418 BIO_printf(bio_err, "Using configuration from %s\n", template); 612 BIO_printf(bio_err, "Using configuration from %s\n", req_config.template);
419 if ((req_conf = NCONF_new(NULL)) == NULL) 613 if ((req_conf = NCONF_new(NULL)) == NULL)
420 goto end; 614 goto end;
421 if(!NCONF_load(req_conf, template, &errline)) { 615 if(!NCONF_load(req_conf, req_config.template, &errline)) {
422 BIO_printf(bio_err, "error on line %ld of %s\n", errline, template); 616 BIO_printf(bio_err, "error on line %ld of %s\n", errline, req_config.template);
423 goto end; 617 goto end;
424 } 618 }
425 } else { 619 } else {
@@ -427,21 +621,21 @@ req_main(int argc, char **argv)
427 621
428 if (req_conf == NULL) { 622 if (req_conf == NULL) {
429 BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); 623 BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file);
430 if (newreq) 624 if (req_config.newreq)
431 goto end; 625 goto end;
432 } else if (verbose) 626 } else if (req_config.verbose)
433 BIO_printf(bio_err, "Using configuration from %s\n", 627 BIO_printf(bio_err, "Using configuration from %s\n",
434 default_config_file); 628 default_config_file);
435 } 629 }
436 630
437 if (addext_bio != NULL) { 631 if (req_config.addext_bio != NULL) {
438 long errline = -1; 632 long errline = -1;
439 if (verbose) 633 if (req_config.verbose)
440 BIO_printf(bio_err, 634 BIO_printf(bio_err,
441 "Using additional configuration from command line\n"); 635 "Using additional configuration from command line\n");
442 if ((addext_conf = NCONF_new(NULL)) == NULL) 636 if ((addext_conf = NCONF_new(NULL)) == NULL)
443 goto end; 637 goto end;
444 if (!NCONF_load_bio(addext_conf, addext_bio, &errline)) { 638 if (!NCONF_load_bio(addext_conf, req_config.addext_bio, &errline)) {
445 BIO_printf(bio_err, 639 BIO_printf(bio_err,
446 "req: Error on line %ld of config input\n", 640 "req: Error on line %ld of config input\n",
447 errline); 641 errline);
@@ -479,22 +673,22 @@ req_main(int argc, char **argv)
479 ERR_clear_error(); 673 ERR_clear_error();
480 if (p != NULL) { 674 if (p != NULL) {
481 if ((md_alg = EVP_get_digestbyname(p)) != NULL) 675 if ((md_alg = EVP_get_digestbyname(p)) != NULL)
482 digest = md_alg; 676 req_config.digest = md_alg;
483 } 677 }
484 } 678 }
485 if (!extensions) { 679 if (!req_config.extensions) {
486 extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); 680 req_config.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
487 if (!extensions) 681 if (!req_config.extensions)
488 ERR_clear_error(); 682 ERR_clear_error();
489 } 683 }
490 if (extensions) { 684 if (req_config.extensions) {
491 /* Check syntax of file */ 685 /* Check syntax of file */
492 X509V3_CTX ctx; 686 X509V3_CTX ctx;
493 X509V3_set_ctx_test(&ctx); 687 X509V3_set_ctx_test(&ctx);
494 X509V3_set_nconf(&ctx, req_conf); 688 X509V3_set_nconf(&ctx, req_conf);
495 if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { 689 if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.extensions, NULL)) {
496 BIO_printf(bio_err, 690 BIO_printf(bio_err,
497 "Error Loading extension section %s\n", extensions); 691 "Error Loading extension section %s\n", req_config.extensions);
498 goto end; 692 goto end;
499 } 693 }
500 } 694 }
@@ -527,27 +721,27 @@ req_main(int argc, char **argv)
527 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); 721 BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
528 goto end; 722 goto end;
529 } 723 }
530 if (chtype != MBSTRING_UTF8) { 724 if (req_config.chtype != MBSTRING_UTF8) {
531 p = NCONF_get_string(req_conf, SECTION, UTF8_IN); 725 p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
532 if (!p) 726 if (!p)
533 ERR_clear_error(); 727 ERR_clear_error();
534 else if (!strcmp(p, "yes")) 728 else if (!strcmp(p, "yes"))
535 chtype = MBSTRING_UTF8; 729 req_config.chtype = MBSTRING_UTF8;
536 } 730 }
537 if (!req_exts) { 731 if (!req_config.req_exts) {
538 req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); 732 req_config.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
539 if (!req_exts) 733 if (!req_config.req_exts)
540 ERR_clear_error(); 734 ERR_clear_error();
541 } 735 }
542 if (req_exts) { 736 if (req_config.req_exts) {
543 /* Check syntax of file */ 737 /* Check syntax of file */
544 X509V3_CTX ctx; 738 X509V3_CTX ctx;
545 X509V3_set_ctx_test(&ctx); 739 X509V3_set_ctx_test(&ctx);
546 X509V3_set_nconf(&ctx, req_conf); 740 X509V3_set_nconf(&ctx, req_conf);
547 if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { 741 if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.req_exts, NULL)) {
548 BIO_printf(bio_err, 742 BIO_printf(bio_err,
549 "Error Loading request extension section %s\n", 743 "Error Loading request extension section %s\n",
550 req_exts); 744 req_config.req_exts);
551 goto end; 745 goto end;
552 } 746 }
553 } 747 }
@@ -556,8 +750,8 @@ req_main(int argc, char **argv)
556 if ((in == NULL) || (out == NULL)) 750 if ((in == NULL) || (out == NULL))
557 goto end; 751 goto end;
558 752
559 if (keyfile != NULL) { 753 if (req_config.keyfile != NULL) {
560 pkey = load_key(bio_err, keyfile, keyform, 0, passin, 754 pkey = load_key(bio_err, req_config.keyfile, req_config.keyform, 0, passin,
561 "Private Key"); 755 "Private Key");
562 if (!pkey) { 756 if (!pkey) {
563 /* 757 /*
@@ -567,31 +761,31 @@ req_main(int argc, char **argv)
567 goto end; 761 goto end;
568 } 762 }
569 } 763 }
570 if (newreq && (pkey == NULL)) { 764 if (req_config.newreq && (pkey == NULL)) {
571 if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) { 765 if (!NCONF_get_number(req_conf, SECTION, BITS, &req_config.newkey)) {
572 newkey = DEFAULT_KEY_LENGTH; 766 req_config.newkey = DEFAULT_KEY_LENGTH;
573 } 767 }
574 if (keyalg) { 768 if (req_config.keyalg) {
575 genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, 769 genctx = set_keygen_ctx(bio_err, req_config.keyalg, &pkey_type, &req_config.newkey,
576 &keyalgstr); 770 &keyalgstr);
577 if (!genctx) 771 if (!genctx)
578 goto end; 772 goto end;
579 } 773 }
580 if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { 774 if (req_config.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
581 BIO_printf(bio_err, "private key length is too short,\n"); 775 BIO_printf(bio_err, "private key length is too short,\n");
582 BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, newkey); 776 BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, req_config.newkey);
583 goto end; 777 goto end;
584 } 778 }
585 if (!genctx) { 779 if (!genctx) {
586 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey, 780 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &req_config.newkey,
587 &keyalgstr); 781 &keyalgstr);
588 if (!genctx) 782 if (!genctx)
589 goto end; 783 goto end;
590 } 784 }
591 if (pkeyopts) { 785 if (req_config.pkeyopts) {
592 char *genopt; 786 char *genopt;
593 for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) { 787 for (i = 0; i < sk_OPENSSL_STRING_num(req_config.pkeyopts); i++) {
594 genopt = sk_OPENSSL_STRING_value(pkeyopts, i); 788 genopt = sk_OPENSSL_STRING_value(req_config.pkeyopts, i);
595 if (pkey_ctrl_string(genctx, genopt) <= 0) { 789 if (pkey_ctrl_string(genctx, genopt) <= 0) {
596 BIO_printf(bio_err, 790 BIO_printf(bio_err,
597 "parameter error \"%s\"\n", 791 "parameter error \"%s\"\n",
@@ -602,7 +796,7 @@ req_main(int argc, char **argv)
602 } 796 }
603 } 797 }
604 BIO_printf(bio_err, "Generating a %ld bit %s private key\n", 798 BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
605 newkey, keyalgstr); 799 req_config.newkey, keyalgstr);
606 800
607 EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); 801 EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
608 EVP_PKEY_CTX_set_app_data(genctx, bio_err); 802 EVP_PKEY_CTX_set_app_data(genctx, bio_err);
@@ -614,18 +808,18 @@ req_main(int argc, char **argv)
614 EVP_PKEY_CTX_free(genctx); 808 EVP_PKEY_CTX_free(genctx);
615 genctx = NULL; 809 genctx = NULL;
616 810
617 if (keyout == NULL) { 811 if (req_config.keyout == NULL) {
618 keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); 812 req_config.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
619 if (keyout == NULL) 813 if (req_config.keyout == NULL)
620 ERR_clear_error(); 814 ERR_clear_error();
621 } 815 }
622 if (keyout == NULL) { 816 if (req_config.keyout == NULL) {
623 BIO_printf(bio_err, "writing new private key to stdout\n"); 817 BIO_printf(bio_err, "writing new private key to stdout\n");
624 BIO_set_fp(out, stdout, BIO_NOCLOSE); 818 BIO_set_fp(out, stdout, BIO_NOCLOSE);
625 } else { 819 } else {
626 BIO_printf(bio_err, "writing new private key to '%s'\n", keyout); 820 BIO_printf(bio_err, "writing new private key to '%s'\n", req_config.keyout);
627 if (BIO_write_filename(out, keyout) <= 0) { 821 if (BIO_write_filename(out, req_config.keyout) <= 0) {
628 perror(keyout); 822 perror(req_config.keyout);
629 goto end; 823 goto end;
630 } 824 }
631 } 825 }
@@ -639,7 +833,7 @@ req_main(int argc, char **argv)
639 } 833 }
640 if ((p != NULL) && (strcmp(p, "no") == 0)) 834 if ((p != NULL) && (strcmp(p, "no") == 0))
641 cipher = NULL; 835 cipher = NULL;
642 if (nodes) 836 if (req_config.nodes)
643 cipher = NULL; 837 cipher = NULL;
644 838
645 i = 0; 839 i = 0;
@@ -656,24 +850,24 @@ req_main(int argc, char **argv)
656 } 850 }
657 BIO_printf(bio_err, "-----\n"); 851 BIO_printf(bio_err, "-----\n");
658 } 852 }
659 if (!newreq) { 853 if (!req_config.newreq) {
660 /* 854 /*
661 * Since we are using a pre-existing certificate request, the 855 * Since we are using a pre-existing certificate request, the
662 * kludge 'format' info should not be changed. 856 * kludge 'format' info should not be changed.
663 */ 857 */
664 kludge = -1; 858 req_config.kludge = -1;
665 if (infile == NULL) 859 if (req_config.infile == NULL)
666 BIO_set_fp(in, stdin, BIO_NOCLOSE); 860 BIO_set_fp(in, stdin, BIO_NOCLOSE);
667 else { 861 else {
668 if (BIO_read_filename(in, infile) <= 0) { 862 if (BIO_read_filename(in, req_config.infile) <= 0) {
669 perror(infile); 863 perror(req_config.infile);
670 goto end; 864 goto end;
671 } 865 }
672 } 866 }
673 867
674 if (informat == FORMAT_ASN1) 868 if (req_config.informat == FORMAT_ASN1)
675 req = d2i_X509_REQ_bio(in, NULL); 869 req = d2i_X509_REQ_bio(in, NULL);
676 else if (informat == FORMAT_PEM) 870 else if (req_config.informat == FORMAT_PEM)
677 req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); 871 req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
678 else { 872 else {
679 BIO_printf(bio_err, "bad input format specified for X509 request\n"); 873 BIO_printf(bio_err, "bad input format specified for X509 request\n");
@@ -684,7 +878,7 @@ req_main(int argc, char **argv)
684 goto end; 878 goto end;
685 } 879 }
686 } 880 }
687 if (newreq || x509) { 881 if (req_config.newreq || req_config.x509) {
688 if (pkey == NULL) { 882 if (pkey == NULL) {
689 BIO_printf(bio_err, "you need to specify a private key\n"); 883 BIO_printf(bio_err, "you need to specify a private key\n");
690 goto end; 884 goto end;
@@ -694,9 +888,9 @@ req_main(int argc, char **argv)
694 if (req == NULL) { 888 if (req == NULL) {
695 goto end; 889 goto end;
696 } 890 }
697 i = make_REQ(req, pkey, subj, multirdn, !x509, chtype); 891 i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype);
698 subj = NULL; /* done processing '-subj' option */ 892 req_config.subj = NULL; /* done processing '-subj' option */
699 if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) { 893 if ((req_config.kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) {
700 sk_X509_ATTRIBUTE_free(req->req_info->attributes); 894 sk_X509_ATTRIBUTE_free(req->req_info->attributes);
701 req->req_info->attributes = NULL; 895 req->req_info->attributes = NULL;
702 } 896 }
@@ -705,18 +899,18 @@ req_main(int argc, char **argv)
705 goto end; 899 goto end;
706 } 900 }
707 } 901 }
708 if (x509) { 902 if (req_config.x509) {
709 EVP_PKEY *tmppkey; 903 EVP_PKEY *tmppkey;
710 X509V3_CTX ext_ctx; 904 X509V3_CTX ext_ctx;
711 if ((x509ss = X509_new()) == NULL) 905 if ((x509ss = X509_new()) == NULL)
712 goto end; 906 goto end;
713 907
714 /* Set version to V3 */ 908 /* Set version to V3 */
715 if ((extensions != NULL || addext_conf != NULL) && 909 if ((req_config.extensions != NULL || addext_conf != NULL) &&
716 !X509_set_version(x509ss, 2)) 910 !X509_set_version(x509ss, 2))
717 goto end; 911 goto end;
718 if (serial) { 912 if (req_config.serial) {
719 if (!X509_set_serialNumber(x509ss, serial)) 913 if (!X509_set_serialNumber(x509ss, req_config.serial))
720 goto end; 914 goto end;
721 } else { 915 } else {
722 if (!rand_serial(NULL, 916 if (!rand_serial(NULL,
@@ -728,7 +922,7 @@ req_main(int argc, char **argv)
728 goto end; 922 goto end;
729 if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) 923 if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
730 goto end; 924 goto end;
731 if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) 925 if (!X509_time_adj_ex(X509_get_notAfter(x509ss), req_config.days, 0, NULL))
732 goto end; 926 goto end;
733 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) 927 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req)))
734 goto end; 928 goto end;
@@ -743,11 +937,11 @@ req_main(int argc, char **argv)
743 X509V3_set_nconf(&ext_ctx, req_conf); 937 X509V3_set_nconf(&ext_ctx, req_conf);
744 938
745 /* Add extensions */ 939 /* Add extensions */
746 if (extensions && !X509V3_EXT_add_nconf(req_conf, 940 if (req_config.extensions && !X509V3_EXT_add_nconf(req_conf,
747 &ext_ctx, extensions, x509ss)) { 941 &ext_ctx, req_config.extensions, x509ss)) {
748 BIO_printf(bio_err, 942 BIO_printf(bio_err,
749 "Error Loading extension section %s\n", 943 "Error Loading extension section %s\n",
750 extensions); 944 req_config.extensions);
751 goto end; 945 goto end;
752 } 946 }
753 if (addext_conf != NULL && 947 if (addext_conf != NULL &&
@@ -757,7 +951,7 @@ req_main(int argc, char **argv)
757 "Error Loading command line extensions\n"); 951 "Error Loading command line extensions\n");
758 goto end; 952 goto end;
759 } 953 }
760 i = do_X509_sign(bio_err, x509ss, pkey, digest, sigopts); 954 i = do_X509_sign(bio_err, x509ss, pkey, req_config.digest, req_config.sigopts);
761 if (!i) { 955 if (!i) {
762 ERR_print_errors(bio_err); 956 ERR_print_errors(bio_err);
763 goto end; 957 goto end;
@@ -771,11 +965,11 @@ req_main(int argc, char **argv)
771 X509V3_set_nconf(&ext_ctx, req_conf); 965 X509V3_set_nconf(&ext_ctx, req_conf);
772 966
773 /* Add extensions */ 967 /* Add extensions */
774 if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 968 if (req_config.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
775 &ext_ctx, req_exts, req)) { 969 &ext_ctx, req_config.req_exts, req)) {
776 BIO_printf(bio_err, 970 BIO_printf(bio_err,
777 "Error Loading extension section %s\n", 971 "Error Loading extension section %s\n",
778 req_exts); 972 req_config.req_exts);
779 goto end; 973 goto end;
780 } 974 }
781 if (addext_conf != NULL && 975 if (addext_conf != NULL &&
@@ -785,34 +979,34 @@ req_main(int argc, char **argv)
785 "Error Loading command line extensions\n"); 979 "Error Loading command line extensions\n");
786 goto end; 980 goto end;
787 } 981 }
788 i = do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts); 982 i = do_X509_REQ_sign(bio_err, req, pkey, req_config.digest, req_config.sigopts);
789 if (!i) { 983 if (!i) {
790 ERR_print_errors(bio_err); 984 ERR_print_errors(bio_err);
791 goto end; 985 goto end;
792 } 986 }
793 } 987 }
794 } 988 }
795 if (subj && x509) { 989 if (req_config.subj && req_config.x509) {
796 BIO_printf(bio_err, "Cannot modifiy certificate subject\n"); 990 BIO_printf(bio_err, "Cannot modify certificate subject\n");
797 goto end; 991 goto end;
798 } 992 }
799 if (subj && !x509) { 993 if (req_config.subj && !req_config.x509) {
800 if (verbose) { 994 if (req_config.verbose) {
801 BIO_printf(bio_err, "Modifying Request's Subject\n"); 995 BIO_printf(bio_err, "Modifying Request's Subject\n");
802 print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag); 996 print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), req_config.nmflag);
803 } 997 }
804 if (build_subject(req, subj, chtype, multirdn) == 0) { 998 if (build_subject(req, req_config.subj, req_config.chtype, req_config.multirdn) == 0) {
805 BIO_printf(bio_err, "ERROR: cannot modify subject\n"); 999 BIO_printf(bio_err, "ERROR: cannot modify subject\n");
806 ex = 1; 1000 ex = 1;
807 goto end; 1001 goto end;
808 } 1002 }
809 req->req_info->enc.modified = 1; 1003 req->req_info->enc.modified = 1;
810 1004
811 if (verbose) { 1005 if (req_config.verbose) {
812 print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag); 1006 print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), req_config.nmflag);
813 } 1007 }
814 } 1008 }
815 if (verify && !x509) { 1009 if (req_config.verify && !req_config.x509) {
816 int tmp = 0; 1010 int tmp = 0;
817 1011
818 if (pkey == NULL) { 1012 if (pkey == NULL) {
@@ -834,24 +1028,24 @@ req_main(int argc, char **argv)
834 } else /* if (i > 0) */ 1028 } else /* if (i > 0) */
835 BIO_printf(bio_err, "verify OK\n"); 1029 BIO_printf(bio_err, "verify OK\n");
836 } 1030 }
837 if (noout && !text && !modulus && !subject && !pubkey) { 1031 if (req_config.noout && !req_config.text && !req_config.modulus && !req_config.subject && !req_config.pubkey) {
838 ex = 0; 1032 ex = 0;
839 goto end; 1033 goto end;
840 } 1034 }
841 if (outfile == NULL) { 1035 if (req_config.outfile == NULL) {
842 BIO_set_fp(out, stdout, BIO_NOCLOSE); 1036 BIO_set_fp(out, stdout, BIO_NOCLOSE);
843 } else { 1037 } else {
844 if ((keyout != NULL) && (strcmp(outfile, keyout) == 0)) 1038 if ((req_config.keyout != NULL) && (strcmp(req_config.outfile, req_config.keyout) == 0))
845 i = (int) BIO_append_filename(out, outfile); 1039 i = (int) BIO_append_filename(out, req_config.outfile);
846 else 1040 else
847 i = (int) BIO_write_filename(out, outfile); 1041 i = (int) BIO_write_filename(out, req_config.outfile);
848 if (!i) { 1042 if (!i) {
849 perror(outfile); 1043 perror(req_config.outfile);
850 goto end; 1044 goto end;
851 } 1045 }
852 } 1046 }
853 1047
854 if (pubkey) { 1048 if (req_config.pubkey) {
855 EVP_PKEY *tpubkey; 1049 EVP_PKEY *tpubkey;
856 tpubkey = X509_REQ_get_pubkey(req); 1050 tpubkey = X509_REQ_get_pubkey(req);
857 if (tpubkey == NULL) { 1051 if (tpubkey == NULL) {
@@ -862,22 +1056,22 @@ req_main(int argc, char **argv)
862 PEM_write_bio_PUBKEY(out, tpubkey); 1056 PEM_write_bio_PUBKEY(out, tpubkey);
863 EVP_PKEY_free(tpubkey); 1057 EVP_PKEY_free(tpubkey);
864 } 1058 }
865 if (text) { 1059 if (req_config.text) {
866 if (x509) 1060 if (req_config.x509)
867 X509_print_ex(out, x509ss, nmflag, reqflag); 1061 X509_print_ex(out, x509ss, req_config.nmflag, req_config.reqflag);
868 else 1062 else
869 X509_REQ_print_ex(out, req, nmflag, reqflag); 1063 X509_REQ_print_ex(out, req, req_config.nmflag, req_config.reqflag);
870 } 1064 }
871 if (subject) { 1065 if (req_config.subject) {
872 if (x509) 1066 if (req_config.x509)
873 print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag); 1067 print_name(out, "subject=", X509_get_subject_name(x509ss), req_config.nmflag);
874 else 1068 else
875 print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag); 1069 print_name(out, "subject=", X509_REQ_get_subject_name(req), req_config.nmflag);
876 } 1070 }
877 if (modulus) { 1071 if (req_config.modulus) {
878 EVP_PKEY *tpubkey; 1072 EVP_PKEY *tpubkey;
879 1073
880 if (x509) 1074 if (req_config.x509)
881 tpubkey = X509_get_pubkey(x509ss); 1075 tpubkey = X509_get_pubkey(x509ss);
882 else 1076 else
883 tpubkey = X509_REQ_get_pubkey(req); 1077 tpubkey = X509_REQ_get_pubkey(req);
@@ -893,11 +1087,11 @@ req_main(int argc, char **argv)
893 EVP_PKEY_free(tpubkey); 1087 EVP_PKEY_free(tpubkey);
894 fprintf(stdout, "\n"); 1088 fprintf(stdout, "\n");
895 } 1089 }
896 if (!noout && !x509) { 1090 if (!req_config.noout && !req_config.x509) {
897 if (outformat == FORMAT_ASN1) 1091 if (req_config.outformat == FORMAT_ASN1)
898 i = i2d_X509_REQ_bio(out, req); 1092 i = i2d_X509_REQ_bio(out, req);
899 else if (outformat == FORMAT_PEM) { 1093 else if (req_config.outformat == FORMAT_PEM) {
900 if (newhdr) 1094 if (req_config.newhdr)
901 i = PEM_write_bio_X509_REQ_NEW(out, req); 1095 i = PEM_write_bio_X509_REQ_NEW(out, req);
902 else 1096 else
903 i = PEM_write_bio_X509_REQ(out, req); 1097 i = PEM_write_bio_X509_REQ(out, req);
@@ -910,10 +1104,10 @@ req_main(int argc, char **argv)
910 goto end; 1104 goto end;
911 } 1105 }
912 } 1106 }
913 if (!noout && x509 && (x509ss != NULL)) { 1107 if (!req_config.noout && req_config.x509 && (x509ss != NULL)) {
914 if (outformat == FORMAT_ASN1) 1108 if (req_config.outformat == FORMAT_ASN1)
915 i = i2d_X509_bio(out, x509ss); 1109 i = i2d_X509_bio(out, x509ss);
916 else if (outformat == FORMAT_PEM) 1110 else if (req_config.outformat == FORMAT_PEM)
917 i = PEM_write_bio_X509(out, x509ss); 1111 i = PEM_write_bio_X509(out, x509ss);
918 else { 1112 else {
919 BIO_printf(bio_err, "bad output format specified for outfile\n"); 1113 BIO_printf(bio_err, "bad output format specified for outfile\n");
@@ -932,25 +1126,25 @@ req_main(int argc, char **argv)
932 if ((req_conf != NULL) && (req_conf != config)) 1126 if ((req_conf != NULL) && (req_conf != config))
933 NCONF_free(req_conf); 1127 NCONF_free(req_conf);
934 NCONF_free(addext_conf); 1128 NCONF_free(addext_conf);
935 BIO_free(addext_bio); 1129 BIO_free(req_config.addext_bio);
936 BIO_free(in); 1130 BIO_free(in);
937 BIO_free_all(out); 1131 BIO_free_all(out);
938 EVP_PKEY_free(pkey); 1132 EVP_PKEY_free(pkey);
939 if (genctx) 1133 if (genctx)
940 EVP_PKEY_CTX_free(genctx); 1134 EVP_PKEY_CTX_free(genctx);
941 if (pkeyopts) 1135 if (req_config.pkeyopts)
942 sk_OPENSSL_STRING_free(pkeyopts); 1136 sk_OPENSSL_STRING_free(req_config.pkeyopts);
943 if (sigopts) 1137 if (req_config.sigopts)
944 sk_OPENSSL_STRING_free(sigopts); 1138 sk_OPENSSL_STRING_free(req_config.sigopts);
945 lh_OPENSSL_STRING_doall(addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); 1139 lh_OPENSSL_STRING_doall(req_config.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup);
946 lh_OPENSSL_STRING_free(addexts); 1140 lh_OPENSSL_STRING_free(req_config.addexts);
947 free(keyalgstr); 1141 free(keyalgstr);
948 X509_REQ_free(req); 1142 X509_REQ_free(req);
949 X509_free(x509ss); 1143 X509_free(x509ss);
950 ASN1_INTEGER_free(serial); 1144 ASN1_INTEGER_free(req_config.serial);
951 if (passargin && passin) 1145 if (req_config.passargin && passin)
952 free(passin); 1146 free(passin);
953 if (passargout && passout) 1147 if (req_config.passargout && passout)
954 free(passout); 1148 free(passout);
955 OBJ_cleanup(); 1149 OBJ_cleanup();
956 1150
@@ -1056,7 +1250,7 @@ prompt_info(X509_REQ * req,
1056 X509_NAME *subj; 1250 X509_NAME *subj;
1057 subj = X509_REQ_get_subject_name(req); 1251 subj = X509_REQ_get_subject_name(req);
1058 1252
1059 if (!batch) { 1253 if (!req_config.batch) {
1060 BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); 1254 BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n");
1061 BIO_printf(bio_err, "into your certificate request.\n"); 1255 BIO_printf(bio_err, "into your certificate request.\n");
1062 BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); 1256 BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n");
@@ -1150,7 +1344,7 @@ prompt_info(X509_REQ * req,
1150 } 1344 }
1151 if (attribs) { 1345 if (attribs) {
1152 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && 1346 if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) &&
1153 (!batch)) { 1347 (!req_config.batch)) {
1154 BIO_printf(bio_err, 1348 BIO_printf(bio_err,
1155 "\nPlease enter the following 'extra' attributes\n"); 1349 "\nPlease enter the following 'extra' attributes\n");
1156 BIO_printf(bio_err, 1350 BIO_printf(bio_err,
@@ -1286,7 +1480,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
1286 int i, ret = 0; 1480 int i, ret = 0;
1287 char buf[1024]; 1481 char buf[1024];
1288 start: 1482 start:
1289 if (!batch) 1483 if (!req_config.batch)
1290 BIO_printf(bio_err, "%s [%s]:", text, def); 1484 BIO_printf(bio_err, "%s [%s]:", text, def);
1291 (void) BIO_flush(bio_err); 1485 (void) BIO_flush(bio_err);
1292 if (value != NULL) { 1486 if (value != NULL) {
@@ -1295,7 +1489,7 @@ add_DN_object(X509_NAME * n, char *text, const char *def, char *value,
1295 BIO_printf(bio_err, "%s\n", value); 1489 BIO_printf(bio_err, "%s\n", value);
1296 } else { 1490 } else {
1297 buf[0] = '\0'; 1491 buf[0] = '\0';
1298 if (!batch) { 1492 if (!req_config.batch) {
1299 if (!fgets(buf, sizeof buf, stdin)) 1493 if (!fgets(buf, sizeof buf, stdin))
1300 return 0; 1494 return 0;
1301 } else { 1495 } else {
@@ -1339,7 +1533,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def,
1339 static char buf[1024]; 1533 static char buf[1024];
1340 1534
1341 start: 1535 start:
1342 if (!batch) 1536 if (!req_config.batch)
1343 BIO_printf(bio_err, "%s [%s]:", text, def); 1537 BIO_printf(bio_err, "%s [%s]:", text, def);
1344 (void) BIO_flush(bio_err); 1538 (void) BIO_flush(bio_err);
1345 if (value != NULL) { 1539 if (value != NULL) {
@@ -1348,7 +1542,7 @@ add_attribute_object(X509_REQ * req, char *text, const char *def,
1348 BIO_printf(bio_err, "%s\n", value); 1542 BIO_printf(bio_err, "%s\n", value);
1349 } else { 1543 } else {
1350 buf[0] = '\0'; 1544 buf[0] = '\0';
1351 if (!batch) { 1545 if (!req_config.batch) {
1352 if (!fgets(buf, sizeof buf, stdin)) 1546 if (!fgets(buf, sizeof buf, stdin))
1353 return 0; 1547 return 0;
1354 } else { 1548 } else {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-23 06:34:26 +0000