Symaptic: os/ossrv/ssl/tsrc/topenssl/src/req.c@bde4ae8d615e (annotated)

sl@0	1	/* apps/req.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58
sl@0	59	/* Until the key-gen callbacks are modified to use newer prototypes, we allow
sl@0	60	* deprecated functions for openssl-internal code */
sl@0	61	#ifdef OPENSSL_NO_DEPRECATED
sl@0	62	#undef OPENSSL_NO_DEPRECATED
sl@0	63	#endif
sl@0	64
sl@0	65	#include <stdio.h>
sl@0	66	#include <stdlib.h>
sl@0	67	#include <time.h>
sl@0	68	#include <string.h>
sl@0	69	#ifdef OPENSSL_NO_STDIO
sl@0	70	#define APPS_WIN16
sl@0	71	#endif
sl@0	72	#include "apps.h"
sl@0	73	#include <openssl/bio.h>
sl@0	74	#include <openssl/evp.h>
sl@0	75	#include <openssl/conf.h>
sl@0	76	#include <openssl/err.h>
sl@0	77	#include <openssl/asn1.h>
sl@0	78	#include <openssl/x509.h>
sl@0	79	#include <openssl/x509v3.h>
sl@0	80	#include <openssl/objects.h>
sl@0	81	#include <openssl/pem.h>
sl@0	82	#include <openssl/bn.h>
sl@0	83	#ifndef OPENSSL_NO_RSA
sl@0	84	#include <openssl/rsa.h>
sl@0	85	#endif
sl@0	86	#ifndef OPENSSL_NO_DSA
sl@0	87	#include <openssl/dsa.h>
sl@0	88	#endif
sl@0	89
sl@0	90	#define SECTION "req"
sl@0	91
sl@0	92	#define BITS "default_bits"
sl@0	93	#define KEYFILE "default_keyfile"
sl@0	94	#define PROMPT "prompt"
sl@0	95	#define DISTINGUISHED_NAME "distinguished_name"
sl@0	96	#define ATTRIBUTES "attributes"
sl@0	97	#define V3_EXTENSIONS "x509_extensions"
sl@0	98	#define REQ_EXTENSIONS "req_extensions"
sl@0	99	#define STRING_MASK "string_mask"
sl@0	100	#define UTF8_IN "utf8"
sl@0	101
sl@0	102	#define DEFAULT_KEY_LENGTH 512
sl@0	103	#define MIN_KEY_LENGTH 384
sl@0	104
sl@0	105	#undef PROG
sl@0	106	#define PROG req_main
sl@0	107
sl@0	108	/* -inform arg - input format - default PEM (DER or PEM)
sl@0	109	* -outform arg - output format - default PEM
sl@0	110	* -in arg - input file - default stdin
sl@0	111	* -out arg - output file - default stdout
sl@0	112	* -verify - check request signature
sl@0	113	* -noout - don't print stuff out.
sl@0	114	* -text - print out human readable text.
sl@0	115	* -nodes - no des encryption
sl@0	116	* -config file - Load configuration file.
sl@0	117	* -key file - make a request using key in file (or use it for verification).
sl@0	118	* -keyform arg - key file format.
sl@0	119	* -rand file(s) - load the file(s) into the PRNG.
sl@0	120	* -newkey - make a key and a request.
sl@0	121	* -modulus - print RSA modulus.
sl@0	122	* -pubkey - output Public Key.
sl@0	123	* -x509 - output a self signed X509 structure instead.
sl@0	124	* -asn1-kludge - output new certificate request in a format that some CA's
sl@0	125	* require. This format is wrong
sl@0	126	*/
sl@0	127
sl@0	128	static int make_REQ(X509_REQ req,EVP_PKEY pkey,char *dn,int mutlirdn,
sl@0	129	int attribs,unsigned long chtype);
sl@0	130	static int build_subject(X509_REQ req, char subj, unsigned long chtype,
sl@0	131	int multirdn);
sl@0	132	static int prompt_info(X509_REQ *req,
sl@0	133	STACK_OF(CONF_VALUE) dn_sk, char dn_sect,
sl@0	134	STACK_OF(CONF_VALUE) attr_sk, char attr_sect, int attribs,
sl@0	135	unsigned long chtype);
sl@0	136	static int auto_info(X509_REQ req, STACK_OF(CONF_VALUE) sk,
sl@0	137	STACK_OF(CONF_VALUE) *attr, int attribs,
sl@0	138	unsigned long chtype);
sl@0	139	static int add_attribute_object(X509_REQ req, char text, const char *def,
sl@0	140	char *value, int nid, int n_min,
sl@0	141	int n_max, unsigned long chtype);
sl@0	142	static int add_DN_object(X509_NAME n, char text, const char def, char value,
sl@0	143	int nid,int n_min,int n_max, unsigned long chtype, int mval);
sl@0	144	#ifndef OPENSSL_NO_RSA
sl@0	145	static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
sl@0	146	#endif
sl@0	147	static int req_check_len(int len,int n_min,int n_max);
sl@0	148	static int check_end(const char str, const char end);
sl@0	149	#ifndef MONOLITH
sl@0	150	static char *default_config_file=NULL;
sl@0	151	#endif
sl@0	152	static CONF *req_conf=NULL;
sl@0	153	static int batch=0;
sl@0	154
sl@0	155	#define TYPE_RSA 1
sl@0	156	#define TYPE_DSA 2
sl@0	157	#define TYPE_DH 3
sl@0	158	#define TYPE_EC 4
sl@0	159
sl@0	160
sl@0	161
sl@0	162	int MAIN(int, char **);
sl@0	163
sl@0	164	int MAIN(int argc, char **argv)
sl@0	165	{
sl@0	166	ENGINE *e = NULL;
sl@0	167	#ifndef OPENSSL_NO_DSA
sl@0	168	DSA *dsa_params=NULL;
sl@0	169	#endif
sl@0	170	#ifndef OPENSSL_NO_ECDSA
sl@0	171	EC_KEY *ec_params = NULL;
sl@0	172	#endif
sl@0	173	unsigned long nmflag = 0, reqflag = 0;
sl@0	174	int ex=1,x509=0,days=30;
sl@0	175	X509 *x509ss=NULL;
sl@0	176	X509_REQ *req=NULL;
sl@0	177	EVP_PKEY *pkey=NULL;
sl@0	178	int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
sl@0	179	long newkey = -1;
sl@0	180	BIO in=NULL,out=NULL;
sl@0	181	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
sl@0	182	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
sl@0	183	char infile,outfile,prog,keyfile=NULL,template=NULL,keyout=NULL;
sl@0	184	#ifndef OPENSSL_NO_ENGINE
sl@0	185	char *engine=NULL;
sl@0	186	#endif
sl@0	187	char *extensions = NULL;
sl@0	188	char *req_exts = NULL;
sl@0	189	const EVP_CIPHER *cipher=NULL;
sl@0	190	ASN1_INTEGER *serial = NULL;
sl@0	191	int modulus=0;
sl@0	192	char *inrand=NULL;
sl@0	193	char passargin = NULL, passargout = NULL;
sl@0	194	char passin = NULL, passout = NULL;
sl@0	195	char *p;
sl@0	196	char *subj = NULL;
sl@0	197	int multirdn = 0;
sl@0	198	const EVP_MD md_alg=NULL,digest=EVP_sha1();
sl@0	199	unsigned long chtype = MBSTRING_ASC;
sl@0	200	#ifndef MONOLITH
sl@0	201	char *to_free;
sl@0	202	long errline;
sl@0	203	#endif
sl@0	204
sl@0	205	req_conf = NULL;
sl@0	206	#ifndef OPENSSL_NO_DES
sl@0	207	cipher=EVP_des_ede3_cbc();
sl@0	208	#endif
sl@0	209	apps_startup();
sl@0	210
sl@0	211	if (bio_err == NULL)
sl@0	212	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
sl@0	213	BIO_set_fp(bio_err,stderr,BIO_NOCLOSE\|BIO_FP_TEXT);
sl@0	214
sl@0	215
sl@0	216	infile=NULL;
sl@0	217	outfile=NULL;
sl@0	218	informat=FORMAT_PEM;
sl@0	219	outformat=FORMAT_PEM;
sl@0	220
sl@0	221	prog=argv[0];
sl@0	222	argc--;
sl@0	223	argv++;
sl@0	224	while (argc >= 1)
sl@0	225	{
sl@0	226	if (strcmp(*argv,"-inform") == 0)
sl@0	227	{
sl@0	228	if (--argc < 1) goto bad;
sl@0	229	informat=str2fmt(*(++argv));
sl@0	230	}
sl@0	231	else if (strcmp(*argv,"-outform") == 0)
sl@0	232	{
sl@0	233	if (--argc < 1) goto bad;
sl@0	234	outformat=str2fmt(*(++argv));
sl@0	235	}
sl@0	236	#ifndef OPENSSL_NO_ENGINE
sl@0	237	else if (strcmp(*argv,"-engine") == 0)
sl@0	238	{
sl@0	239	if (--argc < 1) goto bad;
sl@0	240	engine= *(++argv);
sl@0	241	}
sl@0	242	#endif
sl@0	243	else if (strcmp(*argv,"-key") == 0)
sl@0	244	{
sl@0	245	if (--argc < 1) goto bad;
sl@0	246	keyfile= *(++argv);
sl@0	247	}
sl@0	248	else if (strcmp(*argv,"-pubkey") == 0)
sl@0	249	{
sl@0	250	pubkey=1;
sl@0	251	}
sl@0	252	else if (strcmp(*argv,"-new") == 0)
sl@0	253	{
sl@0	254	newreq=1;
sl@0	255	}
sl@0	256	else if (strcmp(*argv,"-config") == 0)
sl@0	257	{
sl@0	258	if (--argc < 1) goto bad;
sl@0	259	template= *(++argv);
sl@0	260	}
sl@0	261	else if (strcmp(*argv,"-keyform") == 0)
sl@0	262	{
sl@0	263	if (--argc < 1) goto bad;
sl@0	264	keyform=str2fmt(*(++argv));
sl@0	265	}
sl@0	266	else if (strcmp(*argv,"-in") == 0)
sl@0	267	{
sl@0	268	if (--argc < 1) goto bad;
sl@0	269	infile= *(++argv);
sl@0	270	}
sl@0	271	else if (strcmp(*argv,"-out") == 0)
sl@0	272	{
sl@0	273	if (--argc < 1) goto bad;
sl@0	274	outfile= *(++argv);
sl@0	275	}
sl@0	276	else if (strcmp(*argv,"-keyout") == 0)
sl@0	277	{
sl@0	278	if (--argc < 1) goto bad;
sl@0	279	keyout= *(++argv);
sl@0	280	}
sl@0	281	else if (strcmp(*argv,"-passin") == 0)
sl@0	282	{
sl@0	283	if (--argc < 1) goto bad;
sl@0	284	passargin= *(++argv);
sl@0	285	}
sl@0	286	else if (strcmp(*argv,"-passout") == 0)
sl@0	287	{
sl@0	288	if (--argc < 1) goto bad;
sl@0	289	passargout= *(++argv);
sl@0	290	}
sl@0	291	else if (strcmp(*argv,"-rand") == 0)
sl@0	292	{
sl@0	293	if (--argc < 1) goto bad;
sl@0	294	inrand= *(++argv);
sl@0	295	}
sl@0	296	else if (strcmp(*argv,"-newkey") == 0)
sl@0	297	{
sl@0	298	int is_numeric;
sl@0	299
sl@0	300	if (--argc < 1) goto bad;
sl@0	301	p= *(++argv);
sl@0	302	is_numeric = p[0] >= '0' && p[0] <= '9';
sl@0	303	if (strncmp("rsa:",p,4) == 0 \|\| is_numeric)
sl@0	304	{
sl@0	305	pkey_type=TYPE_RSA;
sl@0	306	if(!is_numeric)
sl@0	307	p+=4;
sl@0	308	newkey= atoi(p);
sl@0	309	}
sl@0	310	else
sl@0	311	#ifndef OPENSSL_NO_DSA
sl@0	312	if (strncmp("dsa:",p,4) == 0)
sl@0	313	{
sl@0	314	X509 *xtmp=NULL;
sl@0	315	EVP_PKEY *dtmp;
sl@0	316
sl@0	317	pkey_type=TYPE_DSA;
sl@0	318	p+=4;
sl@0	319	if ((in=BIO_new_file(p,"r")) == NULL)
sl@0	320	{
sl@0	321	perror(p);
sl@0	322	goto end;
sl@0	323	}
sl@0	324	if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
sl@0	325	{
sl@0	326	ERR_clear_error();
sl@0	327	(void)BIO_reset(in);
sl@0	328	if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
sl@0	329	{
sl@0	330	BIO_printf(bio_err,"unable to load DSA parameters from file\n");
sl@0	331	goto end;
sl@0	332	}
sl@0	333
sl@0	334	if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
sl@0	335	if (dtmp->type == EVP_PKEY_DSA)
sl@0	336	dsa_params=DSAparams_dup(dtmp->pkey.dsa);
sl@0	337	EVP_PKEY_free(dtmp);
sl@0	338	X509_free(xtmp);
sl@0	339	if (dsa_params == NULL)
sl@0	340	{
sl@0	341	BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
sl@0	342	goto end;
sl@0	343	}
sl@0	344	}
sl@0	345	BIO_free(in);
sl@0	346	in=NULL;
sl@0	347	newkey=BN_num_bits(dsa_params->p);
sl@0	348	}
sl@0	349	else
sl@0	350	#endif
sl@0	351	#ifndef OPENSSL_NO_ECDSA
sl@0	352	if (strncmp("ec:",p,3) == 0)
sl@0	353	{
sl@0	354	X509 *xtmp=NULL;
sl@0	355	EVP_PKEY *dtmp;
sl@0	356	EC_GROUP *group;
sl@0	357
sl@0	358	pkey_type=TYPE_EC;
sl@0	359	p+=3;
sl@0	360	if ((in=BIO_new_file(p,"r")) == NULL)
sl@0	361	{
sl@0	362	perror(p);
sl@0	363	goto end;
sl@0	364	}
sl@0	365	if ((ec_params = EC_KEY_new()) == NULL)
sl@0	366	goto end;
sl@0	367	group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
sl@0	368	if (group == NULL)
sl@0	369	{
sl@0	370	EC_KEY_free(ec_params);
sl@0	371	ERR_clear_error();
sl@0	372	(void)BIO_reset(in);
sl@0	373	if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
sl@0	374	{
sl@0	375	BIO_printf(bio_err,"unable to load EC parameters from file\n");
sl@0	376	goto end;
sl@0	377	}
sl@0	378
sl@0	379	if ((dtmp=X509_get_pubkey(xtmp))==NULL)
sl@0	380	goto end;
sl@0	381	if (dtmp->type == EVP_PKEY_EC)
sl@0	382	ec_params = EC_KEY_dup(dtmp->pkey.ec);
sl@0	383	EVP_PKEY_free(dtmp);
sl@0	384	X509_free(xtmp);
sl@0	385	if (ec_params == NULL)
sl@0	386	{
sl@0	387	BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
sl@0	388	goto end;
sl@0	389	}
sl@0	390	}
sl@0	391	else
sl@0	392	{
sl@0	393	if (EC_KEY_set_group(ec_params, group) == 0)
sl@0	394	goto end;
sl@0	395	EC_GROUP_free(group);
sl@0	396	}
sl@0	397
sl@0	398	BIO_free(in);
sl@0	399	in=NULL;
sl@0	400	newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
sl@0	401	}
sl@0	402	else
sl@0	403	#endif
sl@0	404	#ifndef OPENSSL_NO_DH
sl@0	405	if (strncmp("dh:",p,4) == 0)
sl@0	406	{
sl@0	407	pkey_type=TYPE_DH;
sl@0	408	p+=3;
sl@0	409	}
sl@0	410	else
sl@0	411	#endif
sl@0	412	{
sl@0	413	goto bad;
sl@0	414	}
sl@0	415
sl@0	416	newreq=1;
sl@0	417	}
sl@0	418	else if (strcmp(*argv,"-batch") == 0)
sl@0	419	batch=1;
sl@0	420	else if (strcmp(*argv,"-newhdr") == 0)
sl@0	421	newhdr=1;
sl@0	422	else if (strcmp(*argv,"-modulus") == 0)
sl@0	423	modulus=1;
sl@0	424	else if (strcmp(*argv,"-verify") == 0)
sl@0	425	verify=1;
sl@0	426	else if (strcmp(*argv,"-nodes") == 0)
sl@0	427	nodes=1;
sl@0	428	else if (strcmp(*argv,"-noout") == 0)
sl@0	429	noout=1;
sl@0	430	else if (strcmp(*argv,"-verbose") == 0)
sl@0	431	verbose=1;
sl@0	432	else if (strcmp(*argv,"-utf8") == 0)
sl@0	433	chtype = MBSTRING_UTF8;
sl@0	434	else if (strcmp(*argv,"-nameopt") == 0)
sl@0	435	{
sl@0	436	if (--argc < 1) goto bad;
sl@0	437	if (!set_name_ex(&nmflag, *(++argv))) goto bad;
sl@0	438	}
sl@0	439	else if (strcmp(*argv,"-reqopt") == 0)
sl@0	440	{
sl@0	441	if (--argc < 1) goto bad;
sl@0	442	if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
sl@0	443	}
sl@0	444	else if (strcmp(*argv,"-subject") == 0)
sl@0	445	subject=1;
sl@0	446	else if (strcmp(*argv,"-text") == 0)
sl@0	447	text=1;
sl@0	448	else if (strcmp(*argv,"-x509") == 0)
sl@0	449	x509=1;
sl@0	450	else if (strcmp(*argv,"-asn1-kludge") == 0)
sl@0	451	kludge=1;
sl@0	452	else if (strcmp(*argv,"-no-asn1-kludge") == 0)
sl@0	453	kludge=0;
sl@0	454	else if (strcmp(*argv,"-subj") == 0)
sl@0	455	{
sl@0	456	if (--argc < 1) goto bad;
sl@0	457	subj= *(++argv);
sl@0	458	}
sl@0	459	else if (strcmp(*argv,"-multivalue-rdn") == 0)
sl@0	460	multirdn=1;
sl@0	461	else if (strcmp(*argv,"-days") == 0)
sl@0	462	{
sl@0	463	if (--argc < 1) goto bad;
sl@0	464	days= atoi(*(++argv));
sl@0	465	if (days == 0) days=30;
sl@0	466	}
sl@0	467	else if (strcmp(*argv,"-set_serial") == 0)
sl@0	468	{
sl@0	469	if (--argc < 1) goto bad;
sl@0	470	serial = s2i_ASN1_INTEGER(NULL, *(++argv));
sl@0	471	if (!serial) goto bad;
sl@0	472	}
sl@0	473	else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
sl@0	474	{
sl@0	475	/* ok */
sl@0	476	digest=md_alg;
sl@0	477	}
sl@0	478	else if (strcmp(*argv,"-extensions") == 0)
sl@0	479	{
sl@0	480	if (--argc < 1) goto bad;
sl@0	481	extensions = *(++argv);
sl@0	482	}
sl@0	483	else if (strcmp(*argv,"-reqexts") == 0)
sl@0	484	{
sl@0	485	if (--argc < 1) goto bad;
sl@0	486	req_exts = *(++argv);
sl@0	487	}
sl@0	488	else
sl@0	489	{
sl@0	490	BIO_printf(bio_err,"unknown option %s\n",*argv);
sl@0	491	badops=1;
sl@0	492	break;
sl@0	493	}
sl@0	494	argc--;
sl@0	495	argv++;
sl@0	496	}
sl@0	497
sl@0	498	if (badops)
sl@0	499	{
sl@0	500	bad:
sl@0	501	BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
sl@0	502	BIO_printf(bio_err,"where options are\n");
sl@0	503	BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
sl@0	504	BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
sl@0	505	BIO_printf(bio_err," -in arg input file\n");
sl@0	506	BIO_printf(bio_err," -out arg output file\n");
sl@0	507	BIO_printf(bio_err," -text text form of request\n");
sl@0	508	BIO_printf(bio_err," -pubkey output public key\n");
sl@0	509	BIO_printf(bio_err," -noout do not output REQ\n");
sl@0	510	BIO_printf(bio_err," -verify verify signature on REQ\n");
sl@0	511	BIO_printf(bio_err," -modulus RSA modulus\n");
sl@0	512	BIO_printf(bio_err," -nodes don't encrypt the output key\n");
sl@0	513	#ifndef OPENSSL_NO_ENGINE
sl@0	514	BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
sl@0	515	#endif
sl@0	516	BIO_printf(bio_err," -subject output the request's subject\n");
sl@0	517	BIO_printf(bio_err," -passin private key password source\n");
sl@0	518	BIO_printf(bio_err," -key file use the private key contained in file\n");
sl@0	519	BIO_printf(bio_err," -keyform arg key file format\n");
sl@0	520	BIO_printf(bio_err," -keyout arg file to send the key to\n");
sl@0	521	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
sl@0	522	BIO_printf(bio_err," load the file (or the files in the directory) into\n");
sl@0	523	BIO_printf(bio_err," the random number generator\n");
sl@0	524	BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
sl@0	525	BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
sl@0	526	#ifndef OPENSSL_NO_ECDSA
sl@0	527	BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
sl@0	528	#endif
sl@0	529	BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
sl@0	530	BIO_printf(bio_err," -config file request template file.\n");
sl@0	531	BIO_printf(bio_err," -subj arg set or modify request subject\n");
sl@0	532	BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
sl@0	533	BIO_printf(bio_err," -new new request.\n");
sl@0	534	BIO_printf(bio_err," -batch do not ask anything during request generation\n");
sl@0	535	BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
sl@0	536	BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n");
sl@0	537	BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n");
sl@0	538	BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
sl@0	539	BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
sl@0	540	BIO_printf(bio_err," have been reported as requiring\n");
sl@0	541	BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
sl@0	542	BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
sl@0	543	BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
sl@0	544	BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
sl@0	545	BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
sl@0	546	goto end;
sl@0	547	}
sl@0	548
sl@0	549	ERR_load_crypto_strings();
sl@0	550	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
sl@0	551	BIO_printf(bio_err, "Error getting passwords\n");
sl@0	552	goto end;
sl@0	553	}
sl@0	554
sl@0	555	#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
sl@0	556	/* Lets load up our environment a little */
sl@0	557	p=getenv("OPENSSL_CONF");
sl@0	558	if (p == NULL)
sl@0	559	p=getenv("SSLEAY_CONF");
sl@0	560	if (p == NULL)
sl@0	561	p=to_free=make_config_name();
sl@0	562	default_config_file=p;
sl@0	563	config=NCONF_new(NULL);
sl@0	564	i=NCONF_load(config, p, &errline);
sl@0	565	#endif
sl@0	566
sl@0	567	if (template != NULL)
sl@0	568	{
sl@0	569	long errline = -1;
sl@0	570
sl@0	571	if( verbose )
sl@0	572	BIO_printf(bio_err,"Using configuration from %s\n",template);
sl@0	573	req_conf=NCONF_new(NULL);
sl@0	574	i=NCONF_load(req_conf,template,&errline);
sl@0	575	if (i == 0)
sl@0	576	{
sl@0	577	BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
sl@0	578	goto end;
sl@0	579	}
sl@0	580	}
sl@0	581	else
sl@0	582	{
sl@0	583	req_conf=config;
sl@0	584
sl@0	585	if (req_conf == NULL)
sl@0	586	{
sl@0	587	BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
sl@0	588	if (newreq)
sl@0	589	goto end;
sl@0	590	}
sl@0	591	else if( verbose )
sl@0	592	BIO_printf(bio_err,"Using configuration from %s\n",
sl@0	593	default_config_file);
sl@0	594	}
sl@0	595
sl@0	596	if (req_conf != NULL)
sl@0	597	{
sl@0	598	if (!load_config(bio_err, req_conf))
sl@0	599	goto end;
sl@0	600	p=NCONF_get_string(req_conf,NULL,"oid_file");
sl@0	601	if (p == NULL)
sl@0	602	ERR_clear_error();
sl@0	603	if (p != NULL)
sl@0	604	{
sl@0	605	BIO *oid_bio;
sl@0	606
sl@0	607	oid_bio=BIO_new_file(p,"r");
sl@0	608	if (oid_bio == NULL)
sl@0	609	{
sl@0	610	/*
sl@0	611	BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
sl@0	612	ERR_print_errors(bio_err);
sl@0	613	*/
sl@0	614	}
sl@0	615	else
sl@0	616	{
sl@0	617	OBJ_create_objects(oid_bio);
sl@0	618	BIO_free(oid_bio);
sl@0	619	}
sl@0	620	}
sl@0	621	}
sl@0	622	if(!add_oid_section(bio_err, req_conf)) goto end;
sl@0	623
sl@0	624	if (md_alg == NULL)
sl@0	625	{
sl@0	626	p=NCONF_get_string(req_conf,SECTION,"default_md");
sl@0	627	if (p == NULL)
sl@0	628	ERR_clear_error();
sl@0	629	if (p != NULL)
sl@0	630	{
sl@0	631	if ((md_alg=EVP_get_digestbyname(p)) != NULL)
sl@0	632	digest=md_alg;
sl@0	633	}
sl@0	634	}
sl@0	635
sl@0	636	if (!extensions)
sl@0	637	{
sl@0	638	extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
sl@0	639	if (!extensions)
sl@0	640	ERR_clear_error();
sl@0	641	}
sl@0	642	if (extensions) {
sl@0	643	/* Check syntax of file */
sl@0	644	X509V3_CTX ctx;
sl@0	645	X509V3_set_ctx_test(&ctx);
sl@0	646	X509V3_set_nconf(&ctx, req_conf);
sl@0	647	if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
sl@0	648	BIO_printf(bio_err,
sl@0	649	"Error Loading extension section %s\n", extensions);
sl@0	650	goto end;
sl@0	651	}
sl@0	652	}
sl@0	653
sl@0	654	if(!passin)
sl@0	655	{
sl@0	656	passin = NCONF_get_string(req_conf, SECTION, "input_password");
sl@0	657	if (!passin)
sl@0	658	ERR_clear_error();
sl@0	659	}
sl@0	660
sl@0	661	if(!passout)
sl@0	662	{
sl@0	663	passout = NCONF_get_string(req_conf, SECTION, "output_password");
sl@0	664	if (!passout)
sl@0	665	ERR_clear_error();
sl@0	666	}
sl@0	667
sl@0	668	p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
sl@0	669	if (!p)
sl@0	670	ERR_clear_error();
sl@0	671
sl@0	672	if(p && !ASN1_STRING_set_default_mask_asc(p)) {
sl@0	673	BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
sl@0	674	goto end;
sl@0	675	}
sl@0	676
sl@0	677	if (chtype != MBSTRING_UTF8)
sl@0	678	{
sl@0	679	p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
sl@0	680	if (!p)
sl@0	681	ERR_clear_error();
sl@0	682	else if (!strcmp(p, "yes"))
sl@0	683	chtype = MBSTRING_UTF8;
sl@0	684	}
sl@0	685
sl@0	686
sl@0	687	if(!req_exts)
sl@0	688	{
sl@0	689	req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
sl@0	690	if (!req_exts)
sl@0	691	ERR_clear_error();
sl@0	692	}
sl@0	693	if(req_exts) {
sl@0	694	/* Check syntax of file */
sl@0	695	X509V3_CTX ctx;
sl@0	696	X509V3_set_ctx_test(&ctx);
sl@0	697	X509V3_set_nconf(&ctx, req_conf);
sl@0	698	if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
sl@0	699	BIO_printf(bio_err,
sl@0	700	"Error Loading request extension section %s\n",
sl@0	701	req_exts);
sl@0	702	goto end;
sl@0	703	}
sl@0	704	}
sl@0	705
sl@0	706	in=BIO_new(BIO_s_file());
sl@0	707	out=BIO_new(BIO_s_file());
sl@0	708	if ((in == NULL) \|\| (out == NULL))
sl@0	709	goto end;
sl@0	710
sl@0	711	#ifndef OPENSSL_NO_ENGINE
sl@0	712	e = setup_engine(bio_err, engine, 0);
sl@0	713	#endif
sl@0	714
sl@0	715	if (keyfile != NULL)
sl@0	716	{
sl@0	717	pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
sl@0	718	"Private Key");
sl@0	719	if (!pkey)
sl@0	720	{
sl@0	721	/* load_key() has already printed an appropriate
sl@0	722	message */
sl@0	723	goto end;
sl@0	724	}
sl@0	725	if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA \|\|
sl@0	726	EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
sl@0	727	{
sl@0	728	char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
sl@0	729	if (randfile == NULL)
sl@0	730	ERR_clear_error();
sl@0	731	app_RAND_load_file(randfile, bio_err, 0);
sl@0	732	}
sl@0	733	}
sl@0	734
sl@0	735	if (newreq && (pkey == NULL))
sl@0	736	{
sl@0	737	#ifndef OPENSSL_NO_RSA
sl@0	738	BN_GENCB cb;
sl@0	739	#endif
sl@0	740	char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
sl@0	741	if (randfile == NULL)
sl@0	742	ERR_clear_error();
sl@0	743	app_RAND_load_file(randfile, bio_err, 0);
sl@0	744	if (inrand)
sl@0	745	app_RAND_load_files(inrand);
sl@0	746
sl@0	747	if (newkey <= 0)
sl@0	748	{
sl@0	749	if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
sl@0	750	newkey=DEFAULT_KEY_LENGTH;
sl@0	751	}
sl@0	752
sl@0	753	if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA \|\| pkey_type == TYPE_DSA))
sl@0	754	{
sl@0	755	BIO_printf(bio_err,"private key length is too short,\n");
sl@0	756	BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
sl@0	757	goto end;
sl@0	758	}
sl@0	759	BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
sl@0	760	newkey,(pkey_type == TYPE_RSA)?"RSA":
sl@0	761	(pkey_type == TYPE_DSA)?"DSA":"EC");
sl@0	762
sl@0	763	if ((pkey=EVP_PKEY_new()) == NULL) goto end;
sl@0	764
sl@0	765	#ifndef OPENSSL_NO_RSA
sl@0	766	BN_GENCB_set(&cb, req_cb, bio_err);
sl@0	767	if (pkey_type == TYPE_RSA)
sl@0	768	{
sl@0	769	RSA *rsa = RSA_new();
sl@0	770	BIGNUM *bn = BN_new();
sl@0	771	if(!bn \|\| !rsa \|\| !BN_set_word(bn, 0x10001) \|\|
sl@0	772	!RSA_generate_key_ex(rsa, newkey, bn, &cb) \|\|
sl@0	773	!EVP_PKEY_assign_RSA(pkey, rsa))
sl@0	774	{
sl@0	775	if(bn) BN_free(bn);
sl@0	776	if(rsa) RSA_free(rsa);
sl@0	777	goto end;
sl@0	778	}
sl@0	779	BN_free(bn);
sl@0	780	}
sl@0	781	else
sl@0	782	#endif
sl@0	783	#ifndef OPENSSL_NO_DSA
sl@0	784	if (pkey_type == TYPE_DSA)
sl@0	785	{
sl@0	786	if (!DSA_generate_key(dsa_params)) goto end;
sl@0	787	if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
sl@0	788	dsa_params=NULL;
sl@0	789	}
sl@0	790	#endif
sl@0	791	#ifndef OPENSSL_NO_ECDSA
sl@0	792	if (pkey_type == TYPE_EC)
sl@0	793	{
sl@0	794	if (!EC_KEY_generate_key(ec_params)) goto end;
sl@0	795	if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))
sl@0	796	goto end;
sl@0	797	ec_params = NULL;
sl@0	798	}
sl@0	799	#endif
sl@0	800
sl@0	801	app_RAND_write_file(randfile, bio_err);
sl@0	802
sl@0	803	if (pkey == NULL) goto end;
sl@0	804
sl@0	805	if (keyout == NULL)
sl@0	806	{
sl@0	807	keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
sl@0	808	if (keyout == NULL)
sl@0	809	ERR_clear_error();
sl@0	810	}
sl@0	811
sl@0	812	if (keyout == NULL)
sl@0	813	{
sl@0	814	BIO_printf(bio_err,"writing new private key to stdout\n");
sl@0	815	BIO_set_fp(out,stdout,BIO_NOCLOSE);
sl@0	816
sl@0	817	#ifdef OPENSSL_SYS_VMS
sl@0	818	{
sl@0	819	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
sl@0	820	out = BIO_push(tmpbio, out);
sl@0	821	}
sl@0	822	#endif
sl@0	823	}
sl@0	824	else
sl@0	825	{
sl@0	826	BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
sl@0	827	if (BIO_write_filename(out,keyout) <= 0)
sl@0	828	{
sl@0	829	perror(keyout);
sl@0	830	goto end;
sl@0	831	}
sl@0	832	}
sl@0	833
sl@0	834	p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
sl@0	835	if (p == NULL)
sl@0	836	{
sl@0	837	ERR_clear_error();
sl@0	838	p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
sl@0	839	if (p == NULL)
sl@0	840	ERR_clear_error();
sl@0	841	}
sl@0	842	if ((p != NULL) && (strcmp(p,"no") == 0))
sl@0	843	cipher=NULL;
sl@0	844	if (nodes) cipher=NULL;
sl@0	845
sl@0	846	i=0;
sl@0	847	loop:
sl@0	848	if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
sl@0	849	NULL,0,NULL,passout))
sl@0	850	{
sl@0	851	if ((ERR_GET_REASON(ERR_peek_error()) ==
sl@0	852	PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
sl@0	853	{
sl@0	854	ERR_clear_error();
sl@0	855	i++;
sl@0	856	goto loop;
sl@0	857	}
sl@0	858	goto end;
sl@0	859	}
sl@0	860	BIO_printf(bio_err,"-----\n");
sl@0	861	}
sl@0	862
sl@0	863	if (!newreq)
sl@0	864	{
sl@0	865	/* Since we are using a pre-existing certificate
sl@0	866	* request, the kludge 'format' info should not be
sl@0	867	* changed. */
sl@0	868	kludge= -1;
sl@0	869	if (infile == NULL)
sl@0	870	BIO_set_fp(in,stdin,BIO_NOCLOSE);
sl@0	871
sl@0	872	else
sl@0	873	{
sl@0	874	if (BIO_read_filename(in,infile) <= 0)
sl@0	875	{
sl@0	876	perror(infile);
sl@0	877	goto end;
sl@0	878	}
sl@0	879	}
sl@0	880
sl@0	881	if (informat == FORMAT_ASN1)
sl@0	882	req=d2i_X509_REQ_bio(in,NULL);
sl@0	883	else if (informat == FORMAT_PEM)
sl@0	884	req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
sl@0	885	else
sl@0	886	{
sl@0	887	BIO_printf(bio_err,"bad input format specified for X509 request\n");
sl@0	888	goto end;
sl@0	889	}
sl@0	890	if (req == NULL)
sl@0	891	{
sl@0	892	BIO_printf(bio_err,"unable to load X509 request\n");
sl@0	893	goto end;
sl@0	894	}
sl@0	895	}
sl@0	896
sl@0	897	if (newreq \|\| x509)
sl@0	898	{
sl@0	899	if (pkey == NULL)
sl@0	900	{
sl@0	901	BIO_printf(bio_err,"you need to specify a private key\n");
sl@0	902	goto end;
sl@0	903	}
sl@0	904	#ifndef OPENSSL_NO_DSA
sl@0	905	if (pkey->type == EVP_PKEY_DSA)
sl@0	906	digest=EVP_dss1();
sl@0	907	#endif
sl@0	908	#ifndef OPENSSL_NO_ECDSA
sl@0	909	if (pkey->type == EVP_PKEY_EC)
sl@0	910	digest=EVP_ecdsa();
sl@0	911	#endif
sl@0	912	if (req == NULL)
sl@0	913	{
sl@0	914	req=X509_REQ_new();
sl@0	915	if (req == NULL)
sl@0	916	{
sl@0	917	goto end;
sl@0	918	}
sl@0	919
sl@0	920	i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
sl@0	921	subj=NULL; /* done processing '-subj' option */
sl@0	922	if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
sl@0	923	{
sl@0	924	sk_X509_ATTRIBUTE_free(req->req_info->attributes);
sl@0	925	req->req_info->attributes = NULL;
sl@0	926	}
sl@0	927	if (!i)
sl@0	928	{
sl@0	929	BIO_printf(bio_err,"problems making Certificate Request\n");
sl@0	930	goto end;
sl@0	931	}
sl@0	932	}
sl@0	933	if (x509)
sl@0	934	{
sl@0	935	EVP_PKEY *tmppkey;
sl@0	936	X509V3_CTX ext_ctx;
sl@0	937	if ((x509ss=X509_new()) == NULL) goto end;
sl@0	938
sl@0	939	/* Set version to V3 */
sl@0	940	if(extensions && !X509_set_version(x509ss, 2)) goto end;
sl@0	941	if (serial)
sl@0	942	{
sl@0	943	if (!X509_set_serialNumber(x509ss, serial)) goto end;
sl@0	944	}
sl@0	945	else
sl@0	946	{
sl@0	947	if (!rand_serial(NULL,
sl@0	948	X509_get_serialNumber(x509ss)))
sl@0	949	goto end;
sl@0	950	}
sl@0	951
sl@0	952	if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
sl@0	953	if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
sl@0	954	if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)606024*days)) goto end;
sl@0	955	if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
sl@0	956	tmppkey = X509_REQ_get_pubkey(req);
sl@0	957	if (!tmppkey \|\| !X509_set_pubkey(x509ss,tmppkey)) goto end;
sl@0	958	EVP_PKEY_free(tmppkey);
sl@0	959
sl@0	960	/* Set up V3 context struct */
sl@0	961
sl@0	962	X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
sl@0	963	X509V3_set_nconf(&ext_ctx, req_conf);
sl@0	964
sl@0	965	/* Add extensions */
sl@0	966	if(extensions && !X509V3_EXT_add_nconf(req_conf,
sl@0	967	&ext_ctx, extensions, x509ss))
sl@0	968	{
sl@0	969	BIO_printf(bio_err,
sl@0	970	"Error Loading extension section %s\n",
sl@0	971	extensions);
sl@0	972	goto end;
sl@0	973	}
sl@0	974
sl@0	975	if (!(i=X509_sign(x509ss,pkey,digest)))
sl@0	976	goto end;
sl@0	977	}
sl@0	978	else
sl@0	979	{
sl@0	980	X509V3_CTX ext_ctx;
sl@0	981
sl@0	982	/* Set up V3 context struct */
sl@0	983
sl@0	984	X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
sl@0	985	X509V3_set_nconf(&ext_ctx, req_conf);
sl@0	986
sl@0	987	/* Add extensions */
sl@0	988	if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
sl@0	989	&ext_ctx, req_exts, req))
sl@0	990	{
sl@0	991	BIO_printf(bio_err,
sl@0	992	"Error Loading extension section %s\n",
sl@0	993	req_exts);
sl@0	994	goto end;
sl@0	995	}
sl@0	996	if (!(i=X509_REQ_sign(req,pkey,digest)))
sl@0	997	goto end;
sl@0	998	}
sl@0	999	}
sl@0	1000
sl@0	1001	if (subj && x509)
sl@0	1002	{
sl@0	1003	BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
sl@0	1004	goto end;
sl@0	1005	}
sl@0	1006
sl@0	1007	if (subj && !x509)
sl@0	1008	{
sl@0	1009	if (verbose)
sl@0	1010	{
sl@0	1011	BIO_printf(bio_err, "Modifying Request's Subject\n");
sl@0	1012	print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
sl@0	1013	}
sl@0	1014
sl@0	1015	if (build_subject(req, subj, chtype, multirdn) == 0)
sl@0	1016	{
sl@0	1017	BIO_printf(bio_err, "ERROR: cannot modify subject\n");
sl@0	1018	ex=1;
sl@0	1019	goto end;
sl@0	1020	}
sl@0	1021
sl@0	1022	req->req_info->enc.modified = 1;
sl@0	1023
sl@0	1024	if (verbose)
sl@0	1025	{
sl@0	1026	print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
sl@0	1027	}
sl@0	1028	}
sl@0	1029
sl@0	1030	if (verify && !x509)
sl@0	1031	{
sl@0	1032	int tmp=0;
sl@0	1033
sl@0	1034	if (pkey == NULL)
sl@0	1035	{
sl@0	1036	pkey=X509_REQ_get_pubkey(req);
sl@0	1037	tmp=1;
sl@0	1038	if (pkey == NULL) goto end;
sl@0	1039	}
sl@0	1040
sl@0	1041	i=X509_REQ_verify(req,pkey);
sl@0	1042	if (tmp) {
sl@0	1043	EVP_PKEY_free(pkey);
sl@0	1044	pkey=NULL;
sl@0	1045	}
sl@0	1046
sl@0	1047	if (i < 0)
sl@0	1048	{
sl@0	1049	goto end;
sl@0	1050	}
sl@0	1051	else if (i == 0)
sl@0	1052	{
sl@0	1053	BIO_printf(bio_err,"verify failure\n");
sl@0	1054	ERR_print_errors(bio_err);
sl@0	1055	}
sl@0	1056	else /* if (i > 0) */
sl@0	1057	BIO_printf(bio_err,"verify OK\n");
sl@0	1058	}
sl@0	1059
sl@0	1060	if (noout && !text && !modulus && !subject && !pubkey)
sl@0	1061	{
sl@0	1062	ex=0;
sl@0	1063	goto end;
sl@0	1064	}
sl@0	1065
sl@0	1066	if (outfile == NULL)
sl@0	1067	{
sl@0	1068	BIO_set_fp(out,stdout,BIO_NOCLOSE);
sl@0	1069	#ifdef OPENSSL_SYS_VMS
sl@0	1070	{
sl@0	1071	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
sl@0	1072	out = BIO_push(tmpbio, out);
sl@0	1073	}
sl@0	1074	#endif
sl@0	1075	}
sl@0	1076	else
sl@0	1077	{
sl@0	1078	if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
sl@0	1079	i=(int)BIO_append_filename(out,outfile);
sl@0	1080	else
sl@0	1081	i=(int)BIO_write_filename(out,outfile);
sl@0	1082	if (!i)
sl@0	1083	{
sl@0	1084	perror(outfile);
sl@0	1085	goto end;
sl@0	1086	}
sl@0	1087	}
sl@0	1088
sl@0	1089	if (pubkey)
sl@0	1090	{
sl@0	1091	EVP_PKEY *tpubkey;
sl@0	1092	tpubkey=X509_REQ_get_pubkey(req);
sl@0	1093	if (tpubkey == NULL)
sl@0	1094	{
sl@0	1095	BIO_printf(bio_err,"Error getting public key\n");
sl@0	1096	ERR_print_errors(bio_err);
sl@0	1097	goto end;
sl@0	1098	}
sl@0	1099	PEM_write_bio_PUBKEY(out, tpubkey);
sl@0	1100	EVP_PKEY_free(tpubkey);
sl@0	1101	}
sl@0	1102
sl@0	1103	if (text)
sl@0	1104	{
sl@0	1105	if (x509)
sl@0	1106	X509_print_ex(out, x509ss, nmflag, reqflag);
sl@0	1107	else
sl@0	1108	X509_REQ_print_ex(out, req, nmflag, reqflag);
sl@0	1109	}
sl@0	1110
sl@0	1111	if(subject)
sl@0	1112	{
sl@0	1113	if(x509)
sl@0	1114	print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
sl@0	1115	else
sl@0	1116	print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
sl@0	1117	}
sl@0	1118
sl@0	1119	if (modulus)
sl@0	1120	{
sl@0	1121	EVP_PKEY *tpubkey;
sl@0	1122
sl@0	1123	if (x509)
sl@0	1124	tpubkey=X509_get_pubkey(x509ss);
sl@0	1125	else
sl@0	1126	tpubkey=X509_REQ_get_pubkey(req);
sl@0	1127	if (tpubkey == NULL)
sl@0	1128	{
sl@0	1129	fprintf(stdout,"Modulus=unavailable\n");
sl@0	1130	goto end;
sl@0	1131	}
sl@0	1132
sl@0	1133	fprintf(stdout,"Modulus=");
sl@0	1134
sl@0	1135	#ifndef OPENSSL_NO_RSA
sl@0	1136	if (tpubkey->type == EVP_PKEY_RSA)
sl@0	1137	BN_print(out,tpubkey->pkey.rsa->n);
sl@0	1138	else
sl@0	1139	#endif
sl@0	1140	fprintf(stdout,"Wrong Algorithm type");
sl@0	1141	EVP_PKEY_free(tpubkey);
sl@0	1142	fprintf(stdout,"\n");
sl@0	1143
sl@0	1144	}
sl@0	1145
sl@0	1146	if (!noout && !x509)
sl@0	1147	{
sl@0	1148	if (outformat == FORMAT_ASN1)
sl@0	1149	i=i2d_X509_REQ_bio(out,req);
sl@0	1150	else if (outformat == FORMAT_PEM) {
sl@0	1151	if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
sl@0	1152	else i=PEM_write_bio_X509_REQ(out,req);
sl@0	1153	} else {
sl@0	1154	BIO_printf(bio_err,"bad output format specified for outfile\n");
sl@0	1155	goto end;
sl@0	1156	}
sl@0	1157	if (!i)
sl@0	1158	{
sl@0	1159	BIO_printf(bio_err,"unable to write X509 request\n");
sl@0	1160	goto end;
sl@0	1161	}
sl@0	1162	}
sl@0	1163	if (!noout && x509 && (x509ss != NULL))
sl@0	1164	{
sl@0	1165	if (outformat == FORMAT_ASN1)
sl@0	1166	i=i2d_X509_bio(out,x509ss);
sl@0	1167	else if (outformat == FORMAT_PEM)
sl@0	1168	i=PEM_write_bio_X509(out,x509ss);
sl@0	1169	else {
sl@0	1170	BIO_printf(bio_err,"bad output format specified for outfile\n");
sl@0	1171	goto end;
sl@0	1172	}
sl@0	1173	if (!i)
sl@0	1174	{
sl@0	1175	BIO_printf(bio_err,"unable to write X509 certificate\n");
sl@0	1176	goto end;
sl@0	1177	}
sl@0	1178	}
sl@0	1179	ex=0;
sl@0	1180	end:
sl@0	1181	#ifndef MONOLITH
sl@0	1182	if(to_free)
sl@0	1183	OPENSSL_free(to_free);
sl@0	1184	#endif
sl@0	1185	if (ex)
sl@0	1186	{
sl@0	1187	ERR_print_errors(bio_err);
sl@0	1188	}
sl@0	1189	if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
sl@0	1190	BIO_free(in);
sl@0	1191	BIO_free_all(out);
sl@0	1192	EVP_PKEY_free(pkey);
sl@0	1193	X509_REQ_free(req);
sl@0	1194	X509_free(x509ss);
sl@0	1195	ASN1_INTEGER_free(serial);
sl@0	1196	if(passargin && passin) OPENSSL_free(passin);
sl@0	1197	if(passargout && passout) OPENSSL_free(passout);
sl@0	1198	OBJ_cleanup();
sl@0	1199	#ifndef OPENSSL_NO_DSA
sl@0	1200	if (dsa_params != NULL) DSA_free(dsa_params);
sl@0	1201	#endif
sl@0	1202	#ifndef OPENSSL_NO_ECDSA
sl@0	1203	if (ec_params != NULL) EC_KEY_free(ec_params);
sl@0	1204	#endif
sl@0	1205	apps_shutdown();
sl@0	1206	OPENSSL_EXIT(ex);
sl@0	1207	}
sl@0	1208
sl@0	1209	static int make_REQ(X509_REQ req, EVP_PKEY pkey, char *subj, int multirdn,
sl@0	1210	int attribs, unsigned long chtype)
sl@0	1211	{
sl@0	1212	int ret=0,i;
sl@0	1213	char no_prompt = 0;
sl@0	1214	STACK_OF(CONF_VALUE) dn_sk, attr_sk = NULL;
sl@0	1215	char tmp, dn_sect,*attr_sect;
sl@0	1216
sl@0	1217	tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
sl@0	1218	if (tmp == NULL)
sl@0	1219	ERR_clear_error();
sl@0	1220	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
sl@0	1221
sl@0	1222	dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
sl@0	1223	if (dn_sect == NULL)
sl@0	1224	{
sl@0	1225	BIO_printf(bio_err,"unable to find '%s' in config\n",
sl@0	1226	DISTINGUISHED_NAME);
sl@0	1227	goto err;
sl@0	1228	}
sl@0	1229	dn_sk=NCONF_get_section(req_conf,dn_sect);
sl@0	1230	if (dn_sk == NULL)
sl@0	1231	{
sl@0	1232	BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
sl@0	1233	goto err;
sl@0	1234	}
sl@0	1235
sl@0	1236	attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
sl@0	1237	if (attr_sect == NULL)
sl@0	1238	{
sl@0	1239	ERR_clear_error();
sl@0	1240	attr_sk=NULL;
sl@0	1241	}
sl@0	1242	else
sl@0	1243	{
sl@0	1244	attr_sk=NCONF_get_section(req_conf,attr_sect);
sl@0	1245	if (attr_sk == NULL)
sl@0	1246	{
sl@0	1247	BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
sl@0	1248	goto err;
sl@0	1249	}
sl@0	1250	}
sl@0	1251
sl@0	1252	/* setup version number */
sl@0	1253	if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
sl@0	1254
sl@0	1255	if (no_prompt)
sl@0	1256	i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
sl@0	1257	else
sl@0	1258	{
sl@0	1259	if (subj)
sl@0	1260	i = build_subject(req, subj, chtype, multirdn);
sl@0	1261	else
sl@0	1262	i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
sl@0	1263	}
sl@0	1264	if(!i) goto err;
sl@0	1265
sl@0	1266	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
sl@0	1267
sl@0	1268	ret=1;
sl@0	1269	err:
sl@0	1270	return(ret);
sl@0	1271	}
sl@0	1272
sl@0	1273	/*
sl@0	1274	* subject is expected to be in the format /type0=value0/type1=value1/type2=...
sl@0	1275	* where characters may be escaped by \
sl@0	1276	*/
sl@0	1277	static int build_subject(X509_REQ req, char subject, unsigned long chtype, int multirdn)
sl@0	1278	{
sl@0	1279	X509_NAME *n;
sl@0	1280
sl@0	1281	if (!(n = parse_name(subject, chtype, multirdn)))
sl@0	1282	return 0;
sl@0	1283
sl@0	1284	if (!X509_REQ_set_subject_name(req, n))
sl@0	1285	{
sl@0	1286	X509_NAME_free(n);
sl@0	1287	return 0;
sl@0	1288	}
sl@0	1289	X509_NAME_free(n);
sl@0	1290	return 1;
sl@0	1291	}
sl@0	1292
sl@0	1293
sl@0	1294	static int prompt_info(X509_REQ *req,
sl@0	1295	STACK_OF(CONF_VALUE) dn_sk, char dn_sect,
sl@0	1296	STACK_OF(CONF_VALUE) attr_sk, char attr_sect, int attribs,
sl@0	1297	unsigned long chtype)
sl@0	1298	{
sl@0	1299	int i;
sl@0	1300	char p,q;
sl@0	1301	char buf[100];
sl@0	1302	int nid, mval;
sl@0	1303	long n_min,n_max;
sl@0	1304	char type, value;
sl@0	1305	const char *def;
sl@0	1306	CONF_VALUE *v;
sl@0	1307	X509_NAME *subj;
sl@0	1308	subj = X509_REQ_get_subject_name(req);
sl@0	1309
sl@0	1310	if(!batch)
sl@0	1311	{
sl@0	1312	BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
sl@0	1313	BIO_printf(bio_err,"into your certificate request.\n");
sl@0	1314	BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
sl@0	1315	BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
sl@0	1316	BIO_printf(bio_err,"For some fields there will be a default value,\n");
sl@0	1317	BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
sl@0	1318	BIO_printf(bio_err,"-----\n");
sl@0	1319	}
sl@0	1320
sl@0	1321
sl@0	1322	if (sk_CONF_VALUE_num(dn_sk))
sl@0	1323	{
sl@0	1324	i= -1;
sl@0	1325	start: for (;;)
sl@0	1326	{
sl@0	1327	i++;
sl@0	1328	if (sk_CONF_VALUE_num(dn_sk) <= i) break;
sl@0	1329
sl@0	1330	v=sk_CONF_VALUE_value(dn_sk,i);
sl@0	1331	p=q=NULL;
sl@0	1332	type=v->name;
sl@0	1333	if(!check_end(type,"_min") \|\| !check_end(type,"_max") \|\|
sl@0	1334	!check_end(type,"_default") \|\|
sl@0	1335	!check_end(type,"_value")) continue;
sl@0	1336	/* Skip past any leading X. X: X, etc to allow for
sl@0	1337	* multiple instances
sl@0	1338	*/
sl@0	1339	for(p = v->name; *p ; p++)
sl@0	1340	if ((p == ':') \|\| (p == ',') \|\|
sl@0	1341	(*p == '.')) {
sl@0	1342	p++;
sl@0	1343	if(*p) type = p;
sl@0	1344	break;
sl@0	1345	}
sl@0	1346	if (*type == '+')
sl@0	1347	{
sl@0	1348	mval = -1;
sl@0	1349	type++;
sl@0	1350	}
sl@0	1351	else
sl@0	1352	mval = 0;
sl@0	1353	/* If OBJ not recognised ignore it */
sl@0	1354	if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
sl@0	1355	if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
sl@0	1356	>= (int)sizeof(buf))
sl@0	1357	{
sl@0	1358	BIO_printf(bio_err,"Name '%s' too long\n",v->name);
sl@0	1359	return 0;
sl@0	1360	}
sl@0	1361
sl@0	1362	if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
sl@0	1363	{
sl@0	1364	ERR_clear_error();
sl@0	1365	def="";
sl@0	1366	}
sl@0	1367
sl@0	1368	BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
sl@0	1369	if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
sl@0	1370	{
sl@0	1371	ERR_clear_error();
sl@0	1372	value=NULL;
sl@0	1373	}
sl@0	1374
sl@0	1375	BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
sl@0	1376	if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
sl@0	1377	{
sl@0	1378	ERR_clear_error();
sl@0	1379	n_min = -1;
sl@0	1380	}
sl@0	1381
sl@0	1382	BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
sl@0	1383	if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
sl@0	1384	{
sl@0	1385	ERR_clear_error();
sl@0	1386	n_max = -1;
sl@0	1387	}
sl@0	1388
sl@0	1389	if (!add_DN_object(subj,v->value,def,value,nid,
sl@0	1390	n_min,n_max, chtype, mval))
sl@0	1391	return 0;
sl@0	1392	}
sl@0	1393	if (X509_NAME_entry_count(subj) == 0)
sl@0	1394	{
sl@0	1395	BIO_printf(bio_err,"error, no objects specified in config file\n");
sl@0	1396	return 0;
sl@0	1397	}
sl@0	1398
sl@0	1399	if (attribs)
sl@0	1400	{
sl@0	1401	if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
sl@0	1402	{
sl@0	1403	BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
sl@0	1404	BIO_printf(bio_err,"to be sent with your certificate request\n");
sl@0	1405	}
sl@0	1406
sl@0	1407	i= -1;
sl@0	1408	start2: for (;;)
sl@0	1409	{
sl@0	1410	i++;
sl@0	1411	if ((attr_sk == NULL) \|\|
sl@0	1412	(sk_CONF_VALUE_num(attr_sk) <= i))
sl@0	1413	break;
sl@0	1414
sl@0	1415	v=sk_CONF_VALUE_value(attr_sk,i);
sl@0	1416	type=v->name;
sl@0	1417	if ((nid=OBJ_txt2nid(type)) == NID_undef)
sl@0	1418	goto start2;
sl@0	1419
sl@0	1420	if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
sl@0	1421	>= (int)sizeof(buf))
sl@0	1422	{
sl@0	1423	BIO_printf(bio_err,"Name '%s' too long\n",v->name);
sl@0	1424	return 0;
sl@0	1425	}
sl@0	1426
sl@0	1427	if ((def=NCONF_get_string(req_conf,attr_sect,buf))
sl@0	1428	== NULL)
sl@0	1429	{
sl@0	1430	ERR_clear_error();
sl@0	1431	def="";
sl@0	1432	}
sl@0	1433
sl@0	1434
sl@0	1435	BIO_snprintf(buf,sizeof buf,"%s_value",type);
sl@0	1436	if ((value=NCONF_get_string(req_conf,attr_sect,buf))
sl@0	1437	== NULL)
sl@0	1438	{
sl@0	1439	ERR_clear_error();
sl@0	1440	value=NULL;
sl@0	1441	}
sl@0	1442
sl@0	1443	BIO_snprintf(buf,sizeof buf,"%s_min",type);
sl@0	1444	if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
sl@0	1445	n_min = -1;
sl@0	1446
sl@0	1447	BIO_snprintf(buf,sizeof buf,"%s_max",type);
sl@0	1448	if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
sl@0	1449	n_max = -1;
sl@0	1450
sl@0	1451	if (!add_attribute_object(req,
sl@0	1452	v->value,def,value,nid,n_min,n_max, chtype))
sl@0	1453	return 0;
sl@0	1454	}
sl@0	1455	}
sl@0	1456	}
sl@0	1457	else
sl@0	1458	{
sl@0	1459	BIO_printf(bio_err,"No template, please set one up.\n");
sl@0	1460	return 0;
sl@0	1461	}
sl@0	1462
sl@0	1463	return 1;
sl@0	1464
sl@0	1465	}
sl@0	1466
sl@0	1467	static int auto_info(X509_REQ req, STACK_OF(CONF_VALUE) dn_sk,
sl@0	1468	STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
sl@0	1469	{
sl@0	1470	int i;
sl@0	1471	char p,q;
sl@0	1472	char *type;
sl@0	1473	CONF_VALUE *v;
sl@0	1474	X509_NAME *subj;
sl@0	1475
sl@0	1476	subj = X509_REQ_get_subject_name(req);
sl@0	1477
sl@0	1478	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
sl@0	1479	{
sl@0	1480	int mval;
sl@0	1481	v=sk_CONF_VALUE_value(dn_sk,i);
sl@0	1482	p=q=NULL;
sl@0	1483	type=v->name;
sl@0	1484	/* Skip past any leading X. X: X, etc to allow for
sl@0	1485	* multiple instances
sl@0	1486	*/
sl@0	1487	for(p = v->name; *p ; p++)
sl@0	1488	#ifndef CHARSET_EBCDIC
sl@0	1489	if ((p == ':') \|\| (p == ',') \|\| (*p == '.')) {
sl@0	1490	#else
sl@0	1491	if ((p == os_toascii[':']) \|\| (p == os_toascii[',']) \|\| (*p == os_toascii['.'])) {
sl@0	1492	#endif
sl@0	1493	p++;
sl@0	1494	if(*p) type = p;
sl@0	1495	break;
sl@0	1496	}
sl@0	1497	#ifndef CHARSET_EBCDIC
sl@0	1498	if (*p == '+')
sl@0	1499	#else
sl@0	1500	if (*p == os_toascii['+'])
sl@0	1501	#endif
sl@0	1502	{
sl@0	1503	p++;
sl@0	1504	mval = -1;
sl@0	1505	}
sl@0	1506	else
sl@0	1507	mval = 0;
sl@0	1508	if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
sl@0	1509	(unsigned char *) v->value,-1,-1,mval)) return 0;
sl@0	1510
sl@0	1511	}
sl@0	1512
sl@0	1513	if (!X509_NAME_entry_count(subj))
sl@0	1514	{
sl@0	1515	BIO_printf(bio_err,"error, no objects specified in config file\n");
sl@0	1516	return 0;
sl@0	1517	}
sl@0	1518	if (attribs)
sl@0	1519	{
sl@0	1520	for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
sl@0	1521	{
sl@0	1522	v=sk_CONF_VALUE_value(attr_sk,i);
sl@0	1523	if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
sl@0	1524	(unsigned char *)v->value, -1)) return 0;
sl@0	1525	}
sl@0	1526	}
sl@0	1527	return 1;
sl@0	1528	}
sl@0	1529
sl@0	1530
sl@0	1531	static int add_DN_object(X509_NAME n, char text, const char def, char value,
sl@0	1532	int nid, int n_min, int n_max, unsigned long chtype, int mval)
sl@0	1533	{
sl@0	1534	int i,ret=0;
sl@0	1535	MS_STATIC char buf[1024];
sl@0	1536	start:
sl@0	1537	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
sl@0	1538	(void)BIO_flush(bio_err);
sl@0	1539	if(value != NULL)
sl@0	1540	{
sl@0	1541	BUF_strlcpy(buf,value,sizeof buf);
sl@0	1542	BUF_strlcat(buf,"\n",sizeof buf);
sl@0	1543	BIO_printf(bio_err,"%s\n",value);
sl@0	1544	}
sl@0	1545	else
sl@0	1546	{
sl@0	1547	buf[0]='\0';
sl@0	1548	if (!batch)
sl@0	1549	{
sl@0	1550	fgets(buf,sizeof buf,stdin);
sl@0	1551	}
sl@0	1552	else
sl@0	1553	{
sl@0	1554	buf[0] = '\n';
sl@0	1555	buf[1] = '\0';
sl@0	1556	}
sl@0	1557	}
sl@0	1558
sl@0	1559	if (buf[0] == '\0') return(0);
sl@0	1560	else if (buf[0] == '\n')
sl@0	1561	{
sl@0	1562	if ((def == NULL) \|\| (def[0] == '\0'))
sl@0	1563	return(1);
sl@0	1564	BUF_strlcpy(buf,def,sizeof buf);
sl@0	1565	BUF_strlcat(buf,"\n",sizeof buf);
sl@0	1566	}
sl@0	1567	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
sl@0	1568
sl@0	1569	i=strlen(buf);
sl@0	1570	if (buf[i-1] != '\n')
sl@0	1571	{
sl@0	1572	BIO_printf(bio_err,"weird input :-(\n");
sl@0	1573	return(0);
sl@0	1574	}
sl@0	1575	buf[--i]='\0';
sl@0	1576	#ifdef CHARSET_EBCDIC
sl@0	1577	ebcdic2ascii(buf, buf, i);
sl@0	1578	#endif
sl@0	1579	if(!req_check_len(i, n_min, n_max)) goto start;
sl@0	1580	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
sl@0	1581	(unsigned char *) buf, -1,-1,mval)) goto err;
sl@0	1582	ret=1;
sl@0	1583	err:
sl@0	1584	return(ret);
sl@0	1585	}
sl@0	1586
sl@0	1587	static int add_attribute_object(X509_REQ req, char text, const char *def,
sl@0	1588	char *value, int nid, int n_min,
sl@0	1589	int n_max, unsigned long chtype)
sl@0	1590	{
sl@0	1591	int i;
sl@0	1592	static char buf[1024];
sl@0	1593
sl@0	1594	start:
sl@0	1595	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
sl@0	1596	(void)BIO_flush(bio_err);
sl@0	1597	if (value != NULL)
sl@0	1598	{
sl@0	1599	BUF_strlcpy(buf,value,sizeof buf);
sl@0	1600	BUF_strlcat(buf,"\n",sizeof buf);
sl@0	1601	BIO_printf(bio_err,"%s\n",value);
sl@0	1602	}
sl@0	1603	else
sl@0	1604	{
sl@0	1605	buf[0]='\0';
sl@0	1606	if (!batch)
sl@0	1607	{
sl@0	1608	fgets(buf,sizeof buf,stdin);
sl@0	1609	}
sl@0	1610	else
sl@0	1611	{
sl@0	1612	buf[0] = '\n';
sl@0	1613	buf[1] = '\0';
sl@0	1614	}
sl@0	1615	}
sl@0	1616
sl@0	1617	if (buf[0] == '\0') return(0);
sl@0	1618	else if (buf[0] == '\n')
sl@0	1619	{
sl@0	1620	if ((def == NULL) \|\| (def[0] == '\0'))
sl@0	1621	return(1);
sl@0	1622	BUF_strlcpy(buf,def,sizeof buf);
sl@0	1623	BUF_strlcat(buf,"\n",sizeof buf);
sl@0	1624	}
sl@0	1625	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
sl@0	1626
sl@0	1627	i=strlen(buf);
sl@0	1628	if (buf[i-1] != '\n')
sl@0	1629	{
sl@0	1630	BIO_printf(bio_err,"weird input :-(\n");
sl@0	1631	return(0);
sl@0	1632	}
sl@0	1633	buf[--i]='\0';
sl@0	1634	#ifdef CHARSET_EBCDIC
sl@0	1635	ebcdic2ascii(buf, buf, i);
sl@0	1636	#endif
sl@0	1637	if(!req_check_len(i, n_min, n_max)) goto start;
sl@0	1638
sl@0	1639	if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
sl@0	1640	(unsigned char *)buf, -1)) {
sl@0	1641	BIO_printf(bio_err, "Error adding attribute\n");
sl@0	1642	ERR_print_errors(bio_err);
sl@0	1643	goto err;
sl@0	1644	}
sl@0	1645
sl@0	1646	return(1);
sl@0	1647	err:
sl@0	1648	return(0);
sl@0	1649	}
sl@0	1650
sl@0	1651	#ifndef OPENSSL_NO_RSA
sl@0	1652	static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
sl@0	1653	{
sl@0	1654	char c='*';
sl@0	1655
sl@0	1656	if (p == 0) c='.';
sl@0	1657	if (p == 1) c='+';
sl@0	1658	if (p == 2) c='*';
sl@0	1659	if (p == 3) c='\n';
sl@0	1660	BIO_write(cb->arg,&c,1);
sl@0	1661	(void)BIO_flush(cb->arg);
sl@0	1662	#ifdef LINT
sl@0	1663	p=n;
sl@0	1664	#endif
sl@0	1665	return 1;
sl@0	1666	}
sl@0	1667	#endif
sl@0	1668
sl@0	1669	static int req_check_len(int len, int n_min, int n_max)
sl@0	1670	{
sl@0	1671	if ((n_min > 0) && (len < n_min))
sl@0	1672	{
sl@0	1673	BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
sl@0	1674	return(0);
sl@0	1675	}
sl@0	1676	if ((n_max >= 0) && (len > n_max))
sl@0	1677	{
sl@0	1678	BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
sl@0	1679	return(0);
sl@0	1680	}
sl@0	1681	return(1);
sl@0	1682	}
sl@0	1683
sl@0	1684	/* Check if the end of a string matches 'end' */
sl@0	1685	static int check_end(const char str, const char end)
sl@0	1686	{
sl@0	1687	int elen, slen;
sl@0	1688	const char *tmp;
sl@0	1689	elen = strlen(end);
sl@0	1690	slen = strlen(str);
sl@0	1691	if(elen > slen) return 1;
sl@0	1692	tmp = str + slen - elen;
sl@0	1693	return strcmp(tmp, end);
sl@0	1694	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--