req.c (59191) | req.c (68651) |
---|---|
1/* apps/req.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 88 unchanged lines hidden (view full) --- 97 * -out arg - output file - default stdout 98 * -verify - check request signature 99 * -noout - don't print stuff out. 100 * -text - print out human readable text. 101 * -nodes - no des encryption 102 * -config file - Load configuration file. 103 * -key file - make a request using key in file (or use it for verification). 104 * -keyform - key file format. | 1/* apps/req.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 88 unchanged lines hidden (view full) --- 97 * -out arg - output file - default stdout 98 * -verify - check request signature 99 * -noout - don't print stuff out. 100 * -text - print out human readable text. 101 * -nodes - no des encryption 102 * -config file - Load configuration file. 103 * -key file - make a request using key in file (or use it for verification). 104 * -keyform - key file format. |
105 * -rand file(s) - load the file(s) into the PRNG. |
|
105 * -newkey - make a key and a request. 106 * -modulus - print RSA modulus. 107 * -x509 - output a self signed X509 structure instead. 108 * -asn1-kludge - output new certificate request in a format that some CA's 109 * require. This format is wrong 110 */ 111 112static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); --- 7 unchanged lines hidden (view full) --- 120 int max); 121static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, 122 int nid,int min,int max); 123#ifndef NO_RSA 124static void MS_CALLBACK req_cb(int p,int n,void *arg); 125#endif 126static int req_check_len(int len,int min,int max); 127static int check_end(char *str, char *end); | 106 * -newkey - make a key and a request. 107 * -modulus - print RSA modulus. 108 * -x509 - output a self signed X509 structure instead. 109 * -asn1-kludge - output new certificate request in a format that some CA's 110 * require. This format is wrong 111 */ 112 113static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); --- 7 unchanged lines hidden (view full) --- 121 int max); 122static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, 123 int nid,int min,int max); 124#ifndef NO_RSA 125static void MS_CALLBACK req_cb(int p,int n,void *arg); 126#endif 127static int req_check_len(int len,int min,int max); 128static int check_end(char *str, char *end); |
128static int add_oid_section(LHASH *conf); | |
129#ifndef MONOLITH 130static char *default_config_file=NULL; 131static LHASH *config=NULL; 132#endif 133static LHASH *req_conf=NULL; 134 135#define TYPE_RSA 1 136#define TYPE_DSA 2 --- 14 unchanged lines hidden (view full) --- 151 BIO *in=NULL,*out=NULL; 152 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; 153 int nodes=0,kludge=0,newhdr=0; 154 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; 155 char *extensions = NULL; 156 char *req_exts = NULL; 157 EVP_CIPHER *cipher=NULL; 158 int modulus=0; | 129#ifndef MONOLITH 130static char *default_config_file=NULL; 131static LHASH *config=NULL; 132#endif 133static LHASH *req_conf=NULL; 134 135#define TYPE_RSA 1 136#define TYPE_DSA 2 --- 14 unchanged lines hidden (view full) --- 151 BIO *in=NULL,*out=NULL; 152 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; 153 int nodes=0,kludge=0,newhdr=0; 154 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; 155 char *extensions = NULL; 156 char *req_exts = NULL; 157 EVP_CIPHER *cipher=NULL; 158 int modulus=0; |
159 char *inrand=NULL; |
|
159 char *passargin = NULL, *passargout = NULL; 160 char *passin = NULL, *passout = NULL; 161 char *p; 162 const EVP_MD *md_alg=NULL,*digest=EVP_md5(); 163#ifndef MONOLITH 164 MS_STATIC char config_name[256]; 165#endif 166 --- 67 unchanged lines hidden (view full) --- 234 if (--argc < 1) goto bad; 235 passargin= *(++argv); 236 } 237 else if (strcmp(*argv,"-passout") == 0) 238 { 239 if (--argc < 1) goto bad; 240 passargout= *(++argv); 241 } | 160 char *passargin = NULL, *passargout = NULL; 161 char *passin = NULL, *passout = NULL; 162 char *p; 163 const EVP_MD *md_alg=NULL,*digest=EVP_md5(); 164#ifndef MONOLITH 165 MS_STATIC char config_name[256]; 166#endif 167 --- 67 unchanged lines hidden (view full) --- 235 if (--argc < 1) goto bad; 236 passargin= *(++argv); 237 } 238 else if (strcmp(*argv,"-passout") == 0) 239 { 240 if (--argc < 1) goto bad; 241 passargout= *(++argv); 242 } |
243 else if (strcmp(*argv,"-rand") == 0) 244 { 245 if (--argc < 1) goto bad; 246 inrand= *(++argv); 247 } |
|
242 else if (strcmp(*argv,"-newkey") == 0) 243 { 244 int is_numeric; 245 246 if (--argc < 1) goto bad; 247 p= *(++argv); 248 is_numeric = p[0] >= '0' && p[0] <= '9'; 249 if (strncmp("rsa:",p,4) == 0 || is_numeric) --- 117 unchanged lines hidden (view full) --- 367 BIO_printf(bio_err," -text text form of request\n"); 368 BIO_printf(bio_err," -noout do not output REQ\n"); 369 BIO_printf(bio_err," -verify verify signature on REQ\n"); 370 BIO_printf(bio_err," -modulus RSA modulus\n"); 371 BIO_printf(bio_err," -nodes don't encrypt the output key\n"); 372 BIO_printf(bio_err," -key file use the private key contained in file\n"); 373 BIO_printf(bio_err," -keyform arg key file format\n"); 374 BIO_printf(bio_err," -keyout arg file to send the key to\n"); | 248 else if (strcmp(*argv,"-newkey") == 0) 249 { 250 int is_numeric; 251 252 if (--argc < 1) goto bad; 253 p= *(++argv); 254 is_numeric = p[0] >= '0' && p[0] <= '9'; 255 if (strncmp("rsa:",p,4) == 0 || is_numeric) --- 117 unchanged lines hidden (view full) --- 373 BIO_printf(bio_err," -text text form of request\n"); 374 BIO_printf(bio_err," -noout do not output REQ\n"); 375 BIO_printf(bio_err," -verify verify signature on REQ\n"); 376 BIO_printf(bio_err," -modulus RSA modulus\n"); 377 BIO_printf(bio_err," -nodes don't encrypt the output key\n"); 378 BIO_printf(bio_err," -key file use the private key contained in file\n"); 379 BIO_printf(bio_err," -keyform arg key file format\n"); 380 BIO_printf(bio_err," -keyout arg file to send the key to\n"); |
381 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 382 BIO_printf(bio_err," load the file (or the files in the directory) into\n"); 383 BIO_printf(bio_err," the random number generator\n"); |
|
375 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); 376 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); 377 378 BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n"); 379 BIO_printf(bio_err," -config file request template file.\n"); 380 BIO_printf(bio_err," -new new request.\n"); 381 BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); 382 BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); --- 69 unchanged lines hidden (view full) --- 452 } 453 else 454 { 455 OBJ_create_objects(oid_bio); 456 BIO_free(oid_bio); 457 } 458 } 459 } | 384 BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); 385 BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); 386 387 BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2)\n"); 388 BIO_printf(bio_err," -config file request template file.\n"); 389 BIO_printf(bio_err," -new new request.\n"); 390 BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n"); 391 BIO_printf(bio_err," -days number of days a x509 generated by -x509 is valid for.\n"); --- 69 unchanged lines hidden (view full) --- 461 } 462 else 463 { 464 OBJ_create_objects(oid_bio); 465 BIO_free(oid_bio); 466 } 467 } 468 } |
460 if(!add_oid_section(req_conf)) goto end; | 469 if(!add_oid_section(bio_err, req_conf)) goto end; |
461 462 if ((md_alg == NULL) && 463 ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) 464 { 465 if ((md_alg=EVP_get_digestbyname(p)) != NULL) 466 digest=md_alg; 467 } 468 --- 64 unchanged lines hidden (view full) --- 533 goto end; 534 } 535 536 if (pkey == NULL) 537 { 538 BIO_printf(bio_err,"unable to load Private key\n"); 539 goto end; 540 } | 470 471 if ((md_alg == NULL) && 472 ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL)) 473 { 474 if ((md_alg=EVP_get_digestbyname(p)) != NULL) 475 digest=md_alg; 476 } 477 --- 64 unchanged lines hidden (view full) --- 542 goto end; 543 } 544 545 if (pkey == NULL) 546 { 547 BIO_printf(bio_err,"unable to load Private key\n"); 548 goto end; 549 } |
550 if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) 551 { 552 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); 553 app_RAND_load_file(randfile, bio_err, 0); 554 } |
|
541 } 542 543 if (newreq && (pkey == NULL)) 544 { 545 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); 546 app_RAND_load_file(randfile, bio_err, 0); | 555 } 556 557 if (newreq && (pkey == NULL)) 558 { 559 char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE"); 560 app_RAND_load_file(randfile, bio_err, 0); |
561 if (inrand) 562 app_RAND_load_files(inrand); |
|
547 548 if (newkey <= 0) 549 { 550 newkey=(int)CONF_get_number(req_conf,SECTION,BITS); 551 if (newkey <= 0) 552 newkey=DEFAULT_KEY_LENGTH; 553 } 554 --- 33 unchanged lines hidden (view full) --- 588 589 if (keyout == NULL) 590 keyout=CONF_get_string(req_conf,SECTION,KEYFILE); 591 592 if (keyout == NULL) 593 { 594 BIO_printf(bio_err,"writing new private key to stdout\n"); 595 BIO_set_fp(out,stdout,BIO_NOCLOSE); | 563 564 if (newkey <= 0) 565 { 566 newkey=(int)CONF_get_number(req_conf,SECTION,BITS); 567 if (newkey <= 0) 568 newkey=DEFAULT_KEY_LENGTH; 569 } 570 --- 33 unchanged lines hidden (view full) --- 604 605 if (keyout == NULL) 606 keyout=CONF_get_string(req_conf,SECTION,KEYFILE); 607 608 if (keyout == NULL) 609 { 610 BIO_printf(bio_err,"writing new private key to stdout\n"); 611 BIO_set_fp(out,stdout,BIO_NOCLOSE); |
612#ifdef VMS 613 { 614 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 615 out = BIO_push(tmpbio, out); |
|
596 } | 616 } |
617#endif 618 } |
|
597 else 598 { 599 BIO_printf(bio_err,"writing new private key to '%s'\n",keyout); 600 if (BIO_write_filename(out,keyout) <= 0) 601 { 602 perror(keyout); 603 goto end; 604 } --- 178 unchanged lines hidden (view full) --- 783 784 if (noout && !text && !modulus) 785 { 786 ex=0; 787 goto end; 788 } 789 790 if (outfile == NULL) | 619 else 620 { 621 BIO_printf(bio_err,"writing new private key to '%s'\n",keyout); 622 if (BIO_write_filename(out,keyout) <= 0) 623 { 624 perror(keyout); 625 goto end; 626 } --- 178 unchanged lines hidden (view full) --- 805 806 if (noout && !text && !modulus) 807 { 808 ex=0; 809 goto end; 810 } 811 812 if (outfile == NULL) |
813 { |
|
791 BIO_set_fp(out,stdout,BIO_NOCLOSE); | 814 BIO_set_fp(out,stdout,BIO_NOCLOSE); |
815#ifdef VMS 816 { 817 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 818 out = BIO_push(tmpbio, out); 819 } 820#endif 821 } |
|
792 else 793 { 794 if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) 795 i=(int)BIO_append_filename(out,outfile); 796 else 797 i=(int)BIO_write_filename(out,outfile); 798 if (!i) 799 { --- 69 unchanged lines hidden (view full) --- 869 ex=0; 870end: 871 if (ex) 872 { 873 ERR_print_errors(bio_err); 874 } 875 if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); 876 BIO_free(in); | 822 else 823 { 824 if ((keyout != NULL) && (strcmp(outfile,keyout) == 0)) 825 i=(int)BIO_append_filename(out,outfile); 826 else 827 i=(int)BIO_write_filename(out,outfile); 828 if (!i) 829 { --- 69 unchanged lines hidden (view full) --- 899 ex=0; 900end: 901 if (ex) 902 { 903 ERR_print_errors(bio_err); 904 } 905 if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf); 906 BIO_free(in); |
877 BIO_free(out); | 907 BIO_free_all(out); |
878 EVP_PKEY_free(pkey); 879 X509_REQ_free(req); 880 X509_free(x509ss); | 908 EVP_PKEY_free(pkey); 909 X509_REQ_free(req); 910 X509_free(x509ss); |
881 if(passargin && passin) Free(passin); 882 if(passargout && passout) Free(passout); | 911 if(passargin && passin) OPENSSL_free(passin); 912 if(passargout && passout) OPENSSL_free(passout); |
883 OBJ_cleanup(); 884#ifndef NO_DSA 885 if (dsa_params != NULL) DSA_free(dsa_params); 886#endif 887 EXIT(ex); 888 } 889 890static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) --- 187 unchanged lines hidden (view full) --- 1078 { 1079 v=sk_CONF_VALUE_value(dn_sk,i); 1080 p=q=NULL; 1081 type=v->name; 1082 /* Skip past any leading X. X: X, etc to allow for 1083 * multiple instances 1084 */ 1085 for(p = v->name; *p ; p++) | 913 OBJ_cleanup(); 914#ifndef NO_DSA 915 if (dsa_params != NULL) DSA_free(dsa_params); 916#endif 917 EXIT(ex); 918 } 919 920static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) --- 187 unchanged lines hidden (view full) --- 1108 { 1109 v=sk_CONF_VALUE_value(dn_sk,i); 1110 p=q=NULL; 1111 type=v->name; 1112 /* Skip past any leading X. X: X, etc to allow for 1113 * multiple instances 1114 */ 1115 for(p = v->name; *p ; p++) |
1116#ifndef CHARSET_EBCDIC |
|
1086 if ((*p == ':') || (*p == ',') || (*p == '.')) { | 1117 if ((*p == ':') || (*p == ',') || (*p == '.')) { |
1118#else 1119 if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) { 1120#endif |
|
1087 p++; 1088 if(*p) type = p; 1089 break; 1090 } 1091 if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC, 1092 (unsigned char *) v->value,-1,-1,0)) return 0; 1093 1094 } --- 99 unchanged lines hidden (view full) --- 1194 1195 i=strlen(buf); 1196 if (buf[i-1] != '\n') 1197 { 1198 BIO_printf(bio_err,"weird input :-(\n"); 1199 return(0); 1200 } 1201 buf[--i]='\0'; | 1121 p++; 1122 if(*p) type = p; 1123 break; 1124 } 1125 if (!X509_NAME_add_entry_by_txt(subj,type, MBSTRING_ASC, 1126 (unsigned char *) v->value,-1,-1,0)) return 0; 1127 1128 } --- 99 unchanged lines hidden (view full) --- 1228 1229 i=strlen(buf); 1230 if (buf[i-1] != '\n') 1231 { 1232 BIO_printf(bio_err,"weird input :-(\n"); 1233 return(0); 1234 } 1235 buf[--i]='\0'; |
1236#ifdef CHARSET_EBCDIC 1237 ebcdic2ascii(buf, buf, i); 1238#endif |
|
1202 if(!req_check_len(i, min, max)) goto start; 1203 1204 if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC, 1205 (unsigned char *)buf, -1)) { 1206 BIO_printf(bio_err, "Error adding attribute\n"); 1207 ERR_print_errors(bio_err); 1208 goto err; 1209 } --- 41 unchanged lines hidden (view full) --- 1251 int elen, slen; 1252 char *tmp; 1253 elen = strlen(end); 1254 slen = strlen(str); 1255 if(elen > slen) return 1; 1256 tmp = str + slen - elen; 1257 return strcmp(tmp, end); 1258} | 1239 if(!req_check_len(i, min, max)) goto start; 1240 1241 if(!X509_REQ_add1_attr_by_NID(req, nid, MBSTRING_ASC, 1242 (unsigned char *)buf, -1)) { 1243 BIO_printf(bio_err, "Error adding attribute\n"); 1244 ERR_print_errors(bio_err); 1245 goto err; 1246 } --- 41 unchanged lines hidden (view full) --- 1288 int elen, slen; 1289 char *tmp; 1290 elen = strlen(end); 1291 slen = strlen(str); 1292 if(elen > slen) return 1; 1293 tmp = str + slen - elen; 1294 return strcmp(tmp, end); 1295} |
1259 1260static int add_oid_section(LHASH *conf) 1261{ 1262 char *p; 1263 STACK_OF(CONF_VALUE) *sktmp; 1264 CONF_VALUE *cnf; 1265 int i; 1266 if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; 1267 if(!(sktmp = CONF_get_section(conf, p))) { 1268 BIO_printf(bio_err, "problem loading oid section %s\n", p); 1269 return 0; 1270 } 1271 for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { 1272 cnf = sk_CONF_VALUE_value(sktmp, i); 1273 if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { 1274 BIO_printf(bio_err, "problem creating object %s=%s\n", 1275 cnf->name, cnf->value); 1276 return 0; 1277 } 1278 } 1279 return 1; 1280} | |