req.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
#include "apps.h"
#include "../crypto/cryptlib.h"
#define SECTION "req"
#define BITS "default_bits"
#define KEYFILE "default_keyfile"
#define PROMPT "prompt"
#define DISTINGUISHED_NAME "distinguished_name"
#define ATTRIBUTES "attributes"
#define V3_EXTENSIONS "x509_extensions"
#define REQ_EXTENSIONS "req_extensions"
#define STRING_MASK "string_mask"
#define UTF8_IN "utf8"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
/* -inform arg - input format - default PEM (DER or PEM)
* -outform arg - output format - default PEM
* -in arg - input file - default stdin
* -out arg - output file - default stdout
* -verify - check request signature
* -noout - don't print stuff out.
* -text - print out human readable text.
* -nodes - no des encryption
* -config file - Load configuration file.
* -key file - make a request using key in file (or use it for verification).
* -keyform arg - key file format.
* -rand file(s) - load the file(s) into the PRNG.
* -newkey - make a key and a request.
* -modulus - print RSA modulus.
* -pubkey - output Public Key.
* -x509 - output a self signed X509 structure instead.
* -asn1-kludge - output new certificate request in a format that some CA's
* require. This format is wrong
*/
unsigned long chtype);
unsigned long chtype);
unsigned long chtype);
#ifndef OPENSSL_NO_RSA
#endif
#ifndef MONOLITH
static char *default_config_file=NULL;
#endif
static int batch=0;
#define TYPE_RSA 1
#define TYPE_DSA 2
#define TYPE_DH 3
int MAIN(int, char **);
{
#ifndef OPENSSL_NO_DSA
#endif
long newkey = -1;
#ifndef OPENSSL_NO_ENGINE
#endif
char *extensions = NULL;
int modulus=0;
char *p;
unsigned long chtype = MBSTRING_ASC;
#ifndef MONOLITH
char *to_free;
long errline;
#endif
#ifndef OPENSSL_NO_DES
#endif
apps_startup();
argc--;
argv++;
while (argc >= 1)
{
{
}
{
}
#ifndef OPENSSL_NO_ENGINE
{
}
#endif
{
}
{
pubkey=1;
}
{
newreq=1;
}
{
}
{
}
{
}
{
}
{
}
{
}
{
passargout= *(++argv);
}
{
}
{
int is_numeric;
p= *(++argv);
{
if(!is_numeric)
p+=4;
}
else
#ifndef OPENSSL_NO_DSA
{
p+=4;
{
perror(p);
goto end;
}
{
{
goto end;
}
if (dsa_params == NULL)
{
goto end;
}
}
}
else
#endif
#ifndef OPENSSL_NO_DH
{
p+=3;
}
else
#endif
newreq=1;
}
batch=1;
newhdr=1;
modulus=1;
verify=1;
nodes=1;
noout=1;
verbose=1;
{
}
{
}
subject=1;
text=1;
x509=1;
kludge=1;
kludge=0;
{
}
{
}
{
}
{
/* ok */
}
{
extensions = *(++argv);
}
{
}
else
{
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
#ifndef OPENSSL_NO_ENGINE
#endif
BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
goto end;
}
goto end;
}
/* Lets load up our environment a little */
p=getenv("OPENSSL_CONF");
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
p=to_free=make_config_name();
#endif
{
long errline = -1;
if( verbose )
if (i == 0)
{
goto end;
}
}
else
{
if( verbose )
{
}
}
{
goto end;
if (p == NULL)
if (p != NULL)
{
{
/*
BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
ERR_print_errors(bio_err);
*/
}
else
{
}
}
}
{
if (p == NULL)
if (p != NULL)
{
}
}
if (!extensions)
{
if (!extensions)
}
if (extensions) {
/* Check syntax of file */
"Error Loading extension section %s\n", extensions);
goto end;
}
}
if(!passin)
{
if (!passin)
}
if(!passout)
{
if (!passout)
}
if (!p)
if(p && !ASN1_STRING_set_default_mask_asc(p)) {
goto end;
}
if (chtype != MBSTRING_UTF8)
{
if (!p)
else if (!strcmp(p, "yes"))
}
if(!req_exts)
{
if (!req_exts)
}
if(req_exts) {
/* Check syntax of file */
"Error Loading request extension section %s\n",
req_exts);
goto end;
}
}
goto end;
#ifndef OPENSSL_NO_ENGINE
#endif
{
"Private Key");
if (!pkey)
{
/* load_key() has already printed an appropriate
message */
goto end;
}
{
}
}
{
if (inrand)
if (newkey <= 0)
{
}
if (newkey < MIN_KEY_LENGTH)
{
goto end;
}
#ifndef OPENSSL_NO_RSA
{
if (!EVP_PKEY_assign_RSA(pkey,
goto end;
}
else
#endif
#ifndef OPENSSL_NO_DSA
{
}
#endif
{
}
{
#ifdef OPENSSL_SYS_VMS
{
}
#endif
}
else
{
{
goto end;
}
}
if (p == NULL)
{
if (p == NULL)
}
i=0;
loop:
{
if ((ERR_GET_REASON(ERR_peek_error()) ==
PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
{
i++;
goto loop;
}
goto end;
}
}
if (!newreq)
{
/* Since we are using a pre-existing certificate
* request, the kludge 'format' info should not be
* changed. */
kludge= -1;
else
{
{
goto end;
}
}
if (informat == FORMAT_ASN1)
else if (informat == FORMAT_PEM)
else
{
goto end;
}
{
goto end;
}
}
{
{
goto end;
}
#ifndef OPENSSL_NO_DSA
#endif
{
req=X509_REQ_new();
{
goto end;
}
{
}
if (!i)
{
goto end;
}
}
if (x509)
{
/* Set version to V3 */
if (serial)
{
}
else
{
}
/* Set up V3 context struct */
/* Add extensions */
{
"Error Loading extension section %s\n",
goto end;
}
goto end;
}
else
{
/* Set up V3 context struct */
/* Add extensions */
{
"Error Loading extension section %s\n",
req_exts);
goto end;
}
goto end;
}
}
{
goto end;
}
{
if (verbose)
{
}
{
ex=1;
goto end;
}
if (verbose)
{
}
}
{
int tmp=0;
{
tmp=1;
}
if (tmp) {
}
if (i < 0)
{
goto end;
}
else if (i == 0)
{
}
else /* if (i > 0) */
}
{
ex=0;
goto end;
}
{
#ifdef OPENSSL_SYS_VMS
{
}
#endif
}
else
{
else
if (!i)
{
goto end;
}
}
if (pubkey)
{
{
goto end;
}
}
if (text)
{
if (x509)
else
}
if(subject)
{
if(x509)
else
}
if (modulus)
{
if (x509)
else
{
goto end;
}
#ifndef OPENSSL_NO_RSA
else
#endif
}
{
if (outformat == FORMAT_ASN1)
else if (outformat == FORMAT_PEM) {
} else {
goto end;
}
if (!i)
{
goto end;
}
}
{
if (outformat == FORMAT_ASN1)
else if (outformat == FORMAT_PEM)
else {
goto end;
}
if (!i)
{
goto end;
}
}
ex=0;
end:
#ifndef MONOLITH
if(to_free)
#endif
if (ex)
{
}
OBJ_cleanup();
#ifndef OPENSSL_NO_DSA
#endif
}
unsigned long chtype)
{
int ret=0,i;
char no_prompt = 0;
{
goto err;
}
{
goto err;
}
{
}
else
{
{
goto err;
}
}
/* setup version number */
if (no_prompt)
else
{
if (subj)
else
}
if(!i) goto err;
ret=1;
err:
return(ret);
}
/*
* where characters may be escaped by \
*/
{
X509_NAME *n;
return 0;
if (!X509_REQ_set_subject_name(req, n))
{
X509_NAME_free(n);
return 0;
}
X509_NAME_free(n);
return 1;
}
unsigned long chtype)
{
int i;
char *p,*q;
char buf[100];
int nid;
CONF_VALUE *v;
if(!batch)
{
BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
}
if (sk_CONF_VALUE_num(dn_sk))
{
i= -1;
start: for (;;)
{
i++;
if (sk_CONF_VALUE_num(dn_sk) <= i) break;
v=sk_CONF_VALUE_value(dn_sk,i);
p=q=NULL;
/* Skip past any leading X. X: X, etc to allow for
* multiple instances
*/
for(p = v->name; *p ; p++)
if ((*p == ':') || (*p == ',') ||
(*p == '.')) {
p++;
if(*p) type = p;
break;
}
/* If OBJ not recognised ignore it */
>= sizeof buf)
{
return 0;
}
{
def="";
}
{
}
{
n_min = -1;
}
{
n_max = -1;
}
return 0;
}
if (X509_NAME_entry_count(subj) == 0)
{
return 0;
}
if (attribs)
{
{
}
i= -1;
start2: for (;;)
{
i++;
(sk_CONF_VALUE_num(attr_sk) <= i))
break;
v=sk_CONF_VALUE_value(attr_sk,i);
goto start2;
>= sizeof buf)
{
return 0;
}
== NULL)
{
def="";
}
== NULL)
{
}
n_min = -1;
n_max = -1;
if (!add_attribute_object(req,
return 0;
}
}
}
else
{
return 0;
}
return 1;
}
{
int i;
char *p,*q;
char *type;
CONF_VALUE *v;
for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
{
v=sk_CONF_VALUE_value(dn_sk,i);
p=q=NULL;
/* Skip past any leading X. X: X, etc to allow for
* multiple instances
*/
for(p = v->name; *p ; p++)
#ifndef CHARSET_EBCDIC
if ((*p == ':') || (*p == ',') || (*p == '.')) {
#else
#endif
p++;
if(*p) type = p;
break;
}
}
if (!X509_NAME_entry_count(subj))
{
return 0;
}
if (attribs)
{
for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
{
v=sk_CONF_VALUE_value(attr_sk,i);
(unsigned char *)v->value, -1)) return 0;
}
}
return 1;
}
{
int i,ret=0;
{
}
else
{
buf[0]='\0';
if (!batch)
{
}
else
{
buf[0] = '\n';
}
}
if (buf[0] == '\0') return(0);
else if (buf[0] == '\n')
{
return(1);
}
{
return(0);
}
buf[--i]='\0';
#ifdef CHARSET_EBCDIC
#endif
ret=1;
err:
return(ret);
}
{
int i;
static char buf[1024];
{
}
else
{
buf[0]='\0';
if (!batch)
{
}
else
{
buf[0] = '\n';
}
}
if (buf[0] == '\0') return(0);
else if (buf[0] == '\n')
{
return(1);
}
{
return(0);
}
buf[--i]='\0';
#ifdef CHARSET_EBCDIC
#endif
(unsigned char *)buf, -1)) {
goto err;
}
return(1);
err:
return(0);
}
#ifndef OPENSSL_NO_RSA
{
char c='*';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
#ifdef LINT
p=n;
#endif
}
#endif
{
{
return(0);
}
{
return(0);
}
return(1);
}
/* Check if the end of a string matches 'end' */
{
char *tmp;
}