| version 1.26, 2023/03/05 13:12:53 |
version 1.27, 2023/03/06 14:32:06 |
|
|
| int verbose; |
int verbose; |
| int verify; |
int verify; |
| int x509; |
int x509; |
| } req_config; |
} cfg; |
| |
|
| static int |
static int |
| req_opt_addext(char *arg) |
req_opt_addext(char *arg) |
| { |
{ |
| int i; |
int i; |
| |
|
| if (req_config.addexts == NULL) { |
if (cfg.addexts == NULL) { |
| req_config.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new( |
cfg.addexts = (LHASH_OF(OPENSSL_STRING) *)lh_new( |
| (LHASH_HASH_FN_TYPE)ext_name_hash, |
(LHASH_HASH_FN_TYPE)ext_name_hash, |
| (LHASH_COMP_FN_TYPE)ext_name_cmp); |
(LHASH_COMP_FN_TYPE)ext_name_cmp); |
| req_config.addext_bio = BIO_new(BIO_s_mem()); |
cfg.addext_bio = BIO_new(BIO_s_mem()); |
| if (req_config.addexts == NULL || |
if (cfg.addexts == NULL || |
| req_config.addext_bio == NULL) |
cfg.addext_bio == NULL) |
| return (1); |
return (1); |
| } |
} |
| i = duplicated(req_config.addexts, arg); |
i = duplicated(cfg.addexts, arg); |
| if (i == 1) |
if (i == 1) |
| return (1); |
return (1); |
| if (i < 0 || BIO_printf(req_config.addext_bio, "%s\n", arg) < 0) |
if (i < 0 || BIO_printf(cfg.addext_bio, "%s\n", arg) < 0) |
| return (1); |
return (1); |
| |
|
| return (0); |
return (0); |
|
|
| { |
{ |
| const char *errstr; |
const char *errstr; |
| |
|
| req_config.days = strtonum(arg, 1, INT_MAX, &errstr); |
cfg.days = strtonum(arg, 1, INT_MAX, &errstr); |
| if (errstr != NULL) { |
if (errstr != NULL) { |
| BIO_printf(bio_err, "bad -days %s, using 0: %s\n", |
BIO_printf(bio_err, "bad -days %s, using 0: %s\n", |
| arg, errstr); |
arg, errstr); |
| req_config.days = 30; |
cfg.days = 30; |
| } |
} |
| return (0); |
return (0); |
| } |
} |
|
|
| if (*name++ != '-') |
if (*name++ != '-') |
| return (1); |
return (1); |
| |
|
| if ((req_config.digest = EVP_get_digestbyname(name)) == NULL) |
if ((cfg.digest = EVP_get_digestbyname(name)) == NULL) |
| return (1); |
return (1); |
| |
|
| *argsused = 1; |
*argsused = 1; |
|
|
| static int |
static int |
| req_opt_newkey(char *arg) |
req_opt_newkey(char *arg) |
| { |
{ |
| req_config.keyalg = arg; |
cfg.keyalg = arg; |
| req_config.newreq = 1; |
cfg.newreq = 1; |
| return (0); |
return (0); |
| } |
} |
| |
|
| static int |
static int |
| req_opt_nameopt(char *arg) |
req_opt_nameopt(char *arg) |
| { |
{ |
| if (!set_name_ex(&req_config.nmflag, arg)) |
if (!set_name_ex(&cfg.nmflag, arg)) |
| return (1); |
return (1); |
| return (0); |
return (0); |
| } |
} |
|
|
| static int |
static int |
| req_opt_pkeyopt(char *arg) |
req_opt_pkeyopt(char *arg) |
| { |
{ |
| if (req_config.pkeyopts == NULL) |
if (cfg.pkeyopts == NULL) |
| req_config.pkeyopts = sk_OPENSSL_STRING_new_null(); |
cfg.pkeyopts = sk_OPENSSL_STRING_new_null(); |
| if (req_config.pkeyopts == NULL) |
if (cfg.pkeyopts == NULL) |
| return (1); |
return (1); |
| if (!sk_OPENSSL_STRING_push(req_config.pkeyopts, arg)) |
if (!sk_OPENSSL_STRING_push(cfg.pkeyopts, arg)) |
| return (1); |
return (1); |
| return (0); |
return (0); |
| } |
} |
|
|
| static int |
static int |
| req_opt_reqopt(char *arg) |
req_opt_reqopt(char *arg) |
| { |
{ |
| if (!set_cert_ex(&req_config.reqflag, arg)) |
if (!set_cert_ex(&cfg.reqflag, arg)) |
| return (1); |
return (1); |
| return (0); |
return (0); |
| } |
} |
|
|
| static int |
static int |
| req_opt_set_serial(char *arg) |
req_opt_set_serial(char *arg) |
| { |
{ |
| req_config.serial = s2i_ASN1_INTEGER(NULL, arg); |
cfg.serial = s2i_ASN1_INTEGER(NULL, arg); |
| if (req_config.serial == NULL) |
if (cfg.serial == NULL) |
| return (1); |
return (1); |
| return (0); |
return (0); |
| } |
} |
|
|
| static int |
static int |
| req_opt_sigopt(char *arg) |
req_opt_sigopt(char *arg) |
| { |
{ |
| if (req_config.sigopts == NULL) |
if (cfg.sigopts == NULL) |
| req_config.sigopts = sk_OPENSSL_STRING_new_null(); |
cfg.sigopts = sk_OPENSSL_STRING_new_null(); |
| if (req_config.sigopts == NULL) |
if (cfg.sigopts == NULL) |
| return (1); |
return (1); |
| if (!sk_OPENSSL_STRING_push(req_config.sigopts, arg)) |
if (!sk_OPENSSL_STRING_push(cfg.sigopts, arg)) |
| return (1); |
return (1); |
| return (0); |
return (0); |
| } |
} |
|
|
| static int |
static int |
| req_opt_utf8(void) |
req_opt_utf8(void) |
| { |
{ |
| req_config.chtype = MBSTRING_UTF8; |
cfg.chtype = MBSTRING_UTF8; |
| return (0); |
return (0); |
| } |
} |
| |
|
|
|
| .name = "batch", |
.name = "batch", |
| .desc = "Operate in batch mode", |
.desc = "Operate in batch mode", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.batch, |
.opt.flag = &cfg.batch, |
| }, |
}, |
| { |
{ |
| .name = "config", |
.name = "config", |
| .argname = "file", |
.argname = "file", |
| .desc = "Configuration file to use as request template", |
.desc = "Configuration file to use as request template", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.template, |
.opt.arg = &cfg.template, |
| }, |
}, |
| { |
{ |
| .name = "days", |
.name = "days", |
|
|
| .argname = "section", |
.argname = "section", |
| .desc = "Config section to use for certificate extensions", |
.desc = "Config section to use for certificate extensions", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.extensions, |
.opt.arg = &cfg.extensions, |
| }, |
}, |
| { |
{ |
| .name = "in", |
.name = "in", |
| .argname = "file", |
.argname = "file", |
| .desc = "Input file (default stdin)", |
.desc = "Input file (default stdin)", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.infile, |
.opt.arg = &cfg.infile, |
| }, |
}, |
| { |
{ |
| .name = "inform", |
.name = "inform", |
| .argname = "format", |
.argname = "format", |
| .desc = "Input format (DER or PEM (default))", |
.desc = "Input format (DER or PEM (default))", |
| .type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
| .opt.value = &req_config.informat, |
.opt.value = &cfg.informat, |
| }, |
}, |
| { |
{ |
| .name = "key", |
.name = "key", |
| .argname = "file", |
.argname = "file", |
| .desc = "Private key file", |
.desc = "Private key file", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.keyfile, |
.opt.arg = &cfg.keyfile, |
| }, |
}, |
| { |
{ |
| .name = "keyform", |
.name = "keyform", |
| .argname = "format", |
.argname = "format", |
| .desc = "Private key format (DER or PEM (default))", |
.desc = "Private key format (DER or PEM (default))", |
| .type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
| .opt.value = &req_config.keyform, |
.opt.value = &cfg.keyform, |
| }, |
}, |
| { |
{ |
| .name = "keyout", |
.name = "keyout", |
| .argname = "file", |
.argname = "file", |
| .desc = "Private key output file", |
.desc = "Private key output file", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.keyout, |
.opt.arg = &cfg.keyout, |
| }, |
}, |
| { |
{ |
| .name = "modulus", |
.name = "modulus", |
| .desc = "Print RSA modulus", |
.desc = "Print RSA modulus", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.modulus, |
.opt.flag = &cfg.modulus, |
| }, |
}, |
| { |
{ |
| .name = "multivalue-rdn", |
.name = "multivalue-rdn", |
| .desc = "Enable support for multivalued RDNs", |
.desc = "Enable support for multivalued RDNs", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.multirdn, |
.opt.flag = &cfg.multirdn, |
| }, |
}, |
| { |
{ |
| .name = "nameopt", |
.name = "nameopt", |
|
|
| .name = "new", |
.name = "new", |
| .desc = "New request", |
.desc = "New request", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.newreq, |
.opt.flag = &cfg.newreq, |
| }, |
}, |
| { |
{ |
| .name = "newhdr", |
.name = "newhdr", |
| .desc = "Include 'NEW' in header lines", |
.desc = "Include 'NEW' in header lines", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.newhdr, |
.opt.flag = &cfg.newhdr, |
| }, |
}, |
| { |
{ |
| .name = "newkey", |
.name = "newkey", |
|
|
| .name = "nodes", |
.name = "nodes", |
| .desc = "Do not encrypt output private key", |
.desc = "Do not encrypt output private key", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.nodes, |
.opt.flag = &cfg.nodes, |
| }, |
}, |
| { |
{ |
| .name = "noout", |
.name = "noout", |
| .desc = "Do not output request", |
.desc = "Do not output request", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.noout, |
.opt.flag = &cfg.noout, |
| }, |
}, |
| { |
{ |
| .name = "out", |
.name = "out", |
| .argname = "file", |
.argname = "file", |
| .desc = "Output file (default stdout)", |
.desc = "Output file (default stdout)", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.outfile, |
.opt.arg = &cfg.outfile, |
| }, |
}, |
| { |
{ |
| .name = "outform", |
.name = "outform", |
| .argname = "format", |
.argname = "format", |
| .desc = "Output format (DER or PEM (default))", |
.desc = "Output format (DER or PEM (default))", |
| .type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
| .opt.value = &req_config.outformat, |
.opt.value = &cfg.outformat, |
| }, |
}, |
| { |
{ |
| .name = "passin", |
.name = "passin", |
| .argname = "source", |
.argname = "source", |
| .desc = "Private key input password source", |
.desc = "Private key input password source", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.passargin, |
.opt.arg = &cfg.passargin, |
| }, |
}, |
| { |
{ |
| .name = "passout", |
.name = "passout", |
| .argname = "source", |
.argname = "source", |
| .desc = "Private key output password source", |
.desc = "Private key output password source", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.passargout, |
.opt.arg = &cfg.passargout, |
| }, |
}, |
| { |
{ |
| .name = "pkeyopt", |
.name = "pkeyopt", |
|
|
| .name = "pubkey", |
.name = "pubkey", |
| .desc = "Output the public key", |
.desc = "Output the public key", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.pubkey, |
.opt.flag = &cfg.pubkey, |
| }, |
}, |
| { |
{ |
| .name = "reqexts", |
.name = "reqexts", |
| .argname = "section", |
.argname = "section", |
| .desc = "Config section to use for request extensions", |
.desc = "Config section to use for request extensions", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.req_exts, |
.opt.arg = &cfg.req_exts, |
| }, |
}, |
| { |
{ |
| .name = "reqopt", |
.name = "reqopt", |
|
|
| .argname = "name", |
.argname = "name", |
| .desc = "Set or modify the request subject", |
.desc = "Set or modify the request subject", |
| .type = OPTION_ARG, |
.type = OPTION_ARG, |
| .opt.arg = &req_config.subj, |
.opt.arg = &cfg.subj, |
| }, |
}, |
| { |
{ |
| .name = "subject", |
.name = "subject", |
| .desc = "Output the subject of the request", |
.desc = "Output the subject of the request", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.subject, |
.opt.flag = &cfg.subject, |
| }, |
}, |
| { |
{ |
| .name = "text", |
.name = "text", |
| .desc = "Print request in text form", |
.desc = "Print request in text form", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.text, |
.opt.flag = &cfg.text, |
| }, |
}, |
| { |
{ |
| .name = "utf8", |
.name = "utf8", |
|
|
| .name = "verbose", |
.name = "verbose", |
| .desc = "Verbose", |
.desc = "Verbose", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.verbose, |
.opt.flag = &cfg.verbose, |
| }, |
}, |
| { |
{ |
| .name = "verify", |
.name = "verify", |
| .desc = "Verify signature on request", |
.desc = "Verify signature on request", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.verify, |
.opt.flag = &cfg.verify, |
| }, |
}, |
| { |
{ |
| .name = "x509", |
.name = "x509", |
| .desc = "Output an X.509 structure instead of a certificate request", |
.desc = "Output an X.509 structure instead of a certificate request", |
| .type = OPTION_FLAG, |
.type = OPTION_FLAG, |
| .opt.flag = &req_config.x509, |
.opt.flag = &cfg.x509, |
| }, |
}, |
| { |
{ |
| .name = NULL, |
.name = NULL, |
|
|
| exit(1); |
exit(1); |
| } |
} |
| |
|
| memset(&req_config, 0, sizeof(req_config)); |
memset(&cfg, 0, sizeof(cfg)); |
| |
|
| req_config.chtype = MBSTRING_ASC; |
cfg.chtype = MBSTRING_ASC; |
| req_config.days = 30; |
cfg.days = 30; |
| req_config.digest = EVP_sha256(); |
cfg.digest = EVP_sha256(); |
| req_config.newkey = -1; |
cfg.newkey = -1; |
| req_config.informat = FORMAT_PEM; |
cfg.informat = FORMAT_PEM; |
| req_config.keyform = FORMAT_PEM; |
cfg.keyform = FORMAT_PEM; |
| req_config.outformat = FORMAT_PEM; |
cfg.outformat = FORMAT_PEM; |
| |
|
| if (options_parse(argc, argv, req_options, NULL, NULL) != 0) { |
if (options_parse(argc, argv, req_options, NULL, NULL) != 0) { |
| req_usage(); |
req_usage(); |
|
|
| req_conf = NULL; |
req_conf = NULL; |
| cipher = EVP_aes_256_cbc(); |
cipher = EVP_aes_256_cbc(); |
| |
|
| if (!app_passwd(bio_err, req_config.passargin, req_config.passargout, &passin, &passout)) { |
if (!app_passwd(bio_err, cfg.passargin, cfg.passargout, &passin, &passout)) { |
| BIO_printf(bio_err, "Error getting passwords\n"); |
BIO_printf(bio_err, "Error getting passwords\n"); |
| goto end; |
goto end; |
| } |
} |
| if (req_config.template != NULL) { |
if (cfg.template != NULL) { |
| long errline = -1; |
long errline = -1; |
| |
|
| if (req_config.verbose) |
if (cfg.verbose) |
| BIO_printf(bio_err, "Using configuration from %s\n", req_config.template); |
BIO_printf(bio_err, "Using configuration from %s\n", cfg.template); |
| if ((req_conf = NCONF_new(NULL)) == NULL) |
if ((req_conf = NCONF_new(NULL)) == NULL) |
| goto end; |
goto end; |
| if(!NCONF_load(req_conf, req_config.template, &errline)) { |
if(!NCONF_load(req_conf, cfg.template, &errline)) { |
| BIO_printf(bio_err, "error on line %ld of %s\n", errline, req_config.template); |
BIO_printf(bio_err, "error on line %ld of %s\n", errline, cfg.template); |
| goto end; |
goto end; |
| } |
} |
| } else { |
} else { |
|
|
| |
|
| if (req_conf == NULL) { |
if (req_conf == NULL) { |
| BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); |
BIO_printf(bio_err, "Unable to load config info from %s\n", default_config_file); |
| if (req_config.newreq) |
if (cfg.newreq) |
| goto end; |
goto end; |
| } else if (req_config.verbose) |
} else if (cfg.verbose) |
| BIO_printf(bio_err, "Using configuration from %s\n", |
BIO_printf(bio_err, "Using configuration from %s\n", |
| default_config_file); |
default_config_file); |
| } |
} |
| |
|
| if (req_config.addext_bio != NULL) { |
if (cfg.addext_bio != NULL) { |
| long errline = -1; |
long errline = -1; |
| if (req_config.verbose) |
if (cfg.verbose) |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "Using additional configuration from command line\n"); |
"Using additional configuration from command line\n"); |
| if ((addext_conf = NCONF_new(NULL)) == NULL) |
if ((addext_conf = NCONF_new(NULL)) == NULL) |
| goto end; |
goto end; |
| if (!NCONF_load_bio(addext_conf, req_config.addext_bio, &errline)) { |
if (!NCONF_load_bio(addext_conf, cfg.addext_bio, &errline)) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "req: Error on line %ld of config input\n", |
"req: Error on line %ld of config input\n", |
| errline); |
errline); |
|
|
| ERR_clear_error(); |
ERR_clear_error(); |
| if (p != NULL) { |
if (p != NULL) { |
| if ((md_alg = EVP_get_digestbyname(p)) != NULL) |
if ((md_alg = EVP_get_digestbyname(p)) != NULL) |
| req_config.digest = md_alg; |
cfg.digest = md_alg; |
| } |
} |
| } |
} |
| if (!req_config.extensions) { |
if (!cfg.extensions) { |
| req_config.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); |
cfg.extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS); |
| if (!req_config.extensions) |
if (!cfg.extensions) |
| ERR_clear_error(); |
ERR_clear_error(); |
| } |
} |
| if (req_config.extensions) { |
if (cfg.extensions) { |
| /* Check syntax of file */ |
/* Check syntax of file */ |
| X509V3_CTX ctx; |
X509V3_CTX ctx; |
| X509V3_set_ctx_test(&ctx); |
X509V3_set_ctx_test(&ctx); |
| X509V3_set_nconf(&ctx, req_conf); |
X509V3_set_nconf(&ctx, req_conf); |
| if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.extensions, NULL)) { |
if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.extensions, NULL)) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "Error Loading extension section %s\n", req_config.extensions); |
"Error Loading extension section %s\n", cfg.extensions); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
|
|
| BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); |
BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); |
| goto end; |
goto end; |
| } |
} |
| if (req_config.chtype != MBSTRING_UTF8) { |
if (cfg.chtype != MBSTRING_UTF8) { |
| p = NCONF_get_string(req_conf, SECTION, UTF8_IN); |
p = NCONF_get_string(req_conf, SECTION, UTF8_IN); |
| if (!p) |
if (!p) |
| ERR_clear_error(); |
ERR_clear_error(); |
| else if (!strcmp(p, "yes")) |
else if (!strcmp(p, "yes")) |
| req_config.chtype = MBSTRING_UTF8; |
cfg.chtype = MBSTRING_UTF8; |
| } |
} |
| if (!req_config.req_exts) { |
if (!cfg.req_exts) { |
| req_config.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); |
cfg.req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); |
| if (!req_config.req_exts) |
if (!cfg.req_exts) |
| ERR_clear_error(); |
ERR_clear_error(); |
| } |
} |
| if (req_config.req_exts) { |
if (cfg.req_exts) { |
| /* Check syntax of file */ |
/* Check syntax of file */ |
| X509V3_CTX ctx; |
X509V3_CTX ctx; |
| X509V3_set_ctx_test(&ctx); |
X509V3_set_ctx_test(&ctx); |
| X509V3_set_nconf(&ctx, req_conf); |
X509V3_set_nconf(&ctx, req_conf); |
| if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_config.req_exts, NULL)) { |
if (!X509V3_EXT_add_nconf(req_conf, &ctx, cfg.req_exts, NULL)) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "Error Loading request extension section %s\n", |
"Error Loading request extension section %s\n", |
| req_config.req_exts); |
cfg.req_exts); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
|
|
| if ((in == NULL) || (out == NULL)) |
if ((in == NULL) || (out == NULL)) |
| goto end; |
goto end; |
| |
|
| if (req_config.keyfile != NULL) { |
if (cfg.keyfile != NULL) { |
| pkey = load_key(bio_err, req_config.keyfile, req_config.keyform, 0, passin, |
pkey = load_key(bio_err, cfg.keyfile, cfg.keyform, 0, passin, |
| "Private Key"); |
"Private Key"); |
| if (!pkey) { |
if (!pkey) { |
| /* |
/* |
|
|
| goto end; |
goto end; |
| } |
} |
| } |
} |
| if (req_config.newreq && (pkey == NULL)) { |
if (cfg.newreq && (pkey == NULL)) { |
| if (!NCONF_get_number(req_conf, SECTION, BITS, &req_config.newkey)) { |
if (!NCONF_get_number(req_conf, SECTION, BITS, &cfg.newkey)) { |
| req_config.newkey = DEFAULT_KEY_LENGTH; |
cfg.newkey = DEFAULT_KEY_LENGTH; |
| } |
} |
| if (req_config.keyalg) { |
if (cfg.keyalg) { |
| genctx = set_keygen_ctx(bio_err, req_config.keyalg, &pkey_type, &req_config.newkey, |
genctx = set_keygen_ctx(bio_err, cfg.keyalg, &pkey_type, &cfg.newkey, |
| &keyalgstr); |
&keyalgstr); |
| if (!genctx) |
if (!genctx) |
| goto end; |
goto end; |
| } |
} |
| if (req_config.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { |
if (cfg.newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) { |
| BIO_printf(bio_err, "private key length is too short,\n"); |
BIO_printf(bio_err, "private key length is too short,\n"); |
| BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, req_config.newkey); |
BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n", MIN_KEY_LENGTH, cfg.newkey); |
| goto end; |
goto end; |
| } |
} |
| if (!genctx) { |
if (!genctx) { |
| genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &req_config.newkey, |
genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &cfg.newkey, |
| &keyalgstr); |
&keyalgstr); |
| if (!genctx) |
if (!genctx) |
| goto end; |
goto end; |
| } |
} |
| if (req_config.pkeyopts) { |
if (cfg.pkeyopts) { |
| char *genopt; |
char *genopt; |
| for (i = 0; i < sk_OPENSSL_STRING_num(req_config.pkeyopts); i++) { |
for (i = 0; i < sk_OPENSSL_STRING_num(cfg.pkeyopts); i++) { |
| genopt = sk_OPENSSL_STRING_value(req_config.pkeyopts, i); |
genopt = sk_OPENSSL_STRING_value(cfg.pkeyopts, i); |
| if (pkey_ctrl_string(genctx, genopt) <= 0) { |
if (pkey_ctrl_string(genctx, genopt) <= 0) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "parameter error \"%s\"\n", |
"parameter error \"%s\"\n", |
|
|
| } |
} |
| } |
} |
| BIO_printf(bio_err, "Generating a %ld bit %s private key\n", |
BIO_printf(bio_err, "Generating a %ld bit %s private key\n", |
| req_config.newkey, keyalgstr); |
cfg.newkey, keyalgstr); |
| |
|
| EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); |
EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); |
| EVP_PKEY_CTX_set_app_data(genctx, bio_err); |
EVP_PKEY_CTX_set_app_data(genctx, bio_err); |
|
|
| EVP_PKEY_CTX_free(genctx); |
EVP_PKEY_CTX_free(genctx); |
| genctx = NULL; |
genctx = NULL; |
| |
|
| if (req_config.keyout == NULL) { |
if (cfg.keyout == NULL) { |
| req_config.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); |
cfg.keyout = NCONF_get_string(req_conf, SECTION, KEYFILE); |
| if (req_config.keyout == NULL) |
if (cfg.keyout == NULL) |
| ERR_clear_error(); |
ERR_clear_error(); |
| } |
} |
| if (req_config.keyout == NULL) { |
if (cfg.keyout == NULL) { |
| BIO_printf(bio_err, "writing new private key to stdout\n"); |
BIO_printf(bio_err, "writing new private key to stdout\n"); |
| BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
| } else { |
} else { |
| BIO_printf(bio_err, "writing new private key to '%s'\n", req_config.keyout); |
BIO_printf(bio_err, "writing new private key to '%s'\n", cfg.keyout); |
| if (BIO_write_filename(out, req_config.keyout) <= 0) { |
if (BIO_write_filename(out, cfg.keyout) <= 0) { |
| perror(req_config.keyout); |
perror(cfg.keyout); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
|
|
| } |
} |
| if ((p != NULL) && (strcmp(p, "no") == 0)) |
if ((p != NULL) && (strcmp(p, "no") == 0)) |
| cipher = NULL; |
cipher = NULL; |
| if (req_config.nodes) |
if (cfg.nodes) |
| cipher = NULL; |
cipher = NULL; |
| |
|
| i = 0; |
i = 0; |
|
|
| } |
} |
| BIO_printf(bio_err, "-----\n"); |
BIO_printf(bio_err, "-----\n"); |
| } |
} |
| if (!req_config.newreq) { |
if (!cfg.newreq) { |
| if (req_config.infile == NULL) |
if (cfg.infile == NULL) |
| BIO_set_fp(in, stdin, BIO_NOCLOSE); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
| else { |
else { |
| if (BIO_read_filename(in, req_config.infile) <= 0) { |
if (BIO_read_filename(in, cfg.infile) <= 0) { |
| perror(req_config.infile); |
perror(cfg.infile); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
| |
|
| if (req_config.informat == FORMAT_ASN1) |
if (cfg.informat == FORMAT_ASN1) |
| req = d2i_X509_REQ_bio(in, NULL); |
req = d2i_X509_REQ_bio(in, NULL); |
| else if (req_config.informat == FORMAT_PEM) |
else if (cfg.informat == FORMAT_PEM) |
| req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); |
req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); |
| else { |
else { |
| BIO_printf(bio_err, "bad input format specified for X509 request\n"); |
BIO_printf(bio_err, "bad input format specified for X509 request\n"); |
|
|
| goto end; |
goto end; |
| } |
} |
| } |
} |
| if (req_config.newreq || req_config.x509) { |
if (cfg.newreq || cfg.x509) { |
| if (pkey == NULL) { |
if (pkey == NULL) { |
| BIO_printf(bio_err, "you need to specify a private key\n"); |
BIO_printf(bio_err, "you need to specify a private key\n"); |
| goto end; |
goto end; |
|
|
| if (req == NULL) { |
if (req == NULL) { |
| goto end; |
goto end; |
| } |
} |
| i = make_REQ(req, pkey, req_config.subj, req_config.multirdn, !req_config.x509, req_config.chtype); |
i = make_REQ(req, pkey, cfg.subj, cfg.multirdn, !cfg.x509, cfg.chtype); |
| req_config.subj = NULL; /* done processing '-subj' option */ |
cfg.subj = NULL; /* done processing '-subj' option */ |
| if (!i) { |
if (!i) { |
| BIO_printf(bio_err, "problems making Certificate Request\n"); |
BIO_printf(bio_err, "problems making Certificate Request\n"); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
| if (req_config.x509) { |
if (cfg.x509) { |
| EVP_PKEY *tmppkey; |
EVP_PKEY *tmppkey; |
| |
|
| X509V3_CTX ext_ctx; |
X509V3_CTX ext_ctx; |
|
|
| goto end; |
goto end; |
| |
|
| /* Set version to V3 */ |
/* Set version to V3 */ |
| if ((req_config.extensions != NULL || addext_conf != NULL) && |
if ((cfg.extensions != NULL || addext_conf != NULL) && |
| !X509_set_version(x509ss, 2)) |
!X509_set_version(x509ss, 2)) |
| goto end; |
goto end; |
| if (req_config.serial) { |
if (cfg.serial) { |
| if (!X509_set_serialNumber(x509ss, req_config.serial)) |
if (!X509_set_serialNumber(x509ss, cfg.serial)) |
| goto end; |
goto end; |
| } else { |
} else { |
| if (!rand_serial(NULL, |
if (!rand_serial(NULL, |
|
|
| goto end; |
goto end; |
| if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) |
if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0)) |
| goto end; |
goto end; |
| if (!X509_time_adj_ex(X509_get_notAfter(x509ss), req_config.days, 0, NULL)) |
if (!X509_time_adj_ex(X509_get_notAfter(x509ss), cfg.days, 0, NULL)) |
| goto end; |
goto end; |
| if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) |
if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) |
| goto end; |
goto end; |
|
|
| X509V3_set_nconf(&ext_ctx, req_conf); |
X509V3_set_nconf(&ext_ctx, req_conf); |
| |
|
| /* Add extensions */ |
/* Add extensions */ |
| if (req_config.extensions && !X509V3_EXT_add_nconf(req_conf, |
if (cfg.extensions && !X509V3_EXT_add_nconf(req_conf, |
| &ext_ctx, req_config.extensions, x509ss)) { |
&ext_ctx, cfg.extensions, x509ss)) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "Error Loading extension section %s\n", |
"Error Loading extension section %s\n", |
| req_config.extensions); |
cfg.extensions); |
| goto end; |
goto end; |
| } |
} |
| if (addext_conf != NULL && |
if (addext_conf != NULL && |
|
|
| "Error Loading command line extensions\n"); |
"Error Loading command line extensions\n"); |
| goto end; |
goto end; |
| } |
} |
| i = do_X509_sign(bio_err, x509ss, pkey, req_config.digest, req_config.sigopts); |
i = do_X509_sign(bio_err, x509ss, pkey, cfg.digest, cfg.sigopts); |
| if (!i) { |
if (!i) { |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
|
|
| X509V3_set_nconf(&ext_ctx, req_conf); |
X509V3_set_nconf(&ext_ctx, req_conf); |
| |
|
| /* Add extensions */ |
/* Add extensions */ |
| if (req_config.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, |
if (cfg.req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, |
| &ext_ctx, req_config.req_exts, req)) { |
&ext_ctx, cfg.req_exts, req)) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "Error Loading extension section %s\n", |
"Error Loading extension section %s\n", |
| req_config.req_exts); |
cfg.req_exts); |
| goto end; |
goto end; |
| } |
} |
| if (addext_conf != NULL && |
if (addext_conf != NULL && |
|
|
| "Error Loading command line extensions\n"); |
"Error Loading command line extensions\n"); |
| goto end; |
goto end; |
| } |
} |
| i = do_X509_REQ_sign(bio_err, req, pkey, req_config.digest, req_config.sigopts); |
i = do_X509_REQ_sign(bio_err, req, pkey, cfg.digest, cfg.sigopts); |
| if (!i) { |
if (!i) { |
| ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
| } |
} |
| if (req_config.subj && req_config.x509) { |
if (cfg.subj && cfg.x509) { |
| BIO_printf(bio_err, "Cannot modify certificate subject\n"); |
BIO_printf(bio_err, "Cannot modify certificate subject\n"); |
| goto end; |
goto end; |
| } |
} |
| if (req_config.subj && !req_config.x509) { |
if (cfg.subj && !cfg.x509) { |
| if (req_config.verbose) { |
if (cfg.verbose) { |
| BIO_printf(bio_err, "Modifying Request's Subject\n"); |
BIO_printf(bio_err, "Modifying Request's Subject\n"); |
| print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), req_config.nmflag); |
print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), cfg.nmflag); |
| } |
} |
| if (build_subject(req, req_config.subj, req_config.chtype, req_config.multirdn) == 0) { |
if (build_subject(req, cfg.subj, cfg.chtype, cfg.multirdn) == 0) { |
| BIO_printf(bio_err, "ERROR: cannot modify subject\n"); |
BIO_printf(bio_err, "ERROR: cannot modify subject\n"); |
| ex = 1; |
ex = 1; |
| goto end; |
goto end; |
| } |
} |
| |
|
| if (req_config.verbose) { |
if (cfg.verbose) { |
| print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), req_config.nmflag); |
print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), cfg.nmflag); |
| } |
} |
| } |
} |
| if (req_config.verify && !req_config.x509) { |
if (cfg.verify && !cfg.x509) { |
| EVP_PKEY *pubkey = pkey; |
EVP_PKEY *pubkey = pkey; |
| |
|
| if (pubkey == NULL) |
if (pubkey == NULL) |
|
|
| } else /* if (i > 0) */ |
} else /* if (i > 0) */ |
| BIO_printf(bio_err, "verify OK\n"); |
BIO_printf(bio_err, "verify OK\n"); |
| } |
} |
| if (req_config.noout && !req_config.text && !req_config.modulus && !req_config.subject && !req_config.pubkey) { |
if (cfg.noout && !cfg.text && !cfg.modulus && !cfg.subject && !cfg.pubkey) { |
| ex = 0; |
ex = 0; |
| goto end; |
goto end; |
| } |
} |
| if (req_config.outfile == NULL) { |
if (cfg.outfile == NULL) { |
| BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
| } else { |
} else { |
| if ((req_config.keyout != NULL) && (strcmp(req_config.outfile, req_config.keyout) == 0)) |
if ((cfg.keyout != NULL) && (strcmp(cfg.outfile, cfg.keyout) == 0)) |
| i = (int) BIO_append_filename(out, req_config.outfile); |
i = (int) BIO_append_filename(out, cfg.outfile); |
| else |
else |
| i = (int) BIO_write_filename(out, req_config.outfile); |
i = (int) BIO_write_filename(out, cfg.outfile); |
| if (!i) { |
if (!i) { |
| perror(req_config.outfile); |
perror(cfg.outfile); |
| goto end; |
goto end; |
| } |
} |
| } |
} |
| |
|
| if (req_config.pubkey) { |
if (cfg.pubkey) { |
| EVP_PKEY *tpubkey; |
EVP_PKEY *tpubkey; |
| |
|
| if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) { |
if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) { |
|
|
| } |
} |
| PEM_write_bio_PUBKEY(out, tpubkey); |
PEM_write_bio_PUBKEY(out, tpubkey); |
| } |
} |
| if (req_config.text) { |
if (cfg.text) { |
| if (req_config.x509) |
if (cfg.x509) |
| X509_print_ex(out, x509ss, req_config.nmflag, req_config.reqflag); |
X509_print_ex(out, x509ss, cfg.nmflag, cfg.reqflag); |
| else |
else |
| X509_REQ_print_ex(out, req, req_config.nmflag, req_config.reqflag); |
X509_REQ_print_ex(out, req, cfg.nmflag, cfg.reqflag); |
| } |
} |
| if (req_config.subject) { |
if (cfg.subject) { |
| if (req_config.x509) |
if (cfg.x509) |
| print_name(out, "subject=", X509_get_subject_name(x509ss), req_config.nmflag); |
print_name(out, "subject=", X509_get_subject_name(x509ss), cfg.nmflag); |
| else |
else |
| print_name(out, "subject=", X509_REQ_get_subject_name(req), req_config.nmflag); |
print_name(out, "subject=", X509_REQ_get_subject_name(req), cfg.nmflag); |
| } |
} |
| if (req_config.modulus) { |
if (cfg.modulus) { |
| EVP_PKEY *tpubkey; |
EVP_PKEY *tpubkey; |
| |
|
| if (req_config.x509) |
if (cfg.x509) |
| tpubkey = X509_get0_pubkey(x509ss); |
tpubkey = X509_get0_pubkey(x509ss); |
| else |
else |
| tpubkey = X509_REQ_get0_pubkey(req); |
tpubkey = X509_REQ_get0_pubkey(req); |
|
|
| fprintf(stdout, "Wrong Algorithm type"); |
fprintf(stdout, "Wrong Algorithm type"); |
| fprintf(stdout, "\n"); |
fprintf(stdout, "\n"); |
| } |
} |
| if (!req_config.noout && !req_config.x509) { |
if (!cfg.noout && !cfg.x509) { |
| if (req_config.outformat == FORMAT_ASN1) |
if (cfg.outformat == FORMAT_ASN1) |
| i = i2d_X509_REQ_bio(out, req); |
i = i2d_X509_REQ_bio(out, req); |
| else if (req_config.outformat == FORMAT_PEM) { |
else if (cfg.outformat == FORMAT_PEM) { |
| if (req_config.newhdr) |
if (cfg.newhdr) |
| i = PEM_write_bio_X509_REQ_NEW(out, req); |
i = PEM_write_bio_X509_REQ_NEW(out, req); |
| else |
else |
| i = PEM_write_bio_X509_REQ(out, req); |
i = PEM_write_bio_X509_REQ(out, req); |
|
|
| goto end; |
goto end; |
| } |
} |
| } |
} |
| if (!req_config.noout && req_config.x509 && (x509ss != NULL)) { |
if (!cfg.noout && cfg.x509 && (x509ss != NULL)) { |
| if (req_config.outformat == FORMAT_ASN1) |
if (cfg.outformat == FORMAT_ASN1) |
| i = i2d_X509_bio(out, x509ss); |
i = i2d_X509_bio(out, x509ss); |
| else if (req_config.outformat == FORMAT_PEM) |
else if (cfg.outformat == FORMAT_PEM) |
| i = PEM_write_bio_X509(out, x509ss); |
i = PEM_write_bio_X509(out, x509ss); |
| else { |
else { |
| BIO_printf(bio_err, "bad output format specified for outfile\n"); |
BIO_printf(bio_err, "bad output format specified for outfile\n"); |
|
|
| if ((req_conf != NULL) && (req_conf != config)) |
if ((req_conf != NULL) && (req_conf != config)) |
| NCONF_free(req_conf); |
NCONF_free(req_conf); |
| NCONF_free(addext_conf); |
NCONF_free(addext_conf); |
| BIO_free(req_config.addext_bio); |
BIO_free(cfg.addext_bio); |
| BIO_free(in); |
BIO_free(in); |
| BIO_free_all(out); |
BIO_free_all(out); |
| EVP_PKEY_free(pkey); |
EVP_PKEY_free(pkey); |
| if (genctx) |
if (genctx) |
| EVP_PKEY_CTX_free(genctx); |
EVP_PKEY_CTX_free(genctx); |
| if (req_config.pkeyopts) |
if (cfg.pkeyopts) |
| sk_OPENSSL_STRING_free(req_config.pkeyopts); |
sk_OPENSSL_STRING_free(cfg.pkeyopts); |
| if (req_config.sigopts) |
if (cfg.sigopts) |
| sk_OPENSSL_STRING_free(req_config.sigopts); |
sk_OPENSSL_STRING_free(cfg.sigopts); |
| lh_OPENSSL_STRING_doall(req_config.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); |
lh_OPENSSL_STRING_doall(cfg.addexts, (LHASH_DOALL_FN_TYPE)exts_cleanup); |
| lh_OPENSSL_STRING_free(req_config.addexts); |
lh_OPENSSL_STRING_free(cfg.addexts); |
| free(keyalgstr); |
free(keyalgstr); |
| X509_REQ_free(req); |
X509_REQ_free(req); |
| X509_free(x509ss); |
X509_free(x509ss); |
| ASN1_INTEGER_free(req_config.serial); |
ASN1_INTEGER_free(cfg.serial); |
| if (req_config.passargin && passin) |
if (cfg.passargin && passin) |
| free(passin); |
free(passin); |
| if (req_config.passargout && passout) |
if (cfg.passargout && passout) |
| free(passout); |
free(passout); |
| OBJ_cleanup(); |
OBJ_cleanup(); |
| |
|
|
|
| X509_NAME *subj; |
X509_NAME *subj; |
| subj = X509_REQ_get_subject_name(req); |
subj = X509_REQ_get_subject_name(req); |
| |
|
| if (!req_config.batch) { |
if (!cfg.batch) { |
| BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); |
BIO_printf(bio_err, "You are about to be asked to enter information that will be incorporated\n"); |
| BIO_printf(bio_err, "into your certificate request.\n"); |
BIO_printf(bio_err, "into your certificate request.\n"); |
| BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); |
BIO_printf(bio_err, "What you are about to enter is what is called a Distinguished Name or a DN.\n"); |
|
|
| } |
} |
| if (attribs) { |
if (attribs) { |
| if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && |
if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && |
| (!req_config.batch)) { |
(!cfg.batch)) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "\nPlease enter the following 'extra' attributes\n"); |
"\nPlease enter the following 'extra' attributes\n"); |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
| int i, ret = 0; |
int i, ret = 0; |
| char buf[1024]; |
char buf[1024]; |
| start: |
start: |
| if (!req_config.batch) |
if (!cfg.batch) |
| BIO_printf(bio_err, "%s [%s]:", text, def); |
BIO_printf(bio_err, "%s [%s]:", text, def); |
| (void) BIO_flush(bio_err); |
(void) BIO_flush(bio_err); |
| if (value != NULL) { |
if (value != NULL) { |
|
|
| BIO_printf(bio_err, "%s\n", value); |
BIO_printf(bio_err, "%s\n", value); |
| } else { |
} else { |
| buf[0] = '\0'; |
buf[0] = '\0'; |
| if (!req_config.batch) { |
if (!cfg.batch) { |
| if (!fgets(buf, sizeof buf, stdin)) |
if (!fgets(buf, sizeof buf, stdin)) |
| return 0; |
return 0; |
| } else { |
} else { |
|
|
| static char buf[1024]; |
static char buf[1024]; |
| |
|
| start: |
start: |
| if (!req_config.batch) |
if (!cfg.batch) |
| BIO_printf(bio_err, "%s [%s]:", text, def); |
BIO_printf(bio_err, "%s [%s]:", text, def); |
| (void) BIO_flush(bio_err); |
(void) BIO_flush(bio_err); |
| if (value != NULL) { |
if (value != NULL) { |
|
|
| BIO_printf(bio_err, "%s\n", value); |
BIO_printf(bio_err, "%s\n", value); |
| } else { |
} else { |
| buf[0] = '\0'; |
buf[0] = '\0'; |
| if (!req_config.batch) { |
if (!cfg.batch) { |
| if (!fgets(buf, sizeof buf, stdin)) |
if (!fgets(buf, sizeof buf, stdin)) |
| return 0; |
return 0; |
| } else { |
} else { |
![[BACK]](/icons/back.gif){kind=icon}
Return to req.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl