X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Freq.c;h=b97a9f187bf7e64e57cf2d83cd9e31aeb6fad56b;hb=94480b57db954599a355657a12d77ba926e195c4;hp=e69d451f2f015cb8ad710526cdf3612e57e49635;hpb=759d8ac6eed5fff8dd9065ede5634524c2d2cd5b;p=openssl.git diff --git a/apps/req.c b/apps/req.c index e69d451f2f..b97a9f187b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -144,9 +144,9 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, static int genpkey_cb(EVP_PKEY_CTX *ctx); static int req_check_len(int len,int n_min,int n_max); static int check_end(const char *str, const char *end); -static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, - long *pkeylen, const char **palgnam, - ENGINE *e); +static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE *keygen_engine); #ifndef MONOLITH static char *default_config_file=NULL; #endif @@ -157,21 +157,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { - ENGINE *e = NULL; -#ifndef OPENSSL_NO_DSA - DSA *dsa_params=NULL; -#endif -#ifndef OPENSSL_NO_ECDSA - EC_KEY *ec_params = NULL; -#endif + ENGINE *e = NULL, *gen_eng = NULL; unsigned long nmflag = 0, reqflag = 0; int ex=1,x509=0,days=30; X509 *x509ss=NULL; X509_REQ *req=NULL; EVP_PKEY_CTX *genctx = NULL; - const char *keyalgstr; + const char *keyalg = NULL; + char *keyalgstr = NULL; + STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; EVP_PKEY *pkey=NULL; - int i=0,badops=0,newreq=0,verbose=0,pkey_type=EVP_PKEY_RSA; + int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1; long newkey = -1; BIO *in=NULL,*out=NULL; int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; @@ -234,6 +230,16 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine= *(++argv); } + else if (strcmp(*argv,"-keygen_engine") == 0) + { + if (--argc < 1) goto bad; + gen_eng = ENGINE_by_id(*(++argv)); + if (gen_eng == NULL) + { + BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv); + goto end; + } + } #endif else if (strcmp(*argv,"-key") == 0) { @@ -290,33 +296,19 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-newkey") == 0) { - if (--argc < 1) goto bad; - - genctx = set_keygen_ctx(bio_err, *(++argv), &newkey, - &keyalgstr, e); - - if (!genctx) - goto bad; - + keyalg = *(++argv); newreq=1; } else if (strcmp(*argv,"-pkeyopt") == 0) { if (--argc < 1) goto bad; - if (!genctx) - { - BIO_puts(bio_err, "No keytype specified\n"); + if (!pkeyopts) + pkeyopts = sk_OPENSSL_STRING_new_null(); + if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv))) goto bad; - } - else if (pkey_ctrl_string(genctx, *(++argv)) <= 0) - { - BIO_puts(bio_err, "parameter setting error\n"); - ERR_print_errors(bio_err); - goto end; - } } else if (strcmp(*argv,"-batch") == 0) batch=1; @@ -373,11 +365,6 @@ int MAIN(int argc, char **argv) serial = s2i_ASN1_INTEGER(NULL, *(++argv)); if (!serial) goto bad; } - else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) - { - /* ok */ - digest=md_alg; - } else if (strcmp(*argv,"-extensions") == 0) { if (--argc < 1) goto bad; @@ -388,6 +375,11 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; req_exts = *(++argv); } + else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL) + { + /* ok */ + digest=md_alg; + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -625,8 +617,7 @@ bad: message */ goto end; } - if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || - EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) + else { char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); if (randfile == NULL) @@ -643,6 +634,14 @@ bad: app_RAND_load_file(randfile, bio_err, 0); if (inrand) app_RAND_load_files(inrand); + + if (keyalg) + { + genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey, + &keyalgstr, gen_eng); + if (!genctx) + goto end; + } if (newkey <= 0) { @@ -659,12 +658,29 @@ bad: if (!genctx) { - genctx = set_keygen_ctx(bio_err, NULL, &newkey, - &keyalgstr, e); + genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey, + &keyalgstr, gen_eng); if (!genctx) goto end; } + if (pkeyopts) + { + char *genopt; + for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) + { + genopt = sk_OPENSSL_STRING_value(pkeyopts, i); + if (pkey_ctrl_string(genctx, genopt) <= 0) + { + BIO_printf(bio_err, + "parameter error \"%s\"\n", + genopt); + ERR_print_errors(bio_err); + goto end; + } + } + } + BIO_printf(bio_err,"Generating a %ld bit %s private key\n", newkey, keyalgstr); @@ -822,7 +838,7 @@ loop: if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end; if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end; - if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end; + if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) goto end; if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end; tmppkey = X509_REQ_get_pubkey(req); if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end; @@ -1066,18 +1082,20 @@ end: EVP_PKEY_free(pkey); if (genctx) EVP_PKEY_CTX_free(genctx); + if (pkeyopts) + sk_OPENSSL_STRING_free(pkeyopts); +#ifndef OPENSSL_NO_ENGINE + if (gen_eng) + ENGINE_free(gen_eng); +#endif + if (keyalgstr) + OPENSSL_free(keyalgstr); X509_REQ_free(req); X509_free(x509ss); ASN1_INTEGER_free(serial); if(passargin && passin) OPENSSL_free(passin); if(passargout && passout) OPENSSL_free(passout); OBJ_cleanup(); -#ifndef OPENSSL_NO_DSA - if (dsa_params != NULL) DSA_free(dsa_params); -#endif -#ifndef OPENSSL_NO_ECDSA - if (ec_params != NULL) EC_KEY_free(ec_params); -#endif apps_shutdown(); OPENSSL_EXIT(ex); } @@ -1551,25 +1569,24 @@ static int check_end(const char *str, const char *end) return strcmp(tmp, end); } -static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, - long *pkeylen, const char **palgnam, - ENGINE *e) +static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, + long *pkeylen, char **palgnam, + ENGINE *keygen_engine) { EVP_PKEY_CTX *gctx = NULL; EVP_PKEY *param = NULL; long keylen = -1; - int pkey_type = -1; BIO *pbio = NULL; const char *paramfile = NULL; if (gstr == NULL) { - pkey_type = EVP_PKEY_RSA; + *pkey_type = EVP_PKEY_RSA; keylen = *pkeylen; } else if (gstr[0] >= '0' && gstr[0] <= '9') { - pkey_type = EVP_PKEY_RSA; + *pkey_type = EVP_PKEY_RSA; keylen = atol(gstr); *pkeylen = keylen; } @@ -1579,14 +1596,18 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, { const char *p = strchr(gstr, ':'); int len; + ENGINE *tmpeng; const EVP_PKEY_ASN1_METHOD *ameth; if (p) len = p - gstr; else len = strlen(gstr); + /* The lookup of a the string will cover all engines so + * keep a note of the implementation. + */ - ameth = EVP_PKEY_asn1_find_str(gstr, len); + ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len); if (!ameth) { @@ -1594,9 +1615,13 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, return NULL; } - EVP_PKEY_asn1_get0_info(NULL, &pkey_type, NULL, NULL, NULL, - ameth); - if (pkey_type == EVP_PKEY_RSA) + EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, + ameth); +#ifndef OPENSSL_NO_ENGINE + if (tmpeng) + ENGINE_finish(tmpeng); +#endif + if (*pkey_type == EVP_PKEY_RSA) { if (p) { @@ -1622,7 +1647,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, if (!param) { X509 *x; - BIO_reset(pbio); + (void)BIO_reset(pbio); x = PEM_read_bio_X509(pbio, NULL, NULL, NULL); if (x) { @@ -1639,9 +1664,9 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, paramfile); return NULL; } - if (pkey_type == -1) - pkey_type = EVP_PKEY_id(param); - else if (pkey_type != EVP_PKEY_base_id(param)) + if (*pkey_type == -1) + *pkey_type = EVP_PKEY_id(param); + else if (*pkey_type != EVP_PKEY_base_id(param)) { BIO_printf(err, "Key Type does not match parameters\n"); EVP_PKEY_free(param); @@ -1652,24 +1677,30 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, if (palgnam) { const EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_find(pkey_type); + ENGINE *tmpeng; + const char *anam; + ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type); if (!ameth) { BIO_puts(err, "Internal error: can't find key algorithm\n"); return NULL; } - EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, palgnam, - ameth); + EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth); + *palgnam = BUF_strdup(anam); +#ifndef OPENSSL_NO_ENGINE + if (tmpeng) + ENGINE_finish(tmpeng); +#endif } if (param) { - gctx = EVP_PKEY_CTX_new(param, e); + gctx = EVP_PKEY_CTX_new(param, keygen_engine); *pkeylen = EVP_PKEY_bits(param); EVP_PKEY_free(param); } else - gctx = EVP_PKEY_CTX_new_id(pkey_type, e); + gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); if (!gctx) { @@ -1684,8 +1715,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, ERR_print_errors(err); return NULL; } - - if ((pkey_type == EVP_PKEY_RSA) && (keylen != -1)) +#ifndef OPENSSL_NO_RSA + if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) { if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) { @@ -1695,6 +1726,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, return NULL; } } +#endif return gctx; }