Change the EVP_somecipher() and EVP_somedigest()
[openssl.git] / apps / req.c
index 1aab38d..f422d3e 100644 (file)
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
@@ -73,6 +73,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/engine.h>
 
 #define SECTION                "req"
 
  * -nodes      - no des encryption
  * -config file        - Load configuration file.
  * -key file   - make a request using key in file (or use it for verification).
- * -keyform    - key file format.
+ * -keyform arg        - key file format.
  * -rand file(s) - load the file(s) into the PRNG.
  * -newkey     - make a key and a request.
  * -modulus    - print RSA modulus.
  *               require.  This format is wrong
  */
 
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs);
+static int build_subject(X509_REQ *req, char *subj);
 static int prompt_info(X509_REQ *req,
                STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
                STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
@@ -121,7 +123,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
                                int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
        int nid,int min,int max);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
 static int req_check_len(int len,int min,int max);
@@ -131,6 +133,7 @@ static char *default_config_file=NULL;
 static LHASH *config=NULL;
 #endif
 static LHASH *req_conf=NULL;
+static int batch=0;
 
 #define TYPE_RSA       1
 #define TYPE_DSA       2
@@ -140,33 +143,38 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
        {
-#ifndef NO_DSA
+       ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
        DSA *dsa_params=NULL;
 #endif
+       unsigned long nmflag = 0;
        int ex=1,x509=0,days=30;
        X509 *x509ss=NULL;
        X509_REQ *req=NULL;
        EVP_PKEY *pkey=NULL;
-       int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
+       int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
        BIO *in=NULL,*out=NULL;
        int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-       int nodes=0,kludge=0,newhdr=0;
+       int nodes=0,kludge=0,newhdr=0,subject=0;
        char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+       char *engine=NULL;
        char *extensions = NULL;
        char *req_exts = NULL;
-       EVP_CIPHER *cipher=NULL;
+       const EVP_CIPHER *cipher=NULL;
+       ASN1_INTEGER *serial = NULL;
        int modulus=0;
        char *inrand=NULL;
        char *passargin = NULL, *passargout = NULL;
        char *passin = NULL, *passout = NULL;
        char *p;
+       char *subj = NULL;
        const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
        MS_STATIC char config_name[256];
 #endif
 
        req_conf = NULL;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
        cipher=EVP_des_ede3_cbc();
 #endif
        apps_startup();
@@ -195,6 +203,11 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        outformat=str2fmt(*(++argv));
                        }
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine= *(++argv);
+                       }
                else if (strcmp(*argv,"-key") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -202,7 +215,6 @@ int MAIN(int argc, char **argv)
                        }
                else if (strcmp(*argv,"-new") == 0)
                        {
-                       pkey_type=TYPE_RSA;
                        newreq=1;
                        }
                else if (strcmp(*argv,"-config") == 0)
@@ -260,7 +272,7 @@ int MAIN(int argc, char **argv)
                                newkey= atoi(p);
                                }
                        else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                                if (strncmp("dsa:",p,4) == 0)
                                {
                                X509 *xtmp=NULL;
@@ -300,7 +312,7 @@ int MAIN(int argc, char **argv)
                                }
                        else 
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
                                if (strncmp("dh:",p,4) == 0)
                                {
                                pkey_type=TYPE_DH;
@@ -312,6 +324,8 @@ int MAIN(int argc, char **argv)
 
                        newreq=1;
                        }
+               else if (strcmp(*argv,"-batch") == 0)
+                       batch=1;
                else if (strcmp(*argv,"-newhdr") == 0)
                        newhdr=1;
                else if (strcmp(*argv,"-modulus") == 0)
@@ -322,6 +336,15 @@ int MAIN(int argc, char **argv)
                        nodes=1;
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
+               else if (strcmp(*argv,"-verbose") == 0)
+                       verbose=1;
+               else if (strcmp(*argv,"-nameopt") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+                       }
+               else if (strcmp(*argv,"-subject") == 0)
+                       subject=1;
                else if (strcmp(*argv,"-text") == 0)
                        text=1;
                else if (strcmp(*argv,"-x509") == 0)
@@ -330,12 +353,23 @@ int MAIN(int argc, char **argv)
                        kludge=1;
                else if (strcmp(*argv,"-no-asn1-kludge") == 0)
                        kludge=0;
+               else if (strcmp(*argv,"-subj") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       subj= *(++argv);
+                       }
                else if (strcmp(*argv,"-days") == 0)
                        {
                        if (--argc < 1) goto bad;
                        days= atoi(*(++argv));
                        if (days == 0) days=30;
                        }
+               else if (strcmp(*argv,"-set_serial") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+                       if (!serial) goto bad;
+                       }
                else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
                        {
                        /* ok */
@@ -375,7 +409,10 @@ bad:
                BIO_printf(bio_err," -verify        verify signature on REQ\n");
                BIO_printf(bio_err," -modulus       RSA modulus\n");
                BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-               BIO_printf(bio_err," -key file  use the private key contained in file\n");
+               BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
+               BIO_printf(bio_err," -subject       output the request's subject\n");
+               BIO_printf(bio_err," -passin        private key password source\n");
+               BIO_printf(bio_err," -key file      use the private key contained in file\n");
                BIO_printf(bio_err," -keyform arg   key file format\n");
                BIO_printf(bio_err," -keyout arg    file to send the key to\n");
                BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
@@ -383,12 +420,14 @@ bad:
                BIO_printf(bio_err,"                the random number generator\n");
                BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
                BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-
                BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
                BIO_printf(bio_err," -config file   request template file.\n");
+               BIO_printf(bio_err," -subj arg      set or modify request subject\n");
                BIO_printf(bio_err," -new           new request.\n");
+               BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
                BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-               BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
+               BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
+               BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
                BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
                BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
                BIO_printf(bio_err,"                have been reported as requiring\n");
@@ -411,7 +450,7 @@ bad:
        if (p == NULL)
                {
                strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
+#ifndef OPENSSL_SYS_VMS
                strcat(config_name,"/");
 #endif
                strcat(config_name,OPENSSL_CONF);
@@ -447,6 +486,8 @@ bad:
        if (req_conf != NULL)
                {
                p=CONF_get_string(req_conf,NULL,"oid_file");
+               if (p == NULL)
+                       ERR_clear_error();
                if (p != NULL)
                        {
                        BIO *oid_bio;
@@ -466,18 +507,27 @@ bad:
                                }
                        }
                }
-               if(!add_oid_section(bio_err, req_conf)) goto end;
+       if(!add_oid_section(bio_err, req_conf)) goto end;
 
-       if ((md_alg == NULL) &&
-               ((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
+       if (md_alg == NULL)
                {
-               if ((md_alg=EVP_get_digestbyname(p)) != NULL)
-                       digest=md_alg;
+               p=CONF_get_string(req_conf,SECTION,"default_md");
+               if (p == NULL)
+                       ERR_clear_error();
+               if (p != NULL)
+                       {
+                       if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+                               digest=md_alg;
+                       }
                }
 
-       if(!extensions)
+       if (!extensions)
+               {
                extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
-       if(extensions) {
+               if (!extensions)
+                       ERR_clear_error();
+               }
+       if (extensions) {
                /* Check syntax of file */
                X509V3_CTX ctx;
                X509V3_set_ctx_test(&ctx);
@@ -490,12 +540,22 @@ bad:
        }
 
        if(!passin)
+               {
                passin = CONF_get_string(req_conf, SECTION, "input_password");
-
+               if (!passin)
+                       ERR_clear_error();
+               }
+       
        if(!passout)
+               {
                passout = CONF_get_string(req_conf, SECTION, "output_password");
+               if (!passout)
+                       ERR_clear_error();
+               }
 
        p = CONF_get_string(req_conf, SECTION, STRING_MASK);
+       if (!p)
+               ERR_clear_error();
 
        if(p && !ASN1_STRING_set_default_mask_asc(p)) {
                BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
@@ -503,7 +563,11 @@ bad:
        }
 
        if(!req_exts)
+               {
                req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+               if (!req_exts)
+                       ERR_clear_error();
+               }
        if(req_exts) {
                /* Check syntax of file */
                X509V3_CTX ctx;
@@ -522,24 +586,55 @@ bad:
        if ((in == NULL) || (out == NULL))
                goto end;
 
-       if (keyfile != NULL)
+       if (engine != NULL)
                {
-               if (BIO_read_filename(in,keyfile) <= 0)
+               if((e = ENGINE_by_id(engine)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine \"%s\"\n",
+                               engine);
+                       goto end;
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
                        {
-                       perror(keyfile);
+                       BIO_printf(bio_err,"can't use that engine\n");
                        goto end;
                        }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine);
+               /* Free our "structural" reference. */
+               ENGINE_free(e);
+               }
 
-               if (keyform == FORMAT_ASN1)
-                       pkey=d2i_PrivateKey_bio(in,NULL);
-               else if (keyform == FORMAT_PEM)
+       if (keyfile != NULL)
+               {
+               if (keyform == FORMAT_ENGINE)
                        {
-                       pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,passin);
+                       if (!e)
+                               {
+                               BIO_printf(bio_err,"no engine specified\n");
+                               goto end;
+                               }
+                       pkey = ENGINE_load_private_key(e, keyfile, NULL);
                        }
                else
                        {
-                       BIO_printf(bio_err,"bad input format specified for X509 request\n");
-                       goto end;
+                       if (BIO_read_filename(in,keyfile) <= 0)
+                               {
+                               perror(keyfile);
+                               goto end;
+                               }
+
+                       if (keyform == FORMAT_ASN1)
+                               pkey=d2i_PrivateKey_bio(in,NULL);
+                       else if (keyform == FORMAT_PEM)
+                               {
+                               pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,
+                                       passin);
+                               }
+                       else
+                               {
+                               BIO_printf(bio_err,"bad input format specified for X509 request\n");
+                               goto end;
+                               }
                        }
 
                if (pkey == NULL)
@@ -547,16 +642,20 @@ bad:
                        BIO_printf(bio_err,"unable to load Private key\n");
                        goto end;
                        }
-                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+               if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
                        {
                        char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+                       if (randfile == NULL)
+                               ERR_clear_error();
                        app_RAND_load_file(randfile, bio_err, 0);
-                       }
+                       }
                }
 
        if (newreq && (pkey == NULL))
                {
                char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
+               if (randfile == NULL)
+                       ERR_clear_error();
                app_RAND_load_file(randfile, bio_err, 0);
                if (inrand)
                        app_RAND_load_files(inrand);
@@ -579,7 +678,7 @@ bad:
 
                if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                if (pkey_type == TYPE_RSA)
                        {
                        if (!EVP_PKEY_assign_RSA(pkey,
@@ -589,7 +688,7 @@ bad:
                        }
                else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                        if (pkey_type == TYPE_DSA)
                        {
                        if (!DSA_generate_key(dsa_params)) goto end;
@@ -603,13 +702,17 @@ bad:
                if (pkey == NULL) goto end;
 
                if (keyout == NULL)
+                       {
                        keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
-
+                       if (keyout == NULL)
+                               ERR_clear_error();
+                       }
+               
                if (keyout == NULL)
                        {
                        BIO_printf(bio_err,"writing new private key to stdout\n");
                        BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
                        {
                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
                        out = BIO_push(tmpbio, out);
@@ -628,7 +731,12 @@ bad:
 
                p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
                if (p == NULL)
+                       {
+                       ERR_clear_error();
                        p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+                       if (p == NULL)
+                               ERR_clear_error();
+                       }
                if ((p != NULL) && (strcmp(p,"no") == 0))
                        cipher=NULL;
                if (nodes) cipher=NULL;
@@ -685,16 +793,15 @@ loop:
 
        if (newreq || x509)
                {
-#ifndef NO_DSA
-               if (pkey->type == EVP_PKEY_DSA)
-                       digest=EVP_dss1();
-#endif
-
                if (pkey == NULL)
                        {
                        BIO_printf(bio_err,"you need to specify a private key\n");
                        goto end;
                        }
+#ifndef OPENSSL_NO_DSA
+               if (pkey->type == EVP_PKEY_DSA)
+                       digest=EVP_dss1();
+#endif
                if (req == NULL)
                        {
                        req=X509_REQ_new();
@@ -703,9 +810,13 @@ loop:
                                goto end;
                                }
 
-                       i=make_REQ(req,pkey,!x509);
-                       if (kludge >= 0)
-                               req->req_info->req_kludge=kludge;
+                       i=make_REQ(req,pkey,subj,!x509);
+                       subj=NULL; /* done processing '-subj' option */
+                       if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
+                               {
+                               sk_X509_ATTRIBUTE_free(req->req_info->attributes);
+                               req->req_info->attributes = NULL;
+                               }
                        if (!i)
                                {
                                BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -720,7 +831,10 @@ loop:
 
                        /* Set version to V3 */
                        if(!X509_set_version(x509ss, 2)) goto end;
-                       ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+                       if (serial)
+                               X509_set_serialNumber(x509ss, serial);
+                       else
+                               ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
 
                        X509_set_issuer_name(x509ss,
                                X509_REQ_get_subject_name(req));
@@ -741,13 +855,13 @@ loop:
                        /* Add extensions */
                        if(extensions && !X509V3_EXT_add_conf(req_conf, 
                                        &ext_ctx, extensions, x509ss))
-                           {
-                           BIO_printf(bio_err,
-                                      "Error Loading extension section %s\n",
-                                      extensions);
-                           goto end;
-                           }
-
+                               {
+                               BIO_printf(bio_err,
+                                       "Error Loading extension section %s\n",
+                                       extensions);
+                               goto end;
+                               }
+                       
                        if (!(i=X509_sign(x509ss,pkey,digest)))
                                goto end;
                        }
@@ -763,17 +877,46 @@ loop:
                        /* Add extensions */
                        if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 
                                        &ext_ctx, req_exts, req))
-                           {
-                           BIO_printf(bio_err,
-                                      "Error Loading extension section %s\n",
-                                      req_exts);
-                           goto end;
-                           }
+                               {
+                               BIO_printf(bio_err,
+                                       "Error Loading extension section %s\n",
+                                       req_exts);
+                               goto end;
+                               }
                        if (!(i=X509_REQ_sign(req,pkey,digest)))
                                goto end;
                        }
                }
 
+       if (subj && x509)
+               {
+               BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+               goto end;
+               }
+
+       if (subj && !x509)
+               {
+               if (verbose)
+                       {
+                       BIO_printf(bio_err, "Modifying Request's Subject\n");
+                       print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
+                       }
+
+               if (build_subject(req, subj) == 0)
+                       {
+                       BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+                       ex=1;
+                       goto end;
+                       }
+
+               req->req_info->enc.modified = 1;
+
+               if (verbose)
+                       {
+                       print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
+                       }
+               }
+
        if (verify && !x509)
                {
                int tmp=0;
@@ -803,7 +946,7 @@ loop:
                        BIO_printf(bio_err,"verify OK\n");
                }
 
-       if (noout && !text && !modulus)
+       if (noout && !text && !modulus && !subject)
                {
                ex=0;
                goto end;
@@ -812,7 +955,7 @@ loop:
        if (outfile == NULL)
                {
                BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
                {
                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
                out = BIO_push(tmpbio, out);
@@ -840,6 +983,14 @@ loop:
                        X509_REQ_print(out,req);
                }
 
+       if(subject) 
+               {
+               if(x509)
+                       print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
+               else
+                       print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
+               }
+
        if (modulus)
                {
                EVP_PKEY *pubkey;
@@ -854,7 +1005,7 @@ loop:
                        goto end; 
                        }
                fprintf(stdout,"Modulus=");
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                if (pubkey->type == EVP_PKEY_RSA)
                        BN_print(out,pubkey->pkey.rsa->n);
                else
@@ -908,16 +1059,17 @@ end:
        EVP_PKEY_free(pkey);
        X509_REQ_free(req);
        X509_free(x509ss);
+       ASN1_INTEGER_free(serial);
        if(passargin && passin) OPENSSL_free(passin);
        if(passargout && passout) OPENSSL_free(passout);
        OBJ_cleanup();
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
        if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
        EXIT(ex);
        }
 
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
        {
        int ret=0,i;
        char no_prompt = 0;
@@ -925,6 +1077,8 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
        char *tmp, *dn_sect,*attr_sect;
 
        tmp=CONF_get_string(req_conf,SECTION,PROMPT);
+       if (tmp == NULL)
+               ERR_clear_error();
        if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
 
        dn_sect=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
@@ -943,7 +1097,10 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
 
        attr_sect=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
        if (attr_sect == NULL)
+               {
+               ERR_clear_error();              
                attr_sk=NULL;
+               }
        else
                {
                attr_sk=CONF_get_section(req_conf,attr_sect);
@@ -957,8 +1114,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
        /* setup version number */
        if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
 
-       if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs);
-       else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+       if (no_prompt) 
+               i = auto_info(req, dn_sk, attr_sk, attribs);
+       else 
+               {
+               if (subj)
+                       i = build_subject(req, subj);
+               else
+                       i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+               }
        if(!i) goto err;
 
        X509_REQ_set_pubkey(req,pkey);
@@ -968,6 +1132,68 @@ err:
        return(ret);
        }
 
+static int build_subject(X509_REQ *req, char *subject)
+       {
+       X509_NAME *n = NULL;
+
+       int i, nid, ne_num=0;
+
+       char *ne_name = NULL;
+       char *ne_value = NULL;
+
+       char *tmp = NULL;
+       char *p[2];
+
+       char *str_list[256];
+       
+       p[0] = ",/";
+        p[1] = "=";
+
+       n = X509_NAME_new();
+
+       tmp = strtok(subject, p[0]);
+       while((tmp != NULL) && (ne_num < (sizeof str_list/sizeof *str_list)))
+               {
+               char *token = tmp;
+
+               while (token[0] == ' ')
+                       token++;
+               str_list[ne_num] = token;
+
+               tmp = strtok(NULL, p[0]);
+               ne_num++;
+               }
+
+       for(i = 0; i < ne_num; i++)
+               {
+               ne_name  = strtok(str_list[i], p[1]);
+               ne_value = strtok(NULL, p[1]);
+
+               if ((nid=OBJ_txt2nid(ne_name)) == NID_undef)
+                       {
+                       BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_name);
+                       continue;
+                       }
+
+               if (ne_value == NULL)
+                       {
+                       BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_name);
+                       continue;
+                       }
+
+               if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
+                       {
+                       X509_NAME_free(n);
+                       return 0;
+                       }
+               }
+
+       if (!X509_REQ_set_subject_name(req, n))
+               return 0;
+       X509_NAME_free(n);
+       return 1;
+}
+
 
 static int prompt_info(X509_REQ *req,
                STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
@@ -981,13 +1207,17 @@ static int prompt_info(X509_REQ *req,
        CONF_VALUE *v;
        X509_NAME *subj;
        subj = X509_REQ_get_subject_name(req);
-       BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
-       BIO_printf(bio_err,"into your certificate request.\n");
-       BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
-       BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
-       BIO_printf(bio_err,"For some fields there will be a default value,\n");
-       BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
-       BIO_printf(bio_err,"-----\n");
+
+       if(!batch)
+               {
+               BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+               BIO_printf(bio_err,"into your certificate request.\n");
+               BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+               BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+               BIO_printf(bio_err,"For some fields there will be a default value,\n");
+               BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+               BIO_printf(bio_err,"-----\n");
+               }
 
 
        if (sk_CONF_VALUE_num(dn_sk))
@@ -1018,11 +1248,17 @@ start:          for (;;)
                        if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
                        sprintf(buf,"%s_default",v->name);
                        if ((def=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+                               {
+                               ERR_clear_error();
                                def="";
+                               }
                                
                        sprintf(buf,"%s_value",v->name);
                        if ((value=CONF_get_string(req_conf,dn_sect,buf)) == NULL)
+                               {
+                               ERR_clear_error();
                                value=NULL;
+                               }
 
                        sprintf(buf,"%s_min",v->name);
                        min=(int)CONF_get_number(req_conf,dn_sect,buf);
@@ -1042,7 +1278,7 @@ start:            for (;;)
 
                if (attribs)
                        {
-                       if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0))
+                       if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
                                {
                                BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
                                BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -1064,12 +1300,19 @@ start2:                 for (;;)
                                sprintf(buf,"%s_default",type);
                                if ((def=CONF_get_string(req_conf,attr_sect,buf))
                                        == NULL)
+                                       {
+                                       ERR_clear_error();
                                        def="";
+                                       }
+                               
                                
                                sprintf(buf,"%s_value",type);
                                if ((value=CONF_get_string(req_conf,attr_sect,buf))
                                        == NULL)
+                                       {
+                                       ERR_clear_error();
                                        value=NULL;
+                                       }
 
                                sprintf(buf,"%s_min",type);
                                min=(int)CONF_get_number(req_conf,attr_sect,buf);
@@ -1151,9 +1394,9 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
        int i,ret=0;
        MS_STATIC char buf[1024];
 start:
-       BIO_printf(bio_err,"%s [%s]:",text,def);
+       if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
        (void)BIO_flush(bio_err);
-       if (value != NULL)
+       if(value != NULL)
                {
                strcpy(buf,value);
                strcat(buf,"\n");
@@ -1162,7 +1405,15 @@ start:
        else
                {
                buf[0]='\0';
-               fgets(buf,1024,stdin);
+               if (!batch)
+                       {
+                       fgets(buf,1024,stdin);
+                       }
+               else
+                       {
+                       buf[0] = '\n';
+                       buf[1] = '\0';
+                       }
                }
 
        if (buf[0] == '\0') return(0);
@@ -1182,7 +1433,6 @@ start:
                return(0);
                }
        buf[--i]='\0';
-
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
@@ -1202,7 +1452,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
        static char buf[1024];
 
 start:
-       BIO_printf(bio_err,"%s [%s]:",text,def);
+       if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
        (void)BIO_flush(bio_err);
        if (value != NULL)
                {
@@ -1213,7 +1463,15 @@ start:
        else
                {
                buf[0]='\0';
-               fgets(buf,1024,stdin);
+               if (!batch)
+                       {
+                       fgets(buf,1024,stdin);
+                       }
+               else
+                       {
+                       buf[0] = '\n';
+                       buf[1] = '\0';
+                       }
                }
 
        if (buf[0] == '\0') return(0);
@@ -1250,7 +1508,7 @@ err:
        return(0);
        }
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p, int n, void *arg)
        {
        char c='*';