Change the EVP_somecipher() and EVP_somedigest()
[openssl.git] / apps / req.c
index 292bc59..f422d3e 100644 (file)
@@ -60,7 +60,7 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
  *               require.  This format is wrong
  */
 
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs);
+static int build_subject(X509_REQ *req, char *subj);
 static int prompt_info(X509_REQ *req,
                STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
                STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);
@@ -122,7 +123,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
                                int max);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
        int nid,int min,int max);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
 static int req_check_len(int len,int min,int max);
@@ -132,6 +133,7 @@ static char *default_config_file=NULL;
 static LHASH *config=NULL;
 #endif
 static LHASH *req_conf=NULL;
+static int batch=0;
 
 #define TYPE_RSA       1
 #define TYPE_DSA       2
@@ -142,7 +144,7 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
        {
        ENGINE *e = NULL;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
        DSA *dsa_params=NULL;
 #endif
        unsigned long nmflag = 0;
@@ -150,7 +152,7 @@ int MAIN(int argc, char **argv)
        X509 *x509ss=NULL;
        X509_REQ *req=NULL;
        EVP_PKEY *pkey=NULL;
-       int i,badops=0,newreq=0,newkey= -1,pkey_type=TYPE_RSA;
+       int i,badops=0,newreq=0,newkey= -1,verbose=0,pkey_type=TYPE_RSA;
        BIO *in=NULL,*out=NULL;
        int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
        int nodes=0,kludge=0,newhdr=0,subject=0;
@@ -158,19 +160,21 @@ int MAIN(int argc, char **argv)
        char *engine=NULL;
        char *extensions = NULL;
        char *req_exts = NULL;
-       EVP_CIPHER *cipher=NULL;
+       const EVP_CIPHER *cipher=NULL;
+       ASN1_INTEGER *serial = NULL;
        int modulus=0;
        char *inrand=NULL;
        char *passargin = NULL, *passargout = NULL;
        char *passin = NULL, *passout = NULL;
        char *p;
+       char *subj = NULL;
        const EVP_MD *md_alg=NULL,*digest=EVP_md5();
 #ifndef MONOLITH
        MS_STATIC char config_name[256];
 #endif
 
        req_conf = NULL;
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
        cipher=EVP_des_ede3_cbc();
 #endif
        apps_startup();
@@ -268,7 +272,7 @@ int MAIN(int argc, char **argv)
                                newkey= atoi(p);
                                }
                        else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                                if (strncmp("dsa:",p,4) == 0)
                                {
                                X509 *xtmp=NULL;
@@ -308,7 +312,7 @@ int MAIN(int argc, char **argv)
                                }
                        else 
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
                                if (strncmp("dh:",p,4) == 0)
                                {
                                pkey_type=TYPE_DH;
@@ -320,6 +324,8 @@ int MAIN(int argc, char **argv)
 
                        newreq=1;
                        }
+               else if (strcmp(*argv,"-batch") == 0)
+                       batch=1;
                else if (strcmp(*argv,"-newhdr") == 0)
                        newhdr=1;
                else if (strcmp(*argv,"-modulus") == 0)
@@ -330,6 +336,8 @@ int MAIN(int argc, char **argv)
                        nodes=1;
                else if (strcmp(*argv,"-noout") == 0)
                        noout=1;
+               else if (strcmp(*argv,"-verbose") == 0)
+                       verbose=1;
                else if (strcmp(*argv,"-nameopt") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -345,12 +353,23 @@ int MAIN(int argc, char **argv)
                        kludge=1;
                else if (strcmp(*argv,"-no-asn1-kludge") == 0)
                        kludge=0;
+               else if (strcmp(*argv,"-subj") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       subj= *(++argv);
+                       }
                else if (strcmp(*argv,"-days") == 0)
                        {
                        if (--argc < 1) goto bad;
                        days= atoi(*(++argv));
                        if (days == 0) days=30;
                        }
+               else if (strcmp(*argv,"-set_serial") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+                       if (!serial) goto bad;
+                       }
                else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
                        {
                        /* ok */
@@ -390,8 +409,10 @@ bad:
                BIO_printf(bio_err," -verify        verify signature on REQ\n");
                BIO_printf(bio_err," -modulus       RSA modulus\n");
                BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-               BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
-               BIO_printf(bio_err," -key file  use the private key contained in file\n");
+               BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
+               BIO_printf(bio_err," -subject       output the request's subject\n");
+               BIO_printf(bio_err," -passin        private key password source\n");
+               BIO_printf(bio_err," -key file      use the private key contained in file\n");
                BIO_printf(bio_err," -keyform arg   key file format\n");
                BIO_printf(bio_err," -keyout arg    file to send the key to\n");
                BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
@@ -399,12 +420,14 @@ bad:
                BIO_printf(bio_err,"                the random number generator\n");
                BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
                BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-
                BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
                BIO_printf(bio_err," -config file   request template file.\n");
+               BIO_printf(bio_err," -subj arg      set or modify request subject\n");
                BIO_printf(bio_err," -new           new request.\n");
+               BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
                BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-               BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
+               BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
+               BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
                BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
                BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
                BIO_printf(bio_err,"                have been reported as requiring\n");
@@ -427,7 +450,7 @@ bad:
        if (p == NULL)
                {
                strcpy(config_name,X509_get_default_cert_area());
-#ifndef VMS
+#ifndef OPENSSL_SYS_VMS
                strcat(config_name,"/");
 #endif
                strcat(config_name,OPENSSL_CONF);
@@ -619,13 +642,13 @@ bad:
                        BIO_printf(bio_err,"unable to load Private key\n");
                        goto end;
                        }
-                if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
+               if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA)
                        {
                        char *randfile = CONF_get_string(req_conf,SECTION,"RANDFILE");
                        if (randfile == NULL)
                                ERR_clear_error();
                        app_RAND_load_file(randfile, bio_err, 0);
-                       }
+                       }
                }
 
        if (newreq && (pkey == NULL))
@@ -655,7 +678,7 @@ bad:
 
                if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                if (pkey_type == TYPE_RSA)
                        {
                        if (!EVP_PKEY_assign_RSA(pkey,
@@ -665,7 +688,7 @@ bad:
                        }
                else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                        if (pkey_type == TYPE_DSA)
                        {
                        if (!DSA_generate_key(dsa_params)) goto end;
@@ -689,7 +712,7 @@ bad:
                        {
                        BIO_printf(bio_err,"writing new private key to stdout\n");
                        BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
                        {
                        BIO *tmpbio = BIO_new(BIO_f_linebuffer());
                        out = BIO_push(tmpbio, out);
@@ -770,16 +793,15 @@ loop:
 
        if (newreq || x509)
                {
-#ifndef NO_DSA
-               if (pkey->type == EVP_PKEY_DSA)
-                       digest=EVP_dss1();
-#endif
-
                if (pkey == NULL)
                        {
                        BIO_printf(bio_err,"you need to specify a private key\n");
                        goto end;
                        }
+#ifndef OPENSSL_NO_DSA
+               if (pkey->type == EVP_PKEY_DSA)
+                       digest=EVP_dss1();
+#endif
                if (req == NULL)
                        {
                        req=X509_REQ_new();
@@ -788,7 +810,8 @@ loop:
                                goto end;
                                }
 
-                       i=make_REQ(req,pkey,!x509);
+                       i=make_REQ(req,pkey,subj,!x509);
+                       subj=NULL; /* done processing '-subj' option */
                        if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
                                {
                                sk_X509_ATTRIBUTE_free(req->req_info->attributes);
@@ -808,7 +831,10 @@ loop:
 
                        /* Set version to V3 */
                        if(!X509_set_version(x509ss, 2)) goto end;
-                       ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+                       if (serial)
+                               X509_set_serialNumber(x509ss, serial);
+                       else
+                               ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
 
                        X509_set_issuer_name(x509ss,
                                X509_REQ_get_subject_name(req));
@@ -829,13 +855,13 @@ loop:
                        /* Add extensions */
                        if(extensions && !X509V3_EXT_add_conf(req_conf, 
                                        &ext_ctx, extensions, x509ss))
-                           {
-                           BIO_printf(bio_err,
-                                      "Error Loading extension section %s\n",
-                                      extensions);
-                           goto end;
-                           }
-
+                               {
+                               BIO_printf(bio_err,
+                                       "Error Loading extension section %s\n",
+                                       extensions);
+                               goto end;
+                               }
+                       
                        if (!(i=X509_sign(x509ss,pkey,digest)))
                                goto end;
                        }
@@ -851,17 +877,46 @@ loop:
                        /* Add extensions */
                        if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, 
                                        &ext_ctx, req_exts, req))
-                           {
-                           BIO_printf(bio_err,
-                                      "Error Loading extension section %s\n",
-                                      req_exts);
-                           goto end;
-                           }
+                               {
+                               BIO_printf(bio_err,
+                                       "Error Loading extension section %s\n",
+                                       req_exts);
+                               goto end;
+                               }
                        if (!(i=X509_REQ_sign(req,pkey,digest)))
                                goto end;
                        }
                }
 
+       if (subj && x509)
+               {
+               BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+               goto end;
+               }
+
+       if (subj && !x509)
+               {
+               if (verbose)
+                       {
+                       BIO_printf(bio_err, "Modifying Request's Subject\n");
+                       print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
+                       }
+
+               if (build_subject(req, subj) == 0)
+                       {
+                       BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+                       ex=1;
+                       goto end;
+                       }
+
+               req->req_info->enc.modified = 1;
+
+               if (verbose)
+                       {
+                       print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
+                       }
+               }
+
        if (verify && !x509)
                {
                int tmp=0;
@@ -900,7 +955,7 @@ loop:
        if (outfile == NULL)
                {
                BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
                {
                BIO *tmpbio = BIO_new(BIO_f_linebuffer());
                out = BIO_push(tmpbio, out);
@@ -950,7 +1005,7 @@ loop:
                        goto end; 
                        }
                fprintf(stdout,"Modulus=");
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                if (pubkey->type == EVP_PKEY_RSA)
                        BN_print(out,pubkey->pkey.rsa->n);
                else
@@ -1004,16 +1059,17 @@ end:
        EVP_PKEY_free(pkey);
        X509_REQ_free(req);
        X509_free(x509ss);
+       ASN1_INTEGER_free(serial);
        if(passargin && passin) OPENSSL_free(passin);
        if(passargout && passout) OPENSSL_free(passout);
        OBJ_cleanup();
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
        if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
        EXIT(ex);
        }
 
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs)
        {
        int ret=0,i;
        char no_prompt = 0;
@@ -1058,8 +1114,15 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
        /* setup version number */
        if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
 
-       if(no_prompt) i = auto_info(req, dn_sk, attr_sk, attribs);
-       else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+       if (no_prompt) 
+               i = auto_info(req, dn_sk, attr_sk, attribs);
+       else 
+               {
+               if (subj)
+                       i = build_subject(req, subj);
+               else
+                       i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+               }
        if(!i) goto err;
 
        X509_REQ_set_pubkey(req,pkey);
@@ -1069,6 +1132,68 @@ err:
        return(ret);
        }
 
+static int build_subject(X509_REQ *req, char *subject)
+       {
+       X509_NAME *n = NULL;
+
+       int i, nid, ne_num=0;
+
+       char *ne_name = NULL;
+       char *ne_value = NULL;
+
+       char *tmp = NULL;
+       char *p[2];
+
+       char *str_list[256];
+       
+       p[0] = ",/";
+        p[1] = "=";
+
+       n = X509_NAME_new();
+
+       tmp = strtok(subject, p[0]);
+       while((tmp != NULL) && (ne_num < (sizeof str_list/sizeof *str_list)))
+               {
+               char *token = tmp;
+
+               while (token[0] == ' ')
+                       token++;
+               str_list[ne_num] = token;
+
+               tmp = strtok(NULL, p[0]);
+               ne_num++;
+               }
+
+       for(i = 0; i < ne_num; i++)
+               {
+               ne_name  = strtok(str_list[i], p[1]);
+               ne_value = strtok(NULL, p[1]);
+
+               if ((nid=OBJ_txt2nid(ne_name)) == NID_undef)
+                       {
+                       BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_name);
+                       continue;
+                       }
+
+               if (ne_value == NULL)
+                       {
+                       BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_name);
+                       continue;
+                       }
+
+               if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char*)ne_value, -1,-1,0))
+                       {
+                       X509_NAME_free(n);
+                       return 0;
+                       }
+               }
+
+       if (!X509_REQ_set_subject_name(req, n))
+               return 0;
+       X509_NAME_free(n);
+       return 1;
+}
+
 
 static int prompt_info(X509_REQ *req,
                STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
@@ -1082,13 +1207,17 @@ static int prompt_info(X509_REQ *req,
        CONF_VALUE *v;
        X509_NAME *subj;
        subj = X509_REQ_get_subject_name(req);
-       BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
-       BIO_printf(bio_err,"into your certificate request.\n");
-       BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
-       BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
-       BIO_printf(bio_err,"For some fields there will be a default value,\n");
-       BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
-       BIO_printf(bio_err,"-----\n");
+
+       if(!batch)
+               {
+               BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+               BIO_printf(bio_err,"into your certificate request.\n");
+               BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+               BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+               BIO_printf(bio_err,"For some fields there will be a default value,\n");
+               BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+               BIO_printf(bio_err,"-----\n");
+               }
 
 
        if (sk_CONF_VALUE_num(dn_sk))
@@ -1149,7 +1278,7 @@ start:            for (;;)
 
                if (attribs)
                        {
-                       if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0))
+                       if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
                                {
                                BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
                                BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -1265,9 +1394,9 @@ static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
        int i,ret=0;
        MS_STATIC char buf[1024];
 start:
-       BIO_printf(bio_err,"%s [%s]:",text,def);
+       if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
        (void)BIO_flush(bio_err);
-       if (value != NULL)
+       if(value != NULL)
                {
                strcpy(buf,value);
                strcat(buf,"\n");
@@ -1276,7 +1405,15 @@ start:
        else
                {
                buf[0]='\0';
-               fgets(buf,1024,stdin);
+               if (!batch)
+                       {
+                       fgets(buf,1024,stdin);
+                       }
+               else
+                       {
+                       buf[0] = '\n';
+                       buf[1] = '\0';
+                       }
                }
 
        if (buf[0] == '\0') return(0);
@@ -1296,7 +1433,6 @@ start:
                return(0);
                }
        buf[--i]='\0';
-
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
@@ -1316,7 +1452,7 @@ static int add_attribute_object(X509_REQ *req, char *text,
        static char buf[1024];
 
 start:
-       BIO_printf(bio_err,"%s [%s]:",text,def);
+       if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
        (void)BIO_flush(bio_err);
        if (value != NULL)
                {
@@ -1327,7 +1463,15 @@ start:
        else
                {
                buf[0]='\0';
-               fgets(buf,1024,stdin);
+               if (!batch)
+                       {
+                       fgets(buf,1024,stdin);
+                       }
+               else
+                       {
+                       buf[0] = '\n';
+                       buf[1] = '\0';
+                       }
                }
 
        if (buf[0] == '\0') return(0);
@@ -1364,7 +1508,7 @@ err:
        return(0);
        }
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static void MS_CALLBACK req_cb(int p, int n, void *arg)
        {
        char c='*';