X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Freq.c;h=fa8f7339f345116c751254995cae51fe3dbc414f;hp=bb3a65a5bc70e3d6f74e314d1cd2dcece656594d;hb=c79b16e11d70488f4de0e766d78f6a5ce77d99af;hpb=41b731f2f883a583554566d4e702cc51298ee9e1 diff --git a/apps/req.c b/apps/req.c index bb3a65a5bc..fa8f7339f3 100644 --- a/apps/req.c +++ b/apps/req.c @@ -64,16 +64,16 @@ #define APPS_WIN16 #endif #include "apps.h" -#include "bio.h" -#include "evp.h" -#include "rand.h" -#include "conf.h" -#include "err.h" -#include "asn1.h" -#include "x509.h" -#include "x509v3.h" -#include "objects.h" -#include "pem.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #define SECTION "req" @@ -82,6 +82,7 @@ #define DISTINGUISHED_NAME "distinguished_name" #define ATTRIBUTES "attributes" #define V3_EXTENSIONS "x509_extensions" +#define REQ_EXTENSIONS "req_extensions" #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 @@ -107,26 +108,16 @@ * require. This format is wrong */ -#ifndef NOPROTO static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs); -static int add_attribute_object(STACK *n, char *text, char *def, - char *value, int nid,int min,int max); +static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text, + char *def, char *value, int nid, int min, + int max); static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, int nid,int min,int max); -static void MS_CALLBACK req_cb(int p,int n,char *arg); +static void MS_CALLBACK req_cb(int p,int n,void *arg); static int req_fix_data(int nid,int *type,int len,int min,int max); static int check_end(char *str, char *end); static int add_oid_section(LHASH *conf); -#else -static int make_REQ(); -static int add_attribute_object(); -static int add_DN_object(); -static void MS_CALLBACK req_cb(); -static int req_fix_data(); -static int check_end(); -static int add_oid_section(); -#endif - #ifndef MONOLITH static char *default_config_file=NULL; static LHASH *config=NULL; @@ -137,9 +128,7 @@ static LHASH *req_conf=NULL; #define TYPE_DSA 2 #define TYPE_DH 3 -int MAIN(argc, argv) -int argc; -char **argv; +int MAIN(int argc, char **argv) { #ifndef NO_DSA DSA *dsa_params=NULL; @@ -154,6 +143,7 @@ char **argv; int nodes=0,kludge=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; char *extensions = NULL; + char *req_exts = NULL; EVP_CIPHER *cipher=NULL; int modulus=0; char *p; @@ -254,11 +244,11 @@ char **argv; perror(p); goto end; } - if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL) + if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) { ERR_clear_error(); - BIO_reset(in); - if ((xtmp=PEM_read_bio_X509(in,NULL,NULL)) == NULL) + (void)BIO_reset(in); + if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) { BIO_printf(bio_err,"unable to load DSA parameters from file\n"); goto end; @@ -373,7 +363,9 @@ bad: if (p == NULL) { strcpy(config_name,X509_get_default_cert_area()); - strcat(config_name,"/lib/"); +#ifndef VMS + strcat(config_name,"/"); +#endif strcat(config_name,OPENSSL_CONF); p=config_name; } @@ -448,6 +440,20 @@ bad: } } + req_exts = CONF_get_string(req_conf, SECTION, REQ_EXTENSIONS); + if(req_exts) { + /* Check syntax of file */ + X509V3_CTX ctx; + X509V3_set_ctx_test(&ctx); + X509V3_set_conf_lhash(&ctx, req_conf); + if(!X509V3_EXT_add_conf(req_conf, &ctx, req_exts, NULL)) { + BIO_printf(bio_err, + "Error Loading request extension section %s\n", + req_exts); + goto end; + } + } + in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) @@ -465,7 +471,7 @@ bad: rsa=d2i_RSAPrivateKey_bio(in,NULL); else */ if (keyform == FORMAT_PEM) - pkey=PEM_read_bio_PrivateKey(in,NULL,NULL); + pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified for X509 request\n"); @@ -523,7 +529,7 @@ bad: { if (!EVP_PKEY_assign_RSA(pkey, RSA_generate_key(newkey,0x10001, - req_cb,(char *)bio_err))) + req_cb,bio_err))) goto end; } else @@ -570,7 +576,7 @@ bad: i=0; loop: if (!PEM_write_bio_PrivateKey(out,pkey,cipher, - NULL,0,NULL)) + NULL,0,NULL,NULL)) { if ((ERR_GET_REASON(ERR_peek_error()) == PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) @@ -604,7 +610,7 @@ loop: if (informat == FORMAT_ASN1) req=d2i_X509_REQ_bio(in,NULL); else if (informat == FORMAT_PEM) - req=PEM_read_bio_X509_REQ(in,NULL,NULL); + req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified for X509 request\n"); @@ -687,6 +693,22 @@ loop: } else { + X509V3_CTX ext_ctx; + + /* Set up V3 context struct */ + + X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); + X509V3_set_conf_lhash(&ext_ctx, req_conf); + + /* Add extensions */ + if(req_exts && !X509V3_EXT_REQ_add_conf(req_conf, + &ext_ctx, req_exts, req)) + { + BIO_printf(bio_err, + "Error Loading extension section %s\n", + req_exts); + goto end; + } if (!(i=X509_REQ_sign(req,pkey,digest))) goto end; } @@ -825,18 +847,15 @@ end: EXIT(ex); } -static int make_REQ(req,pkey,attribs) -X509_REQ *req; -EVP_PKEY *pkey; -int attribs; +static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs) { int ret=0,i; - unsigned char *p,*q; + char *p,*q; X509_REQ_INFO *ri; char buf[100]; int nid,min,max; char *type,*def,*tmp,*value,*tmp_attr; - STACK *sk,*attr=NULL; + STACK_OF(CONF_VALUE) *sk, *attr=NULL; CONF_VALUE *v; tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME); @@ -879,15 +898,15 @@ int attribs; /* setup version number */ if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */ - if (sk_num(sk)) + if (sk_CONF_VALUE_num(sk)) { i= -1; start: for (;;) { i++; - if ((int)sk_num(sk) <= i) break; + if (sk_CONF_VALUE_num(sk) <= i) break; - v=(CONF_VALUE *)sk_value(sk,i); + v=sk_CONF_VALUE_value(sk,i); p=q=NULL; type=v->name; if(!check_end(type,"_min") || !check_end(type,"_max") || @@ -923,7 +942,7 @@ start: for (;;) min,max)) goto err; } - if (sk_num(ri->subject->entries) == 0) + if (sk_X509_NAME_ENTRY_num(ri->subject->entries) == 0) { BIO_printf(bio_err,"error, no objects specified in config file\n"); goto err; @@ -931,7 +950,7 @@ start: for (;;) if (attribs) { - if ((attr != NULL) && (sk_num(attr) > 0)) + if ((attr != NULL) && (sk_CONF_VALUE_num(attr) > 0)) { BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n"); BIO_printf(bio_err,"to be sent with your certificate request\n"); @@ -941,10 +960,11 @@ start: for (;;) start2: for (;;) { i++; - if ((attr == NULL) || ((int)sk_num(attr) <= i)) + if ((attr == NULL) || + (sk_CONF_VALUE_num(attr) <= i)) break; - v=(CONF_VALUE *)sk_value(attr,i); + v=sk_CONF_VALUE_value(attr,i); type=v->name; if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start2; @@ -984,21 +1004,15 @@ err: return(ret); } -static int add_DN_object(n,text,def,value,nid,min,max) -X509_NAME *n; -char *text; -char *def; -char *value; -int nid; -int min; -int max; +static int add_DN_object(X509_NAME *n, char *text, char *def, char *value, + int nid, int min, int max) { int i,j,ret=0; X509_NAME_ENTRY *ne=NULL; MS_STATIC char buf[1024]; BIO_printf(bio_err,"%s [%s]:",text,def); - BIO_flush(bio_err); + (void)BIO_flush(bio_err); if (value != NULL) { strcpy(buf,value); @@ -1032,6 +1046,9 @@ int max; j=ASN1_PRINTABLE_type((unsigned char *)buf,-1); if (req_fix_data(nid,&j,i,min,max) == 0) goto err; +#ifdef CHARSET_EBCDIC + ebcdic2ascii(buf, buf, i); +#endif if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf, strlen(buf))) == NULL) goto err; @@ -1044,14 +1061,9 @@ err: return(ret); } -static int add_attribute_object(n,text,def,value,nid,min,max) -STACK *n; -char *text; -char *def; -char *value; -int nid; -int min; -int max; +static int add_attribute_object(STACK_OF(X509_ATTRIBUTE) *n, char *text, + char *def, char *value, int nid, int min, + int max) { int i,z; X509_ATTRIBUTE *xa=NULL; @@ -1061,7 +1073,7 @@ int max; start: BIO_printf(bio_err,"%s [%s]:",text,def); - BIO_flush(bio_err); + (void)BIO_flush(bio_err); if (value != NULL) { strcpy(buf,value); @@ -1095,7 +1107,7 @@ start: /* add object plus value */ if ((xa=X509_ATTRIBUTE_new()) == NULL) goto err; - if ((xa->value.set=sk_new_null()) == NULL) + if ((xa->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err; xa->set=1; @@ -1121,12 +1133,12 @@ start: { BIO_printf(bio_err,"Malloc failure\n"); goto err; } ASN1_TYPE_set(at,bs->type,(char *)bs); - sk_push(xa->value.set,(char *)at); + sk_ASN1_TYPE_push(xa->value.set,at); bs=NULL; at=NULL; /* only one item per attribute */ - if (!sk_push(n,(char *)xa)) goto err; + if (!sk_X509_ATTRIBUTE_push(n,xa)) goto err; return(1); err: if (xa != NULL) X509_ATTRIBUTE_free(xa); @@ -1135,10 +1147,7 @@ err: return(0); } -static void MS_CALLBACK req_cb(p,n,arg) -int p; -int n; -char *arg; +static void MS_CALLBACK req_cb(int p, int n, void *arg) { char c='*'; @@ -1147,16 +1156,13 @@ char *arg; if (p == 2) c='*'; if (p == 3) c='\n'; BIO_write((BIO *)arg,&c,1); - BIO_flush((BIO *)arg); + (void)BIO_flush((BIO *)arg); #ifdef LINT p=n; #endif } -static int req_fix_data(nid,type,len,min,max) -int nid; -int *type; -int len,min,max; +static int req_fix_data(int nid, int *type, int len, int min, int max) { if (nid == NID_pkcs9_emailAddress) *type=V_ASN1_IA5STRING; @@ -1189,9 +1195,7 @@ int len,min,max; } /* Check if the end of a string matches 'end' */ -static int check_end(str, end) -char *str; -char *end; +static int check_end(char *str, char *end) { int elen, slen; char *tmp; @@ -1202,11 +1206,10 @@ char *end; return strcmp(tmp, end); } -static int add_oid_section(conf) -LHASH *conf; +static int add_oid_section(LHASH *conf) { char *p; - STACK *sktmp; + STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; if(!(p=CONF_get_string(conf,NULL,"oid_section"))) return 1; @@ -1214,8 +1217,8 @@ LHASH *conf; BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } - for(i = 0; i < sk_num(sktmp); i++) { - cnf = (CONF_VALUE *)sk_value(sktmp, i); + for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { + cnf = sk_CONF_VALUE_value(sktmp, i); if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { BIO_printf(bio_err, "problem creating object %s=%s\n", cnf->name, cnf->value);