/* apps/req.c *//* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. *  * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to.  The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code.  The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). *  * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. *  * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright *    notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright *    notice, this list of conditions and the following disclaimer in the *    documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software *    must display the following acknowledgement: *    "This product includes cryptographic software written by *     Eric Young (eay@cryptsoft.com)" *    The word 'cryptographic' can be left out if the rouines from the library *    being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from  *    the apps directory (application code) you must include an acknowledgement: *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" *  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. *  * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed.  i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */#include <stdio.h>#include <stdlib.h>#include <time.h>#include <string.h>#ifdef NO_STDIO#define APPS_WIN16#endif#include "apps.h"#include <openssl/bio.h>#include <openssl/evp.h>#include <openssl/conf.h>#include <openssl/err.h>#include <openssl/asn1.h>#include <openssl/x509.h>#include <openssl/x509v3.h>#include <openssl/objects.h>#include <openssl/pem.h>#define SECTION		"req"#define BITS		"default_bits"#define KEYFILE		"default_keyfile"#define PROMPT		"prompt"#define DISTINGUISHED_NAME	"distinguished_name"#define ATTRIBUTES	"attributes"#define V3_EXTENSIONS	"x509_extensions"#define REQ_EXTENSIONS	"req_extensions"#define STRING_MASK	"string_mask"#define DEFAULT_KEY_LENGTH	512#define MIN_KEY_LENGTH		384#undef PROG#define PROG	req_main/* -inform arg	- input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg	- input file - default stdin * -out arg	- output file - default stdout * -verify	- check request signature * -noout	- don't print stuff out. * -text	- print out human readable text. * -nodes	- no des encryption * -config file	- Load configuration file. * -key file	- make a request using key in file (or use it for verification). * -keyform	- key file format. * -rand file(s) - load the file(s) into the PRNG. * -newkey	- make a key and a request. * -modulus	- print RSA modulus. * -x509	- output a self signed X509 structure instead. * -asn1-kludge	- output new certificate request in a format that some CA's *		  require.  This format is wrong */static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);static int prompt_info(X509_REQ *req,		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs);static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,				STACK_OF(CONF_VALUE) *attr, int attribs);static int add_attribute_object(X509_REQ *req, char *text,				char *def, char *value, int nid, int min,				int max);static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,	int nid,int min,int max);#ifndef NO_RSAstatic void MS_CALLBACK req_cb(int p,int n,void *arg);#endifstatic int req_check_len(int len,int min,int max);static int check_end(char *str, char *end);#ifndef MONOLITHstatic char *default_config_file=NULL;//static LHASH *config=NULL;#endifstatic LHASH *req_conf=NULL;#define TYPE_RSA	1#define TYPE_DSA	2#define TYPE_DH		3int MAIN(int, char **);int MAIN(int argc, char **argv)	{#ifndef NO_DSA	DSA *dsa_params=NULL;#endif	int ex=1,x509=0,days=30;	X509 *x509ss=NULL;	X509_REQ *req=NULL;	EVP_PKEY *pkey=NULL;	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;	BIO *in=NULL,*out=NULL;	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;	int nodes=0,kludge=0,newhdr=0;	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;	char *extensions = NULL;	char *req_exts = NULL;	EVP_CIPHER *cipher=NULL;	int modulus=0;	char *inrand=NULL;	char *passargin = NULL, *passargout = NULL;	char *passin = NULL, *passout = NULL;	char *p;	const EVP_MD *md_alg=NULL,*digest=EVP_md5();#ifndef MONOLITH	MS_STATIC char config_name[256];#endif	req_conf = NULL;#ifndef NO_DES	cipher=EVP_des_ede3_cbc();#endif	apps_startup();	if (bio_err == NULL)		if ((bio_err=BIO_new(BIO_s_file())) != NULL)			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);	infile=NULL;	outfile=NULL;	informat=FORMAT_PEM;	outformat=FORMAT_PEM;	prog=argv[0];	argc--;	argv++;	while (argc >= 1)		{		if 	(strcmp(*argv,"-inform") == 0)			{			if (--argc < 1) goto bad;			informat=str2fmt(*(++argv));			}		else if (strcmp(*argv,"-outform") == 0)			{			if (--argc < 1) goto bad;			outformat=str2fmt(*(++argv));			}		else if (strcmp(*argv,"-key") == 0)			{			if (--argc < 1) goto bad;			keyfile= *(++argv);			}		else if (strcmp(*argv,"-new") == 0)			{			pkey_type=TYPE_RSA;			newreq=1;			}		else if (strcmp(*argv,"-config") == 0)			{				if (--argc < 1) goto bad;			template= *(++argv);			}		else if (strcmp(*argv,"-keyform") == 0)			{			if (--argc < 1) goto bad;			keyform=str2fmt(*(++argv));			}		else if (strcmp(*argv,"-in") == 0)			{			if (--argc < 1) goto bad;			infile= *(++argv);			}		else if (strcmp(*argv,"-out") == 0)			{			if (--argc < 1) goto bad;			outfile= *(++argv);			}		else if (strcmp(*argv,"-keyout") == 0)			{			if (--argc < 1) goto bad;			keyout= *(++argv);			}		else if (strcmp(*argv,"-passin") == 0)			{			if (--argc < 1) goto bad;			passargin= *(++argv);			}		else if (strcmp(*argv,"-passout") == 0)			{			if (--argc < 1) goto bad;			passargout= *(++argv);			}		else if (strcmp(*argv,"-rand") == 0)			{			if (--argc < 1) goto bad;			inrand= *(++argv);			}		else if (strcmp(*argv,"-newkey") == 0)			{			int is_numeric;			if (--argc < 1) goto bad;			p= *(++argv);			is_numeric = p[0] >= '0' && p[0] <= '9';			if (strncmp("rsa:",p,4) == 0 || is_numeric)				{				pkey_type=TYPE_RSA;				if(!is_numeric)				    p+=4;				newkey= atoi(p);				}			else#ifndef NO_DSA				if (strncmp("dsa:",p,4) == 0)				{				X509 *xtmp=NULL;				EVP_PKEY *dtmp;				pkey_type=TYPE_DSA;				p+=4;				if ((in=BIO_new_file(p,"r")) == NULL)					{					perror(p);					goto end;					}				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)					{					ERR_clear_error();					(void)BIO_reset(in);					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)						{						BIO_printf(bio_err,"unable to load DSA parameters from file\n");						goto end;						}					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;					if (dtmp->type == EVP_PKEY_DSA)						dsa_params=DSAparams_dup(dtmp->pkey.dsa);					EVP_PKEY_free(dtmp);					X509_free(xtmp);					if (dsa_params == NULL)						{						BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");						goto end;						}					}				BIO_free(in);				newkey=BN_num_bits(dsa_params->p);				in=NULL;				}			else #endif#ifndef NO_DH				if (strncmp("dh:",p,4) == 0)				{				pkey_type=TYPE_DH;				p+=3;				}			else#endif				pkey_type=TYPE_RSA;			newreq=1;			}		else if (strcmp(*argv,"-newhdr") == 0)			newhdr=1;		else if (strcmp(*argv,"-modulus") == 0)			modulus=1;		else if (strcmp(*argv,"-verify") == 0)			verify=1;		else if (strcmp(*argv,"-nodes") == 0)			nodes=1;		else if (strcmp(*argv,"-noout") == 0)			noout=1;		else if (strcmp(*argv,"-text") == 0)			text=1;		else if (strcmp(*argv,"-x509") == 0)			x509=1;		else if (strcmp(*argv,"-asn1-kludge") == 0)			kludge=1;		else if (strcmp(*argv,"-no-asn1-kludge") == 0)			kludge=0;		else if (strcmp(*argv,"-days") == 0)			{			if (--argc < 1) goto bad;			days= atoi(*(++argv));			if (days == 0) days=30;			}		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)			{			/* ok */			digest=md_alg;			}		else if (strcmp(*argv,"-extensions") == 0)			{			if (--argc < 1) goto bad;			extensions = *(++argv);			}		else if (strcmp(*argv,"-reqexts") == 0)			{			if (--argc < 1) goto bad;			req_exts = *(++argv);			}		else			{			BIO_printf(bio_err,"unknown option %s\n",*argv);			badops=1;			break;			}		argc--;		argv++;		}	if (badops)		{bad:		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);		BIO_printf(bio_err,"where options  are\n");		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");		BIO_printf(bio_err," -in arg        input file\n");		BIO_printf(bio_err," -out arg       output file\n");		BIO_printf(bio_err," -text          text form of request\n");		BIO_printf(bio_err," -noout         do not output REQ\n");		BIO_printf(bio_err," -verify        verify signature on REQ\n");		BIO_printf(bio_err," -modulus       RSA modulus\n");		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");		BIO_printf(bio_err," -key file	use the private key contained in file\n");		BIO_printf(bio_err," -keyform arg   key file format\n");		BIO_printf(bio_err," -keyout arg    file to send the key to\n");		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);		BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");		BIO_printf(bio_err,"                the random number generator\n");		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");		BIO_printf(bio_err," -config file   request template file.\n");		BIO_printf(bio_err," -new           new request.\n");		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");		BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");		BIO_printf(bio_err,"                have been reported as requiring\n");		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");		goto end;		}	ERR_load_crypto_strings();	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {		BIO_printf(bio_err, "Error getting passwords\n");		goto end;	}#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */	/* Lets load up our environment a little */	p=getenv("OPENSSL_CONF");	if (p == NULL)		p=getenv("SSLEAY_CONF");	if (p == NULL)		{		strcpy(config_name,X509_get_default_cert_area());#ifndef VMS		strcat(config_name,"/");#endif		strcat(config_name,OPENSSL_CONF);		p=config_name;		}	default_config_file=p;	config=CONF_load(config,p,NULL);#endif	if (template != NULL)		{		long errline = -1;		BIO_printf(bio_err,"Using configuration from %s\n",template);		req_conf=CONF_load(NULL,template,&errline);		if (req_conf == NULL)			{			BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);