Chromium Code Reviews

Side by Side Diff: openssl/apps/req.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | | Annotate | Revision Log
« openssl.gyp ('K') | « openssl/apps/rand.c ('k') | openssl/apps/rsa.c » ('j') | patches/x509_hash_name_algorithm_change.patch » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* apps/req.c */ 1 /* apps/req.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
(...skipping 123 matching lines...)
134 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs, 134 STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
135 unsigned long chtype); 135 unsigned long chtype);
136 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, 136 static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
137 STACK_OF(CONF_VALUE) *attr, int attribs, 137 STACK_OF(CONF_VALUE) *attr, int attribs,
138 unsigned long chtype); 138 unsigned long chtype);
139 static int add_attribute_object(X509_REQ *req, char *text, const char *def, 139 static int add_attribute_object(X509_REQ *req, char *text, const char *def,
140 char *value, int nid, int n_min, 140 char *value, int nid, int n_min,
141 int n_max, unsigned long chtype); 141 int n_max, unsigned long chtype);
142 static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value, 142 static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
143 int nid,int n_min,int n_max, unsigned long chtype, int mval); 143 int nid,int n_min,int n_max, unsigned long chtype, int mval);
144 #ifndef OPENSSL_NO_RSA 144 static int genpkey_cb(EVP_PKEY_CTX *ctx);
145 static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
146 #endif
147 static int req_check_len(int len,int n_min,int n_max); 145 static int req_check_len(int len,int n_min,int n_max);
148 static int check_end(const char *str, const char *end); 146 static int check_end(const char *str, const char *end);
147 static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
148 long *pkeylen, char **palgnam,
149 ENGINE *keygen_engine);
149 #ifndef MONOLITH 150 #ifndef MONOLITH
150 static char *default_config_file=NULL; 151 static char *default_config_file=NULL;
151 #endif 152 #endif
152 static CONF *req_conf=NULL; 153 static CONF *req_conf=NULL;
153 static int batch=0; 154 static int batch=0;
154 155
155 #define TYPE_RSA 1
156 #define TYPE_DSA 2
157 #define TYPE_DH 3
158 #define TYPE_EC 4
159
160 int MAIN(int, char **); 156 int MAIN(int, char **);
161 157
162 int MAIN(int argc, char **argv) 158 int MAIN(int argc, char **argv)
163 { 159 {
164 » ENGINE *e = NULL; 160 » ENGINE *e = NULL, *gen_eng = NULL;
165 #ifndef OPENSSL_NO_DSA
166 » DSA *dsa_params=NULL;
167 #endif
168 #ifndef OPENSSL_NO_ECDSA
169 » EC_KEY *ec_params = NULL;
170 #endif
171 unsigned long nmflag = 0, reqflag = 0; 161 unsigned long nmflag = 0, reqflag = 0;
172 int ex=1,x509=0,days=30; 162 int ex=1,x509=0,days=30;
173 X509 *x509ss=NULL; 163 X509 *x509ss=NULL;
174 X509_REQ *req=NULL; 164 X509_REQ *req=NULL;
165 EVP_PKEY_CTX *genctx = NULL;
166 const char *keyalg = NULL;
167 char *keyalgstr = NULL;
168 STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
175 EVP_PKEY *pkey=NULL; 169 EVP_PKEY *pkey=NULL;
176 » int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA; 170 » int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
177 long newkey = -1; 171 long newkey = -1;
178 BIO *in=NULL,*out=NULL; 172 BIO *in=NULL,*out=NULL;
179 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; 173 int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
180 int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; 174 int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
181 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; 175 char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
182 #ifndef OPENSSL_NO_ENGINE 176 #ifndef OPENSSL_NO_ENGINE
183 char *engine=NULL; 177 char *engine=NULL;
184 #endif 178 #endif
185 char *extensions = NULL; 179 char *extensions = NULL;
186 char *req_exts = NULL; 180 char *req_exts = NULL;
187 const EVP_CIPHER *cipher=NULL; 181 const EVP_CIPHER *cipher=NULL;
188 ASN1_INTEGER *serial = NULL; 182 ASN1_INTEGER *serial = NULL;
189 int modulus=0; 183 int modulus=0;
190 char *inrand=NULL; 184 char *inrand=NULL;
191 char *passargin = NULL, *passargout = NULL; 185 char *passargin = NULL, *passargout = NULL;
192 char *passin = NULL, *passout = NULL; 186 char *passin = NULL, *passout = NULL;
193 char *p; 187 char *p;
194 char *subj = NULL; 188 char *subj = NULL;
195 int multirdn = 0; 189 int multirdn = 0;
196 » const EVP_MD *md_alg=NULL,*digest=EVP_sha1(); 190 » const EVP_MD *md_alg=NULL,*digest=NULL;
197 unsigned long chtype = MBSTRING_ASC; 191 unsigned long chtype = MBSTRING_ASC;
198 #ifndef MONOLITH 192 #ifndef MONOLITH
199 char *to_free; 193 char *to_free;
200 long errline; 194 long errline;
201 #endif 195 #endif
202 196
203 req_conf = NULL; 197 req_conf = NULL;
204 #ifndef OPENSSL_NO_DES 198 #ifndef OPENSSL_NO_DES
205 cipher=EVP_des_ede3_cbc(); 199 cipher=EVP_des_ede3_cbc();
206 #endif 200 #endif
(...skipping 22 matching lines...)
229 { 223 {
230 if (--argc < 1) goto bad; 224 if (--argc < 1) goto bad;
231 outformat=str2fmt(*(++argv)); 225 outformat=str2fmt(*(++argv));
232 } 226 }
233 #ifndef OPENSSL_NO_ENGINE 227 #ifndef OPENSSL_NO_ENGINE
234 else if (strcmp(*argv,"-engine") == 0) 228 else if (strcmp(*argv,"-engine") == 0)
235 { 229 {
236 if (--argc < 1) goto bad; 230 if (--argc < 1) goto bad;
237 engine= *(++argv); 231 engine= *(++argv);
238 } 232 }
233 else if (strcmp(*argv,"-keygen_engine") == 0)
234 {
235 if (--argc < 1) goto bad;
236 gen_eng = ENGINE_by_id(*(++argv));
237 if (gen_eng == NULL)
238 {
239 BIO_printf(bio_err, "Can't find keygen engine %s \n", *argv);
240 goto end;
241 }
242 }
239 #endif 243 #endif
240 else if (strcmp(*argv,"-key") == 0) 244 else if (strcmp(*argv,"-key") == 0)
241 { 245 {
242 if (--argc < 1) goto bad; 246 if (--argc < 1) goto bad;
243 keyfile= *(++argv); 247 keyfile= *(++argv);
244 } 248 }
245 else if (strcmp(*argv,"-pubkey") == 0) 249 else if (strcmp(*argv,"-pubkey") == 0)
246 { 250 {
247 pubkey=1; 251 pubkey=1;
248 } 252 }
(...skipping 36 matching lines...)
285 if (--argc < 1) goto bad; 289 if (--argc < 1) goto bad;
286 passargout= *(++argv); 290 passargout= *(++argv);
287 } 291 }
288 else if (strcmp(*argv,"-rand") == 0) 292 else if (strcmp(*argv,"-rand") == 0)
289 { 293 {
290 if (--argc < 1) goto bad; 294 if (--argc < 1) goto bad;
291 inrand= *(++argv); 295 inrand= *(++argv);
292 } 296 }
293 else if (strcmp(*argv,"-newkey") == 0) 297 else if (strcmp(*argv,"-newkey") == 0)
294 { 298 {
295 » » » int is_numeric; 299 » » » if (--argc < 1)
296
297 » » » if (--argc < 1) goto bad;
298 » » » p= *(++argv);
299 » » » is_numeric = p[0] >= '0' && p[0] <= '9';
300 » » » if (strncmp("rsa:",p,4) == 0 || is_numeric)
301 » » » » {
302 » » » » pkey_type=TYPE_RSA;
303 » » » » if(!is_numeric)
304 » » » » p+=4;
305 » » » » newkey= atoi(p);
306 » » » » }
307 » » » else
308 #ifndef OPENSSL_NO_DSA
309 » » » » if (strncmp("dsa:",p,4) == 0)
310 » » » » {
311 » » » » X509 *xtmp=NULL;
312 » » » » EVP_PKEY *dtmp;
313
314 » » » » pkey_type=TYPE_DSA;
315 » » » » p+=4;
316 » » » » if ((in=BIO_new_file(p,"r")) == NULL)
317 » » » » » {
318 » » » » » perror(p);
319 » » » » » goto end;
320 » » » » » }
321 » » » » if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,N ULL,NULL)) == NULL)
322 » » » » » {
323 » » » » » ERR_clear_error();
324 » » » » » (void)BIO_reset(in);
325 » » » » » if ((xtmp=PEM_read_bio_X509(in,NULL,NULL ,NULL)) == NULL)
326 » » » » » » {
327 » » » » » » BIO_printf(bio_err,"unable to lo ad DSA parameters from file\n");
328 » » » » » » goto end;
329 » » » » » » }
330
331 » » » » » if ((dtmp=X509_get_pubkey(xtmp)) == NULL ) goto end;
332 » » » » » if (dtmp->type == EVP_PKEY_DSA)
333 » » » » » » dsa_params=DSAparams_dup(dtmp->p key.dsa);
334 » » » » » EVP_PKEY_free(dtmp);
335 » » » » » X509_free(xtmp);
336 » » » » » if (dsa_params == NULL)
337 » » » » » » {
338 » » » » » » BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
339 » » » » » » goto end;
340 » » » » » » }
341 » » » » » }
342 » » » » BIO_free(in);
343 » » » » in=NULL;
344 » » » » newkey=BN_num_bits(dsa_params->p);
345 » » » » }
346 » » » else
347 #endif
348 #ifndef OPENSSL_NO_ECDSA
349 » » » » if (strncmp("ec:",p,3) == 0)
350 » » » » {
351 » » » » X509 *xtmp=NULL;
352 » » » » EVP_PKEY *dtmp;
353 » » » » EC_GROUP *group;
354
355 » » » » pkey_type=TYPE_EC;
356 » » » » p+=3;
357 » » » » if ((in=BIO_new_file(p,"r")) == NULL)
358 » » » » » {
359 » » » » » perror(p);
360 » » » » » goto end;
361 » » » » » }
362 » » » » if ((ec_params = EC_KEY_new()) == NULL)
363 » » » » » goto end;
364 » » » » group = PEM_read_bio_ECPKParameters(in, NULL, NU LL, NULL);
365 » » » » if (group == NULL)
366 » » » » » {
367 » » » » » EC_KEY_free(ec_params);
368 » » » » » ERR_clear_error();
369 » » » » » (void)BIO_reset(in);
370 » » » » » if ((xtmp=PEM_read_bio_X509(in,NULL,NULL ,NULL)) == NULL)
371 » » » » » » {»
372 » » » » » » BIO_printf(bio_err,"unable to lo ad EC parameters from file\n");
373 » » » » » » goto end;
374 » » » » » » }
375
376 » » » » » if ((dtmp=X509_get_pubkey(xtmp))==NULL)
377 » » » » » » goto end;
378 » » » » » if (dtmp->type == EVP_PKEY_EC)
379 » » » » » » ec_params = EC_KEY_dup(dtmp->pke y.ec);
380 » » » » » EVP_PKEY_free(dtmp);
381 » » » » » X509_free(xtmp);
382 » » » » » if (ec_params == NULL)
383 » » » » » » {
384 » » » » » » BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
385 » » » » » » goto end;
386 » » » » » » }
387 » » » » » }
388 » » » » else
389 » » » » » {
390 » » » » » if (EC_KEY_set_group(ec_params, group) = = 0)
391 » » » » » » goto end;
392 » » » » » EC_GROUP_free(group);
393 » » » » » }
394
395 » » » » BIO_free(in);
396 » » » » in=NULL;
397 » » » » newkey = EC_GROUP_get_degree(EC_KEY_get0_group(e c_params));
398 » » » » }
399 » » » else
400 #endif
401 #ifndef OPENSSL_NO_DH
402 » » » » if (strncmp("dh:",p,4) == 0)
403 » » » » {
404 » » » » pkey_type=TYPE_DH;
405 » » » » p+=3;
406 » » » » }
407 » » » else
408 #endif
409 » » » » {
410 goto bad; 300 goto bad;
411 » » » » } 301 » » » keyalg = *(++argv);
412
413 newreq=1; 302 newreq=1;
414 } 303 }
304 else if (strcmp(*argv,"-pkeyopt") == 0)
305 {
306 if (--argc < 1)
307 goto bad;
308 if (!pkeyopts)
309 pkeyopts = sk_OPENSSL_STRING_new_null();
310 if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++a rgv)))
311 goto bad;
312 }
415 else if (strcmp(*argv,"-batch") == 0) 313 else if (strcmp(*argv,"-batch") == 0)
416 batch=1; 314 batch=1;
417 else if (strcmp(*argv,"-newhdr") == 0) 315 else if (strcmp(*argv,"-newhdr") == 0)
418 newhdr=1; 316 newhdr=1;
419 else if (strcmp(*argv,"-modulus") == 0) 317 else if (strcmp(*argv,"-modulus") == 0)
420 modulus=1; 318 modulus=1;
421 else if (strcmp(*argv,"-verify") == 0) 319 else if (strcmp(*argv,"-verify") == 0)
422 verify=1; 320 verify=1;
423 else if (strcmp(*argv,"-nodes") == 0) 321 else if (strcmp(*argv,"-nodes") == 0)
424 nodes=1; 322 nodes=1;
(...skipping 35 matching lines...)
460 if (--argc < 1) goto bad; 358 if (--argc < 1) goto bad;
461 days= atoi(*(++argv)); 359 days= atoi(*(++argv));
462 if (days == 0) days=30; 360 if (days == 0) days=30;
463 } 361 }
464 else if (strcmp(*argv,"-set_serial") == 0) 362 else if (strcmp(*argv,"-set_serial") == 0)
465 { 363 {
466 if (--argc < 1) goto bad; 364 if (--argc < 1) goto bad;
467 serial = s2i_ASN1_INTEGER(NULL, *(++argv)); 365 serial = s2i_ASN1_INTEGER(NULL, *(++argv));
468 if (!serial) goto bad; 366 if (!serial) goto bad;
469 } 367 }
470 else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
471 {
472 /* ok */
473 digest=md_alg;
474 }
475 else if (strcmp(*argv,"-extensions") == 0) 368 else if (strcmp(*argv,"-extensions") == 0)
476 { 369 {
477 if (--argc < 1) goto bad; 370 if (--argc < 1) goto bad;
478 extensions = *(++argv); 371 extensions = *(++argv);
479 } 372 }
480 else if (strcmp(*argv,"-reqexts") == 0) 373 else if (strcmp(*argv,"-reqexts") == 0)
481 { 374 {
482 if (--argc < 1) goto bad; 375 if (--argc < 1) goto bad;
483 req_exts = *(++argv); 376 req_exts = *(++argv);
484 } 377 }
378 else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
379 {
380 /* ok */
381 digest=md_alg;
382 }
485 else 383 else
486 { 384 {
487 BIO_printf(bio_err,"unknown option %s\n",*argv); 385 BIO_printf(bio_err,"unknown option %s\n",*argv);
488 badops=1; 386 badops=1;
489 break; 387 break;
490 } 388 }
491 argc--; 389 argc--;
492 argv++; 390 argv++;
493 } 391 }
494 392
(...skipping 228 matching lines...)
723 { 621 {
724 char *randfile = NCONF_get_string(req_conf,SECTION,"RAND FILE"); 622 char *randfile = NCONF_get_string(req_conf,SECTION,"RAND FILE");
725 if (randfile == NULL) 623 if (randfile == NULL)
726 ERR_clear_error(); 624 ERR_clear_error();
727 app_RAND_load_file(randfile, bio_err, 0); 625 app_RAND_load_file(randfile, bio_err, 0);
728 } 626 }
729 } 627 }
730 628
731 if (newreq && (pkey == NULL)) 629 if (newreq && (pkey == NULL))
732 { 630 {
733 #ifndef OPENSSL_NO_RSA
734 BN_GENCB cb;
735 #endif
736 char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE"); 631 char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
737 if (randfile == NULL) 632 if (randfile == NULL)
738 ERR_clear_error(); 633 ERR_clear_error();
739 app_RAND_load_file(randfile, bio_err, 0); 634 app_RAND_load_file(randfile, bio_err, 0);
740 if (inrand) 635 if (inrand)
741 app_RAND_load_files(inrand); 636 app_RAND_load_files(inrand);
637
638 if (keyalg)
639 {
640 genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &ne wkey,
641 &keyalgstr, gen_eng);
642 if (!genctx)
643 goto end;
644 }
742 645
743 if (newkey <= 0) 646 if (newkey <= 0)
744 { 647 {
745 if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey)) 648 if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
746 newkey=DEFAULT_KEY_LENGTH; 649 newkey=DEFAULT_KEY_LENGTH;
747 } 650 }
748 651
749 » » if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_ty pe == TYPE_DSA)) 652 » » if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pke y_type == EVP_PKEY_DSA))
750 { 653 {
751 BIO_printf(bio_err,"private key length is too short,\n") ; 654 BIO_printf(bio_err,"private key length is too short,\n") ;
752 BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey); 655 BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
753 goto end; 656 goto end;
754 } 657 }
658
659 if (!genctx)
660 {
661 genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newk ey,
662 &keyalgstr, gen_eng);
663 if (!genctx)
664 goto end;
665 }
666
667 if (pkeyopts)
668 {
669 char *genopt;
670 for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++)
671 {
672 genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
673 if (pkey_ctrl_string(genctx, genopt) <= 0)
674 {
675 BIO_printf(bio_err,
676 "parameter error \"%s\"\n",
677 genopt);
678 ERR_print_errors(bio_err);
679 goto end;
680 }
681 }
682 }
683
755 BIO_printf(bio_err,"Generating a %ld bit %s private key\n", 684 BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
756 » » » newkey,(pkey_type == TYPE_RSA)?"RSA": 685 » » » » newkey, keyalgstr);
757 » » » (pkey_type == TYPE_DSA)?"DSA":"EC");
758 686
759 » » if ((pkey=EVP_PKEY_new()) == NULL) goto end; 687 » » EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
688 » » EVP_PKEY_CTX_set_app_data(genctx, bio_err);
760 689
761 #ifndef OPENSSL_NO_RSA 690 » » if (EVP_PKEY_keygen(genctx, &pkey) <= 0)
762 » » BN_GENCB_set(&cb, req_cb, bio_err);
763 » » if (pkey_type == TYPE_RSA)
764 { 691 {
765 » » » RSA *rsa = RSA_new(); 692 » » » BIO_puts(bio_err, "Error Generating Key\n");
766 » » » BIGNUM *bn = BN_new(); 693 » » » goto end;
767 » » » if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
768 » » » » » !RSA_generate_key_ex(rsa, newkey, bn, &c b) ||
769 » » » » » !EVP_PKEY_assign_RSA(pkey, rsa))
770 » » » » {
771 » » » » if(bn) BN_free(bn);
772 » » » » if(rsa) RSA_free(rsa);
773 » » » » goto end;
774 » » » » }
775 » » » BN_free(bn);
776 } 694 }
777 » » else 695
778 #endif 696 » » EVP_PKEY_CTX_free(genctx);
779 #ifndef OPENSSL_NO_DSA 697 » » genctx = NULL;
780 » » » if (pkey_type == TYPE_DSA)
781 » » » {
782 » » » if (!DSA_generate_key(dsa_params)) goto end;
783 » » » if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
784 » » » dsa_params=NULL;
785 » » » }
786 #endif
787 #ifndef OPENSSL_NO_ECDSA
788 » » » if (pkey_type == TYPE_EC)
789 » » » {
790 » » » if (!EC_KEY_generate_key(ec_params)) goto end;
791 » » » if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))
792 » » » » goto end;
793 » » » ec_params = NULL;
794 » » » }
795 #endif
796 698
797 app_RAND_write_file(randfile, bio_err); 699 app_RAND_write_file(randfile, bio_err);
798 700
799 if (pkey == NULL) goto end;
800
801 if (keyout == NULL) 701 if (keyout == NULL)
802 { 702 {
803 keyout=NCONF_get_string(req_conf,SECTION,KEYFILE); 703 keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
804 if (keyout == NULL) 704 if (keyout == NULL)
805 ERR_clear_error(); 705 ERR_clear_error();
806 } 706 }
807 707
808 if (keyout == NULL) 708 if (keyout == NULL)
809 { 709 {
810 BIO_printf(bio_err,"writing new private key to stdout\n" ); 710 BIO_printf(bio_err,"writing new private key to stdout\n" );
(...skipping 77 matching lines...)
888 } 788 }
889 } 789 }
890 790
891 if (newreq || x509) 791 if (newreq || x509)
892 { 792 {
893 if (pkey == NULL) 793 if (pkey == NULL)
894 { 794 {
895 BIO_printf(bio_err,"you need to specify a private key\n" ); 795 BIO_printf(bio_err,"you need to specify a private key\n" );
896 goto end; 796 goto end;
897 } 797 }
898 #ifndef OPENSSL_NO_DSA 798
899 » » if (pkey->type == EVP_PKEY_DSA)
900 » » » digest=EVP_dss1();
901 #endif
902 #ifndef OPENSSL_NO_ECDSA
903 » » if (pkey->type == EVP_PKEY_EC)
904 » » » digest=EVP_ecdsa();
905 #endif
906 if (req == NULL) 799 if (req == NULL)
907 { 800 {
908 req=X509_REQ_new(); 801 req=X509_REQ_new();
909 if (req == NULL) 802 if (req == NULL)
910 { 803 {
911 goto end; 804 goto end;
912 } 805 }
913 806
914 i=make_REQ(req,pkey,subj,multirdn,!x509, chtype); 807 i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
915 subj=NULL; /* done processing '-subj' option */ 808 subj=NULL; /* done processing '-subj' option */
(...skipping 22 matching lines...)
938 } 831 }
939 else 832 else
940 { 833 {
941 if (!rand_serial(NULL, 834 if (!rand_serial(NULL,
942 X509_get_serialNumber(x509ss))) 835 X509_get_serialNumber(x509ss)))
943 goto end; 836 goto end;
944 } 837 }
945 838
946 if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_n ame(req))) goto end; 839 if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_n ame(req))) goto end;
947 if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end; 840 if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
948 » » » if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60 *60*24*days)) goto end; 841 » » » if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0 , NULL)) goto end;
949 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_ name(req))) goto end; 842 if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_ name(req))) goto end;
950 tmppkey = X509_REQ_get_pubkey(req); 843 tmppkey = X509_REQ_get_pubkey(req);
951 if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto e nd; 844 if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto e nd;
952 EVP_PKEY_free(tmppkey); 845 EVP_PKEY_free(tmppkey);
953 846
954 /* Set up V3 context struct */ 847 /* Set up V3 context struct */
955 848
956 X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0); 849 X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
957 X509V3_set_nconf(&ext_ctx, req_conf); 850 X509V3_set_nconf(&ext_ctx, req_conf);
958 851
959 /* Add extensions */ 852 /* Add extensions */
960 if(extensions && !X509V3_EXT_add_nconf(req_conf, 853 if(extensions && !X509V3_EXT_add_nconf(req_conf,
961 &ext_ctx, extensions, x509ss)) 854 &ext_ctx, extensions, x509ss))
962 { 855 {
963 BIO_printf(bio_err, 856 BIO_printf(bio_err,
964 "Error Loading extension section %s\n", 857 "Error Loading extension section %s\n",
965 extensions); 858 extensions);
966 goto end; 859 goto end;
967 } 860 }
968 861
969 if (!(i=X509_sign(x509ss,pkey,digest))) 862 if (!(i=X509_sign(x509ss,pkey,digest)))
863 {
864 ERR_print_errors(bio_err);
970 goto end; 865 goto end;
866 }
971 } 867 }
972 else 868 else
973 { 869 {
974 X509V3_CTX ext_ctx; 870 X509V3_CTX ext_ctx;
975 871
976 /* Set up V3 context struct */ 872 /* Set up V3 context struct */
977 873
978 X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); 874 X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
979 X509V3_set_nconf(&ext_ctx, req_conf); 875 X509V3_set_nconf(&ext_ctx, req_conf);
980 876
981 /* Add extensions */ 877 /* Add extensions */
982 if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 878 if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
983 &ext_ctx, req_exts, req)) 879 &ext_ctx, req_exts, req))
984 { 880 {
985 BIO_printf(bio_err, 881 BIO_printf(bio_err,
986 "Error Loading extension section %s\n", 882 "Error Loading extension section %s\n",
987 req_exts); 883 req_exts);
988 goto end; 884 goto end;
989 } 885 }
990 if (!(i=X509_REQ_sign(req,pkey,digest))) 886 if (!(i=X509_REQ_sign(req,pkey,digest)))
887 {
888 ERR_print_errors(bio_err);
991 goto end; 889 goto end;
890 }
992 } 891 }
993 } 892 }
994 893
995 if (subj && x509) 894 if (subj && x509)
996 { 895 {
997 BIO_printf(bio_err, "Cannot modifiy certificate subject\n"); 896 BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
998 goto end; 897 goto end;
999 } 898 }
1000 899
1001 if (subj && !x509) 900 if (subj && !x509)
(...skipping 116 matching lines...)
1118 tpubkey=X509_get_pubkey(x509ss); 1017 tpubkey=X509_get_pubkey(x509ss);
1119 else 1018 else
1120 tpubkey=X509_REQ_get_pubkey(req); 1019 tpubkey=X509_REQ_get_pubkey(req);
1121 if (tpubkey == NULL) 1020 if (tpubkey == NULL)
1122 { 1021 {
1123 fprintf(stdout,"Modulus=unavailable\n"); 1022 fprintf(stdout,"Modulus=unavailable\n");
1124 goto end; 1023 goto end;
1125 } 1024 }
1126 fprintf(stdout,"Modulus="); 1025 fprintf(stdout,"Modulus=");
1127 #ifndef OPENSSL_NO_RSA 1026 #ifndef OPENSSL_NO_RSA
1128 » » if (tpubkey->type == EVP_PKEY_RSA) 1027 » » if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA)
1129 BN_print(out,tpubkey->pkey.rsa->n); 1028 BN_print(out,tpubkey->pkey.rsa->n);
1130 else 1029 else
1131 #endif 1030 #endif
1132 fprintf(stdout,"Wrong Algorithm type"); 1031 fprintf(stdout,"Wrong Algorithm type");
1133 EVP_PKEY_free(tpubkey); 1032 EVP_PKEY_free(tpubkey);
1134 fprintf(stdout,"\n"); 1033 fprintf(stdout,"\n");
1135 } 1034 }
1136 1035
1137 if (!noout && !x509) 1036 if (!noout && !x509)
1138 { 1037 {
(...skipping 35 matching lines...)
1174 OPENSSL_free(to_free); 1073 OPENSSL_free(to_free);
1175 #endif 1074 #endif
1176 if (ex) 1075 if (ex)
1177 { 1076 {
1178 ERR_print_errors(bio_err); 1077 ERR_print_errors(bio_err);
1179 } 1078 }
1180 if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf); 1079 if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
1181 BIO_free(in); 1080 BIO_free(in);
1182 BIO_free_all(out); 1081 BIO_free_all(out);
1183 EVP_PKEY_free(pkey); 1082 EVP_PKEY_free(pkey);
1083 if (genctx)
1084 EVP_PKEY_CTX_free(genctx);
1085 if (pkeyopts)
1086 sk_OPENSSL_STRING_free(pkeyopts);
1087 #ifndef OPENSSL_NO_ENGINE
1088 if (gen_eng)
1089 ENGINE_free(gen_eng);
1090 #endif
1091 if (keyalgstr)
1092 OPENSSL_free(keyalgstr);
1184 X509_REQ_free(req); 1093 X509_REQ_free(req);
1185 X509_free(x509ss); 1094 X509_free(x509ss);
1186 ASN1_INTEGER_free(serial); 1095 ASN1_INTEGER_free(serial);
1187 if(passargin && passin) OPENSSL_free(passin); 1096 if(passargin && passin) OPENSSL_free(passin);
1188 if(passargout && passout) OPENSSL_free(passout); 1097 if(passargout && passout) OPENSSL_free(passout);
1189 OBJ_cleanup(); 1098 OBJ_cleanup();
1190 #ifndef OPENSSL_NO_DSA
1191 if (dsa_params != NULL) DSA_free(dsa_params);
1192 #endif
1193 #ifndef OPENSSL_NO_ECDSA
1194 if (ec_params != NULL) EC_KEY_free(ec_params);
1195 #endif
1196 apps_shutdown(); 1099 apps_shutdown();
1197 OPENSSL_EXIT(ex); 1100 OPENSSL_EXIT(ex);
1198 } 1101 }
1199 1102
1200 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, 1103 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
1201 int attribs, unsigned long chtype) 1104 int attribs, unsigned long chtype)
1202 { 1105 {
1203 int ret=0,i; 1106 int ret=0,i;
1204 char no_prompt = 0; 1107 char no_prompt = 0;
1205 STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; 1108 STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
(...skipping 434 matching lines...)
1640 BIO_printf(bio_err, "Error adding attribute\n"); 1543 BIO_printf(bio_err, "Error adding attribute\n");
1641 ERR_print_errors(bio_err); 1544 ERR_print_errors(bio_err);
1642 goto err; 1545 goto err;
1643 } 1546 }
1644 1547
1645 return(1); 1548 return(1);
1646 err: 1549 err:
1647 return(0); 1550 return(0);
1648 } 1551 }
1649 1552
1650 #ifndef OPENSSL_NO_RSA
1651 static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
1652 {
1653 char c='*';
1654
1655 if (p == 0) c='.';
1656 if (p == 1) c='+';
1657 if (p == 2) c='*';
1658 if (p == 3) c='\n';
1659 BIO_write(cb->arg,&c,1);
1660 (void)BIO_flush(cb->arg);
1661 #ifdef LINT
1662 p=n;
1663 #endif
1664 return 1;
1665 }
1666 #endif
1667
1668 static int req_check_len(int len, int n_min, int n_max) 1553 static int req_check_len(int len, int n_min, int n_max)
1669 { 1554 {
1670 if ((n_min > 0) && (len < n_min)) 1555 if ((n_min > 0) && (len < n_min))
1671 { 1556 {
1672 BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min); 1557 BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
1673 return(0); 1558 return(0);
1674 } 1559 }
1675 if ((n_max >= 0) && (len > n_max)) 1560 if ((n_max >= 0) && (len > n_max))
1676 { 1561 {
1677 BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max); 1562 BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
1678 return(0); 1563 return(0);
1679 } 1564 }
1680 return(1); 1565 return(1);
1681 } 1566 }
1682 1567
1683 /* Check if the end of a string matches 'end' */ 1568 /* Check if the end of a string matches 'end' */
1684 static int check_end(const char *str, const char *end) 1569 static int check_end(const char *str, const char *end)
1685 { 1570 {
1686 int elen, slen; 1571 int elen, slen;
1687 const char *tmp; 1572 const char *tmp;
1688 elen = strlen(end); 1573 elen = strlen(end);
1689 slen = strlen(str); 1574 slen = strlen(str);
1690 if(elen > slen) return 1; 1575 if(elen > slen) return 1;
1691 tmp = str + slen - elen; 1576 tmp = str + slen - elen;
1692 return strcmp(tmp, end); 1577 return strcmp(tmp, end);
1693 } 1578 }
1579
1580 static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
1581 long *pkeylen, char **palgnam,
1582 ENGINE *keygen_engine)
1583 {
1584 EVP_PKEY_CTX *gctx = NULL;
1585 EVP_PKEY *param = NULL;
1586 long keylen = -1;
1587 BIO *pbio = NULL;
1588 const char *paramfile = NULL;
1589
1590 if (gstr == NULL)
1591 {
1592 *pkey_type = EVP_PKEY_RSA;
1593 keylen = *pkeylen;
1594 }
1595 else if (gstr[0] >= '0' && gstr[0] <= '9')
1596 {
1597 *pkey_type = EVP_PKEY_RSA;
1598 keylen = atol(gstr);
1599 *pkeylen = keylen;
1600 }
1601 else if (!strncmp(gstr, "param:", 6))
1602 paramfile = gstr + 6;
1603 else
1604 {
1605 const char *p = strchr(gstr, ':');
1606 int len;
1607 ENGINE *tmpeng;
1608 const EVP_PKEY_ASN1_METHOD *ameth;
1609
1610 if (p)
1611 len = p - gstr;
1612 else
1613 len = strlen(gstr);
1614 /* The lookup of a the string will cover all engines so
1615 * keep a note of the implementation.
1616 */
1617
1618 ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
1619
1620 if (!ameth)
1621 {
1622 BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
1623 return NULL;
1624 }
1625
1626 EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
1627 ameth);
1628 #ifndef OPENSSL_NO_ENGINE
1629 if (tmpeng)
1630 ENGINE_finish(tmpeng);
1631 #endif
1632 if (*pkey_type == EVP_PKEY_RSA)
1633 {
1634 if (p)
1635 {
1636 keylen = atol(p + 1);
1637 *pkeylen = keylen;
1638 }
1639 }
1640 else if (p)
1641 paramfile = p + 1;
1642 }
1643
1644 if (paramfile)
1645 {
1646 pbio = BIO_new_file(paramfile, "r");
1647 if (!pbio)
1648 {
1649 BIO_printf(err, "Can't open parameter file %s\n",
1650 paramfile);
1651 return NULL;
1652 }
1653 param = PEM_read_bio_Parameters(pbio, NULL);
1654
1655 if (!param)
1656 {
1657 X509 *x;
1658 (void)BIO_reset(pbio);
1659 x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
1660 if (x)
1661 {
1662 param = X509_get_pubkey(x);
1663 X509_free(x);
1664 }
1665 }
1666
1667 BIO_free(pbio);
1668
1669 if (!param)
1670 {
1671 BIO_printf(err, "Error reading parameter file %s\n",
1672 paramfile);
1673 return NULL;
1674 }
1675 if (*pkey_type == -1)
1676 *pkey_type = EVP_PKEY_id(param);
1677 else if (*pkey_type != EVP_PKEY_base_id(param))
1678 {
1679 BIO_printf(err, "Key Type does not match parameters\n");
1680 EVP_PKEY_free(param);
1681 return NULL;
1682 }
1683 }
1684
1685 if (palgnam)
1686 {
1687 const EVP_PKEY_ASN1_METHOD *ameth;
1688 ENGINE *tmpeng;
1689 const char *anam;
1690 ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
1691 if (!ameth)
1692 {
1693 BIO_puts(err, "Internal error: can't find key algorithm\ n");
1694 return NULL;
1695 }
1696 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
1697 *palgnam = BUF_strdup(anam);
1698 #ifndef OPENSSL_NO_ENGINE
1699 if (tmpeng)
1700 ENGINE_finish(tmpeng);
1701 #endif
1702 }
1703
1704 if (param)
1705 {
1706 gctx = EVP_PKEY_CTX_new(param, keygen_engine);
1707 *pkeylen = EVP_PKEY_bits(param);
1708 EVP_PKEY_free(param);
1709 }
1710 else
1711 gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
1712
1713 if (!gctx)
1714 {
1715 BIO_puts(err, "Error allocating keygen context\n");
1716 ERR_print_errors(err);
1717 return NULL;
1718 }
1719
1720 if (EVP_PKEY_keygen_init(gctx) <= 0)
1721 {
1722 BIO_puts(err, "Error initializing keygen context\n");
1723 ERR_print_errors(err);
1724 return NULL;
1725 }
1726 #ifndef OPENSSL_NO_RSA
1727 if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1))
1728 {
1729 if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
1730 {
1731 BIO_puts(err, "Error setting RSA keysize\n");
1732 ERR_print_errors(err);
1733 EVP_PKEY_CTX_free(gctx);
1734 return NULL;
1735 }
1736 }
1737 #endif
1738
1739 return gctx;
1740 }
1741
1742 static int genpkey_cb(EVP_PKEY_CTX *ctx)
1743 {
1744 char c='*';
1745 BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
1746 int p;
1747 p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
1748 if (p == 0) c='.';
1749 if (p == 1) c='+';
1750 if (p == 2) c='*';
1751 if (p == 3) c='\n';
1752 BIO_write(b,&c,1);
1753 (void)BIO_flush(b);
1754 #ifdef LINT
1755 p=n;
1756 #endif
1757 return 1;
1758 }
OLDNEW
« openssl.gyp ('K') | « openssl/apps/rand.c ('k') | openssl/apps/rsa.c » ('j') | patches/x509_hash_name_algorithm_change.patch » ('J')

Powered by Google App Engine