aws · smittals2 · Mar 17, 2025 · Mar 18, 2025 · Mar 19, 2025 · Mar 19, 2025
@@ -40,8 +40,6 @@ struct dsa_st {
   CRYPTO_EX_DATA ex_data;
 };
 
-#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
-
 // dsa_check_key performs cheap self-checks on |dsa|, and ensures it is within
 // DoS bounds. It returns one on success and zero on error.
 int dsa_check_key(const DSA *dsa);

@@ -15,11 +15,13 @@
 #include "test_util.h"
 
 #include <ostream>
+#include <inttypes.h>
 
 #include <openssl/err.h>
 
 #include "../internal.h"
 #include "openssl/pem.h"
+#include "openssl/rand.h"
 
 
 void hexdump(FILE *fp, const char *msg, const void *in, size_t len) {
@@ -166,27 +168,33 @@ size_t createTempFILEpath(char buffer[PATH_MAX]) {
 }
 
 size_t createTempDirPath(char buffer[PATH_MAX]) {
-  char pathname[PATH_MAX];
-  char tempdir[PATH_MAX];
-
-  if (0 == GetTempPathA(PATH_MAX, pathname)) {
+  char temp_path[PATH_MAX];
+  union {
+    uint8_t bytes[8];
+    uint64_t value;
+  } random_bytes;
+
+  // Get the temporary path
+  if (0 == GetTempPathA(PATH_MAX, temp_path)) {
     return 0;
   }
 
-  // Generate a unique name using Windows API
-  if (0 == GetTempFileNameA(pathname, "awslctestdir", 0, tempdir)) {
+  if (!RAND_bytes(random_bytes.bytes, sizeof(random_bytes.bytes))) {
     return 0;
   }
 
-  // Delete the file that GetTempFileNameA created
-  DeleteFileA(tempdir);
+  int written = snprintf(buffer, PATH_MAX, "%s\\awslctest_%" PRIX64, temp_path, random_bytes.value);
 
-  if (!CreateDirectoryA(tempdir, NULL)) {
+  // Check for truncation of dirname
+  if (written < 0 || written >= PATH_MAX) {
     return 0;
   }
 
-  strncpy(buffer, tempdir, PATH_MAX);
-  return strnlen(buffer, PATH_MAX);
+  if (!CreateDirectoryA(buffer, NULL)) {
+    return 0;
+  }
+
+  return (size_t)written;
 }
 
 FILE* createRawTempFILE() {
@@ -196,6 +204,7 @@ FILE* createRawTempFILE() {
   }
   return fopen(filename, "w+b");
 }
+
 #else
 #include <cstdlib>
 #include <unistd.h>

@@ -70,6 +70,8 @@
 extern "C" {
 #endif
 
+#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+
 
 // DSA contains functions for signing and verifying with the Digital Signature
 // Algorithm.
@@ -187,8 +189,8 @@ OPENSSL_EXPORT DSA *DSAparams_dup(const DSA *dsa);
 // Key generation.
 
 // DSA_generate_key generates a public/private key pair in |dsa|, which must
-// already have parameters setup. It returns one on success and zero on
-// error.
+// already have parameters setup. Only supports generating upto |OPENSSL_DSA_MAX_MODULUS_BITS|
+// bit keys. It returns one on success and zero on error.
 OPENSSL_EXPORT int DSA_generate_key(DSA *dsa);
 
 

@@ -10,6 +10,7 @@ add_executable(
     crl.cc
     dgst.cc
     rehash.cc
+    req.cc
     rsa.cc
     s_client.cc
     tool.cc
@@ -83,6 +84,8 @@ if(BUILD_TESTING)
         dgst_test.cc
         rehash.cc
         rehash_test.cc
+        req.cc
+        req_test.cc
         rsa.cc
         rsa_test.cc
         s_client.cc

@@ -34,12 +34,16 @@ bool CRLTool(const args_list_t &args);
 bool dgstTool(const args_list_t &args);
 bool md5Tool(const args_list_t &args);
 bool RehashTool(const args_list_t &args);
+bool reqTool(const args_list_t &args);
 bool rsaTool(const args_list_t &args);
 bool SClientTool(const args_list_t &args);
 bool VerifyTool(const args_list_t &args);
 bool VersionTool(const args_list_t &args);
 bool X509Tool(const args_list_t &args);
 
+// Req Tool Utilities
+bssl::UniquePtr<X509_NAME> parse_subject_name(std::string &subject_string);
+
 
 // Rehash tool Utils
 typedef struct hash_entry_st {        // Represents a single certificate/CRL file