Add req to OpenSSL CLI tool (#2284)

### Issues:
`CryptoAlg-2992`

### Description of changes: 
Add the req tool. Only some options are supported. We don't support the
default config file interface that OpenSSL does, default values are
hardcoded where appropriate.

This PR also modified the createTempDirPath utility function. This func
previously had a race condition causing intermittent CI failures.

### Testing: 
Unit test for parsing subject function. OpenSSL comparison tests for CSR
and Cert generation with cross-checking of attributes.


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

Author: smittals2

crypto/dsa/internal.h

@@ -40,8 +40,6 @@ struct dsa_st {
   CRYPTO_EX_DATA ex_data;
 };
 
-#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
-
 // dsa_check_key performs cheap self-checks on |dsa|, and ensures it is within
 // DoS bounds. It returns one on success and zero on error.
 int dsa_check_key(const DSA *dsa);

crypto/test/test_util.cc

@@ -15,11 +15,13 @@
 #include "test_util.h"
 
 #include <ostream>
+#include <inttypes.h>
 
 #include <openssl/err.h>
 
 #include "../internal.h"
 #include "openssl/pem.h"
+#include "openssl/rand.h"
 
 
 void hexdump(FILE *fp, const char *msg, const void *in, size_t len) {
@@ -166,27 +168,33 @@ size_t createTempFILEpath(char buffer[PATH_MAX]) {
 }
 
 size_t createTempDirPath(char buffer[PATH_MAX]) {
-  char pathname[PATH_MAX];
-  char tempdir[PATH_MAX];
-
-  if (0 == GetTempPathA(PATH_MAX, pathname)) {
+  char temp_path[PATH_MAX];
+  union {
+    uint8_t bytes[8];
+    uint64_t value;
+  } random_bytes;
+
+  // Get the temporary path
+  if (0 == GetTempPathA(PATH_MAX, temp_path)) {
     return 0;
   }
 
-  // Generate a unique name using Windows API
-  if (0 == GetTempFileNameA(pathname, "awslctestdir", 0, tempdir)) {
+  if (!RAND_bytes(random_bytes.bytes, sizeof(random_bytes.bytes))) {
     return 0;
   }
 
-  // Delete the file that GetTempFileNameA created
-  DeleteFileA(tempdir);
+  int written = snprintf(buffer, PATH_MAX, "%s\\awslctest_%" PRIX64, temp_path, random_bytes.value);
 
-  if (!CreateDirectoryA(tempdir, NULL)) {
+  // Check for truncation of dirname
+  if (written < 0 || written >= PATH_MAX) {
     return 0;
   }
 
-  strncpy(buffer, tempdir, PATH_MAX);
-  return strnlen(buffer, PATH_MAX);
+  if (!CreateDirectoryA(buffer, NULL)) {
+    return 0;
+  }
+
+  return (size_t)written;
 }
 
 FILE* createRawTempFILE() {
@@ -196,6 +204,7 @@ FILE* createRawTempFILE() {
   }
   return fopen(filename, "w+b");
 }
+
 #else
 #include <cstdlib>
 #include <unistd.h>

include/openssl/dsa.h

@@ -70,6 +70,8 @@
 extern "C" {
 #endif
 
+#define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+
 
 // DSA contains functions for signing and verifying with the Digital Signature
 // Algorithm.
@@ -187,8 +189,8 @@ OPENSSL_EXPORT DSA *DSAparams_dup(const DSA *dsa);
 // Key generation.
 
 // DSA_generate_key generates a public/private key pair in |dsa|, which must
-// already have parameters setup. It returns one on success and zero on
-// error.
+// already have parameters setup. Only supports generating up to |OPENSSL_DSA_MAX_MODULUS_BITS|
+// bit keys. It returns one on success and zero on error.
 OPENSSL_EXPORT int DSA_generate_key(DSA *dsa);
 
 

tool-openssl/CMakeLists.txt

@@ -10,6 +10,7 @@ add_executable(
     crl.cc
     dgst.cc
     rehash.cc
+    req.cc
     rsa.cc
     s_client.cc
     tool.cc
@@ -83,6 +84,8 @@ if(BUILD_TESTING)
         dgst_test.cc
         rehash.cc
         rehash_test.cc
+        req.cc
+        req_test.cc
         rsa.cc
         rsa_test.cc
         s_client.cc

tool-openssl/internal.h

@@ -34,12 +34,16 @@ bool CRLTool(const args_list_t &args);
 bool dgstTool(const args_list_t &args);
 bool md5Tool(const args_list_t &args);
 bool RehashTool(const args_list_t &args);
+bool reqTool(const args_list_t &args);
 bool rsaTool(const args_list_t &args);
 bool SClientTool(const args_list_t &args);
 bool VerifyTool(const args_list_t &args);
 bool VersionTool(const args_list_t &args);
 bool X509Tool(const args_list_t &args);
 
+// Req Tool Utilities
+bssl::UniquePtr<X509_NAME> parse_subject_name(std::string &subject_string);
+
 
 // Rehash tool Utils
 typedef struct hash_entry_st {        // Represents a single certificate/CRL file