Loading CHANGES +5 −0 Original line number Original line Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] *) New -sigopt option to the req and x509 utilities. Additional signature parameters can be passed using this option and in particular PSS. Todo: ca support. [Steve Henson] *) Add RSA PSS signing function. This will generate and set the *) Add RSA PSS signing function. This will generate and set the appropriate AlgorithmIdentifiers for PSS based on those in the appropriate AlgorithmIdentifiers for PSS based on those in the corresponding EVP_MD_CTX structure. No application support yet. corresponding EVP_MD_CTX structure. No application support yet. Loading apps/apps.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -321,6 +321,8 @@ int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts); int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts); int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); #ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK extern char *psk_key; extern char *psk_key; #endif #endif Loading apps/ca.c +42 −20 Original line number Original line Diff line number Diff line Loading @@ -197,26 +197,30 @@ extern int EF_ALIGNMENT; static void lookup_fail(const char *name, const char *tag); static void lookup_fail(const char *name, const char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); unsigned long nameopt, int default_op, int ext_copy); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, Loading Loading @@ -311,6 +315,7 @@ int MAIN(int argc, char **argv) const EVP_MD *dgst=NULL; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; STACK_OF(X509) *cert_sk=NULL; STACK_OF(X509) *cert_sk=NULL; STACK_OF(OPENSSL_STRING) *sigopts = NULL; #undef BSIZE #undef BSIZE #define BSIZE 256 #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; MS_STATIC char buf[3][BSIZE]; Loading Loading @@ -435,6 +440,15 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; if (--argc < 1) goto bad; outdir= *(++argv); outdir= *(++argv); } } else if (strcmp(*argv,"-sigopt") == 0) { if (--argc < 1) goto bad; if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) goto bad; } else if (strcmp(*argv,"-notext") == 0) else if (strcmp(*argv,"-notext") == 0) notext=1; notext=1; else if (strcmp(*argv,"-batch") == 0) else if (strcmp(*argv,"-batch") == 0) Loading Loading @@ -1170,8 +1184,9 @@ bad: if (spkac_file != NULL) if (spkac_file != NULL) { { total++; total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, j=certify_spkac(&x,spkac_file,pkey,x509,dgst,sigopts, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions, attribs,db, serial,subj,chtype,multirdn, email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j < 0) goto err; if (j > 0) if (j > 0) Loading @@ -1194,7 +1209,8 @@ bad: if (ss_cert_file != NULL) if (ss_cert_file != NULL) { { total++; total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,sigopts, attribs, db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); default_op, ext_copy, e); Loading @@ -1214,7 +1230,7 @@ bad: if (infile != NULL) if (infile != NULL) { { total++; total++; j=certify(&x,infile,pkey,x509p,dgst,attribs,db, j=certify(&x,infile,pkey,x509p,dgst,sigopts, attribs,db, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); default_op, ext_copy, selfsign); Loading @@ -1234,7 +1250,7 @@ bad: for (i=0; i<argc; i++) for (i=0; i<argc; i++) { { total++; total++; j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, j=certify(&x,argv[i],pkey,x509p,dgst,sigopts,attribs,db, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); default_op, ext_copy, selfsign); Loading Loading @@ -1483,7 +1499,7 @@ bad: crlnumber = NULL; crlnumber = NULL; } } if (!X509_CRL_sign(crl,pkey,dgst)) goto err; if (!do_X509_CRL_sign(bio_err,crl,pkey,dgst,sigopts)) goto err; PEM_write_bio_X509_CRL(Sout,crl); PEM_write_bio_X509_CRL(Sout,crl); Loading Loading @@ -1553,8 +1569,10 @@ static void lookup_fail(const char *name, const char *tag) } } static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) int ext_copy, int selfsign) Loading Loading @@ -1610,7 +1628,8 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else else BIO_printf(bio_err,"Signature ok\n"); BIO_printf(bio_err,"Signature ok\n"); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn, ok=do_body(xret,pkey,x509,dgst,sigopts, policy,db,serial,subj,chtype, multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, selfsign); certopt, nameopt, default_op, ext_copy, selfsign); Loading @@ -1621,7 +1640,8 @@ err: } } static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, unsigned long certopt, unsigned long nameopt, int default_op, Loading Loading @@ -1664,7 +1684,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; goto err; ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); ext_copy, 0); Loading @@ -1675,7 +1695,8 @@ err: } } static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, Loading Loading @@ -2146,7 +2167,7 @@ again2: EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_free(pktmp); EVP_PKEY_free(pktmp); if (!X509_sign(ret,pkey,dgst)) if (!do_X509_sign(bio_err, ret,pkey,dgst, sigopts)) goto err; goto err; /* We now just add it to the database */ /* We now just add it to the database */ Loading Loading @@ -2240,7 +2261,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) } } static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) unsigned long nameopt, int default_op, int ext_copy) Loading Loading @@ -2366,9 +2388,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); EVP_PKEY_free(pktmp); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, multirdn,email_dn,startdate,enddate, days,1,verbose,req, ext_copy, 0); ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: err: if (req != NULL) X509_REQ_free(req); if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); if (parms != NULL) CONF_free(parms); Loading apps/req.c +15 −0 Original line number Original line Diff line number Diff line Loading @@ -1819,3 +1819,18 @@ int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, } } int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); rv = do_sign_init(err, &mctx, pkey, md, sigopts); if (rv > 0) rv = X509_CRL_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); return rv > 0 ? 1 : 0; } Loading
CHANGES +5 −0 Original line number Original line Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] *) New -sigopt option to the req and x509 utilities. Additional signature parameters can be passed using this option and in particular PSS. Todo: ca support. [Steve Henson] *) Add RSA PSS signing function. This will generate and set the *) Add RSA PSS signing function. This will generate and set the appropriate AlgorithmIdentifiers for PSS based on those in the appropriate AlgorithmIdentifiers for PSS based on those in the corresponding EVP_MD_CTX structure. No application support yet. corresponding EVP_MD_CTX structure. No application support yet. Loading
apps/apps.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -321,6 +321,8 @@ int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts); int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); STACK_OF(OPENSSL_STRING) *sigopts); int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts); #ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK extern char *psk_key; extern char *psk_key; #endif #endif Loading
apps/ca.c +42 −20 Original line number Original line Diff line number Diff line Loading @@ -197,26 +197,30 @@ extern int EF_ALIGNMENT; static void lookup_fail(const char *name, const char *tag); static void lookup_fail(const char *name, const char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db, const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf, char *enddate, long days, int batch, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign); int default_op, int ext_copy, int selfsign); static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, char *ext_sect, CONF *conf,int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, unsigned long nameopt, int default_op, int ext_copy, ENGINE *e); ENGINE *e); static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy, const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, char *startdate, char *enddate, long days, char *ext_sect, CONF *conf, int verbose, unsigned long certopt, CONF *conf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy); unsigned long nameopt, int default_op, int ext_copy); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, int verbose, X509_REQ *req, char *ext_sect, CONF *conf, Loading Loading @@ -311,6 +315,7 @@ int MAIN(int argc, char **argv) const EVP_MD *dgst=NULL; const EVP_MD *dgst=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; STACK_OF(CONF_VALUE) *attribs=NULL; STACK_OF(X509) *cert_sk=NULL; STACK_OF(X509) *cert_sk=NULL; STACK_OF(OPENSSL_STRING) *sigopts = NULL; #undef BSIZE #undef BSIZE #define BSIZE 256 #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; MS_STATIC char buf[3][BSIZE]; Loading Loading @@ -435,6 +440,15 @@ EF_ALIGNMENT=0; if (--argc < 1) goto bad; if (--argc < 1) goto bad; outdir= *(++argv); outdir= *(++argv); } } else if (strcmp(*argv,"-sigopt") == 0) { if (--argc < 1) goto bad; if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) goto bad; } else if (strcmp(*argv,"-notext") == 0) else if (strcmp(*argv,"-notext") == 0) notext=1; notext=1; else if (strcmp(*argv,"-batch") == 0) else if (strcmp(*argv,"-batch") == 0) Loading Loading @@ -1170,8 +1184,9 @@ bad: if (spkac_file != NULL) if (spkac_file != NULL) { { total++; total++; j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db, j=certify_spkac(&x,spkac_file,pkey,x509,dgst,sigopts, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions, attribs,db, serial,subj,chtype,multirdn, email_dn,startdate,enddate,days,extensions, conf,verbose,certopt,nameopt,default_op,ext_copy); conf,verbose,certopt,nameopt,default_op,ext_copy); if (j < 0) goto err; if (j < 0) goto err; if (j > 0) if (j > 0) Loading @@ -1194,7 +1209,8 @@ bad: if (ss_cert_file != NULL) if (ss_cert_file != NULL) { { total++; total++; j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs, j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,sigopts, attribs, db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, e); default_op, ext_copy, e); Loading @@ -1214,7 +1230,7 @@ bad: if (infile != NULL) if (infile != NULL) { { total++; total++; j=certify(&x,infile,pkey,x509p,dgst,attribs,db, j=certify(&x,infile,pkey,x509p,dgst,sigopts, attribs,db, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); default_op, ext_copy, selfsign); Loading @@ -1234,7 +1250,7 @@ bad: for (i=0; i<argc; i++) for (i=0; i<argc; i++) { { total++; total++; j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db, j=certify(&x,argv[i],pkey,x509p,dgst,sigopts,attribs,db, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch, extensions,conf,verbose, certopt, nameopt, extensions,conf,verbose, certopt, nameopt, default_op, ext_copy, selfsign); default_op, ext_copy, selfsign); Loading Loading @@ -1483,7 +1499,7 @@ bad: crlnumber = NULL; crlnumber = NULL; } } if (!X509_CRL_sign(crl,pkey,dgst)) goto err; if (!do_X509_CRL_sign(bio_err,crl,pkey,dgst,sigopts)) goto err; PEM_write_bio_X509_CRL(Sout,crl); PEM_write_bio_X509_CRL(Sout,crl); Loading Loading @@ -1553,8 +1569,10 @@ static void lookup_fail(const char *name, const char *tag) } } static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) int ext_copy, int selfsign) Loading Loading @@ -1610,7 +1628,8 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, else else BIO_printf(bio_err,"Signature ok\n"); BIO_printf(bio_err,"Signature ok\n"); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn, ok=do_body(xret,pkey,x509,dgst,sigopts, policy,db,serial,subj,chtype, multirdn, email_dn, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, startdate,enddate,days,batch,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, selfsign); certopt, nameopt, default_op, ext_copy, selfsign); Loading @@ -1621,7 +1640,8 @@ err: } } static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, char *ext_sect, CONF *lconf, int verbose, long days, int batch, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, unsigned long certopt, unsigned long nameopt, int default_op, Loading Loading @@ -1664,7 +1684,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL) goto err; goto err; ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); ext_copy, 0); Loading @@ -1675,7 +1695,8 @@ err: } } static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, int batch, int email_dn, char *startdate, char *enddate, long days, int batch, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, int verbose, X509_REQ *req, char *ext_sect, CONF *lconf, Loading Loading @@ -2146,7 +2167,7 @@ again2: EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_copy_parameters(pktmp,pkey); EVP_PKEY_free(pktmp); EVP_PKEY_free(pktmp); if (!X509_sign(ret,pkey,dgst)) if (!do_X509_sign(bio_err, ret,pkey,dgst, sigopts)) goto err; goto err; /* We now just add it to the database */ /* We now just add it to the database */ Loading Loading @@ -2240,7 +2261,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) } } static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db, const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy) unsigned long nameopt, int default_op, int ext_copy) Loading Loading @@ -2366,9 +2388,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, X509_REQ_set_pubkey(req,pktmp); X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); EVP_PKEY_free(pktmp); ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate, ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype, days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op, multirdn,email_dn,startdate,enddate, days,1,verbose,req, ext_copy, 0); ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0); err: err: if (req != NULL) X509_REQ_free(req); if (req != NULL) X509_REQ_free(req); if (parms != NULL) CONF_free(parms); if (parms != NULL) CONF_free(parms); Loading
apps/req.c +15 −0 Original line number Original line Diff line number Diff line Loading @@ -1819,3 +1819,18 @@ int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md, } } int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts) { int rv; EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); rv = do_sign_init(err, &mctx, pkey, md, sigopts); if (rv > 0) rv = X509_CRL_sign_ctx(x, &mctx); EVP_MD_CTX_cleanup(&mctx); return rv > 0 ? 1 : 0; }
