More X509 V3 stuff. Add support for extensions in the 'req' application (f317aa4c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+6 −0

Original line number	Original line	Diff line number	Diff line
	@@ -5,8 +5,14 @@

	Changes between 0.9.1c and 0.9.2		Changes between 0.9.1c and 0.9.2

			*) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
			and add a sample to openssl.cnf so req -x509 now adds appropriate
			CA extensions.
			[Steve Henson]

	*) Continued X509 V3 changes. Add to other makefiles, integrate with the		*) Continued X509 V3 changes. Add to other makefiles, integrate with the
	error code, add initial support to X509_print() and x509 application.		error code, add initial support to X509_print() and x509 application.
			[Steve Henson]

	*) Takes a deep breath and start addding X509 V3 extension support code. Add		*) Takes a deep breath and start addding X509 V3 extension support code. Add
	files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this		files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this

Makefile.org

+2 −2

Original line number	Original line	Diff line number	Diff line
	@@ -156,8 +156,8 @@ SDIRS= \
	md2 md5 sha mdc2 hmac ripemd \		md2 md5 sha mdc2 hmac ripemd \
	des rc2 rc4 rc5 idea bf cast \		des rc2 rc4 rc5 idea bf cast \
	bn rsa dsa dh \		bn rsa dsa dh \
	buffer bio stack lhash rand pem err objects \		buffer bio stack lhash rand err objects \
	evp asn1 x509 x509v3 conf txt_db pkcs7 comp		evp asn1 x509 x509v3 conf pem txt_db pkcs7 comp

	# If you change the INSTALLTOP, make sure to also change the values		# If you change the INSTALLTOP, make sure to also change the values
	# in crypto/location.h		# in crypto/location.h

apps/openssl.cnf

+9 −0

Original line number	Original line	Diff line number	Diff line
	@@ -63,6 +63,7 @@ default_bits = 1024
	default_keyfile = privkey.pem		default_keyfile = privkey.pem
	distinguished_name = req_distinguished_name		distinguished_name = req_distinguished_name
	attributes = req_attributes		attributes = req_attributes
			x509_extensions = v3_ca # The extentions to add to the cert

	[ req_distinguished_name ]		[ req_distinguished_name ]
	countryName = Country Name (2 letter code)		countryName = Country Name (2 letter code)
	@@ -117,3 +118,11 @@ nsCertType = 0x40
	#nsCertExt		#nsCertExt
	#nsDataType		#nsDataType

			[ v3_ca]

			# Extensions for a typical CA

			basicConstraints = CA:true
			keyUsage = cRLSign, keyCertSign

apps/req.c

+19 −4

Original line number	Original line	Diff line number	Diff line
	@@ -71,6 +71,7 @@
	#include "err.h"		#include "err.h"
	#include "asn1.h"		#include "asn1.h"
	#include "x509.h"		#include "x509.h"
			#include "x509v3.h"
	#include "objects.h"		#include "objects.h"
	#include "pem.h"		#include "pem.h"

	@@ -80,6 +81,7 @@
	#define KEYFILE "default_keyfile"		#define KEYFILE "default_keyfile"
	#define DISTINGUISHED_NAME "distinguished_name"		#define DISTINGUISHED_NAME "distinguished_name"
	#define ATTRIBUTES "attributes"		#define ATTRIBUTES "attributes"
			#define V3_EXTENSIONS "x509_extensions"

	#define DEFAULT_KEY_LENGTH 512		#define DEFAULT_KEY_LENGTH 512
	#define MIN_KEY_LENGTH 384		#define MIN_KEY_LENGTH 384
	@@ -147,6 +149,7 @@ char **argv;
	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;		int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
	int nodes=0,kludge=0;		int nodes=0,kludge=0;
	char infile,outfile,prog,keyfile=NULL,template=NULL,keyout=NULL;		char infile,outfile,prog,keyfile=NULL,template=NULL,keyout=NULL;
			char *extensions = NULL;
	EVP_CIPHER *cipher=NULL;		EVP_CIPHER *cipher=NULL;
	int modulus=0;		int modulus=0;
	char *p;		char *p;
	@@ -357,6 +360,7 @@ bad:
	}		}

	ERR_load_crypto_strings();		ERR_load_crypto_strings();
			X509V3_add_standard_extensions();

	#ifndef MONOLITH		#ifndef MONOLITH
	/* Lets load up our environment a little */		/* Lets load up our environment a little */
	@@ -427,6 +431,8 @@ bad:
	digest=md_alg;		digest=md_alg;
	}		}

			extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);

	in=BIO_new(BIO_s_file());		in=BIO_new(BIO_s_file());
	out=BIO_new(BIO_s_file());		out=BIO_new(BIO_s_file());
	if ((in == NULL) \|\| (out == NULL))		if ((in == NULL) \|\| (out == NULL))
	@@ -628,12 +634,11 @@ loop:
	if (x509)		if (x509)
	{		{
	EVP_PKEY *tmppkey;		EVP_PKEY *tmppkey;
			X509V3_CTX ext_ctx;
	if ((x509ss=X509_new()) == NULL) goto end;		if ((x509ss=X509_new()) == NULL) goto end;

	/* don't set the version number, for starters		/* Set version to V3 */
	* the field is null and second, null is v0		if(!X509_set_version(x509ss, 2)) goto end;
	* if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
	*/
	ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);		ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);

	X509_set_issuer_name(x509ss,		X509_set_issuer_name(x509ss,
	@@ -647,6 +652,16 @@ loop:
	X509_set_pubkey(x509ss,tmppkey);		X509_set_pubkey(x509ss,tmppkey);
	EVP_PKEY_free(tmppkey);		EVP_PKEY_free(tmppkey);

			/* Set up V3 context struct */

			ext_ctx.issuer_cert = x509ss;
			ext_ctx.subject_cert = x509ss;
			ext_ctx.subject_req = NULL;

			/* Add extensions */
			if(extensions && !X509V3_EXT_add_conf(req_conf,
			&ext_ctx, extensions, x509ss)) goto end;

	if (!(i=X509_sign(x509ss,pkey,digest)))		if (!(i=X509_sign(x509ss,pkey,digest)))
	goto end;		goto end;
	}		}

crypto/x509v3/v3_bitstr.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -94,7 +94,7 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
	{3, "Data Encipherment", "dataEncipherment"},		{3, "Data Encipherment", "dataEncipherment"},
	{4, "Key Agreement", "keyAgreement"},		{4, "Key Agreement", "keyAgreement"},
	{5, "Certificate Sign", "keyCertSign"},		{5, "Certificate Sign", "keyCertSign"},
	{6, "CRL Sign", "cRLCertSign"},		{6, "CRL Sign", "cRLSign"},
	{7, "Encipher Only", "encipherOnly"},		{7, "Encipher Only", "encipherOnly"},
	{8, "Decipher Only", "decipherOnly"},		{8, "Decipher Only", "decipherOnly"},
	{-1, NULL, NULL}		{-1, NULL, NULL}