More X509 V3 stuff. Add support for extensions in the 'req' application

 Changes between 0.9.1c and 0.9.2

  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'

     and add a sample to openssl.cnf so req -x509 now adds appropriate

     CA extensions.

     [Steve Henson]

  *) Continued X509 V3 changes. Add to other makefiles, integrate with the

     error code, add initial support to X509_print() and x509 application.

     [Steve Henson]

  *) Takes a deep breath and start addding X509 V3 extension support code. Add

     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this

	md2 md5 sha mdc2 hmac ripemd \

	des rc2 rc4 rc5 idea bf cast \

	bn rsa dsa dh \

	buffer bio stack lhash rand pem err objects \

	evp asn1 x509 x509v3 conf txt_db pkcs7 comp

	buffer bio stack lhash rand err objects \

	evp asn1 x509 x509v3 conf pem txt_db pkcs7 comp

# If you change the INSTALLTOP, make sure to also change the values

# in crypto/location.h

default_keyfile 	= privkey.pem

distinguished_name	= req_distinguished_name

attributes		= req_attributes

x509_extensions	= v3_ca	# The extentions to add to the cert

[ req_distinguished_name ]

countryName			= Country Name (2 letter code)

#nsCertExt

#nsDataType

[ v3_ca]

# Extensions for a typical CA

basicConstraints = CA:true

keyUsage = cRLSign, keyCertSign

#include "err.h"

#include "asn1.h"

#include "x509.h"

#include "x509v3.h"

#include "objects.h"

#include "pem.h"

#define KEYFILE		"default_keyfile"

#define DISTINGUISHED_NAME	"distinguished_name"

#define ATTRIBUTES	"attributes"

#define V3_EXTENSIONS	"x509_extensions"

#define DEFAULT_KEY_LENGTH	512

#define MIN_KEY_LENGTH		384

	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;

	int nodes=0,kludge=0;

	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;

	char *extensions = NULL;

	EVP_CIPHER *cipher=NULL;

	int modulus=0;

	char *p;

		}

	ERR_load_crypto_strings();

	X509V3_add_standard_extensions();

#ifndef MONOLITH

	/* Lets load up our environment a little */

			digest=md_alg;

		}

	extensions = CONF_get_string(req_conf, SECTION, V3_EXTENSIONS);

	in=BIO_new(BIO_s_file());

	out=BIO_new(BIO_s_file());

	if ((in == NULL) || (out == NULL))

		if (x509)

			{

			EVP_PKEY *tmppkey;

			X509V3_CTX ext_ctx;

			if ((x509ss=X509_new()) == NULL) goto end;

			/* don't set the version number, for starters

			 * the field is null and second, null is v0 

			 * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;

			 */

			/* Set version to V3 */

			if(!X509_set_version(x509ss, 2)) goto end;

			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);

			X509_set_issuer_name(x509ss,

			X509_set_pubkey(x509ss,tmppkey);

			EVP_PKEY_free(tmppkey);

			/* Set up V3 context struct */

			ext_ctx.issuer_cert = x509ss;

			ext_ctx.subject_cert = x509ss;

			ext_ctx.subject_req = NULL;

			/* Add extensions */

			if(extensions && !X509V3_EXT_add_conf(req_conf, 

				 	&ext_ctx, extensions, x509ss)) goto end;

			if (!(i=X509_sign(x509ss,pkey,digest)))

				goto end;

			}

{3, "Data Encipherment", "dataEncipherment"},

{4, "Key Agreement", "keyAgreement"},

{5, "Certificate Sign", "keyCertSign"},

{6, "CRL Sign", "cRLCertSign"},

{6, "CRL Sign", "cRLSign"},

{7, "Encipher Only", "encipherOnly"},

{8, "Decipher Only", "decipherOnly"},

{-1, NULL, NULL}