|
@@ -197,26 +197,30 @@ extern int EF_ALIGNMENT;
|
|
|
|
|
|
static void lookup_fail(const char *name, const char *tag);
|
|
static void lookup_fail(const char *name, const char *tag);
|
|
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
|
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
|
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
|
|
|
|
|
|
+ const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
|
|
|
|
+ STACK_OF(CONF_VALUE) *policy,CA_DB *db,
|
|
BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
|
|
BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
|
|
char *enddate, long days, int batch, char *ext_sect, CONF *conf,
|
|
char *enddate, long days, int batch, char *ext_sect, CONF *conf,
|
|
int verbose, unsigned long certopt, unsigned long nameopt,
|
|
int verbose, unsigned long certopt, unsigned long nameopt,
|
|
int default_op, int ext_copy, int selfsign);
|
|
int default_op, int ext_copy, int selfsign);
|
|
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
|
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
|
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
|
|
|
|
|
|
+ const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
|
|
|
|
+ STACK_OF(CONF_VALUE) *policy,
|
|
CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
|
|
CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
|
|
char *startdate, char *enddate, long days, int batch,
|
|
char *startdate, char *enddate, long days, int batch,
|
|
char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
|
|
char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
|
|
unsigned long nameopt, int default_op, int ext_copy,
|
|
unsigned long nameopt, int default_op, int ext_copy,
|
|
ENGINE *e);
|
|
ENGINE *e);
|
|
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
|
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
|
|
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
|
|
|
|
|
|
+ const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
|
|
|
|
+ STACK_OF(CONF_VALUE) *policy,
|
|
CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
|
|
CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
|
|
char *startdate, char *enddate, long days, char *ext_sect,
|
|
char *startdate, char *enddate, long days, char *ext_sect,
|
|
CONF *conf, int verbose, unsigned long certopt,
|
|
CONF *conf, int verbose, unsigned long certopt,
|
|
unsigned long nameopt, int default_op, int ext_copy);
|
|
unsigned long nameopt, int default_op, int ext_copy);
|
|
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
|
|
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
|
|
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|
|
|
+ STACK_OF(OPENSSL_STRING) *sigopts,
|
|
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
|
|
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
|
|
int email_dn, char *startdate, char *enddate, long days, int batch,
|
|
int email_dn, char *startdate, char *enddate, long days, int batch,
|
|
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
|
|
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
|
|
@@ -311,6 +315,7 @@ int MAIN(int argc, char **argv)
|
|
const EVP_MD *dgst=NULL;
|
|
const EVP_MD *dgst=NULL;
|
|
STACK_OF(CONF_VALUE) *attribs=NULL;
|
|
STACK_OF(CONF_VALUE) *attribs=NULL;
|
|
STACK_OF(X509) *cert_sk=NULL;
|
|
STACK_OF(X509) *cert_sk=NULL;
|
|
|
|
+ STACK_OF(OPENSSL_STRING) *sigopts = NULL;
|
|
#undef BSIZE
|
|
#undef BSIZE
|
|
#define BSIZE 256
|
|
#define BSIZE 256
|
|
MS_STATIC char buf[3][BSIZE];
|
|
MS_STATIC char buf[3][BSIZE];
|
|
@@ -435,6 +440,15 @@ EF_ALIGNMENT=0;
|
|
if (--argc < 1) goto bad;
|
|
if (--argc < 1) goto bad;
|
|
outdir= *(++argv);
|
|
outdir= *(++argv);
|
|
}
|
|
}
|
|
|
|
+ else if (strcmp(*argv,"-sigopt") == 0)
|
|
|
|
+ {
|
|
|
|
+ if (--argc < 1)
|
|
|
|
+ goto bad;
|
|
|
|
+ if (!sigopts)
|
|
|
|
+ sigopts = sk_OPENSSL_STRING_new_null();
|
|
|
|
+ if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
|
|
|
|
+ goto bad;
|
|
|
|
+ }
|
|
else if (strcmp(*argv,"-notext") == 0)
|
|
else if (strcmp(*argv,"-notext") == 0)
|
|
notext=1;
|
|
notext=1;
|
|
else if (strcmp(*argv,"-batch") == 0)
|
|
else if (strcmp(*argv,"-batch") == 0)
|
|
@@ -1170,8 +1184,9 @@ bad:
|
|
if (spkac_file != NULL)
|
|
if (spkac_file != NULL)
|
|
{
|
|
{
|
|
total++;
|
|
total++;
|
|
- j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
|
|
|
|
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
|
|
|
|
|
|
+ j=certify_spkac(&x,spkac_file,pkey,x509,dgst,sigopts,
|
|
|
|
+ attribs,db, serial,subj,chtype,multirdn,
|
|
|
|
+ email_dn,startdate,enddate,days,extensions,
|
|
conf,verbose,certopt,nameopt,default_op,ext_copy);
|
|
conf,verbose,certopt,nameopt,default_op,ext_copy);
|
|
if (j < 0) goto err;
|
|
if (j < 0) goto err;
|
|
if (j > 0)
|
|
if (j > 0)
|
|
@@ -1194,7 +1209,8 @@ bad:
|
|
if (ss_cert_file != NULL)
|
|
if (ss_cert_file != NULL)
|
|
{
|
|
{
|
|
total++;
|
|
total++;
|
|
- j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
|
|
|
|
|
|
+ j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,sigopts,
|
|
|
|
+ attribs,
|
|
db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
|
|
db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
|
|
extensions,conf,verbose, certopt, nameopt,
|
|
extensions,conf,verbose, certopt, nameopt,
|
|
default_op, ext_copy, e);
|
|
default_op, ext_copy, e);
|
|
@@ -1214,7 +1230,7 @@ bad:
|
|
if (infile != NULL)
|
|
if (infile != NULL)
|
|
{
|
|
{
|
|
total++;
|
|
total++;
|
|
- j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
|
|
|
|
|
|
+ j=certify(&x,infile,pkey,x509p,dgst,sigopts, attribs,db,
|
|
serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
|
|
serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
|
|
extensions,conf,verbose, certopt, nameopt,
|
|
extensions,conf,verbose, certopt, nameopt,
|
|
default_op, ext_copy, selfsign);
|
|
default_op, ext_copy, selfsign);
|
|
@@ -1234,7 +1250,7 @@ bad:
|
|
for (i=0; i<argc; i++)
|
|
for (i=0; i<argc; i++)
|
|
{
|
|
{
|
|
total++;
|
|
total++;
|
|
- j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
|
|
|
|
|
|
+ j=certify(&x,argv[i],pkey,x509p,dgst,sigopts,attribs,db,
|
|
serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
|
|
serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
|
|
extensions,conf,verbose, certopt, nameopt,
|
|
extensions,conf,verbose, certopt, nameopt,
|
|
default_op, ext_copy, selfsign);
|
|
default_op, ext_copy, selfsign);
|
|
@@ -1483,7 +1499,7 @@ bad:
|
|
crlnumber = NULL;
|
|
crlnumber = NULL;
|
|
}
|
|
}
|
|
|
|
|
|
- if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
|
|
|
|
|
|
+ if (!do_X509_CRL_sign(bio_err,crl,pkey,dgst,sigopts)) goto err;
|
|
|
|
|
|
PEM_write_bio_X509_CRL(Sout,crl);
|
|
PEM_write_bio_X509_CRL(Sout,crl);
|
|
|
|
|
|
@@ -1553,8 +1569,10 @@ static void lookup_fail(const char *name, const char *tag)
|
|
}
|
|
}
|
|
|
|
|
|
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
|
|
|
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
|
|
|
|
|
|
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
|
|
|
|
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
|
|
|
+ BIGNUM *serial, char *subj,unsigned long chtype, int multirdn,
|
|
|
|
+ int email_dn, char *startdate, char *enddate,
|
|
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
|
|
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
|
|
unsigned long certopt, unsigned long nameopt, int default_op,
|
|
unsigned long certopt, unsigned long nameopt, int default_op,
|
|
int ext_copy, int selfsign)
|
|
int ext_copy, int selfsign)
|
|
@@ -1610,7 +1628,8 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
else
|
|
else
|
|
BIO_printf(bio_err,"Signature ok\n");
|
|
BIO_printf(bio_err,"Signature ok\n");
|
|
|
|
|
|
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
|
|
|
|
|
|
+ ok=do_body(xret,pkey,x509,dgst,sigopts, policy,db,serial,subj,chtype,
|
|
|
|
+ multirdn, email_dn,
|
|
startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
|
|
startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
|
|
certopt, nameopt, default_op, ext_copy, selfsign);
|
|
certopt, nameopt, default_op, ext_copy, selfsign);
|
|
|
|
|
|
@@ -1621,7 +1640,8 @@ err:
|
|
}
|
|
}
|
|
|
|
|
|
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
|
|
|
|
|
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
|
|
|
|
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
|
BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
|
|
BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
|
|
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
|
|
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
|
|
unsigned long certopt, unsigned long nameopt, int default_op,
|
|
unsigned long certopt, unsigned long nameopt, int default_op,
|
|
@@ -1664,7 +1684,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
|
|
if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
|
|
goto err;
|
|
goto err;
|
|
|
|
|
|
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
|
|
|
|
|
|
+ ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
|
|
days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
|
|
days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
|
|
ext_copy, 0);
|
|
ext_copy, 0);
|
|
|
|
|
|
@@ -1675,7 +1695,8 @@ err:
|
|
}
|
|
}
|
|
|
|
|
|
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
|
|
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
|
|
|
|
|
|
+ STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,
|
|
|
|
+ CA_DB *db, BIGNUM *serial, char *subj,
|
|
unsigned long chtype, int multirdn,
|
|
unsigned long chtype, int multirdn,
|
|
int email_dn, char *startdate, char *enddate, long days, int batch,
|
|
int email_dn, char *startdate, char *enddate, long days, int batch,
|
|
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
|
|
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
|
|
@@ -2146,7 +2167,7 @@ again2:
|
|
EVP_PKEY_copy_parameters(pktmp,pkey);
|
|
EVP_PKEY_copy_parameters(pktmp,pkey);
|
|
EVP_PKEY_free(pktmp);
|
|
EVP_PKEY_free(pktmp);
|
|
|
|
|
|
- if (!X509_sign(ret,pkey,dgst))
|
|
|
|
|
|
+ if (!do_X509_sign(bio_err, ret,pkey,dgst, sigopts))
|
|
goto err;
|
|
goto err;
|
|
|
|
|
|
/* We now just add it to the database */
|
|
/* We now just add it to the database */
|
|
@@ -2240,7 +2261,8 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
|
|
}
|
|
}
|
|
|
|
|
|
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
|
|
|
|
|
+ const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
|
|
|
|
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
|
|
BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
|
|
BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
|
|
long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
|
|
long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
|
|
unsigned long nameopt, int default_op, int ext_copy)
|
|
unsigned long nameopt, int default_op, int ext_copy)
|
|
@@ -2366,9 +2388,9 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
|
|
|
|
|
|
X509_REQ_set_pubkey(req,pktmp);
|
|
X509_REQ_set_pubkey(req,pktmp);
|
|
EVP_PKEY_free(pktmp);
|
|
EVP_PKEY_free(pktmp);
|
|
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
|
|
|
|
- days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
|
|
|
|
- ext_copy, 0);
|
|
|
|
|
|
+ ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,
|
|
|
|
+ multirdn,email_dn,startdate,enddate, days,1,verbose,req,
|
|
|
|
+ ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0);
|
|
err:
|
|
err:
|
|
if (req != NULL) X509_REQ_free(req);
|
|
if (req != NULL) X509_REQ_free(req);
|
|
if (parms != NULL) CONF_free(parms);
|
|
if (parms != NULL) CONF_free(parms);
|