summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/x509.c177
1 files changed, 110 insertions, 67 deletions
diff --git a/src/usr.bin/openssl/x509.c b/src/usr.bin/openssl/x509.c
index a9155fee36..6326e1a544 100644
--- a/src/usr.bin/openssl/x509.c
+++ b/src/usr.bin/openssl/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.19 2021/03/24 12:09:16 inoguchi Exp $ */ 1/* $OpenBSD: x509.c,v 1.20 2021/03/26 13:46:25 inoguchi Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -57,9 +57,9 @@
57 */ 57 */
58 58
59#include <assert.h> 59#include <assert.h>
60#include <limits.h>
60#include <stdio.h> 61#include <stdio.h>
61#include <stdlib.h> 62#include <stdlib.h>
62#include <limits.h>
63#include <string.h> 63#include <string.h>
64 64
65#include "apps.h" 65#include "apps.h"
@@ -67,17 +67,15 @@
67#include <openssl/asn1.h> 67#include <openssl/asn1.h>
68#include <openssl/bio.h> 68#include <openssl/bio.h>
69#include <openssl/bn.h> 69#include <openssl/bn.h>
70#include <openssl/dsa.h>
70#include <openssl/err.h> 71#include <openssl/err.h>
71#include <openssl/evp.h> 72#include <openssl/evp.h>
72#include <openssl/objects.h> 73#include <openssl/objects.h>
73#include <openssl/pem.h> 74#include <openssl/pem.h>
75#include <openssl/rsa.h>
74#include <openssl/x509.h> 76#include <openssl/x509.h>
75#include <openssl/x509v3.h> 77#include <openssl/x509v3.h>
76 78
77#include <openssl/dsa.h>
78
79#include <openssl/rsa.h>
80
81#define POSTFIX ".srl" 79#define POSTFIX ".srl"
82#define DEF_DAYS 30 80#define DEF_DAYS 30
83 81
@@ -776,7 +774,8 @@ x509_main(int argc, char **argv)
776 ERR_print_errors(bio_err); 774 ERR_print_errors(bio_err);
777 goto end; 775 goto end;
778 } 776 }
779 if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) && (x509_config.CAformat == FORMAT_PEM)) { 777 if ((x509_config.CAkeyfile == NULL) && (x509_config.CA_flag) &&
778 (x509_config.CAformat == FORMAT_PEM)) {
780 x509_config.CAkeyfile = x509_config.CAfile; 779 x509_config.CAkeyfile = x509_config.CAfile;
781 } else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) { 780 } else if ((x509_config.CA_flag) && (x509_config.CAkeyfile == NULL)) {
782 BIO_printf(bio_err, 781 BIO_printf(bio_err,
@@ -799,8 +798,8 @@ x509_main(int argc, char **argv)
799 goto end; 798 goto end;
800 } 799 }
801 if (!x509_config.extsect) { 800 if (!x509_config.extsect) {
802 x509_config.extsect = NCONF_get_string(extconf, "default", 801 x509_config.extsect = NCONF_get_string(extconf,
803 "extensions"); 802 "default", "extensions");
804 if (!x509_config.extsect) { 803 if (!x509_config.extsect) {
805 ERR_clear_error(); 804 ERR_clear_error();
806 x509_config.extsect = "default"; 805 x509_config.extsect = "default";
@@ -808,7 +807,8 @@ x509_main(int argc, char **argv)
808 } 807 }
809 X509V3_set_ctx_test(&ctx2); 808 X509V3_set_ctx_test(&ctx2);
810 X509V3_set_nconf(&ctx2, extconf); 809 X509V3_set_nconf(&ctx2, extconf);
811 if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect, NULL)) { 810 if (!X509V3_EXT_add_nconf(extconf, &ctx2, x509_config.extsect,
811 NULL)) {
812 BIO_printf(bio_err, 812 BIO_printf(bio_err,
813 "Error Loading extension section %s\n", 813 "Error Loading extension section %s\n",
814 x509_config.extsect); 814 x509_config.extsect);
@@ -821,7 +821,8 @@ x509_main(int argc, char **argv)
821 BIO *in; 821 BIO *in;
822 822
823 if (!x509_config.sign_flag && !x509_config.CA_flag) { 823 if (!x509_config.sign_flag && !x509_config.CA_flag) {
824 BIO_printf(bio_err, "We need a private key to sign with\n"); 824 BIO_printf(bio_err,
825 "We need a private key to sign with\n");
825 goto end; 826 goto end;
826 } 827 }
827 in = BIO_new(BIO_s_file()); 828 in = BIO_new(BIO_s_file());
@@ -849,8 +850,10 @@ x509_main(int argc, char **argv)
849 (req->req_info->pubkey == NULL) || 850 (req->req_info->pubkey == NULL) ||
850 (req->req_info->pubkey->public_key == NULL) || 851 (req->req_info->pubkey->public_key == NULL) ||
851 (req->req_info->pubkey->public_key->data == NULL)) { 852 (req->req_info->pubkey->public_key->data == NULL)) {
852 BIO_printf(bio_err, "The certificate request appears to corrupted\n"); 853 BIO_printf(bio_err,
853 BIO_printf(bio_err, "It does not contain a public key\n"); 854 "The certificate request appears to corrupted\n");
855 BIO_printf(bio_err,
856 "It does not contain a public key\n");
854 goto end; 857 goto end;
855 } 858 }
856 if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { 859 if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
@@ -865,19 +868,22 @@ x509_main(int argc, char **argv)
865 goto end; 868 goto end;
866 } 869 }
867 if (i == 0) { 870 if (i == 0) {
868 BIO_printf(bio_err, "Signature did not match the certificate request\n"); 871 BIO_printf(bio_err,
872 "Signature did not match the certificate request\n");
869 goto end; 873 goto end;
870 } else 874 } else
871 BIO_printf(bio_err, "Signature ok\n"); 875 BIO_printf(bio_err, "Signature ok\n");
872 876
873 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), x509_config.nmflag); 877 print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
878 x509_config.nmflag);
874 879
875 if ((x = X509_new()) == NULL) 880 if ((x = X509_new()) == NULL)
876 goto end; 881 goto end;
877 882
878 if (x509_config.sno == NULL) { 883 if (x509_config.sno == NULL) {
879 x509_config.sno = ASN1_INTEGER_new(); 884 x509_config.sno = ASN1_INTEGER_new();
880 if (!x509_config.sno || !rand_serial(NULL, x509_config.sno)) 885 if (!x509_config.sno ||
886 !rand_serial(NULL, x509_config.sno))
881 goto end; 887 goto end;
882 if (!X509_set_serialNumber(x, x509_config.sno)) 888 if (!X509_set_serialNumber(x, x509_config.sno))
883 goto end; 889 goto end;
@@ -892,24 +898,26 @@ x509_main(int argc, char **argv)
892 goto end; 898 goto end;
893 899
894 X509_gmtime_adj(X509_get_notBefore(x), 0); 900 X509_gmtime_adj(X509_get_notBefore(x), 0);
895 X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0, NULL); 901 X509_time_adj_ex(X509_get_notAfter(x), x509_config.days, 0,
902 NULL);
896 903
897 pkey = X509_REQ_get_pubkey(req); 904 pkey = X509_REQ_get_pubkey(req);
898 X509_set_pubkey(x, pkey); 905 X509_set_pubkey(x, pkey);
899 EVP_PKEY_free(pkey); 906 EVP_PKEY_free(pkey);
900 } else 907 } else
901 x = load_cert(bio_err, x509_config.infile, x509_config.informat, NULL, "Certificate"); 908 x = load_cert(bio_err, x509_config.infile, x509_config.informat,
909 NULL, "Certificate");
902 910
903 if (x == NULL) 911 if (x == NULL)
904 goto end; 912 goto end;
905 if (x509_config.CA_flag) { 913 if (x509_config.CA_flag) {
906 xca = load_cert(bio_err, x509_config.CAfile, x509_config.CAformat, NULL, "CA Certificate"); 914 xca = load_cert(bio_err, x509_config.CAfile,
915 x509_config.CAformat, NULL, "CA Certificate");
907 if (xca == NULL) 916 if (xca == NULL)
908 goto end; 917 goto end;
909 } 918 }
910 if (!x509_config.noout || x509_config.text || x509_config.next_serial) { 919 if (!x509_config.noout || x509_config.text || x509_config.next_serial) {
911 OBJ_create("2.99999.3", 920 OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
912 "SET.ex3", "SET x509v3 extension 3");
913 921
914 out = BIO_new(BIO_s_file()); 922 out = BIO_new(BIO_s_file());
915 if (out == NULL) { 923 if (out == NULL) {
@@ -935,13 +943,15 @@ x509_main(int argc, char **argv)
935 943
936 if (x509_config.trust) { 944 if (x509_config.trust) {
937 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) { 945 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.trust); i++) {
938 x509_config.objtmp = sk_ASN1_OBJECT_value(x509_config.trust, i); 946 x509_config.objtmp = sk_ASN1_OBJECT_value(
947 x509_config.trust, i);
939 X509_add1_trust_object(x, x509_config.objtmp); 948 X509_add1_trust_object(x, x509_config.objtmp);
940 } 949 }
941 } 950 }
942 if (x509_config.reject) { 951 if (x509_config.reject) {
943 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) { 952 for (i = 0; i < sk_ASN1_OBJECT_num(x509_config.reject); i++) {
944 x509_config.objtmp = sk_ASN1_OBJECT_value(x509_config.reject, i); 953 x509_config.objtmp = sk_ASN1_OBJECT_value(
954 x509_config.reject, i);
945 X509_add1_reject_object(x, x509_config.objtmp); 955 X509_add1_reject_object(x, x509_config.objtmp);
946 } 956 }
947 } 957 }
@@ -949,10 +959,12 @@ x509_main(int argc, char **argv)
949 for (i = 1; i <= x509_config.num; i++) { 959 for (i = 1; i <= x509_config.num; i++) {
950 if (x509_config.issuer == i) { 960 if (x509_config.issuer == i) {
951 print_name(STDout, "issuer= ", 961 print_name(STDout, "issuer= ",
952 X509_get_issuer_name(x), x509_config.nmflag); 962 X509_get_issuer_name(x),
963 x509_config.nmflag);
953 } else if (x509_config.subject == i) { 964 } else if (x509_config.subject == i) {
954 print_name(STDout, "subject= ", 965 print_name(STDout, "subject= ",
955 X509_get_subject_name(x), x509_config.nmflag); 966 X509_get_subject_name(x),
967 x509_config.nmflag);
956 } else if (x509_config.serial == i) { 968 } else if (x509_config.serial == i) {
957 BIO_printf(STDout, "serial="); 969 BIO_printf(STDout, "serial=");
958 i2a_ASN1_INTEGER(STDout, 970 i2a_ASN1_INTEGER(STDout,
@@ -974,7 +986,8 @@ x509_main(int argc, char **argv)
974 i2a_ASN1_INTEGER(out, ser); 986 i2a_ASN1_INTEGER(out, ser);
975 ASN1_INTEGER_free(ser); 987 ASN1_INTEGER_free(ser);
976 BIO_puts(out, "\n"); 988 BIO_puts(out, "\n");
977 } else if ((x509_config.email == i) || (x509_config.ocsp_uri == i)) { 989 } else if ((x509_config.email == i) ||
990 (x509_config.ocsp_uri == i)) {
978 int j; 991 int j;
979 STACK_OF(OPENSSL_STRING) *emlst; 992 STACK_OF(OPENSSL_STRING) *emlst;
980 if (x509_config.email == i) 993 if (x509_config.email == i)
@@ -993,19 +1006,23 @@ x509_main(int argc, char **argv)
993 else 1006 else
994 BIO_puts(STDout, "<No Alias>\n"); 1007 BIO_puts(STDout, "<No Alias>\n");
995 } else if (x509_config.subject_hash == i) { 1008 } else if (x509_config.subject_hash == i) {
996 BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x)); 1009 BIO_printf(STDout, "%08lx\n",
1010 X509_subject_name_hash(x));
997 } 1011 }
998#ifndef OPENSSL_NO_MD5 1012#ifndef OPENSSL_NO_MD5
999 else if (x509_config.subject_hash_old == i) { 1013 else if (x509_config.subject_hash_old == i) {
1000 BIO_printf(STDout, "%08lx\n", X509_subject_name_hash_old(x)); 1014 BIO_printf(STDout, "%08lx\n",
1015 X509_subject_name_hash_old(x));
1001 } 1016 }
1002#endif 1017#endif
1003 else if (x509_config.issuer_hash == i) { 1018 else if (x509_config.issuer_hash == i) {
1004 BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x)); 1019 BIO_printf(STDout, "%08lx\n",
1020 X509_issuer_name_hash(x));
1005 } 1021 }
1006#ifndef OPENSSL_NO_MD5 1022#ifndef OPENSSL_NO_MD5
1007 else if (x509_config.issuer_hash_old == i) { 1023 else if (x509_config.issuer_hash_old == i) {
1008 BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash_old(x)); 1024 BIO_printf(STDout, "%08lx\n",
1025 X509_issuer_name_hash_old(x));
1009 } 1026 }
1010#endif 1027#endif
1011 else if (x509_config.pprint == i) { 1028 else if (x509_config.pprint == i) {
@@ -1021,18 +1038,20 @@ x509_main(int argc, char **argv)
1021 1038
1022 pkey = X509_get_pubkey(x); 1039 pkey = X509_get_pubkey(x);
1023 if (pkey == NULL) { 1040 if (pkey == NULL) {
1024 BIO_printf(bio_err, "Modulus=unavailable\n"); 1041 BIO_printf(bio_err,
1042 "Modulus=unavailable\n");
1025 ERR_print_errors(bio_err); 1043 ERR_print_errors(bio_err);
1026 goto end; 1044 goto end;
1027 } 1045 }
1028 BIO_printf(STDout, "Modulus="); 1046 BIO_printf(STDout, "Modulus=");
1029 if (pkey->type == EVP_PKEY_RSA) 1047 if (pkey->type == EVP_PKEY_RSA)
1030 BN_print(STDout, pkey->pkey.rsa->n); 1048 BN_print(STDout, pkey->pkey.rsa->n);
1049 else if (pkey->type == EVP_PKEY_DSA)
1050 BN_print(STDout,
1051 pkey->pkey.dsa->pub_key);
1031 else 1052 else
1032 if (pkey->type == EVP_PKEY_DSA) 1053 BIO_printf(STDout,
1033 BN_print(STDout, pkey->pkey.dsa->pub_key); 1054 "Wrong Algorithm type");
1034 else
1035 BIO_printf(STDout, "Wrong Algorithm type");
1036 BIO_printf(STDout, "\n"); 1055 BIO_printf(STDout, "\n");
1037 EVP_PKEY_free(pkey); 1056 EVP_PKEY_free(pkey);
1038 } else if (x509_config.pubkey == i) { 1057 } else if (x509_config.pubkey == i) {
@@ -1040,7 +1059,8 @@ x509_main(int argc, char **argv)
1040 1059
1041 pkey = X509_get_pubkey(x); 1060 pkey = X509_get_pubkey(x);
1042 if (pkey == NULL) { 1061 if (pkey == NULL) {
1043 BIO_printf(bio_err, "Error getting public key\n"); 1062 BIO_printf(bio_err,
1063 "Error getting public key\n");
1044 ERR_print_errors(bio_err); 1064 ERR_print_errors(bio_err);
1045 goto end; 1065 goto end;
1046 } 1066 }
@@ -1054,9 +1074,8 @@ x509_main(int argc, char **argv)
1054 X509_NAME_oneline(X509_get_subject_name(x), 1074 X509_NAME_oneline(X509_get_subject_name(x),
1055 buf, sizeof buf); 1075 buf, sizeof buf);
1056 BIO_printf(STDout, "/* subject:%s */\n", buf); 1076 BIO_printf(STDout, "/* subject:%s */\n", buf);
1057 m = X509_NAME_oneline( 1077 m = X509_NAME_oneline(X509_get_issuer_name(x),
1058 X509_get_issuer_name(x), buf, 1078 buf, sizeof buf);
1059 sizeof buf);
1060 BIO_printf(STDout, "/* issuer :%s */\n", buf); 1079 BIO_printf(STDout, "/* issuer :%s */\n", buf);
1061 1080
1062 z = i2d_X509(x, NULL); 1081 z = i2d_X509(x, NULL);
@@ -1068,7 +1087,8 @@ x509_main(int argc, char **argv)
1068 1087
1069 d = (unsigned char *) m; 1088 d = (unsigned char *) m;
1070 z = i2d_X509_NAME(X509_get_subject_name(x), &d); 1089 z = i2d_X509_NAME(X509_get_subject_name(x), &d);
1071 BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n", z); 1090 BIO_printf(STDout,
1091 "unsigned char XXX_subject_name[%d]={\n", z);
1072 d = (unsigned char *) m; 1092 d = (unsigned char *) m;
1073 for (y = 0; y < z; y++) { 1093 for (y = 0; y < z; y++) {
1074 BIO_printf(STDout, "0x%02X,", d[y]); 1094 BIO_printf(STDout, "0x%02X,", d[y]);
@@ -1080,7 +1100,8 @@ x509_main(int argc, char **argv)
1080 BIO_printf(STDout, "};\n"); 1100 BIO_printf(STDout, "};\n");
1081 1101
1082 z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d); 1102 z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
1083 BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z); 1103 BIO_printf(STDout,
1104 "unsigned char XXX_public_key[%d]={\n", z);
1084 d = (unsigned char *) m; 1105 d = (unsigned char *) m;
1085 for (y = 0; y < z; y++) { 1106 for (y = 0; y < z; y++) {
1086 BIO_printf(STDout, "0x%02X,", d[y]); 1107 BIO_printf(STDout, "0x%02X,", d[y]);
@@ -1092,7 +1113,8 @@ x509_main(int argc, char **argv)
1092 BIO_printf(STDout, "};\n"); 1113 BIO_printf(STDout, "};\n");
1093 1114
1094 z = i2d_X509(x, &d); 1115 z = i2d_X509(x, &d);
1095 BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n", z); 1116 BIO_printf(STDout,
1117 "unsigned char XXX_certificate[%d]={\n", z);
1096 d = (unsigned char *) m; 1118 d = (unsigned char *) m;
1097 for (y = 0; y < z; y++) { 1119 for (y = 0; y < z; y++) {
1098 BIO_printf(STDout, "0x%02X,", d[y]); 1120 BIO_printf(STDout, "0x%02X,", d[y]);
@@ -1105,20 +1127,25 @@ x509_main(int argc, char **argv)
1105 1127
1106 free(m); 1128 free(m);
1107 } else if (x509_config.text == i) { 1129 } else if (x509_config.text == i) {
1108 X509_print_ex(STDout, x, x509_config.nmflag, x509_config.certflag); 1130 X509_print_ex(STDout, x, x509_config.nmflag,
1131 x509_config.certflag);
1109 } else if (x509_config.startdate == i) { 1132 } else if (x509_config.startdate == i) {
1110 ASN1_TIME *nB = X509_get_notBefore(x); 1133 ASN1_TIME *nB = X509_get_notBefore(x);
1111 BIO_puts(STDout, "notBefore="); 1134 BIO_puts(STDout, "notBefore=");
1112 if (ASN1_time_parse(nB->data, nB->length, NULL, 0) == -1) 1135 if (ASN1_time_parse(nB->data, nB->length, NULL,
1113 BIO_puts(STDout, "INVALID RFC5280 TIME"); 1136 0) == -1)
1137 BIO_puts(STDout,
1138 "INVALID RFC5280 TIME");
1114 else 1139 else
1115 ASN1_TIME_print(STDout, nB); 1140 ASN1_TIME_print(STDout, nB);
1116 BIO_puts(STDout, "\n"); 1141 BIO_puts(STDout, "\n");
1117 } else if (x509_config.enddate == i) { 1142 } else if (x509_config.enddate == i) {
1118 ASN1_TIME *nA = X509_get_notAfter(x); 1143 ASN1_TIME *nA = X509_get_notAfter(x);
1119 BIO_puts(STDout, "notAfter="); 1144 BIO_puts(STDout, "notAfter=");
1120 if (ASN1_time_parse(nA->data, nA->length, NULL, 0) == -1) 1145 if (ASN1_time_parse(nA->data, nA->length, NULL,
1121 BIO_puts(STDout, "INVALID RFC5280 TIME"); 1146 0) == -1)
1147 BIO_puts(STDout,
1148 "INVALID RFC5280 TIME");
1122 else 1149 else
1123 ASN1_TIME_print(STDout, nA); 1150 ASN1_TIME_print(STDout, nA);
1124 BIO_puts(STDout, "\n"); 1151 BIO_puts(STDout, "\n");
@@ -1141,50 +1168,61 @@ x509_main(int argc, char **argv)
1141 BIO_printf(STDout, "%02X%c", md[j], 1168 BIO_printf(STDout, "%02X%c", md[j],
1142 (j + 1 == (int)n) ? '\n' : ':'); 1169 (j + 1 == (int)n) ? '\n' : ':');
1143 } 1170 }
1144 } 1171
1145 /* should be in the library */ 1172 /* should be in the library */
1146 else if ((x509_config.sign_flag == i) && (x509_config.x509req == 0)) { 1173 } else if ((x509_config.sign_flag == i) &&
1174 (x509_config.x509req == 0)) {
1147 BIO_printf(bio_err, "Getting Private key\n"); 1175 BIO_printf(bio_err, "Getting Private key\n");
1148 if (Upkey == NULL) { 1176 if (Upkey == NULL) {
1149 Upkey = load_key(bio_err, 1177 Upkey = load_key(bio_err,
1150 x509_config.keyfile, x509_config.keyformat, 0, 1178 x509_config.keyfile,
1151 passin, "Private key"); 1179 x509_config.keyformat, 0, passin,
1180 "Private key");
1152 if (Upkey == NULL) 1181 if (Upkey == NULL)
1153 goto end; 1182 goto end;
1154 } 1183 }
1155 if (!sign(x, Upkey, x509_config.days, x509_config.clrext, x509_config.digest, 1184 if (!sign(x, Upkey, x509_config.days,
1185 x509_config.clrext, x509_config.digest,
1156 extconf, x509_config.extsect)) 1186 extconf, x509_config.extsect))
1157 goto end; 1187 goto end;
1158 } else if (x509_config.CA_flag == i) { 1188 } else if (x509_config.CA_flag == i) {
1159 BIO_printf(bio_err, "Getting CA Private Key\n"); 1189 BIO_printf(bio_err, "Getting CA Private Key\n");
1160 if (x509_config.CAkeyfile != NULL) { 1190 if (x509_config.CAkeyfile != NULL) {
1161 CApkey = load_key(bio_err, 1191 CApkey = load_key(bio_err,
1162 x509_config.CAkeyfile, x509_config.CAkeyformat, 1192 x509_config.CAkeyfile,
1163 0, passin, "CA Private Key"); 1193 x509_config.CAkeyformat, 0, passin,
1194 "CA Private Key");
1164 if (CApkey == NULL) 1195 if (CApkey == NULL)
1165 goto end; 1196 goto end;
1166 } 1197 }
1167 if (!x509_certify(ctx, x509_config.CAfile, x509_config.digest, x, xca, 1198 if (!x509_certify(ctx, x509_config.CAfile,
1168 CApkey, x509_config.sigopts, 1199 x509_config.digest, x, xca, CApkey,
1169 x509_config.CAserial, x509_config.CA_createserial, x509_config.days, x509_config.clrext, 1200 x509_config.sigopts, x509_config.CAserial,
1170 extconf, x509_config.extsect, x509_config.sno)) 1201 x509_config.CA_createserial,
1202 x509_config.days, x509_config.clrext,
1203 extconf, x509_config.extsect,
1204 x509_config.sno))
1171 goto end; 1205 goto end;
1172 } else if (x509_config.x509req == i) { 1206 } else if (x509_config.x509req == i) {
1173 EVP_PKEY *pk; 1207 EVP_PKEY *pk;
1174 1208
1175 BIO_printf(bio_err, "Getting request Private Key\n"); 1209 BIO_printf(bio_err,
1210 "Getting request Private Key\n");
1176 if (x509_config.keyfile == NULL) { 1211 if (x509_config.keyfile == NULL) {
1177 BIO_printf(bio_err, "no request key file specified\n"); 1212 BIO_printf(bio_err,
1213 "no request key file specified\n");
1178 goto end; 1214 goto end;
1179 } else { 1215 } else {
1180 pk = load_key(bio_err, 1216 pk = load_key(bio_err,
1181 x509_config.keyfile, x509_config.keyformat, 0, 1217 x509_config.keyfile,
1182 passin, "request key"); 1218 x509_config.keyformat, 0, passin,
1219 "request key");
1183 if (pk == NULL) 1220 if (pk == NULL)
1184 goto end; 1221 goto end;
1185 } 1222 }
1186 1223
1187 BIO_printf(bio_err, "Generating certificate request\n"); 1224 BIO_printf(bio_err,
1225 "Generating certificate request\n");
1188 1226
1189 rq = X509_to_X509_REQ(x, pk, x509_config.digest); 1227 rq = X509_to_X509_REQ(x, pk, x509_config.digest);
1190 EVP_PKEY_free(pk); 1228 EVP_PKEY_free(pk);
@@ -1239,7 +1277,8 @@ x509_main(int argc, char **argv)
1239 1277
1240 i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx); 1278 i = ASN1_item_i2d_bio(&NETSCAPE_X509_it, out, &nx);
1241 } else { 1279 } else {
1242 BIO_printf(bio_err, "bad output format specified for outfile\n"); 1280 BIO_printf(bio_err,
1281 "bad output format specified for outfile\n");
1243 goto end; 1282 goto end;
1244 } 1283 }
1245 if (!i) { 1284 if (!i) {
@@ -1350,7 +1389,8 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x,
1350 goto end; 1389 goto end;
1351 1390
1352 if (!X509_check_private_key(xca, pkey)) { 1391 if (!X509_check_private_key(xca, pkey)) {
1353 BIO_printf(bio_err, "CA certificate and CA private key do not match\n"); 1392 BIO_printf(bio_err,
1393 "CA certificate and CA private key do not match\n");
1354 goto end; 1394 goto end;
1355 } 1395 }
1356 if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) 1396 if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
@@ -1410,12 +1450,14 @@ callb(int ok, X509_STORE_CTX *ctx)
1410 * DEPTH_ZERO_SELF_.... 1450 * DEPTH_ZERO_SELF_....
1411 */ 1451 */
1412 if (ok) { 1452 if (ok) {
1413 BIO_printf(bio_err, "error with certificate to be certified - should be self signed\n"); 1453 BIO_printf(bio_err,
1454 "error with certificate to be certified - should be self signed\n");
1414 return 0; 1455 return 0;
1415 } else { 1456 } else {
1416 err_cert = X509_STORE_CTX_get_current_cert(ctx); 1457 err_cert = X509_STORE_CTX_get_current_cert(ctx);
1417 print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0); 1458 print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
1418 BIO_printf(bio_err, "error with certificate - error %d at depth %d\n%s\n", 1459 BIO_printf(bio_err,
1460 "error with certificate - error %d at depth %d\n%s\n",
1419 err, X509_STORE_CTX_get_error_depth(ctx), 1461 err, X509_STORE_CTX_get_error_depth(ctx),
1420 X509_verify_cert_error_string(err)); 1462 X509_verify_cert_error_string(err));
1421 return 1; 1463 return 1;
@@ -1464,6 +1506,7 @@ sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
1464 } 1506 }
1465 if (!X509_sign(x, pkey, digest)) 1507 if (!X509_sign(x, pkey, digest))
1466 goto err; 1508 goto err;
1509
1467 return 1; 1510 return 1;
1468 1511
1469 err: 1512 err:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-02 06:02:25 +0000