generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New -force_pubkey option to x509 utility to supply a different public

Browse Source 
key to the one in a request. This is useful for cases where the public
key cannot be used for signing e.g. DH.
(cherry picked from commit 43206a2d7c)
This commit is contained in:
Dr. Stephen Henson
2011-10-07 15:18:09 +00:00
parent b9eef98883
commit f8a69166ed
1 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
apps/x509.c
View File

@@ -174,7 +174,7 @@ int MAIN(int argc, char **argv)
X509 *x=NULL,*xca=NULL; X509 *x=NULL,*xca=NULL;
ASN1_OBJECT *objtmp; ASN1_OBJECT *objtmp;
STACK_OF(OPENSSL_STRING) *sigopts = NULL; STACK_OF(OPENSSL_STRING) *sigopts = NULL;
EVP_PKEY *Upkey=NULL,*CApkey=NULL; EVP_PKEY *Upkey=NULL,*CApkey=NULL, *fkey = NULL;
ASN1_INTEGER *sno = NULL; ASN1_INTEGER *sno = NULL;
int i,num,badops=0; int i,num,badops=0;
BIO *out=NULL; BIO *out=NULL;
@@ -183,6 +183,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,keyformat,CAformat,CAkeyformat; int informat,outformat,keyformat,CAformat,CAkeyformat;
char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
char *CAkeyfile=NULL,*CAserial=NULL; char *CAkeyfile=NULL,*CAserial=NULL;
char *fkeyfile=NULL;
char *alias=NULL; char *alias=NULL;
int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
int next_serial=0; int next_serial=0;
@@ -349,6 +350,11 @@ int MAIN(int argc, char **argv)
if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv)))) if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
goto bad; goto bad;
} }
else if (strcmp(*argv,"-force_pubkey") == 0)
{
if (--argc < 1) goto bad;
fkeyfile= *(++argv);
}
else if (strcmp(*argv,"-addtrust") == 0) else if (strcmp(*argv,"-addtrust") == 0)
{ {
if (--argc < 1) goto bad; if (--argc < 1) goto bad;
@@ -534,6 +540,13 @@ bad:
goto end; goto end;
} }
if (fkeyfile)
{
fkey = load_pubkey(bio_err, fkeyfile, keyformat, 0,
NULL, e, "Forced key");
if (fkey == NULL) goto end;
}
if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
{ CAkeyfile=CAfile; } { CAkeyfile=CAfile; }
else if ((CA_flag) && (CAkeyfile == NULL)) else if ((CA_flag) && (CAkeyfile == NULL))
@@ -670,10 +683,14 @@ bad:
X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notBefore(x),0);
X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL); X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
if (fkey)
pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(x, fkey);
X509_set_pubkey(x,pkey); else
EVP_PKEY_free(pkey); {
pkey = X509_REQ_get_pubkey(req);
X509_set_pubkey(x,pkey);
EVP_PKEY_free(pkey);
}
} }
else else
x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
@@ -1112,6 +1129,7 @@ end:
X509_free(xca); X509_free(xca);
EVP_PKEY_free(Upkey); EVP_PKEY_free(Upkey);
EVP_PKEY_free(CApkey); EVP_PKEY_free(CApkey);
EVP_PKEY_free(fkey);
if (sigopts) if (sigopts)
sk_OPENSSL_STRING_free(sigopts); sk_OPENSSL_STRING_free(sigopts);
X509_REQ_free(rq); X509_REQ_free(rq);