Skip to content

Commit

Permalink
OpenSSL version 3 updates
Browse files Browse the repository at this point in the history
  • Loading branch information
@fm4dd
fm4dd committed Jan 3, 2024
1 parent ba6b061 commit 58376e2
Show file tree
Hide file tree
Showing 34 changed files with 4,426 additions and 296 deletions.
19 changes: 19 additions & 0 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: test

on:
push:
branches: [ master ]
pull_request:
branches: [ master ]

jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2
- name: Add libs
run: sudo apt-get install -y libssl-dev
- name: make all
run: make all
16 changes: 16 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
add_ev_oids
certcreate
certextensions
certfprint
certpubkey
certrenewal
certserial
certsignature
certstack
certverify
certverify-adv
crldisplay
pkcs12test
set_asn1_time
sslconnect

21 changes: 21 additions & 0 deletions LICENSE
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2021 Frank Migge

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
67 changes: 67 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
CC=gcc
CFLAGS= -O3 -Wall -g
LIBS= -lssl -lcrypto
AR=ar

ALLBIN=add_ev_oids certextensions certpubkey certserial certstack certverify \
sslconnect certcreate certfprint certrenewal certsignature certverify-adv crldisplay \
pkcs12test set_asn1_time eckeycreate keytest keycompare

all: ${ALLBIN}

clean:
rm -f ${ALLBIN}

add_ev_oids:
$(CC) $(CFLAGS) add_ev_oids.c -o add_ev_oids ${LIBS}

certextensions:
$(CC) $(CFLAGS) certextensions.c -o certextensions ${LIBS}

certpubkey:
$(CC) $(CFLAGS) certpubkey.c -o certpubkey ${LIBS}

certserial:
$(CC) $(CFLAGS) certserial.c -o certserial ${LIBS}

certstack:
$(CC) $(CFLAGS) certstack.c -o certstack ${LIBS}

certverify:
$(CC) $(CFLAGS) certverify.c -o certverify ${LIBS}

sslconnect:
$(CC) $(CFLAGS) sslconnect.c -o sslconnect ${LIBS}

certcreate:
$(CC) $(CFLAGS) certcreate.c -o certcreate ${LIBS}

certfprint:
$(CC) $(CFLAGS) certfprint.c -o certfprint ${LIBS}

certrenewal:
$(CC) $(CFLAGS) certrenewal.c -o certrenewal ${LIBS}

certsignature:
$(CC) $(CFLAGS) certsignature.c -o certsignature ${LIBS}

certverify-adv:
$(CC) $(CFLAGS) certverify-adv.c -o certverify-adv ${LIBS}

crldisplay:
$(CC) $(CFLAGS) crldisplay.c -o crldisplay ${LIBS}

pkcs12test:
$(CC) $(CFLAGS) pkcs12test.c -o pkcs12test ${LIBS}

set_asn1_time:
$(CC) $(CFLAGS) set_asn1_time.c -o set_asn1_time ${LIBS}

eckeycreate:
$(CC) $(CFLAGS) eckeycreate.c -o eckeycreate ${LIBS}

keytest:
$(CC) $(CFLAGS) keytest.c -o keytest ${LIBS}

keycompare:
$(CC) $(CFLAGS) keycompare.c -o keycompare ${LIBS}
24 changes: 13 additions & 11 deletions add_ev_oids.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
* author: 10/03/2012 Frank4DD *
* *
* compile: gcc -o add_ev_oids add_ev_oids.c -lssl -lcrypto *
* *
* Note this was code from a time when EV certs got invented. *
* EV support was added later on, the oid addition is no longer *
* needed. EV certs are dead by now, obsoleting this program. *
* ------------------------------------------------------------ */

#include <openssl/bio.h>
Expand All @@ -18,19 +22,16 @@ void add_missing_ev_oids();

int main() {

const char cert_filestr[] = "./cert-file.pem";
const char cert_filestr[] = "./demo/evcert-file.pem";
BIO *certbio = NULL;
BIO *outbio = NULL;
X509 *cert = NULL;
X509_NAME *certsubject = NULL;
int ret;

/* ---------------------------------------------------------- *
* These function calls initialize openssl for correct work. *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();

/* ---------------------------------------------------------- *
* Create the Input/Output BIO's. *
Expand All @@ -41,9 +42,11 @@ int main() {
/* ---------------------------------------------------------- *
* Load the certificate from file (PEM). *
* ---------------------------------------------------------- */
ret = BIO_read_filename(certbio, cert_filestr);
if (! (cert = PEM_read_bio_X509(certbio, NULL, 0, NULL)))
BIO_printf(outbio, "Error loading cert into memory\n");
BIO_read_filename(certbio, cert_filestr);
if (! (cert = PEM_read_bio_X509(certbio, NULL, 0, NULL))) {
BIO_printf(outbio, "Error loading cert into memory: %s\n", cert_filestr);
exit(1);
}

/* ---------------------------------------------------------- *
* Print the certificate subject here *
Expand Down Expand Up @@ -75,23 +78,22 @@ int main() {
* OpenSSL seems to lack a few OID's used for EV certificates *
* ---------------------------------------------------------- */
void add_missing_ev_oids() {
int nid;
/* --------------------------------------------------------- *
* OBJ_create(): *
* First field is the OID, which will be converted to DER *
* encoding. Next are the long and short description of *
* this OID. The descriptions will not be included as the *
* extension identifier, but the DER encoding of the OID. *
* --------------------------------------------------------- */
nid = OBJ_create("1.3.6.1.4.1.311.60.2.1.1",
OBJ_create("1.3.6.1.4.1.311.60.2.1.1",
"ASN.1 - X520LocalityName as specified in RFC 3280",
"jurisdictionOfIncorporationLocalityName");

nid = OBJ_create("1.3.6.1.4.1.311.60.2.1.2",
OBJ_create("1.3.6.1.4.1.311.60.2.1.2",
"ASN.1 - X520StateOrProvinceName as specified in RFC 3280",
"jurisdictionOfIncorporationStateOrProvinceName");

nid = OBJ_create("1.3.6.1.4.1.311.60.2.1.3",
OBJ_create("1.3.6.1.4.1.311.60.2.1.3",
"ASN.1 - X520countryName as specified in RFC 3280",
"jurisdictionOfIncorporationCountryName");
}
54 changes: 25 additions & 29 deletions certcreate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,17 @@
* *
* compile: gcc -o certcreate certcreate.c -lssl -lcrypto *
* ------------------------------------------------------------ */

#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>

/*********** where is the ca certificate .pem file ****************************/
#define CACERT "./cacert.pem"
#define CACERT "./demo/cacert.pem"
/*********** where is the ca's private key file *******************************/
#define CAKEY "./cakey.pem"
#define CAKEY "./demo/cacert.key"
/*********** The password for the ca's private key ****************************/
#define PASS "webca-secret"
#define PASS "webca-password"

BIO *reqbio = NULL;
BIO *outbio = NULL;
Expand Down Expand Up @@ -48,8 +47,6 @@ int main() {
* These function calls initialize openssl for correct work. *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();

/* ---------------------------------------------------------- *
* Create the Input/Output BIO's. *
Expand All @@ -64,20 +61,20 @@ int main() {

if (! (certreq = PEM_read_bio_X509_REQ(reqbio, NULL, NULL, NULL))) {
BIO_printf(outbio, "Error can't read X509 request data into memory\n");
exit -1;
exit(1);
}

/* -------------------------------------------------------- *
* Load ithe signing CA Certificate file *
* ---------------------------------------------------------*/
if (! (fp=fopen(CACERT, "r"))) {
BIO_printf(outbio, "Error reading CA cert file\n");
exit -1;
BIO_printf(outbio, "Error reading CA cert file %s\n", CACERT);
exit(1);
}

if(! (cacert = PEM_read_X509(fp,NULL,NULL,NULL))) {
BIO_printf(outbio, "Error loading CA cert into memory\n");
exit -1;
exit(1);
}

fclose(fp);
Expand All @@ -88,13 +85,13 @@ int main() {
ca_privkey = EVP_PKEY_new();

if (! (fp = fopen (CAKEY, "r"))) {
BIO_printf(outbio, "Error reading CA private key file\n");
exit -1;
BIO_printf(outbio, "Error reading CA private key file: %s\n", CAKEY);
exit(1);
}

if (! (ca_privkey = PEM_read_PrivateKey( fp, NULL, NULL, PASS))) {
BIO_printf(outbio, "Error importing key content from file\n");
exit -1;
BIO_printf(outbio, "Error importing key content from file: %s\n", CAKEY);
exit(1);
}

fclose(fp);
Expand All @@ -104,23 +101,23 @@ int main() {
* ----------------------------------------------------------*/
if (! (newcert=X509_new())) {
BIO_printf(outbio, "Error creating new X509 object\n");
exit -1;
exit(1);
}

if (X509_set_version(newcert, 2) != 1) {
BIO_printf(outbio, "Error setting certificate version\n");
exit -1;
exit(1);
}

/* --------------------------------------------------------- *
* set the certificate serial number here *
* If there is a problem, the value defaults to '0' *
* ----------------------------------------------------------*/
aserial=M_ASN1_INTEGER_new();
aserial=ASN1_INTEGER_new();
ASN1_INTEGER_set(aserial, 0);
if (! X509_set_serialNumber(newcert, aserial)) {
BIO_printf(outbio, "Error setting serial number of the certificate\n");
exit -1;
exit(1);
}

/* --------------------------------------------------------- *
Expand All @@ -134,67 +131,66 @@ int main() {
* ----------------------------------------------------------*/
if (X509_set_subject_name(newcert, name) != 1) {
BIO_printf(outbio, "Error setting subject name of certificate\n");
exit -1;
exit(1);
}

/* --------------------------------------------------------- *
* Extract the subject name from the signing CA cert *
* ----------------------------------------------------------*/
if (! (name = X509_get_subject_name(cacert))) {
BIO_printf(outbio, "Error getting subject from CA certificate\n");
exit -1;
exit(1);
}

/* --------------------------------------------------------- *
* Set the new certificate issuer name *
* ----------------------------------------------------------*/
if (X509_set_issuer_name(newcert, name) != 1) {
BIO_printf(outbio, "Error setting issuer name of certificate\n");
exit -1;
exit(1);
}

/* --------------------------------------------------------- *
* Extract the public key data from the request *
* ----------------------------------------------------------*/
if (! (req_pubkey=X509_REQ_get_pubkey(certreq))) {
BIO_printf(outbio, "Error unpacking public key from request\n");
exit -1;
exit(1);
}

/* --------------------------------------------------------- *
* Optionally: Use the public key to verify the signature *
* ----------------------------------------------------------*/
if (X509_REQ_verify(certreq, req_pubkey) != 1) {
BIO_printf(outbio, "Error verifying signature on request\n");
exit -1;
exit(1);
}

/* --------------------------------------------------------- *
* Set the new certificate public key *
* ----------------------------------------------------------*/
if (X509_set_pubkey(newcert, req_pubkey) != 1) {
BIO_printf(outbio, "Error setting public key of certificate\n");
exit -1;
exit(1);
}

/* ---------------------------------------------------------- *
* Set X509V3 start date (now) and expiration date (+365 days)*
* -----------------------------------------------------------*/
if (! (X509_gmtime_adj(X509_get_notBefore(newcert),0))) {
BIO_printf(outbio, "Error setting start time\n");
exit -1;
exit(1);
}

if(! (X509_gmtime_adj(X509_get_notAfter(newcert), valid_secs))) {
BIO_printf(outbio, "Error setting expiration time\n");
exit -1;
exit(1);
}

/* ----------------------------------------------------------- *
* Add X509V3 extensions *
* ------------------------------------------------------------*/
X509V3_set_ctx(&ctx, cacert, newcert, NULL, NULL, 0);
X509_EXTENSION *ext;

/* ----------------------------------------------------------- *
* Set digest type, sign new certificate with CA's private key *
Expand All @@ -203,15 +199,15 @@ int main() {

if (! X509_sign(newcert, ca_privkey, digest)) {
BIO_printf(outbio, "Error signing the new certificate\n");
exit -1;
exit(1);
}

/* ------------------------------------------------------------ *
* print the certificate *
* -------------------------------------------------------------*/
if (! PEM_write_bio_X509(outbio, newcert)) {
BIO_printf(outbio, "Error printing the signed certificate\n");
exit -1;
exit(1);
}

/* ---------------------------------------------------------- *
Expand Down
Loading

0 comments on commit 58376e2

Please sign in to comment.