zxid
21 results

 view release on metacpan or  search on metacpan

keygen.c  view on Meta::CPAN 

    
    LOG_PRINT("keygen setting x509 attributes");
    if (!(tmp_pkey =X509_REQ_get_pubkey(req))) GOTO_ERR("X509_REQ_get_pubkey");
    X509_set_pubkey(x509ss,tmp_pkey);
    EVP_PKEY_free(tmp_pkey);
    tmp_pkey = NULL;
    
    /* Set up V3 context struct and add certificate extensions. Note
     * that we need to add (full) suite of CA extensions, otherwise
     * our cert is not valid for signing itself.
     */
    
    if (add_some_X509v3_extensions(x509ss,
				   "CA:TRUE,pathlen:3", /*basic_constraints*/
				   "client,server,email,objsign,sslCA,emailCA,objCA", /*cert_type*/
				   "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign", /*key_usage*/
				   comment)==-1) goto err;
    
    LOG_PRINT("keygen signing x509");
#if 0
    if (!(X509_sign(x509ss, pkey, EVP_md5()))) GOTO_ERR("X509_sign");
#else
    if (!(X509_sign(x509ss, pkey, EVP_sha256()))) GOTO_ERR("X509_sign");
#endif
    LOG_PRINT("keygen x509 ready");
    *x509ss_out = x509ss;
  }
#endif
  
  ret = 0;
  
err:
  /*if (tmp_pkey)            EVP_PKEY_free(tmp_pkey); never happens */
  if (pkey   && !pkey_out)   EVP_PKEY_free(pkey);
  if (req    && !req_out)    X509_REQ_free(req);
  if (x509ss && !x509ss_out) X509_free(x509ss);
  X509V3_EXT_cleanup();
  OBJ_cleanup();
  LOG_PRINT("keygen done.");
  return ret;
}

/* Called by:  main */
int smime_keygen(const char* dn, const char* attr, const char* passwd, const char* comment, char** priv_out, char** x509ss_out, char** request_out)
{
  X509*     x509ss=NULL;
  X509_REQ* req=NULL;
  EVP_PKEY* pkey=NULL;
  int ret = -1;

  if (priv_out) *priv_out = NULL;
  if (x509ss_out) *x509ss_out = NULL;
  if (request_out) *request_out = NULL;
  
  if (keygen(dn, attr, comment, &pkey, &x509ss, &req) == -1) goto err;
  
  /* Write private key to file. While its being
   * written, it will also get encrypted. */
  
  if (passwd && priv_out) {
    if (write_private_key(pkey, passwd, priv_out) == -1) goto err;
    EVP_PKEY_free(pkey);  /* free early so memory can be reused */
    pkey = NULL;
  }
  
  if (request_out) {
    if (write_request(req, request_out) == -1) goto err;
    X509_REQ_free(req);  /* free early so memory can be reused */
    req = NULL;
  }
  
  if (x509ss_out) {    
    if (write_certificate(x509ss, x509ss_out)==-1) goto err;
  }
  
  ret = 0;
  
err:
  if (pkey)   EVP_PKEY_free(pkey);
  if (req)    X509_REQ_free(req);
  if (x509ss) X509_free(x509ss);
  return ret;
}

/* EOF  -  keygen.c */



( run in 0.570 second using v1.01-cache-2.11-cpan-ceb78f64989 )