diff options
Diffstat (limited to 'src/Mayaqua/Encrypt.c')
| -rw-r--r-- | src/Mayaqua/Encrypt.c | 117 |
1 files changed, 116 insertions, 1 deletions
diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index a3e5795d..fe6f1449 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -1805,6 +1805,77 @@ X *NewRootX(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) return x2;
}
+// Create new X509 basic & extended key usage
+void AddKeyUsageX509(EXTENDED_KEY_USAGE *ex, int nid)
+{
+ ASN1_OBJECT *obj;
+ // Validate arguments
+ if (ex == NULL)
+ {
+ return;
+ }
+
+ obj = OBJ_nid2obj(nid);
+ if (obj != NULL)
+ {
+ sk_ASN1_OBJECT_push(ex, obj);
+ }
+}
+X509_EXTENSION *NewExtendedKeyUsageForX509()
+{
+ EXTENDED_KEY_USAGE *ex = sk_ASN1_OBJECT_new_null();
+ X509_EXTENSION *ret;
+
+ AddKeyUsageX509(ex, NID_server_auth);
+ AddKeyUsageX509(ex, NID_client_auth);
+ AddKeyUsageX509(ex, NID_code_sign);
+ AddKeyUsageX509(ex, NID_email_protect);
+ AddKeyUsageX509(ex, NID_ipsecEndSystem);
+ AddKeyUsageX509(ex, NID_ipsecTunnel);
+ AddKeyUsageX509(ex, NID_ipsecUser);
+ AddKeyUsageX509(ex, NID_time_stamp);
+ AddKeyUsageX509(ex, NID_OCSP_sign);
+
+ ret = X509V3_EXT_i2d(NID_ext_key_usage, 0, ex);
+
+ sk_ASN1_OBJECT_pop_free(ex, ASN1_OBJECT_free);
+
+ return ret;
+}
+void BitStringSetBit(ASN1_BIT_STRING *str, int bit)
+{
+ // Validate arguments
+ if (str == NULL)
+ {
+ return;
+ }
+
+ ASN1_BIT_STRING_set_bit(str, bit, 1);
+}
+X509_EXTENSION *NewBasicKeyUsageForX509()
+{
+ X509_EXTENSION *ret = NULL;
+ ASN1_BIT_STRING *str;
+
+ str = ASN1_BIT_STRING_new();
+ if (str != NULL)
+ {
+ BitStringSetBit(str, 0); // KU_DIGITAL_SIGNATURE
+ BitStringSetBit(str, 1); // KU_NON_REPUDIATION
+ BitStringSetBit(str, 2); // KU_KEY_ENCIPHERMENT
+ BitStringSetBit(str, 3); // KU_DATA_ENCIPHERMENT
+ //BitStringSetBit(str, 4); // KU_KEY_AGREEMENT
+ BitStringSetBit(str, 5); // KU_KEY_CERT_SIGN
+ BitStringSetBit(str, 6); // KU_CRL_SIGN
+
+ ret = X509V3_EXT_i2d(NID_key_usage, 0, str);
+
+ ASN1_BIT_STRING_free(str);
+ }
+
+ return ret;
+}
+
// Issue an X509 certificate
X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
{
@@ -1812,6 +1883,9 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) UINT64 notBefore, notAfter;
ASN1_TIME *t1, *t2;
X509_NAME *subject_name, *issuer_name;
+ X509_EXTENSION *ex = NULL;
+ X509_EXTENSION *eku = NULL;
+ X509_EXTENSION *busage = NULL;
// Validate arguments
if (pub == NULL || name == NULL || ca == NULL)
{
@@ -1892,6 +1966,29 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) s->length = serial->size;
}
+ /*
+ // Extensions
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
+ X509_add_ext(x509, ex, -1);
+ X509_EXTENSION_free(ex);
+*/
+
+ // Basic usage
+ busage = NewBasicKeyUsageForX509();
+ if (busage != NULL)
+ {
+ X509_add_ext(x509, busage, -1);
+ X509_EXTENSION_free(busage);
+ }
+
+ // EKU
+ eku = NewExtendedKeyUsageForX509();
+ if (eku != NULL)
+ {
+ X509_add_ext(x509, eku, -1);
+ X509_EXTENSION_free(eku);
+ }
+
Lock(openssl_lock);
{
// Set the public key
@@ -1914,6 +2011,8 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) ASN1_TIME *t1, *t2;
X509_NAME *subject_name, *issuer_name;
X509_EXTENSION *ex = NULL;
+ X509_EXTENSION *eku = NULL;
+ X509_EXTENSION *busage = NULL;
// Validate arguments
if (pub == NULL || name == NULL || priv == NULL)
{
@@ -2004,6 +2103,22 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) X509_add_ext(x509, ex, -1);
X509_EXTENSION_free(ex);
+ // Basic usage
+ busage = NewBasicKeyUsageForX509();
+ if (busage != NULL)
+ {
+ X509_add_ext(x509, busage, -1);
+ X509_EXTENSION_free(busage);
+ }
+
+ // EKU
+ eku = NewExtendedKeyUsageForX509();
+ if (eku != NULL)
+ {
+ X509_add_ext(x509, eku, -1);
+ X509_EXTENSION_free(eku);
+ }
+
Lock(openssl_lock);
{
// Set the public key
@@ -4105,7 +4220,7 @@ CRYPT *NewCrypt(void *key, UINT size) {
CRYPT *c = ZeroMalloc(sizeof(CRYPT));
- c->Rc4Key = ZeroMalloc(sizeof(struct rc4_key_st));
+ c->Rc4Key = Malloc(sizeof(struct rc4_key_st));
RC4_set_key(c->Rc4Key, size, (UCHAR *)key);
|