From bf4238d4e7b6ae146b782487f7f0cd00db7786e1 Mon Sep 17 00:00:00 2001 From: cameronrich Date: Tue, 4 Dec 2007 21:31:48 +0000 Subject: [PATCH] final touches to 1.1.8 git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@147 9a5d90b5-6617-0410-8a86-bb477d3ed2e3 --- samples/c/axssl.c | 2 +- samples/csharp/axssl.cs | 2 +- samples/java/axssl.java | 2 +- samples/lua/axssl.lua | 2 +- samples/perl/axssl.pl | 2 +- samples/vbnet/axssl.vb | 3 +- ssl/Config.in | 2 +- ssl/gen_cert.c | 110 ++++++++++++++++++---------------------- ssl/x509.c | 12 +---- 9 files changed, 60 insertions(+), 77 deletions(-) diff --git a/samples/c/axssl.c b/samples/c/axssl.c index 28ea71baf..6892ee452 100644 --- a/samples/c/axssl.c +++ b/samples/c/axssl.c @@ -668,7 +668,7 @@ static void do_client(int argc, char *argv[]) SSL_X509_CERT_COMMON_NAME); if (common_name) { - printf("Common Name:\t\t%s\n", common_name); + printf("Common Name:\t\t\t%s\n", common_name); } display_session_id(ssl); diff --git a/samples/csharp/axssl.cs b/samples/csharp/axssl.cs index 2224f89ea..dae2b8a41 100644 --- a/samples/csharp/axssl.cs +++ b/samples/csharp/axssl.cs @@ -571,7 +571,7 @@ public class axssl if (common_name != null) { - Console.WriteLine("Common Name:\t\t" + common_name); + Console.WriteLine("Common Name:\t\t\t" + common_name); } display_session_id(ssl); diff --git a/samples/java/axssl.java b/samples/java/axssl.java index cc6bb711a..2057f2966 100644 --- a/samples/java/axssl.java +++ b/samples/java/axssl.java @@ -562,7 +562,7 @@ public class axssl if (common_name != null) { - System.out.println("Common Name:\t\t" + common_name); + System.out.println("Common Name:\t\t\t" + common_name); } display_session_id(ssl); diff --git a/samples/lua/axssl.lua b/samples/lua/axssl.lua index 3f37551f2..6ea26b69d 100755 --- a/samples/lua/axssl.lua +++ b/samples/lua/axssl.lua @@ -482,7 +482,7 @@ function do_client(build_mode) axtlsl.SSL_X509_CERT_COMMON_NAME) if common_name ~= nil then - print("Common Name:\t\t"..common_name) + print("Common Name:\t\t\t"..common_name) end display_session_id(ssl) diff --git a/samples/perl/axssl.pl b/samples/perl/axssl.pl index a8b4e26d9..e49d52270 100755 --- a/samples/perl/axssl.pl +++ b/samples/perl/axssl.pl @@ -470,7 +470,7 @@ sub do_client my $common_name = axtlsp::ssl_get_cert_dn($ssl, $axtlsp::SSL_X509_CERT_COMMON_NAME); - printf("Common Name:\t\t%s\n", $common_name) if defined $common_name; + printf("Common Name:\t\t\t%s\n", $common_name) if defined $common_name; display_session_id($ssl); display_cipher($ssl); } diff --git a/samples/vbnet/axssl.vb b/samples/vbnet/axssl.vb index a33cc9466..1b423c865 100644 --- a/samples/vbnet/axssl.vb +++ b/samples/vbnet/axssl.vb @@ -485,7 +485,8 @@ Public Class axssl If common_name <> Nothing Console.WriteLine("Common Name:" & _ - ControlChars.Tab & ControlChars.Tab & common_name) + ControlChars.Tab & ControlChars.Tab & _ + ControlChars.Tab & common_name) End If display_session_id(ssl) diff --git a/ssl/Config.in b/ssl/Config.in index 825d97d94..d047d420e 100644 --- a/ssl/Config.in +++ b/ssl/Config.in @@ -180,7 +180,7 @@ config CONFIG_SSL_X509_ORGANIZATION_NAME help The organization name for the generated X.509 certificate. - If this is blank, then $USERDOMAIN will be used. + This field is optional. config CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME string "X.509 Organization Unit Name" diff --git a/ssl/gen_cert.c b/ssl/gen_cert.c index 856dc3ac0..a6dac7a4c 100644 --- a/ssl/gen_cert.c +++ b/ssl/gen_cert.c @@ -39,36 +39,6 @@ * Generate a basic X.509 certificate */ -/* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */ -static const uint8_t sig_oid[] = -{ - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05 -}; - -/* OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */ -static const uint8_t rsa_enc_oid[] = -{ - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 -}; - -/* INTEGER 65537 */ -static const uint8_t pub_key_seq[] = -{ - 0x02, 0x03, 0x01, 0x00, 0x01 -}; - -/* 0x00 + SEQUENCE { - SEQUENCE { - OBJECT IDENTIFIER sha1 (1 3 14 3 2 26) - NULL - } - OCTET STRING */ -static const uint8_t asn1_sig[] = -{ - 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, - 0x1a, 0x05, 0x00, 0x04, 0x14 -}; - static uint8_t set_gen_length(int len, uint8_t *buf, int *offset) { if (len < 0x80) /* short form */ @@ -129,21 +99,23 @@ static void adjust_with_size(int seq_size, int seq_start, static void gen_serial_number(uint8_t *buf, int *offset) { - buf[(*offset)++] = ASN1_INTEGER; - buf[(*offset)++] = 1; - buf[(*offset)++] = 0x7F; + static const uint8_t ser_oid[] = { ASN1_INTEGER, 1, 0x7F }; + memcpy(&buf[*offset], ser_oid , sizeof(ser_oid)); + *offset += sizeof(ser_oid); } static void gen_signature_alg(uint8_t *buf, int *offset) { - buf[(*offset)++] = ASN1_SEQUENCE; - set_gen_length(13, buf, offset); - buf[(*offset)++] = ASN1_OID; - set_gen_length(sizeof(sig_oid), buf, offset); + /* OBJECT IDENTIFIER sha1withRSAEncryption (1 2 840 113549 1 1 5) */ + static const uint8_t sig_oid[] = + { + ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + ASN1_NULL, 0x00 + }; + memcpy(&buf[*offset], sig_oid, sizeof(sig_oid)); *offset += sizeof(sig_oid); - buf[(*offset)++] = ASN1_NULL; - buf[(*offset)++] = 0; } static int gen_dn(const char *name, uint8_t dn_type, @@ -193,18 +165,22 @@ static int gen_issuer(const char * dn[], uint8_t *buf, int *offset) fqdn_len = strlen(fqdn); fqdn[fqdn_len++] = '.'; getdomainname(&fqdn[fqdn_len], sizeof(fqdn)-fqdn_len); + fqdn_len = strlen(fqdn); + + if (fqdn[fqdn_len-1] == '.') /* ensure '.' is not last char */ + fqdn[fqdn_len-1] = 0; + dn[X509_COMMON_NAME] = fqdn; } if ((ret = gen_dn(dn[X509_COMMON_NAME], 3, buf, offset))) goto error; - if (dn[X509_ORGANIZATION] == NULL || strlen(dn[X509_ORGANIZATION]) == 0) - dn[X509_ORGANIZATION] = getenv("USERDOMAIN"); - - if (dn[X509_ORGANIZATION] != NULL && - ((ret = gen_dn(dn[X509_ORGANIZATION], 10, buf, offset)))) - goto error; + if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0) + { + if ((ret = gen_dn(dn[X509_ORGANIZATIONAL_UNIT], 10, buf, offset))) + goto error; + } if (dn[X509_ORGANIZATIONAL_UNIT] != NULL && strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0) @@ -219,17 +195,17 @@ error: return ret; } -static const uint8_t time_seq[] = -{ - ASN1_SEQUENCE, 30, - ASN1_UTC_TIME, 13, - '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', - ASN1_UTC_TIME, 13, /* make it good for 30 or so years */ - '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z' -}; - static void gen_utc_time(uint8_t *buf, int *offset) { + static const uint8_t time_seq[] = + { + ASN1_SEQUENCE, 30, + ASN1_UTC_TIME, 13, + '0', '7', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z', + ASN1_UTC_TIME, 13, /* make it good for 30 or so years */ + '3', '8', '0', '1', '0', '1', '0', '0', '0', '0', '0', '0', 'Z' + }; + /* fixed time */ memcpy(&buf[*offset], time_seq, sizeof(time_seq)); *offset += sizeof(time_seq); @@ -237,6 +213,11 @@ static void gen_utc_time(uint8_t *buf, int *offset) static void gen_pub_key2(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset) { + static const uint8_t pub_key_seq[] = + { + ASN1_INTEGER, 0x03, 0x01, 0x00, 0x01 /* INTEGER 65537 */ + }; + int seq_offset; int pub_key_size = rsa_ctx->num_octets; uint8_t *block = (uint8_t *)alloca(pub_key_size); @@ -272,18 +253,20 @@ static void gen_pub_key1(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset) static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset) { + /* OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) */ + static const uint8_t rsa_enc_oid[] = + { + ASN1_SEQUENCE, 0x0d, ASN1_OID, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + ASN1_NULL, 0x00 + }; + int seq_offset; int seq_size = pre_adjust_with_size( ASN1_SEQUENCE, &seq_offset, buf, offset); - buf[(*offset)++] = ASN1_SEQUENCE; - set_gen_length(13, buf, offset); - buf[(*offset)++] = ASN1_OID; - set_gen_length(sizeof(rsa_enc_oid), buf, offset); memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid)); *offset += sizeof(rsa_enc_oid); - buf[(*offset)++] = ASN1_NULL; - buf[(*offset)++] = 0; gen_pub_key1(rsa_ctx, buf, offset); adjust_with_size(seq_size, seq_offset, buf, offset); } @@ -291,6 +274,13 @@ static void gen_pub_key(const RSA_CTX *rsa_ctx, uint8_t *buf, int *offset) static void gen_signature(const RSA_CTX *rsa_ctx, const uint8_t *sha_dgst, uint8_t *buf, int *offset) { + static const uint8_t asn1_sig[] = + { + ASN1_SEQUENCE, 0x21, ASN1_SEQUENCE, 0x09, ASN1_OID, 0x05, + 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* sha1 (1 3 14 3 2 26) */ + ASN1_NULL, 0x00, ASN1_OCTET_STRING, 0x14 + }; + uint8_t *enc_block = (uint8_t *)alloca(rsa_ctx->num_octets); uint8_t *block = (uint8_t *)alloca(sizeof(asn1_sig) + SHA1_SIZE); int sig_size; diff --git a/ssl/x509.c b/ssl/x509.c index 9b41b944e..ef42e6815 100644 --- a/ssl/x509.c +++ b/ssl/x509.c @@ -455,6 +455,8 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) { x509_print(cert->next, ca_cert_ctx); } + + TTY_FLUSH(); } const char * x509_display_error(int error) @@ -463,43 +465,33 @@ const char * x509_display_error(int error) { case X509_NOT_OK: return "X509 not ok"; - break; case X509_VFY_ERROR_NO_TRUSTED_CERT: return "No trusted cert is available"; - break; case X509_VFY_ERROR_BAD_SIGNATURE: return "Bad signature"; - break; case X509_VFY_ERROR_NOT_YET_VALID: return "Cert is not yet valid"; - break; case X509_VFY_ERROR_EXPIRED: return "Cert has expired"; - break; case X509_VFY_ERROR_SELF_SIGNED: return "Cert is self-signed"; - break; case X509_VFY_ERROR_INVALID_CHAIN: return "Chain is invalid (check order of certs)"; - break; case X509_VFY_ERROR_UNSUPPORTED_DIGEST: return "Unsupported digest"; - break; case X509_INVALID_PRIV_KEY: return "Invalid private key"; - break; default: return "Unknown"; - break; } } #endif /* CONFIG_SSL_FULL_MODE */