std::string base64_encodestring(const char* text, int len)
{
EVP_ENCODE_CTX ectx;
int size = len*2;
size = size > 64 ? size : 64;
unsigned char* out = (unsigned char*)malloc( size );
int outlen = 0;
int tlen = 0;
EVP_EncodeInit(&ectx);
EVP_EncodeUpdate(&ectx,
out,
&outlen,
(const unsigned char*)text,
len
);
tlen += outlen;
EVP_EncodeFinal( &ectx, out+tlen, &outlen );
tlen += outlen;
std::string str((char*)out, tlen );
free( out );
return str;
}
/***********************
Decode
************************/
int mite_string_2_base64(char *input,int input_len,char **base64)
{
EVP_ENCODE_CTX ectx;
EVP_EncodeInit(&ectx);
int out_len =0;
if(input_len%3==0)
out_len = input_len/3 *4;
else
out_len = (input_len/3 +1)*4;
//数据够长的话会有多个换行
char *out = (char *)malloc(out_len + out_len/80 +1);
int total = 0;
int encode_len = 0;
EVP_EncodeUpdate(&ectx,out,&encode_len,input,input_len);
total += encode_len;
EVP_EncodeFinal(&ectx,out+total,&encode_len);
total += encode_len;
printf("%s",out);
*base64 = out;
return total;
}
int main(void)
{
int i, len, total = 0, total2 = 0, ret;
EVP_ENCODE_CTX ctx1, ctx2;
unsigned char f[60];
unsigned char t[80 + 1];
for(i = 0; i < 60; i++)
{
memset(&f[i], i, 1);
}
EVP_EncodeInit(&ctx1);
EVP_EncodeUpdate(&ctx1, t, &len, f, 60);
total += len;
printf("total = %d\n", total);
// printf("%s\n", t);
EVP_EncodeFinal(&ctx1, t + total, &len);
total += len;
printf("%total = %d\n", total);
printf("%s\n", t);
EVP_DecodeInit(&ctx2);
ret = EVP_DecodeUpdate(&ctx2, f, &len, t, total);
total2 += len;
ret = EVP_DecodeFinal(&ctx2, f, &len);
total2 += len;
for(i = 0; i < total2; i++)
{
printf("%02x\t", f[i]);
}
printf("\n");
return 0;
}
unsigned int OpenSSLCryptoBase64::encode(unsigned char * inData,
unsigned int inLength,
unsigned char * outData,
unsigned int outLength) {
int outLen;
if (outLength + 24 < inLength) {
throw XSECCryptoException(XSECCryptoException::MemoryError,
"OpenSSL:Base64 - Output buffer not big enough for Base64 encode");
}
EVP_EncodeUpdate(&m_ectx,
outData,
&outLen,
inData,
inLength);
if (outLen > (int) outLength) {
throw XSECCryptoException(XSECCryptoException::MemoryError,
"OpenSSL:Base64 - Output buffer not big enough for Base64 encode and overflowed");
}
return outLen;
}
int PEM_write_bio(BIO *bp, const char *name, const char *header,
const unsigned char *data, long len)
{
int nlen,n,i,j,outl;
unsigned char *buf = NULL;
EVP_ENCODE_CTX ctx;
int reason=ERR_R_BUF_LIB;
EVP_EncodeInit(&ctx);
nlen=strlen(name);
if ( (BIO_write(bp,"-----BEGIN ",11) != 11) ||
(BIO_write(bp,name,nlen) != nlen) ||
(BIO_write(bp,"-----\n",6) != 6))
goto err;
i=strlen(header);
if (i > 0)
{
if ( (BIO_write(bp,header,i) != i) ||
(BIO_write(bp,"\n",1) != 1))
goto err;
}
buf = OPENSSL_malloc(PEM_BUFSIZE*8);
if (buf == NULL)
{
reason=ERR_R_MALLOC_FAILURE;
goto err;
}
i=j=0;
while (len > 0)
{
n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
goto err;
i+=outl;
len-=n;
j+=n;
}
EVP_EncodeFinal(&ctx,buf,&outl);
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
OPENSSL_free(buf);
buf = NULL;
if ( (BIO_write(bp,"-----END ",9) != 9) ||
(BIO_write(bp,name,nlen) != nlen) ||
(BIO_write(bp,"-----\n",6) != 6))
goto err;
return(i+outl);
err:
if (buf) {
OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
OPENSSL_free(buf);
}
OPENSSL_PUT_ERROR(PEM, PEM_write_bio, reason);
return(0);
}
/*
* Convert a raw byte string into a null-terminated base64 ASCII string.
* Returns 1 on success or 0 on error.
*/
static int t_tob64(char *dst, const unsigned char *src, int size)
{
EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
int outl = 0, outl2 = 0;
unsigned char pad[2] = {0, 0};
size_t leadz = 0;
if (ctx == NULL)
return 0;
EVP_EncodeInit(ctx);
evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES
| EVP_ENCODE_CTX_USE_SRP_ALPHABET);
/*
* We pad at the front with zero bytes until the length is a multiple of 3
* so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "="
* padding
*/
leadz = 3 - (size % 3);
if (leadz != 3
&& !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad,
leadz)) {
EVP_ENCODE_CTX_free(ctx);
return 0;
}
if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src,
size)) {
EVP_ENCODE_CTX_free(ctx);
return 0;
}
outl += outl2;
EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2);
outl += outl2;
/* Strip the encoded padding at the front */
if (leadz != 3) {
memmove(dst, dst + leadz, outl - leadz);
dst[outl - leadz] = '\0';
}
EVP_ENCODE_CTX_free(ctx);
return 1;
}
void cm_base_64_encode(const unsigned char *in, int32_t inlen,unsigned char *out, int32_t *outlen)
{
EVP_ENCODE_CTX ctx;
EVP_EncodeInit(&ctx);
EVP_EncodeUpdate(&ctx,out,outlen,(char*)in, inlen);
EVP_EncodeFinal(&ctx,out,outlen);
return;
}
/*!
* @brief Perform Basic authentication for now. Support digest in the
* future.
*/
static const char *sstp_proxy_basicauth(const char *user,
const char *pass, char *buf, int size)
{
EVP_ENCODE_CTX ctx;
int tot = 0;
int len = 0;
unsigned char out[255];
EVP_EncodeInit (&ctx);
EVP_EncodeUpdate(&ctx, out + tot, &len,
(unsigned char*) user, strlen(user));
tot += len;
EVP_EncodeUpdate(&ctx, out + tot, &len,
(unsigned char*) ":", 1);
tot += len;
EVP_EncodeUpdate(&ctx, out + tot, &len,
(unsigned char*) pass, strlen(pass));
tot += len;
EVP_EncodeFinal (&ctx, out + tot, &len);
tot += len;
snprintf(buf, size, "Basic %s", out);
return (buf);
}
/* {{{ php_crypto_base64_encode_update */
static inline int php_crypto_base64_encode_update(
EVP_ENCODE_CTX *ctx, char *out, int *outl,
const char *in, phpc_str_size_t in_len TSRMLS_DC)
{
int inl;
/* check string length overflow */
if (php_crypto_str_size_to_int(in_len, &inl) == FAILURE) {
php_crypto_error(PHP_CRYPTO_ERROR_ARGS(Base64, INPUT_DATA_LENGTH_HIGH));
return FAILURE;
}
EVP_EncodeUpdate(ctx,
(unsigned char *) out, outl,
(const unsigned char *) in, inl);
return SUCCESS;
}
int
PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
unsigned char *out, int *outl, EVP_PKEY *priv)
{
unsigned char *s = NULL;
int ret = 0, j;
unsigned int i;
if (priv->type != EVP_PKEY_RSA) {
PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
goto err;
}
i = RSA_size(priv->pkey.rsa);
if (i < 100)
i = 100;
s = reallocarray(NULL, i, 2);
if (s == NULL) {
PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i))
goto err;
EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
*outl = j;
out += j;
EVP_EncodeFinal(&ctx->encode, out, &j);
*outl += j;
if (!EVP_SignFinal(&ctx->md, s, &i, priv))
goto err;
*sigl = EVP_EncodeBlock(sig, s, i);
ret = 1;
err:
EVP_MD_CTX_cleanup(&ctx->md);
EVP_CIPHER_CTX_cleanup(&ctx->cipher);
if (s != NULL)
free(s);
return (ret);
}
void openssl_evp_encode()
{
FILE *fin, *fout;
int inLen, outLen;
EVP_ENCODE_CTX ctx;
unsigned char ins[MAX1_LEN], outs[MAX2_LEN];
fin = fopen("/tmp/test.dat", "rb");
fout = fopen("/tmp/test.txt", "w");
memset(ins, 0, sizeof(ins));
memset(outs, 0, sizeof(outs));
printf("\nEVP_Encode(/tmp/test.dat) = ");
EVP_EncodeInit(&ctx);
while ((inLen = fread(ins, 1, MAX1_LEN, fin)) > 0) {
EVP_EncodeUpdate(&ctx, outs, &outLen, ins, inLen);
fwrite(outs, 1, outLen, fout);
printf("%s", outs);
}
EVP_EncodeFinal(&ctx, outs, &outLen);
fwrite(outs, 1, outLen, fout);
printf("%s", outs);
fclose(fin);
fclose(fout);
fin = fopen("/tmp/test.txt", "r");
fout = fopen("/tmp/test-1.dat", "wb");
memset(ins, 0, sizeof(ins));
memset(outs, 0, sizeof(outs));
printf("\nEVP_Decode(/tmp/test.txt) = ");
EVP_DecodeInit(&ctx);
while ((inLen = fread(ins, 1, MAX1_LEN, fin)) > 0) {
EVP_DecodeUpdate(&ctx, outs, &outLen, ins, inLen);
fwrite(outs, 1, outLen, fout);
printf("%s", outs);
}
EVP_DecodeFinal(&ctx, outs, &outLen);
fwrite(outs, 1, outLen, fout);
printf("%s\n", outs);
fclose(fin);
fclose(fout);
}
int _ldapfull_base64_encode( const char *src, int srclen, char **ret, int *rlen ) {
int tlen = 0;
char *text;
EVP_ENCODE_CTX EVP_ctx;
text = (char *)malloc((srclen*4/3) + 1 );
if (text == NULL) {
return 0;
}
EVP_EncodeInit(&EVP_ctx);
EVP_EncodeUpdate(&EVP_ctx, text, &tlen, (char *)src, srclen);
EVP_EncodeFinal(&EVP_ctx, text, &tlen);
*ret = text;
if (rlen != NULL) {
*rlen = tlen;
}
return 1;
}
static void mime_put(byte_string_t bs, FILE *outfp)
{
char out[1024];
int outl;
int i, l;
EVP_ENCODE_CTX ctx;
EVP_EncodeInit(&ctx);
for (i=0; i<bs->len; i+=l) {
if (i+crypt_buf_size > bs->len) {
l = bs->len - i;
} else {
l = crypt_buf_size;
}
EVP_EncodeUpdate(&ctx,out,&outl,&bs->data[i],l);
fwrite(out, 1, outl, outfp);
}
EVP_EncodeFinal(&ctx,out,&outl);
fwrite(out, 1, outl, outfp);
}
/** Base64 encode <b>srclen</b> bytes of data from <b>src</b>. Write
* the result into <b>dest</b>, if it will fit within <b>destlen</b>
* bytes. Return the number of bytes written on success; -1 if
* destlen is too short, or other failure.
*/
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen)
{
/* FFFF we might want to rewrite this along the lines of base64_decode, if
* it ever shows up in the profile. */
EVP_ENCODE_CTX ctx;
int len, ret;
// assert(srclen < INT_MAX);
/* 48 bytes of input -> 64 bytes of output plus newline.
Plus one more byte, in case I'm wrong.
*/
if (destlen < ((srclen/48)+1)*66)
return -1;
if (destlen > SIZE_T_CEILING)
return -1;
EVP_EncodeInit(&ctx);
EVP_EncodeUpdate(&ctx, (unsigned char*)dest, &len,
(unsigned char*)src, (int)srclen);
EVP_EncodeFinal(&ctx, (unsigned char*)(dest+len), &ret);
ret += len;
return ret;
}
void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
unsigned char *in, int inl)
{
unsigned char buffer[1600];
int i,j;
*outl=0;
EVP_SignUpdate(&ctx->md,in,inl);
for (;;)
{
if (inl <= 0) break;
if (inl > 1200)
i=1200;
else
i=inl;
EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
*outl+=j;
out+=j;
in+=i;
inl-=i;
}
}
static int b64_write(BIO *b, const char *in, int inl)
{
int ret = 0;
int n;
int i;
BIO_B64_CTX *ctx;
ctx = (BIO_B64_CTX *)b->ptr;
BIO_clear_retry_flags(b);
if (ctx->encode != B64_ENCODE) {
ctx->encode = B64_ENCODE;
ctx->buf_len = 0;
ctx->buf_off = 0;
ctx->tmp_len = 0;
EVP_EncodeInit(ctx->base64);
}
OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n = ctx->buf_len - ctx->buf_off;
while (n > 0) {
i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
return (i);
}
OPENSSL_assert(i <= n);
ctx->buf_off += i;
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n -= i;
}
/* at this point all pending data has been written */
ctx->buf_off = 0;
ctx->buf_len = 0;
if ((in == NULL) || (inl <= 0))
return (0);
while (inl > 0) {
n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
if (ctx->tmp_len > 0) {
OPENSSL_assert(ctx->tmp_len <= 3);
n = 3 - ctx->tmp_len;
/*
* There's a theoretical possibility for this
*/
if (n > inl)
n = inl;
memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
ctx->tmp_len += n;
ret += n;
if (ctx->tmp_len < 3)
break;
ctx->buf_len =
EVP_EncodeBlock((unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp, ctx->tmp_len);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
/*
* Since we're now done using the temporary buffer, the
* length should be 0'd
*/
ctx->tmp_len = 0;
} else {
if (n < 3) {
memcpy(ctx->tmp, in, n);
ctx->tmp_len = n;
ret += n;
break;
}
n -= n % 3;
ctx->buf_len =
EVP_EncodeBlock((unsigned char *)ctx->buf,
(const unsigned char *)in, n);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
} else {
EVP_EncodeUpdate(ctx->base64,
(unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)in, n);
OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
inl -= n;
in += n;
ctx->buf_off = 0;
n = ctx->buf_len;
while (n > 0) {
i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
return ((ret == 0) ? i : ret);
}
OPENSSL_assert(i <= n);
n -= i;
ctx->buf_off += i;
OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
}
ctx->buf_len = 0;
ctx->buf_off = 0;
}
return (ret);
}
static int b64_write(BIO *b, const char *in, int inl) {
int ret = 0, n, i;
BIO_B64_CTX *ctx;
ctx = (BIO_B64_CTX *)b->ptr;
BIO_clear_retry_flags(b);
if (ctx->encode != B64_ENCODE) {
ctx->encode = B64_ENCODE;
ctx->buf_len = 0;
ctx->buf_off = 0;
ctx->tmp_len = 0;
EVP_EncodeInit(&(ctx->base64));
}
assert(ctx->buf_off < (int)sizeof(ctx->buf));
assert(ctx->buf_len <= (int)sizeof(ctx->buf));
assert(ctx->buf_len >= ctx->buf_off);
n = ctx->buf_len - ctx->buf_off;
while (n > 0) {
i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
return i;
}
assert(i <= n);
ctx->buf_off += i;
assert(ctx->buf_off <= (int)sizeof(ctx->buf));
assert(ctx->buf_len >= ctx->buf_off);
n -= i;
}
// at this point all pending data has been written.
ctx->buf_off = 0;
ctx->buf_len = 0;
if (in == NULL || inl <= 0) {
return 0;
}
while (inl > 0) {
n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
if (BIO_test_flags(b, BIO_FLAGS_BASE64_NO_NL)) {
if (ctx->tmp_len > 0) {
assert(ctx->tmp_len <= 3);
n = 3 - ctx->tmp_len;
// There's a theoretical possibility of this.
if (n > inl) {
n = inl;
}
OPENSSL_memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
ctx->tmp_len += n;
ret += n;
if (ctx->tmp_len < 3) {
break;
}
ctx->buf_len = EVP_EncodeBlock((uint8_t *)ctx->buf, (uint8_t *)ctx->tmp,
ctx->tmp_len);
assert(ctx->buf_len <= (int)sizeof(ctx->buf));
assert(ctx->buf_len >= ctx->buf_off);
// Since we're now done using the temporary buffer, the length should
// be zeroed.
ctx->tmp_len = 0;
} else {
if (n < 3) {
OPENSSL_memcpy(ctx->tmp, in, n);
ctx->tmp_len = n;
ret += n;
break;
}
n -= n % 3;
ctx->buf_len =
EVP_EncodeBlock((uint8_t *)ctx->buf, (const uint8_t *)in, n);
assert(ctx->buf_len <= (int)sizeof(ctx->buf));
assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
} else {
EVP_EncodeUpdate(&(ctx->base64), (uint8_t *)ctx->buf, &ctx->buf_len,
(uint8_t *)in, n);
assert(ctx->buf_len <= (int)sizeof(ctx->buf));
assert(ctx->buf_len >= ctx->buf_off);
ret += n;
}
inl -= n;
in += n;
ctx->buf_off = 0;
n = ctx->buf_len;
while (n > 0) {
i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
if (i <= 0) {
BIO_copy_next_retry(b);
return ret == 0 ? i : ret;
}
assert(i <= n);
n -= i;
ctx->buf_off += i;
assert(ctx->buf_off <= (int)sizeof(ctx->buf));
assert(ctx->buf_len >= ctx->buf_off);
}
ctx->buf_len = 0;
ctx->buf_off = 0;
}
return ret;
}
// Write information about an untrusted certificate
BOOL ProduceUntrustedCertificateXML(BIO *target, const DEFCERT_UNTRUSTED_cert_st *entry, EVP_PKEY *key, int sig_alg)
{
unsigned int i, read_len=0;
int outl;
if(target == NULL)
return FALSE;
if(entry->dercert_data == NULL)
return TRUE;
EVP_ENCODE_CTX base_64;
unsigned char *buffer = new unsigned char[BUFFER_SIZE+1];
if(buffer == NULL)
return FALSE;
BOOL ret = FALSE;
X509 *cert=NULL;
char *name=NULL;
do{
if(!BIO_puts(target, "-->\n<!-- Copyright (C) 2008-2009 Opera Software ASA. All Rights Reserved. -->\n\n<untrusted-certificate>\n"))
break;
const unsigned char *data = entry->dercert_data;
cert = d2i_X509(NULL, &data, entry->dercert_len);
if(cert == NULL)
break;
// Cert name in one line
char *name = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
if(!name)
break;
if(!WriteXML(target, "subject", name, (char *) buffer, BUFFER_SIZE))
break;
OPENSSL_free(name);
// friendly name
if(entry->nickname)
if(!WriteXML(target, "shortname", entry->nickname, (char *) buffer, BUFFER_SIZE))
break;
// reason it is untrusted
if(entry->reason)
if(!WriteXML(target, "untrusted-reason", entry->reason, (char *) buffer, BUFFER_SIZE))
break;
if(!BIO_puts(target, "<certificate-data>\n"))
break;
EVP_EncodeInit(&base_64);
read_len=0;
// Write Base64 encoded certificate
for(i = 0; i < entry->dercert_len; i+= read_len)
{
read_len = (BUFFER_SIZE/4)*3;
if(i + read_len > entry->dercert_len)
read_len = entry->dercert_len -i;
outl =0;
EVP_EncodeUpdate(&base_64, buffer, &outl, entry->dercert_data+i, read_len);
if(outl && !BIO_write(target, buffer, outl))
break;
}
outl =0;
EVP_EncodeFinal(&base_64, buffer, &outl);
if(outl && !BIO_write(target, buffer, outl))
break;
if(!BIO_puts(target, "\n</certificate-data>\n"))
break;
if(!BIO_puts(target, "</untrusted-certificate>\n"))
break;
ret = TRUE;
}
while(0);
X509_free(cert);
OPENSSL_free(name);
delete [] buffer;
return ret;
}
static void
sign_req (int fd, void *unused)
{
char thefile[80], cmd_buf[300], p7[3000];
int i, num;
unsigned char *data, *asn1;
int32_t msglen;
BIO *bio = NULL;
FILE *fp;
struct stat blah;
X509_REQ *req = NULL;
EVP_ENCODE_CTX ctx;
if (recv(fd, (char *)&msglen, sizeof(int32_t), MSG_WAITALL) < sizeof(int32_t)) {
return;
}
msglen = ntohl(msglen);
if (msglen > 3000) {
return;
}
if ((data = (unsigned char *)malloc(msglen)) == NULL) {
return;
}
if ((asn1 = (unsigned char *)malloc(msglen)) == NULL) {
free(data);
return;
}
if (recv(fd, (char *)data, msglen, MSG_WAITALL) < msglen) {
free(data);
return;
}
EVP_DecodeInit(&ctx);
EVP_DecodeUpdate(&ctx, asn1, &i, data, msglen);
num = i;
EVP_DecodeFinal(&ctx, &(asn1[i]), &i);
num += i;
free(data);
if ((bio = BIO_new_mem_buf(asn1, num)) == NULL) {
free(asn1);
goto no_cert;
}
if ((req = d2i_X509_REQ_bio(bio, NULL)) == NULL) {
free(asn1);
goto no_cert;
}
free(asn1);
BIO_free(bio); bio = NULL;
unique++;
memset(thefile, 0, sizeof(thefile));
snprintf(thefile, sizeof(thefile), "%dreq.pem", unique);
if ((fp = fopen(thefile, "w+")) == NULL) {
goto no_cert;
}
if ((bio = BIO_new(BIO_s_file())) == NULL) {
fprintf(stderr, "unable to create bio for CSR\n");
goto no_cert;
}
BIO_set_fp(bio, fp, BIO_NOCLOSE);
PEM_write_bio_X509_REQ(bio, req);
(void)BIO_flush(bio);
BIO_free(bio); bio = NULL;
fclose(fp);
snprintf(cmd_buf, sizeof(cmd_buf),
"openssl ca "
"-policy policy_anything -batch -notext "
"-config ./conf/openssl.cnf "
"-out %dcert.pem -in %dreq.pem", unique, unique);
system(cmd_buf);
unlink(thefile);
snprintf(thefile, sizeof(thefile), "%dcert.pem", unique);
if ((stat(thefile, &blah) < 0) || (blah.st_size < 1)) {
goto no_cert;
}
snprintf(cmd_buf, sizeof(cmd_buf),
"openssl crl2pkcs7 "
"-certfile %dcert.pem -outform DER -out %dder.p7 -nocrl", unique, unique);
system(cmd_buf);
unlink(thefile);
snprintf(thefile, sizeof(thefile), "%dder.p7", unique);
if (stat(thefile, &blah) < 0) {
goto no_cert;
}
i = blah.st_size;
printf("DER-encoded P7 is %d bytes\n", i);
if ((data = (unsigned char *)malloc(blah.st_size*2)) == NULL) {
goto no_cert;
}
if ((fp = fopen(thefile, "r")) == NULL) {
free(data);
goto no_cert;
}
if (fread(p7, 1, sizeof(p7), fp) < blah.st_size) {
free(data);
goto no_cert;
}
fclose(fp);
unlink(thefile);
i = 0;
EVP_EncodeInit(&ctx);
EVP_EncodeUpdate(&ctx, data, &i, (unsigned char *)p7, blah.st_size);
num = i;
EVP_EncodeFinal(&ctx, (unsigned char *)&(data[i]), &i);
num += i;
printf("PEM-encoded P7 is %d bytes\n", num);
msglen = num;
msglen = htonl(msglen);
send(fd, (char *)&msglen, sizeof(int32_t), 0);
send(fd, (char *)data, num, 0);
free(data);
no_cert:
BIO_free(bio);
srv_rem_input(srvctx, fd);
close(fd);
return;
}
int PEM_write_bio(BIO *bp, const char *name, const char *header,
const unsigned char *data, long len)
{
int nlen, n, i, j, outl;
unsigned char *buf = NULL;
EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
int reason = ERR_R_BUF_LIB;
int retval = 0;
if (ctx == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
EVP_EncodeInit(ctx);
nlen = strlen(name);
if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
(BIO_write(bp, name, nlen) != nlen) ||
(BIO_write(bp, "-----\n", 6) != 6))
goto err;
i = strlen(header);
if (i > 0) {
if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
goto err;
}
buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
if (buf == NULL) {
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
i = j = 0;
while (len > 0) {
n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n))
goto err;
if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
i += outl;
len -= n;
j += n;
}
EVP_EncodeFinal(ctx, buf, &outl);
if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
goto err;
if ((BIO_write(bp, "-----END ", 9) != 9) ||
(BIO_write(bp, name, nlen) != nlen) ||
(BIO_write(bp, "-----\n", 6) != 6))
goto err;
retval = i + outl;
err:
if (retval == 0)
PEMerr(PEM_F_PEM_WRITE_BIO, reason);
EVP_ENCODE_CTX_free(ctx);
OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
return retval;
}
void FMT_encrypt_stream_array(char **id, int idcount,
FILE *infp, FILE *outfp, params_t params)
{
byte_string_t U, K;
byte_string_t *V;
unsigned char in[crypt_buf_size];
unsigned char *out;
int inl, outl;
crypto_ctx_t ctx;
EVP_ENCODE_CTX mime;
unsigned char data[1024];
int i;
int count;
out = (unsigned char *) alloca(crypt_buf_size + crypto_block_size());
V = (byte_string_t *) alloca(sizeof(byte_string_t) * idcount);
fprintf(outfp, "\n-----BEGIN IBE-----\n");
crypto_generate_key(K);
IBE_hide_key_array(U, V, id, idcount, K, params);
fprintf(outfp, "\nU:\n");
mime_put(U, outfp);
fprintf(outfp, "\n");
for (i=0; i<idcount; i++) {
fprintf(outfp, "\nID:\n");
fprintf(outfp, "%s\n", id[i]);
fprintf(outfp, "\nV:\n");
mime_put(V[i], outfp);
fprintf(outfp, "\n");
byte_string_clear(V[i]);
}
fprintf(outfp, "\nW:\n");
crypto_ctx_init(ctx);
crypto_encrypt_init(ctx, K);
EVP_EncodeInit(&mime);
for (;;) {
inl = fread(in, 1, crypt_buf_size, infp);
if (inl < 0) {
fprintf(stderr, "read error\n");
exit(1);
}
crypto_encrypt_update(ctx, out, &outl, in, inl);
EVP_EncodeUpdate(&mime, data, &count, out, outl);
fwrite(data, 1, count, outfp);
if (feof(infp)) break;
}
crypto_encrypt_final(ctx, out, &outl);
crypto_ctx_clear(ctx);
EVP_EncodeUpdate(&mime, data, &count, out, outl);
fwrite(data, 1, count, outfp);
EVP_EncodeFinal(&mime, data, &count);
fwrite(data, 1, count, outfp);
fprintf(outfp, "\n-----END IBE-----\n");
byte_string_clear(K);
byte_string_clear(U);
}
