void pki_x509req::fload(const QString fname)
{
FILE *fp = fopen_read(fname);
X509_REQ *_req;
int ret = 0;
if (fp != NULL) {
_req = PEM_read_X509_REQ(fp, NULL, NULL, NULL);
if (!_req) {
pki_ign_openssl_error();
rewind(fp);
_req = d2i_X509_REQ_fp(fp, NULL);
}
fclose(fp);
if (ret || pki_ign_openssl_error()) {
if (_req)
X509_REQ_free(_req);
throw errorEx(tr("Unable to load the certificate request in file %1. Tried PEM, DER and SPKAC format.").arg(fname));
}
} else {
fopen_error(fname);
return;
}
if (_req) {
X509_REQ_free(request);
request = _req;
}
autoIntName();
if (getIntName().isEmpty())
setIntName(rmslashdot(fname));
openssl_error(fname);
}
void pki_crl::fload(const QString fname)
{
FILE *fp = fopen(QString2filename(fname), "r");
X509_CRL *_crl;
if (fp != NULL) {
_crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL);
if (!_crl) {
pki_ign_openssl_error();
rewind(fp);
_crl = d2i_X509_CRL_fp(fp, NULL);
}
fclose(fp);
if (pki_ign_openssl_error()) {
if (_crl)
X509_CRL_free(_crl);
throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname));
}
if (crl)
X509_CRL_free(crl);
crl = _crl;
setIntName(rmslashdot(fname));
pki_openssl_error();
} else
fopen_error(fname);
}
int pki_x509req::verify() const
{
EVP_PKEY *pkey = X509_REQ_get_pubkey(request);
bool x = X509_REQ_verify(request,pkey) > 0;
pki_ign_openssl_error();
EVP_PKEY_free(pkey);
return x;
}
bool pki_crl::verify(pki_key *key)
{
bool ret=false;
if (crl && crl->crl && key) {
ret = (X509_CRL_verify(crl , key->getPubKey()) == 1);
pki_ign_openssl_error();
}
return ret ;
}
pki_key *pki_x509req::getPubKey() const
{
EVP_PKEY *pkey = X509_REQ_get_pubkey(request);
pki_ign_openssl_error();
if (pkey == NULL)
return NULL;
pki_evp *key = new pki_evp(pkey);
pki_openssl_error();
return key;
}
int pki_x509req::verify()
{
EVP_PKEY *pkey = X509_REQ_get_pubkey(request);
bool x;
if (spki) {
x = NETSCAPE_SPKI_verify(spki, pkey) > 0;
} else {
x = X509_REQ_verify(request,pkey) > 0;
}
pki_ign_openssl_error();
EVP_PKEY_free(pkey);
return x;
}
void pki_evp::veryOldFromData(unsigned char *p, int size )
{
unsigned char *sik, *pdec, *pdec1, *sik1;
int outl, decsize;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char ckey[EVP_MAX_KEY_LENGTH];
memset(iv, 0, EVP_MAX_IV_LENGTH);
RSA *rsakey;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
sik = (unsigned char *)OPENSSL_malloc(size);
check_oom(sik);
pki_openssl_error();
pdec = (unsigned char *)OPENSSL_malloc(size);
if (pdec == NULL ) {
OPENSSL_free(sik);
check_oom(pdec);
}
pdec1=pdec;
sik1=sik;
memcpy(iv, p, 8); /* recover the iv */
/* generate the key */
EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)oldpasswd,
strlen(oldpasswd), 1, ckey,NULL);
/* we use sha1 as message digest,
* because an md5 version of the password is
* stored in the database...
*/
EVP_CIPHER_CTX_init (&ctx);
EVP_DecryptInit( &ctx, cipher, ckey, iv);
EVP_DecryptUpdate( &ctx, pdec , &outl, p + 8, size -8 );
decsize = outl;
EVP_DecryptFinal( &ctx, pdec + decsize , &outl );
decsize += outl;
pki_openssl_error();
memcpy(sik, pdec, decsize);
if (key->type == EVP_PKEY_RSA) {
rsakey=d2i_RSAPrivateKey(NULL,(const unsigned char **)&pdec, decsize);
if (pki_ign_openssl_error()) {
rsakey = d2i_RSA_PUBKEY(NULL, (const unsigned char **)&sik, decsize);
}
pki_openssl_error();
if (rsakey) EVP_PKEY_assign_RSA(key, rsakey);
}
OPENSSL_free(sik1);
OPENSSL_free(pdec1);
EVP_CIPHER_CTX_cleanup(&ctx);
pki_openssl_error();
encryptKey();
}
void pki_evp::fromPEM_BIO(BIO *bio, QString name)
{
EVP_PKEY *pkey;
int pos;
pass_info p(XCA_TITLE, QObject::tr(
"Please enter the password to decrypt the private key."));
pos = BIO_tell(bio);
pkey = PEM_read_bio_PrivateKey(bio, NULL, MainWindow::passRead, &p);
if (!pkey){
pki_ign_openssl_error();
pos = BIO_seek(bio, pos);
pkey = PEM_read_bio_PUBKEY(bio, NULL, MainWindow::passRead, &p);
}
if (pkey){
if (key)
EVP_PKEY_free(key);
key = pkey;
if (EVP_PKEY_isPrivKey(key))
bogusEncryptKey();
setIntName(rmslashdot(name));
}
openssl_error(name);
}
/*!
Load a spkac FILE into this request structure.
The file format follows the conventions understood by the 'openssl ca'
command. (see: 'man ca')
*/
int pki_x509req::load_spkac(const QString filename)
{
QFile file;
x509name subject;
EVP_PKEY *pktmp = NULL;
pki_ign_openssl_error();
file.setFileName(filename);
if (!file.open(QIODevice::ReadOnly))
return 1;
while (!file.atEnd()) {
int idx, nid;
QByteArray line = file.readLine();
if (line.size() == 0)
continue;
idx = line.indexOf('=');
if (idx == -1)
goto err;
QString type = line.left(idx).trimmed();
line = line.mid(idx+1).trimmed();
idx = type.lastIndexOf(QRegExp("[:,\\.]"));
if (idx != -1)
type = type.mid(idx+1);
if ((nid = OBJ_txt2nid(CCHAR(type))) == NID_undef) {
if (type != "SPKAC")
goto err;
pki_ign_openssl_error();
spki = NETSCAPE_SPKI_b64_decode(line, line.size());
if (!spki)
goto err;
/*
Now extract the key from the SPKI structure and
check the signature.
*/
pktmp = NETSCAPE_SPKI_get_pubkey(spki);
if (pktmp == NULL)
goto err;
if (NETSCAPE_SPKI_verify(spki, pktmp) != 1)
goto err;
} else {
// gather all values in the x509name subject.
subject.addEntryByNid(nid,
filename2QString(line.constData()));
}
}
if (!pktmp)
goto err;
setSubject(subject);
X509_REQ_set_pubkey(request, pktmp);
EVP_PKEY_free(pktmp);
return 0;
err:
if (pktmp)
EVP_PKEY_free(pktmp);
if (spki) {
NETSCAPE_SPKI_free(spki);
spki = NULL;
}
return 1;
}
void pki_evp::fload(const QString fname)
{
pass_info p(XCA_TITLE, qApp->translate("MainWindow",
"Please enter the password to decrypt the private key: '%1'").
arg(fname));
pem_password_cb *cb = MainWindow::passRead;
FILE *fp = fopen(QString2filename(fname), "r");
EVP_PKEY *pkey;
pki_ign_openssl_error();
if (!fp) {
fopen_error(fname);
return;
}
pkey = PEM_read_PrivateKey(fp, NULL, cb, &p);
if (!pkey) {
if (ERR_get_error() == 0x06065064) {
fclose(fp);
pki_ign_openssl_error();
throw errorEx(tr("Failed to decrypt the key (bad password) ") +
fname, class_name);
}
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = d2i_PrivateKey_fp(fp, NULL);
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = d2i_PKCS8PrivateKey_fp(fp, NULL, cb, &p);
}
if (!pkey) {
PKCS8_PRIV_KEY_INFO *p8inf;
pki_ign_openssl_error();
rewind(fp);
p8inf = d2i_PKCS8_PRIV_KEY_INFO_fp(fp, NULL);
if (p8inf) {
pkey = EVP_PKCS82PKEY(p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
}
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = PEM_read_PUBKEY(fp, NULL, cb, &p);
}
if (!pkey) {
pki_ign_openssl_error();
rewind(fp);
pkey = d2i_PUBKEY_fp(fp, NULL);
}
fclose(fp);
if (pki_ign_openssl_error()) {
if (pkey)
EVP_PKEY_free(pkey);
throw errorEx(tr("Unable to load the private key in file %1. Tried PEM and DER private, public and PKCS#8 key types.").arg(fname));
}
if (pkey){
if (pkey->type == EVP_PKEY_EC)
search_ec_oid(pkey->pkey.ec);
if (key)
EVP_PKEY_free(key);
key = pkey;
if (EVP_PKEY_isPrivKey(key))
bogusEncryptKey();
setIntName(rmslashdot(fname));
}
}
