void CA_LIST_ENTRY_free ( CA_LIST_ENTRY *ca ) {
if ( !ca ) return;
if ( ca->ca_id )
{
PKI_log(PKI_LOG_INFO, "MEM::Freeing %s CA config", ca->ca_id );
PKI_Free ( ca->ca_id );
}
if ( ca->ca_cert ) PKI_X509_CERT_free ( ca->ca_cert );
if ( ca->cid ) CA_ENTRY_CERTID_free ( ca->cid );
if ( ca->ca_url ) URL_free ( ca->ca_url );
if ( ca->crl_url ) URL_free ( ca->crl_url );
if ( ca->crl_list )
{
X509_REVOKED *r = NULL;
while ((r = sk_X509_REVOKED_pop ( ca->crl_list )) != NULL)
{
X509_REVOKED_free ( r );
}
}
if ( ca->nextUpdate ) PKI_TIME_free ( ca->nextUpdate );
if ( ca->lastUpdate ) PKI_TIME_free ( ca->lastUpdate );
if ( ca->token_name ) PKI_Free ( ca->token_name );
if ( ca->token ) PKI_TOKEN_free ( ca->token );
PKI_Free ( ca );
return;
}
int URL_put_data_mysql_url ( const URL *url, const PKI_MEM *data ) {
#ifdef HAVE_MYSQL
MYSQL * sql = NULL;
char * query = NULL;
if( !url ) return (PKI_ERR);
if((query = parse_url_put_query( url, data )) == NULL ) {
return( PKI_ERR );
}
if((sql = db_connect ( url )) == NULL ) {
PKI_Free( query );
return(PKI_ERR);
}
if(mysql_query(sql, query ) != 0 ) {
PKI_Free ( query );
db_close( sql );
return( PKI_ERR );
}
PKI_Free (query);
db_close ( sql );
return ( PKI_OK );
#else
return ( PKI_ERR );
#endif
}
MYSQL *db_connect ( const URL *url ) {
MYSQL *sql = NULL;
char * table = NULL;
char * dbname = NULL;
if( (sql = mysql_init( NULL )) == NULL ) {
return NULL;
}
dbname = parse_url_dbname ( url );
table = parse_url_table ( url );
/* The old mysql_connect is no more supported, it seems! */
/* mysql_connect( sql, url->addr, url->usr, url->pwd ); */
if((mysql_real_connect(sql, url->addr, url->usr, url->pwd,
dbname, (unsigned int) url->port, NULL, 0 )) == NULL ) {
if( dbname ) PKI_Free ( dbname );
db_close( sql );
return( NULL );
}
if( dbname ) PKI_Free (dbname);
if( table ) PKI_Free (table);
return( sql );
}
char * PKI_HTTP_get_header_txt (const char * orig_data,
const char * header) {
char *tk = NULL, *pnt = NULL;
char *ret = NULL;
char *data = NULL;
int found = 0;
if( !orig_data || !header || !strlen(orig_data) || !strlen(header))
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
if ((data = strdup(orig_data)) == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
for (tk = strtok_r ( data, "\r\n", &pnt ); tk; tk = strtok_r(NULL, "\r\n", &pnt))
{
if ( tk == NULL ) break;
if (strncmp_nocase(tk, header, (int) strlen(header)) == 0)
{
found = 1;
break;
}
}
if (!found)
{
PKI_Free ( data );
return NULL;
}
if ((pnt = strchr( tk, ':' )) == NULL)
{
PKI_Free ( data );
return NULL;
}
pnt++;
while ((pnt != NULL ) && (*pnt == ' ' )) {
pnt++;
}
if (pnt) ret = strdup( pnt );
PKI_Free ( data );
return ret;
}
PKI_MEM *PKI_MEM_get_url_decoded(PKI_MEM *mem)
{
PKI_MEM *decoded = NULL;
ssize_t data_size = 0;
unsigned char *data = NULL;
int i = 0;
int enc_idx = 0;
if(!mem || !mem->data || (mem->size == 0) )
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
// Let's allocate a big buffer - same size of the encoded one
// is enough as URL encoding expands the size (decoded is smaller)
if ((data = PKI_Malloc(mem->size)) == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
// Let's do the decoding
for( i = 0; i < mem->size; i++ )
{
int p;
unsigned char k;
if (sscanf((const char *)&mem->data[i], "%%%2x", &p) > 0)
{
k = (unsigned char) p;
data[enc_idx++] = k;
i += 2;
}
else
{
data[enc_idx++] = mem->data[i];
}
}
// Allocates the new PKI_MEM for the decoding operations
if((decoded = PKI_MEM_new_data(enc_idx, data)) == NULL)
{
PKI_Free(data);
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return NULL;
}
// Free the allocated memory
PKI_Free(data);
// Returns the newly allocated url-decoded PKI_MEM
return decoded;
}
void PKI_DIGEST_free ( PKI_DIGEST *data )
{
if( !data ) return;
if (data->digest) PKI_Free(data->digest);
data->digest = NULL; // Safety
data->algor = NULL; // Safety
PKI_Free( data );
return;
}
static char * _xml_search_namespace_add ( char *search ) {
char *my_search = NULL;
char *my_arg = NULL;
char *ret = NULL;
int r = 0;
int i = 0;
// return strdup ( search );
/* Let's alloc enough memory for the arguments, maybe this is
too much, but for the moment, let's keep it big */
my_arg = PKI_Malloc ( BUFF_MAX_SIZE );
my_search = PKI_Malloc ( BUFF_MAX_SIZE );
/* Now let's take care about setting the appropriate namespace
if it is not passed, already */
i = 0;
while( search[i] == LIBPKI_PATH_SEPARATOR_CHAR ) {
i++;
strncat(my_search, LIBPKI_PATH_SEPARATOR, BUFF_MAX_SIZE );
}
while( (i < strlen( search )) &&
(sscanf( search + i, "%[^" LIBPKI_PATH_SEPARATOR "]%n",
my_arg, &r ) > 0 )) {
i = i + r;
if( strchr( my_arg, ':' ) == NULL ) {
strncat( my_search, PKI_NAMESPACE_PREFIX ":",
BUFF_MAX_SIZE - strlen(my_search) );
}
strncat( my_search, my_arg, BUFF_MAX_SIZE - strlen(my_search));
while( search[i] == LIBPKI_PATH_SEPARATOR_CHAR ) {
i++;
strncat(my_search, LIBPKI_PATH_SEPARATOR,
BUFF_MAX_SIZE - strlen( my_search ));
}
}
PKI_Free( my_arg );
ret = PKI_Malloc ( strlen( my_search ) + 1);
strncpy( ret, my_search, strlen(my_search) );
PKI_Free ( my_search );
return( ret );
}
void PKI_HTTP_free ( PKI_HTTP *rv )
{
if ( !rv ) return;
if ( rv->location ) PKI_Free ( rv->location );
if ( rv->type ) PKI_Free ( rv->type );
if ( rv->body ) PKI_MEM_free ( rv->body );
if ( rv->head ) PKI_MEM_free ( rv->head );
if ( rv->path ) PKI_Free ( rv->path );
PKI_Free ( rv );
return;
}
int PKI_MEM_decode(PKI_MEM *mem, PKI_DATA_FORMAT format, int opts)
{
PKI_MEM *decoded = NULL;
if ((decoded = PKI_MEM_get_decoded(mem, format, opts)) == NULL)
{
PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL);
return PKI_ERR_MEMORY_ALLOC;
}
// Clears the memory for the old PKI_MEM
if (mem->data) PKI_Free(mem->data);
// Transfer ownership of the data
mem->data = decoded->data;
mem->size = decoded->size;
// Clears the encoded data container
decoded->data = NULL;
decoded->size = 0;
// Free the newly-allocated (now empty) container
PKI_MEM_free(decoded);
// Returns success
return PKI_OK;
}
void PKI_ZFree ( void *pnt, size_t size ) {
/* Check the Input */
if (!pnt) return;
/* If No size is provided, normal PKI_Free() is used */
if ( size <= 0 ) return PKI_Free ( pnt );
/* Zeroize the Memory */
memset( pnt, '\xFF', size );
/* Free The Memory */
PKI_Free ( pnt );
return;
}
int PKI_X509_OCSP_RESP_print_parsed ( PKI_X509_OCSP_RESP *r,
PKI_X509_DATA type, int fd ) {
const char *str = NULL;
int ret = PKI_OK;
if (!r | !r->value) return ( PKI_ERR );
// Let's get the parsed value
if ((str = PKI_X509_OCSP_RESP_get_parsed(r, type)) == NULL)
return PKI_ERR;
// If the fd is 0, let's redirect to stdout
if ( fd == 0 ) fd = 2;
// Let's write the data to the fd and keep track of the
// error(s) - if any occur
if (write( fd, str, strlen(str)) == -1)
{
ret = PKI_ERR;
}
PKI_Free( (char *) str );
return ret;
}
PKI_OCSP_RESP *d2i_PKI_OCSP_RESP_bio ( PKI_IO *bp, PKI_OCSP_RESP **p ) {
PKI_OCSP_RESP *ret = NULL;
if (( ret = (PKI_OCSP_RESP *)
PKI_Malloc ( sizeof( PKI_OCSP_RESP ))) == NULL ) {
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x0090800fL
ret->resp = (PKI_X509_OCSP_RESP_VALUE *) ASN1_d2i_bio(
(char *(*)(void))OCSP_RESPONSE_new,
(char *(*)(void **, const unsigned char **, long))
d2i_OCSP_RESPONSE,
bp, (unsigned char **) NULL);
#else
ret->resp = (PKI_X509_OCSP_RESP_VALUE *) ASN1_d2i_bio(
(void *(*)(void))OCSP_RESPONSE_new,
(void *(*)(void **, const unsigned char **, long))
d2i_OCSP_RESPONSE,
bp, (void **) NULL);
#endif
if ( !ret->resp ) {
PKI_Free ( ret );
return NULL;
}
ret->bs = OCSP_response_get1_basic(ret->resp);
return ret;
}
int PKI_STACK_free_all (PKI_STACK * st)
{
// Input check
if (!st) return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
// Provides some debugging (helps with memory leaking)
if (st->free == NULL) {
// Provides some debugging (helps with memory leaking)
PKI_ERROR(PKI_ERR_PARAM_NULL,
"Can not free the stack because of missing memory-deallocation Function "
"from Stack Initialization");
// Returns the error
return PKI_ERR;
}
// Removes and frees all the nodes in the stack
while (PKI_STACK_pop_free(st) == PKI_OK);
// Let's free the PKI_STACK data structure's memory
PKI_Free(st);
// All Done.
return PKI_OK;
}
/* PEM <-> INTERNAL Macros --- fix for errors in OpenSSL */
PKI_OCSP_RESP *PEM_read_bio_PKI_OCSP_RESP( PKI_IO *bp, void *a,
void *b, void *c ) {
PKI_OCSP_RESP *ret = NULL;
if (( ret = (PKI_OCSP_RESP *)
PKI_Malloc ( sizeof( PKI_OCSP_RESP ))) == NULL ) {
return NULL;
}
#if OPENSSL_VERSION_NUMBER < 0x0090800fL
ret->resp = (PKI_X509_OCSP_RESP_VALUE *) PEM_ASN1_read_bio(
(char *(*)()) d2i_OCSP_RESPONSE,
PEM_STRING_OCSP_RESPONSE, bp, NULL, NULL, NULL);
#else
ret->resp = (PKI_X509_OCSP_RESP_VALUE *) PEM_ASN1_read_bio(
(void *(*)()) d2i_OCSP_RESPONSE,
PEM_STRING_OCSP_RESPONSE, bp, NULL, NULL, NULL);
#endif
if ( ret->resp == NULL ) {
PKI_Free ( ret );
return NULL;
}
ret->bs = OCSP_response_get1_basic(ret->resp);
return ret;
}
char *parse_url_table ( const URL * url ) {
char *tmp_s = NULL;
char *tmp_s2 = NULL;
char *ret = NULL;
char *dbname = NULL;
size_t size = 0;
if(!url || !url->path ) return (NULL);
if((dbname = parse_url_dbname( url )) == NULL ) {
return (NULL);
}
tmp_s = url->path + strlen(dbname) + 1;
PKI_Free( dbname );
if((tmp_s2 = strchr( tmp_s, '/' )) == NULL ) {
size = strlen( tmp_s );
} else {
size = (size_t) (tmp_s2 - tmp_s);
}
if((ret = PKI_Malloc ( size + 1 )) == NULL ) {
return(NULL);
}
memcpy(ret, tmp_s, size );
ret[size] = '\x0';
return( ret );
}
static int _PKI_STACK_NODE_free(PKI_STACK_NODE *n)
{
if (!n) return (PKI_STACK_ERR);
PKI_Free(n);
return(0);
}
void PKI_X509_EXTENSION_free ( PKI_X509_EXTENSION *ext ) {
if( ext ) {
if( ext->value ) X509_EXTENSION_free ( ext->value );
PKI_Free (ext);
}
return;
}
char *pkcs11_parse_url_getval ( URL * url, char *keyword ) {
char * ret = NULL;
char * tmp_s = NULL;
char * tmp_s2 = NULL;
char *col = NULL;
char *val = NULL;
if( !url || !url->path ) return( NULL );
tmp_s = url->path;
while((tmp_s2 = strchr(tmp_s, '/')) != NULL ) {
tmp_s2++;
tmp_s = tmp_s2;
}
if((col = PKI_Malloc( 1024 )) == NULL ) {
return( NULL );
}
if((val = PKI_Malloc( 1024 )) == NULL ) {
PKI_Free( col );
return (NULL);
}
while( sscanf(tmp_s, "(%[^=]=\"%[^\"])", col, val) > 1 ) {
if( (strlen(col) == strlen(keyword)) &&
(strncmp_nocase( col,keyword,(int)strlen(keyword)) ) == 0 ) {
ret = strdup( val );
goto end;
}
/* The tmp_s should point to the next token */
tmp_s += strlen(col) + strlen(val) + 3;
}
end:
if( col ) PKI_Free ( col );
if( val ) PKI_Free ( val );
return( ret );
}
int PKI_X509_CRL_free ( PKI_X509_CRL * x ) {
if( !x ) return (PKI_ERR);
if( x->value ) X509_CRL_free ((X509_CRL *) x->value );
PKI_Free ( x );
return( PKI_OK );
}
void PKI_ZFree_str ( char *str ) {
if ( str == NULL ) return;
/* Wipe the String's Memory */
memset( str, '\xFF', strlen(str));
PKI_Free ( str );
return;
}
PKI_DIGEST *PKI_X509_CERT_fingerprint(const PKI_X509_CERT *x,
const PKI_DIGEST_ALG *alg ){
PKI_DIGEST *ret = NULL;
PKI_X509_CERT_VALUE *cert = NULL;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int ret_size = 0;
/* Check that we have a valid certificate */
if( !x || !x->value || x->type != PKI_DATATYPE_X509_CERT )
return ( NULL );
cert = (PKI_X509_CERT_VALUE *) x->value;
/* If no Algorithm is provided, we use the default one */
if( alg == NULL ) {
alg = PKI_DIGEST_ALG_DEFAULT;
}
/* Calculate the Digest */
if (!X509_digest(cert,alg,buf,&ret_size)) {
/* ERROR */
return ( NULL );
}
/* Allocate the return structure */
if((ret = PKI_Malloc ( sizeof( PKI_DIGEST) )) == NULL ) {
/* Memory Allocation Error! */
return( NULL );
}
/* Allocate the buffer */
if((ret->digest = PKI_Malloc ( ret_size )) == NULL ) {
/* Memory Error */
PKI_Free ( ret );
return( NULL );
}
/* Set the size of the Digest */
ret->size = ret_size;
/* Copy the Digest Data */
memcpy( ret->digest, buf, ret->size );
/* Sets the algorithm used */
ret->algor = alg;
return ( ret );
}
void HSM_SLOT_INFO_free ( HSM_SLOT_INFO *sl_info, HSM *hsm ) {
if( !sl_info || !hsm ) {
return;
}
if ( hsm && hsm->callbacks && hsm->callbacks->slot_info_free ) {
hsm->callbacks->slot_info_free ( sl_info, hsm );
} else {
PKI_Free ( sl_info );
};
return;
}
void PKI_OCSP_RESP_free( PKI_OCSP_RESP *x )
{
// if no PKI_X509_OCSP_RESP is passed, let's return an error
if (!x) return;
// Free the memory
if( x->resp ) OCSP_RESPONSE_free( x->resp );
if( x->bs ) OCSP_BASICRESP_free ( x->bs );
// Free the container
PKI_Free ( x );
// All done
return;
}
void CA_ENTRY_CERTID_free ( CA_ENTRY_CERTID *cid ) {
if ( !cid ) return;
if ( cid->keyHash ) {
PKI_STRING_free ( cid->keyHash );
}
if ( cid->nameHash ) {
PKI_STRING_free ( cid->nameHash );
}
PKI_Free ( cid );
return;
}
PKI_CONFIG_STACK *PKI_CONFIG_load_all ( char * dir ) {
PKI_STACK *dir_list = NULL;
PKI_CONFIG_STACK *sk = NULL;
char *name = NULL;
if((dir_list = PKI_CONFIG_get_search_paths ( dir )) == NULL ) {
return ( NULL );
}
while( (name = PKI_STACK_pop ( dir_list )) != NULL ) {
PKI_CONFIG_load_dir ( name, sk );
PKI_Free ( name );
}
return ( sk );
}
int PKI_X509_SCEP_DATA_set_ias ( PKI_X509_SCEP_DATA *scep_data, SCEP_ISSUER_AND_SUBJECT *ias )
{
unsigned char *data = NULL;
ssize_t size = 0;
if ( !scep_data || !scep_data->value || !ias ) return PKI_ERR;
if( (size = i2d_SCEP_ISSUER_AND_SUBJECT(ias, NULL)) <= 0 ) return PKI_ERR;
if ((data = ( unsigned char * ) PKI_Malloc ( (size_t) size )) == NULL ) return PKI_ERR;
if (i2d_SCEP_ISSUER_AND_SUBJECT( ias, &data ) <= 0 )
{
PKI_Free ( data );
return PKI_ERR;
}
return PKI_X509_SCEP_DATA_set_raw_data ( scep_data, data, size );
}
int PKI_X509_CERT_print_parsed( PKI_X509_CERT *x,
PKI_X509_DATA type, int fd ) {
char * data = NULL;
int ret = PKI_OK;
if((data = PKI_X509_CERT_get_parsed( x, type )) == NULL ) {
return (PKI_ERR);
} else {
if( fd == 0 ) fd = 2;
if(write(fd, data, strlen( data )) == -1 ) {
ret = PKI_ERR;
} else {
ret = PKI_OK;
}
PKI_Free( data );
}
return (ret);
}
PKI_X509_CRL_ENTRY * PKI_X509_CRL_ENTRY_new(const PKI_X509_CERT *cert,
PKI_X509_CRL_REASON reason,
const PKI_TIME * revDate,
const PKI_X509_PROFILE *profile ) {
PKI_X509_CRL_ENTRY *entry = NULL;
char *ser_s = NULL;
if((ser_s = PKI_X509_CERT_get_parsed(cert, PKI_X509_DATA_SERIAL))
== NULL ) {
return ( NULL );
}
entry = PKI_X509_CRL_ENTRY_new_serial ( ser_s, reason,
revDate, profile );
if( ser_s ) PKI_Free ( ser_s );
return ( entry );
}
/*!
* \brief PKI_STACK free all function
*
* This function frees the memory used by a PKI_STACK structure.
* If the structure is not empty, the pointers to every node are freed,
* but the pointers to the actualy DATA are not freed. If you want to
* completely clean up memorty, use the PKI_STACK_free_all().
*
* You can also use the PKI_STACK_pop() function and free the elements
* by using the appropriate function (e.g., PKI_X509_CERT_free() if it
* is a stack of certificates).
*/
int PKI_STACK_free (PKI_STACK * st)
{
void * data = NULL;
if (st == NULL)
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return(PKI_STACK_ERR);
}
data = PKI_STACK_pop(st);
while (data != NULL)
{
data = PKI_STACK_pop(st);
}
PKI_Free ( st );
return PKI_OK;
}
PKI_MEM * PKI_HMAC_new_data(PKI_MEM *data, PKI_MEM *key, PKI_DIGEST_ALG *digest)
{
unsigned char *hmac_value = NULL;
unsigned int hmac_size = 0;
int key_size = 0;
size_t data_size = 0;
PKI_MEM *ret = NULL;
// Input parameters check
if (!data || data->size <= 0 || !key || key->size <= 0)
{
PKI_ERROR(PKI_ERR_PARAM_NULL, NULL);
return NULL;
}
// Let's use the correct types for the sizes (for the HMAC call)
key_size = (int) key->size;
data_size = (size_t) data->size;
// Retrieve the data from the OpenSSL library
hmac_value = HMAC(digest ? digest : PKI_DIGEST_ALG_SHA1,
(unsigned char *) key->data, key_size,
(unsigned char *) data->data, data_size,
NULL, &hmac_size);
// If no data is returned or size is wrong, let's return null
if (!hmac_value || hmac_size <= 0)
{
if (hmac_value) PKI_Free(hmac_value);
return NULL;
}
// Create a new PKI_MEM object for returning the calculated value
ret = PKI_MEM_new_data(hmac_size, hmac_value);
// Return the PKI_MEM object that contains the HMAC value
return ret;
}
