int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); if(!ne) return 0; ret = X509_NAME_add_entry(name, ne, loc, set); X509_NAME_ENTRY_free(ne); return ret; }
static int lws_tls_openssl_add_nid(X509_NAME *name, int nid, const char *value) { X509_NAME_ENTRY *e; int n; if (!value || value[0] == '\0') value = "none"; e = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, (unsigned char *)value, -1); if (!e) return 1; n = X509_NAME_add_entry(name, e, -1, 0); X509_NAME_ENTRY_free(e); return n != 1; }
/*============================================================================ * OpcUa_P_OpenSSL_X509_Name_AddEntry *===========================================================================*/ OpcUa_StatusCode OpcUa_P_OpenSSL_X509_Name_AddEntry( X509_NAME** a_ppX509Name, OpcUa_Crypto_NameEntry* a_pNameEntry) { X509_NAME_ENTRY* pEntry = OpcUa_Null; OpcUa_Int nid; OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "X509_Name_AddEntry"); OpcUa_ReturnErrorIfArgumentNull(a_pNameEntry); if((nid = OBJ_txt2nid(a_pNameEntry->key)) == NID_undef) { uStatus = OpcUa_BadNotSupported; OpcUa_GotoErrorIfBad(uStatus); } if(!(pEntry = X509_NAME_ENTRY_create_by_NID(OpcUa_Null, nid, MBSTRING_ASC, (unsigned char*)a_pNameEntry->value, -1))) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } if(X509_NAME_add_entry(*a_ppX509Name, pEntry,-1,0) != 1) { uStatus = OpcUa_Bad; } if(pEntry != OpcUa_Null) { X509_NAME_ENTRY_free(pEntry); } OpcUa_ReturnStatusCode; OpcUa_BeginErrorHandling; OpcUa_FinishErrorHandling; }
int32_t Httpsadd_DN_object( HX509Name_t *n, char *text, char *def, char *value, int32_t nid, int32_t min, int32_t max ) { int32_t i, j, ret = 0; HX509NameEntry_t *ne = NULL; char buf[HTTPS_PARAMS_SUB_NAME_LEN]; if(!value) { Trace(HTTPS_ID, TRACE_SEVERE, "value is NULL\r\n"); return OF_FAILURE; } of_memset(buf, 0, HTTPS_PARAMS_SUB_NAME_LEN); if ((value != NULL) && (strlen(value))) { strcpy(buf, value); strcat(buf, "\n"); } if (strlen(value) == 0) { return (1); } if (buf[0] == '\0') { return(0); } else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) { return(1); } strcpy(buf, def); strcat(buf, "\n"); } else if ((buf[0] == '.') && (buf[1] == '\n')) { return(1); } i = strlen(buf); if (buf[i-1] != '\n') { Trace(HTTPS_ID, TRACE_SEVERE, "Weird input\n"); return(0); } buf[--i] = '\0'; j = ASN1_PRINTABLE_type((unsigned char *) buf, -1); if (Httpsreq_fix_data(nid, &j, i, min, max) == 0) { goto err; } if ((ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, j, (unsigned char *) buf, strlen(buf))) == NULL) { goto err; } if (!X509_NAME_add_entry(n, ne, X509_NAME_entry_count(n), 0)) { goto err; } ret = 1; err: if (ne != NULL) { X509_NAME_ENTRY_free(ne); } return(ret); } /* Httpsadd_DN_object() */
uint32 CRegProtocol::GenerateCertRequest(char *SubjName, uchar **Cert, uint32 *CertLength) { uint32 err; //= TU_ERROR_CRYPTO_FAILED; X509_REQ *req; X509_NAME *subj; EVP_PKEY *pkey; int nid; X509_NAME_ENTRY *ent; FILE *fp; int fsize; //First, get the private key err = GetPrivateKey(SubjName, TU_KEY_ENC, &pkey); if(TU_SUCCESS != err) { TUTRACE((TUTRACE_ERR, "PROTO: Error getting private key\n")); goto EXIT; } //Now create a new request object if(!(req = X509_REQ_new())) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating new X509 Request\n")); goto ERR_PKEY; } //assign the public key to the request X509_REQ_set_pubkey (req, pkey); //Subject name processing. if(!(subj = X509_NAME_new())) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating new X509 Subject\n")); goto ERR_REQ; } //First set the predefined subject fields for (int i = 0; i < ENTRY_COUNT; i++) { if((nid = OBJ_txt2nid (entries[i].key)) == NID_undef) { TUTRACE((TUTRACE_ERR, "PROTO: Error getting NID from text\n")); X509_NAME_free(subj); goto ERR_REQ; } if(!(ent = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, (uchar *)entries[i].value, -1))) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating name entry\n")); X509_NAME_free(subj); goto ERR_REQ; } if(X509_NAME_add_entry(subj, ent, -1, 0) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error adding name entry to subject\n")); X509_NAME_ENTRY_free(ent); X509_NAME_free(subj); goto ERR_REQ; } }//for //Next set the common name and description if((nid = OBJ_txt2nid("commonName")) == NID_undef) { TUTRACE((TUTRACE_ERR, "PROTO: Error getting NID from text\n")); X509_NAME_free(subj); goto ERR_REQ; } if(!(ent = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, (uchar *)SubjName, -1))) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating name entry\n")); X509_NAME_free(subj); goto ERR_REQ; } if(X509_NAME_add_entry(subj, ent, -1, 0) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error adding name entry to subject\n")); X509_NAME_ENTRY_free(ent); X509_NAME_free(subj); goto ERR_REQ; } //Finally add the subject to the request if(X509_REQ_set_subject_name (req, subj) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error setting subject in request\n")); X509_NAME_free(subj); goto ERR_REQ; } //Sign the request if(!(X509_REQ_sign(req, pkey, EVP_sha1()))) { TUTRACE((TUTRACE_ERR, "PROTO: Error signing request\n")); goto ERR_REQ; } //Now we need to serialize the request. So write it to a file and read it out if(!(fp = fopen("protofile", "w"))) { TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for writing\n")); err = TU_ERROR_FILEOPEN; goto ERR_REQ; } if(PEM_write_X509_REQ(fp, req) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error writing request to file\n")); err = TU_ERROR_FILEWRITE; fclose(fp); goto ERR_REQ; } fclose(fp); //now open it for reading in binary format if(!(fp = fopen("protofile", "rb"))) { TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for reading\n")); err = TU_ERROR_FILEOPEN; goto ERR_FILE; } //get the filesize fseek(fp, 0, SEEK_END); fsize = ftell(fp); if(fsize == -1) { TUTRACE((TUTRACE_ERR, "Couldn't determine file size\n")); err = TU_ERROR_FILEREAD; goto ERR_FILE; } //Allocate memory *Cert = (uchar *)malloc(fsize); if(!*Cert) { TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory for cert buffer\n")); err = TU_ERROR_OUT_OF_MEMORY; goto ERR_FILE; } *CertLength = fsize; rewind(fp); fread(*Cert, 1, fsize, fp); err = TU_SUCCESS; ERR_FILE: if(fp) fclose(fp); remove("protofile"); ERR_REQ: X509_REQ_free(req); ERR_PKEY: EVP_PKEY_free(pkey); EXIT: return err; }//GenerateCertRequest
inline name_entry name_entry::from_nid(int _nid, int _type, const void* _data, size_t data_len) { return take_ownership(X509_NAME_ENTRY_create_by_NID(NULL, _nid, _type, static_cast<unsigned char*>(const_cast<void*>(_data)), static_cast<int>(data_len))); }
int CCertificateRequestGenerator::Generate() //Generate certificate request and write into a file { FILE* fp = NULL; char* pbPassword = NULL; EVP_PKEY* pKey = NULL; X509_REQ* pReq = NULL; X509_NAME* pSubj = NULL; const EVP_MD* pDigest = NULL; DWORD bytesWritten; struct entry_pack* pEntPack = NULL; int retFunc = FAIL; //Get command prompt handle HANDLE hndl = GetStdHandle(STD_OUTPUT_HANDLE); OPENSSL_add_all_algorithms_conf(); ERR_load_crypto_strings(); //First read private key from key file if(!(fp = _tfopen(m_privateKeyFile, _T("r")))) { PrintErrorInfo("Error reading key file!", EGeneric, constparams); WriteConsole(hndl, m_privateKeyFile, wcslen(m_privateKeyFile), &bytesWritten, 0); return retFunc; } if(m_password[0] != 0) { DWORD len = 0; len = _tcslen(m_password); pbPassword = MakeMBCSString(m_password, CP_UTF8, len); pKey = PEM_read_PrivateKey(fp, NULL, NULL, pbPassword); delete pbPassword; } else { pKey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); } fclose(fp); fp = NULL; if(!pKey) { PrintErrorInfo("Error reading private key in key file!", EOPENSSL, constparams); return retFunc; } try { //Create a new cert request and add the public key into it if(!(pReq = X509_REQ_new())) { PrintErrorInfo("Error creating X509 request object!", EOPENSSL, constparams); throw EOPENSSL; } X509_REQ_set_pubkey(pReq, pKey); //Now create DN name entries and assign them to request if(!(pSubj = X509_NAME_new())) { PrintErrorInfo("Error creating X509 name object!", EOPENSSL, constparams); throw EOPENSSL; } //Format DN string DoFormatted(m_dname, &pEntPack); if(pEntPack->num == 0) { PrintErrorInfo("Error formatting Distinguished Name!", EGeneric, constparams); throw EGeneric; } for (int i = 0; i < pEntPack->num; i++) { int nid = 0; DWORD lent = 0; X509_NAME_ENTRY *pEnt = NULL; LPSTR pbMBSTRUTF8 = NULL; if((pEntPack->entries[i].value == NULL) || (pEntPack->entries[i].key == NULL)) { PrintErrorInfo("Error in Distinguished Name construction!", EGeneric, constparams); throw EGeneric; } if((nid = OBJ_txt2nid(pEntPack->entries[i].key)) == NID_undef) { PrintErrorInfo("Error finding NID for a DN entry!", EOPENSSL, constparams); throw EOPENSSL; } lent = _tcslen(pEntPack->entries[i].value); pbMBSTRUTF8 = MakeMBCSString(pEntPack->entries[i].value, CP_UTF8, lent); if(lent > 64) //OpenSSL does not accept a string longer than 64 { if(!(pEnt = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_UTF8, (unsigned char *)"dummy", 5))) { PrintErrorInfo("Error creating name entry from NID!", EOPENSSL, constparams); throw EOPENSSL; } pEnt->value->data = (unsigned char *)malloc(lent+1); for(DWORD j=0; j<lent; j++ ) { pEnt->value->data[j] = pbMBSTRUTF8[j]; } pEnt->value->length = lent; } else if(!(pEnt = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_UTF8, (unsigned char *)pbMBSTRUTF8, lent))) { PrintErrorInfo("Error creating name entry from NID!", EOPENSSL, constparams); throw EOPENSSL; } if(X509_NAME_add_entry(pSubj, pEnt, -1, 0) != 1) { PrintErrorInfo("Error adding entry to X509 Name!", EOPENSSL, constparams); throw EOPENSSL; } delete pbMBSTRUTF8; }//for SYMBIAN_FREE_MEM(pEntPack); if(X509_REQ_set_subject_name(pReq, pSubj) != 1) { PrintErrorInfo("Error adding subject to request!", EOPENSSL, constparams); throw EOPENSSL; } //Find the correct digest and sign the request if(EVP_PKEY_type(pKey->type) == EVP_PKEY_DSA) { pDigest = EVP_dss1(); } else if(EVP_PKEY_type(pKey->type) == EVP_PKEY_RSA) { pDigest = EVP_sha1(); } else { PrintErrorInfo("Error checking private key type!", EOPENSSL, constparams); throw EOPENSSL; } if(!(X509_REQ_sign(pReq, pKey, pDigest))) { PrintErrorInfo("Error signing request!", EOPENSSL, constparams); throw EOPENSSL; } if(!(fp = _tfopen(m_RequestFile, _T("w")))) { PrintErrorInfo("Error writing to request file!",EGeneric,constparams); throw EGeneric; } if(PEM_write_X509_REQ(fp, pReq) != 1) { PrintErrorInfo("Error while writing to request file!", EOPENSSL, constparams); throw EOPENSSL; } //Free variables EVP_PKEY_free(pKey); X509_NAME_free(pSubj); X509_REQ_free(pReq); fclose(fp); _tprintf(_T("\nCreated request: ")); WriteConsole(hndl, m_RequestFile, wcslen(m_RequestFile), &bytesWritten, 0); retFunc = SUCCESS; } catch (...) { if(pKey) { EVP_PKEY_free(pKey); } if(pSubj) { X509_NAME_free(pSubj); } if(pReq) { X509_REQ_free(pReq); } SYMBIAN_FREE_MEM(pEntPack); } return retFunc; }