static ASN1_INTEGER *x509_load_serial(const char *CAfile,
const char *serialfile, int create)
{
char *buf = NULL;
ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
if (serialfile == NULL) {
const char *p = strrchr(CAfile, '.');
size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile);
buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer");
memcpy(buf, CAfile, len);
memcpy(buf + len, POSTFIX, sizeof(POSTFIX));
serialfile = buf;
}
serial = load_serial(serialfile, create, NULL);
if (serial == NULL)
goto end;
if (!BN_add_word(serial, 1)) {
BIO_printf(bio_err, "add_word failure\n");
goto end;
}
if (!save_serial(serialfile, NULL, serial, &bs))
goto end;
end:
OPENSSL_free(buf);
BN_free(serial);
return bs;
}
static ASN1_INTEGER *x509_load_serial (char *CAfile, char *serialfile, int create)
{
char *buf = NULL, *p;
ASN1_INTEGER *bs = NULL;
BIGNUM *serial = NULL;
size_t len;
len = ((serialfile == NULL) ? (strlen (CAfile) + strlen (POSTFIX) + 1) : (strlen (serialfile))) + 1;
buf = OPENSSL_malloc (len);
if (buf == NULL)
{
BIO_printf (bio_err, "out of mem\n");
goto end;
}
if (serialfile == NULL)
{
BUF_strlcpy (buf, CAfile, len);
for (p = buf; *p; p++)
if (*p == '.')
{
*p = '\0';
break;
}
BUF_strlcat (buf, POSTFIX, len);
}
else
BUF_strlcpy (buf, serialfile, len);
serial = load_serial (buf, create, NULL);
if (serial == NULL)
goto end;
if (!BN_add_word (serial, 1))
{
BIO_printf (bio_err, "add_word failure\n");
goto end;
}
if (!save_serial (buf, NULL, serial, &bs))
goto end;
end:
if (buf)
OPENSSL_free (buf);
BN_free (serial);
return bs;
}
static int do_load_serial(struct command *cmdtp, int argc, char *argv[])
{
ulong offset = 0;
ulong addr;
int i;
const char *env_echo;
int rcode = 0;
if (((env_echo = getenv("loads_echo")) != NULL) && (*env_echo == '1')) {
do_echo = 1;
} else {
do_echo = 0;
}
if (argc == 2) {
offset = simple_strtoul(argv[1], NULL, 16);
}
printf ("## Ready for S-Record download ...\n");
addr = load_serial(offset);
/*
* Gather any trailing characters (for instance, the ^D which
* is sent by 'cu' after sending a file), and give the
* box some time (100 * 1 ms)
*/
for (i=0; i<100; ++i) {
if (tstc()) {
(void) getc();
}
udelay(1000);
}
if (addr == ~0) {
printf("## S-Record download aborted\n");
rcode = 1;
} else {
printf("## Start Addr = 0x%08lX\n", addr);
}
return rcode;
}
int do_load_serial(struct command *cmdtp, int argc, char *argv[])
{
ulong offset = 0;
ulong addr;
int i;
char *env_echo;
int rcode = 0;
#ifdef CFG_LOADS_BAUD_CHANGE
int load_baudrate, current_baudrate;
load_baudrate = current_baudrate = gd->baudrate;
#endif
if (((env_echo = getenv("loads_echo")) != NULL) && (*env_echo == '1')) {
do_echo = 1;
} else {
do_echo = 0;
}
#ifdef CFG_LOADS_BAUD_CHANGE
if (argc >= 2) {
offset = simple_strtoul(argv[1], NULL, 16);
}
if (argc == 3) {
load_baudrate = (int)simple_strtoul(argv[2], NULL, 10);
/* default to current baudrate */
if (load_baudrate == 0)
load_baudrate = current_baudrate;
}
if (load_baudrate != current_baudrate) {
printf ("## Switch baudrate to %d bps and press ENTER ...\n",
load_baudrate);
udelay(50000);
gd->baudrate = load_baudrate;
serial_setbrg ();
udelay(50000);
for (;;) {
if (getc() == '\r')
break;
}
}
#else /* ! CFG_LOADS_BAUD_CHANGE */
if (argc == 2) {
offset = simple_strtoul(argv[1], NULL, 16);
}
#endif /* CFG_LOADS_BAUD_CHANGE */
printf ("## Ready for S-Record download ...\n");
addr = load_serial (offset);
/*
* Gather any trailing characters (for instance, the ^D which
* is sent by 'cu' after sending a file), and give the
* box some time (100 * 1 ms)
*/
for (i=0; i<100; ++i) {
if (tstc()) {
(void) getc();
}
udelay(1000);
}
if (addr == ~0) {
printf ("## S-Record download aborted\n");
rcode = 1;
} else {
printf ("## Start Addr = 0x%08lX\n", addr);
load_addr = addr;
}
#ifdef CFG_LOADS_BAUD_CHANGE
if (load_baudrate != current_baudrate) {
printf ("## Switch baudrate to %d bps and press ESC ...\n",
current_baudrate);
udelay (50000);
gd->baudrate = current_baudrate;
serial_setbrg ();
udelay (50000);
for (;;) {
if (getc() == 0x1B) /* ESC */
break;
}
}
#endif
return rcode;
}
static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
{
int ret=0;
ASN1_INTEGER *bs=NULL;
X509_STORE_CTX xsc;
EVP_PKEY *upkey;
upkey = X509_get_pubkey(xca);
EVP_PKEY_copy_parameters(upkey,pkey);
EVP_PKEY_free(upkey);
if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
{
BIO_printf(bio_err,"Error initialising X509 store\n");
goto end;
}
if (sno) bs = sno;
else if (!(bs = load_serial(CAfile, serialfile, create)))
goto end;
if (!X509_STORE_add_cert(ctx,x)) goto end;
/* NOTE: this certificate can/should be self signed, unless it was
* a certificate request in which case it is not. */
X509_STORE_CTX_set_cert(&xsc,x);
if (!reqfile && !X509_verify_cert(&xsc))
goto end;
if (!X509_check_private_key(xca,pkey))
{
BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
goto end;
}
if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
if (!X509_set_serialNumber(x,bs)) goto end;
if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
goto end;
/* hardwired expired */
if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
goto end;
if (clrext)
{
while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
}
if (conf)
{
X509V3_CTX ctx2;
X509_set_version(x,2); /* version 3 certificate */
X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
X509V3_set_nconf(&ctx2, conf);
if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
}
if (!X509_sign(x,pkey,digest)) goto end;
ret=1;
end:
X509_STORE_CTX_cleanup(&xsc);
if (!ret)
ERR_print_errors(bio_err);
if (!sno) ASN1_INTEGER_free(bs);
return ret;
}