int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { int reason_code; BIO *in; int ret = 0; X509 *x = NULL; in = BIO_new(BIO_s_file()); if (in == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { reason_code = ERR_R_ASN1_LIB; x = d2i_X509_bio(in, NULL); } else if (type == SSL_FILETYPE_PEM) { reason_code = ERR_R_PEM_LIB; x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); goto end; } if (x == NULL) { OPENSSL_PUT_ERROR(SSL, reason_code); goto end; } ret = SSL_use_certificate(ssl, x); end: X509_free(x); BIO_free(in); return ret; }
int SSL_use_certificate_file(SSL *ssl, const char *file, int type) { int j; BIO *in; int ret = 0; X509 *x = NULL; in = BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; x = d2i_X509_bio(in, NULL); } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; } if (x == NULL) { SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j); goto end; } ret = SSL_use_certificate(ssl, x); end: if (x != NULL) X509_free(x); if (in != NULL) BIO_free(in); return (ret); }
int SSLContext::setCertificateChainFile( const char * pFile ) { BIO *bio; X509 *x509; STACK_OF(X509) * pExtraCerts; unsigned long err; int n; if ((bio = BIO_new(BIO_s_file_internal())) == NULL) return 0; if (BIO_read_filename(bio, pFile) <= 0) { BIO_free(bio); return 0; } pExtraCerts=m_pCtx->extra_certs; if ( pExtraCerts != NULL) { sk_X509_pop_free((STACK_OF(X509) *)pExtraCerts, X509_free); m_pCtx->extra_certs = NULL; }
Handle<CertificationRequest> Provider_System::getCSRFromURI(Handle<std::string> uri, Handle<std::string> format){ LOGGER_FN(); try{ BIO *bioFile = NULL; X509_REQ *hreq = NULL; LOGGER_OPENSSL(BIO_new); bioFile = BIO_new(BIO_s_file()); LOGGER_OPENSSL(BIO_read_filename); if (BIO_read_filename(bioFile, uri->c_str()) > 0){ LOGGER_OPENSSL(BIO_seek); BIO_seek(bioFile, 0); if (strcmp(format->c_str(), "PEM") == 0){ LOGGER_OPENSSL(PEM_read_bio_X509_REQ); hreq = PEM_read_bio_X509_REQ(bioFile, NULL, NULL, NULL); } else if (strcmp(format->c_str(), "DER") == 0){ LOGGER_OPENSSL(d2i_X509_REQ_bio); hreq = d2i_X509_REQ_bio(bioFile, NULL); } else{ THROW_EXCEPTION(0, Provider_System, NULL, "Unsupported format. Only PEM | DER"); } } LOGGER_OPENSSL(BIO_free); BIO_free(bioFile); if (!hreq){ THROW_EXCEPTION(0, Provider_System, NULL, "Unable decode csr from PEM/DER"); } else{ return new CertificationRequest(hreq); } } catch (Handle<Exception> e){ THROW_EXCEPTION(0, Provider_System, e, "getCSRFromURI"); } }
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) { int j; BIO *in; int ret = 0; X509 *x = NULL; in = BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerrorx(ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { SSLerrorx(ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; x = d2i_X509_bio(in, NULL); } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else { SSLerrorx(SSL_R_BAD_SSL_FILETYPE); goto end; } if (x == NULL) { SSLerrorx(j); goto end; } ret = SSL_CTX_use_certificate(ctx, x); end: X509_free(x); BIO_free(in); return (ret); }
static apr_byte_t apr_jwk_parse_rsa_key(apr_pool_t *pool, int is_private_key, const char *filename, apr_jwk_t **j_jwk, apr_jwt_error_t *err) { BIO *input = NULL; apr_jwk_key_rsa_t *key = NULL; apr_byte_t rv = FALSE; if ((input = BIO_new(BIO_s_file())) == NULL) { apr_jwt_error_openssl(err, "BIO_new/BIO_s_file"); goto end; } if (BIO_read_filename(input, filename) <= 0) { apr_jwt_error_openssl(err, "BIO_read_filename"); goto end; } if (apr_jwk_rsa_bio_to_key(pool, input, &key, is_private_key, err) == FALSE) goto end; /* allocate memory for the JWK */ *j_jwk = apr_pcalloc(pool, sizeof(apr_jwk_t)); apr_jwk_t *jwk = *j_jwk; jwk->type = APR_JWK_KEY_RSA; jwk->key.rsa = key; /* calculate a unique key identifier (kid) by fingerprinting the key params */ // TODO: based just on sha1 hash of modulus "n" now..., could do this based on jwk->value.str if (apr_jwk_hash_and_base64urlencode(pool, key->modulus, key->modulus_len, &jwk->kid, err) == FALSE) goto end; rv = TRUE; end: if (input) BIO_free(input); return rv; }
static SSL_SESSION *load_sess_id(char *infile, int format) { SSL_SESSION *x=NULL; BIO *in=NULL; in=BIO_new(BIO_s_file()); if (in == NULL) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { perror(infile); goto end; } } if (format == FORMAT_ASN1) x=d2i_SSL_SESSION_bio(in,NULL); else if (format == FORMAT_PEM) x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified for input crl\n"); goto end; } if (x == NULL) { BIO_printf(bio_err,"unable to load SSL_SESSION\n"); ERR_print_errors(bio_err); goto end; } end: if (in != NULL) BIO_free(in); return(x); }
static X509_CRL *load_crl(char *infile, int format) { X509_CRL *x=NULL; BIO *in=NULL; in=BIO_new(BIO_s_file()); if (in == NULL) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { TINYCLR_SSL_PERROR(infile); goto end; } } if (format == FORMAT_ASN1) x=d2i_X509_CRL_bio(in,NULL); else if (format == FORMAT_PEM) x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified for input crl\n"); goto end; } if (x == NULL) { BIO_printf(bio_err,"unable to load CRL\n"); ERR_print_errors(bio_err); goto end; } end: BIO_free(in); return(x); }
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { int reason_code, ret = 0; BIO *in; RSA *rsa = NULL; in = BIO_new(BIO_s_file()); if (in == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { reason_code = ERR_R_ASN1_LIB; rsa = d2i_RSAPrivateKey_bio(in, NULL); } else if (type == SSL_FILETYPE_PEM) { reason_code = ERR_R_PEM_LIB; rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ssl->ctx->default_passwd_callback, ssl->ctx->default_passwd_callback_userdata); } else { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); goto end; } if (rsa == NULL) { OPENSSL_PUT_ERROR(SSL, reason_code); goto end; } ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); end: BIO_free(in); return ret; }
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int j, ret = 0; BIO *in; EVP_PKEY *pkey = NULL; in = BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in, NULL); } else { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); goto end; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); end: BIO_free(in); return (ret); }
Handle<CRL> Provider_System::getCRLFromURI(Handle<std::string> uri, Handle<std::string> format){ LOGGER_FN(); try{ BIO *bioFile = NULL; X509_CRL *hcrl = NULL; LOGGER_OPENSSL(BIO_new); bioFile = BIO_new(BIO_s_file()); LOGGER_OPENSSL(BIO_read_filename); if (BIO_read_filename(bioFile, uri->c_str()) > 0){ LOGGER_OPENSSL(BIO_seek); BIO_seek(bioFile, 0); if (strcmp(format->c_str(), "PEM") == 0){ LOGGER_OPENSSL(PEM_read_bio_X509_CRL); hcrl = PEM_read_bio_X509_CRL(bioFile, NULL, NULL, NULL); } else if (strcmp(format->c_str(), "DER") == 0){ LOGGER_OPENSSL(d2i_X509_CRL_bio); hcrl = d2i_X509_CRL_bio(bioFile, NULL); } else{ THROW_EXCEPTION(0, Provider_System, NULL, "Unsupported format. Only PEM | DER"); } } LOGGER_OPENSSL(BIO_free); BIO_free(bioFile); if (!hcrl){ THROW_EXCEPTION(0, Provider_System, NULL, "Unable decode CRL from PEM/DE"); } else{ return new CRL(hcrl); } } catch (Handle<Exception> e){ THROW_EXCEPTION(0, Provider_System, e, "getCRLFromURI"); } }
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) { int j, ret = 0; BIO *in; RSA *rsa = NULL; in = BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; rsa = d2i_RSAPrivateKey_bio(in, NULL); } else if (type == SSL_FILETYPE_PEM) { j = ERR_R_PEM_LIB; rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ssl->ctx->default_passwd_callback, ssl-> ctx->default_passwd_callback_userdata); } else { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); goto end; } if (rsa == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j); goto end; } ret = SSL_use_RSAPrivateKey(ssl, rsa); RSA_free(rsa); end: if (in != NULL) BIO_free(in); return (ret); }
/* * Null Server certificate when initializing server */ static void us894_test16 (void) { unsigned char *cacerts = NULL; int cacerts_len = 0; BIO *keyin; EVP_PKEY *priv_key; int rv; EST_CTX *ctx; LOG_FUNC_NM; /* * Read in the CA certificates */ cacerts_len = read_binary_file(US894_CACERT, &cacerts); CU_ASSERT(cacerts_len > 0); /* * Read the server key */ keyin = BIO_new(BIO_s_file_internal()); rv = BIO_read_filename(keyin, US894_SERVER_KEY); CU_ASSERT(rv > 0); priv_key = PEM_read_bio_PrivateKey(keyin, NULL, NULL, NULL); CU_ASSERT(priv_key != NULL); BIO_free(keyin); /* * Attempt to init EST proxy using NULL server key */ est_init_logger(EST_LOG_LVL_INFO, NULL); ctx = est_proxy_init(cacerts, cacerts_len, cacerts, cacerts_len, EST_CERT_FORMAT_PEM, "testrealm", NULL, priv_key, "estuser", "estpwd"); CU_ASSERT(ctx == NULL); EVP_PKEY_free(priv_key); }
static PyObject * PySSL_test_decode_certificate (PyObject *mod, PyObject *args) { PyObject *retval = NULL; char *filename = NULL; X509 *x=NULL; BIO *cert; int verbose = 1; if (!PyArg_ParseTuple(args, "s|i:test_decode_certificate", &filename, &verbose)) return NULL; if ((cert=BIO_new(BIO_s_file())) == NULL) { PyErr_SetString(PySSLErrorObject, "Can't malloc memory to read file"); goto fail0; } if (BIO_read_filename(cert,filename) <= 0) { PyErr_SetString(PySSLErrorObject, "Can't open file"); goto fail0; } x = PEM_read_bio_X509_AUX(cert,NULL, NULL, NULL); if (x == NULL) { PyErr_SetString(PySSLErrorObject, "Error decoding PEM-encoded file"); goto fail0; } retval = _decode_certificate(x, verbose); fail0: if (cert != NULL) BIO_free(cert); return retval; }
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int reason_code, ret = 0; BIO *in; EVP_PKEY *pkey = NULL; in = BIO_new(BIO_s_file()); if (in == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { reason_code = ERR_R_PEM_LIB; pkey = PEM_read_bio_PrivateKey(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); } else if (type == SSL_FILETYPE_ASN1) { reason_code = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in, NULL); } else { OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { OPENSSL_PUT_ERROR(SSL, reason_code); goto end; } ret = SSL_CTX_use_PrivateKey(ctx, pkey); EVP_PKEY_free(pkey); end: BIO_free(in); return ret; }
/* * read requestor data * * for version 2 requests, the requestor and the SCEP client can be different * and the request does not need to be a PKCS#10 */ static int read_requestorstuff(scep_t *scep, int type, char *filename) { BIO *bio; NETSCAPE_SPKI *spki = NULL; X509_REQ *req = NULL; bio = BIO_new(BIO_s_file()); if (BIO_read_filename(bio, filename) < 0) { BIO_printf(bio_err, "%s:%d: cannot read request file '%s'\n", __FILE__, __LINE__, filename); goto err; } switch (type) { case 0: scep->requestorreq = d2i_X509_REQ_bio(bio, &req); if (scep->requestorreq == NULL) { BIO_printf(bio_err, "%s:%d: cannot decode X509_REQ\n", __FILE__, __LINE__); goto err; } scep->requestorpubkey = X509_REQ_get_pubkey(scep->requestorreq); break; case 1: scep->requestorspki = d2i_NETSCAPE_SPKI_bio(bio, &spki); if (scep->requestorspki == NULL) { BIO_printf(bio_err, "%s:%d: cannot decode SPKI\n", __FILE__, __LINE__); goto err; } scep->requestorpubkey = NETSCAPE_SPKI_get_pubkey(scep->requestorspki); break; default: goto err; } return 0; err: ERR_print_errors(bio_err); return -1; }
/* * Null Server certificate private key when initializing server */ static void us894_test17 (void) { unsigned char *cacerts = NULL; int cacerts_len = 0; BIO *certin; X509 *x; int rv; EST_CTX *ctx; LOG_FUNC_NM; /* * Read in the CA certificates */ cacerts_len = read_binary_file(US894_CACERT, &cacerts); CU_ASSERT(cacerts_len > 0); /* * Read the server cert */ certin = BIO_new(BIO_s_file_internal()); rv = BIO_read_filename(certin, US894_SERVER_CERT); CU_ASSERT(rv > 0); x = PEM_read_bio_X509(certin, NULL, NULL, NULL); CU_ASSERT(x != NULL); BIO_free(certin); /* * Attempt to init EST proxy using NULL private key */ est_init_logger(EST_LOG_LVL_INFO, NULL); ctx = est_proxy_init(cacerts, cacerts_len, cacerts, cacerts_len, EST_CERT_FORMAT_PEM, "testrealm", x, NULL, "estuser", "estpwd"); CU_ASSERT(ctx == NULL); X509_free(x); }
/* * Based on SSL_CTX_use_certificate_file, return an x509 object for the * given file. */ static int tls_ctx_read_certificate_file(SSL_CTX *ctx, const char *file, X509 **x509) { int j; BIO *in; int ret=0; X509 *x=NULL; in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in,file) <= 0) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); goto end; } x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB); goto end; } end: if (in != NULL) BIO_free(in); if (x509) *x509 = x; else if (x) X509_free (x); return(ret); }
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) { BIO *in; int ret = 0; in = BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); goto end; } ret = ssl_ctx_use_certificate_chain_bio(ctx, in); end: BIO_free(in); return (ret); }
EVP_PKEY* VSslServer::loadKey(VError& error, QString fileName) { BIO* bio = BIO_new(BIO_s_file()); if (bio == NULL) { QString msg = "BIO_s_file return NULL"; LOG_ERROR("%s", qPrintable(msg)); error = VSslError(msg, VSslError::IN_BIO_S_FILE); return NULL; } long res = BIO_read_filename(bio, qPrintable(fileName)); if (res <= 0) { QString msg = QString("BIO_read_filename(%1) return %2").arg(fileName).arg(res); LOG_ERROR("%s", qPrintable(msg)); error = VSslError(msg, VSslError::IN_BIO_READ_FILENAME); BIO_free(bio); return NULL; } EVP_PKEY* key = PEM_read_bio_PrivateKey(bio, NULL, NULL, // (pem_password_cb*)password_callback // gilgil temp 2008.10.29 NULL // &cb_data); ); if (key == NULL) { QString msg = "PEM_read_bio_PrivateKey return NULL"; LOG_ERROR("%s", qPrintable(msg)); error = VSslError(msg, VSslError::IN_PEM_READ_BIO_PRIVATEKEY); BIO_free(bio); return NULL; } BIO_free(bio); return key; }
STACK_OF(X509)* bdoc::X509Cert::loadX509Stack(const std::string& path) { STACK_OF(X509)* stack = sk_X509_new_null(); if (stack == NULL) { THROW_STACK_EXCEPTION("Failed to create X.509 certificate stack."); } BIO* file = BIO_new(BIO_s_file()); BIO_scope fileScope(&file); if (file == NULL) { THROW_STACK_EXCEPTION("Failed to open X.509 certificates file '%s': %s", path.c_str(), ERR_reason_error_string(ERR_get_error())); } if (BIO_read_filename(file, path.c_str()) <= 0) { THROW_STACK_EXCEPTION("Failed to open X.509 certificates file '%s': %s", path.c_str(), ERR_reason_error_string(ERR_get_error())); } STACK_OF(X509_INFO)* certsInfo = PEM_X509_INFO_read_bio(file, NULL, NULL, NULL); if (certsInfo == NULL) { THROW_STACK_EXCEPTION("Failed to read X.509 certificates from file '%s': %s", path.c_str(), ERR_reason_error_string(ERR_get_error())); } for (int i = 0; i < sk_X509_INFO_num(certsInfo); i++) { X509_INFO* xi = sk_X509_INFO_value(certsInfo, i); if (xi->x509 != NULL) { sk_X509_push(stack, xi->x509); xi->x509 = NULL; } } sk_X509_INFO_pop_free(certsInfo, X509_INFO_free); return stack; }
/* * convert PEM formatted public/private key file to JSON string representation */ static apr_byte_t apr_jwk_pem_to_json_impl(apr_pool_t *pool, const char *filename, char **s_jwk, char**s_kid, int is_private_key) { BIO *input = NULL; apr_jwk_key_rsa_t *key = NULL; apr_byte_t rv = FALSE; if ((input = BIO_new(BIO_s_file())) == NULL) goto end; if (BIO_read_filename(input, filename) <= 0) goto end; if (apr_jwk_rsa_bio_to_key(pool, input, &key, is_private_key) == FALSE) goto end; rv = apr_jwk_rsa_to_json(pool, key, s_jwk, s_kid); end: if (input) BIO_free(input); return rv; }
int SSL_CTX_use_PrivateKey_file_pass (SSL_CTX * ctx, char *filename, char *pass) { EVP_PKEY *pkey = NULL; BIO *key = NULL; key = BIO_new (BIO_s_file ()); BIO_read_filename (key, filename); pkey = PEM_read_bio_PrivateKey (key, NULL, NULL, pass); if (pkey == NULL) { printf ("PEM_read_bio_PrivateKey err"); return -1; } if (SSL_CTX_use_PrivateKey (ctx, pkey) <= 0) { printf ("SSL_CTX_use_PrivateKey err\n"); return -1; } BIO_free (key); return 1; }
void LLBasicCertificateStore::load_from_file(const std::string& filename) { // scan the PEM file extracting each certificate if (!LLFile::isfile(filename)) { return; } BIO* file_bio = BIO_new(BIO_s_file()); if(file_bio) { if (BIO_read_filename(file_bio, filename.c_str()) > 0) { X509 *cert_x509 = NULL; while((PEM_read_bio_X509(file_bio, &cert_x509, 0, NULL)) && (cert_x509 != NULL)) { try { add(new LLBasicCertificate(cert_x509)); } catch (...) { LL_WARNS("SECAPI") << "Failure creating certificate from the certificate store file." << LL_ENDL; } X509_free(cert_x509); cert_x509 = NULL; } BIO_free(file_bio); } } else { LL_WARNS("SECAPI") << "Could not allocate a file BIO" << LL_ENDL; } }
XSECCryptoKey * InteropResolver::openCertURI(const XMLCh * uri) { // Open a certificate from a file URI relative to the signature file BIO * bioCert; if ((bioCert = BIO_new(BIO_s_file())) == NULL) { return NULL; } safeBuffer fname; char * u = XMLString::transcode(uri); fname.sbTranscodeIn(mp_baseURI); fname.sbStrcatIn("/"); fname.sbStrcatIn(u); XSEC_RELEASE_XMLCH(u); #if defined(_WIN32) reverseSlash(fname); #endif if (BIO_read_filename(bioCert, fname.rawCharBuffer()) <= 0) { return NULL; } X509 * x509 = d2i_X509_bio(bioCert, NULL); BIO_free(bioCert); OpenSSLCryptoX509 oX509(x509); X509_free(x509); return oX509.clonePublicKey(); }
/* read_authz returns a newly allocated buffer with authz data */ static unsigned char *read_authz(const char *file, size_t *authz_length) { BIO *authz_in = NULL; unsigned char *authz = NULL; /* Allow authzs up to 64KB. */ static const size_t authz_limit = 65536; size_t read_length; unsigned char *ret = NULL; authz_in = BIO_new(BIO_s_file_internal()); if (authz_in == NULL) { SSLerr(SSL_F_READ_AUTHZ,ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(authz_in,file) <= 0) { SSLerr(SSL_F_READ_AUTHZ,ERR_R_SYS_LIB); goto end; } authz = OPENSSL_malloc(authz_limit); read_length = BIO_read(authz_in, authz, authz_limit); if (read_length == authz_limit || read_length <= 0) { SSLerr(SSL_F_READ_AUTHZ,SSL_R_AUTHZ_DATA_TOO_LARGE); OPENSSL_free(authz); goto end; } *authz_length = read_length; ret = authz; end: if (authz_in != NULL) BIO_free(authz_in); return ret; }
int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; char *inrand=NULL,*dsaparams=NULL; char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } else if (strcmp(*argv,"-") == 0) goto bad; #ifndef OPENSSL_NO_DES else if (strcmp(*argv,"-des") == 0) enc=EVP_des_cbc(); else if (strcmp(*argv,"-des3") == 0) enc=EVP_des_ede3_cbc(); #endif #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_SEED else if (strcmp(*argv,"-seed") == 0) enc=EVP_seed_cbc(); #endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv,"-aes128") == 0) enc=EVP_aes_128_cbc(); else if (strcmp(*argv,"-aes192") == 0) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA else if (strcmp(*argv,"-camellia128") == 0) enc=EVP_camellia_128_cbc(); else if (strcmp(*argv,"-camellia192") == 0) enc=EVP_camellia_192_cbc(); else if (strcmp(*argv,"-camellia256") == 0) enc=EVP_camellia_256_cbc(); #endif else if (**argv != '-' && dsaparams == NULL) { dsaparams = *argv; } else goto bad; argv++; argc--; } if (dsaparams == NULL) { bad: BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); BIO_printf(bio_err," -out file - output the key to 'file'\n"); #ifndef OPENSSL_NO_DES BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); #endif #ifndef OPENSSL_NO_SEED BIO_printf(bio_err," -seed\n"); BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," dsaparam-file\n"); BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); goto end; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } in=BIO_new(BIO_s_file()); if (!(BIO_read_filename(in,dsaparams))) { perror(dsaparams); goto end; } if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) { BIO_printf(bio_err,"unable to load DSA parameter file\n"); goto end; } BIO_free(in); in = NULL; out=BIO_new(BIO_s_file()); if (out == NULL) goto end; if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating DSA key, %d bits\n", BN_num_bits(dsa->p)); if (!DSA_generate_key(dsa)) goto end; app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout)) goto end; ret=0; end: if (ret != 0) ERR_print_errors(bio_err); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); if(passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int dgst_main(int argc, char **argv) { BIO *in = NULL, *inp, *bmd = NULL, *out = NULL; ENGINE *e = NULL, *impl = NULL; EVP_PKEY *sigkey = NULL; STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; char *hmac_key = NULL; char *mac_name = NULL; char *passinarg = NULL, *passin = NULL; const EVP_MD *md = NULL, *m; const char *outfile = NULL, *keyfile = NULL, *prog = NULL; const char *sigfile = NULL, *randfile = NULL; OPTION_CHOICE o; int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0; int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0, non_fips_allow = 0; unsigned char *buf = NULL, *sigbuf = NULL; int engine_impl = 0; prog = opt_progname(argv[0]); buf = app_malloc(BUFSIZE, "I/O buffer"); md = EVP_get_digestbyname(prog); prog = opt_init(argc, argv, dgst_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(dgst_options); ret = 0; goto end; case OPT_C: separator = 1; break; case OPT_R: separator = 2; break; case OPT_RAND: randfile = opt_arg(); break; case OPT_OUT: outfile = opt_arg(); break; case OPT_SIGN: keyfile = opt_arg(); break; case OPT_PASSIN: passinarg = opt_arg(); break; case OPT_VERIFY: keyfile = opt_arg(); want_pub = do_verify = 1; break; case OPT_PRVERIFY: keyfile = opt_arg(); do_verify = 1; break; case OPT_SIGNATURE: sigfile = opt_arg(); break; case OPT_KEYFORM: if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) goto opthelp; break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; case OPT_ENGINE_IMPL: engine_impl = 1; break; case OPT_HEX: out_bin = 0; break; case OPT_BINARY: out_bin = 1; break; case OPT_DEBUG: debug = 1; break; case OPT_FIPS_FINGERPRINT: hmac_key = "etaonrishdlcupfm"; break; case OPT_NON_FIPS_ALLOW: non_fips_allow = 1; break; case OPT_HMAC: hmac_key = opt_arg(); break; case OPT_MAC: mac_name = opt_arg(); break; case OPT_SIGOPT: if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) goto opthelp; break; case OPT_MACOPT: if (!macopts) macopts = sk_OPENSSL_STRING_new_null(); if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg())) goto opthelp; break; case OPT_DIGEST: if (!opt_md(opt_unknown(), &m)) goto opthelp; md = m; break; } } argc = opt_num_rest(); argv = opt_rest(); if (do_verify && !sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); goto end; } if (engine_impl) impl = e; in = BIO_new(BIO_s_file()); bmd = BIO_new(BIO_f_md()); if ((in == NULL) || (bmd == NULL)) { ERR_print_errors(bio_err); goto end; } if (debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ BIO_set_callback_arg(in, (char *)bio_err); } if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (out_bin == -1) { if (keyfile) out_bin = 1; else out_bin = 0; } if (randfile) app_RAND_load_file(randfile, 0); out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT); if (out == NULL) goto end; if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) { BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n"); goto end; } if (keyfile) { if (want_pub) sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file"); else sigkey = load_key(keyfile, keyform, 0, passin, e, "key file"); if (!sigkey) { /* * load_[pub]key() has already printed an appropriate message */ goto end; } } if (mac_name) { EVP_PKEY_CTX *mac_ctx = NULL; int r = 0; if (!init_gen_str(&mac_ctx, mac_name, impl, 0)) goto mac_end; if (macopts) { char *macopt; for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { macopt = sk_OPENSSL_STRING_value(macopts, i); if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { BIO_printf(bio_err, "MAC parameter error \"%s\"\n", macopt); ERR_print_errors(bio_err); goto mac_end; } } } if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) { BIO_puts(bio_err, "Error generating key\n"); ERR_print_errors(bio_err); goto mac_end; } r = 1; mac_end: EVP_PKEY_CTX_free(mac_ctx); if (r == 0) goto end; } if (non_fips_allow) { EVP_MD_CTX *md_ctx; BIO_get_md_ctx(bmd, &md_ctx); EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); } if (hmac_key) { sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl, (unsigned char *)hmac_key, -1); if (!sigkey) goto end; } if (sigkey) { EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pctx = NULL; int r; if (!BIO_get_md_ctx(bmd, &mctx)) { BIO_printf(bio_err, "Error getting context\n"); ERR_print_errors(bio_err); goto end; } if (do_verify) r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey); else r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); if (!r) { BIO_printf(bio_err, "Error setting context\n"); ERR_print_errors(bio_err); goto end; } if (sigopts) { char *sigopt; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { sigopt = sk_OPENSSL_STRING_value(sigopts, i); if (pkey_ctrl_string(pctx, sigopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt); ERR_print_errors(bio_err); goto end; } } } } /* we use md as a filter, reading from 'in' */ else { EVP_MD_CTX *mctx = NULL; if (!BIO_get_md_ctx(bmd, &mctx)) { BIO_printf(bio_err, "Error getting context\n"); ERR_print_errors(bio_err); goto end; } if (md == NULL) md = EVP_md5(); if (!EVP_DigestInit_ex(mctx, md, impl)) { BIO_printf(bio_err, "Error setting digest\n"); ERR_print_errors(bio_err); goto end; } } if (sigfile && sigkey) { BIO *sigbio = BIO_new_file(sigfile, "rb"); if (!sigbio) { BIO_printf(bio_err, "Error opening signature file %s\n", sigfile); ERR_print_errors(bio_err); goto end; } siglen = EVP_PKEY_size(sigkey); sigbuf = app_malloc(siglen, "signature buffer"); siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if (siglen <= 0) { BIO_printf(bio_err, "Error reading signature file %s\n", sigfile); ERR_print_errors(bio_err); goto end; } } inp = BIO_push(bmd, in); if (md == NULL) { EVP_MD_CTX *tctx; BIO_get_md_ctx(bmd, &tctx); md = EVP_MD_CTX_md(tctx); } if (argc == 0) { BIO_set_fp(in, stdin, BIO_NOCLOSE); ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, siglen, NULL, NULL, "stdin", bmd); } else { const char *md_name = NULL, *sig_name = NULL; if (!out_bin) { if (sigkey) { const EVP_PKEY_ASN1_METHOD *ameth; ameth = EVP_PKEY_get0_asn1(sigkey); if (ameth) EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &sig_name, ameth); } if (md) md_name = EVP_MD_name(md); } ret = 0; for (i = 0; i < argc; i++) { int r; if (BIO_read_filename(in, argv[i]) <= 0) { perror(argv[i]); ret++; continue; } else r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf, siglen, sig_name, md_name, argv[i], bmd); if (r) ret = r; (void)BIO_reset(bmd); } } end: OPENSSL_clear_free(buf, BUFSIZE); BIO_free(in); OPENSSL_free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); sk_OPENSSL_STRING_free(sigopts); sk_OPENSSL_STRING_free(macopts); OPENSSL_free(sigbuf); BIO_free(bmd); return (ret); }
int MAIN(int argc, char **argv) { int i,badops=0,offset=0,ret=1,j; unsigned int length=0; long num,tmplen; BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL; int informat,indent=0, noout = 0, dump = 0; char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL; unsigned char *tmpbuf; BUF_MEM *buf=NULL; STACK *osk=NULL; ASN1_TYPE *at=NULL; informat=FORMAT_PEM; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); prog=argv[0]; argc--; argv++; if ((osk=sk_new_null()) == NULL) { BIO_printf(bio_err,"Memory allocation failure\n"); goto end; } while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; derfile= *(++argv); } else if (strcmp(*argv,"-i") == 0) { indent=1; } else if (strcmp(*argv,"-noout") == 0) noout = 1; else if (strcmp(*argv,"-oid") == 0) { if (--argc < 1) goto bad; oidfile= *(++argv); } else if (strcmp(*argv,"-offset") == 0) { if (--argc < 1) goto bad; offset= atoi(*(++argv)); } else if (strcmp(*argv,"-length") == 0) { if (--argc < 1) goto bad; length= atoi(*(++argv)); if (length == 0) goto bad; } else if (strcmp(*argv,"-dump") == 0) { dump= -1; } else if (strcmp(*argv,"-dlimit") == 0) { if (--argc < 1) goto bad; dump= atoi(*(++argv)); if (dump <= 0) goto bad; } else if (strcmp(*argv,"-strparse") == 0) { if (--argc < 1) goto bad; sk_push(osk,*(++argv)); } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - one of DER TXT PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file (output format is always DER\n"); BIO_printf(bio_err," -noout arg don't produce any output\n"); BIO_printf(bio_err," -offset arg offset into file\n"); BIO_printf(bio_err," -length arg length of section in file\n"); BIO_printf(bio_err," -i indent entries\n"); BIO_printf(bio_err," -dump dump unknown data in hex form\n"); BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n"); BIO_printf(bio_err," -oid file file of extra oid definitions\n"); BIO_printf(bio_err," -strparse offset\n"); BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n"); BIO_printf(bio_err," ASN1 blob wrappings\n"); goto end; } ERR_load_crypto_strings(); in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif if (oidfile != NULL) { if (BIO_read_filename(in,oidfile) <= 0) { BIO_printf(bio_err,"problems opening %s\n",oidfile); ERR_print_errors(bio_err); goto end; } OBJ_create_objects(in); } if (infile == NULL) BIO_set_fp(in,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { perror(infile); goto end; } } if (derfile) { if(!(derout = BIO_new_file(derfile, "wb"))) { BIO_printf(bio_err,"problems opening %s\n",derfile); ERR_print_errors(bio_err); goto end; } } if ((buf=BUF_MEM_new()) == NULL) goto end; if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */ if (informat == FORMAT_PEM) { BIO *tmp; if ((b64=BIO_new(BIO_f_base64())) == NULL) goto end; BIO_push(b64,in); tmp=in; in=b64; b64=tmp; } num=0; for (;;) { if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end; i=BIO_read(in,&(buf->data[num]),BUFSIZ); if (i <= 0) break; num+=i; } str=buf->data; /* If any structs to parse go through in sequence */ if (sk_num(osk)) { tmpbuf=(unsigned char *)str; tmplen=num; for (i=0; i<sk_num(osk); i++) { ASN1_TYPE *atmp; j=atoi(sk_value(osk,i)); if (j == 0) { BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i)); continue; } tmpbuf+=j; tmplen-=j; atmp = at; at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen); ASN1_TYPE_free(atmp); if(!at) { BIO_printf(bio_err,"Error parsing structure\n"); ERR_print_errors(bio_err); goto end; } /* hmm... this is a little evil but it works */ tmpbuf=at->value.asn1_string->data; tmplen=at->value.asn1_string->length; } str=(char *)tmpbuf; num=tmplen; } if (length == 0) length=(unsigned int)num; if(derout) { if(BIO_write(derout, str + offset, length) != (int)length) { BIO_printf(bio_err, "Error writing output\n"); ERR_print_errors(bio_err); goto end; } } if (!noout && !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length, indent,dump)) { ERR_print_errors(bio_err); goto end; } ret=0; end: BIO_free(derout); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (b64 != NULL) BIO_free(b64); if (ret != 0) ERR_print_errors(bio_err); if (buf != NULL) BUF_MEM_free(buf); if (at != NULL) ASN1_TYPE_free(at); if (osk != NULL) sk_free(osk); OBJ_cleanup(); OPENSSL_EXIT(ret); }
int MAIN(int argc, char **argv) { ENGINE *e = NULL; int ret=1; X509_REQ *req=NULL; X509 *x=NULL,*xca=NULL; ASN1_OBJECT *objtmp; STACK_OF(OPENSSL_STRING) *sigopts = NULL; EVP_PKEY *Upkey=NULL,*CApkey=NULL; ASN1_INTEGER *sno = NULL; int i,num,badops=0; BIO *out=NULL; BIO *STDout=NULL; STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; int informat,outformat,keyformat,CAformat,CAkeyformat; char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL; char *CAkeyfile=NULL,*CAserial=NULL; char *alias=NULL; int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; int next_serial=0; int subject_hash=0,issuer_hash=0,ocspid=0; #ifndef OPENSSL_NO_MD5 int subject_hash_old=0,issuer_hash_old=0; #endif int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int ocsp_uri=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int C=0; int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0; int pprint = 0; const char **pp; X509_STORE *ctx=NULL; X509_REQ *rq=NULL; int fingerprint=0; char buf[256]; const EVP_MD *md_alg,*digest=NULL; CONF *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif reqfile=0; apps_startup(); if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; STDout=BIO_new_fp(stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); STDout = BIO_push(tmpbio, STDout); } #endif informat=FORMAT_PEM; outformat=FORMAT_PEM; keyformat=FORMAT_PEM; CAformat=FORMAT_PEM; CAkeyformat=FORMAT_PEM; ctx=X509_STORE_new(); if (ctx == NULL) goto end; X509_STORE_set_verify_cb(ctx,callb); argc--; argv++; num=0; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) goto bad; keyformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-req") == 0) { reqfile=1; need_rand = 1; } else if (strcmp(*argv,"-CAform") == 0) { if (--argc < 1) goto bad; CAformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-CAkeyform") == 0) { if (--argc < 1) goto bad; CAkeyformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-sigopt") == 0) { if (--argc < 1) goto bad; if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) goto bad; } else if (strcmp(*argv,"-days") == 0) { if (--argc < 1) goto bad; days=atoi(*(++argv)); if (days == 0) { BIO_printf(STDout,"bad number of days\n"); goto bad; } } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (strcmp(*argv,"-extfile") == 0) { if (--argc < 1) goto bad; extfile= *(++argv); } else if (strcmp(*argv,"-extensions") == 0) { if (--argc < 1) goto bad; extsect= *(++argv); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-signkey") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); sign_flag= ++num; need_rand = 1; } else if (strcmp(*argv,"-CA") == 0) { if (--argc < 1) goto bad; CAfile= *(++argv); CA_flag= ++num; need_rand = 1; } else if (strcmp(*argv,"-CAkey") == 0) { if (--argc < 1) goto bad; CAkeyfile= *(++argv); } else if (strcmp(*argv,"-CAserial") == 0) { if (--argc < 1) goto bad; CAserial= *(++argv); } else if (strcmp(*argv,"-set_serial") == 0) { if (--argc < 1) goto bad; if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv)))) goto bad; } else if (strcmp(*argv,"-addtrust") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, "Invalid trust object value %s\n", *argv); goto bad; } if (!trust) trust = sk_ASN1_OBJECT_new_null(); sk_ASN1_OBJECT_push(trust, objtmp); trustout = 1; } else if (strcmp(*argv,"-addreject") == 0) { if (--argc < 1) goto bad; if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) { BIO_printf(bio_err, "Invalid reject object value %s\n", *argv); goto bad; } if (!reject) reject = sk_ASN1_OBJECT_new_null(); sk_ASN1_OBJECT_push(reject, objtmp); trustout = 1; } else if (strcmp(*argv,"-setalias") == 0) { if (--argc < 1) goto bad; alias= *(++argv); trustout = 1; } else if (strcmp(*argv,"-certopt") == 0) { if (--argc < 1) goto bad; if (!set_cert_ex(&certflag, *(++argv))) goto bad; } else if (strcmp(*argv,"-nameopt") == 0) { if (--argc < 1) goto bad; if (!set_name_ex(&nmflag, *(++argv))) goto bad; } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) email= ++num; else if (strcmp(*argv,"-ocsp_uri") == 0) ocsp_uri= ++num; else if (strcmp(*argv,"-serial") == 0) serial= ++num; else if (strcmp(*argv,"-next_serial") == 0) next_serial= ++num; else if (strcmp(*argv,"-modulus") == 0) modulus= ++num; else if (strcmp(*argv,"-pubkey") == 0) pubkey= ++num; else if (strcmp(*argv,"-x509toreq") == 0) x509req= ++num; else if (strcmp(*argv,"-text") == 0) text= ++num; else if (strcmp(*argv,"-hash") == 0 || strcmp(*argv,"-subject_hash") == 0) subject_hash= ++num; #ifndef OPENSSL_NO_MD5 else if (strcmp(*argv,"-subject_hash_old") == 0) subject_hash_old= ++num; #endif else if (strcmp(*argv,"-issuer_hash") == 0) issuer_hash= ++num; #ifndef OPENSSL_NO_MD5 else if (strcmp(*argv,"-issuer_hash_old") == 0) issuer_hash_old= ++num; #endif else if (strcmp(*argv,"-subject") == 0) subject= ++num; else if (strcmp(*argv,"-issuer") == 0) issuer= ++num; else if (strcmp(*argv,"-fingerprint") == 0) fingerprint= ++num; else if (strcmp(*argv,"-dates") == 0) { startdate= ++num; enddate= ++num; } else if (strcmp(*argv,"-purpose") == 0) pprint= ++num; else if (strcmp(*argv,"-startdate") == 0) startdate= ++num; else if (strcmp(*argv,"-enddate") == 0) enddate= ++num; else if (strcmp(*argv,"-checkend") == 0) { if (--argc < 1) goto bad; checkoffset=atoi(*(++argv)); checkend=1; } else if (strcmp(*argv,"-noout") == 0) noout= ++num; else if (strcmp(*argv,"-trustout") == 0) trustout= 1; else if (strcmp(*argv,"-clrtrust") == 0) clrtrust= ++num; else if (strcmp(*argv,"-clrreject") == 0) clrreject= ++num; else if (strcmp(*argv,"-alias") == 0) aliasout= ++num; else if (strcmp(*argv,"-CAcreateserial") == 0) CA_createserial= ++num; else if (strcmp(*argv,"-clrext") == 0) clrext = 1; #if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */ else if (strcmp(*argv,"-crlext") == 0) { BIO_printf(bio_err,"use -clrext instead of -crlext\n"); clrext = 1; } #endif else if (strcmp(*argv,"-ocspid") == 0) ocspid= ++num; else if ((md_alg=EVP_get_digestbyname(*argv + 1))) { /* ok */ digest=md_alg; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: for (pp=x509_usage; (*pp != NULL); pp++) BIO_printf(bio_err,"%s",*pp); goto end; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if (need_rand) app_RAND_load_file(NULL, bio_err, 0); ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (!X509_STORE_set_default_paths(ctx)) { ERR_print_errors(bio_err); goto end; } if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) { CAkeyfile=CAfile; } else if ((CA_flag) && (CAkeyfile == NULL)) { BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n"); goto end; } if (extfile) { long errorline = -1; X509V3_CTX ctx2; extconf = NCONF_new(NULL); if (!NCONF_load(extconf, extfile,&errorline)) { if (errorline <= 0) BIO_printf(bio_err, "error loading the config file '%s'\n", extfile); else BIO_printf(bio_err, "error on line %ld of config file '%s'\n" ,errorline,extfile); goto end; } if (!extsect) { extsect = NCONF_get_string(extconf, "default", "extensions"); if (!extsect) { ERR_clear_error(); extsect = "default"; } } X509V3_set_ctx_test(&ctx2); X509V3_set_nconf(&ctx2, extconf); if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { BIO_printf(bio_err, "Error Loading extension section %s\n", extsect); ERR_print_errors(bio_err); goto end; } } if (reqfile) { EVP_PKEY *pkey; BIO *in; if (!sign_flag && !CA_flag) { BIO_printf(bio_err,"We need a private key to sign with\n"); goto end; } in=BIO_new(BIO_s_file()); if (in == NULL) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT); else { if (BIO_read_filename(in,infile) <= 0) { perror(infile); BIO_free(in); goto end; } } req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL); BIO_free(in); if (req == NULL) { ERR_print_errors(bio_err); goto end; } if ( (req->req_info == NULL) || (req->req_info->pubkey == NULL) || (req->req_info->pubkey->public_key == NULL) || (req->req_info->pubkey->public_key->data == NULL)) { BIO_printf(bio_err,"The certificate request appears to corrupted\n"); BIO_printf(bio_err,"It does not contain a public key\n"); goto end; } if ((pkey=X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err,"error unpacking public key\n"); goto end; } i=X509_REQ_verify(req,pkey); EVP_PKEY_free(pkey); if (i < 0) { BIO_printf(bio_err,"Signature verification error\n"); ERR_print_errors(bio_err); goto end; } if (i == 0) { BIO_printf(bio_err,"Signature did not match the certificate request\n"); goto end; } else BIO_printf(bio_err,"Signature ok\n"); print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag); if ((x=X509_new()) == NULL) goto end; if (sno == NULL) { sno = ASN1_INTEGER_new(); if (!sno || !rand_serial(NULL, sno)) goto end; if (!X509_set_serialNumber(x, sno)) goto end; ASN1_INTEGER_free(sno); sno = NULL; } else if (!X509_set_serialNumber(x, sno)) goto end; if (!X509_set_issuer_name(x,req->req_info->subject)) goto end; if (!X509_set_subject_name(x,req->req_info->subject)) goto end; X509_gmtime_adj(X509_get_notBefore(x),0); X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL); pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(x,pkey); EVP_PKEY_free(pkey); } else x=load_cert(bio_err,infile,informat,NULL,e,"Certificate"); if (x == NULL) goto end; if (CA_flag) { xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate"); if (xca == NULL) goto end; } if (!noout || text || next_serial) { OBJ_create("2.99999.3", "SET.ex3","SET x509v3 extension 3"); out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } } if (alias) X509_alias_set1(x, (unsigned char *)alias, -1); if (clrtrust) X509_trust_clear(x); if (clrreject) X509_reject_clear(x); if (trust) { for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { objtmp = sk_ASN1_OBJECT_value(trust, i); X509_add1_trust_object(x, objtmp); } } if (reject) { for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { objtmp = sk_ASN1_OBJECT_value(reject, i); X509_add1_reject_object(x, objtmp); } } if (num) { for (i=1; i<=num; i++) { if (issuer == i) { print_name(STDout, "issuer= ", X509_get_issuer_name(x), nmflag); } else if (subject == i) { print_name(STDout, "subject= ", X509_get_subject_name(x), nmflag); } else if (serial == i) { BIO_printf(STDout,"serial="); i2a_ASN1_INTEGER(STDout, X509_get_serialNumber(x)); BIO_printf(STDout,"\n"); } else if (next_serial == i) { BIGNUM *bnser; ASN1_INTEGER *ser; ser = X509_get_serialNumber(x); bnser = ASN1_INTEGER_to_BN(ser, NULL); if (!bnser) goto end; if (!BN_add_word(bnser, 1)) goto end; ser = BN_to_ASN1_INTEGER(bnser, NULL); if (!ser) goto end; BN_free(bnser); i2a_ASN1_INTEGER(out, ser); ASN1_INTEGER_free(ser); BIO_puts(out, "\n"); } else if ((email == i) || (ocsp_uri == i)) { int j; STACK_OF(OPENSSL_STRING) *emlst; if (email == i) emlst = X509_get1_email(x); else emlst = X509_get1_ocsp(x); for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) BIO_printf(STDout, "%s\n", sk_OPENSSL_STRING_value(emlst, j)); X509_email_free(emlst); } else if (aliasout == i) { unsigned char *alstr; alstr = X509_alias_get0(x, NULL); if (alstr) BIO_printf(STDout,"%s\n", alstr); else BIO_puts(STDout,"<No Alias>\n"); } else if (subject_hash == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (subject_hash_old == i) { BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x)); } #endif else if (issuer_hash == i) { BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); } #ifndef OPENSSL_NO_MD5 else if (issuer_hash_old == i) { BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x)); } #endif else if (pprint == i) { X509_PURPOSE *ptmp; int j; BIO_printf(STDout, "Certificate purposes:\n"); for (j = 0; j < X509_PURPOSE_get_count(); j++) { ptmp = X509_PURPOSE_get0(j); purpose_print(STDout, x, ptmp); } } else if (modulus == i) { EVP_PKEY *pkey; pkey=X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err,"Modulus=unavailable\n"); ERR_print_errors(bio_err); goto end; } BIO_printf(STDout,"Modulus="); #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) BN_print(STDout,pkey->pkey.rsa->n); else #endif #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) BN_print(STDout,pkey->pkey.dsa->pub_key); else #endif BIO_printf(STDout,"Wrong Algorithm type"); BIO_printf(STDout,"\n"); EVP_PKEY_free(pkey); } else if (pubkey == i) { EVP_PKEY *pkey; pkey=X509_get_pubkey(x); if (pkey == NULL) { BIO_printf(bio_err,"Error getting public key\n"); ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(STDout, pkey); EVP_PKEY_free(pkey); } else if (C == i) { unsigned char *d; char *m; int y,z; X509_NAME_oneline(X509_get_subject_name(x), buf,sizeof buf); BIO_printf(STDout,"/* subject:%s */\n",buf); m=X509_NAME_oneline( X509_get_issuer_name(x),buf, sizeof buf); BIO_printf(STDout,"/* issuer :%s */\n",buf); z=i2d_X509(x,NULL); m=OPENSSL_malloc(z); d=(unsigned char *)m; z=i2d_X509_NAME(X509_get_subject_name(x),&d); BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { BIO_printf(STDout,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); } if (y%16 != 0) BIO_printf(STDout,"\n"); BIO_printf(STDout,"};\n"); z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d); BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { BIO_printf(STDout,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); } if (y%16 != 0) BIO_printf(STDout,"\n"); BIO_printf(STDout,"};\n"); z=i2d_X509(x,&d); BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z); d=(unsigned char *)m; for (y=0; y<z; y++) { BIO_printf(STDout,"0x%02X,",d[y]); if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n"); } if (y%16 != 0) BIO_printf(STDout,"\n"); BIO_printf(STDout,"};\n"); OPENSSL_free(m); } else if (text == i) { X509_print_ex(out,x,nmflag, certflag); } else if (startdate == i) { BIO_puts(STDout,"notBefore="); ASN1_TIME_print(STDout,X509_get_notBefore(x)); BIO_puts(STDout,"\n"); } else if (enddate == i) { BIO_puts(STDout,"notAfter="); ASN1_TIME_print(STDout,X509_get_notAfter(x)); BIO_puts(STDout,"\n"); } else if (fingerprint == i) { int j; unsigned int n; unsigned char md[EVP_MAX_MD_SIZE]; const EVP_MD *fdig = digest; if (!fdig) fdig = EVP_sha1(); if (!X509_digest(x,fdig,md,&n)) { BIO_printf(bio_err,"out of memory\n"); goto end; } BIO_printf(STDout,"%s Fingerprint=", OBJ_nid2sn(EVP_MD_type(fdig))); for (j=0; j<(int)n; j++) { BIO_printf(STDout,"%02X%c",md[j], (j+1 == (int)n) ?'\n':':'); } } /* should be in the library */ else if ((sign_flag == i) && (x509req == 0)) { BIO_printf(bio_err,"Getting Private key\n"); if (Upkey == NULL) { Upkey=load_key(bio_err, keyfile, keyformat, 0, passin, e, "Private key"); if (Upkey == NULL) goto end; } assert(need_rand); if (!sign(x,Upkey,days,clrext,digest, extconf, extsect)) goto end; } else if (CA_flag == i) { BIO_printf(bio_err,"Getting CA Private Key\n"); if (CAkeyfile != NULL) { CApkey=load_key(bio_err, CAkeyfile, CAkeyformat, 0, passin, e, "CA Private Key"); if (CApkey == NULL) goto end; } assert(need_rand); if (!x509_certify(ctx,CAfile,digest,x,xca, CApkey, sigopts, CAserial,CA_createserial,days, clrext, extconf, extsect, sno)) goto end; } else if (x509req == i) { EVP_PKEY *pk; BIO_printf(bio_err,"Getting request Private Key\n"); if (keyfile == NULL) { BIO_printf(bio_err,"no request key file specified\n"); goto end; } else { pk=load_key(bio_err, keyfile, keyformat, 0, passin, e, "request key"); if (pk == NULL) goto end; } BIO_printf(bio_err,"Generating certificate request\n"); rq=X509_to_X509_REQ(x,pk,digest); EVP_PKEY_free(pk); if (rq == NULL) { ERR_print_errors(bio_err); goto end; } if (!noout) { X509_REQ_print(out,rq); PEM_write_bio_X509_REQ(out,rq); } noout=1; } else if (ocspid == i) { X509_ocspid_print(out, x); } } } if (checkend) { time_t tcheck=time(NULL) + checkoffset; if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) { BIO_printf(out,"Certificate will expire\n"); ret=1; } else { BIO_printf(out,"Certificate will not expire\n"); ret=0; } goto end; } if (noout) { ret=0; goto end; } if (outformat == FORMAT_ASN1) i=i2d_X509_bio(out,x); else if (outformat == FORMAT_PEM) { if (trustout) i=PEM_write_bio_X509_AUX(out,x); else i=PEM_write_bio_X509(out,x); } else if (outformat == FORMAT_NETSCAPE) { NETSCAPE_X509 nx; ASN1_OCTET_STRING hdr; hdr.data=(unsigned char *)NETSCAPE_CERT_HDR; hdr.length=strlen(NETSCAPE_CERT_HDR); nx.header= &hdr; nx.cert=x; i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx); } else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write certificate\n"); ERR_print_errors(bio_err); goto end; } ret=0; end: if (need_rand) app_RAND_write_file(NULL, bio_err); OBJ_cleanup(); NCONF_free(extconf); BIO_free_all(out); BIO_free_all(STDout); X509_STORE_free(ctx); X509_REQ_free(req); X509_free(x); X509_free(xca); EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); if (sigopts) sk_OPENSSL_STRING_free(sigopts); X509_REQ_free(rq); ASN1_INTEGER_free(sno); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); if (passin) OPENSSL_free(passin); apps_shutdown(); OPENSSL_EXIT(ret); }