static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, unsigned char **data, long *len, const UI_METHOD *ui_method, void *ui_data, int secure) { int i = secure ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) : PEM_read_bio(bp, pem_name, pem_header, data, len); if (i <= 0) return 0; /* * 10 is the number of characters in "Proc-Type:", which * PEM_get_EVP_CIPHER_INFO() requires to be present. * If the PEM header has less characters than that, it's * not worth spending cycles on it. */ if (strlen(*pem_header) > 10) { EVP_CIPHER_INFO cipher; struct pem_pass_data pass_data; if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data) || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, &pass_data)) { return 0; } } return 1; }
void openssl_rsa_pemkey() { long len; BIGNUM *bne; BIO *ins, *outs; RSA *r, *read; char *name, *head; unsigned char *data; const EVP_CIPHER *enc; EVP_CIPHER_INFO cipher; OpenSSL_add_all_algorithms(); bne = BN_new(); BN_set_word(bne, RSA_3); r = RSA_new(); RSA_generate_key_ex(r, LINE_LEN, bne, NULL); enc = EVP_des_ede3_ofb(); outs = BIO_new_file("/tmp/pri.pem", "w"); PEM_write_bio_RSAPrivateKey(outs, r, enc, NULL, 0, NULL, "beike2012"); BIO_free(outs); outs = BIO_new_file("/tmp/pub.pem", "w"); PEM_write_bio_RSAPublicKey(outs, r); BIO_free(outs); ins = BIO_new_file("/tmp/pri.pem", "rb"); r = RSA_new(); read = PEM_read_bio_RSAPrivateKey(ins, &r, NULL, "beike2012"); if (read->d == NULL) { printf("PEM_read_bio_RSAPrivateKey err!\n"); return; } printf("\nEVP_CIPHER_INFO:\n"); while (1) { if (PEM_read_bio(ins, &name, &head, &data, &len) == 0) break; if (strlen(head) > 0) { PEM_get_EVP_CIPHER_INFO(head, &cipher); if (PEM_do_header(&cipher, data, &len, NULL, NULL) == 0) return; printf("name=%s, head=%s, data=%s\n", name, head, data); } OPENSSL_free(name); OPENSSL_free(head); OPENSSL_free(data); } RSA_free(read); BIO_free(ins); }
bool crypto_pem_decode(const char *name, struct buffer *dst, const struct buffer *src) { bool ret = false; BIO *bio = BIO_new_mem_buf((char *)BPTR(src), BLEN(src)); if (!bio) { crypto_msg(M_FATAL, "Cannot open memory BIO for PEM decode"); } char *name_read = NULL; char *header_read = NULL; uint8_t *data_read = NULL; long data_read_len = 0; if (!PEM_read_bio(bio, &name_read, &header_read, &data_read, &data_read_len)) { dmsg(D_CRYPT_ERRORS, "%s: PEM decode failed", __func__); goto cleanup; } if (strcmp(name, name_read)) { dmsg(D_CRYPT_ERRORS, "%s: unexpected PEM name (got '%s', expected '%s')", __func__, name_read, name); goto cleanup; } uint8_t *dst_data = buf_write_alloc(dst, data_read_len); if (!dst_data) { dmsg(D_CRYPT_ERRORS, "%s: dst too small (%i, needs %li)", __func__, BCAP(dst), data_read_len); goto cleanup; } memcpy(dst_data, data_read, data_read_len); ret = true; cleanup: OPENSSL_free(name_read); OPENSSL_free(header_read); OPENSSL_free(data_read); if (!BIO_free(bio)) { ret = false;; } return ret; }
int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len) { BIO *b; int ret; if ((b = BIO_new(BIO_s_file())) == NULL) { PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB); return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = PEM_read_bio(b, name, header, data, len); BIO_free(b); return ret; }
int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len) { BIO *b; int ret; if ((b=BIO_new(BIO_s_file())) == NULL) { OPENSSL_PUT_ERROR(PEM, PEM_read, ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); ret=PEM_read_bio(b, name, header, data,len); BIO_free(b); return(ret); }
int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u) { EVP_CIPHER_INFO cipher; char *nm = NULL, *header = NULL; unsigned char *data = NULL; long len; int ret = 0; for (;;) { if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) ERR_asprintf_error_data("Expecting: %s", name); return 0; } if (check_pem(nm, name)) break; free(nm); free(header); free(data); } if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) goto err; if (!PEM_do_header(&cipher, data, &len, cb, u)) goto err; *pdata = data; *plen = len; if (pnm) *pnm = nm; ret = 1; err: if (!ret || !pnm) free(nm); free(header); if (!ret) free(data); return ret; }
int MAIN(int argc, char **argv) { int i, badops = 0, offset = 0, ret = 1, j; unsigned int length = 0; long num, tmplen; BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL; int informat, indent = 0, noout = 0, dump = 0, strictpem = 0; char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL, *name = NULL, *header = NULL; char *genstr = NULL, *genconf = NULL; unsigned char *tmpbuf; const unsigned char *ctmpbuf; BUF_MEM *buf = NULL; STACK_OF(OPENSSL_STRING) *osk = NULL; ASN1_TYPE *at = NULL; informat = FORMAT_PEM; apps_startup(); if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; prog = argv[0]; argc--; argv++; if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } while (argc >= 1) { if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; informat = str2fmt(*(++argv)); } else if (strcmp(*argv, "-in") == 0) { if (--argc < 1) goto bad; infile = *(++argv); } else if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; derfile = *(++argv); } else if (strcmp(*argv, "-i") == 0) { indent = 1; } else if (strcmp(*argv, "-noout") == 0) noout = 1; else if (strcmp(*argv, "-oid") == 0) { if (--argc < 1) goto bad; oidfile = *(++argv); } else if (strcmp(*argv, "-offset") == 0) { if (--argc < 1) goto bad; offset = atoi(*(++argv)); } else if (strcmp(*argv, "-length") == 0) { if (--argc < 1) goto bad; length = atoi(*(++argv)); if (length == 0) goto bad; } else if (strcmp(*argv, "-dump") == 0) { dump = -1; } else if (strcmp(*argv, "-dlimit") == 0) { if (--argc < 1) goto bad; dump = atoi(*(++argv)); if (dump <= 0) goto bad; } else if (strcmp(*argv, "-strparse") == 0) { if (--argc < 1) goto bad; sk_OPENSSL_STRING_push(osk, *(++argv)); } else if (strcmp(*argv, "-genstr") == 0) { if (--argc < 1) goto bad; genstr = *(++argv); } else if (strcmp(*argv, "-genconf") == 0) { if (--argc < 1) goto bad; genconf = *(++argv); } else if (strcmp(*argv, "-strictpem") == 0) { strictpem = 1; informat = FORMAT_PEM; } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err, "%s [options] <infile\n", prog); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n"); BIO_printf(bio_err, " -in arg input file\n"); BIO_printf(bio_err, " -out arg output file (output format is always DER\n"); BIO_printf(bio_err, " -noout arg don't produce any output\n"); BIO_printf(bio_err, " -offset arg offset into file\n"); BIO_printf(bio_err, " -length arg length of section in file\n"); BIO_printf(bio_err, " -i indent entries\n"); BIO_printf(bio_err, " -dump dump unknown data in hex form\n"); BIO_printf(bio_err, " -dlimit arg dump the first arg bytes of unknown data in hex form\n"); BIO_printf(bio_err, " -oid file file of extra oid definitions\n"); BIO_printf(bio_err, " -strparse offset\n"); BIO_printf(bio_err, " a series of these can be used to 'dig' into multiple\n"); BIO_printf(bio_err, " ASN1 blob wrappings\n"); BIO_printf(bio_err, " -genstr str string to generate ASN1 structure from\n"); BIO_printf(bio_err, " -genconf file file to generate ASN1 structure from\n"); BIO_printf(bio_err, " -strictpem do not attempt base64 decode outside PEM markers (-inform \n"); BIO_printf(bio_err, " will be ignored)\n"); goto end; } ERR_load_crypto_strings(); in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif if (oidfile != NULL) { if (BIO_read_filename(in, oidfile) <= 0) { BIO_printf(bio_err, "problems opening %s\n", oidfile); ERR_print_errors(bio_err); goto end; } OBJ_create_objects(in); } if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, infile) <= 0) { perror(infile); goto end; } } if (derfile) { if (!(derout = BIO_new_file(derfile, "wb"))) { BIO_printf(bio_err, "problems opening %s\n", derfile); ERR_print_errors(bio_err); goto end; } } if (strictpem) { if (PEM_read_bio(in, &name, &header, (unsigned char **)&str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); goto end; } } else { if ((buf = BUF_MEM_new()) == NULL) goto end; if (!BUF_MEM_grow(buf, BUFSIZ * 8)) goto end; /* Pre-allocate :-) */ if (genstr || genconf) { num = do_generate(bio_err, genstr, genconf, buf); if (num < 0) { ERR_print_errors(bio_err); goto end; } } else { if (informat == FORMAT_PEM) { BIO *tmp; if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; BIO_push(b64, in); tmp = in; in = b64; b64 = tmp; } num = 0; for (;;) { if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) goto end; i = BIO_read(in, &(buf->data[num]), BUFSIZ); if (i <= 0) break; num += i; } } str = buf->data; } /* If any structs to parse go through in sequence */ if (sk_OPENSSL_STRING_num(osk)) { tmpbuf = (unsigned char *)str; tmplen = num; for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { ASN1_TYPE *atmp; int typ; j = atoi(sk_OPENSSL_STRING_value(osk, i)); if (j == 0) { BIO_printf(bio_err, "'%s' is an invalid number\n", sk_OPENSSL_STRING_value(osk, i)); continue; } tmpbuf += j; tmplen -= j; atmp = at; ctmpbuf = tmpbuf; at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen); ASN1_TYPE_free(atmp); if (!at) { BIO_printf(bio_err, "Error parsing structure\n"); ERR_print_errors(bio_err); goto end; } typ = ASN1_TYPE_get(at); if ((typ == V_ASN1_OBJECT) || (typ == V_ASN1_NULL)) { BIO_printf(bio_err, "Can't parse %s type\n", typ == V_ASN1_NULL ? "NULL" : "OBJECT"); ERR_print_errors(bio_err); goto end; } /* hmm... this is a little evil but it works */ tmpbuf = at->value.asn1_string->data; tmplen = at->value.asn1_string->length; } str = (char *)tmpbuf; num = tmplen; } if (offset >= num) { BIO_printf(bio_err, "Error: offset too large\n"); goto end; } num -= offset; if ((length == 0) || ((long)length > num)) length = (unsigned int)num; if (derout) { if (BIO_write(derout, str + offset, length) != (int)length) { BIO_printf(bio_err, "Error writing output\n"); ERR_print_errors(bio_err); goto end; } } if (!noout && !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length, indent, dump)) { ERR_print_errors(bio_err); goto end; } ret = 0; end: BIO_free(derout); BIO_free(in); BIO_free_all(out); BIO_free(b64); if (ret != 0) ERR_print_errors(bio_err); if (buf != NULL) BUF_MEM_free(buf); if (name != NULL) OPENSSL_free(name); if (header != NULL) OPENSSL_free(header); if (strictpem && str != NULL) OPENSSL_free(str); if (at != NULL) ASN1_TYPE_free(at); if (osk != NULL) sk_OPENSSL_STRING_free(osk); OBJ_cleanup(); apps_shutdown(); OPENSSL_EXIT(ret); }
static int test_certs(BIO *fp) { int count; char *name = 0; char *header = 0; unsigned char *data = 0; long len; typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); typedef int (*i2d_X509_t)(X509 *, unsigned char **); int err = 0; for (count = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++count) { int trusted = strcmp(name, PEM_STRING_X509_TRUSTED) == 0; d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509; i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509; X509 *cert = NULL; const unsigned char *p = data; unsigned char *buf = NULL; unsigned char *bufp; long enclen; if (!trusted && strcmp(name, PEM_STRING_X509) != 0 && strcmp(name, PEM_STRING_X509_OLD) != 0) { fprintf(stderr, "unexpected PEM object: %s\n", name); err = 1; goto next; } cert = d2i(NULL, &p, len); if (cert == NULL || (p - data) != len) { fprintf(stderr, "error parsing input %s\n", name); err = 1; goto next; } /* Test traditional 2-pass encoding into caller allocated buffer */ enclen = i2d(cert, NULL); if (len != enclen) { fprintf(stderr, "encoded length %ld of %s != input length %ld\n", enclen, name, len); err = 1; goto next; } if ((buf = bufp = OPENSSL_malloc(len)) == NULL) { perror("malloc"); err = 1; goto next; } enclen = i2d(cert, &bufp); if (len != enclen) { fprintf(stderr, "encoded length %ld of %s != input length %ld\n", enclen, name, len); err = 1; goto next; } enclen = (long) (bufp - buf); if (enclen != len) { fprintf(stderr, "unexpected buffer position after encoding %s\n", name); err = 1; goto next; } if (memcmp(buf, data, len) != 0) { fprintf(stderr, "encoded content of %s does not match input\n", name); err = 1; goto next; } OPENSSL_free(buf); buf = NULL; /* Test 1-pass encoding into library allocated buffer */ enclen = i2d(cert, &buf); if (len != enclen) { fprintf(stderr, "encoded length %ld of %s != input length %ld\n", enclen, name, len); err = 1; goto next; } if (memcmp(buf, data, len) != 0) { fprintf(stderr, "encoded content of %s does not match input\n", name); err = 1; goto next; } if (trusted) { /* Encode just the cert and compare with initial encoding */ OPENSSL_free(buf); buf = NULL; /* Test 1-pass encoding into library allocated buffer */ enclen = i2d(cert, &buf); if (enclen > len) { fprintf(stderr, "encoded length %ld of %s > input length %ld\n", enclen, name, len); err = 1; goto next; } if (memcmp(buf, data, enclen) != 0) { fprintf(stderr, "encoded cert content does not match input\n"); err = 1; goto next; } } /* * If any of these were null, PEM_read() would have failed. */ next: X509_free(cert); OPENSSL_free(buf); OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(data); } if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { /* Reached end of PEM file */ if (count > 0) { ERR_clear_error(); return 1; } } /* Some other PEM read error */ print_errors(); return 0; }
static STACK_OF(X509) *load_chain(const char *chainfile) { BIO *bp; char *name = 0; char *header = 0; unsigned char *data = 0; long len; int count; char *errtype = 0; /* if error: cert or pkey? */ STACK_OF(X509) *chain; typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); if ((chain = sk_X509_new_null()) == 0) { perror("malloc"); exit(1); } /* * On each call, PEM_read() wraps a stdio file in a BIO_NOCLOSE bio, * calls PEM_read_bio() and then frees the bio. It is just as easy to * open a BIO as a stdio file, so we use BIOs and call PEM_read_bio() * directly. */ if ((bp = BIO_new_file(chainfile, "r")) == NULL) { fprintf(stderr, "error opening chainfile: %s: %m\n", chainfile); exit(1); } /* Don't report old news */ ERR_clear_error(); for (count = 0; errtype == 0 && PEM_read_bio(bp, &name, &header, &data, &len); ++count) { const unsigned char *p = data; if (strcmp(name, PEM_STRING_X509) == 0 || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 || strcmp(name, PEM_STRING_X509_OLD) == 0) { d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) ? d2i_X509_AUX : d2i_X509; X509 *cert = d(0, &p, len); if (cert == 0 || (p - data) != len) errtype = "certificate"; else if (sk_X509_push(chain, cert) == 0) { perror("malloc"); exit(1); } } else { fprintf(stderr, "unexpected chain file object: %s\n", name); exit(1); } /* * If any of these were null, PEM_read() would have failed. */ OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(data); } BIO_free(bp); if (errtype) { print_errors(); fprintf(stderr, "error reading: %s: malformed %s", chainfile, errtype); exit(1); } if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { /* Reached end of PEM file */ ERR_clear_error(); if (count > 0) return chain; fprintf(stderr, "no certificates found in: %s\n", chainfile); exit(1); } /* Some other PEM read error */ print_errors(); fprintf(stderr, "error reading: %s\n", chainfile); exit(1); }
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) { unsigned char *serverinfo = NULL; size_t serverinfo_length = 0; unsigned char* extension = 0; long extension_length = 0; char* name = NULL; char* header = NULL; char namePrefix[] = "SERVERINFO FOR "; int ret = 0; BIO *bin = NULL; size_t num_extensions = 0; if (ctx == NULL || file == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,ERR_R_PASSED_NULL_PARAMETER); goto end; } bin = BIO_new(BIO_s_file_internal()); if (bin == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(bin, file) <= 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB); goto end; } for (num_extensions=0;; num_extensions++) { if (PEM_read_bio(bin, &name, &header, &extension, &extension_length) == 0) { /* There must be at least one extension in this file */ if (num_extensions == 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS); goto end; } else /* End of file, we're done */ break; } /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ if (strlen(name) < strlen(namePrefix)) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); goto end; } if (strncmp(name, namePrefix, strlen(namePrefix)) != 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX); goto end; } /* Check that the decoded PEM data is plausible (valid length field) */ if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA); goto end; } /* Append the decoded extension to the serverinfo buffer */ serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); if (serverinfo == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); goto end; } memcpy(serverinfo + serverinfo_length, extension, extension_length); serverinfo_length += extension_length; OPENSSL_free(name); name = NULL; OPENSSL_free(header); header = NULL; OPENSSL_free(extension); extension = NULL; } ret = SSL_CTX_use_serverinfo(ctx, serverinfo, serverinfo_length); end: /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */ OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(extension); OPENSSL_free(serverinfo); if (bin != NULL) BIO_free(bin); return ret; }
int asn1parse_main(int argc, char **argv) { ASN1_TYPE *at = NULL; BIO *in = NULL, *b64 = NULL, *derout = NULL; BUF_MEM *buf = NULL; STACK_OF(OPENSSL_STRING) *osk = NULL; char *genstr = NULL, *genconf = NULL; char *infile = NULL, *oidfile = NULL, *derfile = NULL; unsigned char *str = NULL; char *name = NULL, *header = NULL, *prog; const unsigned char *ctmpbuf; int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM; int offset = 0, ret = 1, i, j; long num, tmplen; unsigned char *tmpbuf; unsigned int length = 0; OPTION_CHOICE o; prog = opt_init(argc, argv, asn1parse_options); if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) { BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); goto end; } while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(asn1parse_options); ret = 0; goto end; case OPT_INFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) goto opthelp; break; case OPT_IN: infile = opt_arg(); break; case OPT_OUT: derfile = opt_arg(); break; case OPT_INDENT: indent = 1; break; case OPT_NOOUT: noout = 1; break; case OPT_OID: oidfile = opt_arg(); break; case OPT_OFFSET: offset = strtol(opt_arg(), NULL, 0); break; case OPT_LENGTH: length = atoi(opt_arg()); break; case OPT_DUMP: dump = -1; break; case OPT_DLIMIT: dump = atoi(opt_arg()); break; case OPT_STRPARSE: sk_OPENSSL_STRING_push(osk, opt_arg()); break; case OPT_GENSTR: genstr = opt_arg(); break; case OPT_GENCONF: genconf = opt_arg(); break; case OPT_STRICTPEM: strictpem = 1; informat = FORMAT_PEM; break; } } argc = opt_num_rest(); if (argc != 0) goto opthelp; if (oidfile != NULL) { in = bio_open_default(oidfile, 'r', FORMAT_TEXT); if (in == NULL) goto end; OBJ_create_objects(in); BIO_free(in); } if ((in = bio_open_default(infile, 'r', informat)) == NULL) goto end; if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL) goto end; if (strictpem) { if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); goto end; } } else { if ((buf = BUF_MEM_new()) == NULL) goto end; if (!BUF_MEM_grow(buf, BUFSIZ * 8)) goto end; /* Pre-allocate :-) */ if (genstr || genconf) { num = do_generate(genstr, genconf, buf); if (num < 0) { ERR_print_errors(bio_err); goto end; } } else { if (informat == FORMAT_PEM) { BIO *tmp; if ((b64 = BIO_new(BIO_f_base64())) == NULL) goto end; BIO_push(b64, in); tmp = in; in = b64; b64 = tmp; } num = 0; for (;;) { if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) goto end; i = BIO_read(in, &(buf->data[num]), BUFSIZ); if (i <= 0) break; num += i; } } str = (unsigned char *)buf->data; } /* If any structs to parse go through in sequence */ if (sk_OPENSSL_STRING_num(osk)) { tmpbuf = str; tmplen = num; for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { ASN1_TYPE *atmp; int typ; j = atoi(sk_OPENSSL_STRING_value(osk, i)); if (j == 0) { BIO_printf(bio_err, "'%s' is an invalid number\n", sk_OPENSSL_STRING_value(osk, i)); continue; } tmpbuf += j; tmplen -= j; atmp = at; ctmpbuf = tmpbuf; at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen); ASN1_TYPE_free(atmp); if (!at) { BIO_printf(bio_err, "Error parsing structure\n"); ERR_print_errors(bio_err); goto end; } typ = ASN1_TYPE_get(at); if ((typ == V_ASN1_OBJECT) || (typ == V_ASN1_BOOLEAN) || (typ == V_ASN1_NULL)) { BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ)); ERR_print_errors(bio_err); goto end; } /* hmm... this is a little evil but it works */ tmpbuf = at->value.asn1_string->data; tmplen = at->value.asn1_string->length; } str = tmpbuf; num = tmplen; } if (offset >= num) { BIO_printf(bio_err, "Error: offset too large\n"); goto end; } num -= offset; if ((length == 0) || ((long)length > num)) length = (unsigned int)num; if (derout) { if (BIO_write(derout, str + offset, length) != (int)length) { BIO_printf(bio_err, "Error writing output\n"); ERR_print_errors(bio_err); goto end; } } if (!noout && !ASN1_parse_dump(bio_out, &(str[offset]), length, indent, dump)) { ERR_print_errors(bio_err); goto end; } ret = 0; end: BIO_free(derout); BIO_free(in); BIO_free(b64); if (ret != 0) ERR_print_errors(bio_err); BUF_MEM_free(buf); OPENSSL_free(name); OPENSSL_free(header); if (strictpem) OPENSSL_free(str); ASN1_TYPE_free(at); sk_OPENSSL_STRING_free(osk); return (ret); }
static void process_file(const char *filename) { FILE *keyfile; int i, count; unsigned char buffer[LINE_BUFFER_SIZE]; BIO *bp; char *nm = NULL, *header = NULL; unsigned char *data = NULL; EVP_CIPHER_INFO cipher; EVP_PKEY pk; long len; DSA *dsapkc = NULL; RSA *rsapkc = NULL; const char unsigned *dc; if (!(keyfile = fopen(filename, "rb"))) { fprintf(stderr, "! %s : %s\n", filename, strerror(errno)); return; } /* verify input files using OpenSSL */ bp = BIO_new(BIO_s_file()); if(!bp) { fprintf(stderr, "OpenSSL BIO allocation failure\n"); return; } if(!BIO_read_filename(bp, filename)) { fprintf(stderr, "OpenSSL BIO_read_filename failure\n"); ERR_print_errors_fp(stderr); return; } /* PEM_bytes_read_bio function in crypto/pem/pem_lib.c * check_pem function in crypto/pem/pem_lib.c */ for (;;) { if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) { /* ERR_print_errors_fp(stderr); */ fprintf(stderr, "! %s : %s\n", filename, "input keyfile validation failed"); goto out; } } if(!nm) { fprintf(stderr, "! %s : %s\n", filename, "input keyfile validation failed"); goto out; } /* only PEM encoded DSA and RSA private keys are supported. */ if (!strcmp(nm, PEM_STRING_DSA)) { pk.save_type = EVP_PKEY_DSA; break; } if (!strcmp(nm, PEM_STRING_RSA)) { pk.save_type = EVP_PKEY_RSA; break; } OPENSSL_free(nm); OPENSSL_free(header); OPENSSL_free(data); BIO_free(bp); } if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) { ERR_print_errors_fp(stderr); return; } /* check if key has no password */ dc = data; if (PEM_do_header(&cipher, data, &len, NULL, (char *) "")) { if (pk.save_type == EVP_PKEY_DSA) { if ((dsapkc = d2i_DSAPrivateKey(NULL, &dc, len)) != NULL) { fprintf(stderr, "%s has no password!\n", filename); DSA_free(dsapkc); goto out; } } else if (pk.save_type == EVP_PKEY_RSA) { if ((rsapkc = d2i_RSAPrivateKey(NULL, &dc, len)) != NULL) { fprintf(stderr, "%s has no password!\n", filename); RSA_free(rsapkc); goto out; } } } /* key has been verified */ count = fread(buffer, 1, LINE_BUFFER_SIZE, keyfile); printf("%s:$ssh2$", basename(filename)); for (i = 0; i < count; i++) { printf("%c%c", itoa16[ARCH_INDEX(buffer[i] >> 4)], itoa16[ARCH_INDEX(buffer[i] & 0x0f)]); } printf("*%d\n", count); out: fclose(keyfile); if(bp) BIO_free(bp); }