/* sqCreateSSL: Creates a new SSL instance.
Arguments: None.
Returns: SSL handle.
*/
sqInt sqCreateSSL(void) {
sqInt handle = 0;
sqSSL *ssl = NULL;
SSL_library_init();
SSL_load_error_strings();
ssl = calloc(1, sizeof(sqSSL));
ssl->bioRead = BIO_new(BIO_s_mem());
ssl->bioWrite = BIO_new(BIO_s_mem());
BIO_set_close(ssl->bioRead, BIO_CLOSE);
BIO_set_close(ssl->bioWrite, BIO_CLOSE);
/* Find a free handle */
for(handle = 1; handle < handleMax; handle++)
if(handleBuf[handle] == NULL) break;
if(handle >= handleMax) {
int i, delta = 100;
/* Resize the handle buffer */
handleBuf = realloc(handleBuf, (handleMax+delta)*sizeof(void*));
for(i = handleMax; i < handleMax+delta; i++)
handleBuf[i] = NULL;
handleMax += delta;
}
handleBuf[handle] = ssl;
return handle;
}
bool Server::isKeyForCert(const QSslKey &key, const QSslCertificate &cert) {
if (key.isNull() || cert.isNull() || (key.type() != QSsl::PrivateKey))
return false;
QByteArray qbaKey = key.toDer();
QByteArray qbaCert = cert.toDer();
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
BIO *mem = NULL;
mem = BIO_new_mem_buf(qbaKey.data(), qbaKey.size());
Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE));
pkey = d2i_PrivateKey_bio(mem, NULL);
BIO_free(mem);
mem = BIO_new_mem_buf(qbaCert.data(), qbaCert.size());
Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE));
x509 = d2i_X509_bio(mem, NULL);
BIO_free(mem);
mem = NULL;
if (x509 && pkey && X509_check_private_key(x509, pkey)) {
EVP_PKEY_free(pkey);
X509_free(x509);
return true;
}
if (pkey)
EVP_PKEY_free(pkey);
if (x509)
X509_free(x509);
return false;
}
void BIO::setClose(bool closedescriptor)
{
long l;
if (closedescriptor)
l = BIO_set_close(itsBIO, BIO_CLOSE);
else
l = BIO_set_close(itsBIO, BIO_NOCLOSE);
if (l != 1)
throw StdException("Could not set close mode for BIO");
}
const datetime X509Certificate_OpenSSL::convertX509Date(void* time) const
{
char* buffer;
BIO* out = BIO_new(BIO_s_mem());
BIO_set_close(out, BIO_CLOSE);
ASN1_TIME* asn1_time = reinterpret_cast<ASN1_TIME*>(time);
ASN1_TIME_print(out, asn1_time);
int sz = BIO_get_mem_data(out, &buffer);
char* dest = new char[sz + 1];
dest[sz] = 0;
memcpy(dest, buffer, sz);
vmime::string t(dest);
BIO_free(out);
delete dest;
if (t.size() > 0)
{
char month[4] = {0};
char zone[4] = {0};
int day, hour, minute, second, year;
int nrconv = sscanf(t.c_str(), "%s %2d %02d:%02d:%02d %d%s", month, &day, &hour, &minute, &second,&year,zone);
if (nrconv >= 6)
return datetime(year, sg_monthMap.getMonth(vmime::string(month)), day, hour, minute, second);
}
// let datetime try and parse it
return datetime(t);
}
void ssl3_init_finished_mac(SSL *s)
{
if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer);
if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
s->s3->handshake_buffer=BIO_new(BIO_s_mem());
(void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE);
}
/*
* Converts OpenSSL ASN1_STRING structure into text
*
* Converts ASN1_STRING into text, converting all the characters into
* current database encoding if possible. Any invalid characters are
* replaced by question marks.
*
* Parameter: str - OpenSSL ASN1_STRING structure. Memory managment
* of this structure is responsibility of caller.
*
* Returns Datum, which can be directly returned from a C language SQL
* function.
*/
datum_t
ASN1_STRING_to_text(ASN1_STRING *str)
{
BIO *membuf;
size_t size;
char nullterm;
char *sp;
char *dp;
text *result;
membuf = BIO_new(BIO_s_mem());
(void) BIO_set_close(membuf, BIO_CLOSE);
ASN1_STRING_print_ex(membuf, str,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = (char *) pg_do_encoding_conversion((unsigned char *) sp,
size - 1,
PG_UTF8,
get_db_encoding());
result = cstring_to_text(dp);
if (dp != sp)
pfree(dp);
BIO_free(membuf);
RET_TEXT_P(result);
}
/*
* Converts OpenSSL ASN1_STRING structure into text
*
* Converts ASN1_STRING into text, converting all the characters into
* current database encoding if possible. Any invalid characters are
* replaced by question marks.
*
* Parameter: str - OpenSSL ASN1_STRING structure. Memory managment
* of this structure is responsibility of caller.
*
* Returns Datum, which can be directly returned from a C language SQL
* function.
*/
Datum
ASN1_STRING_to_text(ASN1_STRING *str)
{
BIO *membuf = NULL;
size_t size,
outlen;
char *sp;
char *dp;
text *result;
membuf = BIO_new(BIO_s_mem());
(void) BIO_set_close(membuf, BIO_CLOSE);
ASN1_STRING_print_ex(membuf, str,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
outlen = 0;
BIO_write(membuf, &outlen, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = (char *) pg_do_encoding_conversion((unsigned char *) sp,
size - 1,
PG_UTF8,
GetDatabaseEncoding());
outlen = strlen(dp);
result = palloc(VARHDRSZ + outlen);
memcpy(VARDATA(result), dp, outlen);
if (dp != sp)
pfree(dp);
BIO_free(membuf);
VARATT_SIZEP(result) = outlen + VARHDRSZ;
PG_RETURN_TEXT_P(result);
}
/*
* Converts OpenSSL ASN1_STRING structure into text
*
* Converts ASN1_STRING into text, converting all the characters into
* current database encoding if possible. Any invalid characters are
* replaced by question marks.
*
* Parameter: str - OpenSSL ASN1_STRING structure. Memory management
* of this structure is responsibility of caller.
*
* Returns Datum, which can be directly returned from a C language SQL
* function.
*/
static Datum
ASN1_STRING_to_text(ASN1_STRING *str)
{
BIO *membuf;
size_t size;
char nullterm;
char *sp;
char *dp;
text *result;
membuf = BIO_new(BIO_s_mem());
(void) BIO_set_close(membuf, BIO_CLOSE);
ASN1_STRING_print_ex(membuf, str,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = pg_any_to_server(sp, size - 1, PG_UTF8);
result = cstring_to_text(dp);
if (dp != sp)
pfree(dp);
BIO_free(membuf);
PG_RETURN_TEXT_P(result);
}
/**
b64encode
Encodes raw data in base64. Pass the data and the length of the data.
b64encode returns the base64-encoded data as a dynamically allocated
char *.
*/
char *b64encode(char *data, size_t datalen)
{
BIO *b64, *bmem;
BUF_MEM *bptr;
char *encoded = NULL;
b64 = BIO_new(BIO_f_base64());
bmem = BIO_new(BIO_s_mem());
if(bmem == NULL || b64 == NULL) {
print_loc(); io_debug("Calls to libssl failed!\n");
abort(); //I don't think this will ever happen.
}
bmem = BIO_push(b64, bmem);
BIO_write(bmem, data, datalen);
BIO_flush(bmem);
BIO_get_mem_ptr(bmem, &bptr);
BIO_set_close(bmem, BIO_NOCLOSE);
safe_malloc(encoded, bptr->length);
memcpy(encoded, bptr->data, bptr->length);
encoded[bptr->length] = '\0';
BIO_free_all(bmem);
BUF_MEM_free(bptr);
return encoded;
}
/** Encode <b>key</b> in the format used in directory documents; return
* a newly allocated string holding the result or NULL on failure. */
static char *
key_to_string(EVP_PKEY *key)
{
BUF_MEM *buf;
BIO *b;
RSA *rsa = EVP_PKEY_get1_RSA(key);
char *result;
if (!rsa)
return NULL;
b = BIO_new(BIO_s_mem());
if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
crypto_log_errors(LOG_WARN, "writing public key to string");
return NULL;
}
BIO_get_mem_ptr(b, &buf);
(void) BIO_set_close(b, BIO_NOCLOSE);
BIO_free(b);
result = tor_malloc(buf->length + 1);
memcpy(result, buf->data, buf->length);
result[buf->length] = 0;
BUF_MEM_free(buf);
return result;
}
/*
* Converts OpenSSL ASN1_STRING structure into text
*
* Converts ASN1_STRING into text, converting all the characters into
* current database encoding if possible. Any invalid characters are
* replaced by question marks.
*
* Parameter: str - OpenSSL ASN1_STRING structure. Memory management
* of this structure is responsibility of caller.
*
* Returns Datum, which can be directly returned from a C language SQL
* function.
*/
static Datum
ASN1_STRING_to_text(ASN1_STRING *str)
{
BIO *membuf;
size_t size;
char nullterm;
char *sp;
char *dp;
text *result;
membuf = BIO_new(BIO_s_mem());
if (membuf == NULL)
ereport(ERROR,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("could not create OpenSSL BIO structure")));
(void) BIO_set_close(membuf, BIO_CLOSE);
ASN1_STRING_print_ex(membuf, str,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = pg_any_to_server(sp, size - 1, PG_UTF8);
result = cstring_to_text(dp);
if (dp != sp)
pfree(dp);
if (BIO_free(membuf) != 1)
elog(ERROR, "could not free OpenSSL BIO structure");
PG_RETURN_TEXT_P(result);
}
Settings::KeyPair CertWizard::importCert(QByteArray data, const QString &pw) {
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
PKCS12 *pkcs = NULL;
BIO *mem = NULL;
STACK_OF(X509) *certs = NULL;
Settings::KeyPair kp;
int ret = 0;
mem = BIO_new_mem_buf(data.data(), data.size());
Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE));
pkcs = d2i_PKCS12_bio(mem, NULL);
if (pkcs) {
ret = PKCS12_parse(pkcs, NULL, &pkey, &x509, &certs);
if (pkcs && !pkey && !x509 && ! pw.isEmpty()) {
if (certs) {
if (ret)
sk_X509_free(certs);
certs = NULL;
}
ret = PKCS12_parse(pkcs, pw.toUtf8().constData(), &pkey, &x509, &certs);
}
if (pkey && x509 && X509_check_private_key(x509, pkey)) {
unsigned char *dptr;
QByteArray key, crt;
key.resize(i2d_PrivateKey(pkey, NULL));
dptr=reinterpret_cast<unsigned char *>(key.data());
i2d_PrivateKey(pkey, &dptr);
crt.resize(i2d_X509(x509, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(x509, &dptr);
QSslCertificate qscCert = QSslCertificate(crt, QSsl::Der);
QSslKey qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
QList<QSslCertificate> qlCerts;
qlCerts << qscCert;
if (certs) {
for (int i=0;i<sk_X509_num(certs);++i) {
X509 *c = sk_X509_value(certs, i);
crt.resize(i2d_X509(c, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(c, &dptr);
QSslCertificate cert = QSslCertificate(crt, QSsl::Der);
qlCerts << cert;
}
}
bool valid = ! qskKey.isNull();
foreach(const QSslCertificate &cert, qlCerts)
valid = valid && ! cert.isNull();
if (valid)
kp = Settings::KeyPair(qlCerts, qskKey);
}
}
BIO *neo4j_openssl_new_bio(BIO *delegate, const char *hostname, int port,
const neo4j_config_t *config, uint_fast32_t flags)
{
neo4j_logger_t *logger = neo4j_get_logger(config, "tls");
SSL_CTX *ctx = new_ctx(config, logger);
if (ctx == NULL)
{
return NULL;
}
BIO *ssl_bio = BIO_new_ssl(ctx, 1);
if (ssl_bio == NULL)
{
errno = openssl_error(logger, NEO4J_LOG_ERROR, __FILE__, __LINE__);
SSL_CTX_free(ctx);
goto failure;
}
SSL_CTX_free(ctx);
BIO_push(ssl_bio, delegate);
if (BIO_set_close(ssl_bio, BIO_CLOSE) != 1)
{
errno = openssl_error(logger, NEO4J_LOG_ERROR, __FILE__, __LINE__);
goto failure;
}
int result = BIO_do_handshake(ssl_bio);
if (result != 1)
{
if (result == 0)
{
errno = NEO4J_NO_SERVER_TLS_SUPPORT;
goto failure;
}
errno = openssl_error(logger, NEO4J_LOG_ERROR, __FILE__, __LINE__);
goto failure;
}
SSL *ssl = NULL;
BIO_get_ssl(ssl_bio, &ssl);
assert(ssl != NULL);
if (verify(ssl, hostname, port, config, flags, logger))
{
goto failure;
}
return ssl_bio;
int errsv;
failure:
errsv = errno;
BIO_free(ssl_bio);
errno = errsv;
return NULL;
}
/*
* Equivalent of X509_NAME_oneline that respects encoding
*
* This function converts X509_NAME structure to the text variable
* converting all textual data into current database encoding.
*
* Parameter: X509_NAME *name X509_NAME structure to be converted
*
* Returns: text datum which contains string representation of
* X509_NAME
*/
static Datum
X509_NAME_to_text(X509_NAME *name)
{
BIO *membuf = BIO_new(BIO_s_mem());
int i,
nid,
count = X509_NAME_entry_count(name);
X509_NAME_ENTRY *e;
ASN1_STRING *v;
const char *field_name;
size_t size;
char nullterm;
char *sp;
char *dp;
text *result;
if (membuf == NULL)
ereport(ERROR,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("could not create OpenSSL BIO structure")));
(void) BIO_set_close(membuf, BIO_CLOSE);
for (i = 0; i < count; i++)
{
e = X509_NAME_get_entry(name, i);
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
if (nid == NID_undef)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("could not get NID for ASN1_OBJECT object")));
v = X509_NAME_ENTRY_get_data(e);
field_name = OBJ_nid2sn(nid);
if (field_name == NULL)
field_name = OBJ_nid2ln(nid);
if (field_name == NULL)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("could not convert NID %d to an ASN1_OBJECT structure", nid)));
BIO_printf(membuf, "/%s=", field_name);
ASN1_STRING_print_ex(membuf, v,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
}
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = pg_any_to_server(sp, size - 1, PG_UTF8);
result = cstring_to_text(dp);
if (dp != sp)
pfree(dp);
if (BIO_free(membuf) != 1)
elog(ERROR, "could not free OpenSSL BIO structure");
PG_RETURN_TEXT_P(result);
}
int ssl3_init_finished_mac(SSL *s) {
BIO_free(s->s3->handshake_buffer);
ssl3_free_digest_list(s);
s->s3->handshake_buffer = BIO_new(BIO_s_mem());
if (s->s3->handshake_buffer == NULL) {
return 0;
}
BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
return 1;
}
/*
* Equivalent of X509_NAME_oneline that respects encoding
*
* This function converts X509_NAME structure to the text variable
* converting all textual data into current database encoding.
*
* Parameter: X509_NAME *name X509_NAME structure to be converted
*
* Returns: text datum which contains string representation of
* X509_NAME
*/
Datum
X509_NAME_to_text(X509_NAME *name)
{
BIO *membuf = BIO_new(BIO_s_mem());
int i,
nid,
count = X509_NAME_entry_count(name);
X509_NAME_ENTRY *e;
ASN1_STRING *v;
const char *field_name;
size_t size,
outlen;
char *sp;
char *dp;
text *result;
(void) BIO_set_close(membuf, BIO_CLOSE);
for (i = 0; i < count; i++)
{
e = X509_NAME_get_entry(name, i);
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
v = X509_NAME_ENTRY_get_data(e);
field_name = OBJ_nid2sn(nid);
if (!field_name)
field_name = OBJ_nid2ln(nid);
BIO_printf(membuf, "/%s=", field_name);
ASN1_STRING_print_ex(membuf, v,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
}
i = 0;
BIO_write(membuf, &i, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = (char *) pg_do_encoding_conversion((unsigned char *) sp,
size - 1,
PG_UTF8,
GetDatabaseEncoding());
BIO_free(membuf);
outlen = strlen(dp);
result = palloc(VARHDRSZ + outlen);
memcpy(VARDATA(result), dp, outlen);
/*
* pg_do_encoding_conversion has annoying habit of returning source
* pointer
*/
if (dp != sp)
pfree(dp);
VARATT_SIZEP(result) = outlen + VARHDRSZ;
PG_RETURN_TEXT_P(result);
}
/*
* Convert bytea to X509.
*/
static X509 * x509_from_bytea(const bytea *raw) {
BIO *bio;
X509 *cert;
// convert into X509
bio = BIO_new_mem_buf(VARDATA(raw), VARSIZE(raw) - VARHDRSZ);
BIO_set_close(bio, BIO_NOCLOSE);
cert = X509_new();
d2i_X509_bio(bio, &cert);
BIO_free(bio);
return cert;
}
void pki_write_certificate_in_mem(X509 *certificate, char **certificate_ptr, long *size)
{
BIO *bio_mem = NULL;
bio_mem = BIO_new(BIO_s_mem());
PEM_write_bio_X509(bio_mem, certificate);
*size = BIO_get_mem_data(bio_mem, certificate_ptr);
*(*certificate_ptr + *size) = '\0';
(void)BIO_set_close(bio_mem, BIO_NOCLOSE);
BIO_free(bio_mem);
}
int ssl3_init_finished_mac(SSL *s)
{
BIO *buf = BIO_new(BIO_s_mem());
if (buf == NULL) {
SSLerr(SSL_F_SSL3_INIT_FINISHED_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
ssl3_free_digest_list(s);
s->s3->handshake_buffer = buf;
(void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
return 1;
}
void pki_write_privatekey_in_mem(EVP_PKEY *privatekey, char **privatekey_ptr, long *size)
{
BIO *bio_mem = NULL;
bio_mem = BIO_new(BIO_s_mem());
PEM_write_bio_PrivateKey(bio_mem, privatekey, NULL, NULL, 0, 0, NULL);
*size = BIO_get_mem_data(bio_mem, privatekey_ptr);
*(*privatekey_ptr + *size) = '\0';
(void)BIO_set_close(bio_mem, BIO_NOCLOSE);
BIO_free(bio_mem);
}
void X509Certificate_OpenSSL::write
(utility::outputStream& os, const Format format) const
{
BIO* membio = 0;
int dataSize = 0;
unsigned char* out = 0;
if (format == FORMAT_DER)
{
if ((dataSize = i2d_X509(m_data->cert, &out)) < 0)
goto err;
os.write(reinterpret_cast <utility::stream::value_type*>(out), dataSize);
os.flush();
OPENSSL_free(out);
}
else if (format == FORMAT_PEM)
{
membio = BIO_new(BIO_s_mem());
BIO_set_close(membio, BIO_CLOSE);
if (!PEM_write_bio_X509(membio, m_data->cert))
goto pem_err;
dataSize = BIO_get_mem_data(membio, &out);
os.write(reinterpret_cast <utility::stream::value_type*>(out), dataSize);
os.flush();
BIO_vfree(membio);
}
else
{
throw vmime::exceptions::unsupported_certificate_type("Unknown cert type");
}
return; // #### Early Return ####
pem_err:
{
if (membio)
BIO_vfree(membio);
}
err:
{
char errstr[256];
long ec = ERR_get_error();
ERR_error_string(ec, errstr);
throw vmime::exceptions::certificate_exception(
"OpenSSLX509Certificate_OpenSSL::write exception - " + string(errstr));
}
}
int Base64Encode(unsigned char **dest, const char *src, unsigned int slen){
BIO *bio, *b64;
BUF_MEM *bufferPtr;
int numBytesEncoded = 0;
b64 = BIO_new(BIO_f_base64());
if (!b64) return 0;
bio = BIO_new(BIO_s_mem());
if (!bio) return 0;
bio = BIO_push(b64, bio);
if (!bio) return 0;
BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
if (BIO_write(bio, src, slen - 1) <= 0){
if (bio) BIO_free_all(bio);
return 0;
}
if (1 != BIO_flush(bio)) {
if (bio) BIO_free_all(bio);
return 0;
}
BIO_get_mem_ptr(bio, &bufferPtr);
BIO_set_close(bio, BIO_NOCLOSE);
if (bio) BIO_free_all(bio);
// *dest = (char *)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (*bufferPtr).length + 1);
*dest = (char *)malloc((*bufferPtr).length + 1);
if (*dest == NULL) return false;
(*bufferPtr).data[(*bufferPtr).length] = '\0';
//strncpy_s(*dest, (*bufferPtr).length + 1, (*bufferPtr).data, (*bufferPtr).length);
strncpy(*dest, (*bufferPtr).data, (*bufferPtr).length + 1);
numBytesEncoded = (*bufferPtr).length + 1;
if (bufferPtr) {
free(bufferPtr);
bufferPtr = NULL;
}
return numBytesEncoded;
}
char *base64encode (const void *b64_encode_this, int encode_this_many_bytes){
BIO *b64_bio, *mem_bio; //Declares two OpenSSL BIOs: a base64 filter and a memory BIO.
BUF_MEM *mem_bio_mem_ptr; //Pointer to a "memory BIO" structure holding our base64 data.
b64_bio = BIO_new(BIO_f_base64()); //Initialize our base64 filter BIO.
mem_bio = BIO_new(BIO_s_mem()); //Initialize our memory sink BIO.
BIO_push(b64_bio, mem_bio); //Link the BIOs by creating a filter-sink BIO chain.
BIO_set_flags(b64_bio, BIO_FLAGS_BASE64_NO_NL); //No newlines every 64 characters or less.
BIO_write(b64_bio, b64_encode_this, encode_this_many_bytes); //Records base64 encoded data.
BIO_flush(b64_bio); //Flush data. Necessary for b64 encoding, because of pad characters.
BIO_get_mem_ptr(mem_bio, &mem_bio_mem_ptr); //Store address of mem_bio's memory structure.
BIO_set_close(mem_bio, BIO_NOCLOSE); //Permit access to mem_ptr after BIOs are destroyed.
BIO_free_all(b64_bio); //Destroys all BIOs in chain, starting with b64 (i.e. the 1st one).
BUF_MEM_grow(mem_bio_mem_ptr, (*mem_bio_mem_ptr).length + 1); //Makes space for end null.
(*mem_bio_mem_ptr).data[(*mem_bio_mem_ptr).length] = '\0'; //Adds null-terminator to tail.
return (*mem_bio_mem_ptr).data; //Returns base-64 encoded data. (See: "buf_mem_st" struct).
}
const byteArray X509Certificate_OpenSSL::getFingerprint(const DigestAlgorithm algo) const
{
BIO *out;
int j;
unsigned int n;
const EVP_MD *digest;
unsigned char * fingerprint, *result;
unsigned char md[EVP_MAX_MD_SIZE];
switch (algo)
{
case DIGEST_MD5:
digest = EVP_md5();
break;
default:
case DIGEST_SHA1:
digest = EVP_sha1();
break;
}
out = BIO_new(BIO_s_mem());
BIO_set_close(out, BIO_CLOSE);
if (X509_digest(m_data->cert, digest, md, &n))
{
for (j=0; j<(int)n; j++)
{
BIO_printf (out, "%02X",md[j]);
if (j+1 != (int)n) BIO_printf(out, ":");
}
}
n = BIO_get_mem_data(out, &fingerprint);
result = new unsigned char[n];
memcpy (result, fingerprint, n);
BIO_free(out);
byteArray res;
res.insert(res.end(), &result[0], &result[0] + n);
delete [] result;
return res;
}
// Adds a buffer containing one or more PEM-encoded
// root certificates to the X509PEMVerifier.
//
// If the certificate (or one of the certificates) could not be
// parsed AddPEM will return immediately, resulting in all of the
// certificates up to the bad certicate being added to the verifier.
bool X509PEMVerifier::AddPEM(const ByteArray &buf) {
BIO *mem = BIO_new_mem_buf(static_cast<void *>(const_cast<char *>(buf.ConstData())), buf.Length());
(void) BIO_set_close(mem, BIO_NOCLOSE);
int ncerts = 0;
while (1) {
X509 *x = PEM_read_bio_X509_AUX(mem, nullptr, nullptr, nullptr);
if (x == nullptr) {
return false;
}
X509_STORE_add_cert(store_, x);
X509_free(x);
ncerts++;
}
return true;
}
/*
* Equivalent of X509_NAME_oneline that respects encoding
*
* This function converts X509_NAME structure to the text variable
* converting all textual data into current database encoding.
*
* Parameter: X509_NAME *name X509_NAME structure to be converted
*
* Returns: text datum which contains string representation of
* X509_NAME
*/
datum_t
X509_NAME_to_text(X509_NAME *name)
{
BIO *membuf = BIO_new(BIO_s_mem());
int i,
nid,
count = X509_NAME_entry_count(name);
X509_NAME_ENTRY *e;
ASN1_STRING *v;
const char *field_name;
size_t size;
char nullterm;
char *sp;
char *dp;
text *result;
(void) BIO_set_close(membuf, BIO_CLOSE);
for (i = 0; i < count; i++)
{
e = X509_NAME_get_entry(name, i);
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
v = X509_NAME_ENTRY_get_data(e);
field_name = OBJ_nid2sn(nid);
if (!field_name)
field_name = OBJ_nid2ln(nid);
BIO_printf(membuf, "/%s=", field_name);
ASN1_STRING_print_ex(membuf, v,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
}
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = (char *) pg_do_encoding_conversion((unsigned char *) sp,
size - 1,
PG_UTF8,
get_db_encoding());
result = cstring_to_text(dp);
if (dp != sp)
pfree(dp);
BIO_free(membuf);
RET_TEXT_P(result);
}
/*
* Convert an X509 subject name to a cstring.
*
*/
static char *
X509_NAME_to_cstring(X509_NAME *name)
{
BIO *membuf = BIO_new(BIO_s_mem());
int i,
nid,
count = X509_NAME_entry_count(name);
X509_NAME_ENTRY *e;
ASN1_STRING *v;
const char *field_name;
size_t size;
char nullterm;
char *sp;
char *dp;
char *result;
(void) BIO_set_close(membuf, BIO_CLOSE);
for (i = 0; i < count; i++)
{
e = X509_NAME_get_entry(name, i);
nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(e));
v = X509_NAME_ENTRY_get_data(e);
field_name = OBJ_nid2sn(nid);
if (!field_name)
field_name = OBJ_nid2ln(nid);
BIO_printf(membuf, "/%s=", field_name);
ASN1_STRING_print_ex(membuf, v,
((ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB)
| ASN1_STRFLGS_UTF8_CONVERT));
}
/* ensure null termination of the BIO's content */
nullterm = '\0';
BIO_write(membuf, &nullterm, 1);
size = BIO_get_mem_data(membuf, &sp);
dp = pg_any_to_server(sp, size - 1, PG_UTF8);
result = pstrdup(dp);
if (dp != sp)
pfree(dp);
BIO_free(membuf);
return result;
}
static LUA_FUNCTION(openssl_bio_new_mem)
{
size_t l = 0;
BIO *bio = BIO_new(BIO_s_mem());
if (lua_isnumber(L, 1))
{
l = lua_tointeger(L, 1);
BIO_set_buffer_size(bio, l);
}
else if (lua_isstring(L, 1))
{
const char* d = (char*)luaL_checklstring(L, 1, &l);
BIO_write(bio, d, l);
}
BIO_set_close(bio, BIO_CLOSE);
PUSH_OBJECT(bio, "openssl.bio");
return 1;
}
char* encode_base64(unsigned char* data, size_t length) {
BIO *bmem, *b64;
BUF_MEM *bufmem;
b64 = BIO_new(BIO_f_base64());
bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64, bmem);
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
BIO_write(b64, data, length);
BIO_flush(b64);
BIO_get_mem_ptr(b64, &bufmem);
BIO_set_close(b64, BIO_NOCLOSE);
BIO_free_all(b64);
return bufmem->data;
}
int Base64Encode(const unsigned char* buffer, size_t length, char** b64text) { //Encodes a binary safe base 64 string
BIO *bio, *b64;
BUF_MEM *bufferPtr;
b64 = BIO_new(BIO_f_base64());
bio = BIO_new(BIO_s_mem());
bio = BIO_push(b64, bio);
BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Ignore newlines - write everything in one line
BIO_write(bio, buffer, length);
BIO_flush(bio);
BIO_get_mem_ptr(bio, &bufferPtr);
BIO_set_close(bio, BIO_NOCLOSE);
BIO_free_all(bio);
*b64text=(*bufferPtr).data;
return (0); //success
}
