static int def_load_bio(CONF *conf, BIO *in, long *line) { /* The macro BUFSIZE conflicts with a system macro in VxWorks */ #define CONFBUFSIZE 512 int bufnum = 0, i, ii; BUF_MEM *buff = NULL; char *s, *p, *end; int again; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; CONF_VALUE *sv = NULL; char *section = NULL, *buf; char *start, *psection, *pname; void *h = (void *)(conf->data); STACK_OF(BIO) *biosk = NULL; #ifndef OPENSSL_NO_POSIX_IO char *dirpath = NULL; OPENSSL_DIR_CTX *dirctx = NULL; #endif if ((buff = BUF_MEM_new()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); goto err; } section = OPENSSL_strdup("default"); if (section == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } if (_CONF_new_data(conf) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } sv = _CONF_new_section(conf, section); if (sv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } bufnum = 0; again = 0; for (;;) { if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); goto err; } p = &(buff->data[bufnum]); *p = '\0'; read_retry: BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); if (i == 0 && !again) { /* the currently processed BIO is at EOF */ BIO *parent; #ifndef OPENSSL_NO_POSIX_IO /* continue processing with the next file from directory */ if (dirctx != NULL) { BIO *next; if ((next = get_next_file(dirpath, &dirctx)) != NULL) { BIO_vfree(in); in = next; goto read_retry; } else { OPENSSL_free(dirpath); dirpath = NULL; } } #endif /* no more files in directory, continue with processing parent */ if ((parent = sk_BIO_pop(biosk)) == NULL) { /* everything processed get out of the loop */ break; } else { BIO_vfree(in); in = parent; goto read_retry; } } again = 0; while (i > 0) { if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) break; else i--; } /* * we removed some trailing stuff so there is a new line on the end. */ if (ii && i == ii) again = 1; /* long line */ else { p[i] = '\0'; eline++; /* another input line */ } /* we now have a line with trailing \r\n removed */ /* i is the number of bytes */ bufnum += i; v = NULL; /* check for line continuation */ if (bufnum >= 1) { /* * If we have bytes and the last char '\\' and second last char * is not '\\' */ p = &(buff->data[bufnum - 1]); if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { bufnum--; again = 1; } } if (again) continue; bufnum = 0; buf = buff->data; clear_comments(conf, buf); s = eat_ws(conf, buf); if (IS_EOF(conf, *s)) continue; /* blank line */ if (*s == '[') { char *ss; s++; start = eat_ws(conf, s); ss = start; again: end = eat_alpha_numeric(conf, ss); p = eat_ws(conf, end); if (*p != ']') { if (*p != '\0' && ss != p) { ss = p; goto again; } CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); goto err; } *end = '\0'; if (!str_copy(conf, NULL, §ion, start)) goto err; if ((sv = _CONF_get_section(conf, section)) == NULL) sv = _CONF_new_section(conf, section); if (sv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } continue; } else { pname = s; end = eat_alpha_numeric(conf, s); if ((end[0] == ':') && (end[1] == ':')) { *end = '\0'; end += 2; psection = pname; pname = end; end = eat_alpha_numeric(conf, end); } else { psection = section; } p = eat_ws(conf, end); if (strncmp(pname, ".include", 8) == 0 && (p != pname + 8 || *p == '=')) { char *include = NULL; BIO *next; if (*p == '=') { p++; p = eat_ws(conf, p); } trim_ws(conf, p); if (!str_copy(conf, psection, &include, p)) goto err; /* get the BIO of the included file */ #ifndef OPENSSL_NO_POSIX_IO next = process_include(include, &dirctx, &dirpath); if (include != dirpath) { /* dirpath will contain include in case of a directory */ OPENSSL_free(include); } #else next = BIO_new_file(include, "r"); OPENSSL_free(include); #endif if (next != NULL) { /* push the currently processing BIO onto stack */ if (biosk == NULL) { if ((biosk = sk_BIO_new_null()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } } if (!sk_BIO_push(biosk, in)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } /* continue with reading from the included BIO */ in = next; } continue; } else if (*p != '=') { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN); goto err; } *end = '\0'; p++; start = eat_ws(conf, p); trim_ws(conf, start); if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } v->name = OPENSSL_strdup(pname); v->value = NULL; if (v->name == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } if (!str_copy(conf, psection, &(v->value), start)) goto err; if (strcmp(psection, section) != 0) { if ((tv = _CONF_get_section(conf, psection)) == NULL) tv = _CONF_new_section(conf, psection); if (tv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } } else tv = sv; if (_CONF_add_string(conf, tv, v) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } v = NULL; } } BUF_MEM_free(buff); OPENSSL_free(section); /* * No need to pop, since we only get here if the stack is empty. * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE! */ sk_BIO_free(biosk); return 1; err: BUF_MEM_free(buff); OPENSSL_free(section); /* * Since |in| is the first element of the stack and should NOT be freed * here, we cannot use sk_BIO_pop_free(). Instead, we pop and free one * BIO at a time, making sure that the last one popped isn't. */ while (sk_BIO_num(biosk) > 0) { BIO *popped = sk_BIO_pop(biosk); BIO_vfree(in); in = popped; } sk_BIO_free(biosk); #ifndef OPENSSL_NO_POSIX_IO OPENSSL_free(dirpath); if (dirctx != NULL) OPENSSL_DIR_end(&dirctx); #endif if (line != NULL) *line = eline; BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); ERR_add_error_data(2, "line ", btmp); if (h != conf->data) { CONF_free(conf->data); conf->data = NULL; } if (v != NULL) { OPENSSL_free(v->name); OPENSSL_free(v->value); OPENSSL_free(v); } return 0; }
int MAIN(int argc, char **argv) { int i,badops=0, ret = 1; BIO *in = NULL,*out = NULL, *key = NULL; int verify=0,noout=0,pubkey=0; char *infile = NULL,*outfile = NULL,*prog; char *passargin = NULL, *passin = NULL; char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL; char *challenge = NULL, *keyfile = NULL; LHASH *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; apps_startup(); if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); prog=argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-passin") == 0) { if (--argc < 1) goto bad; passargin= *(++argv); } else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; keyfile= *(++argv); } else if (strcmp(*argv,"-challenge") == 0) { if (--argc < 1) goto bad; challenge= *(++argv); } else if (strcmp(*argv,"-spkac") == 0) { if (--argc < 1) goto bad; spkac= *(++argv); } else if (strcmp(*argv,"-spksect") == 0) { if (--argc < 1) goto bad; spksect= *(++argv); } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) pubkey=1; else if (strcmp(*argv,"-verify") == 0) verify=1; else badops = 1; argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options]\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -key arg create SPKAC using private key\n"); BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -challenge arg challenge string\n"); BIO_printf(bio_err," -spkac arg alternative SPKAC name\n"); BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); goto end; } ERR_load_crypto_strings(); if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if(keyfile) { if(strcmp(keyfile, "-")) key = BIO_new_file(keyfile, "r"); else key = BIO_new_fp(stdin, BIO_NOCLOSE); if(!key) { BIO_printf(bio_err, "Error opening key file\n"); ERR_print_errors(bio_err); goto end; } pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, passin); if(!pkey) { BIO_printf(bio_err, "Error reading private key\n"); ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_new(); if(challenge) ASN1_STRING_set(spki->spkac->challenge, challenge, strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } if(!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); goto end; } BIO_printf(out, "SPKAC=%s\n", spkstr); OPENSSL_free(spkstr); ret = 0; goto end; } if (infile) in = BIO_new_file(infile, "r"); else in = BIO_new_fp(stdin, BIO_NOCLOSE); if(!in) { BIO_printf(bio_err, "Error opening input file\n"); ERR_print_errors(bio_err); goto end; } conf = CONF_load_bio(NULL, in, NULL); if(!conf) { BIO_printf(bio_err, "Error parsing config file\n"); ERR_print_errors(bio_err); goto end; } spkstr = CONF_get_string(conf, spksect, spkac); if(!spkstr) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); ERR_print_errors(bio_err); goto end; } spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); if(!spki) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; } if (outfile) out = BIO_new_file(outfile, "w"); else { out = BIO_new_fp(stdout, BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } if(!out) { BIO_printf(bio_err, "Error opening output file\n"); ERR_print_errors(bio_err); goto end; } if(!noout) NETSCAPE_SPKI_print(out, spki); pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { i = NETSCAPE_SPKI_verify(spki, pkey); if(i) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; } } if(pubkey) PEM_write_bio_PUBKEY(out, pkey); ret = 0; end: CONF_free(conf); NETSCAPE_SPKI_free(spki); BIO_free(in); BIO_free_all(out); BIO_free(key); EVP_PKEY_free(pkey); if(passin) OPENSSL_free(passin); EXIT(ret); }
static int def_load_bio(CONF *conf, BIO *in, long *line) { /* The macro BUFSIZE conflicts with a system macro in VxWorks */ #define CONFBUFSIZE 512 int bufnum = 0, i, ii; BUF_MEM *buff = NULL; char *s, *p, *end; int again; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; CONF_VALUE *sv = NULL; char *section = NULL, *buf; char *start, *psection, *pname; void *h = (void *)(conf->data); if ((buff = BUF_MEM_new()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); goto err; } section = (char *)OPENSSL_malloc(10); if (section == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } BUF_strlcpy(section, "default", 10); if (_CONF_new_data(conf) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } sv = _CONF_new_section(conf, section); if (sv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } bufnum = 0; again = 0; for (;;) { if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); goto err; } p = &(buff->data[bufnum]); *p = '\0'; BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = sgx_strlen(p); if (i == 0 && !again) break; again = 0; while (i > 0) { if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) break; else i--; } /* * we removed some trailing stuff so there is a new line on the end. */ if (ii && i == ii) again = 1; /* long line */ else { p[i] = '\0'; eline++; /* another input line */ } /* we now have a line with trailing \r\n removed */ /* i is the number of bytes */ bufnum += i; v = NULL; /* check for line continuation */ if (bufnum >= 1) { /* * If we have bytes and the last char '\\' and second last char * is not '\\' */ p = &(buff->data[bufnum - 1]); if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { bufnum--; again = 1; } } if (again) continue; bufnum = 0; buf = buff->data; clear_comments(conf, buf); s = eat_ws(conf, buf); if (IS_EOF(conf, *s)) continue; /* blank line */ if (*s == '[') { char *ss; s++; start = eat_ws(conf, s); ss = start; again: end = eat_alpha_numeric(conf, ss); p = eat_ws(conf, end); if (*p != ']') { if (*p != '\0' && ss != p) { ss = p; goto again; } CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); goto err; } *end = '\0'; if (!str_copy(conf, NULL, §ion, start)) goto err; if ((sv = _CONF_get_section(conf, section)) == NULL) sv = _CONF_new_section(conf, section); if (sv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } continue; } else { pname = s; psection = NULL; end = eat_alpha_numeric(conf, s); if ((end[0] == ':') && (end[1] == ':')) { *end = '\0'; end += 2; psection = pname; pname = end; end = eat_alpha_numeric(conf, end); } p = eat_ws(conf, end); if (*p != '=') { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN); goto err; } *end = '\0'; p++; start = eat_ws(conf, p); while (!IS_EOF(conf, *p)) p++; p--; while ((p != start) && (IS_WS(conf, *p))) p--; p++; *p = '\0'; if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } if (psection == NULL) psection = section; v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); v->value = NULL; if (v->name == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } BUF_strlcpy(v->name, pname, sgx_strlen(pname) + 1); if (!str_copy(conf, psection, &(v->value), start)) goto err; if (sgx_strcmp(psection, section) != 0) { if ((tv = _CONF_get_section(conf, psection)) == NULL) tv = _CONF_new_section(conf, psection); if (tv == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; } } else tv = sv; #if 1 if (_CONF_add_string(conf, tv, v) == 0) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } #else v->section = tv->section; if (!sk_CONF_VALUE_push(ts, v)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } vv = (CONF_VALUE *)lh_insert(conf->data, v); if (vv != NULL) { sk_CONF_VALUE_delete_ptr(ts, vv); OPENSSL_free(vv->name); OPENSSL_free(vv->value); OPENSSL_free(vv); } #endif v = NULL; } } if (buff != NULL) BUF_MEM_free(buff); if (section != NULL) OPENSSL_free(section); return (1); err: if (buff != NULL) BUF_MEM_free(buff); if (section != NULL) OPENSSL_free(section); if (line != NULL) *line = eline; BIO_snprintf(btmp, sizeof btmp, "%ld", eline); ERR_add_error_data(2, "line ", btmp); if ((h != conf->data) && (conf->data != NULL)) { CONF_free(conf->data); conf->data = NULL; } if (v != NULL) { if (v->name != NULL) OPENSSL_free(v->name); if (v->value != NULL) OPENSSL_free(v->value); if (v != NULL) OPENSSL_free(v); } return (0); }
CertificateRequestSPKAC* CertificateRequestFactory::fromSPKAC(std::string &path) throw (EncodeException, RandomException, NetscapeSPKIException) { STACK_OF(CONF_VALUE) *sk=NULL; LHASH_OF(CONF_VALUE) *parms=NULL; X509_REQ *req=NULL; CONF_VALUE *cv=NULL; NETSCAPE_SPKI *spki = NULL; X509_REQ_INFO *ri; char *type,*buf; EVP_PKEY *pktmp=NULL; X509_NAME *n=NULL; unsigned long chtype = MBSTRING_ASC; int i; long errline; int nid; CertificateRequestSPKAC* ret=NULL; /* * Load input file into a hash table. (This is just an easy * way to read and parse the file, then put it into a convenient * STACK format). */ parms=CONF_load(NULL,path.c_str(),&errline); if (parms == NULL) { throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } sk=CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BUFFER_READING, "CertificateRequestFactory::fromSPKAC"); } /* * Now create a dummy X509 request structure. We don't actually * have an X509 request, but we have many of the components * (a public key, various DN components). The idea is that we * put these components into the right X509 request structure * and we can use the same code as if you had a real X509 request. */ req=X509_REQ_new(); if (req == NULL) { if (parms != NULL) CONF_free(parms); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } /* * Build up the subject name set. */ ri=req->req_info; n = ri->subject; for (i = 0; ; i++) { if (sk_CONF_VALUE_num(sk) <= i) break; cv=sk_CONF_VALUE_value(sk,i); type=cv->name; /* Skip past any leading X. X: X, etc to allow for * multiple instances */ for (buf = cv->name; *buf ; buf++) if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { buf++; if (*buf) type = buf; break; } buf=cv->value; if ((nid=OBJ_txt2nid(type)) == NID_undef) { if (strcmp(type, "SPKAC") == 0) { spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw EncodeException(EncodeException::BASE64_DECODE, "CertificateRequestFactory::fromSPKAC"); } } continue; } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char *)buf, -1, -1, 0)) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw RandomException(RandomException::INTERNAL_ERROR, "CertificateRequestFactory::fromSPKAC"); } } if (spki == NULL) { if (parms != NULL) CONF_free(parms); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } /* * Now extract the key from the SPKI structure. */ if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL) { if (parms != NULL) CONF_free(parms); if (spki != NULL) NETSCAPE_SPKI_free(spki); throw NetscapeSPKIException(NetscapeSPKIException::SET_NO_VALUE, "CertificateRequestFactory::fromSPKAC"); } X509_REQ_set_pubkey(req,pktmp); EVP_PKEY_free(pktmp); ret = new CertificateRequestSPKAC(req, spki); return ret; }