int PKI_X509_STACK_put_url (PKI_X509_STACK *sk, PKI_DATA_FORMAT format, URL *url, const char *mime, PKI_CRED *cred, HSM *hsm) { PKI_MEM *mem = NULL; PKI_X509 *x_obj = NULL; PKI_SSL *ssl = NULL; int idx = 0; int ret = 0; if( !sk || !url ) { return ( PKI_ERR ); } if((idx = PKI_STACK_X509_elements (sk)) < 1 ) { return ( PKI_ERR ); } if( url->proto == URI_PROTO_ID && hsm ) { return ( HSM_X509_STACK_put_url ( sk, url, cred, hsm )); }; /* Now that we know the HSM is off the hook, we save it into a PKI_MEM structure and then we 'put' it via the general function */ /* if((mem = PKI_MEM_new_null()) == NULL ) { return (PKI_ERR); } */ if(PKI_X509_STACK_put_mem( sk, format, &mem, cred, hsm ) == NULL ) { if( mem ) PKI_MEM_free ( mem ); return ( PKI_ERR ); } /* Lets get the type of X509 objects we have on the stack */ if((x_obj = PKI_STACK_X509_get_num ( sk, 0 )) != NULL ) { mime = PKI_X509_get_mimetype ( x_obj->type ); } else { mime = PKI_X509_get_mimetype ( PKI_DATATYPE_UNKNOWN ); } if ( cred ) { ssl = (PKI_SSL *) cred->ssl; if ( !url->usr && cred->username ) { url->usr = strdup ( cred->username ); } if ( !url->pwd && cred->password ) { url->pwd = strdup ( cred->password ); } } ret = URL_put_data_url ( url, mem, (char *) mime, NULL, 60, 0, ssl ); if ( mem ) PKI_MEM_free ( mem ); return ( ret ); }
PKI_MEM * HSM_OPENSSL_sign(PKI_MEM *der, PKI_DIGEST_ALG *digest, PKI_X509_KEYPAIR *key) { EVP_MD_CTX *ctx = NULL; size_t out_size = 0; size_t ossl_ret = 0; PKI_MEM *out_mem = NULL; EVP_PKEY *pkey = NULL; if (!der || !der->data || !key || !key->value) { PKI_ERROR( PKI_ERR_PARAM_NULL, NULL); return NULL; } // Private Key pkey = key->value; // Get the Maximum size of a signature ossl_ret = out_size = (size_t) EVP_PKEY_size(pkey); // Initialize the return structure out_mem = PKI_MEM_new ((size_t)out_size); ctx = EVP_MD_CTX_new(); if (!out_mem || !ctx) { if (ctx) EVP_MD_CTX_free(ctx); if (out_mem) PKI_MEM_free(out_mem); PKI_ERROR( PKI_ERR_MEMORY_ALLOC, NULL); return NULL; } EVP_MD_CTX_init(ctx); EVP_SignInit_ex(ctx, digest, NULL); EVP_SignUpdate (ctx, der->data, der->size); // Finalize the signature if (!EVP_SignFinal(ctx, out_mem->data, (unsigned int *) &ossl_ret, pkey)) { PKI_log_err("ERROR while finalizing signature (%s)", HSM_OPENSSL_get_errdesc(HSM_OPENSSL_get_errno(), NULL, 0)); PKI_MEM_free(out_mem); out_mem = NULL; } else out_mem->size = (size_t) ossl_ret; // Cleanup the context #if OPENSSL_VERSION_NUMBER <= 0x1010000f EVP_MD_CTX_cleanup(ctx); #else EVP_MD_CTX_reset(ctx); #endif EVP_MD_CTX_free(ctx); return out_mem; }
/* * \brief Frees the memory associated with a PKI_HMAC */ void PKI_HMAC_free(PKI_HMAC *hmac) { if (!hmac) return; if (hmac->key) PKI_MEM_free (hmac->key); if (hmac->value) PKI_MEM_free (hmac->value); hmac->digestAlg = NULL; HMAC_CTX_cleanup(&hmac->ctx); }
void PKI_HTTP_free ( PKI_HTTP *rv ) { if ( !rv ) return; if ( rv->location ) PKI_Free ( rv->location ); if ( rv->type ) PKI_Free ( rv->type ); if ( rv->body ) PKI_MEM_free ( rv->body ); if ( rv->head ) PKI_MEM_free ( rv->head ); if ( rv->path ) PKI_Free ( rv->path ); PKI_Free ( rv ); return; }
PKI_DIGEST *PKI_DIGEST_URL_new ( PKI_DIGEST_ALG *alg, URL *url ) { PKI_MEM_STACK * stack = NULL; PKI_MEM *data = NULL; PKI_DIGEST *ret = NULL; if(( stack = URL_get_data_url( url, 0, 0, NULL )) == NULL ) { /* Error, Can not grab the data */ return ( NULL ); } if( (data = PKI_STACK_MEM_pop( stack )) == NULL ) { /* Error, no objects returned! */ PKI_STACK_free( stack ); return ( NULL ); } /* Calculate the Digest over the first object */ ret = PKI_DIGEST_MEM_new( alg, data ); /* Let's free the data */ PKI_MEM_free( data ); /* Let's free the stack data structure */ PKI_STACK_free ( stack ); /* Return the diget data */ return ( ret ); }
int PKI_MEM_decode(PKI_MEM *mem, PKI_DATA_FORMAT format, int opts) { PKI_MEM *decoded = NULL; if ((decoded = PKI_MEM_get_decoded(mem, format, opts)) == NULL) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); return PKI_ERR_MEMORY_ALLOC; } // Clears the memory for the old PKI_MEM if (mem->data) PKI_Free(mem->data); // Transfer ownership of the data mem->data = decoded->data; mem->size = decoded->size; // Clears the encoded data container decoded->data = NULL; decoded->size = 0; // Free the newly-allocated (now empty) container PKI_MEM_free(decoded); // Returns success return PKI_OK; }
PKI_MEM *PKI_MEM_new_func ( void *obj, int (*func)(void *, unsigned char **p)) { size_t size = 0; int i = 0; PKI_MEM * ret = NULL; if (!obj || !func ) return NULL; if((i = func ( obj, NULL)) <= 0 ) { return NULL; } size = (size_t) i; if((ret = PKI_MEM_new ( size )) == NULL ) { return NULL; } if ( !func(obj, &(ret->data)) ) { PKI_MEM_free ( ret ); return NULL; } return ret; }
int PKI_HMAC_finalize(PKI_HMAC *hmac) { int size = 0; unsigned int verify_size = 0; if (!hmac || !hmac->initialized) return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); // Let's prepare the return value size = EVP_MD_size(hmac->digestAlg); verify_size = (unsigned int) size; // Generate a new PKI_MEM container hmac->value = PKI_MEM_new((size_t) size); // Let's finalize the HMAC #if OPENSSL_VERSION_NUMBER > 0x0090900fL int rv = HMAC_Final(&hmac->ctx, hmac->value->data, &verify_size); if (!rv) { PKI_log_err("can not finalize HMAC"); PKI_MEM_free(hmac->value); hmac->value = NULL; return PKI_ERR; } #else // In OpenSSL < 0.9.9 the return value is actually void HMAC_Final(&hmac->ctx, hmac->value->data, &verify_size); #endif // Checks the sizes if (verify_size != size) { PKI_log_err("Error while finalizing HMAC, size (%d) should be (%d)", verify_size, hmac->value->size); PKI_MEM_free(hmac->value); hmac->value = NULL; return PKI_ERR; } return PKI_OK; }
/* BUF_MEM *http_get_data ( BIO *in, ssize_t max_size ) { BUF_MEM *buf = NULL; size_t fullsize = 0; int newsize = 0; if( !in ) return NULL; buf = BUF_MEM_new(); for (;;) { if ((buf == NULL) || (!BUF_MEM_grow(buf, (int) (fullsize+512)))) { PKI_log( PKI_LOG_ERR, "Memory Allocation Err (%s:%d)", __FILE__, __LINE__ ); return ( NULL ); } newsize = BIO_read(in, &(buf->data[fullsize]), 512); if (newsize == 0) break; if (newsize < 0) { BUF_MEM_free( buf ); return NULL; } fullsize += (size_t) newsize; if( (max_size > 0) && (fullsize > max_size)) { // fprintf( stderr, // "ERROR::HTTP::Read::Max read size exceeded " // " [ %d ]", max_size ); BUF_MEM_free( buf ); return NULL; } } buf->data[fullsize] = '\x0'; return buf; } */ PKI_X509_PRQP_RESP *PKI_X509_PRQP_RESP_get_http ( URL *url, PKI_X509_PRQP_REQ *req, unsigned long max_size ) { PKI_MEM *mem = NULL; PKI_X509_PRQP_RESP *resp = NULL; PKI_MEM_STACK *mem_sk = NULL; if(( mem = PKI_X509_PRQP_REQ_put_mem ( req, PKI_DATA_FORMAT_ASN1, NULL, NULL, NULL )) == NULL ) { return NULL; } if ( URL_put_data_url ( url, mem, "application/prqp-request", &mem_sk, 60, 0, NULL ) == PKI_ERR ) { PKI_MEM_free ( mem ); return NULL; } PKI_MEM_free ( mem ); if ( PKI_STACK_MEM_elements ( mem_sk ) <= 0 ) { PKI_log_debug ("No Responses received!"); } if((mem = PKI_STACK_MEM_pop ( mem_sk )) == NULL ) { PKI_log_debug ("STACK Memory Error"); PKI_STACK_MEM_free_all ( mem_sk ); return NULL; } if((resp = PKI_X509_PRQP_RESP_get_mem ( mem, NULL, NULL )) == NULL ) { PKI_log_debug ( "Can not read response from Memory."); } PKI_STACK_MEM_free_all ( mem_sk ); return resp; }
/* * \brief Initializes the passed hmac to use the passed key and digest algorithm */ int PKI_HMAC_init(PKI_HMAC *hmac, unsigned char *key, size_t key_size, PKI_DIGEST_ALG *digest, HSM *hsm) { if (!hmac) return PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); // Free the memory if another key was used if (hmac->key) PKI_MEM_free(hmac->key); hmac->key = NULL; if (hmac->value) PKI_MEM_free(hmac->value); hmac->value = NULL; // Generate the new PKI_MEM to hold the key data hmac->key = PKI_MEM_new_data(key_size, key); if (!hmac->key || !hmac->key->data || hmac->key->size <= 0) { hmac->initialized = 0; return PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); } // Sets the algoritm hmac->digestAlg = digest ? digest : PKI_DIGEST_ALG_SHA1; // Checks if HSM implementation was asked by the developer if (hsm) { PKI_ERROR(PKI_ERR_GENERAL, "Code to support HMAC on HSMs not implemented, yet."); hmac->initialized = 0; return PKI_ERR; } // Initializes the Context HMAC_Init_ex(&hmac->ctx, (const void *) key, (int) key_size, hmac->digestAlg, NULL); // Sets the initialization flag hmac->initialized = 1; return PKI_OK; }
PKI_MEM *PKI_MEM_new ( size_t size ) { PKI_MEM *ret = NULL; ret = PKI_MEM_new_null(); if( !ret ) return (NULL); ret->data = PKI_Malloc ( size ); if( !ret->data ) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); PKI_MEM_free ( ret ); return (NULL); } ret->size = size; return(ret); }
int PKI_X509_SCEP_DATA_set_x509_obj ( PKI_X509_SCEP_DATA *data, PKI_X509 *obj ) { PKI_MEM *mem = NULL; int ret = PKI_ERR; if ( !data || !data->value || !obj || !obj->value ) return PKI_ERR; if (( mem = PKI_X509_put_mem ( obj, PKI_DATA_FORMAT_ASN1, NULL, NULL )) == NULL ) return PKI_ERROR(PKI_ERR_GENERAL, NULL); ret = PKI_X509_SCEP_DATA_set_raw_data ( data, mem->data, (ssize_t) mem->size ); PKI_MEM_free ( mem ); return ret; }
/* * \brief Returns a B64 encoded PKI_MEM for the hmac value */ PKI_MEM *PKI_HMAC_get_value_b64(PKI_HMAC *hmac) { PKI_MEM *ret = NULL; // This returns a duplicate of the PKI_MEM value ret = PKI_HMAC_get_value(hmac); if (!ret) PKI_log_err("can not get the HMAC PKI_MEM value"); // If a valid PKI_MEM is returned, let's B64 it if (ret && ret->data && ret->size > 0) { if (PKI_MEM_encode(ret, PKI_DATA_FORMAT_B64, 0) != PKI_OK) { PKI_log_err("can not B64 encoding HMAC PKI_MEM value"); if (ret) PKI_MEM_free(ret); return NULL; } } return ret; }
PKI_HTTP *PKI_HTTP_get_message (const PKI_SOCKET * sock, int timeout, size_t max_size) { PKI_HTTP * ret = NULL; char * eoh = NULL; char * body = NULL; ssize_t read = 0; // Keeps track of the single reading ssize_t free = 0; // Keeps track of the remaining buffer space ssize_t idx = 0; // Keeps track of how much data we poured into MEM ssize_t size = 0; // Keeps track of the read data from socket // Let's initialize some useful variables (code readability) long long content_length = -1; // Buffer where to keep the data PKI_MEM *m = NULL; // Allocates the HTTP message container if ((ret = PKI_HTTP_new()) == NULL) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL ); goto err; } ret->method = PKI_HTTP_METHOD_UNKNOWN; if (max_size > 0) { // Allocates a new MEM object m = PKI_MEM_new(max_size + 1); } else { // Allocates the default buffer for HTTP messages m = PKI_MEM_new(HTTP_BUF_SIZE + 1); } if (m == NULL) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); return NULL; } // Sets the free space in the buffer free = (ssize_t) m->size - 1; // Let's retrieve the data from the socket. Note that this for // always read at most 'free' bytes which carries the amount of // free space in the buffer -> safe for (read = PKI_SOCKET_read(sock, (char *)(&(m->data[idx])), (size_t) free, timeout); read > 0; read = PKI_SOCKET_read(sock, (char *)(&(m->data[idx])), (size_t) free, timeout)) { // If read is negative, there was an error on the socket // let's just report it as an error and move on if (read < 0) { if (!eoh) { PKI_log_err("Error while reading from socket"); goto err; } else { // Nothing to read anymore - let's break PKI_log_err("Nothing to read anymore (read = %d)", read); break; } } else if (read == 0 && eoh) { // No data was read, let's assume the stream is complete and // break from the for loop break; } // Let's be sure there is a NULL-bound limit to the read data size += read; free -= read; m->data[size] = '\x0'; // If we don't have a header yet, let's look for it if (!eoh && ((eoh = __find_end_of_header(m, idx)) != NULL)) { // We want the header to finish with just one '\r\n' - since the // pointer we receive is at the end of the '\r\n\r\n' sequence, // we need to shrink by 2 bytes size_t header_size = (size_t) (eoh - (char *) m->data - 2); ret->head = PKI_MEM_new_data(header_size + 1, m->data); ret->head->data[header_size] = '\x0'; // If we can not parse the header - we have to return error if (PKI_ERR == __parse_http_header(ret)) goto err; // Let's get the pointer to the start of the body body = eoh + 1; // Checks for the content-length is in the header - if we have not found it, yet if (ret->method != PKI_HTTP_METHOD_GET && content_length < 0) { char *cnt_len_s = NULL; if ((cnt_len_s = PKI_HTTP_get_header(ret, "Content-Length" )) != NULL) { content_length = atoll(cnt_len_s); PKI_Free(cnt_len_s); // PKI_log_debug ( "HTTP Content-Length: %d bytes", content_length); } } } // End of if (!eoh) ... // Updates the start pointer for the next read operation idx += read; // Let's check if we need to expand the buffer if (max_size <= 0) { // We expand the mem if the buffer has less than 2K free if (free < 2048) { ssize_t ofs = 0; if(body) { ofs = (ssize_t)(body - (char *)m->data); if(ofs < 0) { PKI_log_debug ( "Invalid offset for HTTP body: Start: %p - Body: %p", m->data, body); PKI_ERROR(PKI_ERR_URI_READ, NULL); goto err; } } // Grow the memory for the HTTP message if(content_length > 0 && body && m->size < (size_t)(content_length + ofs)) { size_t len = ((size_t)(content_length + ofs) - m->size); if (PKI_MEM_grow(m, len + 1) == PKI_ERR) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); goto err; } free += (ssize_t)len; } else { if (PKI_MEM_grow(m, HTTP_BUF_SIZE) == PKI_ERR) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); goto err; } free += HTTP_BUF_SIZE; } // Let's update the pointer to the body if(body) body = (char *)m->data + ofs; } } // Let's check if we need to perform the next read or not if (eoh && ret->method == PKI_HTTP_METHOD_GET) { // We do not need to wait for any other read as GETs do not have // a full body break; } else if ((content_length >= 0) && (&m->data[size] - (unsigned char *)body >= content_length)) { // Here we have received the full body (since the size of the body corresponds or exceeds the // contents of the Content-Length: header line), therefore we can safely get out of the cycle break; } } /* End of for..loop */ // Here we should have both the eoh and the body - if not, there was // an error and we return the malformed request message if (!eoh) { // PKI_log_err ( "Read data (so far): %d bytes - Last read: %d bytes", idx, read); PKI_ERROR(PKI_ERR_URI_READ, NULL); goto err; } // Sets some HTTP specific data ret->location = PKI_HTTP_get_header ( ret, "Location" ); ret->type = PKI_HTTP_get_header ( ret, "Content-Type" ); if (ret->method != PKI_HTTP_METHOD_GET && content_length > 0 && body) { ssize_t body_start = (ssize_t)(body - (char *)m->data); ssize_t body_size = idx - body_start; if (body_start < 0 || body_size < 0) { PKI_log_err ( "Invalid offset for HTTP body - body_start: %d bytes - body_size: %d bytes", body_start, body_size); PKI_ERROR(PKI_ERR_URI_READ, NULL); goto err; } //Check if Content-Length > 0 but body_size is 0 if (body_size == 0) goto err; // Let's allocate the body for the HTTP message (if any) ret->body = PKI_MEM_new_data((size_t)body_size+1, (unsigned char *)body); if(ret->body == NULL) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); goto err; } ret->body->size = (size_t) body_size; } else { ret->body = PKI_MEM_new_null(); } // Let's free the buffer memory if (m) PKI_MEM_free(m); // Now we can return the HTTP message return ret; err: // First we free the return message if (ret) PKI_HTTP_free(ret); // We then free the buffer memory object if (m) PKI_MEM_free(m); return NULL; }
PKI_X509_OCSP_REQ * ocspd_req_get_socket ( int connfd, OCSPD_CONFIG *ocspd_conf) { PKI_X509_OCSP_REQ *req = NULL; PKI_X509_OCSP_REQ_VALUE *req_val = NULL; PKI_IO *mem = NULL; PKI_MEM *pathmem = NULL; PKI_MEM *b64mem = NULL; PKI_SOCKET sock; size_t maxsize = 0; maxsize = (size_t) ocspd_conf->max_req_size; PKI_HTTP *http_msg = NULL; if ( connfd <= 0 ) return NULL; // Initialize the sock structure sock.ssl = NULL; PKI_SOCKET_set_fd ( &sock, connfd ); http_msg = PKI_HTTP_get_message(&sock, (int) ocspd_conf->max_timeout_secs, maxsize); if (http_msg == NULL) { PKI_log_err ("Network Error while reading Request!"); return NULL; }; /* If method is METHOD_GET we shall de-urlify the buffer and get the right begin (keep in mind there might be a path set in the config */ if( http_msg->method == PKI_HTTP_METHOD_GET ) { char *req_pnt = NULL; if (http_msg->path == NULL) { PKI_log_err("Malformed GET request"); goto err; } req_pnt = http_msg->path; while(strchr(req_pnt, '/') != NULL) { req_pnt = strchr(req_pnt, '/') + 1; } pathmem = PKI_MEM_new_data(strlen(req_pnt), (unsigned char *) req_pnt); if (pathmem == NULL) { PKI_log_err("Memory Allocation Error!"); goto err; } if((b64mem = PKI_MEM_url_decode (pathmem, 0)) == NULL) { PKI_log_err("Memory Allocation Error!"); PKI_MEM_free(pathmem); pathmem = NULL; // Safety goto err; } if (PKI_MEM_B64_decode(b64mem, 76) == PKI_ERR ) { PKI_log_err ("Error decoding B64 Mem"); PKI_MEM_free ( b64mem ); b64mem = NULL; req_pnt = http_msg->path; while(req_pnt[0] == '/') { req_pnt=req_pnt + 1; } b64mem = PKI_MEM_new_data(strlen(req_pnt), (unsigned char *) req_pnt); if (b64mem == NULL) { PKI_log_err("Memory Allocation Error!"); goto err; } if (PKI_MEM_B64_decode(b64mem, 76) == PKI_ERR ) { PKI_log_err ("Error decoding B64 Mem"); PKI_MEM_free ( b64mem ); goto err; } } if((mem = BIO_new_mem_buf(b64mem->data, (int) b64mem->size )) == NULL) { PKI_log_err("Memory Allocation Error"); PKI_MEM_free ( b64mem ); goto err; } if((req_val = d2i_OCSP_REQ_bio(mem, NULL)) == NULL ) { PKI_log_err("Can not parse REQ"); } PKI_MEM_free ( b64mem ); BIO_free (mem); } else if ( http_msg->method == PKI_HTTP_METHOD_POST) { mem = BIO_new_mem_buf(http_msg->body->data, (int) http_msg->body->size); if (mem == NULL) { PKI_log_err( "Memory Allocation Error"); goto err; } else { if ((req_val = d2i_OCSP_REQ_bio(mem, NULL)) == NULL) { PKI_log_err("Can not parse REQ"); } BIO_free (mem); } } else { PKI_log_err ( "HTTP Method not supported"); goto err; } if ( !req_val ) goto err; req = PKI_X509_new_value(PKI_DATATYPE_X509_OCSP_REQ, req_val, NULL); if (req == NULL) { PKI_log_err ("Can not generate a new X509_OCSP_REQ"); goto err; } if ( http_msg ) PKI_HTTP_free ( http_msg ); return (req); err: if (http_msg) PKI_HTTP_free(http_msg); return NULL; }
PKI_MEM *PKI_X509_PKCS7_get_raw_data( PKI_X509_PKCS7 *p7 ) { unsigned char *data = NULL; ssize_t len = -1; int type = -1; PKI_X509_PKCS7_VALUE *p7val = NULL; PKI_MEM *ret = NULL; if( !p7 || !p7->value ) return ( NULL ); p7val = p7->value; type = PKI_X509_PKCS7_get_type ( p7 ); switch (type) { case PKI_X509_PKCS7_TYPE_DATA: data = p7val->d.data->data; len = p7val->d.data->length; break; case PKI_X509_PKCS7_TYPE_SIGNED: if (p7val->d.sign && p7val->d.sign->contents && p7val->d.sign->contents->d.data) { data = p7val->d.sign->contents->d.data->data; len = p7val->d.sign->contents->d.data->length; } break; case PKI_X509_PKCS7_TYPE_ENCRYPTED: if (p7val->d.enveloped && p7val->d.enveloped->enc_data && p7val->d.enveloped->enc_data->enc_data) { data = p7val->d.enveloped->enc_data->enc_data->data; len = p7val->d.enveloped->enc_data->enc_data->length; } break; case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: if (p7val->d.signed_and_enveloped && p7val->d.signed_and_enveloped->enc_data && p7val->d.signed_and_enveloped->enc_data->enc_data ) { data = p7val->d.signed_and_enveloped->enc_data->enc_data->data; len = p7val->d.signed_and_enveloped->enc_data->enc_data->length; } break; default: PKI_log_debug ("Unknown PKCS7 type"); return NULL; } if ((ret = PKI_MEM_new_null()) == NULL) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, NULL); return NULL; } if (PKI_MEM_add(ret, (char *) data, (size_t) len) == PKI_ERR) { PKI_ERROR(PKI_ERR_MEMORY_ALLOC, "Memory Failure (ret=%p, data=%p, len=%d)", ret, data, len ); PKI_MEM_free ( ret ); return NULL; } /* if((p7bio = PKCS7_dataInit(p7->value ,NULL)) != NULL ) { (void)BIO_flush(p7bio); ret = PKI_MEM_new_bio( p7bio, NULL ); BIO_free_all ( p7bio ); } else { PKI_log_debug("PKCS7::get_raw_data()::Can not get data [%s]", ERR_error_string(ERR_get_error(), NULL )); } */ return ( ret ); }
char *parse_url_put_query ( const URL * url, const PKI_MEM *data ) { char * ret = NULL; char * table = NULL; char * tmp_s = NULL; char * tmp_s2 = NULL; int where = 0; int add_and = 0; char col[1024]; char val[1024]; char tmp[1024]; // char buf[BUFF_MAX_SIZE]; PKI_MEM *buf = NULL; if( !url || !url->path ) return( NULL ); tmp_s = url->path; while((tmp_s2 = strchr(tmp_s, '/')) != NULL ) { tmp_s2++; tmp_s = tmp_s2; } if((table = parse_url_table ( url )) == NULL) { return (NULL); } if((buf = PKI_MEM_new_null()) == NULL ) { return ( NULL ); } sprintf( tmp, "INSERT INTO %s (%s) VALUES ('", table, url->attrs ); PKI_MEM_add( buf, tmp, strlen( tmp )); PKI_MEM_add( buf, (char *) data->data, data->size ); PKI_MEM_add( buf, "') ", 3); /* base=strlen(buf); for( i=0; i < data->size; i++ ) { sprintf(buf + base + i, "%c", data->data[i]); } sprintf(buf+base+i,"') "); */ where = 0; while( (sscanf(tmp_s, "(%[^)=]=\"%[^)\"]\")", col, val) > 1) || (sscanf(tmp_s, "(%[^)=]=%[^)])", col, val) > 1)) { if( where == 0 ) { /* It is actually an update, let's update! */ snprintf( tmp, sizeof( tmp ), "UPDATE %s SET %s='", table, url->attrs); if( buf ) PKI_MEM_free ( buf ); buf = PKI_MEM_new_null(); PKI_MEM_add( buf, tmp, strlen( tmp )); PKI_MEM_add( buf, (char *) data->data, data->size ); PKI_MEM_add( buf, "' WHERE ", 8); /* base=strlen(buf); for( i=0; i < data->size; i++ ) { sprintf(buf + base + i, "%c", data->data[i]); } sprintf(buf+base+i,"' WHERE "); */ /* Let's add the WHERE clause */ where = 1; } /* The tmp_s should point to the next token */ tmp_s += strlen(col) + strlen(val) + 3; /* Control if we need to add the AND in the SQL statement */ if( add_and == 1 ) { PKI_MEM_add( buf, " AND ", 5); } PKI_MEM_add( buf, col, strlen( col )); PKI_MEM_add( buf, "='", 2); PKI_MEM_add( buf, val, strlen( val )); PKI_MEM_add( buf, "' ", 2 ); /* strncat( buf, col, BUFF_MAX_SIZE - strlen(buf) ); strncat( buf, "='", BUFF_MAX_SIZE - strlen(buf) ); strncat( buf, val, BUFF_MAX_SIZE - strlen(buf) ); strncat( buf, "'", BUFF_MAX_SIZE - strlen(buf) ); */ /* This triggers the adding of AND on the next iteration */ add_and = 1; } PKI_Free (table); if( (ret = PKI_Malloc(buf->size) + 1) == NULL ) { if( buf ) PKI_MEM_free ( buf ); return( NULL ); } memcpy( ret, buf->data, buf->size ); PKI_MEM_free ( buf ); return( ret ); }
void PKI_MEM_free_void ( void *buf ) { PKI_MEM_free( (PKI_MEM *) buf); }
int PKI_X509_PKCS7_VALUE_print_bio ( PKI_IO *bio, PKI_X509_PKCS7_VALUE *p7val ) { int type; int i,j; int cert_num = -1; int crl_num = -1; int signers_num = -1; char *tmp_str = NULL; PKI_X509_PKCS7 *msg = NULL; PKCS7_SIGNER_INFO *si = NULL; PKI_X509_CERT *cert = NULL; PKI_DIGEST *digest = NULL; PKI_MEM *mem = NULL; if (!bio || !p7val ) return PKI_ERR; if (( msg = PKI_X509_new_dup_value ( PKI_DATATYPE_X509_PKCS7, p7val, NULL )) == NULL ) { return PKI_ERR; } type = PKI_X509_PKCS7_get_type ( msg ); BIO_printf( bio, "PKCS#7 Message:\r\n" ); BIO_printf( bio, " Message Type:\r\n " ); switch ( type ) { case PKI_X509_PKCS7_TYPE_ENCRYPTED: BIO_printf( bio, "Encrypted\r\n" ); break; case PKI_X509_PKCS7_TYPE_SIGNED: BIO_printf( bio, "Signed\r\n" ); break; case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: BIO_printf( bio, "Signed and Encrypted\r\n" ); break; default: BIO_printf( bio, "Unknown (%d)\r\n", type ); break; } BIO_printf( bio, " Message Data:\r\n"); if (( mem = PKI_X509_PKCS7_get_raw_data ( msg )) == NULL ) { BIO_printf( bio, " None.\r\n"); } else { int msg_type = 0; BIO_printf( bio, " Size=%u bytes\r\n", (unsigned int) mem->size ); msg_type = PKI_X509_PKCS7_get_type ( msg ); if ( msg_type == PKI_X509_PKCS7_TYPE_ENCRYPTED || msg_type == PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED){ BIO_printf( bio, " Encrypted=yes\r\n"); BIO_printf( bio, " Algorithm=%s\r\n", PKI_ALGOR_get_parsed ( PKI_X509_PKCS7_get_encode_alg ( msg ))); } else { BIO_printf( bio, " Encrypted=no\r\n"); } PKI_MEM_free ( mem ); } i = 0; if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL ) { BIO_printf(bio, " Signature Info:\r\n" ); BIO_printf(bio, " No Signature found.\r\n" ); } // Print the Signer Info BIO_printf( bio, " Signer Info:\r\n"); signers_num = PKI_X509_PKCS7_get_signers_num ( msg ); for ( i = 0; i < signers_num; i++ ) { PKCS7_ISSUER_AND_SERIAL *ias = NULL; BIO_printf ( bio, " [%d of %d] Signer Details:\r\n", i+1, signers_num ); if (( si = PKI_X509_PKCS7_get_signer_info ( msg, i )) == NULL ) break; if((ias = si->issuer_and_serial) == NULL ) { BIO_printf ( bio, " " "ERROR::Missing Info!\r\n"); } else { tmp_str = PKI_INTEGER_get_parsed ( ias->serial ); BIO_printf ( bio, " Serial=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_NAME_get_parsed ( ias->issuer ); BIO_printf ( bio, " Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); } if ( si->digest_enc_alg ) { BIO_printf( bio, " " "Encryption Algoritm=%s\r\n", PKI_ALGOR_get_parsed ( si->digest_enc_alg )); } if ( si->digest_alg ) { BIO_printf( bio, " Digest Algorithm=%s\r\n", PKI_ALGOR_get_parsed ( si->digest_alg )); } BIO_printf( bio, " Signed Attributes:\r\n"); if ( si->auth_attr ) { PKI_X509_ATTRIBUTE *a = NULL; int attr_num = 0; char * tmp_str = NULL; for ( attr_num = 0; attr_num < PKI_STACK_X509_ATTRIBUTE_elements ( si->auth_attr ); attr_num++ ) { a = PKI_STACK_X509_ATTRIBUTE_get_num ( si->auth_attr, attr_num ); if ( PKI_OID_get_id ( a->object ) == NID_pkcs9_messageDigest ) { tmp_str = PKI_X509_ATTRIBUTE_get_parsed ( a ); BIO_printf( bio, " " "Message Digest:"); for ( j=0; j < strlen(tmp_str); j++ ) { if ( ( j % 60 ) == 0 ) { BIO_printf (bio, "\r\n "); } BIO_printf(bio,"%c",tmp_str[j]); } BIO_printf( bio, "\r\n"); // PKI_Free ( tmp_str ); } else { BIO_printf( bio, " %s=", PKI_X509_ATTRIBUTE_get_descr ( a ) ); tmp_str= PKI_X509_ATTRIBUTE_get_parsed(a); BIO_printf( bio, "%s\r\n", tmp_str ); PKI_Free ( tmp_str ); } } } else { BIO_printf( bio, " None.\r\n"); } BIO_printf( bio," Non Signed Attributes:\r\n"); if ( si->unauth_attr ) { PKI_X509_ATTRIBUTE *a = NULL; int attr_num = 0; char * tmp_str = NULL; for ( attr_num = 0; attr_num < PKI_STACK_X509_ATTRIBUTE_elements ( si->auth_attr ); attr_num++ ) { a = PKI_STACK_X509_ATTRIBUTE_get_num ( si->auth_attr, attr_num ); BIO_printf( bio, " %s=", PKI_X509_ATTRIBUTE_get_descr ( a ) ); tmp_str = PKI_X509_ATTRIBUTE_get_parsed ( a ); BIO_printf( bio, "%s\r\n", tmp_str ); PKI_Free ( tmp_str ); } BIO_printf( bio, "\r\n"); } else { BIO_printf( bio, " None.\r\n"); } } BIO_printf( bio, "\r\n Recipients Info:\r\n"); if( PKI_X509_PKCS7_has_recipients ( msg ) == PKI_ERR ) { BIO_printf( bio, " No Recipients\r\n"); } else { int rec_num = 0; PKI_X509_CERT *rec = NULL; rec_num = PKI_X509_PKCS7_get_recipients_num ( msg ); for ( i=0; i < rec_num; i++ ) { rec = PKI_X509_PKCS7_get_recipient_cert ( msg, i ); if ( !rec ) { PKCS7_RECIP_INFO *ri = NULL; PKCS7_ISSUER_AND_SERIAL *ias = NULL; BIO_printf( bio, " " "[%d of %d] Recipient Details:\r\n", i+1, rec_num ); ri = PKI_X509_PKCS7_get_recipient_info ( msg,i); if (!ri) { BIO_printf(bio," <ERROR>"); continue; } if((ias = ri->issuer_and_serial) != NULL ) { tmp_str = PKI_INTEGER_get_parsed ( ias->serial ); BIO_printf( bio, " " "Serial=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_NAME_get_parsed ( ias->issuer ); BIO_printf( bio, " " "Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); BIO_printf( bio, " " "Key Encoding Algorithm=%s\r\n", PKI_ALGOR_get_parsed ( ri->key_enc_algor )); } } else { BIO_printf( bio, " " "[%d] Recipient Certificate:\r\n", i ); tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_SUBJECT ); BIO_printf( bio, " " "Subject=%s\r\n", tmp_str); PKI_Free ( tmp_str ); } } } /* Now Let's Check the CRLs */ BIO_printf(bio, "\r\n Certificates:\r\n"); if ((cert_num = PKI_X509_PKCS7_get_certs_num ( msg )) > 0 ) { PKI_X509_CERT * cert = NULL; for (i = 0; i < cert_num; i++ ) { BIO_printf( bio, " [%d of %d] Certificate:\r\n", i+1, cert_num); if((cert = PKI_X509_PKCS7_get_cert ( msg, i )) == NULL ) { BIO_printf( bio, " Error.\r\n"); continue; }; tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_SERIAL ); BIO_printf( bio, " Serial=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_ISSUER ); BIO_printf( bio, " Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CERT_get_parsed( cert, PKI_X509_DATA_SUBJECT ); BIO_printf( bio, " Subject=%s\r\n", tmp_str); PKI_Free ( tmp_str ); digest = PKI_X509_CERT_fingerprint( cert, PKI_DIGEST_ALG_DEFAULT ); tmp_str = PKI_DIGEST_get_parsed ( digest ); BIO_printf( bio, " Fingerprint [%s]:", PKI_DIGEST_ALG_get_parsed ( PKI_DIGEST_ALG_DEFAULT )); for ( j=0; j < strlen(tmp_str); j++ ) { if ( ( j % 60 ) == 0 ) { BIO_printf (bio,"\r\n "); } BIO_printf( bio, "%c", tmp_str[j] ); } BIO_printf( bio, "\r\n"); PKI_DIGEST_free ( digest ); PKI_Free ( tmp_str ); PKI_X509_CERT_free ( cert ); // X509_signature_print(bp, // br->signatureAlgorithm, br->signature); } } else { BIO_printf( bio, " None.\r\n"); } BIO_printf(bio, "\r\n Certificate Revocation Lists:\r\n"); if((crl_num = PKI_X509_PKCS7_get_crls_num ( msg )) > 0 ) { PKI_X509_CRL * crl = NULL; for ( i = 0; i < crl_num; i++ ) { BIO_printf( bio, " [%d of %d] CRL Details:\r\n", i+1, crl_num ); if(( crl = PKI_X509_PKCS7_get_crl ( msg, i )) == NULL ) { BIO_printf(bio," ERROR::Missing Data\r\n"); continue; } tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_VERSION); BIO_printf( bio, " Version=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); // tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_SERIAL); // BIO_printf( bio, " Serial=%s\r\n", tmp_str ); // PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl,PKI_X509_DATA_ISSUER); BIO_printf( bio, " Issuer=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl, PKI_X509_DATA_ALGORITHM); BIO_printf( bio, " Algorithm=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl, PKI_X509_DATA_NOTBEFORE); BIO_printf( bio, " Not Before=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); tmp_str = PKI_X509_CRL_get_parsed(crl, PKI_X509_DATA_NOTAFTER); BIO_printf( bio, " Not After=%s\r\n", tmp_str ); PKI_Free ( tmp_str ); PKI_X509_CRL_free ( crl ); } } else { BIO_printf( bio, " None.\r\n"); } BIO_printf(bio, "\r\n"); return PKI_OK; }
char *parse_url_query ( const URL * url ) { char * ret = NULL; char * table = NULL; char * tmp_s = NULL; char * tmp_s2 = NULL; int where = 0; int add_and = 0; char col[1024]; char val[1024]; char tmp[1024]; PKI_MEM *buf = NULL; if( !url || !url->path ) return( NULL ); tmp_s = url->path; while((tmp_s2 = strchr(tmp_s, '/')) != NULL ) { tmp_s2++; tmp_s = tmp_s2; } if((table = parse_url_table ( url )) == NULL) { return (NULL); } if((buf = PKI_MEM_new_null()) == NULL ) { return ( NULL ); } snprintf( tmp, sizeof( tmp ), "SELECT %s from %s ", url->attrs, table ); PKI_Free (table); PKI_MEM_add( buf, tmp, strlen( tmp )); where = 0; while( sscanf(tmp_s, "(%[^)=]=%[^)])", col, val) > 1 ) { if( where == 0 ) { /* Let's add the WHERE clause */ PKI_MEM_add(buf, "WHERE ", 6); where = 1; } /* The tmp_s should point to the next token */ tmp_s += strlen(col) + strlen(val) + 3; /* Control if we need to add the AND in the SQL statement */ if( add_and == 1 ) { PKI_MEM_add( buf, " AND ", 5); } PKI_MEM_add( buf, col, strlen( col )); PKI_MEM_add( buf, "='", 2); PKI_MEM_add( buf, val, strlen( val )); PKI_MEM_add( buf, "' ", 2); /* fprintf(stderr, "DEBUG:::PKI_MEM_BUF => "); for ( i=0; i< buf->size; i++ ) { fprintf( stderr, "%c", buf->data[i]); } fprintf( stderr, "\n"); */ /* strncat( buf, col, BUFF_MAX_SIZE - strlen(buf) ); strncat( buf, "='", BUFF_MAX_SIZE - strlen(buf) ); strncat( buf, val, BUFF_MAX_SIZE - strlen(buf) ); strncat( buf, "'", BUFF_MAX_SIZE - strlen(buf) ); */ /* This triggers the adding of AND on the next iteration */ add_and = 1; } if( (ret = PKI_Malloc (buf->size+1)) == NULL ) { PKI_MEM_free ( buf ); return( NULL ); } memcpy( ret, buf->data, buf->size ); // fprintf( stderr, "DEBUG:::QUERY => %s\n\n", ret ); /* strncpy( ret, buf, strlen( buf )); */ PKI_MEM_free ( buf ); return( ret ); }