/* Make sure we do the right thing. Add here if you convert ones in tree */ int main(int argc, char **argv) { ASN1_INTEGER_free(NULL); ASN1_OBJECT_free(NULL); ASN1_OCTET_STRING_free(NULL); BIO_free_all(NULL); DIST_POINT_free(NULL); EVP_PKEY_free(NULL); GENERAL_NAME_free(NULL); GENERAL_SUBTREE_free(NULL); NAME_CONSTRAINTS_free(NULL); sk_GENERAL_NAME_pop_free(NULL, GENERAL_NAME_free); sk_X509_NAME_ENTRY_pop_free(NULL, X509_NAME_ENTRY_free); X509_NAME_ENTRY_free(NULL); printf("PASS\n"); return (0); }
/* * Given a X509_NAME object and a name identifier, set the corresponding * attribute to the given string. Used by the setattr function. * * Arguments: name - The X509_NAME object * nid - The name identifier * value - The string to set * Returns: 0 for success, -1 on failure */ static int set_name_by_nid(X509_NAME *name, int nid, char *utf8string) { X509_NAME_ENTRY *ne; int i, entry_count, temp_nid; /* If there's an old entry for this NID, remove it */ entry_count = X509_NAME_entry_count(name); for (i = 0; i < entry_count; i++) { ne = X509_NAME_get_entry(name, i); temp_nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne)); if (temp_nid == nid) { ne = X509_NAME_delete_entry(name, i); X509_NAME_ENTRY_free(ne); break; } } /* Add the new entry */ if (!X509_NAME_add_entry_by_NID(name, nid, MBSTRING_UTF8, (unsigned char *)utf8string, -1, -1, 0)) { exception_from_error_queue(crypto_Error); return -1; } return 0; }
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) { X509_NAME_ENTRY *ret; if ((ne == NULL) || (*ne == NULL)) { if ((ret=X509_NAME_ENTRY_new()) == NULL) return(NULL); } else ret= *ne; if (!X509_NAME_ENTRY_set_object(ret,obj)) goto err; if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) goto err; if ((ne != NULL) && (*ne == NULL)) *ne=ret; return(ret); err: if ((ne == NULL) || (ret != *ne)) X509_NAME_ENTRY_free(ret); return(NULL); }
static void nassl_X509_NAME_ENTRY_dealloc(nassl_X509_NAME_ENTRY_Object *self) { if (self->x509NameEntry != NULL) { X509_NAME_ENTRY_free(self->x509NameEntry); self->x509NameEntry = NULL; } self->ob_type->tp_free((PyObject*)self); }
/* * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the * guy we are about to stomp on. */ int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, int set) { X509_NAME_ENTRY *new_name = NULL; int n, i, inc; STACK_OF(X509_NAME_ENTRY) *sk; if (name == NULL) return (0); sk = name->entries; n = sk_X509_NAME_ENTRY_num(sk); if (loc > n) loc = n; else if (loc < 0) loc = n; name->modified = 1; if (set == -1) { if (loc == 0) { set = 0; inc = 1; } else { set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; inc = 0; } } else { /* if (set >= 0) */ if (loc >= n) { if (loc != 0) set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1; else set = 0; } else set = sk_X509_NAME_ENTRY_value(sk, loc)->set; inc = (set == 0) ? 1 : 0; } if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) goto err; new_name->set = set; if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE); goto err; } if (inc) { n = sk_X509_NAME_ENTRY_num(sk); for (i = loc + 1; i < n; i++) sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; } return (1); err: if (new_name != NULL) X509_NAME_ENTRY_free(new_name); return (0); }
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); if(!ne) return 0; ret = X509_NAME_add_entry(name, ne, loc, set); X509_NAME_ENTRY_free(ne); return ret; }
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); if(!ne) return 0; ret = X509_NAME_add_entry(name, ne, loc, set); X509_NAME_ENTRY_free(ne); return ret; }
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, uint8_t *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); if (!ne) return 0; ret = X509_NAME_add_entry(name, ne, loc, set); X509_NAME_ENTRY_free(ne); return ret; }
/*** get index by give asn1_object or nid @function delete_entry @tparam integer location which name entry to delete @treturn[1] asn1_object object that delete name entry @treturn[1] asn1_string value that delete name entry @treturn[2] nil delete nothing */ static int openssl_xname_delete_entry(lua_State*L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); int loc = luaL_checkint(L, 2); X509_NAME_ENTRY *xe = X509_NAME_delete_entry(xn, loc); if (xe) { openssl_push_asn1object(L, X509_NAME_ENTRY_get_object(xe)); PUSH_ASN1_STRING(L, X509_NAME_ENTRY_get_data(xe)); X509_NAME_ENTRY_free(xe); return 2; } else lua_pushnil(L); return 1; };
static int lws_tls_openssl_add_nid(X509_NAME *name, int nid, const char *value) { X509_NAME_ENTRY *e; int n; if (!value || value[0] == '\0') value = "none"; e = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, (unsigned char *)value, -1); if (!e) return 1; n = X509_NAME_add_entry(name, e, -1, 0); X509_NAME_ENTRY_free(e); return n != 1; }
static int openssl_xname_delete_entry(lua_State*L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); int loc = luaL_checkint(L, 2); X509_NAME_ENTRY *xe = X509_NAME_delete_entry(xn,loc); if(xe) { ASN1_OBJECT *obj = OBJ_dup(xe->object); ASN1_STRING *as = ASN1_STRING_dup(xe->value); PUSH_OBJECT(obj,"openssl.asn1_object"); PUSH_OBJECT(as,"openssl.asn1_string"); X509_NAME_ENTRY_free(xe); return 2; }else lua_pushnil(L); return 1; };
/*============================================================================ * OpcUa_P_OpenSSL_X509_Name_AddEntry *===========================================================================*/ OpcUa_StatusCode OpcUa_P_OpenSSL_X509_Name_AddEntry( X509_NAME** a_ppX509Name, OpcUa_Crypto_NameEntry* a_pNameEntry) { X509_NAME_ENTRY* pEntry = OpcUa_Null; OpcUa_Int nid; OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "X509_Name_AddEntry"); OpcUa_ReturnErrorIfArgumentNull(a_pNameEntry); if((nid = OBJ_txt2nid(a_pNameEntry->key)) == NID_undef) { uStatus = OpcUa_BadNotSupported; OpcUa_GotoErrorIfBad(uStatus); } if(!(pEntry = X509_NAME_ENTRY_create_by_NID(OpcUa_Null, nid, MBSTRING_ASC, (unsigned char*)a_pNameEntry->value, -1))) { uStatus = OpcUa_Bad; OpcUa_GotoErrorIfBad(uStatus); } if(X509_NAME_add_entry(*a_ppX509Name, pEntry,-1,0) != 1) { uStatus = OpcUa_Bad; } if(pEntry != OpcUa_Null) { X509_NAME_ENTRY_free(pEntry); } OpcUa_ReturnStatusCode; OpcUa_BeginErrorHandling; OpcUa_FinishErrorHandling; }
X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length) { int set=0,i; int idx=0; unsigned char *orig; M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new); orig= *pp; if (sk_X509_NAME_ENTRY_num(ret->entries) > 0) { while (sk_X509_NAME_ENTRY_num(ret->entries) > 0) X509_NAME_ENTRY_free( sk_X509_NAME_ENTRY_pop(ret->entries)); } M_ASN1_D2I_Init(); M_ASN1_D2I_start_sequence(); for (;;) { if (M_ASN1_D2I_end_sequence()) break; M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries, d2i_X509_NAME_ENTRY, X509_NAME_ENTRY_free); for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++) { sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set; } set++; } i=(int)(c.p-orig); if (!BUF_MEM_grow(ret->bytes,i)) goto err; memcpy(ret->bytes->data,orig,i); ret->bytes->length=i; ret->modified=0; M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME); }
int32_t Httpsadd_DN_object( HX509Name_t *n, char *text, char *def, char *value, int32_t nid, int32_t min, int32_t max ) { int32_t i, j, ret = 0; HX509NameEntry_t *ne = NULL; char buf[HTTPS_PARAMS_SUB_NAME_LEN]; if(!value) { Trace(HTTPS_ID, TRACE_SEVERE, "value is NULL\r\n"); return OF_FAILURE; } of_memset(buf, 0, HTTPS_PARAMS_SUB_NAME_LEN); if ((value != NULL) && (strlen(value))) { strcpy(buf, value); strcat(buf, "\n"); } if (strlen(value) == 0) { return (1); } if (buf[0] == '\0') { return(0); } else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) { return(1); } strcpy(buf, def); strcat(buf, "\n"); } else if ((buf[0] == '.') && (buf[1] == '\n')) { return(1); } i = strlen(buf); if (buf[i-1] != '\n') { Trace(HTTPS_ID, TRACE_SEVERE, "Weird input\n"); return(0); } buf[--i] = '\0'; j = ASN1_PRINTABLE_type((unsigned char *) buf, -1); if (Httpsreq_fix_data(nid, &j, i, min, max) == 0) { goto err; } if ((ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, j, (unsigned char *) buf, strlen(buf))) == NULL) { goto err; } if (!X509_NAME_add_entry(n, ne, X509_NAME_entry_count(n), 0)) { goto err; } ret = 1; err: if (ne != NULL) { X509_NAME_ENTRY_free(ne); } return(ret); } /* Httpsadd_DN_object() */
uint32 CRegProtocol::GenerateCertRequest(char *SubjName, uchar **Cert, uint32 *CertLength) { uint32 err; //= TU_ERROR_CRYPTO_FAILED; X509_REQ *req; X509_NAME *subj; EVP_PKEY *pkey; int nid; X509_NAME_ENTRY *ent; FILE *fp; int fsize; //First, get the private key err = GetPrivateKey(SubjName, TU_KEY_ENC, &pkey); if(TU_SUCCESS != err) { TUTRACE((TUTRACE_ERR, "PROTO: Error getting private key\n")); goto EXIT; } //Now create a new request object if(!(req = X509_REQ_new())) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating new X509 Request\n")); goto ERR_PKEY; } //assign the public key to the request X509_REQ_set_pubkey (req, pkey); //Subject name processing. if(!(subj = X509_NAME_new())) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating new X509 Subject\n")); goto ERR_REQ; } //First set the predefined subject fields for (int i = 0; i < ENTRY_COUNT; i++) { if((nid = OBJ_txt2nid (entries[i].key)) == NID_undef) { TUTRACE((TUTRACE_ERR, "PROTO: Error getting NID from text\n")); X509_NAME_free(subj); goto ERR_REQ; } if(!(ent = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, (uchar *)entries[i].value, -1))) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating name entry\n")); X509_NAME_free(subj); goto ERR_REQ; } if(X509_NAME_add_entry(subj, ent, -1, 0) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error adding name entry to subject\n")); X509_NAME_ENTRY_free(ent); X509_NAME_free(subj); goto ERR_REQ; } }//for //Next set the common name and description if((nid = OBJ_txt2nid("commonName")) == NID_undef) { TUTRACE((TUTRACE_ERR, "PROTO: Error getting NID from text\n")); X509_NAME_free(subj); goto ERR_REQ; } if(!(ent = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, (uchar *)SubjName, -1))) { TUTRACE((TUTRACE_ERR, "PROTO: Error creating name entry\n")); X509_NAME_free(subj); goto ERR_REQ; } if(X509_NAME_add_entry(subj, ent, -1, 0) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error adding name entry to subject\n")); X509_NAME_ENTRY_free(ent); X509_NAME_free(subj); goto ERR_REQ; } //Finally add the subject to the request if(X509_REQ_set_subject_name (req, subj) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error setting subject in request\n")); X509_NAME_free(subj); goto ERR_REQ; } //Sign the request if(!(X509_REQ_sign(req, pkey, EVP_sha1()))) { TUTRACE((TUTRACE_ERR, "PROTO: Error signing request\n")); goto ERR_REQ; } //Now we need to serialize the request. So write it to a file and read it out if(!(fp = fopen("protofile", "w"))) { TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for writing\n")); err = TU_ERROR_FILEOPEN; goto ERR_REQ; } if(PEM_write_X509_REQ(fp, req) != 1) { TUTRACE((TUTRACE_ERR, "PROTO: Error writing request to file\n")); err = TU_ERROR_FILEWRITE; fclose(fp); goto ERR_REQ; } fclose(fp); //now open it for reading in binary format if(!(fp = fopen("protofile", "rb"))) { TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for reading\n")); err = TU_ERROR_FILEOPEN; goto ERR_FILE; } //get the filesize fseek(fp, 0, SEEK_END); fsize = ftell(fp); if(fsize == -1) { TUTRACE((TUTRACE_ERR, "Couldn't determine file size\n")); err = TU_ERROR_FILEREAD; goto ERR_FILE; } //Allocate memory *Cert = (uchar *)malloc(fsize); if(!*Cert) { TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory for cert buffer\n")); err = TU_ERROR_OUT_OF_MEMORY; goto ERR_FILE; } *CertLength = fsize; rewind(fp); fread(*Cert, 1, fsize, fp); err = TU_SUCCESS; ERR_FILE: if(fp) fclose(fp); remove("protofile"); ERR_REQ: X509_REQ_free(req); ERR_PKEY: EVP_PKEY_free(pkey); EXIT: return err; }//GenerateCertRequest
X509_NAME * X509_NAME_create_from_txt(const char * n) { // I'm sure there must be a function to do this in OpenSSL, but I'm // darned if I can find it. int idx = 0; int j; bool ok = true; X509_NAME_ENTRY * entries[10]; int entCount = 0; char * name = new char[strlen(n)]; char * value = new char[strlen(n)]; while (true) { while (n[idx] == ' ' || n[idx] == '\t' || n[idx] == '\n' || n[idx] == '\r') idx++; if (n[idx] == 0) break; j = 0; while (n[idx] != 0 && n[idx] != '=') { name[j++] = n[idx++]; } if (j == 0 || n[idx] == 0) { ok = false; break; } name[j] = '\0'; idx++; // Now the value j = 0; while (n[idx] != 0 && n[idx] != '\n' && n[idx] != '\r') { if (n[idx] == ',') { // find out if this is a marker for end of RDN int jdx = idx + 1; while (n[jdx] != '\0' && n[jdx] != '=' && n[jdx] != ',') ++jdx; if (n[jdx] != ',') break; } value[j++] = n[idx++]; } if (j == 0) { ok = false; break; } if (n[idx] != 0) idx++; value[j] = '\0'; X509_NAME_ENTRY * xne; xne = X509_NAME_ENTRY_create_by_txt(NULL, name, MBSTRING_ASC, (unsigned char *) value, -1); if (xne != NULL) { entries[entCount++] = xne; if (entCount == 10) { ok = false; break; } } else { ok = false; break; } } delete[] name; delete[] value; X509_NAME *ret = NULL; int i; if (ok) { // Create the return value ret = X509_NAME_new(); for (i = entCount - 1; i >= 0; --i) { if (!X509_NAME_add_entry(ret, entries[i], -1, 0)) { X509_NAME_free(ret); ret = NULL; break; } } } // Clean out the entries for (i = 0; i < entCount; ++i) { X509_NAME_ENTRY_free(entries[i]); } return ret; }
/** * Check if X509Cert issuer is same as provided issuer name by * http://www.w3.org/TR/xmldsig-core/#dname-encrules which refers to * http://www.ietf.org/rfc/rfc4514.txt * * String X.500 AttributeType * CN commonName (2.5.4.3) * L localityName (2.5.4.7) * ST stateOrProvinceName (2.5.4.8) * O organizationName (2.5.4.10) * OU organizationalUnitName (2.5.4.11) * C countryName (2.5.4.6) * STREET streetAddress (2.5.4.9) * DC domainComponent (0.9.2342.19200300.100.1.25) * UID userId (0.9.2342.19200300.100.1.1) * * These attribute types are described in [RFC4519]. * Implementations MAY recognize other DN string representations. * However, as there is no requirement that alternative DN string * representations be recognized (and, if so, how), implementations * SHOULD only generate DN strings in accordance with Section 2 of this document. * * @param issuer name * @return 0 if equal, otherwise a number different from 0 is returned * @throw IOException if error */ int digidoc::X509Cert::compareIssuerToString(const std::string &name) const throw(IOException) { size_t pos = 0, old = 0; while(true) { pos = name.find(",", old); if(pos == std::string::npos) { pos = name.size(); if(pos < old) break; } else { if(name.compare(pos-1, 1, "\\") == 0) continue; } std::string nameitem = name.substr(old, pos - old); old = pos + 1; if((pos = nameitem.find("=")) == std::string::npos || nameitem.compare(pos-1, 1, "\\") == 0) continue; std::string obj = nameitem.substr(0, pos); if(obj.compare("CN") != 0 && obj.compare("commonName") != 0 && obj.compare("L") != 0 && obj.compare("localityName") != 0 && obj.compare("ST") != 0 && obj.compare("stateOrProvinceName") != 0 && obj.compare("O") != 0 && obj.compare("organizationName") != 0 && obj.compare("OU") != 0 && obj.compare("organizationalUnitName") != 0 && obj.compare("C" ) != 0 && obj.compare("countryName") != 0 && obj.compare("STREET") != 0 && obj.compare("streetAddress") != 0 && obj.compare("DC") != 0 && obj.compare("domainComponent") != 0 && obj.compare("UID") != 0 && obj.compare("userId") != 0) continue; X509_NAME_ENTRY *enta = X509_NAME_ENTRY_create_by_txt(0, obj.c_str(), MBSTRING_UTF8, (unsigned char*)nameitem.substr(pos+1, pos-old).c_str(), -1); if(!enta) return -1; ASN1_OBJECT *obja = X509_NAME_ENTRY_get_object(enta); bool found = false; for(int i = 0; i < X509_NAME_entry_count(getIssuerNameAsn1()); ++i) { X509_NAME_ENTRY *entb = X509_NAME_get_entry(getIssuerNameAsn1(), i); ASN1_OBJECT *objb = X509_NAME_ENTRY_get_object(entb); if(memcmp(obja->data, objb->data, obja->length) == 0 && memcmp(enta->value, entb->value, enta->size) == 0) { found = true; break; } } X509_NAME_ENTRY_free(enta); if(!found) return -1; } return 0; }