/* Make sure we do the right thing. Add here if you convert ones in tree */
int
main(int argc, char **argv)
{
ASN1_INTEGER_free(NULL);
ASN1_OBJECT_free(NULL);
ASN1_OCTET_STRING_free(NULL);
BIO_free_all(NULL);
DIST_POINT_free(NULL);
EVP_PKEY_free(NULL);
GENERAL_NAME_free(NULL);
GENERAL_SUBTREE_free(NULL);
NAME_CONSTRAINTS_free(NULL);
sk_GENERAL_NAME_pop_free(NULL, GENERAL_NAME_free);
sk_X509_NAME_ENTRY_pop_free(NULL, X509_NAME_ENTRY_free);
X509_NAME_ENTRY_free(NULL);
printf("PASS\n");
return (0);
}
/*
* Given a X509_NAME object and a name identifier, set the corresponding
* attribute to the given string. Used by the setattr function.
*
* Arguments: name - The X509_NAME object
* nid - The name identifier
* value - The string to set
* Returns: 0 for success, -1 on failure
*/
static int
set_name_by_nid(X509_NAME *name, int nid, char *utf8string)
{
X509_NAME_ENTRY *ne;
int i, entry_count, temp_nid;
/* If there's an old entry for this NID, remove it */
entry_count = X509_NAME_entry_count(name);
for (i = 0; i < entry_count; i++)
{
ne = X509_NAME_get_entry(name, i);
temp_nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
if (temp_nid == nid)
{
ne = X509_NAME_delete_entry(name, i);
X509_NAME_ENTRY_free(ne);
break;
}
}
/* Add the new entry */
if (!X509_NAME_add_entry_by_NID(name, nid, MBSTRING_UTF8,
(unsigned char *)utf8string,
-1, -1, 0))
{
exception_from_error_queue(crypto_Error);
return -1;
}
return 0;
}
X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
{
X509_NAME_ENTRY *ret;
if ((ne == NULL) || (*ne == NULL))
{
if ((ret=X509_NAME_ENTRY_new()) == NULL)
return(NULL);
}
else
ret= *ne;
if (!X509_NAME_ENTRY_set_object(ret,obj))
goto err;
if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
goto err;
if ((ne != NULL) && (*ne == NULL)) *ne=ret;
return(ret);
err:
if ((ne == NULL) || (ret != *ne))
X509_NAME_ENTRY_free(ret);
return(NULL);
}
static void nassl_X509_NAME_ENTRY_dealloc(nassl_X509_NAME_ENTRY_Object *self)
{
if (self->x509NameEntry != NULL)
{
X509_NAME_ENTRY_free(self->x509NameEntry);
self->x509NameEntry = NULL;
}
self->ob_type->tp_free((PyObject*)self);
}
/*
* if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
* guy we are about to stomp on.
*/
int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
int set)
{
X509_NAME_ENTRY *new_name = NULL;
int n, i, inc;
STACK_OF(X509_NAME_ENTRY) *sk;
if (name == NULL)
return (0);
sk = name->entries;
n = sk_X509_NAME_ENTRY_num(sk);
if (loc > n)
loc = n;
else if (loc < 0)
loc = n;
name->modified = 1;
if (set == -1) {
if (loc == 0) {
set = 0;
inc = 1;
} else {
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
inc = 0;
}
} else { /* if (set >= 0) */
if (loc >= n) {
if (loc != 0)
set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
else
set = 0;
} else
set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
inc = (set == 0) ? 1 : 0;
}
if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
goto err;
new_name->set = set;
if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
goto err;
}
if (inc) {
n = sk_X509_NAME_ENTRY_num(sk);
for (i = loc + 1; i < n; i++)
sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
}
return (1);
err:
if (new_name != NULL)
X509_NAME_ENTRY_free(new_name);
return (0);
}
int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
const unsigned char *bytes, int len, int loc, int set)
{
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
if(!ne) return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
}
int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
unsigned char *bytes, int len, int loc, int set)
{
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
if(!ne) return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
}
int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
uint8_t *bytes, int len, int loc, int set)
{
X509_NAME_ENTRY *ne;
int ret;
ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
if (!ne)
return 0;
ret = X509_NAME_add_entry(name, ne, loc, set);
X509_NAME_ENTRY_free(ne);
return ret;
}
/***
get index by give asn1_object or nid
@function delete_entry
@tparam integer location which name entry to delete
@treturn[1] asn1_object object that delete name entry
@treturn[1] asn1_string value that delete name entry
@treturn[2] nil delete nothing
*/
static int openssl_xname_delete_entry(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
int loc = luaL_checkint(L, 2);
X509_NAME_ENTRY *xe = X509_NAME_delete_entry(xn, loc);
if (xe)
{
openssl_push_asn1object(L, X509_NAME_ENTRY_get_object(xe));
PUSH_ASN1_STRING(L, X509_NAME_ENTRY_get_data(xe));
X509_NAME_ENTRY_free(xe);
return 2;
}
else
lua_pushnil(L);
return 1;
};
static int
lws_tls_openssl_add_nid(X509_NAME *name, int nid, const char *value)
{
X509_NAME_ENTRY *e;
int n;
if (!value || value[0] == '\0')
value = "none";
e = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC,
(unsigned char *)value, -1);
if (!e)
return 1;
n = X509_NAME_add_entry(name, e, -1, 0);
X509_NAME_ENTRY_free(e);
return n != 1;
}
static int openssl_xname_delete_entry(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
int loc = luaL_checkint(L, 2);
X509_NAME_ENTRY *xe = X509_NAME_delete_entry(xn,loc);
if(xe)
{
ASN1_OBJECT *obj = OBJ_dup(xe->object);
ASN1_STRING *as = ASN1_STRING_dup(xe->value);
PUSH_OBJECT(obj,"openssl.asn1_object");
PUSH_OBJECT(as,"openssl.asn1_string");
X509_NAME_ENTRY_free(xe);
return 2;
}else
lua_pushnil(L);
return 1;
};
/*============================================================================
* OpcUa_P_OpenSSL_X509_Name_AddEntry
*===========================================================================*/
OpcUa_StatusCode OpcUa_P_OpenSSL_X509_Name_AddEntry(
X509_NAME** a_ppX509Name,
OpcUa_Crypto_NameEntry* a_pNameEntry)
{
X509_NAME_ENTRY* pEntry = OpcUa_Null;
OpcUa_Int nid;
OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "X509_Name_AddEntry");
OpcUa_ReturnErrorIfArgumentNull(a_pNameEntry);
if((nid = OBJ_txt2nid(a_pNameEntry->key)) == NID_undef)
{
uStatus = OpcUa_BadNotSupported;
OpcUa_GotoErrorIfBad(uStatus);
}
if(!(pEntry = X509_NAME_ENTRY_create_by_NID(OpcUa_Null, nid, MBSTRING_ASC, (unsigned char*)a_pNameEntry->value, -1)))
{
uStatus = OpcUa_Bad;
OpcUa_GotoErrorIfBad(uStatus);
}
if(X509_NAME_add_entry(*a_ppX509Name, pEntry,-1,0) != 1)
{
uStatus = OpcUa_Bad;
}
if(pEntry != OpcUa_Null)
{
X509_NAME_ENTRY_free(pEntry);
}
OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;
OpcUa_FinishErrorHandling;
}
X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length)
{
int set=0,i;
int idx=0;
unsigned char *orig;
M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
orig= *pp;
if (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
{
while (sk_X509_NAME_ENTRY_num(ret->entries) > 0)
X509_NAME_ENTRY_free(
sk_X509_NAME_ENTRY_pop(ret->entries));
}
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
for (;;)
{
if (M_ASN1_D2I_end_sequence()) break;
M_ASN1_D2I_get_set_type(X509_NAME_ENTRY,ret->entries,
d2i_X509_NAME_ENTRY,
X509_NAME_ENTRY_free);
for (; idx < sk_X509_NAME_ENTRY_num(ret->entries); idx++)
{
sk_X509_NAME_ENTRY_value(ret->entries,idx)->set=set;
}
set++;
}
i=(int)(c.p-orig);
if (!BUF_MEM_grow(ret->bytes,i)) goto err;
memcpy(ret->bytes->data,orig,i);
ret->bytes->length=i;
ret->modified=0;
M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
}
int32_t Httpsadd_DN_object( HX509Name_t *n,
char *text,
char *def,
char *value,
int32_t nid,
int32_t min,
int32_t max )
{
int32_t i, j, ret = 0;
HX509NameEntry_t *ne = NULL;
char buf[HTTPS_PARAMS_SUB_NAME_LEN];
if(!value)
{
Trace(HTTPS_ID, TRACE_SEVERE, "value is NULL\r\n");
return OF_FAILURE;
}
of_memset(buf, 0, HTTPS_PARAMS_SUB_NAME_LEN);
if ((value != NULL) &&
(strlen(value)))
{
strcpy(buf, value);
strcat(buf, "\n");
}
if (strlen(value) == 0)
{
return (1);
}
if (buf[0] == '\0')
{
return(0);
}
else if (buf[0] == '\n')
{
if ((def == NULL) ||
(def[0] == '\0'))
{
return(1);
}
strcpy(buf, def);
strcat(buf, "\n");
}
else if ((buf[0] == '.') &&
(buf[1] == '\n'))
{
return(1);
}
i = strlen(buf);
if (buf[i-1] != '\n')
{
Trace(HTTPS_ID, TRACE_SEVERE, "Weird input\n");
return(0);
}
buf[--i] = '\0';
j = ASN1_PRINTABLE_type((unsigned char *) buf, -1);
if (Httpsreq_fix_data(nid, &j, i, min, max) == 0)
{
goto err;
}
if ((ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, j, (unsigned char *) buf,
strlen(buf))) == NULL)
{
goto err;
}
if (!X509_NAME_add_entry(n, ne, X509_NAME_entry_count(n), 0))
{
goto err;
}
ret = 1;
err:
if (ne != NULL)
{
X509_NAME_ENTRY_free(ne);
}
return(ret);
} /* Httpsadd_DN_object() */
uint32 CRegProtocol::GenerateCertRequest(char *SubjName,
uchar **Cert,
uint32 *CertLength)
{
uint32 err; //= TU_ERROR_CRYPTO_FAILED;
X509_REQ *req;
X509_NAME *subj;
EVP_PKEY *pkey;
int nid;
X509_NAME_ENTRY *ent;
FILE *fp;
int fsize;
//First, get the private key
err = GetPrivateKey(SubjName, TU_KEY_ENC, &pkey);
if(TU_SUCCESS != err)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error getting private key\n"));
goto EXIT;
}
//Now create a new request object
if(!(req = X509_REQ_new()))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error creating new X509 Request\n"));
goto ERR_PKEY;
}
//assign the public key to the request
X509_REQ_set_pubkey (req, pkey);
//Subject name processing.
if(!(subj = X509_NAME_new()))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error creating new X509 Subject\n"));
goto ERR_REQ;
}
//First set the predefined subject fields
for (int i = 0; i < ENTRY_COUNT; i++)
{
if((nid = OBJ_txt2nid (entries[i].key)) == NID_undef)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error getting NID from text\n"));
X509_NAME_free(subj);
goto ERR_REQ;
}
if(!(ent = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC,
(uchar *)entries[i].value, -1)))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error creating name entry\n"));
X509_NAME_free(subj);
goto ERR_REQ;
}
if(X509_NAME_add_entry(subj, ent, -1, 0) != 1)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error adding name entry to subject\n"));
X509_NAME_ENTRY_free(ent);
X509_NAME_free(subj);
goto ERR_REQ;
}
}//for
//Next set the common name and description
if((nid = OBJ_txt2nid("commonName")) == NID_undef)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error getting NID from text\n"));
X509_NAME_free(subj);
goto ERR_REQ;
}
if(!(ent = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC,
(uchar *)SubjName, -1)))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error creating name entry\n"));
X509_NAME_free(subj);
goto ERR_REQ;
}
if(X509_NAME_add_entry(subj, ent, -1, 0) != 1)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error adding name entry to subject\n"));
X509_NAME_ENTRY_free(ent);
X509_NAME_free(subj);
goto ERR_REQ;
}
//Finally add the subject to the request
if(X509_REQ_set_subject_name (req, subj) != 1)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error setting subject in request\n"));
X509_NAME_free(subj);
goto ERR_REQ;
}
//Sign the request
if(!(X509_REQ_sign(req, pkey, EVP_sha1())))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error signing request\n"));
goto ERR_REQ;
}
//Now we need to serialize the request. So write it to a file and read it out
if(!(fp = fopen("protofile", "w")))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for writing\n"));
err = TU_ERROR_FILEOPEN;
goto ERR_REQ;
}
if(PEM_write_X509_REQ(fp, req) != 1)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error writing request to file\n"));
err = TU_ERROR_FILEWRITE;
fclose(fp);
goto ERR_REQ;
}
fclose(fp);
//now open it for reading in binary format
if(!(fp = fopen("protofile", "rb")))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for reading\n"));
err = TU_ERROR_FILEOPEN;
goto ERR_FILE;
}
//get the filesize
fseek(fp, 0, SEEK_END);
fsize = ftell(fp);
if(fsize == -1)
{
TUTRACE((TUTRACE_ERR, "Couldn't determine file size\n"));
err = TU_ERROR_FILEREAD;
goto ERR_FILE;
}
//Allocate memory
*Cert = (uchar *)malloc(fsize);
if(!*Cert)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory for cert buffer\n"));
err = TU_ERROR_OUT_OF_MEMORY;
goto ERR_FILE;
}
*CertLength = fsize;
rewind(fp);
fread(*Cert, 1, fsize, fp);
err = TU_SUCCESS;
ERR_FILE:
if(fp)
fclose(fp);
remove("protofile");
ERR_REQ:
X509_REQ_free(req);
ERR_PKEY:
EVP_PKEY_free(pkey);
EXIT:
return err;
}//GenerateCertRequest
X509_NAME * X509_NAME_create_from_txt(const char * n) {
// I'm sure there must be a function to do this in OpenSSL, but I'm
// darned if I can find it.
int idx = 0;
int j;
bool ok = true;
X509_NAME_ENTRY * entries[10];
int entCount = 0;
char * name = new char[strlen(n)];
char * value = new char[strlen(n)];
while (true) {
while (n[idx] == ' ' ||
n[idx] == '\t' ||
n[idx] == '\n' ||
n[idx] == '\r')
idx++;
if (n[idx] == 0)
break;
j = 0;
while (n[idx] != 0 && n[idx] != '=') {
name[j++] = n[idx++];
}
if (j == 0 || n[idx] == 0) {
ok = false;
break;
}
name[j] = '\0';
idx++;
// Now the value
j = 0;
while (n[idx] != 0 && n[idx] != '\n' && n[idx] != '\r') {
if (n[idx] == ',') {
// find out if this is a marker for end of RDN
int jdx = idx + 1;
while (n[jdx] != '\0' && n[jdx] != '=' && n[jdx] != ',')
++jdx;
if (n[jdx] != ',')
break;
}
value[j++] = n[idx++];
}
if (j == 0) {
ok = false;
break;
}
if (n[idx] != 0)
idx++;
value[j] = '\0';
X509_NAME_ENTRY * xne;
xne = X509_NAME_ENTRY_create_by_txt(NULL, name, MBSTRING_ASC, (unsigned char *) value, -1);
if (xne != NULL) {
entries[entCount++] = xne;
if (entCount == 10) {
ok = false;
break;
}
}
else {
ok = false;
break;
}
}
delete[] name;
delete[] value;
X509_NAME *ret = NULL;
int i;
if (ok) {
// Create the return value
ret = X509_NAME_new();
for (i = entCount - 1; i >= 0; --i) {
if (!X509_NAME_add_entry(ret, entries[i], -1, 0)) {
X509_NAME_free(ret);
ret = NULL;
break;
}
}
}
// Clean out the entries
for (i = 0; i < entCount; ++i) {
X509_NAME_ENTRY_free(entries[i]);
}
return ret;
}
/**
* Check if X509Cert issuer is same as provided issuer name by
* http://www.w3.org/TR/xmldsig-core/#dname-encrules which refers to
* http://www.ietf.org/rfc/rfc4514.txt
*
* String X.500 AttributeType
* CN commonName (2.5.4.3)
* L localityName (2.5.4.7)
* ST stateOrProvinceName (2.5.4.8)
* O organizationName (2.5.4.10)
* OU organizationalUnitName (2.5.4.11)
* C countryName (2.5.4.6)
* STREET streetAddress (2.5.4.9)
* DC domainComponent (0.9.2342.19200300.100.1.25)
* UID userId (0.9.2342.19200300.100.1.1)
*
* These attribute types are described in [RFC4519].
* Implementations MAY recognize other DN string representations.
* However, as there is no requirement that alternative DN string
* representations be recognized (and, if so, how), implementations
* SHOULD only generate DN strings in accordance with Section 2 of this document.
*
* @param issuer name
* @return 0 if equal, otherwise a number different from 0 is returned
* @throw IOException if error
*/
int digidoc::X509Cert::compareIssuerToString(const std::string &name) const throw(IOException)
{
size_t pos = 0, old = 0;
while(true)
{
pos = name.find(",", old);
if(pos == std::string::npos)
{
pos = name.size();
if(pos < old)
break;
}
else
{
if(name.compare(pos-1, 1, "\\") == 0)
continue;
}
std::string nameitem = name.substr(old, pos - old);
old = pos + 1;
if((pos = nameitem.find("=")) == std::string::npos ||
nameitem.compare(pos-1, 1, "\\") == 0)
continue;
std::string obj = nameitem.substr(0, pos);
if(obj.compare("CN") != 0 && obj.compare("commonName") != 0 &&
obj.compare("L") != 0 && obj.compare("localityName") != 0 &&
obj.compare("ST") != 0 && obj.compare("stateOrProvinceName") != 0 &&
obj.compare("O") != 0 && obj.compare("organizationName") != 0 &&
obj.compare("OU") != 0 && obj.compare("organizationalUnitName") != 0 &&
obj.compare("C" ) != 0 && obj.compare("countryName") != 0 &&
obj.compare("STREET") != 0 && obj.compare("streetAddress") != 0 &&
obj.compare("DC") != 0 && obj.compare("domainComponent") != 0 &&
obj.compare("UID") != 0 && obj.compare("userId") != 0)
continue;
X509_NAME_ENTRY *enta = X509_NAME_ENTRY_create_by_txt(0, obj.c_str(),
MBSTRING_UTF8, (unsigned char*)nameitem.substr(pos+1, pos-old).c_str(), -1);
if(!enta)
return -1;
ASN1_OBJECT *obja = X509_NAME_ENTRY_get_object(enta);
bool found = false;
for(int i = 0; i < X509_NAME_entry_count(getIssuerNameAsn1()); ++i)
{
X509_NAME_ENTRY *entb = X509_NAME_get_entry(getIssuerNameAsn1(), i);
ASN1_OBJECT *objb = X509_NAME_ENTRY_get_object(entb);
if(memcmp(obja->data, objb->data, obja->length) == 0 &&
memcmp(enta->value, entb->value, enta->size) == 0)
{
found = true;
break;
}
}
X509_NAME_ENTRY_free(enta);
if(!found)
return -1;
}
return 0;
}
