Symaptic: os/ossrv/ssl/tsrc/topenssl/src/spkac.c@bde4ae8d615e (annotated)

sl@0	1	/* apps/spkac.c */
sl@0	2
sl@0	3	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
sl@0	4	* project 1999. Based on an original idea by Massimiliano Pala
sl@0	5	* (madwolf@openca.org).
sl@0	6	*/
sl@0	7	/* ====================================================================
sl@0	8	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
sl@0	9	*
sl@0	10	* Redistribution and use in source and binary forms, with or without
sl@0	11	* modification, are permitted provided that the following conditions
sl@0	12	* are met:
sl@0	13	*
sl@0	14	* 1. Redistributions of source code must retain the above copyright
sl@0	15	* notice, this list of conditions and the following disclaimer.
sl@0	16	*
sl@0	17	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	18	* notice, this list of conditions and the following disclaimer in
sl@0	19	* the documentation and/or other materials provided with the
sl@0	20	* distribution.
sl@0	21	*
sl@0	22	* 3. All advertising materials mentioning features or use of this
sl@0	23	* software must display the following acknowledgment:
sl@0	24	* "This product includes software developed by the OpenSSL Project
sl@0	25	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
sl@0	26	*
sl@0	27	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	28	* endorse or promote products derived from this software without
sl@0	29	* prior written permission. For written permission, please contact
sl@0	30	* licensing@OpenSSL.org.
sl@0	31	*
sl@0	32	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	33	* nor may "OpenSSL" appear in their names without prior written
sl@0	34	* permission of the OpenSSL Project.
sl@0	35	*
sl@0	36	* 6. Redistributions of any form whatsoever must retain the following
sl@0	37	* acknowledgment:
sl@0	38	* "This product includes software developed by the OpenSSL Project
sl@0	39	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	42	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	44	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	45	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	46	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	47	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	48	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	49	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	50	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	51	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	52	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	53	* ====================================================================
sl@0	54	*
sl@0	55	* This product includes cryptographic software written by Eric Young
sl@0	56	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	57	* Hudson (tjh@cryptsoft.com).
sl@0	58	*
sl@0	59	*/
sl@0	60	#include <stdio.h>
sl@0	61	#include <stdlib.h>
sl@0	62	#include <string.h>
sl@0	63	#include <time.h>
sl@0	64	#include "apps.h"
sl@0	65	#include <openssl/bio.h>
sl@0	66	#include <openssl/conf.h>
sl@0	67	#include <openssl/err.h>
sl@0	68	#include <openssl/evp.h>
sl@0	69	#include <openssl/lhash.h>
sl@0	70	#include <openssl/x509.h>
sl@0	71	#include <openssl/pem.h>
sl@0	72
sl@0	73	#undef PROG
sl@0	74	#define PROG spkac_main
sl@0	75
sl@0	76	/* -in arg - input file - default stdin
sl@0	77	* -out arg - output file - default stdout
sl@0	78	*/
sl@0	79
sl@0	80
sl@0	81	int MAIN(int, char **);
sl@0	82
sl@0	83	int MAIN(int argc, char **argv)
sl@0	84	{
sl@0	85	ENGINE *e = NULL;
sl@0	86	int i,badops=0, ret = 1;
sl@0	87	BIO in = NULL,out = NULL;
sl@0	88	int verify=0,noout=0,pubkey=0;
sl@0	89	char infile = NULL,outfile = NULL,*prog;
sl@0	90	char passargin = NULL, passin = NULL;
sl@0	91	const char spkac = "SPKAC", spksect = "default";
sl@0	92	char *spkstr = NULL;
sl@0	93	char challenge = NULL, keyfile = NULL;
sl@0	94	CONF *conf = NULL;
sl@0	95	NETSCAPE_SPKI *spki = NULL;
sl@0	96	EVP_PKEY *pkey = NULL;
sl@0	97	#ifndef OPENSSL_NO_ENGINE
sl@0	98	char *engine=NULL;
sl@0	99	#endif
sl@0	100
sl@0	101	apps_startup();
sl@0	102
sl@0	103	if (!bio_err)
sl@0	104	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
sl@0	105
sl@0	106
sl@0	107	if (!load_config(bio_err, NULL))
sl@0	108	goto end;
sl@0	109
sl@0	110	prog=argv[0];
sl@0	111	argc--;
sl@0	112	argv++;
sl@0	113	while (argc >= 1)
sl@0	114	{
sl@0	115	if (strcmp(*argv,"-in") == 0)
sl@0	116	{
sl@0	117	if (--argc < 1) goto bad;
sl@0	118	infile= *(++argv);
sl@0	119	}
sl@0	120	else if (strcmp(*argv,"-out") == 0)
sl@0	121	{
sl@0	122	if (--argc < 1) goto bad;
sl@0	123	outfile= *(++argv);
sl@0	124	}
sl@0	125	else if (strcmp(*argv,"-passin") == 0)
sl@0	126	{
sl@0	127	if (--argc < 1) goto bad;
sl@0	128	passargin= *(++argv);
sl@0	129	}
sl@0	130	else if (strcmp(*argv,"-key") == 0)
sl@0	131	{
sl@0	132	if (--argc < 1) goto bad;
sl@0	133	keyfile= *(++argv);
sl@0	134	}
sl@0	135	else if (strcmp(*argv,"-challenge") == 0)
sl@0	136	{
sl@0	137	if (--argc < 1) goto bad;
sl@0	138	challenge= *(++argv);
sl@0	139	}
sl@0	140	else if (strcmp(*argv,"-spkac") == 0)
sl@0	141	{
sl@0	142	if (--argc < 1) goto bad;
sl@0	143	spkac= *(++argv);
sl@0	144	}
sl@0	145	else if (strcmp(*argv,"-spksect") == 0)
sl@0	146	{
sl@0	147	if (--argc < 1) goto bad;
sl@0	148	spksect= *(++argv);
sl@0	149	}
sl@0	150	#ifndef OPENSSL_NO_ENGINE
sl@0	151	else if (strcmp(*argv,"-engine") == 0)
sl@0	152	{
sl@0	153	if (--argc < 1) goto bad;
sl@0	154	engine= *(++argv);
sl@0	155	}
sl@0	156	#endif
sl@0	157	else if (strcmp(*argv,"-noout") == 0)
sl@0	158	noout=1;
sl@0	159	else if (strcmp(*argv,"-pubkey") == 0)
sl@0	160	pubkey=1;
sl@0	161	else if (strcmp(*argv,"-verify") == 0)
sl@0	162	verify=1;
sl@0	163	else badops = 1;
sl@0	164	argc--;
sl@0	165	argv++;
sl@0	166	}
sl@0	167
sl@0	168	if (badops)
sl@0	169	{
sl@0	170	bad:
sl@0	171	BIO_printf(bio_err,"%s [options]\n",prog);
sl@0	172	BIO_printf(bio_err,"where options are\n");
sl@0	173	BIO_printf(bio_err," -in arg input file\n");
sl@0	174	BIO_printf(bio_err," -out arg output file\n");
sl@0	175	BIO_printf(bio_err," -key arg create SPKAC using private key\n");
sl@0	176	BIO_printf(bio_err," -passin arg input file pass phrase source\n");
sl@0	177	BIO_printf(bio_err," -challenge arg challenge string\n");
sl@0	178	BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
sl@0	179	BIO_printf(bio_err," -noout don't print SPKAC\n");
sl@0	180	BIO_printf(bio_err," -pubkey output public key\n");
sl@0	181	BIO_printf(bio_err," -verify verify SPKAC signature\n");
sl@0	182	#ifndef OPENSSL_NO_ENGINE
sl@0	183	BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
sl@0	184	#endif
sl@0	185	goto end;
sl@0	186	}
sl@0	187
sl@0	188	ERR_load_crypto_strings();
sl@0	189	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
sl@0	190	BIO_printf(bio_err, "Error getting password\n");
sl@0	191	goto end;
sl@0	192	}
sl@0	193
sl@0	194	#ifndef OPENSSL_NO_ENGINE
sl@0	195	e = setup_engine(bio_err, engine, 0);
sl@0	196	#endif
sl@0	197
sl@0	198	if(keyfile) {
sl@0	199	pkey = load_key(bio_err,
sl@0	200	strcmp(keyfile, "-") ? keyfile : NULL,
sl@0	201	FORMAT_PEM, 1, passin, e, "private key");
sl@0	202	if(!pkey) {
sl@0	203	goto end;
sl@0	204	}
sl@0	205	spki = NETSCAPE_SPKI_new();
sl@0	206	if(challenge) ASN1_STRING_set(spki->spkac->challenge,
sl@0	207	challenge, (int)strlen(challenge));
sl@0	208	NETSCAPE_SPKI_set_pubkey(spki, pkey);
sl@0	209	NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
sl@0	210	spkstr = NETSCAPE_SPKI_b64_encode(spki);
sl@0	211
sl@0	212	if (outfile) out = BIO_new_file(outfile, "w");
sl@0	213	else {
sl@0	214	out = BIO_new_fp(stdout, BIO_NOCLOSE);
sl@0	215	#ifdef OPENSSL_SYS_VMS
sl@0	216	{
sl@0	217	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
sl@0	218	out = BIO_push(tmpbio, out);
sl@0	219	}
sl@0	220	#endif
sl@0	221	}
sl@0	222
sl@0	223	if(!out) {
sl@0	224	BIO_printf(bio_err, "Error opening output file\n");
sl@0	225	ERR_print_errors(bio_err);
sl@0	226	goto end;
sl@0	227	}
sl@0	228	BIO_printf(out, "SPKAC=%s\n", spkstr);
sl@0	229	OPENSSL_free(spkstr);
sl@0	230	ret = 0;
sl@0	231	goto end;
sl@0	232	}
sl@0	233
sl@0	234
sl@0	235
sl@0	236	if (infile) in = BIO_new_file(infile, "r");
sl@0	237	else in = BIO_new_fp(stdin, BIO_NOCLOSE);
sl@0	238
sl@0	239	if(!in) {
sl@0	240	BIO_printf(bio_err, "Error opening input file\n");
sl@0	241	ERR_print_errors(bio_err);
sl@0	242	goto end;
sl@0	243	}
sl@0	244
sl@0	245	conf = NCONF_new(NULL);
sl@0	246	i = NCONF_load_bio(conf, in, NULL);
sl@0	247
sl@0	248	if(!i) {
sl@0	249	BIO_printf(bio_err, "Error parsing config file\n");
sl@0	250	ERR_print_errors(bio_err);
sl@0	251	goto end;
sl@0	252	}
sl@0	253
sl@0	254	spkstr = NCONF_get_string(conf, spksect, spkac);
sl@0	255
sl@0	256	if(!spkstr) {
sl@0	257	BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
sl@0	258	ERR_print_errors(bio_err);
sl@0	259	goto end;
sl@0	260	}
sl@0	261
sl@0	262	spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
sl@0	263
sl@0	264	if(!spki) {
sl@0	265	BIO_printf(bio_err, "Error loading SPKAC\n");
sl@0	266	ERR_print_errors(bio_err);
sl@0	267	goto end;
sl@0	268	}
sl@0	269
sl@0	270	if (outfile) out = BIO_new_file(outfile, "w");
sl@0	271	else {
sl@0	272	out = BIO_new_fp(stdout, BIO_NOCLOSE);
sl@0	273	#ifdef OPENSSL_SYS_VMS
sl@0	274	{
sl@0	275	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
sl@0	276	out = BIO_push(tmpbio, out);
sl@0	277	}
sl@0	278	#endif
sl@0	279	}
sl@0	280
sl@0	281	if(!out) {
sl@0	282	BIO_printf(bio_err, "Error opening output file\n");
sl@0	283	ERR_print_errors(bio_err);
sl@0	284	goto end;
sl@0	285	}
sl@0	286
sl@0	287	if(!noout) NETSCAPE_SPKI_print(out, spki);
sl@0	288	pkey = NETSCAPE_SPKI_get_pubkey(spki);
sl@0	289	if(verify) {
sl@0	290	i = NETSCAPE_SPKI_verify(spki, pkey);
sl@0	291	if(i) BIO_printf(bio_err, "Signature OK\n");
sl@0	292	else {
sl@0	293	BIO_printf(bio_err, "Signature Failure\n");
sl@0	294	ERR_print_errors(bio_err);
sl@0	295	goto end;
sl@0	296	}
sl@0	297	}
sl@0	298	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
sl@0	299
sl@0	300	ret = 0;
sl@0	301
sl@0	302	end:
sl@0	303	NCONF_free(conf);
sl@0	304	NETSCAPE_SPKI_free(spki);
sl@0	305	BIO_free(in);
sl@0	306	BIO_free_all(out);
sl@0	307	EVP_PKEY_free(pkey);
sl@0	308	if(passin) OPENSSL_free(passin);
sl@0	309	apps_shutdown();
sl@0	310	OPENSSL_EXIT(ret);
sl@0	311	}

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--