Annotation of src/usr.bin/gzsig/x509.c, Revision 1.2
1.2 ! marius 1: /* $OpenBSD: x509.c,v 1.1.1.1 2005/05/28 01:57:30 marius Exp $ */
1.1 marius 2:
3: /*
4: * x509.c
5: *
6: * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
7: * Copyright (c) 2001 Arbor Networks, Inc.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: *
13: * 1. Redistributions of source code must retain the above copyright
14: * notice, this list of conditions and the following disclaimer.
15: * 2. Redistributions in binary form must reproduce the above copyright
16: * notice, this list of conditions and the following disclaimer in the
17: * documentation and/or other materials provided with the distribution.
18: * 3. The names of the copyright holders may not be used to endorse or
19: * promote products derived from this software without specific
20: * prior written permission.
21: *
22: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24: * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
25: * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
28: * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29: * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32: *
1.2 ! marius 33: * $Vendor: x509.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
1.1 marius 34: */
35:
36: #include <sys/types.h>
37: #include <sys/uio.h>
38:
39: #include <openssl/ssl.h>
40:
41: #include <stdio.h>
42: #include <string.h>
43: #include <unistd.h>
44:
45: #include "key.h"
46: #include "extern.h"
47: #include "x509.h"
48:
49: #define X509_CERT_MAGIC "-----BEGIN CERTIFICATE-----"
50: #define X509_RSA_MAGIC "-----BEGIN RSA PRIVATE KEY-----"
51: #define X509_DSA_MAGIC "-----BEGIN DSA PRIVATE KEY-----"
52:
53: int
54: x509_load_public(struct key *k, struct iovec *iov)
55: {
56: BIO *bio;
57: X509 *cert;
58: EVP_PKEY *evp;
59:
60: if (strncmp((char *)iov->iov_base, X509_CERT_MAGIC,
61: strlen(X509_CERT_MAGIC)) != 0)
62: return (-1);
63:
64: if ((bio = BIO_new(BIO_s_mem())) == NULL)
65: return (-1);
66:
67: if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
68: BIO_free(bio);
69: return (-1);
70: }
71: cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
72: BIO_free(bio);
73:
74: if (cert == NULL)
75: return (-1);
76:
77: evp = X509_get_pubkey(cert);
78:
79: if (evp->type == EVP_PKEY_RSA) {
80: k->type = KEY_RSA;
81: k->data = (void *)RSAPublicKey_dup(evp->pkey.rsa);
82: } else if (evp->type == EVP_PKEY_DSA) {
83: k->type = KEY_DSA;
84: k->data = (void *)evp->pkey.dsa;
85: evp->pkey.dsa = NULL; /* XXX */
86: } else {
87: X509_free(cert);
88: return (-1);
89: }
90: X509_free(cert);
91:
92: return (0);
93: }
94:
95: int
96: x509_load_private(struct key *k, struct iovec *iov)
97: {
98: BIO *bio;
99: EVP_PKEY *evp;
100:
101: if (strncmp((char *)iov->iov_base, X509_RSA_MAGIC,
102: strlen(X509_RSA_MAGIC)) != 0 &&
103: strncmp((char *)iov->iov_base, X509_DSA_MAGIC,
104: strlen(X509_DSA_MAGIC)) != 0) {
105: return (-1);
106: }
107: if ((bio = BIO_new(BIO_s_mem())) == NULL)
108: return (-1);
109:
110: if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
111: BIO_free(bio);
112: return (-1);
113: }
114:
115: evp = PEM_read_bio_PrivateKey(bio, NULL, sign_passwd_cb, NULL);
116:
117: BIO_free(bio);
118:
119: if (evp == NULL)
120: return (-1);
121:
122: if (evp->type == EVP_PKEY_RSA) {
123: k->type = KEY_RSA;
124: k->data = (void *)evp->pkey.rsa;
125: evp->pkey.rsa = NULL; /* XXX */
126: } else if (evp->type == EVP_PKEY_DSA) {
127: k->type = KEY_DSA;
128: k->data = (void *)evp->pkey.dsa;
129: evp->pkey.dsa = NULL; /* XXX */
130: } else {
131: EVP_PKEY_free(evp);
132: return (-1);
133: }
134: EVP_PKEY_free(evp);
135:
136: return (0);
137: }