Annotation of src/usr.bin/openssl/spkac.c, Revision 1.4
1.4 ! deraadt 1: /* $OpenBSD: spkac.c,v 1.3 2015/01/08 11:08:50 doug Exp $ */
1.1 jsing 2: /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3: * project 1999. Based on an original idea by Massimiliano Pala
4: * (madwolf@openca.org).
5: */
6: /* ====================================================================
7: * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: *
13: * 1. Redistributions of source code must retain the above copyright
14: * notice, this list of conditions and the following disclaimer.
15: *
16: * 2. Redistributions in binary form must reproduce the above copyright
17: * notice, this list of conditions and the following disclaimer in
18: * the documentation and/or other materials provided with the
19: * distribution.
20: *
21: * 3. All advertising materials mentioning features or use of this
22: * software must display the following acknowledgment:
23: * "This product includes software developed by the OpenSSL Project
24: * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25: *
26: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27: * endorse or promote products derived from this software without
28: * prior written permission. For written permission, please contact
29: * licensing@OpenSSL.org.
30: *
31: * 5. Products derived from this software may not be called "OpenSSL"
32: * nor may "OpenSSL" appear in their names without prior written
33: * permission of the OpenSSL Project.
34: *
35: * 6. Redistributions of any form whatsoever must retain the following
36: * acknowledgment:
37: * "This product includes software developed by the OpenSSL Project
38: * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39: *
40: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51: * OF THE POSSIBILITY OF SUCH DAMAGE.
52: * ====================================================================
53: *
54: * This product includes cryptographic software written by Eric Young
55: * (eay@cryptsoft.com). This product includes software written by Tim
56: * Hudson (tjh@cryptsoft.com).
57: *
58: */
59:
60: #include <stdio.h>
61: #include <stdlib.h>
62: #include <string.h>
63: #include <time.h>
64:
65: #include "apps.h"
1.4 ! deraadt 66: #include "progs.h"
1.1 jsing 67:
68: #include <openssl/bio.h>
69: #include <openssl/conf.h>
70: #include <openssl/err.h>
71: #include <openssl/evp.h>
72: #include <openssl/lhash.h>
73: #include <openssl/pem.h>
74: #include <openssl/x509.h>
75:
1.3 doug 76: static struct {
77: char *challenge;
78: #ifndef OPENSSL_NO_ENGINE
79: char *engine;
80: #endif
81: char *infile;
82: char *keyfile;
83: int noout;
84: char *outfile;
85: char *passargin;
86: int pubkey;
87: char *spkac;
88: char *spksect;
89: int verify;
90: } spkac_config;
91:
92: static struct option spkac_options[] = {
93: {
94: .name = "challenge",
95: .argname = "string",
96: .desc = "Specify challenge string if SPKAC is generated",
97: .type = OPTION_ARG,
98: .opt.arg = &spkac_config.challenge,
99: },
100: #ifndef OPENSSL_NO_ENGINE
101: {
102: .name = "engine",
103: .argname = "id",
104: .desc = "Use the engine specified by the given identifier",
105: .type = OPTION_ARG,
106: .opt.arg = &spkac_config.engine,
107: },
108: #endif
109: {
110: .name = "in",
111: .argname = "file",
112: .desc = "Input file (default stdin)",
113: .type = OPTION_ARG,
114: .opt.arg = &spkac_config.infile,
115: },
116: {
117: .name = "key",
118: .argname = "file",
119: .desc = "Create SPKAC using private key file",
120: .type = OPTION_ARG,
121: .opt.arg = &spkac_config.keyfile,
122: },
123: {
124: .name = "noout",
125: .desc = "Do not print text version of SPKAC",
126: .type = OPTION_FLAG,
127: .opt.flag = &spkac_config.noout,
128: },
129: {
130: .name = "out",
131: .argname = "file",
132: .desc = "Output file (default stdout)",
133: .type = OPTION_ARG,
134: .opt.arg = &spkac_config.outfile,
135: },
136: {
137: .name = "passin",
138: .argname = "src",
139: .desc = "Input file passphrase source",
140: .type = OPTION_ARG,
141: .opt.arg = &spkac_config.passargin,
142: },
143: {
144: .name = "pubkey",
145: .desc = "Output public key of an SPKAC (not used if creating)",
146: .type = OPTION_FLAG,
147: .opt.flag = &spkac_config.pubkey,
148: },
149: {
150: .name = "spkac",
151: .argname = "name",
152: .desc = "SPKAC name (default \"SPKAC\")",
153: .type = OPTION_ARG,
154: .opt.arg = &spkac_config.spkac,
155: },
156: {
157: .name = "spksect",
158: .argname = "name",
159: .desc = "Name of the section containing SPKAC (default"
160: " \"default\")",
161: .type = OPTION_ARG,
162: .opt.arg = &spkac_config.spksect,
163: },
164: {
165: .name = "verify",
166: .desc = "Verify digital signature on supplied SPKAC",
167: .type = OPTION_FLAG,
168: .opt.flag = &spkac_config.verify,
169: },
170: { NULL }
171: };
1.1 jsing 172:
1.3 doug 173: static void
174: spkac_usage(void)
175: {
176: fprintf(stderr,
177: "usage: spkac [-challenge string] [-engine id] [-in file] "
178: "[-key file] [-noout]\n"
179: " [-out file] [-passin src] [-pubkey] [-spkac name] "
180: "[-spksect section]\n"
181: " [-verify]\n\n");
182: options_usage(spkac_options);
183: }
1.1 jsing 184:
185: int
186: spkac_main(int argc, char **argv)
187: {
188: ENGINE *e = NULL;
1.3 doug 189: int i, ret = 1;
1.1 jsing 190: BIO *in = NULL, *out = NULL;
1.3 doug 191: char *passin = NULL;
1.1 jsing 192: char *spkstr = NULL;
193: CONF *conf = NULL;
194: NETSCAPE_SPKI *spki = NULL;
195: EVP_PKEY *pkey = NULL;
196:
1.3 doug 197: memset(&spkac_config, 0, sizeof(spkac_config));
198: spkac_config.spkac = "SPKAC";
199: spkac_config.spksect = "default";
1.1 jsing 200:
1.3 doug 201: if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) {
202: spkac_usage();
203: return (1);
1.1 jsing 204: }
1.2 jsing 205:
1.3 doug 206: if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) {
1.1 jsing 207: BIO_printf(bio_err, "Error getting password\n");
208: goto end;
209: }
210: #ifndef OPENSSL_NO_ENGINE
1.3 doug 211: e = setup_engine(bio_err, spkac_config.engine, 0);
1.1 jsing 212: #endif
213:
1.3 doug 214: if (spkac_config.keyfile) {
1.1 jsing 215: pkey = load_key(bio_err,
1.3 doug 216: strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile
217: : NULL, FORMAT_PEM, 1, passin, e, "private key");
1.1 jsing 218: if (!pkey) {
219: goto end;
220: }
221: spki = NETSCAPE_SPKI_new();
1.3 doug 222: if (spkac_config.challenge)
1.1 jsing 223: ASN1_STRING_set(spki->spkac->challenge,
1.3 doug 224: spkac_config.challenge,
225: (int) strlen(spkac_config.challenge));
1.1 jsing 226: NETSCAPE_SPKI_set_pubkey(spki, pkey);
227: NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
228: spkstr = NETSCAPE_SPKI_b64_encode(spki);
229: if (spkstr == NULL) {
230: BIO_printf(bio_err, "Error encoding SPKAC\n");
231: ERR_print_errors(bio_err);
232: goto end;
233: }
234:
1.3 doug 235: if (spkac_config.outfile)
236: out = BIO_new_file(spkac_config.outfile, "w");
1.1 jsing 237: else
238: out = BIO_new_fp(stdout, BIO_NOCLOSE);
239:
240: if (!out) {
241: BIO_printf(bio_err, "Error opening output file\n");
242: ERR_print_errors(bio_err);
243: } else {
244: BIO_printf(out, "SPKAC=%s\n", spkstr);
245: ret = 0;
246: }
247: free(spkstr);
248: goto end;
249: }
1.3 doug 250: if (spkac_config.infile)
251: in = BIO_new_file(spkac_config.infile, "r");
1.1 jsing 252: else
253: in = BIO_new_fp(stdin, BIO_NOCLOSE);
254:
255: if (!in) {
256: BIO_printf(bio_err, "Error opening input file\n");
257: ERR_print_errors(bio_err);
258: goto end;
259: }
260: conf = NCONF_new(NULL);
261: i = NCONF_load_bio(conf, in, NULL);
262:
263: if (!i) {
264: BIO_printf(bio_err, "Error parsing config file\n");
265: ERR_print_errors(bio_err);
266: goto end;
267: }
1.3 doug 268: spkstr = NCONF_get_string(conf, spkac_config.spksect,
269: spkac_config.spkac);
1.1 jsing 270:
271: if (!spkstr) {
1.3 doug 272: BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n",
273: spkac_config.spkac);
1.1 jsing 274: ERR_print_errors(bio_err);
275: goto end;
276: }
277: spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
278:
279: if (!spki) {
280: BIO_printf(bio_err, "Error loading SPKAC\n");
281: ERR_print_errors(bio_err);
282: goto end;
283: }
1.3 doug 284: if (spkac_config.outfile)
285: out = BIO_new_file(spkac_config.outfile, "w");
1.1 jsing 286: else {
287: out = BIO_new_fp(stdout, BIO_NOCLOSE);
288: }
289:
290: if (!out) {
291: BIO_printf(bio_err, "Error opening output file\n");
292: ERR_print_errors(bio_err);
293: goto end;
294: }
1.3 doug 295: if (!spkac_config.noout)
1.1 jsing 296: NETSCAPE_SPKI_print(out, spki);
297: pkey = NETSCAPE_SPKI_get_pubkey(spki);
1.3 doug 298: if (spkac_config.verify) {
1.1 jsing 299: i = NETSCAPE_SPKI_verify(spki, pkey);
300: if (i > 0)
301: BIO_printf(bio_err, "Signature OK\n");
302: else {
303: BIO_printf(bio_err, "Signature Failure\n");
304: ERR_print_errors(bio_err);
305: goto end;
306: }
307: }
1.3 doug 308: if (spkac_config.pubkey)
1.1 jsing 309: PEM_write_bio_PUBKEY(out, pkey);
310:
311: ret = 0;
312:
313: end:
314: NCONF_free(conf);
315: NETSCAPE_SPKI_free(spki);
316: BIO_free(in);
317: BIO_free_all(out);
318: EVP_PKEY_free(pkey);
319: free(passin);
320:
321: return (ret);
322: }
![[BACK]](/icons/back.gif){kind=icon}
Return to spkac.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl