diff options
Diffstat (limited to 'PKCS10.xs')
-rw-r--r--[-rwxr-xr-x] | PKCS10.xs | 147 |
1 files changed, 97 insertions, 50 deletions
diff --git a/PKCS10.xs b/PKCS10.xs index b31d420..3f047c0 100755..100644 --- a/PKCS10.xs +++ b/PKCS10.xs @@ -9,13 +9,17 @@ #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/err.h> +#include <openssl/rand.h> #include "ppport.h" +#if OPENSSL_VERSION_NUMBER < 0x10000000L +#define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type) +#endif #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER #define EVP_PKEY_get0_RSA(pkey) ((pkey)->pkey.rsa) #define EVP_PKEY_get0_DSA(pkey) ((pkey)->pkey.dsa) -#ifndef OPENSSL_NO_EC || defined LIBRESSL_VERSION_NUMBER +#if( !defined OPENSSL_NO_EC || defined LIBRESSL_VERSION_NUMBER) #define EVP_PKEY_get0_EC_KEY(pkey) ((pkey)->pkey.ec) #endif #endif @@ -36,7 +40,7 @@ typedef struct } Crypt__OpenSSL__RSA; #define PACKAGE_NAME "Crypt::OpenSSL::PKCS10" -#define PACKAGE_CROAK(p_message) croak("%s:%d: %s", (p_message)) +#define PACKAGE_CROAK(p_message) croak("%s", (p_message)) #define CHECK_NEW(p_var, p_size, p_type) \ if (New(0, p_var, p_size, p_type) == NULL) \ { PACKAGE_CROAK("unable to alloc buffer"); } @@ -54,7 +58,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn) size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */ char *buf = OPENSSL_malloc(buflen); size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */ - char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); + const char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *)); char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *)); int *mval = OPENSSL_malloc (max_ne * sizeof (int)); @@ -63,7 +67,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn) X509_NAME *n = NULL; - if (!buf || !ne_types || !ne_values) + if (!buf || !ne_types || !ne_values || !mval) { croak("malloc error\n"); goto error; @@ -154,7 +158,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn) continue; } - if (!X509_NAME_add_entry_by_txt(n, (unsigned char*)ne_types[i], chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) + if (!X509_NAME_add_entry_by_txt(n, ne_types[i], chtype, (unsigned char*)ne_values[i], -1,-1,mval[i])) goto error; } @@ -172,6 +176,8 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn) OPENSSL_free(ne_types); if (buf) OPENSSL_free(buf); + if (mval) + OPENSSL_free(mval); return NULL; } @@ -179,7 +185,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn) * because we wont reference any other sections. */ -int add_ext(STACK_OF(X509_REQUEST) *sk, X509_REQ *req, int nid, char *value) +int add_ext(STACK_OF(X509_EXTENSION) *sk, X509_REQ *req, int nid, char *value) { X509_EXTENSION *ex; X509V3_CTX v3ctx; @@ -194,13 +200,13 @@ int add_ext(STACK_OF(X509_REQUEST) *sk, X509_REQ *req, int nid, char *value) /* Add an extention by setting the raw ASN1 octet string. */ -int add_ext_raw(STACK_OF(X509_REQUEST) *sk, int nid, unsigned char *value, int length) +int add_ext_raw(STACK_OF(X509_EXTENSION) *sk, int nid, char *value, int length) { X509_EXTENSION *ex; ASN1_STRING *asn; asn = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); - ASN1_OCTET_STRING_set(asn, value, length); + ASN1_OCTET_STRING_set(asn, (unsigned char *) value, length); ex = X509_EXTENSION_create_by_NID(NULL, nid, 0, asn); if (!ex) @@ -227,20 +233,23 @@ SV* make_pkcs10_obj(SV* p_proto, X509_REQ* p_req, EVP_PKEY* p_pk, STACK_OF(X509_ } /* stolen from OpenSSL.xs */ -long bio_write_cb(struct bio_st *bm, int m, const char *ptr, int l, long x, long y) { - +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +long bio_write_cb(struct bio_st *bm, int m, const char *ptr, size_t len, int l, long x, int y, size_t *processed) { +#else +long bio_write_cb(struct bio_st *bm, int m, const char *ptr, int len, long x, long y) { +#endif if (m == BIO_CB_WRITE) { SV *sv = (SV *) BIO_get_callback_arg(bm); - sv_catpvn(sv, ptr, l); + sv_catpvn(sv, ptr, len); } if (m == BIO_CB_PUTS) { SV *sv = (SV *) BIO_get_callback_arg(bm); - l = strlen(ptr); - sv_catpvn(sv, ptr, l); + len = strlen(ptr); + sv_catpvn(sv, ptr, len); } - return l; + return len; } static BIO* sv_bio_create(void) { @@ -250,7 +259,11 @@ static BIO* sv_bio_create(void) { /* create an in-memory BIO abstraction and callbacks */ BIO *bio = BIO_new(BIO_s_mem()); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + BIO_set_callback_ex(bio, bio_write_cb); +#else BIO_set_callback(bio, bio_write_cb); +#endif BIO_set_callback_arg(bio, (void *)sv); return bio; @@ -339,25 +352,48 @@ new(class, keylen = 1024) PREINIT: X509_REQ *x; EVP_PKEY *pk; - RSA *rsa = NULL; - + char *classname = SvPVutf8_nolen(class); + CODE: //CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - if ((pk=EVP_PKEY_new()) == NULL) - croak ("%s - can't create PKEY", class); + if (!RAND_status()) + printf("Warning: generating random key material may take a long time\n" + "if the system has a poor entropy source\n"); if ((x=X509_REQ_new()) == NULL) - croak ("%s - can't create req", class); + croak ("%s - can't create req", classname); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + pk = EVP_RSA_gen(keylen); +#elif OPENSSL_VERSION_NUMBER <= 0x10000000L + RSA *rsa; + if ((pk=EVP_PKEY_new()) == NULL) + croak ("%s - can't create PKEY", classname); rsa=RSA_generate_key(keylen, RSA_F4, NULL, NULL); if (!EVP_PKEY_assign_RSA(pk,rsa)) - croak ("%s - EVP_PKEY_assign_RSA", class); - + croak ("%s - EVP_PKEY_assign_RSA", classname); +#else + RSA *rsa = RSA_new(); + BIGNUM *bne = BN_new(); + if (bne == NULL) + croak ("%s - BN_new failed", classname); + + if (BN_set_word(bne, RSA_F4) != 1) + croak ("%s - BN_set_word failed", classname); + + if ((pk=EVP_PKEY_new()) == NULL) + croak ("%s - can't create PKEY", classname); + + if (!RSA_generate_key_ex(rsa, keylen, bne, NULL)) + croak ("%s - RSA_generate_key_ex failed", classname); + + if (!EVP_PKEY_assign_RSA(pk,rsa)) + croak ("%s - EVP_PKEY_assign_RSA", classname); +#endif X509_REQ_set_pubkey(x,pk); X509_REQ_set_version(x,0L); if (!X509_REQ_sign(x,pk,EVP_sha256())) - croak ("%s - X509_REQ_sign", class); + croak ("%s - X509_REQ_sign failed", classname); RETVAL = make_pkcs10_obj(class, x, pk, NULL, NULL); @@ -382,32 +418,43 @@ DESTROY(pkcs10) BIO_free(bio_err);*/ SV* -new_from_rsa(class, p_rsa) +_new_from_rsa(class, p_rsa, priv) SV *class SV *p_rsa + SV *priv PREINIT: Crypt__OpenSSL__RSA *rsa; + char *keyString; + STRLEN keylen; + BIO *bio; X509_REQ *x; EVP_PKEY *pk; + char *classname = SvPVutf8_nolen(class); CODE: - //CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - if ((pk=EVP_PKEY_new()) == NULL) - croak ("%s - can't create PKEY", class); + + // Get the private key and save it in memory + keyString = SvPV(priv, keylen); + bio = BIO_new_mem_buf(keyString, keylen); + if (bio == NULL) { + croak ("Bio is null **** \n"); + } + + // Create the PrivateKey as EVP_PKEY + pk = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL); + if (pk == NULL) { + croak("Failed operation error code %d\n", errno); + } if ((x=X509_REQ_new()) == NULL) - croak ("%s - can't create req", class); + croak ("%s - can't create req", classname); rsa = (Crypt__OpenSSL__RSA *) SvIV(SvRV(p_rsa)); - if (!EVP_PKEY_assign_RSA(pk,rsa->rsa)) - croak ("%s - EVP_PKEY_assign_RSA", class); - X509_REQ_set_pubkey(x,pk); X509_REQ_set_version(x,0L); if (!X509_REQ_sign(x,pk,EVP_sha256())) - croak ("%s - X509_REQ_sign", class); + croak ("%s - X509_REQ_sign", classname); RETVAL = make_pkcs10_obj(class, x, pk, NULL, &rsa->rsa); @@ -452,16 +499,12 @@ get_pem_pubkey(pkcs10) type = EVP_PKEY_base_id(pkey); if (type == EVP_PKEY_RSA) { - -# PEM_write_bio_RSAPublicKey(bio, EVP_PKEY_get0_RSA(pkey)); - PEM_write_bio_RSA_PUBKEY(bio, EVP_PKEY_get0_RSA(pkey)); - + PEM_write_bio_PUBKEY(bio, pkey); } else if (type == EVP_PKEY_DSA) { - - PEM_write_bio_DSA_PUBKEY(bio, EVP_PKEY_get0_DSA(pkey)); + PEM_write_bio_PUBKEY(bio, pkey); #ifndef OPENSSL_NO_EC } else if ( type == EVP_PKEY_EC ) { - PEM_write_bio_EC_PUBKEY(bio, EVP_PKEY_get0_EC_KEY(pkey)); + PEM_write_bio_PUBKEY(bio, pkey); #endif } else { @@ -562,7 +605,7 @@ get_pem_pk(pkcs10,...) /* get the certificate back out in a specified format. */ if(!PEM_write_bio_PrivateKey(bio,pkcs10->pk,NULL,NULL,0,NULL,NULL)) - croak ("%s - PEM_write_bio_PrivateKey", pkcs10->pk); + croak ("%s - PEM_write_bio_PrivateKey", (char *) pkcs10->pk); RETVAL = sv_bio_final(bio); @@ -576,7 +619,7 @@ set_subject(pkcs10, subj_SV, utf8 = 0) int utf8; PREINIT: - unsigned char* subj; + char* subj; STRLEN subj_length; CODE: @@ -596,7 +639,7 @@ add_ext(pkcs10, nid = NID_key_usage, ext_SV) SV* ext_SV; PREINIT: - unsigned char* ext; + char* ext; STRLEN ext_length; CODE: @@ -619,8 +662,8 @@ add_custom_ext_raw(pkcs10, oid_SV, ext_SV) SV* ext_SV; PREINIT: - unsigned char* oid; - unsigned char* ext; + char* oid; + char* ext; STRLEN ext_length; int nid; @@ -649,8 +692,8 @@ add_custom_ext(pkcs10, oid_SV, ext_SV) SV* ext_SV; PREINIT: - unsigned char* oid; - unsigned char* ext; + char* oid; + char* ext; STRLEN ext_length; int nid; @@ -686,7 +729,7 @@ add_ext_final(pkcs10) if(pkcs10->exts) sk_X509_EXTENSION_pop_free(pkcs10->exts, X509_EXTENSION_free); } else { - RETVAL = NULL; + RETVAL = 0; } OUTPUT: @@ -698,7 +741,7 @@ new_from_file(class, filename_SV) SV* filename_SV; PREINIT: - unsigned char* filename; + char* filename; STRLEN filename_length; FILE* fp; X509_REQ *req; @@ -741,8 +784,12 @@ accessor(pkcs10) name = X509_REQ_get_subject_name(pkcs10->req); X509_NAME_print_ex(bio, name, 0, XN_FLAG_SEP_CPLUS_SPC); } else if (ix == 2 ) { - key = X509_REQ_extract_key(pkcs10->req); + key = X509_REQ_get_pubkey(pkcs10->req); +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + EVP_PKEY_print_public(bio, key, 0, NULL); +#else RSA_print(bio, EVP_PKEY_get1_RSA(key), 0); +#endif } } |