summaryrefslogtreecommitdiff
path: root/PKCS10.xs
diff options
context:
space:
mode:
Diffstat (limited to 'PKCS10.xs')
-rw-r--r--[-rwxr-xr-x]PKCS10.xs147
1 files changed, 97 insertions, 50 deletions
diff --git a/PKCS10.xs b/PKCS10.xs
index b31d420..3f047c0 100755..100644
--- a/PKCS10.xs
+++ b/PKCS10.xs
@@ -9,13 +9,17 @@
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
+#include <openssl/rand.h>
#include "ppport.h"
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
+#define EVP_PKEY_base_id(pkey) EVP_PKEY_type((pkey)->type)
+#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
#define EVP_PKEY_get0_RSA(pkey) ((pkey)->pkey.rsa)
#define EVP_PKEY_get0_DSA(pkey) ((pkey)->pkey.dsa)
-#ifndef OPENSSL_NO_EC || defined LIBRESSL_VERSION_NUMBER
+#if( !defined OPENSSL_NO_EC || defined LIBRESSL_VERSION_NUMBER)
#define EVP_PKEY_get0_EC_KEY(pkey) ((pkey)->pkey.ec)
#endif
#endif
@@ -36,7 +40,7 @@ typedef struct
} Crypt__OpenSSL__RSA;
#define PACKAGE_NAME "Crypt::OpenSSL::PKCS10"
-#define PACKAGE_CROAK(p_message) croak("%s:%d: %s", (p_message))
+#define PACKAGE_CROAK(p_message) croak("%s", (p_message))
#define CHECK_NEW(p_var, p_size, p_type) \
if (New(0, p_var, p_size, p_type) == NULL) \
{ PACKAGE_CROAK("unable to alloc buffer"); }
@@ -54,7 +58,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
char *buf = OPENSSL_malloc(buflen);
size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+ const char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
int *mval = OPENSSL_malloc (max_ne * sizeof (int));
@@ -63,7 +67,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
X509_NAME *n = NULL;
- if (!buf || !ne_types || !ne_values)
+ if (!buf || !ne_types || !ne_values || !mval)
{
croak("malloc error\n");
goto error;
@@ -154,7 +158,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
continue;
}
- if (!X509_NAME_add_entry_by_txt(n, (unsigned char*)ne_types[i], chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
+ if (!X509_NAME_add_entry_by_txt(n, ne_types[i], chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
goto error;
}
@@ -172,6 +176,8 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
OPENSSL_free(ne_types);
if (buf)
OPENSSL_free(buf);
+ if (mval)
+ OPENSSL_free(mval);
return NULL;
}
@@ -179,7 +185,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
* because we wont reference any other sections.
*/
-int add_ext(STACK_OF(X509_REQUEST) *sk, X509_REQ *req, int nid, char *value)
+int add_ext(STACK_OF(X509_EXTENSION) *sk, X509_REQ *req, int nid, char *value)
{
X509_EXTENSION *ex;
X509V3_CTX v3ctx;
@@ -194,13 +200,13 @@ int add_ext(STACK_OF(X509_REQUEST) *sk, X509_REQ *req, int nid, char *value)
/* Add an extention by setting the raw ASN1 octet string.
*/
-int add_ext_raw(STACK_OF(X509_REQUEST) *sk, int nid, unsigned char *value, int length)
+int add_ext_raw(STACK_OF(X509_EXTENSION) *sk, int nid, char *value, int length)
{
X509_EXTENSION *ex;
ASN1_STRING *asn;
asn = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
- ASN1_OCTET_STRING_set(asn, value, length);
+ ASN1_OCTET_STRING_set(asn, (unsigned char *) value, length);
ex = X509_EXTENSION_create_by_NID(NULL, nid, 0, asn);
if (!ex)
@@ -227,20 +233,23 @@ SV* make_pkcs10_obj(SV* p_proto, X509_REQ* p_req, EVP_PKEY* p_pk, STACK_OF(X509_
}
/* stolen from OpenSSL.xs */
-long bio_write_cb(struct bio_st *bm, int m, const char *ptr, int l, long x, long y) {
-
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+long bio_write_cb(struct bio_st *bm, int m, const char *ptr, size_t len, int l, long x, int y, size_t *processed) {
+#else
+long bio_write_cb(struct bio_st *bm, int m, const char *ptr, int len, long x, long y) {
+#endif
if (m == BIO_CB_WRITE) {
SV *sv = (SV *) BIO_get_callback_arg(bm);
- sv_catpvn(sv, ptr, l);
+ sv_catpvn(sv, ptr, len);
}
if (m == BIO_CB_PUTS) {
SV *sv = (SV *) BIO_get_callback_arg(bm);
- l = strlen(ptr);
- sv_catpvn(sv, ptr, l);
+ len = strlen(ptr);
+ sv_catpvn(sv, ptr, len);
}
- return l;
+ return len;
}
static BIO* sv_bio_create(void) {
@@ -250,7 +259,11 @@ static BIO* sv_bio_create(void) {
/* create an in-memory BIO abstraction and callbacks */
BIO *bio = BIO_new(BIO_s_mem());
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ BIO_set_callback_ex(bio, bio_write_cb);
+#else
BIO_set_callback(bio, bio_write_cb);
+#endif
BIO_set_callback_arg(bio, (void *)sv);
return bio;
@@ -339,25 +352,48 @@ new(class, keylen = 1024)
PREINIT:
X509_REQ *x;
EVP_PKEY *pk;
- RSA *rsa = NULL;
-
+ char *classname = SvPVutf8_nolen(class);
+
CODE:
//CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- if ((pk=EVP_PKEY_new()) == NULL)
- croak ("%s - can't create PKEY", class);
+ if (!RAND_status())
+ printf("Warning: generating random key material may take a long time\n"
+ "if the system has a poor entropy source\n");
if ((x=X509_REQ_new()) == NULL)
- croak ("%s - can't create req", class);
+ croak ("%s - can't create req", classname);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ pk = EVP_RSA_gen(keylen);
+#elif OPENSSL_VERSION_NUMBER <= 0x10000000L
+ RSA *rsa;
+ if ((pk=EVP_PKEY_new()) == NULL)
+ croak ("%s - can't create PKEY", classname);
rsa=RSA_generate_key(keylen, RSA_F4, NULL, NULL);
if (!EVP_PKEY_assign_RSA(pk,rsa))
- croak ("%s - EVP_PKEY_assign_RSA", class);
-
+ croak ("%s - EVP_PKEY_assign_RSA", classname);
+#else
+ RSA *rsa = RSA_new();
+ BIGNUM *bne = BN_new();
+ if (bne == NULL)
+ croak ("%s - BN_new failed", classname);
+
+ if (BN_set_word(bne, RSA_F4) != 1)
+ croak ("%s - BN_set_word failed", classname);
+
+ if ((pk=EVP_PKEY_new()) == NULL)
+ croak ("%s - can't create PKEY", classname);
+
+ if (!RSA_generate_key_ex(rsa, keylen, bne, NULL))
+ croak ("%s - RSA_generate_key_ex failed", classname);
+
+ if (!EVP_PKEY_assign_RSA(pk,rsa))
+ croak ("%s - EVP_PKEY_assign_RSA", classname);
+#endif
X509_REQ_set_pubkey(x,pk);
X509_REQ_set_version(x,0L);
if (!X509_REQ_sign(x,pk,EVP_sha256()))
- croak ("%s - X509_REQ_sign", class);
+ croak ("%s - X509_REQ_sign failed", classname);
RETVAL = make_pkcs10_obj(class, x, pk, NULL, NULL);
@@ -382,32 +418,43 @@ DESTROY(pkcs10)
BIO_free(bio_err);*/
SV*
-new_from_rsa(class, p_rsa)
+_new_from_rsa(class, p_rsa, priv)
SV *class
SV *p_rsa
+ SV *priv
PREINIT:
Crypt__OpenSSL__RSA *rsa;
+ char *keyString;
+ STRLEN keylen;
+ BIO *bio;
X509_REQ *x;
EVP_PKEY *pk;
+ char *classname = SvPVutf8_nolen(class);
CODE:
- //CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- if ((pk=EVP_PKEY_new()) == NULL)
- croak ("%s - can't create PKEY", class);
+
+ // Get the private key and save it in memory
+ keyString = SvPV(priv, keylen);
+ bio = BIO_new_mem_buf(keyString, keylen);
+ if (bio == NULL) {
+ croak ("Bio is null **** \n");
+ }
+
+ // Create the PrivateKey as EVP_PKEY
+ pk = PEM_read_bio_PrivateKey(bio, NULL, 0, NULL);
+ if (pk == NULL) {
+ croak("Failed operation error code %d\n", errno);
+ }
if ((x=X509_REQ_new()) == NULL)
- croak ("%s - can't create req", class);
+ croak ("%s - can't create req", classname);
rsa = (Crypt__OpenSSL__RSA *) SvIV(SvRV(p_rsa));
- if (!EVP_PKEY_assign_RSA(pk,rsa->rsa))
- croak ("%s - EVP_PKEY_assign_RSA", class);
-
X509_REQ_set_pubkey(x,pk);
X509_REQ_set_version(x,0L);
if (!X509_REQ_sign(x,pk,EVP_sha256()))
- croak ("%s - X509_REQ_sign", class);
+ croak ("%s - X509_REQ_sign", classname);
RETVAL = make_pkcs10_obj(class, x, pk, NULL, &rsa->rsa);
@@ -452,16 +499,12 @@ get_pem_pubkey(pkcs10)
type = EVP_PKEY_base_id(pkey);
if (type == EVP_PKEY_RSA) {
-
-# PEM_write_bio_RSAPublicKey(bio, EVP_PKEY_get0_RSA(pkey));
- PEM_write_bio_RSA_PUBKEY(bio, EVP_PKEY_get0_RSA(pkey));
-
+ PEM_write_bio_PUBKEY(bio, pkey);
} else if (type == EVP_PKEY_DSA) {
-
- PEM_write_bio_DSA_PUBKEY(bio, EVP_PKEY_get0_DSA(pkey));
+ PEM_write_bio_PUBKEY(bio, pkey);
#ifndef OPENSSL_NO_EC
} else if ( type == EVP_PKEY_EC ) {
- PEM_write_bio_EC_PUBKEY(bio, EVP_PKEY_get0_EC_KEY(pkey));
+ PEM_write_bio_PUBKEY(bio, pkey);
#endif
} else {
@@ -562,7 +605,7 @@ get_pem_pk(pkcs10,...)
/* get the certificate back out in a specified format. */
if(!PEM_write_bio_PrivateKey(bio,pkcs10->pk,NULL,NULL,0,NULL,NULL))
- croak ("%s - PEM_write_bio_PrivateKey", pkcs10->pk);
+ croak ("%s - PEM_write_bio_PrivateKey", (char *) pkcs10->pk);
RETVAL = sv_bio_final(bio);
@@ -576,7 +619,7 @@ set_subject(pkcs10, subj_SV, utf8 = 0)
int utf8;
PREINIT:
- unsigned char* subj;
+ char* subj;
STRLEN subj_length;
CODE:
@@ -596,7 +639,7 @@ add_ext(pkcs10, nid = NID_key_usage, ext_SV)
SV* ext_SV;
PREINIT:
- unsigned char* ext;
+ char* ext;
STRLEN ext_length;
CODE:
@@ -619,8 +662,8 @@ add_custom_ext_raw(pkcs10, oid_SV, ext_SV)
SV* ext_SV;
PREINIT:
- unsigned char* oid;
- unsigned char* ext;
+ char* oid;
+ char* ext;
STRLEN ext_length;
int nid;
@@ -649,8 +692,8 @@ add_custom_ext(pkcs10, oid_SV, ext_SV)
SV* ext_SV;
PREINIT:
- unsigned char* oid;
- unsigned char* ext;
+ char* oid;
+ char* ext;
STRLEN ext_length;
int nid;
@@ -686,7 +729,7 @@ add_ext_final(pkcs10)
if(pkcs10->exts)
sk_X509_EXTENSION_pop_free(pkcs10->exts, X509_EXTENSION_free);
} else {
- RETVAL = NULL;
+ RETVAL = 0;
}
OUTPUT:
@@ -698,7 +741,7 @@ new_from_file(class, filename_SV)
SV* filename_SV;
PREINIT:
- unsigned char* filename;
+ char* filename;
STRLEN filename_length;
FILE* fp;
X509_REQ *req;
@@ -741,8 +784,12 @@ accessor(pkcs10)
name = X509_REQ_get_subject_name(pkcs10->req);
X509_NAME_print_ex(bio, name, 0, XN_FLAG_SEP_CPLUS_SPC);
} else if (ix == 2 ) {
- key = X509_REQ_extract_key(pkcs10->req);
+ key = X509_REQ_get_pubkey(pkcs10->req);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY_print_public(bio, key, 0, NULL);
+#else
RSA_print(bio, EVP_PKEY_get1_RSA(key), 0);
+#endif
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 17:08:52 +0000