1 /* $OpenBSD: x509.c,v 1.2 2005/05/28 08:07:45 marius Exp $ */
2
3 /*
4 * x509.c
5 *
6 * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
7 * Copyright (c) 2001 Arbor Networks, Inc.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. The names of the copyright holders may not be used to endorse or
19 * promote products derived from this software without specific
20 * prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
25 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
28 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 * $Vendor: x509.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
34 */
35
36 #include <sys/types.h>
37 #include <sys/uio.h>
38
39 #include <openssl/ssl.h>
40
41 #include <stdio.h>
42 #include <string.h>
43 #include <unistd.h>
44
45 #include "key.h"
46 #include "extern.h"
47 #include "x509.h"
48
49 #define X509_CERT_MAGIC "-----BEGIN CERTIFICATE-----"
50 #define X509_RSA_MAGIC "-----BEGIN RSA PRIVATE KEY-----"
51 #define X509_DSA_MAGIC "-----BEGIN DSA PRIVATE KEY-----"
52
53 int
x509_load_public(struct key * k,struct iovec * iov)54 x509_load_public(struct key *k, struct iovec *iov)
55 {
56 BIO *bio;
57 X509 *cert;
58 EVP_PKEY *evp;
59
60 if (strncmp((char *)iov->iov_base, X509_CERT_MAGIC,
61 strlen(X509_CERT_MAGIC)) != 0)
62 return (-1);
63
64 if ((bio = BIO_new(BIO_s_mem())) == NULL)
65 return (-1);
66
67 if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
68 BIO_free(bio);
69 return (-1);
70 }
71 cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
72 BIO_free(bio);
73
74 if (cert == NULL)
75 return (-1);
76
77 evp = X509_get_pubkey(cert);
78
79 if (evp->type == EVP_PKEY_RSA) {
80 k->type = KEY_RSA;
81 k->data = (void *)RSAPublicKey_dup(evp->pkey.rsa);
82 } else if (evp->type == EVP_PKEY_DSA) {
83 k->type = KEY_DSA;
84 k->data = (void *)evp->pkey.dsa;
85 evp->pkey.dsa = NULL; /* XXX */
86 } else {
87 X509_free(cert);
88 return (-1);
89 }
90 X509_free(cert);
91
92 return (0);
93 }
94
95 int
x509_load_private(struct key * k,struct iovec * iov)96 x509_load_private(struct key *k, struct iovec *iov)
97 {
98 BIO *bio;
99 EVP_PKEY *evp;
100
101 if (strncmp((char *)iov->iov_base, X509_RSA_MAGIC,
102 strlen(X509_RSA_MAGIC)) != 0 &&
103 strncmp((char *)iov->iov_base, X509_DSA_MAGIC,
104 strlen(X509_DSA_MAGIC)) != 0) {
105 return (-1);
106 }
107 if ((bio = BIO_new(BIO_s_mem())) == NULL)
108 return (-1);
109
110 if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
111 BIO_free(bio);
112 return (-1);
113 }
114
115 evp = PEM_read_bio_PrivateKey(bio, NULL, sign_passwd_cb, NULL);
116
117 BIO_free(bio);
118
119 if (evp == NULL)
120 return (-1);
121
122 if (evp->type == EVP_PKEY_RSA) {
123 k->type = KEY_RSA;
124 k->data = (void *)evp->pkey.rsa;
125 evp->pkey.rsa = NULL; /* XXX */
126 } else if (evp->type == EVP_PKEY_DSA) {
127 k->type = KEY_DSA;
128 k->data = (void *)evp->pkey.dsa;
129 evp->pkey.dsa = NULL; /* XXX */
130 } else {
131 EVP_PKEY_free(evp);
132 return (-1);
133 }
134 EVP_PKEY_free(evp);
135
136 return (0);
137 }
138