1 /* $OpenBSD: x509.c,v 1.2 2005/05/28 08:07:45 marius Exp $ */
2 
3 /*
4  * x509.c
5  *
6  * Copyright (c) 2001 Dug Song <dugsong@arbor.net>
7  * Copyright (c) 2001 Arbor Networks, Inc.
8  *
9  *   Redistribution and use in source and binary forms, with or without
10  *   modification, are permitted provided that the following conditions
11  *   are met:
12  *
13  *   1. Redistributions of source code must retain the above copyright
14  *      notice, this list of conditions and the following disclaimer.
15  *   2. Redistributions in binary form must reproduce the above copyright
16  *      notice, this list of conditions and the following disclaimer in the
17  *      documentation and/or other materials provided with the distribution.
18  *   3. The names of the copyright holders may not be used to endorse or
19  *      promote products derived from this software without specific
20  *      prior written permission.
21  *
22  *   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23  *   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24  *   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
25  *   THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
26  *   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
27  *   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
28  *   OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  *   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  *   ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  * $Vendor: x509.c,v 1.2 2005/04/01 16:47:31 dugsong Exp $
34  */
35 
36 #include <sys/types.h>
37 #include <sys/uio.h>
38 
39 #include <openssl/ssl.h>
40 
41 #include <stdio.h>
42 #include <string.h>
43 #include <unistd.h>
44 
45 #include "key.h"
46 #include "extern.h"
47 #include "x509.h"
48 
49 #define X509_CERT_MAGIC	"-----BEGIN CERTIFICATE-----"
50 #define X509_RSA_MAGIC	"-----BEGIN RSA PRIVATE KEY-----"
51 #define X509_DSA_MAGIC	"-----BEGIN DSA PRIVATE KEY-----"
52 
53 int
x509_load_public(struct key * k,struct iovec * iov)54 x509_load_public(struct key *k, struct iovec *iov)
55 {
56 	BIO *bio;
57 	X509 *cert;
58 	EVP_PKEY *evp;
59 
60 	if (strncmp((char *)iov->iov_base, X509_CERT_MAGIC,
61 	    strlen(X509_CERT_MAGIC)) != 0)
62 		return (-1);
63 
64 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
65 		return (-1);
66 
67 	if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
68 		BIO_free(bio);
69 		return (-1);
70 	}
71 	cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
72 	BIO_free(bio);
73 
74 	if (cert == NULL)
75 		return (-1);
76 
77 	evp = X509_get_pubkey(cert);
78 
79 	if (evp->type == EVP_PKEY_RSA) {
80 		k->type = KEY_RSA;
81 		k->data = (void *)RSAPublicKey_dup(evp->pkey.rsa);
82 	} else if (evp->type == EVP_PKEY_DSA) {
83 		k->type = KEY_DSA;
84 		k->data = (void *)evp->pkey.dsa;
85 		evp->pkey.dsa = NULL;			/* XXX */
86 	} else {
87 		X509_free(cert);
88 		return (-1);
89 	}
90 	X509_free(cert);
91 
92 	return (0);
93 }
94 
95 int
x509_load_private(struct key * k,struct iovec * iov)96 x509_load_private(struct key *k, struct iovec *iov)
97 {
98 	BIO *bio;
99 	EVP_PKEY *evp;
100 
101 	if (strncmp((char *)iov->iov_base, X509_RSA_MAGIC,
102 	        strlen(X509_RSA_MAGIC)) != 0 &&
103 	    strncmp((char *)iov->iov_base, X509_DSA_MAGIC,
104 		strlen(X509_DSA_MAGIC)) != 0) {
105 		return (-1);
106 	}
107 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
108 		return (-1);
109 
110 	if (BIO_write(bio, iov->iov_base, iov->iov_len + 1) <= 0) {
111 		BIO_free(bio);
112 		return (-1);
113 	}
114 
115 	evp = PEM_read_bio_PrivateKey(bio, NULL, sign_passwd_cb, NULL);
116 
117 	BIO_free(bio);
118 
119 	if (evp == NULL)
120 		return (-1);
121 
122 	if (evp->type == EVP_PKEY_RSA) {
123 		k->type = KEY_RSA;
124 		k->data = (void *)evp->pkey.rsa;
125 		evp->pkey.rsa = NULL;			/* XXX */
126 	} else if (evp->type == EVP_PKEY_DSA) {
127 		k->type = KEY_DSA;
128 		k->data = (void *)evp->pkey.dsa;
129 		evp->pkey.dsa = NULL;			/* XXX */
130 	} else {
131 		EVP_PKEY_free(evp);
132 		return (-1);
133 	}
134 	EVP_PKEY_free(evp);
135 
136 	return (0);
137 }
138