Move the certificate and key loading functions to apps.c, so they can

be shared by several applications.

Move the certificate and key loading functions to apps.c, so they can
be shared by several applications.
90ae4673 · Richard Levitte · 2a98f417 · 90ae4673 · 90ae4673 · 90ae4673
隐藏空白更改
内联并排

Showing with 229 addition and 184 deletion

apps/apps.c apps/apps.c +215 -0

apps/apps.h apps/apps.h +7 -0

apps/smime.c apps/smime.c +5 -51

apps/x509.c apps/x509.c +2 -133

未找到文件。
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -64,6 +64,11 @@
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/safestack.h>
 #ifdef WINDOWS
 #  include "bss_file.c"
@@ -159,6 +164,10 @@ int str2fmt(char *s)
 		return(FORMAT_PEM);
 	else if ((*s == 'N') || (*s == 'n'))
 		return(FORMAT_NETSCAPE);
+	else if ((*s == '1')
+		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
+		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
+		return(FORMAT_PKCS12);
 	else
 		return(FORMAT_UNDEF);
 	}
@@ -414,3 +423,209 @@ static char *app_get_pass(BIO *err, char *arg, int keepbio)
 	if(tmp) *tmp = 0;
 	return BUF_strdup(tpass);
 }
+X509 *load_cert(char *file, int format)
+	{
+	ASN1_HEADER *ah=NULL;
+	BUF_MEM *buf=NULL;
+	X509 *x=NULL;
+	BIO *cert;
+	if ((cert=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (file == NULL)
+		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(cert,file) <= 0)
+			{
+			perror(file);
+			goto end;
+			}
+		}
+	if 	(format == FORMAT_ASN1)
+		x=d2i_X509_bio(cert,NULL);
+	else if (format == FORMAT_NETSCAPE)
+		{
+		unsigned char *p,*op;
+		int size=0,i;
+		/* We sort of have to do it this way because it is sort of nice
+		 * to read the header first and check it, then
+		 * try to read the certificate */
+		buf=BUF_MEM_new();
+		for (;;)
+			{
+			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+				goto end;
+			i=BIO_read(cert,&(buf->data[size]),1024*10);
+			size+=i;
+			if (i == 0) break;
+			if (i < 0)
+				{
+				perror("reading certificate");
+				goto end;
+				}
+			}
+		p=(unsigned char *)buf->data;
+		op=p;
+		/* First load the header */
+		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+			goto end;
+		if ((ah->header == NULL) || (ah->header->data == NULL) ||
+			(strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
+			ah->header->length) != 0))
+			{
+			BIO_printf(bio_err,"Error reading header on certificate\n");
+			goto end;
+			}
+		/* header is ok, so now read the object */
+		p=op;
+		ah->meth=X509_asn1_meth();
+		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+			goto end;
+		x=(X509 *)ah->data;
+		ah->data=NULL;
+		}
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
+	else if (format == FORMAT_PKCS12)
+		{
+		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
+		PKCS12_parse(p12, NULL, NULL, &x, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
+		}
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input cert\n");
+		goto end;
+		}
+end:
+	if (x == NULL)
+		{
+		BIO_printf(bio_err,"unable to load certificate\n");
+		ERR_print_errors(bio_err);
+		}
+	if (ah != NULL) ASN1_HEADER_free(ah);
+	if (cert != NULL) BIO_free(cert);
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(x);
+	}
+EVP_PKEY *load_key(char *file, int format, char *pass)
+	{
+	BIO *key=NULL;
+	EVP_PKEY *pkey=NULL;
+	if (file == NULL)
+		{
+		BIO_printf(bio_err,"no keyfile specified\n");
+		goto end;
+		}
+	key=BIO_new(BIO_s_file());
+	if (key == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (BIO_read_filename(key,file) <= 0)
+		{
+		perror(file);
+		goto end;
+		}
+	if (format == FORMAT_ASN1)
+		{
+		pkey=d2i_PrivateKey_bio(key, NULL);
+		}
+	else if (format == FORMAT_PEM)
+		{
+		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,pass);
+		}
+	else if (format == FORMAT_PKCS12)
+		{
+		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
+		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
+		}
+	else
+		{
+		BIO_printf(bio_err,"bad input format specified for key\n");
+		goto end;
+		}
+ end:
+	if (key != NULL) BIO_free(key);
+	if (pkey == NULL)
+		BIO_printf(bio_err,"unable to load Private Key\n");
+	return(pkey);
+	}
+STACK_OF(X509) *load_certs(char *file, int format)
+	{
+	BIO *certs;
+	int i;
+	STACK_OF(X509) *othercerts = NULL;
+	STACK_OF(X509_INFO) *allcerts = NULL;
+	X509_INFO *xi;
+	if((certs = BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (file == NULL)
+		BIO_set_fp(certs,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(certs,file) <= 0)
+			{
+			perror(file);
+			goto end;
+			}
+		}
+	if      (format == FORMAT_PEM)
+		{
+		othercerts = sk_X509_new(NULL);
+		if(!othercerts)
+			{
+			sk_X509_free(othercerts);
+			othercerts = NULL;
+			goto end;
+			}
+		allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+		for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
+			{
+			xi = sk_X509_INFO_value (allcerts, i);
+			if (xi->x509)
+				{
+				sk_X509_push(othercerts, xi->x509);
+				xi->x509 = NULL;
+				}
+			}
+		goto end;
+		}
+	else	{
+		BIO_printf(bio_err,"bad input format specified for input cert\n");
+		goto end;
+		}
+end:
+	if (othercerts == NULL)
+		{
+		BIO_printf(bio_err,"unable to load certificates\n");
+		ERR_print_errors(bio_err);
+		}
+	if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+	if (certs != NULL) BIO_free(certs);
+	return(othercerts);
+	}
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -146,11 +146,18 @@ int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 int dump_cert_text(BIO *out, X509 *x);
 #endif
 int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
+X509 *load_cert(char *file, int format);
+EVP_PKEY *load_key(char *file, int format, char *pass);
+STACK_OF(X509) *load_certs(char *file, int format);
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
 #define FORMAT_PEM      3
 #define FORMAT_NETSCAPE 4
+#define FORMAT_PKCS12   5
+#define NETSCAPE_CERT_HDR	"certificate"
 #define APP_PASS_LEN	1024

--- a/apps/smime.c
+++ b/apps/smime.c
@@ -67,9 +67,6 @@
 #undef PROG
 #define PROG smime_main
-static X509 *load_cert(char *file);
-static EVP_PKEY *load_key(char *file, char *pass);
-static STACK_OF(X509) *load_certs(char *file);
 static X509_STORE *setup_verify(char *CAfile, char *CApath);
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
@@ -311,7 +308,7 @@ int MAIN(int argc, char **argv)
 		}
 		encerts = sk_X509_new_null();
 		while (*args) {
-			if(!(cert = load_cert(*args))) {
+			if(!(cert = load_cert(*args,FORMAT_PEM))) {
 				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 				goto end;
 			}
@@ -322,14 +319,14 @@ int MAIN(int argc, char **argv)
 	}
 	if(signerfile && (operation == SMIME_SIGN)) {
-		if(!(signer = load_cert(signerfile))) {
+		if(!(signer = load_cert(signerfile,FORMAT_PEM))) {
 			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
 			goto end;
 		}
 	}
 	if(certfile) {
-		if(!(other = load_certs(certfile))) {
+		if(!(other = load_certs(certfile,FORMAT_PEM))) {
 			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
 			ERR_print_errors(bio_err);
 			goto end;
@@ -337,7 +334,7 @@ int MAIN(int argc, char **argv)
 	}
 	if(recipfile && (operation == SMIME_DECRYPT)) {
-		if(!(recip = load_cert(recipfile))) {
+		if(!(recip = load_cert(recipfile,FORMAT_PEM))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
 			ERR_print_errors(bio_err);
 			goto end;
@@ -351,7 +348,7 @@ int MAIN(int argc, char **argv)
 	} else keyfile = NULL;
 	if(keyfile) {
-		if(!(key = load_key(keyfile, passin))) {
+		if(!(key = load_key(keyfile, FORMAT_PEM, passin))) {
 			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
 			ERR_print_errors(bio_err);
 			goto end;
@@ -447,49 +444,6 @@ end:
 	return (ret);
 }
-static X509 *load_cert(char *file)
-{
-	BIO *in;
-	X509 *cert;
-	if(!(in = BIO_new_file(file, "r"))) return NULL;
-	cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
-	BIO_free(in);
-	return cert;
-}
-static EVP_PKEY *load_key(char *file, char *pass)
-{
-	BIO *in;
-	EVP_PKEY *key;
-	if(!(in = BIO_new_file(file, "r"))) return NULL;
-	key = PEM_read_bio_PrivateKey(in, NULL,NULL,pass);
-	BIO_free(in);
-	return key;
-}
-static STACK_OF(X509) *load_certs(char *file)
-{
-	BIO *in;
-	int i;
-	STACK_OF(X509) *othercerts;
-	STACK_OF(X509_INFO) *allcerts;
-	X509_INFO *xi;
-	if(!(in = BIO_new_file(file, "r"))) return NULL;
-	othercerts = sk_X509_new(NULL);
-	if(!othercerts) return NULL;
-	allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
-	for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
-		xi = sk_X509_INFO_value (allcerts, i);
-		if (xi->x509) {
-			sk_X509_push(othercerts, xi->x509);
-			xi->x509 = NULL;
-		}
-	}
-	sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
-	BIO_free(in);
-	return othercerts;
-}
 static X509_STORE *setup_verify(char *CAfile, char *CApath)
 {
 	X509_STORE *store;

--- a/apps/x509.c
+++ b/apps/x509.c
@@ -81,8 +81,6 @@
 #define	POSTFIX	".srl"
 #define DEF_DAYS	30
-#define CERT_HDR	"certificate"
 static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
@@ -134,8 +132,6 @@ NULL
 };
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static EVP_PKEY *load_key(char *file, int format, char *passin);
-static X509 *load_cert(char *file, int format);
 static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
 						LHASH *conf, char *section);
 static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
@@ -894,8 +890,8 @@ bad:
 		ASN1_HEADER ah;
 		ASN1_OCTET_STRING os;
-		os.data=(unsigned char *)CERT_HDR;
+		os.data=(unsigned char *)NETSCAPE_CERT_HDR;
-		os.length=strlen(CERT_HDR);
+		os.length=strlen(NETSCAPE_CERT_HDR);
 		ah.header= &os;
 		ah.data=(char *)x;
 		ah.meth=X509_asn1_meth();
@@ -1114,133 +1110,6 @@ static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 		}
 	}
-static EVP_PKEY *load_key(char *file, int format, char *passin)
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-	if (file == NULL)
-		{
-		BIO_printf(bio_err,"no keyfile specified\n");
-		goto end;
-		}
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if (BIO_read_filename(key,file) <= 0)
-		{
-		perror(file);
-		goto end;
-		}
-	if (format == FORMAT_ASN1)
-		{
-		pkey=d2i_PrivateKey_bio(key, NULL);
-		}
-	else if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL,passin);
-		}
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for key\n");
-		goto end;
-		}
-end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
-		BIO_printf(bio_err,"unable to load Private Key\n");
-	return(pkey);
-	}
-static X509 *load_cert(char *file, int format)
-	{
-	ASN1_HEADER *ah=NULL;
-	BUF_MEM *buf=NULL;
-	X509 *x=NULL;
-	BIO *cert;
-	if ((cert=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if (file == NULL)
-		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(cert,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-	if 	(format == FORMAT_ASN1)
-		x=d2i_X509_bio(cert,NULL);
-	else if (format == FORMAT_NETSCAPE)
-		{
-		unsigned char *p,*op;
-		int size=0,i;
-		/* We sort of have to do it this way because it is sort of nice
-		 * to read the header first and check it, then
-		 * try to read the certificate */
-		buf=BUF_MEM_new();
-		for (;;)
-			{
-			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-				goto end;
-			i=BIO_read(cert,&(buf->data[size]),1024*10);
-			size+=i;
-			if (i == 0) break;
-			if (i < 0)
-				{
-				perror("reading certificate");
-				goto end;
-				}
-			}
-		p=(unsigned char *)buf->data;
-		op=p;
-		/* First load the header */
-		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
-			goto end;
-		if ((ah->header == NULL) || (ah->header->data == NULL) ||
-			(strncmp(CERT_HDR,(char *)ah->header->data,
-			ah->header->length) != 0))
-			{
-			BIO_printf(bio_err,"Error reading header on certificate\n");
-			goto end;
-			}
-		/* header is ok, so now read the object */
-		p=op;
-		ah->meth=X509_asn1_meth();
-		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
-			goto end;
-		x=(X509 *)ah->data;
-		ah->data=NULL;
-		}
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_AUX(cert,NULL,NULL,NULL);
-	else	{
-		BIO_printf(bio_err,"bad input format specified for input cert\n");
-		goto end;
-		}
-end:
-	if (x == NULL)
-		{
-		BIO_printf(bio_err,"unable to load certificate\n");
-		ERR_print_errors(bio_err);
-		}
-	if (ah != NULL) ASN1_HEADER_free(ah);
-	if (cert != NULL) BIO_free(cert);
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(x);
-	}
 /* self sign */
 static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
 						LHASH *conf, char *section)