summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/usr.bin/openssl/spkac.c237
1 files changed, 137 insertions, 100 deletions
diff --git a/src/usr.bin/openssl/spkac.c b/src/usr.bin/openssl/spkac.c
index 219b98d2ed..197469d6a9 100644
--- a/src/usr.bin/openssl/spkac.c
+++ b/src/usr.bin/openssl/spkac.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: spkac.c,v 1.2 2014/08/28 14:23:52 jsing Exp $ */ 1/* $OpenBSD: spkac.c,v 1.3 2015/01/08 11:08:50 doug Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. Based on an original idea by Massimiliano Pala 3 * project 1999. Based on an original idea by Massimiliano Pala
4 * (madwolf@openca.org). 4 * (madwolf@openca.org).
@@ -72,121 +72,156 @@
72#include <openssl/pem.h> 72#include <openssl/pem.h>
73#include <openssl/x509.h> 73#include <openssl/x509.h>
74 74
75/* -in arg - input file - default stdin 75static struct {
76 * -out arg - output file - default stdout 76 char *challenge;
77 */ 77#ifndef OPENSSL_NO_ENGINE
78 char *engine;
79#endif
80 char *infile;
81 char *keyfile;
82 int noout;
83 char *outfile;
84 char *passargin;
85 int pubkey;
86 char *spkac;
87 char *spksect;
88 int verify;
89} spkac_config;
90
91static struct option spkac_options[] = {
92 {
93 .name = "challenge",
94 .argname = "string",
95 .desc = "Specify challenge string if SPKAC is generated",
96 .type = OPTION_ARG,
97 .opt.arg = &spkac_config.challenge,
98 },
99#ifndef OPENSSL_NO_ENGINE
100 {
101 .name = "engine",
102 .argname = "id",
103 .desc = "Use the engine specified by the given identifier",
104 .type = OPTION_ARG,
105 .opt.arg = &spkac_config.engine,
106 },
107#endif
108 {
109 .name = "in",
110 .argname = "file",
111 .desc = "Input file (default stdin)",
112 .type = OPTION_ARG,
113 .opt.arg = &spkac_config.infile,
114 },
115 {
116 .name = "key",
117 .argname = "file",
118 .desc = "Create SPKAC using private key file",
119 .type = OPTION_ARG,
120 .opt.arg = &spkac_config.keyfile,
121 },
122 {
123 .name = "noout",
124 .desc = "Do not print text version of SPKAC",
125 .type = OPTION_FLAG,
126 .opt.flag = &spkac_config.noout,
127 },
128 {
129 .name = "out",
130 .argname = "file",
131 .desc = "Output file (default stdout)",
132 .type = OPTION_ARG,
133 .opt.arg = &spkac_config.outfile,
134 },
135 {
136 .name = "passin",
137 .argname = "src",
138 .desc = "Input file passphrase source",
139 .type = OPTION_ARG,
140 .opt.arg = &spkac_config.passargin,
141 },
142 {
143 .name = "pubkey",
144 .desc = "Output public key of an SPKAC (not used if creating)",
145 .type = OPTION_FLAG,
146 .opt.flag = &spkac_config.pubkey,
147 },
148 {
149 .name = "spkac",
150 .argname = "name",
151 .desc = "SPKAC name (default \"SPKAC\")",
152 .type = OPTION_ARG,
153 .opt.arg = &spkac_config.spkac,
154 },
155 {
156 .name = "spksect",
157 .argname = "name",
158 .desc = "Name of the section containing SPKAC (default"
159 " \"default\")",
160 .type = OPTION_ARG,
161 .opt.arg = &spkac_config.spksect,
162 },
163 {
164 .name = "verify",
165 .desc = "Verify digital signature on supplied SPKAC",
166 .type = OPTION_FLAG,
167 .opt.flag = &spkac_config.verify,
168 },
169 { NULL }
170};
78 171
79int spkac_main(int, char **); 172static void
173spkac_usage(void)
174{
175 fprintf(stderr,
176 "usage: spkac [-challenge string] [-engine id] [-in file] "
177 "[-key file] [-noout]\n"
178 " [-out file] [-passin src] [-pubkey] [-spkac name] "
179 "[-spksect section]\n"
180 " [-verify]\n\n");
181 options_usage(spkac_options);
182}
80 183
81int 184int
82spkac_main(int argc, char **argv) 185spkac_main(int argc, char **argv)
83{ 186{
84 ENGINE *e = NULL; 187 ENGINE *e = NULL;
85 int i, badops = 0, ret = 1; 188 int i, ret = 1;
86 BIO *in = NULL, *out = NULL; 189 BIO *in = NULL, *out = NULL;
87 int verify = 0, noout = 0, pubkey = 0; 190 char *passin = NULL;
88 char *infile = NULL, *outfile = NULL, *prog;
89 char *passargin = NULL, *passin = NULL;
90 const char *spkac = "SPKAC", *spksect = "default";
91 char *spkstr = NULL; 191 char *spkstr = NULL;
92 char *challenge = NULL, *keyfile = NULL;
93 CONF *conf = NULL; 192 CONF *conf = NULL;
94 NETSCAPE_SPKI *spki = NULL; 193 NETSCAPE_SPKI *spki = NULL;
95 EVP_PKEY *pkey = NULL; 194 EVP_PKEY *pkey = NULL;
96#ifndef OPENSSL_NO_ENGINE
97 char *engine = NULL;
98#endif
99 195
100 prog = argv[0]; 196 memset(&spkac_config, 0, sizeof(spkac_config));
101 argc--; 197 spkac_config.spkac = "SPKAC";
102 argv++; 198 spkac_config.spksect = "default";
103 while (argc >= 1) {
104 if (strcmp(*argv, "-in") == 0) {
105 if (--argc < 1)
106 goto bad;
107 infile = *(++argv);
108 } else if (strcmp(*argv, "-out") == 0) {
109 if (--argc < 1)
110 goto bad;
111 outfile = *(++argv);
112 } else if (strcmp(*argv, "-passin") == 0) {
113 if (--argc < 1)
114 goto bad;
115 passargin = *(++argv);
116 } else if (strcmp(*argv, "-key") == 0) {
117 if (--argc < 1)
118 goto bad;
119 keyfile = *(++argv);
120 } else if (strcmp(*argv, "-challenge") == 0) {
121 if (--argc < 1)
122 goto bad;
123 challenge = *(++argv);
124 } else if (strcmp(*argv, "-spkac") == 0) {
125 if (--argc < 1)
126 goto bad;
127 spkac = *(++argv);
128 } else if (strcmp(*argv, "-spksect") == 0) {
129 if (--argc < 1)
130 goto bad;
131 spksect = *(++argv);
132 }
133#ifndef OPENSSL_NO_ENGINE
134 else if (strcmp(*argv, "-engine") == 0) {
135 if (--argc < 1)
136 goto bad;
137 engine = *(++argv);
138 }
139#endif
140 else if (strcmp(*argv, "-noout") == 0)
141 noout = 1;
142 else if (strcmp(*argv, "-pubkey") == 0)
143 pubkey = 1;
144 else if (strcmp(*argv, "-verify") == 0)
145 verify = 1;
146 else
147 badops = 1;
148 argc--;
149 argv++;
150 }
151 199
152 if (badops) { 200 if (options_parse(argc, argv, spkac_options, NULL, NULL) != 0) {
153bad: 201 spkac_usage();
154 BIO_printf(bio_err, "%s [options]\n", prog); 202 return (1);
155 BIO_printf(bio_err, "where options are\n");
156 BIO_printf(bio_err, " -in arg input file\n");
157 BIO_printf(bio_err, " -out arg output file\n");
158 BIO_printf(bio_err, " -key arg create SPKAC using private key\n");
159 BIO_printf(bio_err, " -passin arg input file pass phrase source\n");
160 BIO_printf(bio_err, " -challenge arg challenge string\n");
161 BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n");
162 BIO_printf(bio_err, " -noout don't print SPKAC\n");
163 BIO_printf(bio_err, " -pubkey output public key\n");
164 BIO_printf(bio_err, " -verify verify SPKAC signature\n");
165#ifndef OPENSSL_NO_ENGINE
166 BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n");
167#endif
168 goto end;
169 } 203 }
170 204
171 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 205 if (!app_passwd(bio_err, spkac_config.passargin, NULL, &passin, NULL)) {
172 BIO_printf(bio_err, "Error getting password\n"); 206 BIO_printf(bio_err, "Error getting password\n");
173 goto end; 207 goto end;
174 } 208 }
175#ifndef OPENSSL_NO_ENGINE 209#ifndef OPENSSL_NO_ENGINE
176 e = setup_engine(bio_err, engine, 0); 210 e = setup_engine(bio_err, spkac_config.engine, 0);
177#endif 211#endif
178 212
179 if (keyfile) { 213 if (spkac_config.keyfile) {
180 pkey = load_key(bio_err, 214 pkey = load_key(bio_err,
181 strcmp(keyfile, "-") ? keyfile : NULL, 215 strcmp(spkac_config.keyfile, "-") ? spkac_config.keyfile
182 FORMAT_PEM, 1, passin, e, "private key"); 216 : NULL, FORMAT_PEM, 1, passin, e, "private key");
183 if (!pkey) { 217 if (!pkey) {
184 goto end; 218 goto end;
185 } 219 }
186 spki = NETSCAPE_SPKI_new(); 220 spki = NETSCAPE_SPKI_new();
187 if (challenge) 221 if (spkac_config.challenge)
188 ASN1_STRING_set(spki->spkac->challenge, 222 ASN1_STRING_set(spki->spkac->challenge,
189 challenge, (int) strlen(challenge)); 223 spkac_config.challenge,
224 (int) strlen(spkac_config.challenge));
190 NETSCAPE_SPKI_set_pubkey(spki, pkey); 225 NETSCAPE_SPKI_set_pubkey(spki, pkey);
191 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 226 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
192 spkstr = NETSCAPE_SPKI_b64_encode(spki); 227 spkstr = NETSCAPE_SPKI_b64_encode(spki);
@@ -196,8 +231,8 @@ bad:
196 goto end; 231 goto end;
197 } 232 }
198 233
199 if (outfile) 234 if (spkac_config.outfile)
200 out = BIO_new_file(outfile, "w"); 235 out = BIO_new_file(spkac_config.outfile, "w");
201 else 236 else
202 out = BIO_new_fp(stdout, BIO_NOCLOSE); 237 out = BIO_new_fp(stdout, BIO_NOCLOSE);
203 238
@@ -211,8 +246,8 @@ bad:
211 free(spkstr); 246 free(spkstr);
212 goto end; 247 goto end;
213 } 248 }
214 if (infile) 249 if (spkac_config.infile)
215 in = BIO_new_file(infile, "r"); 250 in = BIO_new_file(spkac_config.infile, "r");
216 else 251 else
217 in = BIO_new_fp(stdin, BIO_NOCLOSE); 252 in = BIO_new_fp(stdin, BIO_NOCLOSE);
218 253
@@ -229,10 +264,12 @@ bad:
229 ERR_print_errors(bio_err); 264 ERR_print_errors(bio_err);
230 goto end; 265 goto end;
231 } 266 }
232 spkstr = NCONF_get_string(conf, spksect, spkac); 267 spkstr = NCONF_get_string(conf, spkac_config.spksect,
268 spkac_config.spkac);
233 269
234 if (!spkstr) { 270 if (!spkstr) {
235 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); 271 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n",
272 spkac_config.spkac);
236 ERR_print_errors(bio_err); 273 ERR_print_errors(bio_err);
237 goto end; 274 goto end;
238 } 275 }
@@ -243,8 +280,8 @@ bad:
243 ERR_print_errors(bio_err); 280 ERR_print_errors(bio_err);
244 goto end; 281 goto end;
245 } 282 }
246 if (outfile) 283 if (spkac_config.outfile)
247 out = BIO_new_file(outfile, "w"); 284 out = BIO_new_file(spkac_config.outfile, "w");
248 else { 285 else {
249 out = BIO_new_fp(stdout, BIO_NOCLOSE); 286 out = BIO_new_fp(stdout, BIO_NOCLOSE);
250 } 287 }
@@ -254,10 +291,10 @@ bad:
254 ERR_print_errors(bio_err); 291 ERR_print_errors(bio_err);
255 goto end; 292 goto end;
256 } 293 }
257 if (!noout) 294 if (!spkac_config.noout)
258 NETSCAPE_SPKI_print(out, spki); 295 NETSCAPE_SPKI_print(out, spki);
259 pkey = NETSCAPE_SPKI_get_pubkey(spki); 296 pkey = NETSCAPE_SPKI_get_pubkey(spki);
260 if (verify) { 297 if (spkac_config.verify) {
261 i = NETSCAPE_SPKI_verify(spki, pkey); 298 i = NETSCAPE_SPKI_verify(spki, pkey);
262 if (i > 0) 299 if (i > 0)
263 BIO_printf(bio_err, "Signature OK\n"); 300 BIO_printf(bio_err, "Signature OK\n");
@@ -267,7 +304,7 @@ bad:
267 goto end; 304 goto end;
268 } 305 }
269 } 306 }
270 if (pubkey) 307 if (spkac_config.pubkey)
271 PEM_write_bio_PUBKEY(out, pkey); 308 PEM_write_bio_PUBKEY(out, pkey);
272 309
273 ret = 0; 310 ret = 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:58:37 +0000