1 /* apps/spkac.c */ 2 3 /* 4 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 5 * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). 6 */ 7 /* ==================================================================== 8 * Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * 3. All advertising materials mentioning features or use of this 23 * software must display the following acknowledgment: 24 * "This product includes software developed by the OpenSSL Project 25 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 26 * 27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 28 * endorse or promote products derived from this software without 29 * prior written permission. For written permission, please contact 30 * licensing@OpenSSL.org. 31 * 32 * 5. Products derived from this software may not be called "OpenSSL" 33 * nor may "OpenSSL" appear in their names without prior written 34 * permission of the OpenSSL Project. 35 * 36 * 6. Redistributions of any form whatsoever must retain the following 37 * acknowledgment: 38 * "This product includes software developed by the OpenSSL Project 39 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 52 * OF THE POSSIBILITY OF SUCH DAMAGE. 53 * ==================================================================== 54 * 55 * This product includes cryptographic software written by Eric Young 56 * (eay@cryptsoft.com). This product includes software written by Tim 57 * Hudson (tjh@cryptsoft.com). 58 * 59 */ 60 #include <stdio.h> 61 #include <stdlib.h> 62 #include <string.h> 63 #include <time.h> 64 #include "apps.h" 65 #include <openssl/bio.h> 66 #include <openssl/conf.h> 67 #include <openssl/err.h> 68 #include <openssl/evp.h> 69 #include <openssl/lhash.h> 70 #include <openssl/x509.h> 71 #include <openssl/pem.h> 72 73 #undef PROG 74 #define PROG spkac_main 75 76 /*- 77 * -in arg - input file - default stdin 78 * -out arg - output file - default stdout 79 */ 80 81 int MAIN(int, char **); 82 83 int MAIN(int argc, char **argv) 84 { 85 ENGINE *e = NULL; 86 int i, badops = 0, ret = 1; 87 BIO *in = NULL, *out = NULL; 88 int verify = 0, noout = 0, pubkey = 0; 89 char *infile = NULL, *outfile = NULL, *prog; 90 char *passargin = NULL, *passin = NULL; 91 const char *spkac = "SPKAC", *spksect = "default"; 92 char *spkstr = NULL; 93 char *challenge = NULL, *keyfile = NULL; 94 CONF *conf = NULL; 95 NETSCAPE_SPKI *spki = NULL; 96 EVP_PKEY *pkey = NULL; 97 char *engine = NULL; 98 99 apps_startup(); 100 101 if (!bio_err) 102 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 103 104 if (!load_config(bio_err, NULL)) 105 goto end; 106 107 prog = argv[0]; 108 argc--; 109 argv++; 110 while (argc >= 1) { 111 if (strcmp(*argv, "-in") == 0) { 112 if (--argc < 1) 113 goto bad; 114 infile = *(++argv); 115 } else if (strcmp(*argv, "-out") == 0) { 116 if (--argc < 1) 117 goto bad; 118 outfile = *(++argv); 119 } else if (strcmp(*argv, "-passin") == 0) { 120 if (--argc < 1) 121 goto bad; 122 passargin = *(++argv); 123 } else if (strcmp(*argv, "-key") == 0) { 124 if (--argc < 1) 125 goto bad; 126 keyfile = *(++argv); 127 } else if (strcmp(*argv, "-challenge") == 0) { 128 if (--argc < 1) 129 goto bad; 130 challenge = *(++argv); 131 } else if (strcmp(*argv, "-spkac") == 0) { 132 if (--argc < 1) 133 goto bad; 134 spkac = *(++argv); 135 } else if (strcmp(*argv, "-spksect") == 0) { 136 if (--argc < 1) 137 goto bad; 138 spksect = *(++argv); 139 } 140 #ifndef OPENSSL_NO_ENGINE 141 else if (strcmp(*argv, "-engine") == 0) { 142 if (--argc < 1) 143 goto bad; 144 engine = *(++argv); 145 } 146 #endif 147 else if (strcmp(*argv, "-noout") == 0) 148 noout = 1; 149 else if (strcmp(*argv, "-pubkey") == 0) 150 pubkey = 1; 151 else if (strcmp(*argv, "-verify") == 0) 152 verify = 1; 153 else 154 badops = 1; 155 argc--; 156 argv++; 157 } 158 159 if (badops) { 160 bad: 161 BIO_printf(bio_err, "%s [options]\n", prog); 162 BIO_printf(bio_err, "where options are\n"); 163 BIO_printf(bio_err, " -in arg input file\n"); 164 BIO_printf(bio_err, " -out arg output file\n"); 165 BIO_printf(bio_err, 166 " -key arg create SPKAC using private key\n"); 167 BIO_printf(bio_err, 168 " -passin arg input file pass phrase source\n"); 169 BIO_printf(bio_err, " -challenge arg challenge string\n"); 170 BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n"); 171 BIO_printf(bio_err, " -noout don't print SPKAC\n"); 172 BIO_printf(bio_err, " -pubkey output public key\n"); 173 BIO_printf(bio_err, " -verify verify SPKAC signature\n"); 174 #ifndef OPENSSL_NO_ENGINE 175 BIO_printf(bio_err, 176 " -engine e use engine e, possibly a hardware device.\n"); 177 #endif 178 goto end; 179 } 180 181 ERR_load_crypto_strings(); 182 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 183 BIO_printf(bio_err, "Error getting password\n"); 184 goto end; 185 } 186 e = setup_engine(bio_err, engine, 0); 187 188 if (keyfile != NULL) { 189 pkey = load_key(bio_err, 190 strcmp(keyfile, "-") ? keyfile : NULL, 191 FORMAT_PEM, 1, passin, e, "private key"); 192 if (pkey == NULL) 193 goto end; 194 spki = NETSCAPE_SPKI_new(); 195 if (spki == NULL) 196 goto end; 197 if (challenge != NULL) 198 ASN1_STRING_set(spki->spkac->challenge, 199 challenge, (int)strlen(challenge)); 200 NETSCAPE_SPKI_set_pubkey(spki, pkey); 201 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 202 spkstr = NETSCAPE_SPKI_b64_encode(spki); 203 if (spkstr == NULL) 204 goto end; 205 206 if (outfile) 207 out = BIO_new_file(outfile, "w"); 208 else { 209 out = BIO_new_fp(stdout, BIO_NOCLOSE); 210 #ifdef OPENSSL_SYS_VMS 211 { 212 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 213 out = BIO_push(tmpbio, out); 214 } 215 #endif 216 } 217 218 if (!out) { 219 BIO_printf(bio_err, "Error opening output file\n"); 220 ERR_print_errors(bio_err); 221 goto end; 222 } 223 BIO_printf(out, "SPKAC=%s\n", spkstr); 224 OPENSSL_free(spkstr); 225 ret = 0; 226 goto end; 227 } 228 229 if (infile) 230 in = BIO_new_file(infile, "r"); 231 else 232 in = BIO_new_fp(stdin, BIO_NOCLOSE); 233 234 if (!in) { 235 BIO_printf(bio_err, "Error opening input file\n"); 236 ERR_print_errors(bio_err); 237 goto end; 238 } 239 240 conf = NCONF_new(NULL); 241 i = NCONF_load_bio(conf, in, NULL); 242 243 if (!i) { 244 BIO_printf(bio_err, "Error parsing config file\n"); 245 ERR_print_errors(bio_err); 246 goto end; 247 } 248 249 spkstr = NCONF_get_string(conf, spksect, spkac); 250 251 if (!spkstr) { 252 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); 253 ERR_print_errors(bio_err); 254 goto end; 255 } 256 257 spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); 258 259 if (spki == NULL) { 260 BIO_printf(bio_err, "Error loading SPKAC\n"); 261 ERR_print_errors(bio_err); 262 goto end; 263 } 264 265 if (outfile) 266 out = BIO_new_file(outfile, "w"); 267 else { 268 out = BIO_new_fp(stdout, BIO_NOCLOSE); 269 #ifdef OPENSSL_SYS_VMS 270 { 271 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 272 out = BIO_push(tmpbio, out); 273 } 274 #endif 275 } 276 277 if (!out) { 278 BIO_printf(bio_err, "Error opening output file\n"); 279 ERR_print_errors(bio_err); 280 goto end; 281 } 282 283 if (!noout) 284 NETSCAPE_SPKI_print(out, spki); 285 pkey = NETSCAPE_SPKI_get_pubkey(spki); 286 if (verify) { 287 i = NETSCAPE_SPKI_verify(spki, pkey); 288 if (i > 0) { 289 BIO_printf(bio_err, "Signature OK\n"); 290 } else { 291 BIO_printf(bio_err, "Signature Failure\n"); 292 ERR_print_errors(bio_err); 293 goto end; 294 } 295 } 296 if (pubkey) 297 PEM_write_bio_PUBKEY(out, pkey); 298 299 ret = 0; 300 301 end: 302 NCONF_free(conf); 303 NETSCAPE_SPKI_free(spki); 304 BIO_free(in); 305 BIO_free_all(out); 306 EVP_PKEY_free(pkey); 307 release_engine(e); 308 if (passin) 309 OPENSSL_free(passin); 310 apps_shutdown(); 311 OPENSSL_EXIT(ret); 312 } 313