diff options
author | Aleksey Sanin <aleksey@src.gnome.org> | 2003-08-08 00:34:58 +0000 |
---|---|---|
committer | Aleksey Sanin <aleksey@src.gnome.org> | 2003-08-08 00:34:58 +0000 |
commit | 6311ebf1129cb0deac3dce0f5d98f846a3bd8440 (patch) | |
tree | 48d20d935a71fddcf07c8991050751faae2a1882 | |
parent | 0c988c4ff33266bbcac2f2c5f53c37700522eeb5 (diff) | |
download | xmlsec1-6311ebf1129cb0deac3dce0f5d98f846a3bd8440.tar.gz xmlsec1-6311ebf1129cb0deac3dce0f5d98f846a3bd8440.tar.bz2 xmlsec1-6311ebf1129cb0deac3dce0f5d98f846a3bd8440.zip |
added it xmlsec-openssl functions to read keys and certs from memory or any bio
(bug #119350, patch based on the code from Joachim)
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | include/xmlsec/openssl/app.h | 40 | ||||
-rw-r--r-- | src/openssl/app.c | 510 | ||||
-rw-r--r-- | tests/keys.xml | 44 |
4 files changed, 502 insertions, 101 deletions
@@ -1,6 +1,13 @@ +Thu Aug 7 11:38:43 2003 Aleksey Sanin <aleksey@aleksey.com> + + * include/xmlsec/openssl/app.h src/openssl/app.c: added functions + to read keys and certs in xmlsec-openssl from memory and BIOs + (bug #119350, patch based on the code from Joachim) + Wed Aug 6 08:57:20 2003 Aleksey Sanin <aleksey@aleksey.com> - * Makefile.am configure.in xmlsec-gnutls.pc.in xmlsec-nss.pc.in xmlsec-openssl.pc.in xmlsecConf.sh.in: + * Makefile.am configure.in xmlsec-gnutls.pc.in xmlsec-nss.pc.in + xmlsec-openssl.pc.in xmlsecConf.sh.in: config bug fixing and improvements from Roumen Mon Aug 4 19:39:52 2003 Aleksey Sanin <aleksey@aleksey.com>i diff --git a/include/xmlsec/openssl/app.h b/include/xmlsec/openssl/app.h index abe47f9d..ca7e0f46 100644 --- a/include/xmlsec/openssl/app.h +++ b/include/xmlsec/openssl/app.h @@ -14,6 +14,7 @@ extern "C" { #endif /* __cplusplus */ #include <openssl/pem.h> +#include <openssl/bio.h> #include <xmlsec/xmlsec.h> #include <xmlsec/keys.h> @@ -42,6 +43,16 @@ XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mng const char *filename, xmlSecKeyDataFormat format, xmlSecKeyDataType type); +XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, + const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecKeyDataFormat format, + xmlSecKeyDataType type); +XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr, + BIO* bio, + xmlSecKeyDataFormat format, + xmlSecKeyDataType type); + XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr, const char *path); #endif /* XMLSEC_NO_X509 */ @@ -55,14 +66,43 @@ XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppKeyLoad (const char *filename const char *pwd, pem_password_cb *pwdCallback, void* pwdCallbackCtx); +XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadMemory (const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecKeyDataFormat format, + const char *pwd, + pem_password_cb *pwdCallback, + void* pwdCallbackCtx); +XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadBIO (BIO* bio, + xmlSecKeyDataFormat format, + const char *pwd, + pem_password_cb *pwdCallback, + void* pwdCallbackCtx); + #ifndef XMLSEC_NO_X509 XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppPkcs12Load (const char* filename, const char* pwd, pem_password_cb* pwdCallback, void* pwdCallbackCtx); +XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, + xmlSecSize dataSize, + const char* pwd, + pem_password_cb* pwdCallback, + void* pwdCallbackCtx); +XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppPkcs12LoadBIO (BIO* bio, + const char* pwd, + pem_password_cb* pwdCallback, + void* pwdCallbackCtx); + XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeyCertLoad (xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format); +XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key, + const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecKeyDataFormat format); +XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeyCertLoadBIO (xmlSecKeyPtr key, + BIO* bio, + xmlSecKeyDataFormat format); #endif /* XMLSEC_NO_X509 */ #ifdef __cplusplus diff --git a/src/openssl/app.c b/src/openssl/app.c index 168a91f9..73f8f9ac 100644 --- a/src/openssl/app.c +++ b/src/openssl/app.c @@ -99,21 +99,13 @@ xmlSecOpenSSLAppShutdown(void) { xmlSecKeyPtr xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, const char *pwd, pem_password_cb *pwdCallback, - void* pwdCallbackCtx ATTRIBUTE_UNUSED) { - xmlSecKeyPtr key = NULL; - xmlSecKeyDataPtr data; - EVP_PKEY* pKey = NULL; + void* pwdCallbackCtx) { BIO* bio; - int ret; - + xmlSecKeyPtr key; + xmlSecAssert2(filename != NULL, NULL); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); - if (format == xmlSecKeyDataFormatPkcs12) { - return (xmlSecOpenSSLAppPkcs12Load(filename, pwd, pwdCallback, - pwdCallbackCtx)); - } - bio = BIO_new_file(filename, "rb"); if(bio == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, @@ -125,7 +117,99 @@ xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, errno); return(NULL); } + + key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx); + if(key == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppKeyLoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "filename=%s;errno=%d", + xmlSecErrorsSafeString(filename), + errno); + BIO_free(bio); + return(NULL); + } + + BIO_free(bio); + return(key); +} + +/** + * xmlSecOpenSSLAppKeyLoadMemory: + * @data: the binary key data. + * @dataSize: the size of binary key. + * @format: the key file format. + * @pwd: the key file password. + * @pwdCallback: the key password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key from the memory buffer. + * + * Returns pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecOpenSSLAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, + xmlSecKeyDataFormat format, const char *pwd, + pem_password_cb *pwdCallback, void* pwdCallbackCtx) { + BIO* bio; + xmlSecKeyPtr key; + + xmlSecAssert2(data != NULL, NULL); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); + + /* this would be a read only BIO, cast from const is ok */ + bio = BIO_new_mem_buf((void*)data, dataSize); + if(bio == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new_mem_buf", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "errno=%d", + errno); + return(NULL); + } + + key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx); + if(key == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppKeyLoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free(bio); + return(NULL); + } + BIO_free(bio); + return(key); +} + +/** + * xmlSecOpenSSLAppKeyLoadBIO: + * @bio: the key BIO. + * @format: the key file format. + * @pwd: the key file password. + * @pwdCallback: the key password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key from the an OpenSSL BIO object. + * + * Returns pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, + const char *pwd, pem_password_cb *pwdCallback, + void* pwdCallbackCtx) { + + xmlSecKeyPtr key = NULL; + xmlSecKeyDataPtr data; + EVP_PKEY* pKey = NULL; + int ret; + + xmlSecAssert2(bio != NULL, NULL); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); + switch(format) { case xmlSecKeyDataFormatPem: /* try to read private key first */ @@ -139,8 +223,7 @@ xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, NULL, "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "file=%s", xmlSecErrorsSafeString(filename)); - BIO_free(bio); + XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } @@ -157,8 +240,7 @@ xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "file=%s", xmlSecErrorsSafeString(filename)); - BIO_free(bio); + XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } @@ -171,8 +253,7 @@ xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, NULL, "PEM_read_bio_PrivateKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "file=%s", xmlSecErrorsSafeString(filename)); - BIO_free(bio); + XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; @@ -181,24 +262,32 @@ xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, pKey = d2i_PKCS8PrivateKey_bio(bio, NULL, pwdCallback, (void*)pwd); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_PrivateKey_bio and d2i_PUBKEY_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "file=%s", xmlSecErrorsSafeString(filename)); - BIO_free(bio); + NULL, + "d2i_PrivateKey_bio and d2i_PUBKEY_bio", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; + case xmlSecKeyDataFormatPkcs12: + key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx); + if(key == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppPkcs12LoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + return(key); default: xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_FORMAT, "format=%d", format); - BIO_free(bio); return(NULL); } - BIO_free(bio); data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { @@ -239,7 +328,7 @@ xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, } #ifndef XMLSEC_NO_X509 -static X509* xmlSecOpenSSLAppCertLoad (const char* filename, +static X509* xmlSecOpenSSLAppCertLoadBIO (BIO* bio, xmlSecKeyDataFormat format); /** @@ -254,13 +343,110 @@ static X509* xmlSecOpenSSLAppCertLoad (const char* filename, */ int xmlSecOpenSSLAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) { + BIO* bio; + int ret; + + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(filename != NULL, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + bio = BIO_new_file(filename, "rb"); + if(bio == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new_file", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "filename=%s;errno=%d", + xmlSecErrorsSafeString(filename), + errno); + return(-1); + } + + ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppKeyCertLoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "filename=%s;errno=%d", + xmlSecErrorsSafeString(filename), + errno); + BIO_free(bio); + return(-1); + } + + BIO_free(bio); + return(0); +} + +/** + * xmlSecOpenSSLAppKeyCertLoadMemory: + * @key: the pointer to key. + * @data: the certificate binary data. + * @dataSize: the certificate binary data size. + * @format: the certificate file format. + * + * Reads the certificate from memory buffer and adds it to key. + * + * Returns 0 on success or a negative value otherwise. + */ +int +xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize, + xmlSecKeyDataFormat format) { + BIO* bio; + int ret; + + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + /* this would be a read only BIO, cast from const is ok */ + bio = BIO_new_mem_buf((void*)data, dataSize); + if(bio == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new_mem_buf", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "errno=%d", + errno); + return(-1); + } + + ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppKeyCertLoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free(bio); + return(-1); + } + + BIO_free(bio); + return(0); +} + +/** + * xmlSecOpenSSLAppKeyCertLoadBIO: + * @key: the pointer to key. + * @bio: the certificate bio. + * @format: the certificate file format. + * + * Reads the certificate from memory buffer and adds it to key. + * + * Returns 0 on success or a negative value otherwise. + */ +int +xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat format) { + xmlSecKeyDataFormat certFormat; xmlSecKeyDataPtr data; X509 *cert; int ret; xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(filename != NULL, -1); + xmlSecAssert2(bio != NULL, -1); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id); @@ -286,14 +472,13 @@ xmlSecOpenSSLAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDat certFormat = format; } - cert = xmlSecOpenSSLAppCertLoad(filename, certFormat); + cert = xmlSecOpenSSLAppCertLoadBIO(bio, certFormat); if(cert == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppCertLoad", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s;format=%d", - xmlSecErrorsSafeString(filename), certFormat); + XMLSEC_ERRORS_NO_MESSAGE); return(-1); } @@ -327,9 +512,110 @@ xmlSecOpenSSLAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDat */ xmlSecKeyPtr xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd, + pem_password_cb *pwdCallback, + void* pwdCallbackCtx) { + BIO* bio; + xmlSecKeyPtr key; + + xmlSecAssert2(filename != NULL, NULL); + + bio = BIO_new_file(filename, "rb"); + if(bio == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new_file", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "filename=%s;errno=%d", + xmlSecErrorsSafeString(filename), + errno); + return(NULL); + } + + key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx); + if(key == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppPkcs12LoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "filename=%s;errno=%d", + xmlSecErrorsSafeString(filename), + errno); + BIO_free(bio); + return(NULL); + } + + BIO_free(bio); + return(key); +} + +/** + * xmlSecOpenSSLAppPkcs12LoadMemory: + * @data: the PKCS12 binary data. + * @dataSize: the PKCS12 binary data size. + * @pwd: the PKCS12 file password. + * @pwdCallback: the password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key and all associated certificates from the PKCS12 data in memory buffer. + * For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass + * in format=xmlSecKeyDataFormatPkcs12. + * + * Returns pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, + const char *pwd, pem_password_cb *pwdCallback, + void* pwdCallbackCtx) { + BIO* bio; + xmlSecKeyPtr key; + + xmlSecAssert2(data != NULL, NULL); + + /* this would be a read only BIO, cast from const is ok */ + bio = BIO_new_mem_buf((void*)data, dataSize); + if(bio == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new_mem_buf", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "errno=%d", + errno); + return(NULL); + } + + key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx); + if(key == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppPkcs12LoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free(bio); + return(NULL); + } + + BIO_free(bio); + return(key); +} + +/** + * xmlSecOpenSSLAppPkcs12LoadBIO: + * @bio: the PKCS12 key bio. + * @pwd: the PKCS12 file password. + * @pwdCallback: the password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key and all associated certificates from the PKCS12 data in an OpenSSL BIO object. + * For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass + * in format=xmlSecKeyDataFormatPkcs12. + * + * Returns pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd, pem_password_cb *pwdCallback ATTRIBUTE_UNUSED, void* pwdCallbackCtx ATTRIBUTE_UNUSED) { - FILE *f = NULL; + PKCS12 *p12 = NULL; EVP_PKEY *pKey = NULL; STACK_OF(X509) *chain = NULL; @@ -341,26 +627,15 @@ xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd, int i; int ret; - xmlSecAssert2(filename != NULL, NULL); + xmlSecAssert2(bio != NULL, NULL); - f = fopen(filename, "rb"); - if(f == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "fopen", - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename),errno); - goto done; - } - - p12 = d2i_PKCS12_fp(f, NULL); + p12 = d2i_PKCS12_bio(bio, NULL); if(p12 == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PKCS12_fp", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s", xmlSecErrorsSafeString(filename)); + XMLSEC_ERRORS_NO_MESSAGE); goto done; } @@ -370,7 +645,7 @@ xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd, NULL, "PKCS12_verify_mac", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s", xmlSecErrorsSafeString(filename)); + XMLSEC_ERRORS_NO_MESSAGE); goto done; } @@ -380,7 +655,7 @@ xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd, NULL, "PKCS12_parse", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s", xmlSecErrorsSafeString(filename)); + XMLSEC_ERRORS_NO_MESSAGE); goto done; } @@ -390,7 +665,7 @@ xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd, NULL, "xmlSecOpenSSLEvpKeyAdopt", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", xmlSecErrorsSafeString(filename)); + XMLSEC_ERRORS_NO_MESSAGE); EVP_PKEY_free(pKey); goto done; } @@ -521,9 +796,6 @@ done: if(p12 != NULL) { PKCS12_free(p12); } - if(f != NULL) { - fclose(f); - } return(key); } @@ -542,13 +814,115 @@ done: */ int xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, + xmlSecKeyDataFormat format, xmlSecKeyDataType type) { + BIO* bio; + int ret; + + xmlSecAssert2(mngr != NULL, -1); + xmlSecAssert2(filename != NULL, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + bio = BIO_new_file(filename, "rb"); + if(bio == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new_file", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "filename=%s;errno=%d", + xmlSecErrorsSafeString(filename), + errno); + return(-1); + } + + ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppKeysMngrCertLoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "filename=%s;errno=%d", + xmlSecErrorsSafeString(filename), + errno); + BIO_free(bio); + return(-1); + } + + BIO_free(bio); + return(0); +} + +/** + * xmlSecOpenSSLAppKeysMngrCertLoadMemory: + * @mngr: the keys manager. + * @data: the certificate binary data. + * @dataSize: the certificate binary data size. + * @format: the certificate file format. + * @type: the flag that indicates is the certificate trusted or not. + * + * Reads cert from binary buffer @data and adds to the list of trusted or known + * untrusted certs in @store. + * + * Returns 0 on success or a negative value otherwise. + */ +int +xmlSecOpenSSLAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data, + xmlSecSize dataSize, xmlSecKeyDataFormat format, + xmlSecKeyDataType type) { + BIO* bio; + int ret; + + xmlSecAssert2(mngr != NULL, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + /* this would be a read only BIO, cast from const is ok */ + bio = BIO_new_mem_buf((void*)data, dataSize); + if(bio == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "BIO_new_mem_buf", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "errno=%d", + errno); + return(-1); + } + + ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecOpenSSLAppKeysMngrCertLoadBIO", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + BIO_free(bio); + return(-1); + } + + BIO_free(bio); + return(0); +} + +/** + * xmlSecOpenSSLAppKeysMngrCertLoadBIO: + * @mngr: the keys manager. + * @bio: the certificate BIO. + * @format: the certificate file format. + * @type: the flag that indicates is the certificate trusted or not. + * + * Reads cert from an OpenSSL BIO object and adds to the list of trusted or known + * untrusted certs in @store. + * + * Returns 0 on success or a negative value otherwise. + */ +int +xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr, BIO* bio, xmlSecKeyDataFormat format, xmlSecKeyDataType type) { xmlSecKeyDataStorePtr x509Store; X509* cert; int ret; xmlSecAssert2(mngr != NULL, -1); - xmlSecAssert2(filename != NULL, -1); + xmlSecAssert2(bio != NULL, -1); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId); @@ -561,14 +935,13 @@ xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, return(-1); } - cert = xmlSecOpenSSLAppCertLoad(filename, format); + cert = xmlSecOpenSSLAppCertLoadBIO(bio, format); if(cert == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, - "xmlSecOpenSSLAppCertLoad", + "xmlSecOpenSSLAppCertLoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s;format=%d", - xmlSecErrorsSafeString(filename), format); + XMLSEC_ERRORS_NO_MESSAGE); return(-1); } @@ -627,25 +1000,12 @@ xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr, const char *path) { } static X509* -xmlSecOpenSSLAppCertLoad(const char* filename, xmlSecKeyDataFormat format) { +xmlSecOpenSSLAppCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { X509 *cert; - BIO* bio; - xmlSecAssert2(filename != NULL, NULL); + xmlSecAssert2(bio != NULL, NULL); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); - bio = BIO_new_file(filename, "rb"); - if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); - return(NULL); - } - switch(format) { case xmlSecKeyDataFormatPem: cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); @@ -654,9 +1014,7 @@ xmlSecOpenSSLAppCertLoad(const char* filename, xmlSecKeyDataFormat format) { NULL, "PEM_read_bio_X509_AUX", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); - BIO_free(bio); + XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; @@ -667,9 +1025,7 @@ xmlSecOpenSSLAppCertLoad(const char* filename, xmlSecKeyDataFormat format) { NULL, "d2i_X509_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); - BIO_free(bio); + XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; @@ -679,11 +1035,9 @@ xmlSecOpenSSLAppCertLoad(const char* filename, xmlSecKeyDataFormat format) { NULL, XMLSEC_ERRORS_R_INVALID_FORMAT, "format=%d", format); - BIO_free(bio); return(NULL); } - BIO_free(bio); return(cert); } diff --git a/tests/keys.xml b/tests/keys.xml index e956d86e..0037e50a 100644 --- a/tests/keys.xml +++ b/tests/keys.xml @@ -3,7 +3,7 @@ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>test-hmac-sha1</KeyName> <KeyValue> -<HMACKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">wX6zU8SGWPBAVSqpYClsn1XKfamG3Cbt</HMACKeyValue> +<HMACKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">1L+MH/T7JXzOy2I9s5Ho92b5LjEY6COL</HMACKeyValue> </KeyValue> </KeyInfo> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> @@ -11,17 +11,17 @@ <KeyValue> <RSAKeyValue> <Modulus> -xuOotwF0ikvdSjqYlWOcHVw8gQP284nhl3ErSOlK704fFay1SINByFT7jWwMwn33 -wZrfPae+nlJHe+UTEXcO0nKICE/qYUv07zmwnr29Yae7xfl3KYD/hvUu8J4zZmCS -3YQlInGOswRQuK+iYkwvsQKElnxRjvV2cy8ILhjRVsE= +tKHRoHW5GI47Ht9kxN9o97x07KKpc7Qg1ETRKWrlctXAB6xHQhiVkbYJVhdXv1RQ +Ym1wH6XeJw/nmXMbY+5fQM1Q1uTXbMOUbRYx5r3f4tovR59nQ6NIoBb6tfe5BZK6 +fnjpD1MaW05wGIUy9+MFHUj3SDqxv196dEWJwR6Iqg0= </Modulus> <Exponent> Aw== </Exponent> <PrivateExponent xmlns="http://www.aleksey.com/xmlsec/2002"> -hJfFz1ZNsYfo3CcQY5e9aOgoVgKkolvruktyMJuHSjQUuR3OMFeBMDins51d1v6l -K7yU08UpvuGE/UNiC6S0ix9yPxR4L3rVlDxbhOdgNQ+T10vZ7+vmBFxtYd+6g0IY -Ar8bIbGWuNQk5knlMp2375NcFwRg71Qlqm2wkEPwNeM= +eGvhFaPQuwl8vz+Ygz+bT9L4ncHGTSLAjYM2G5yY9zkqr8gvgWW5C86w5A+P1OLg +QZ5Kv8Ppb1/vu6ISQp7qKhPpbowG+LJHZ+GB4L3RAfkyIF+XCYkwSzvlRTuWa5uS +U7xAxQzwjt2Wq8jKIb3NxcR13RDKR0nYc3tmiKgVpis= </PrivateExponent> </RSAKeyValue> </KeyValue> @@ -31,25 +31,25 @@ Ar8bIbGWuNQk5knlMp2375NcFwRg71Qlqm2wkEPwNeM= <KeyValue> <DSAKeyValue> <P> -qwsmWVFwPu0q/QPmwXKmclhIv606pf6tvIF/eoE3WtvPlEttOyEK123OuHQFBbXA -Djxi1dKDrltnWqIU3MBHeTrni1GYk//mucF/CMHvB01CeXxX8q9pEuEtlMamyh4n -tdFxaNX6yUbvNmbitjW0M3vnDzhXUzqk1FxXnusRqxM= ++/iULHlbjU0BJnUEURAq5mgBoET+h+/JafnCEOdDjMdnG/MCBpks007t6awNhbWh +6oL44wKa4WZPkY3+P9lRrBWn5NT9Am+3dT+rz2N92jH18qe5rTc2yHwnVJkJ136n +HBi4+IShT2pJYndjCUJzDPg3JKSbfqs7hW6FoLS0rEc= </P> <Q> -65XWbdYJ3gSpDFrgdfVL/2PYPQc= +28RZIU06t5Y0r4vNDz9p03HV0h8= </Q> <G> -memR3uytuArzKBzIwpkpH1HtpB3hL8nUyWX1/NU4aEdjlwfiGVxjnMt1B5T5G4CB -D+zI6PDo8nNrqmV+TazjOwnkB+p0zhHvpN2jPsMXuyOd4olTA0CHp2MeOf2f0a99 -b08l6mywP9kvngqHRcVjCH1lBNARb8+Cm96716aRObw= +SlP9CEP5vla4cfBHGjsxfctJ5JSOLnoxwcYn+wKhK+b/sLdThrVcohoS3Lq39Jlw +5P78bRks6jeWBonOEXrOAldccHV6fSnMYiEPZ+RTtmq8RCkV+RXdlaqYClG4aVO/ +40aioXQHRlS7ityls0ITPWaWCZXmh4ZyBieZrtYHvpY= </G> <X xmlns="http://www.aleksey.com/xmlsec/2002"> -QSVru1x8Hgxb1XGU9m8ehXgMmu8= +iaLSTFIpOFV3xrUFQ2zKIHIvJQk= </X> <Y> -YruTW3j32ZOHZQ8BZiUh9UUeCRtVSUtAiGndOZRcrFV7w4nJQVmk1TcSaPz++du2 -HKLF/BSPKCCQu/XDuxkoKuCFYmsh4R/EZ3/YDJ9oDs97MHHkvEyFjcFbTIPvDMy1 -G5GjWxw5KpnGC7qqoYNLaxbzxMSbsLHEldfUtm1b54E= +3FzOWWHz7mu7NeUHq0gLjj7RFZIgzKSYPwh+tFlBIxWh8ioilRTDiQRPpDcnUqLs +M+CjDXfycHIRN22wclw5QSSS/N0us1TR4bfsVKdDLZfMxewHhfcZyr3yuFltdGU0 +wJ+l17vt5NrskU/epVujnni5yBUhweh3rKzeS5hrPV8= </Y> </DSAKeyValue> </KeyValue> @@ -57,25 +57,25 @@ G5GjWxw5KpnGC7qqoYNLaxbzxMSbsLHEldfUtm1b54E= <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>test-des</KeyName> <KeyValue> -<DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">shMSfB+70s32hf0Nj+0fKyTMoSn6s8b4</DESKeyValue> +<DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">vwbSXq5pmQgM1MH1x82wOEKcXYwHBxEi</DESKeyValue> </KeyValue> </KeyInfo> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>test-aes128</KeyName> <KeyValue> -<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">ikTfCjFqoNTmBV2Ypp5Dqg==</AESKeyValue> +<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">Q8vUR/LUN7hKeHXkHDVyhg==</AESKeyValue> </KeyValue> </KeyInfo> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>test-aes192</KeyName> <KeyValue> -<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">h0nFr4bJ7KsN+RgsaFCovwFTLX3HE865</AESKeyValue> +<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">B2Zlwpxzm6EaF88GN83Mmi/xOOEw7/56</AESKeyValue> </KeyValue> </KeyInfo> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>test-aes256</KeyName> <KeyValue> -<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">h5DxJbo3otmV14lreP24ZHumArRP7i/pdPc7w1fvJ48=</AESKeyValue> +<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">ulIprYY0iFVGIbPCGlKDyoRgV5a6h7xsmNn9xtQKQh8=</AESKeyValue> </KeyValue> </KeyInfo> </Keys> |