line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
#include "EXTERN.h" |
2
|
|
|
|
|
|
|
#include "perl.h" |
3
|
|
|
|
|
|
|
#include "XSUB.h" |
4
|
|
|
|
|
|
|
|
5
|
|
|
|
|
|
|
#include |
6
|
|
|
|
|
|
|
#include |
7
|
|
|
|
|
|
|
#include |
8
|
|
|
|
|
|
|
#include |
9
|
|
|
|
|
|
|
#include |
10
|
|
|
|
|
|
|
#include |
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
#define NOKEYS 0x1 |
13
|
|
|
|
|
|
|
#define NOCERTS 0x2 |
14
|
|
|
|
|
|
|
#define INFO 0x4 |
15
|
|
|
|
|
|
|
#define CLCERTS 0x8 |
16
|
|
|
|
|
|
|
#define CACERTS 0x10 |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
19
|
|
|
|
|
|
|
#define PKCS12_SAFEBAG_get0_p8inf(o) ((o)->value.keybag) |
20
|
|
|
|
|
|
|
#define PKCS12_SAFEBAG_get0_attr PKCS12_get_attr |
21
|
|
|
|
|
|
|
#define CONST_PKCS8_PRIV_KEY_INFO PKCS8_PRIV_KEY_INFO |
22
|
|
|
|
|
|
|
#else |
23
|
|
|
|
|
|
|
#define CONST_PKCS8_PRIV_KEY_INFO const PKCS8_PRIV_KEY_INFO |
24
|
|
|
|
|
|
|
#endif |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
const EVP_CIPHER *enc; |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
/* fake our package name */ |
29
|
|
|
|
|
|
|
typedef PKCS12* Crypt__OpenSSL__PKCS12; |
30
|
|
|
|
|
|
|
|
31
|
0
|
|
|
|
|
|
void croakSSL(char* p_file, int p_line) { |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
const char* errorReason; |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
/* Just return the top error on the stack */ |
36
|
0
|
|
|
|
|
|
errorReason = ERR_reason_error_string(ERR_get_error()); |
37
|
|
|
|
|
|
|
|
38
|
0
|
|
|
|
|
|
ERR_clear_error(); |
39
|
|
|
|
|
|
|
|
40
|
0
|
|
|
|
|
|
croak("%s:%d: OpenSSL error: %s", p_file, p_line, errorReason); |
41
|
|
|
|
|
|
|
} |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
#define CHECK_OPEN_SSL(p_result) if (!(p_result)) croakSSL(__FILE__, __LINE__); |
44
|
|
|
|
|
|
|
|
45
|
3
|
|
|
|
|
|
EVP_PKEY* _load_pkey(char* keyString, EVP_PKEY*(*p_loader)(BIO*, EVP_PKEY**, pem_password_cb*, void*)) { |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
EVP_PKEY* pkey; |
48
|
|
|
|
|
|
|
BIO* stringBIO; |
49
|
|
|
|
|
|
|
|
50
|
3
|
50
|
|
|
|
|
if (!strncmp(keyString, "----", 4)) { |
51
|
|
|
|
|
|
|
|
52
|
0
|
0
|
|
|
|
|
CHECK_OPEN_SSL(stringBIO = BIO_new_mem_buf(keyString, strlen(keyString))); |
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
} else { |
55
|
|
|
|
|
|
|
|
56
|
3
|
50
|
|
|
|
|
CHECK_OPEN_SSL(stringBIO = BIO_new_file(keyString, "r")); |
57
|
|
|
|
|
|
|
} |
58
|
|
|
|
|
|
|
|
59
|
3
|
|
|
|
|
|
pkey = p_loader(stringBIO, NULL, NULL, NULL); |
60
|
|
|
|
|
|
|
|
61
|
3
|
|
|
|
|
|
(void)BIO_set_close(stringBIO, BIO_CLOSE); |
62
|
3
|
|
|
|
|
|
BIO_free_all(stringBIO); |
63
|
|
|
|
|
|
|
|
64
|
3
|
50
|
|
|
|
|
CHECK_OPEN_SSL(pkey); |
65
|
3
|
|
|
|
|
|
return pkey; |
66
|
|
|
|
|
|
|
} |
67
|
|
|
|
|
|
|
|
68
|
3
|
|
|
|
|
|
STACK_OF(X509)* _load_cert_chain(char* keyString, STACK_OF(X509_INFO)*(*p_loader)(BIO*, STACK_OF(X509_INFO)*, pem_password_cb*, void*)) { |
69
|
|
|
|
|
|
|
int i; |
70
|
3
|
|
|
|
|
|
STACK_OF(X509_INFO) *xis = NULL; |
71
|
3
|
|
|
|
|
|
X509_INFO *xi = NULL; |
72
|
|
|
|
|
|
|
BIO* stringBIO; |
73
|
3
|
|
|
|
|
|
STACK_OF(X509) *stack = sk_X509_new_null(); |
74
|
|
|
|
|
|
|
|
75
|
3
|
50
|
|
|
|
|
if (!strncmp(keyString, "----", 4)) { |
76
|
0
|
0
|
|
|
|
|
CHECK_OPEN_SSL(stringBIO = BIO_new_mem_buf(keyString, strlen(keyString))); |
77
|
|
|
|
|
|
|
} else { |
78
|
3
|
50
|
|
|
|
|
CHECK_OPEN_SSL(stringBIO = BIO_new_file(keyString, "r")); |
79
|
|
|
|
|
|
|
} |
80
|
|
|
|
|
|
|
|
81
|
3
|
|
|
|
|
|
xis = p_loader(stringBIO, NULL, NULL, NULL); |
82
|
6
|
100
|
|
|
|
|
for (i = 0; i < sk_X509_INFO_num(xis); i++) { |
83
|
3
|
|
|
|
|
|
xi = sk_X509_INFO_value(xis, i); |
84
|
3
|
50
|
|
|
|
|
if (xi->x509 != NULL && stack != NULL) { |
|
|
50
|
|
|
|
|
|
85
|
3
|
50
|
|
|
|
|
CHECK_OPEN_SSL(xi->x509); |
86
|
3
|
50
|
|
|
|
|
if (!sk_X509_push(stack, xi->x509)) |
87
|
0
|
|
|
|
|
|
goto end; |
88
|
3
|
|
|
|
|
|
xi->x509 = NULL; |
89
|
|
|
|
|
|
|
} |
90
|
|
|
|
|
|
|
} |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
end: |
93
|
3
|
|
|
|
|
|
sk_X509_INFO_pop_free(xis, X509_INFO_free); |
94
|
3
|
|
|
|
|
|
(void)BIO_set_close(stringBIO, BIO_CLOSE); |
95
|
3
|
|
|
|
|
|
BIO_free_all(stringBIO); |
96
|
|
|
|
|
|
|
|
97
|
3
|
|
|
|
|
|
return stack; |
98
|
|
|
|
|
|
|
} |
99
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
/* stolen from OpenSSL.xs */ |
101
|
96
|
|
|
|
|
|
long bio_write_cb(struct bio_st *bm, int m, const char *ptr, int l, long x, long y) { |
102
|
|
|
|
|
|
|
|
103
|
96
|
100
|
|
|
|
|
if (m == BIO_CB_WRITE) { |
104
|
38
|
|
|
|
|
|
SV *sv = (SV *) BIO_get_callback_arg(bm); |
105
|
38
|
|
|
|
|
|
sv_catpvn(sv, ptr, l); |
106
|
|
|
|
|
|
|
} |
107
|
|
|
|
|
|
|
|
108
|
96
|
50
|
|
|
|
|
if (m == BIO_CB_PUTS) { |
109
|
0
|
|
|
|
|
|
SV *sv = (SV *) BIO_get_callback_arg(bm); |
110
|
0
|
|
|
|
|
|
l = strlen(ptr); |
111
|
0
|
|
|
|
|
|
sv_catpvn(sv, ptr, l); |
112
|
|
|
|
|
|
|
} |
113
|
|
|
|
|
|
|
|
114
|
96
|
|
|
|
|
|
return l; |
115
|
|
|
|
|
|
|
} |
116
|
|
|
|
|
|
|
|
117
|
10
|
|
|
|
|
|
static BIO* sv_bio_create(void) { |
118
|
|
|
|
|
|
|
|
119
|
10
|
|
|
|
|
|
SV *sv = newSVpvn("",0); |
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
/* create an in-memory BIO abstraction and callbacks */ |
122
|
10
|
|
|
|
|
|
BIO *bio = BIO_new(BIO_s_mem()); |
123
|
|
|
|
|
|
|
|
124
|
10
|
|
|
|
|
|
BIO_set_callback(bio, bio_write_cb); |
125
|
10
|
|
|
|
|
|
BIO_set_callback_arg(bio, (void *)sv); |
126
|
|
|
|
|
|
|
|
127
|
10
|
|
|
|
|
|
return bio; |
128
|
|
|
|
|
|
|
} |
129
|
|
|
|
|
|
|
|
130
|
10
|
|
|
|
|
|
static SV* sv_bio_final(BIO *bio) { |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
SV* sv; |
133
|
|
|
|
|
|
|
|
134
|
10
|
|
|
|
|
|
(void)BIO_flush(bio); |
135
|
10
|
|
|
|
|
|
sv = (SV *)BIO_get_callback_arg(bio); |
136
|
10
|
|
|
|
|
|
BIO_set_callback_arg(bio, (void *)NULL); |
137
|
10
|
|
|
|
|
|
BIO_set_callback(bio, (void *)NULL); |
138
|
10
|
|
|
|
|
|
BIO_free_all(bio); |
139
|
|
|
|
|
|
|
|
140
|
10
|
50
|
|
|
|
|
if (!sv) sv = &PL_sv_undef; |
141
|
|
|
|
|
|
|
|
142
|
10
|
|
|
|
|
|
return sv; |
143
|
|
|
|
|
|
|
} |
144
|
|
|
|
|
|
|
|
145
|
0
|
|
|
|
|
|
static void sv_bio_error(BIO *bio) { |
146
|
|
|
|
|
|
|
|
147
|
0
|
|
|
|
|
|
SV* sv = (SV *)BIO_get_callback_arg(bio); |
148
|
0
|
0
|
|
|
|
|
if (sv) sv_free(sv); |
149
|
|
|
|
|
|
|
|
150
|
0
|
|
|
|
|
|
BIO_free_all (bio); |
151
|
0
|
|
|
|
|
|
} |
152
|
|
|
|
|
|
|
|
153
|
3
|
|
|
|
|
|
static const char *ssl_error(void) { |
154
|
|
|
|
|
|
|
BIO *bio; |
155
|
|
|
|
|
|
|
SV *sv; |
156
|
|
|
|
|
|
|
STRLEN l; |
157
|
|
|
|
|
|
|
|
158
|
3
|
|
|
|
|
|
bio = sv_bio_create(); |
159
|
3
|
|
|
|
|
|
ERR_print_errors(bio); |
160
|
3
|
|
|
|
|
|
sv = sv_bio_final(bio); |
161
|
3
|
|
|
|
|
|
ERR_clear_error(); |
162
|
3
|
50
|
|
|
|
|
return SvPV(sv, l); |
163
|
|
|
|
|
|
|
} |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
/* these are trimmed from their openssl/apps/pkcs12.c counterparts */ |
166
|
12
|
|
|
|
|
|
int dump_certs_pkeys_bag (BIO *bio, PKCS12_SAFEBAG *bag, char *pass, int passlen, int options, char *pempass) { |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
EVP_PKEY *pkey; |
169
|
|
|
|
|
|
|
X509 *x509; |
170
|
|
|
|
|
|
|
PKCS8_PRIV_KEY_INFO *p8; |
171
|
|
|
|
|
|
|
CONST_PKCS8_PRIV_KEY_INFO *p8c; |
172
|
|
|
|
|
|
|
|
173
|
12
|
|
|
|
|
|
switch (M_PKCS12_bag_type(bag)) { |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
case NID_keyBag: ; |
176
|
|
|
|
|
|
|
|
177
|
0
|
0
|
|
|
|
|
if (options & NOKEYS) return 1; |
178
|
|
|
|
|
|
|
|
179
|
0
|
|
|
|
|
|
p8c = PKCS12_SAFEBAG_get0_p8inf(bag); |
180
|
|
|
|
|
|
|
|
181
|
0
|
0
|
|
|
|
|
if (!(pkey = EVP_PKCS82PKEY (p8c))) return 0; |
182
|
|
|
|
|
|
|
|
183
|
0
|
|
|
|
|
|
PEM_write_bio_PrivateKey (bio, pkey, enc, NULL, 0, NULL, pempass); |
184
|
|
|
|
|
|
|
|
185
|
0
|
|
|
|
|
|
EVP_PKEY_free(pkey); |
186
|
|
|
|
|
|
|
|
187
|
0
|
|
|
|
|
|
break; |
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
case NID_pkcs8ShroudedKeyBag: ; |
190
|
|
|
|
|
|
|
|
191
|
4
|
100
|
|
|
|
|
if (options & NOKEYS) return 1; |
192
|
|
|
|
|
|
|
|
193
|
2
|
50
|
|
|
|
|
if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) |
194
|
0
|
|
|
|
|
|
return 0; |
195
|
|
|
|
|
|
|
|
196
|
2
|
50
|
|
|
|
|
if (!(pkey = EVP_PKCS82PKEY (p8))) { |
197
|
0
|
|
|
|
|
|
PKCS8_PRIV_KEY_INFO_free(p8); |
198
|
0
|
|
|
|
|
|
return 0; |
199
|
|
|
|
|
|
|
} |
200
|
|
|
|
|
|
|
|
201
|
2
|
|
|
|
|
|
PKCS8_PRIV_KEY_INFO_free(p8); |
202
|
|
|
|
|
|
|
|
203
|
2
|
|
|
|
|
|
PEM_write_bio_PrivateKey (bio, pkey, enc, NULL, 0, NULL, pempass); |
204
|
|
|
|
|
|
|
|
205
|
2
|
|
|
|
|
|
EVP_PKEY_free(pkey); |
206
|
|
|
|
|
|
|
|
207
|
2
|
|
|
|
|
|
break; |
208
|
|
|
|
|
|
|
|
209
|
|
|
|
|
|
|
case NID_certBag: |
210
|
|
|
|
|
|
|
|
211
|
8
|
100
|
|
|
|
|
if (options & NOCERTS) return 1; |
212
|
|
|
|
|
|
|
|
213
|
4
|
100
|
|
|
|
|
if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) { |
214
|
|
|
|
|
|
|
|
215
|
2
|
50
|
|
|
|
|
if (options & CACERTS) return 1; |
216
|
|
|
|
|
|
|
|
217
|
2
|
50
|
|
|
|
|
} else if (options & CLCERTS) { |
218
|
|
|
|
|
|
|
|
219
|
2
|
|
|
|
|
|
return 1; |
220
|
|
|
|
|
|
|
} |
221
|
|
|
|
|
|
|
|
222
|
2
|
50
|
|
|
|
|
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return 1; |
223
|
|
|
|
|
|
|
|
224
|
2
|
50
|
|
|
|
|
if (!(x509 = PKCS12_certbag2x509(bag))) return 0; |
225
|
|
|
|
|
|
|
|
226
|
2
|
|
|
|
|
|
PEM_write_bio_X509 (bio, x509); |
227
|
|
|
|
|
|
|
|
228
|
2
|
|
|
|
|
|
X509_free(x509); |
229
|
|
|
|
|
|
|
|
230
|
2
|
|
|
|
|
|
break; |
231
|
|
|
|
|
|
|
} |
232
|
|
|
|
|
|
|
|
233
|
4
|
|
|
|
|
|
return 1; |
234
|
|
|
|
|
|
|
} |
235
|
|
|
|
|
|
|
|
236
|
8
|
|
|
|
|
|
int dump_certs_pkeys_bags(BIO *bio, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, int passlen, int options, char *pempass) { |
237
|
|
|
|
|
|
|
|
238
|
|
|
|
|
|
|
int i; |
239
|
|
|
|
|
|
|
|
240
|
20
|
100
|
|
|
|
|
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { |
241
|
|
|
|
|
|
|
|
242
|
12
|
50
|
|
|
|
|
if (!dump_certs_pkeys_bag (bio, sk_PKCS12_SAFEBAG_value (bags, i), pass, passlen, options, pempass)) { |
243
|
0
|
|
|
|
|
|
return 0; |
244
|
|
|
|
|
|
|
} |
245
|
|
|
|
|
|
|
} |
246
|
|
|
|
|
|
|
|
247
|
8
|
|
|
|
|
|
return 1; |
248
|
|
|
|
|
|
|
} |
249
|
|
|
|
|
|
|
|
250
|
4
|
|
|
|
|
|
int dump_certs_keys_p12(BIO *bio, PKCS12 *p12, char *pass, int passlen, int options, char *pempass) { |
251
|
|
|
|
|
|
|
|
252
|
|
|
|
|
|
|
STACK_OF(PKCS7) *asafes; |
253
|
|
|
|
|
|
|
STACK_OF(PKCS12_SAFEBAG) *bags; |
254
|
|
|
|
|
|
|
|
255
|
|
|
|
|
|
|
int i, bagnid; |
256
|
|
|
|
|
|
|
PKCS7 *p7; |
257
|
|
|
|
|
|
|
|
258
|
4
|
50
|
|
|
|
|
if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) { |
259
|
0
|
|
|
|
|
|
croak("Unable to PKCS12_unpack_authsafes"); |
260
|
|
|
|
|
|
|
return 0; |
261
|
|
|
|
|
|
|
} |
262
|
|
|
|
|
|
|
|
263
|
12
|
100
|
|
|
|
|
for (i = 0; i < sk_PKCS7_num(asafes); i++) { |
264
|
|
|
|
|
|
|
|
265
|
8
|
|
|
|
|
|
p7 = sk_PKCS7_value(asafes, i); |
266
|
|
|
|
|
|
|
|
267
|
8
|
|
|
|
|
|
bagnid = OBJ_obj2nid(p7->type); |
268
|
|
|
|
|
|
|
|
269
|
8
|
100
|
|
|
|
|
if (bagnid == NID_pkcs7_data) { |
270
|
|
|
|
|
|
|
|
271
|
4
|
|
|
|
|
|
bags = PKCS12_unpack_p7data(p7); |
272
|
|
|
|
|
|
|
|
273
|
4
|
50
|
|
|
|
|
} else if (bagnid == NID_pkcs7_encrypted) { |
274
|
|
|
|
|
|
|
|
275
|
4
|
|
|
|
|
|
bags = PKCS12_unpack_p7encdata(p7, pass, passlen); |
276
|
|
|
|
|
|
|
|
277
|
|
|
|
|
|
|
} else { |
278
|
0
|
|
|
|
|
|
continue; |
279
|
|
|
|
|
|
|
} |
280
|
|
|
|
|
|
|
|
281
|
8
|
50
|
|
|
|
|
if (!bags) return 0; |
282
|
|
|
|
|
|
|
|
283
|
8
|
50
|
|
|
|
|
if (!dump_certs_pkeys_bags(bio, bags, pass, passlen, options, pempass)) { |
284
|
|
|
|
|
|
|
|
285
|
0
|
|
|
|
|
|
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
286
|
0
|
|
|
|
|
|
return 0; |
287
|
|
|
|
|
|
|
} |
288
|
|
|
|
|
|
|
|
289
|
8
|
|
|
|
|
|
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
290
|
|
|
|
|
|
|
} |
291
|
|
|
|
|
|
|
|
292
|
4
|
|
|
|
|
|
sk_PKCS7_pop_free(asafes, PKCS7_free); |
293
|
|
|
|
|
|
|
|
294
|
4
|
|
|
|
|
|
return 1; |
295
|
|
|
|
|
|
|
} |
296
|
|
|
|
|
|
|
|
297
|
|
|
|
|
|
|
MODULE = Crypt::OpenSSL::PKCS12 PACKAGE = Crypt::OpenSSL::PKCS12 |
298
|
|
|
|
|
|
|
|
299
|
|
|
|
|
|
|
PROTOTYPES: DISABLE |
300
|
|
|
|
|
|
|
|
301
|
|
|
|
|
|
|
BOOT: |
302
|
|
|
|
|
|
|
{ |
303
|
|
|
|
|
|
|
HV *stash; |
304
|
|
|
|
|
|
|
char *name; |
305
|
|
|
|
|
|
|
int i; |
306
|
|
|
|
|
|
|
|
307
|
3
|
|
|
|
|
|
struct { char *n; I32 v; } Crypt__OpenSSL__PKCS12__const[] = { |
308
|
|
|
|
|
|
|
{"NOKEYS", NOKEYS}, |
309
|
|
|
|
|
|
|
{"NOCERTS", NOCERTS}, |
310
|
|
|
|
|
|
|
{"INFO", INFO}, |
311
|
|
|
|
|
|
|
{"CLCERTS", CLCERTS}, |
312
|
|
|
|
|
|
|
{"CACERTS", CACERTS}, |
313
|
|
|
|
|
|
|
{Nullch,0} |
314
|
|
|
|
|
|
|
}; |
315
|
|
|
|
|
|
|
|
316
|
3
|
|
|
|
|
|
OpenSSL_add_all_algorithms(); |
317
|
|
|
|
|
|
|
|
318
|
3
|
|
|
|
|
|
stash = gv_stashpvn("Crypt::OpenSSL::PKCS12", 22, TRUE); |
319
|
|
|
|
|
|
|
|
320
|
18
|
100
|
|
|
|
|
for (i = 0; (name = Crypt__OpenSSL__PKCS12__const[i].n); i++) { |
321
|
15
|
|
|
|
|
|
newCONSTSUB(stash, name, newSViv(Crypt__OpenSSL__PKCS12__const[i].v)); |
322
|
|
|
|
|
|
|
} |
323
|
|
|
|
|
|
|
} |
324
|
|
|
|
|
|
|
|
325
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 |
326
|
|
|
|
|
|
|
new(class) |
327
|
|
|
|
|
|
|
SV *class |
328
|
|
|
|
|
|
|
|
329
|
|
|
|
|
|
|
CODE: |
330
|
|
|
|
|
|
|
|
331
|
0
|
0
|
|
|
|
|
if ((RETVAL = PKCS12_new()) == NULL) { |
332
|
0
|
|
|
|
|
|
croak("Couldn't create PKCS12_new() for class %" SVf "\n", SVfARG(class)); |
333
|
|
|
|
|
|
|
} |
334
|
|
|
|
|
|
|
|
335
|
|
|
|
|
|
|
OUTPUT: |
336
|
|
|
|
|
|
|
RETVAL |
337
|
|
|
|
|
|
|
|
338
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 |
339
|
|
|
|
|
|
|
new_from_string(class, string) |
340
|
|
|
|
|
|
|
SV *class |
341
|
|
|
|
|
|
|
SV *string |
342
|
|
|
|
|
|
|
|
343
|
|
|
|
|
|
|
ALIAS: |
344
|
|
|
|
|
|
|
new_from_file = 1 |
345
|
|
|
|
|
|
|
|
346
|
|
|
|
|
|
|
PREINIT: |
347
|
|
|
|
|
|
|
BIO *bio; |
348
|
|
|
|
|
|
|
STRLEN str_len; |
349
|
|
|
|
|
|
|
char *str_ptr; |
350
|
|
|
|
|
|
|
|
351
|
|
|
|
|
|
|
CODE: |
352
|
|
|
|
|
|
|
|
353
|
14
|
50
|
|
|
|
|
SvGETMAGIC(string); |
|
|
0
|
|
|
|
|
|
354
|
|
|
|
|
|
|
|
355
|
14
|
100
|
|
|
|
|
if (SvPOKp(string) || SvNOKp(string) || SvIOKp(string)) { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
356
|
18
|
100
|
|
|
|
|
if (ix == 1) { |
357
|
|
|
|
|
|
|
/* We are not looking up the SV's UTF8 bit because BIO_new_file() accepts |
358
|
|
|
|
|
|
|
* filename like syscall fopen() which mainly may accept octet sequences |
359
|
|
|
|
|
|
|
* for UTF-8 in C char*. That's what we get from using SvPV(). Also, |
360
|
|
|
|
|
|
|
* using SvPV() is not a bug if ASCII input is only allowed. */ |
361
|
3
|
50
|
|
|
|
|
str_ptr = SvPV(string, str_len); |
362
|
|
|
|
|
|
|
} else { |
363
|
|
|
|
|
|
|
/* To avoid encoding mess, caller is not allowed to provide octets from |
364
|
|
|
|
|
|
|
* UTF-8 encoded strings. BIO_new_mem_buf() needs octet input only. */ |
365
|
7
|
100
|
|
|
|
|
if (SvUTF8(string)) { |
366
|
2
|
|
|
|
|
|
croak("PKCS12_new_from: Source string must not be UTF-8 encoded (please use octets)"); |
367
|
|
|
|
|
|
|
} |
368
|
5
|
100
|
|
|
|
|
str_ptr = SvPV(string, str_len); |
369
|
|
|
|
|
|
|
} |
370
|
|
|
|
|
|
|
} else { |
371
|
4
|
|
|
|
|
|
croak("PKCS12_new_from: Invalid Perl type for string or file was passed (0x%x).", (unsigned int)SvFLAGS(string)); |
372
|
|
|
|
|
|
|
} |
373
|
|
|
|
|
|
|
|
374
|
8
|
50
|
|
|
|
|
if (!str_ptr || !str_len) croak("PKCS12_new_from: No string or file was passed."); |
|
|
50
|
|
|
|
|
|
375
|
|
|
|
|
|
|
|
376
|
8
|
100
|
|
|
|
|
if (ix == 1) { |
377
|
3
|
|
|
|
|
|
bio = BIO_new_file(str_ptr, "rb"); |
378
|
|
|
|
|
|
|
} else { |
379
|
5
|
|
|
|
|
|
bio = BIO_new_mem_buf(str_ptr, str_len); |
380
|
|
|
|
|
|
|
} |
381
|
|
|
|
|
|
|
|
382
|
8
|
50
|
|
|
|
|
if (!bio) croak("Failed to create BIO"); |
383
|
|
|
|
|
|
|
|
384
|
|
|
|
|
|
|
/* this can come in any number of ways */ |
385
|
8
|
100
|
|
|
|
|
if ((RETVAL = d2i_PKCS12_bio(bio, 0)) == NULL) { |
386
|
3
|
|
|
|
|
|
BIO_free_all(bio); |
387
|
3
|
|
|
|
|
|
croak("%" SVf ": Couldn't create PKCS12 from d2i_PKCS12_BIO(): %s", SVfARG(class), ssl_error()); |
388
|
|
|
|
|
|
|
} |
389
|
|
|
|
|
|
|
|
390
|
5
|
|
|
|
|
|
BIO_free_all(bio); |
391
|
|
|
|
|
|
|
|
392
|
|
|
|
|
|
|
OUTPUT: |
393
|
|
|
|
|
|
|
RETVAL |
394
|
|
|
|
|
|
|
|
395
|
|
|
|
|
|
|
# This is called at per-object destruction time. |
396
|
|
|
|
|
|
|
void |
397
|
|
|
|
|
|
|
DESTROY(pkcs12) |
398
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 pkcs12; |
399
|
|
|
|
|
|
|
|
400
|
|
|
|
|
|
|
CODE: |
401
|
5
|
50
|
|
|
|
|
if (pkcs12) { |
402
|
5
|
|
|
|
|
|
PKCS12_free(pkcs12); |
403
|
|
|
|
|
|
|
} |
404
|
|
|
|
|
|
|
|
405
|
|
|
|
|
|
|
# This is called via an END block in the Perl module to clean up initialization that happened in BOOT. |
406
|
|
|
|
|
|
|
void |
407
|
|
|
|
|
|
|
__PKCS12_cleanup(void) |
408
|
|
|
|
|
|
|
CODE: |
409
|
|
|
|
|
|
|
|
410
|
3
|
|
|
|
|
|
CRYPTO_cleanup_all_ex_data(); |
411
|
3
|
|
|
|
|
|
ERR_free_strings(); |
412
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
413
|
3
|
|
|
|
|
|
ERR_remove_state(0); |
414
|
|
|
|
|
|
|
#endif |
415
|
3
|
|
|
|
|
|
EVP_cleanup(); |
416
|
|
|
|
|
|
|
|
417
|
|
|
|
|
|
|
SV* |
418
|
|
|
|
|
|
|
as_string(pkcs12) |
419
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 pkcs12; |
420
|
|
|
|
|
|
|
|
421
|
|
|
|
|
|
|
PREINIT: |
422
|
|
|
|
|
|
|
BIO *bio; |
423
|
|
|
|
|
|
|
|
424
|
|
|
|
|
|
|
CODE: |
425
|
|
|
|
|
|
|
|
426
|
2
|
|
|
|
|
|
bio = sv_bio_create(); |
427
|
|
|
|
|
|
|
|
428
|
2
|
50
|
|
|
|
|
if (!(i2d_PKCS12_bio(bio, pkcs12))) { |
429
|
0
|
|
|
|
|
|
sv_bio_error(bio); |
430
|
0
|
|
|
|
|
|
croak("i2d_PKCS12_bio: %s", ssl_error()); |
431
|
|
|
|
|
|
|
} |
432
|
|
|
|
|
|
|
|
433
|
2
|
|
|
|
|
|
RETVAL = sv_bio_final(bio); |
434
|
|
|
|
|
|
|
|
435
|
|
|
|
|
|
|
OUTPUT: |
436
|
|
|
|
|
|
|
RETVAL |
437
|
|
|
|
|
|
|
|
438
|
|
|
|
|
|
|
SV* |
439
|
|
|
|
|
|
|
mac_ok(pkcs12, pwd = "") |
440
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 pkcs12 |
441
|
|
|
|
|
|
|
char *pwd |
442
|
|
|
|
|
|
|
|
443
|
|
|
|
|
|
|
CODE: |
444
|
|
|
|
|
|
|
|
445
|
7
|
50
|
|
|
|
|
if (!(PKCS12_verify_mac(pkcs12, pwd, strlen(pwd)))) { |
446
|
0
|
|
|
|
|
|
croak("PKCS12_verify_mac: \n%s", ssl_error()); |
447
|
|
|
|
|
|
|
} |
448
|
|
|
|
|
|
|
|
449
|
7
|
50
|
|
|
|
|
RETVAL = (PKCS12_verify_mac(pkcs12, pwd, strlen(pwd))) ? &PL_sv_yes : &PL_sv_no; |
450
|
|
|
|
|
|
|
|
451
|
|
|
|
|
|
|
OUTPUT: |
452
|
|
|
|
|
|
|
RETVAL |
453
|
|
|
|
|
|
|
|
454
|
|
|
|
|
|
|
SV* |
455
|
|
|
|
|
|
|
changepass(pkcs12, oldpwd = "", newpwd = "") |
456
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 pkcs12 |
457
|
|
|
|
|
|
|
char *oldpwd |
458
|
|
|
|
|
|
|
char *newpwd |
459
|
|
|
|
|
|
|
|
460
|
|
|
|
|
|
|
CODE: |
461
|
|
|
|
|
|
|
|
462
|
4
|
50
|
|
|
|
|
if (!(PKCS12_newpass(pkcs12, oldpwd, newpwd))) { |
463
|
0
|
|
|
|
|
|
warn("PKCS12_newpass: %s %s\n%s", oldpwd, newpwd, ssl_error()); |
464
|
0
|
|
|
|
|
|
RETVAL = &PL_sv_no; |
465
|
|
|
|
|
|
|
} else { |
466
|
4
|
|
|
|
|
|
RETVAL = &PL_sv_yes; |
467
|
|
|
|
|
|
|
} |
468
|
|
|
|
|
|
|
|
469
|
|
|
|
|
|
|
OUTPUT: |
470
|
|
|
|
|
|
|
RETVAL |
471
|
|
|
|
|
|
|
|
472
|
|
|
|
|
|
|
SV* |
473
|
|
|
|
|
|
|
create(pkcs12, cert_chain_pem = "", pk = "", pass = 0, file = 0, name = "PKCS12 Certificate") |
474
|
|
|
|
|
|
|
char *cert_chain_pem |
475
|
|
|
|
|
|
|
char *pk |
476
|
|
|
|
|
|
|
char *pass |
477
|
|
|
|
|
|
|
char *file |
478
|
|
|
|
|
|
|
char *name |
479
|
|
|
|
|
|
|
|
480
|
|
|
|
|
|
|
PREINIT: |
481
|
|
|
|
|
|
|
FILE *fp; |
482
|
|
|
|
|
|
|
EVP_PKEY* pkey; |
483
|
|
|
|
|
|
|
PKCS12 *p12; |
484
|
2
|
|
|
|
|
|
STACK_OF(X509) *cert_chain = NULL; |
485
|
|
|
|
|
|
|
|
486
|
|
|
|
|
|
|
CODE: |
487
|
|
|
|
|
|
|
|
488
|
2
|
|
|
|
|
|
pkey = _load_pkey(pk, PEM_read_bio_PrivateKey); |
489
|
2
|
|
|
|
|
|
cert_chain = _load_cert_chain(cert_chain_pem, PEM_X509_INFO_read_bio); |
490
|
2
|
|
|
|
|
|
p12 = PKCS12_create(pass, name, pkey, sk_X509_shift(cert_chain), cert_chain, 0, 0, 0, 0, 0); |
491
|
|
|
|
|
|
|
|
492
|
2
|
50
|
|
|
|
|
if (!p12) { |
493
|
0
|
|
|
|
|
|
ERR_print_errors_fp(stderr); |
494
|
0
|
|
|
|
|
|
croak("Error creating PKCS#12 structure\n"); |
495
|
|
|
|
|
|
|
} |
496
|
|
|
|
|
|
|
|
497
|
2
|
50
|
|
|
|
|
if (!(fp = fopen(file, "wb"))) { |
498
|
0
|
|
|
|
|
|
ERR_print_errors_fp(stderr); |
499
|
0
|
|
|
|
|
|
croak("Error opening file %s\n", file); |
500
|
|
|
|
|
|
|
} |
501
|
|
|
|
|
|
|
|
502
|
2
|
|
|
|
|
|
i2d_PKCS12_fp(fp, p12); |
503
|
2
|
|
|
|
|
|
PKCS12_free(p12); |
504
|
2
|
|
|
|
|
|
fclose(fp); |
505
|
|
|
|
|
|
|
|
506
|
2
|
|
|
|
|
|
RETVAL = &PL_sv_yes; |
507
|
|
|
|
|
|
|
|
508
|
|
|
|
|
|
|
OUTPUT: |
509
|
|
|
|
|
|
|
RETVAL |
510
|
|
|
|
|
|
|
|
511
|
|
|
|
|
|
|
|
512
|
|
|
|
|
|
|
SV* |
513
|
|
|
|
|
|
|
create_as_string(pkcs12, cert_chain_pem = "", pk = "", pass = 0, name = "PKCS12 Certificate") |
514
|
|
|
|
|
|
|
char *cert_chain_pem |
515
|
|
|
|
|
|
|
char *pk |
516
|
|
|
|
|
|
|
char *pass |
517
|
|
|
|
|
|
|
char *name |
518
|
|
|
|
|
|
|
|
519
|
|
|
|
|
|
|
PREINIT: |
520
|
|
|
|
|
|
|
BIO *bio; |
521
|
|
|
|
|
|
|
EVP_PKEY* pkey; |
522
|
|
|
|
|
|
|
PKCS12 *p12; |
523
|
1
|
|
|
|
|
|
STACK_OF(X509) *cert_chain = NULL; |
524
|
|
|
|
|
|
|
|
525
|
|
|
|
|
|
|
CODE: |
526
|
|
|
|
|
|
|
|
527
|
1
|
|
|
|
|
|
pkey = _load_pkey(pk, PEM_read_bio_PrivateKey); |
528
|
1
|
|
|
|
|
|
cert_chain = _load_cert_chain(cert_chain_pem, PEM_X509_INFO_read_bio); |
529
|
1
|
|
|
|
|
|
p12 = PKCS12_create(pass, name, pkey, sk_X509_shift(cert_chain), cert_chain, 0, 0, 0, 0, 0); |
530
|
|
|
|
|
|
|
|
531
|
1
|
50
|
|
|
|
|
if (!p12) { |
532
|
0
|
|
|
|
|
|
ERR_print_errors_fp(stderr); |
533
|
0
|
|
|
|
|
|
croak("Error creating PKCS#12 structure\n"); |
534
|
|
|
|
|
|
|
} |
535
|
|
|
|
|
|
|
|
536
|
1
|
|
|
|
|
|
bio = sv_bio_create(); |
537
|
1
|
|
|
|
|
|
i2d_PKCS12_bio(bio, p12); |
538
|
|
|
|
|
|
|
|
539
|
1
|
|
|
|
|
|
RETVAL = sv_bio_final(bio); |
540
|
1
|
|
|
|
|
|
PKCS12_free(p12); |
541
|
|
|
|
|
|
|
|
542
|
|
|
|
|
|
|
OUTPUT: |
543
|
|
|
|
|
|
|
RETVAL |
544
|
|
|
|
|
|
|
|
545
|
|
|
|
|
|
|
SV* |
546
|
|
|
|
|
|
|
certificate(pkcs12, pwd = "") |
547
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 pkcs12 |
548
|
|
|
|
|
|
|
char *pwd |
549
|
|
|
|
|
|
|
|
550
|
|
|
|
|
|
|
PREINIT: |
551
|
|
|
|
|
|
|
BIO *bio; |
552
|
|
|
|
|
|
|
|
553
|
|
|
|
|
|
|
CODE: |
554
|
|
|
|
|
|
|
|
555
|
2
|
|
|
|
|
|
bio = sv_bio_create(); |
556
|
|
|
|
|
|
|
|
557
|
2
|
|
|
|
|
|
PKCS12_unpack_authsafes(pkcs12); |
558
|
2
|
|
|
|
|
|
dump_certs_keys_p12(bio, pkcs12, pwd, strlen(pwd), CLCERTS|NOKEYS, NULL); |
559
|
|
|
|
|
|
|
|
560
|
2
|
|
|
|
|
|
RETVAL = sv_bio_final(bio); |
561
|
|
|
|
|
|
|
|
562
|
|
|
|
|
|
|
OUTPUT: |
563
|
|
|
|
|
|
|
RETVAL |
564
|
|
|
|
|
|
|
|
565
|
|
|
|
|
|
|
SV* |
566
|
|
|
|
|
|
|
private_key(pkcs12, pwd = "") |
567
|
|
|
|
|
|
|
Crypt::OpenSSL::PKCS12 pkcs12 |
568
|
|
|
|
|
|
|
char *pwd |
569
|
|
|
|
|
|
|
|
570
|
|
|
|
|
|
|
PREINIT: |
571
|
|
|
|
|
|
|
BIO *bio; |
572
|
|
|
|
|
|
|
|
573
|
|
|
|
|
|
|
CODE: |
574
|
|
|
|
|
|
|
|
575
|
2
|
|
|
|
|
|
bio = sv_bio_create(); |
576
|
|
|
|
|
|
|
|
577
|
2
|
|
|
|
|
|
PKCS12_unpack_authsafes(pkcs12); |
578
|
2
|
|
|
|
|
|
dump_certs_keys_p12(bio, pkcs12, pwd, strlen(pwd), NOCERTS, NULL); |
579
|
|
|
|
|
|
|
|
580
|
2
|
|
|
|
|
|
RETVAL = sv_bio_final(bio); |
581
|
|
|
|
|
|
|
|
582
|
|
|
|
|
|
|
OUTPUT: |
583
|
|
|
|
|
|
|
RETVAL |