diff options
Diffstat (limited to 'deleted_files/usr/src')
7 files changed, 907 insertions, 0 deletions
diff --git a/deleted_files/usr/src/cmd/cmd-crypto/pktool/biginteger.h b/deleted_files/usr/src/cmd/cmd-crypto/pktool/biginteger.h new file mode 100644 index 0000000000..3764e47aaa --- /dev/null +++ b/deleted_files/usr/src/cmd/cmd-crypto/pktool/biginteger.h @@ -0,0 +1,58 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#ifndef _PKTOOL_BIGINTEGER_H +#define _PKTOOL_BIGINTEGER_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + +#include <security/pkcs11t.h> + +/* + * NOTE: + * + * This is same "biginteger_t" found in both these places: + * usr/src/lib/pkcs11/pkcs11_softtoken/common/softObject.h + * usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObject.h + * The BIGNUM implementation in usr/src/common/bignum does not + * meet the need. It is recommended that the biginteger_t be + * factored out of pkcs11_softtoken/pkcs11_kernel/pktool and + * the pkcs11 libraries and moved into cryptoutil.h + */ +typedef struct biginteger { + CK_BYTE *big_value; + CK_ULONG big_value_len; +} biginteger_t; + +#ifdef __cplusplus +} +#endif + +#endif /* _PKTOOL_BIGINTEGER_H */ diff --git a/deleted_files/usr/src/cmd/cmd-crypto/pktool/derparse.c b/deleted_files/usr/src/cmd/cmd-crypto/pktool/derparse.c new file mode 100644 index 0000000000..cec607220a --- /dev/null +++ b/deleted_files/usr/src/cmd/cmd-crypto/pktool/derparse.c @@ -0,0 +1,371 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * derparse.c - Functions for parsing DER-encoded data + * + * NOTE: This code was originally written by Cryptographic Products + * Group at Sun Microsystems for the SCA 1000 "realmparse" program. + * It is mostly intact except for necessary adaptaions to allow it to + * compile in this environment. + */ + +#include <errno.h> +#include <fcntl.h> +#include <lber.h> +#include <limits.h> +#include <stdio.h> +#include <stdlib.h> +#include <strings.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <cryptoutil.h> +#include "derparse.h" + +/* I18N helpers. */ +#include <libintl.h> +#include <locale.h> + +/* + * Some types that we need below. + */ +typedef struct oidinfo { + uint8_t *value; /* OID value in bytes */ + size_t length; /* Length of OID */ + char *strval; /* String rep. for OID in RDN */ +} oidinfo_t; + +/* + * X.509 Issuer OIDs as recommended by RFC 3280 + * We might see these in certificates in their subject an issuer names. + */ +static uint8_t common_name_oid[] = {0x55, 0x04, 0x03}; +static uint8_t surname_oid[] = {0x55, 0x04, 0x04}; +static uint8_t serial_number_oid[] = {0x55, 0x04, 0x05}; +static uint8_t country_name_oid[] = {0x55, 0x04, 0x06}; +static uint8_t locality_name_oid[] = {0x55, 0x04, 0x07}; +static uint8_t state_name_oid[] = {0x55, 0x04, 0x08}; +static uint8_t org_name_oid[] = {0x55, 0x04, 0x0a}; +static uint8_t org_unit_name_oid[] = {0x55, 0x04, 0x0b}; +static uint8_t title_oid[] = {0x55, 0x04, 0x0c}; +static uint8_t name_oid[] = {0x55, 0x04, 0x29}; +static uint8_t given_name_oid[] = {0x55, 0x04, 0x2a}; +static uint8_t initials_oid[] = {0x55, 0x04, 0x2b}; +static uint8_t gen_qual_oid[] = {0x55, 0x04, 0x2c}; +static uint8_t dn_qual_oid[] = {0x55, 0x04, 0x2e}; +static uint8_t pseudonym_oid[] = {0x55, 0x04, 0x31}; +static uint8_t uid_oid[] = + {0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x01}; +static uint8_t domain_comp_oid[] = + {0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19}; +static uint8_t email_addr_oid[] = + {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01}; + +/* Define this structure so we can match on a given oid */ +static oidinfo_t oids[] = { + {common_name_oid, sizeof (common_name_oid), "CN"}, + {surname_oid, sizeof (surname_oid), "SN"}, + {serial_number_oid, sizeof (serial_number_oid), "SerialNum"}, + {country_name_oid, sizeof (country_name_oid), "C"}, + {locality_name_oid, sizeof (locality_name_oid), "L"}, + {state_name_oid, sizeof (state_name_oid), "ST"}, + {org_name_oid, sizeof (org_name_oid), "O"}, + {org_unit_name_oid, sizeof (org_unit_name_oid), "OU"}, + {title_oid, sizeof (title_oid), "Title"}, + {name_oid, sizeof (name_oid), "Name"}, + {given_name_oid, sizeof (given_name_oid), "GN"}, + {initials_oid, sizeof (initials_oid), "Initials"}, + {gen_qual_oid, sizeof (gen_qual_oid), "GenQual"}, + {dn_qual_oid, sizeof (dn_qual_oid), "DNQual"}, + {pseudonym_oid, sizeof (pseudonym_oid), "Pseudonym"}, + {uid_oid, sizeof (uid_oid), "UID"}, + {domain_comp_oid, sizeof (domain_comp_oid), "DC"}, + {email_addr_oid, sizeof (email_addr_oid), "E"} +}; +static int oidblocklen = sizeof (oids) / sizeof (oidinfo_t); + +/* Local functions */ +static int oid_to_str(uint8_t *, size_t, char *, size_t); +static int get_oid_type(char *); + +/* + * An RDNSequence is what is handed to us when we get attributes like + * CKA_ISSUER and CKA_SUBJECT_NAME. This function will take in a buffer + * with the DER encoded bytes of an RDNSequence and print out the components. + * + * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + * + * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue + * + * AttributeTypeAndValue ::= SEQUENCE { + * type AttributeType, + * value AttributeValue + * } + * + * AttributeType ::= OBJECT IDENTIFIER + * + * AttributeValue ::= ANY DEFINED BY AttributeType + */ +void +rdnseq_to_str(uchar_t *derdata, size_t dersz, char *out, size_t outsz) +{ +#define PKTOOL_LINEMAX 1024 + char oidout[PKTOOL_LINEMAX]; + BerElement *ber = NULL; + BerValue ber_rdns; + int tag; + ber_len_t size; + char *atv_type = NULL; /* Attribute Type */ + ber_len_t atv_type_size; + char *atv_value = NULL; /* Attribute Value */ + ber_len_t atv_value_size; + char *cookie = NULL; + int idx; + char *prndata = NULL; + int prnsz; + int offset = 0; + boolean_t first = B_TRUE; + + cryptodebug("inside rdnseq_to_str"); + + if (derdata == NULL || dersz == 0) { + cryptodebug("nothing to parse"); + return; + } + + /* Take the raw bytes and stuff them into a BerValue structure */ + ber_rdns.bv_val = (char *)derdata; + ber_rdns.bv_len = dersz; + + /* Allocate the BerElement */ + if ((ber = ber_init(&ber_rdns)) == NULLBER) { + cryptodebug("ber_init failed to return ber element"); + cryptoerror(LOG_STDERR, gettext( + "Unable to begin parsing RDNSequence.")); + return; + } + + /* Begin by parsing out the outer sequence */ + tag = ber_next_element(ber, &size, cookie); + if (tag != LBER_SEQUENCE) { + cryptodebug("ber_next_element tag is not SEQUENCE"); + cryptoerror(LOG_STDERR, gettext( + "Expected RDNSequence SEQUENCE object, got tag [%02x]."), + tag); + return; + } + tag = ber_scanf(ber, "{"); + + /* Parse the sequence of RelativeDistinguishedName objects */ + while ((tag = ber_next_element(ber, &size, cookie)) != -1) { + if (tag != LBER_SET) { + cryptodebug("ber_next_element tag is not SET"); + cryptoerror(LOG_STDERR, gettext( + "Expected RelativeDistinguishedName SET object, " + "got tag [%02x]."), tag); + return; + } + tag = ber_scanf(ber, "["); + + /* AttributeTypeAndValue */ + tag = ber_next_element(ber, &size, cookie); + if (tag != LBER_SEQUENCE) { + cryptodebug("ber_next_element tag is not SEQUENCE"); + cryptoerror(LOG_STDERR, gettext( + "Expected AttributeTypeAndValue SEQUENCE object, " + "got tag [%02x]."), tag); + return; + } + tag = ber_scanf(ber, "{"); + + /* AttributeType OID */ + tag = ber_next_element(ber, &atv_type_size, cookie); + atv_type_size++; /* Add room for null terminator */ + if (tag != LBER_OID) { + cryptodebug("ber_next_element tag is not OID"); + cryptoerror(LOG_STDERR, gettext( + "Expected an OID, got tag [%02x]."), tag); + return; + } + /* Note: ber_scanf() allocates memory here for "a". */ + tag = ber_scanf(ber, "a", &atv_type, &atv_type_size); + + /* AttributeValue */ + tag = ber_next_element(ber, &atv_value_size, cookie); + atv_value_size++; + if ((tag != LBER_PRINTABLE_STRING) && (tag != LBER_IA5STRING)) { + cryptodebug("ber_next_element tag is not " + "PRINTABLE_STRING/IA5STRING"); + cryptoerror(LOG_STDERR, gettext("Expected a STRING, " + "got tag [%02x]."), tag); + free(atv_type); + return; + } + /* Note: ber_scanf() allocates memory here for "a". */ + tag = ber_scanf(ber, "a", &atv_value, &atv_value_size); + + /* + * Now go and turn the attribute type and value into + * some kind of meaningful output. + */ + if ((idx = get_oid_type(atv_type)) == -1) { + if (oid_to_str((uint8_t *)atv_type, strlen(atv_type), + oidout, sizeof (oidout)) < 0) { + cryptodebug("oid_to_str failed"); + cryptoerror(LOG_STDERR, gettext( + "Unable to convert OID to string.")); + free(atv_type); + free(atv_value); + return; + } + prndata = oidout; + } else { + prndata = oids[idx].strval; + } + + if (!first) + prnsz = snprintf(out + offset, outsz - offset, + ", %s = %s", prndata, atv_value); + else { + prnsz = snprintf(out + offset, outsz - offset, + "%s = %s", prndata, atv_value); + first = B_FALSE; + } + + free(atv_type); + free(atv_value); + atv_type = NULL; + atv_value = NULL; + + offset += prnsz; + if (offset >= outsz) + break; + } +} + +/* + * Convert OID to dotted notation string. + */ +static int +oid_to_str(uint8_t *oid, size_t oidlen, char *oidout, size_t oidout_len) +{ + int count = 0; + int offset = 0; + int prnsz; + uint_t firstnum; + uint_t secondnum; + uint64_t nextnum = 0; + + cryptodebug("inside oid_to_str"); + + if (oidlen == 0) + return (-1); + + /* + * The first octet has a value of (40 x oidnum1) + oidnum2. We + * will deconstruct it here and sanity check the result. According + * to X.690, oidnum1 should never be more than 2 and oidnum2 + * shouldn't be greater than 39 when oidnum1 = 0 or 1. + */ + firstnum = oid[count] / 40; + if (firstnum > 2) /* force remainder to be > 39 */ + firstnum = 2; + secondnum = oid[count] - (firstnum * 40); + + (void) memset(oidout, 0, oidout_len); + + prnsz = snprintf(oidout, oidout_len, "%d.%d", firstnum, secondnum); + offset += prnsz; + if (offset >= oidout_len) + return (0); + + /* Start at the second byte and move our way forward */ + for (count = 1; count < oidlen; count++) { + /* ORIGINAL COMMENT */ + /* + * Each oid byte is taken as a 7-bit number. If bit 8 is + * set, it means the next octet and this one are to be + * chained together as a single bit string, and so forth. + * We need to mask of bit 8, then shift over 7 bits in the + * resulting integer, and then stuff the new 7 bits in + * the low order byte, all the while making sure we don't + * stomp bit 1 from the previous octet. + * See X.690 or the layman's guide to ASN.1 for more. + */ + + /* + * String together as many of the next octets if each of + * their high order bits is set to 1. For example, + * 1 1010111, 1 0010100, 1 0010110, 0 1101111, ... + * (3 8-bit octets) + * becomes + * 1010111 0010100 0010110, 1101111, ... + * (one 21 bit integer) + * The high order bit functions as a "link" between octets. + * Note that if there are more than 9 octets with their + * high order bits set, it will overflow a 64-bit integer. + */ + for (nextnum = 0; (oid[count] & 0x80) && (count < oidlen); + count++) { + nextnum <<= 7; + nextnum |= (oid[count] & 0x7f); + } + if (count == oidlen) /* last number not terminated? */ + return (-1); + + /* We're done with this oid number, write it and move on */ + prnsz = snprintf(oidout + offset, oidout_len - offset, + ".%lld", nextnum); + offset += prnsz; + if (offset >= oidout_len) + return (0); + } + + return (0); +} + +/* + * Returns the index in the oids[] array that matches the input type, + * or -1 if it could not find a match. + */ +static int +get_oid_type(char *type) +{ + int count; + + cryptodebug("inside get_oid_type"); + + for (count = 0; count < oidblocklen; count++) { + if (memcmp(oids[count].value, type, oids[count].length) == 0) { + return (count); + } + } + + /* If we get here, we haven't found a match, so return -1 */ + return (-1); +} diff --git a/deleted_files/usr/src/cmd/cmd-crypto/pktool/derparse.h b/deleted_files/usr/src/cmd/cmd-crypto/pktool/derparse.h new file mode 100644 index 0000000000..2ff36d2163 --- /dev/null +++ b/deleted_files/usr/src/cmd/cmd-crypto/pktool/derparse.h @@ -0,0 +1,55 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#ifndef _PKTOOL_DERPARSE_H +#define _PKTOOL_DERPARSE_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef LBER_OID +#define LBER_OID 0x06 +#endif + +#ifndef LBER_PRINTABLE_STRING +#define LBER_PRINTABLE_STRING 0x13 +#endif + +#ifndef LBER_IA5STRING +#define LBER_IA5STRING 0x16 +#endif + +extern void rdnseq_to_str(uchar_t *from, size_t from_sz, char *to, + size_t to_sz); + +#ifdef __cplusplus +} +#endif + +#endif /* _PKTOOL_DERPARSE_H */ diff --git a/deleted_files/usr/src/cmd/cmd-crypto/pktool/osslcommon.c b/deleted_files/usr/src/cmd/cmd-crypto/pktool/osslcommon.c new file mode 100644 index 0000000000..84b4fdbdce --- /dev/null +++ b/deleted_files/usr/src/cmd/cmd-crypto/pktool/osslcommon.c @@ -0,0 +1,224 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * This file implements some "missing" routines that should + * be part of the OpenSSL library but are not there yet. + */ + +#include <cryptoutil.h> +#include "osslcommon.h" +#include <openssl/pkcs12.h> +#include <openssl/engine.h> + +/* + * OpenSSL usage needs algorithms (ciphers and digests), strings, + * and engines loaded first to be useful. + */ +void +PKTOOL_setup_openssl(void) +{ + cryptodebug("inside PKTOOL_setup_openssl"); + + /* Add all ciphers and digests. */ + OpenSSL_add_all_algorithms(); + + /* Load up error message strings. */ + ERR_load_crypto_strings(); + + /* Load up PKCS#11 engine. */ + /* ENGINE_load_pk11(); */ + + /* Load up builtin crypto engines. */ + /* + * This function is actually defined in OpenSSL libcrypto + * library. However it doesn't make its lint library correctly + * which is why this lint error occurs. OpenSSL needs fixing. + * Do not put a LINTED comment here because lint will complain + * that the directive is ununsed. + */ + ENGINE_load_builtin_engines(); + + /* U/I methods are not necessary here. */ + /* setup_ui_method(); */ +} + +/* + * This should be an OpenSSL function, but they haven't added it yet. + * See <openssl>/crypto/asn1/x_x509a.c:X509_alias_get0() for the model. + */ +unsigned char * +PKTOOL_X509_keyid_get0(X509 *x, int *len) +{ + cryptodebug("inside PKTOOL_setup_openssl"); + + if (x->aux == NULL || x->aux->keyid == NULL) { + cryptodebug("certificate aux or aux->keyid is null"); + return (NULL); + } + if (len) + *len = x->aux->keyid->length; + return (x->aux->keyid->data); +} + +/* + * This should be an OpenSSL function, but couldn't find it yet. + * It gets the subject name safely without dereferencing null pointers. + * If it is ever found in OpenSSL, this should be removed and all + * calls to it need to be replaced with right OpenSSL function. + */ +unsigned char * +PKTOOL_X509_subject_name(X509 *x, int *len) +{ + X509_NAME *temp; + + cryptodebug("inside PKTOOL_X509_subject_name"); + + if ((temp = X509_get_subject_name(x)) == NULL) { + cryptodebug("certificate subject name stack is null"); + return (NULL); + } + if (temp->bytes == NULL) { + cryptodebug("certificate subject name stack bytes is null"); + return (NULL); + } + if (len) + *len = temp->bytes->length; + return ((unsigned char *)temp->bytes->data); +} + +/* + * This should be an OpenSSL function, but couldn't find it yet. + * It gets the issuer name safely without dereferencing null pointers. + * If it is ever found in OpenSSL, this should be removed and all + * calls to it need to be replaced with right OpenSSL function. + */ +unsigned char * +PKTOOL_X509_issuer_name(X509 *x, int *len) +{ + X509_NAME *temp; + + cryptodebug("inside PKTOOL_X509_issuer_name"); + + if ((temp = X509_get_issuer_name(x)) == NULL) { + cryptodebug("certificate issuer name stack is null"); + return (NULL); + } + if (temp->bytes == NULL) { + cryptodebug("certificate issuer name stack bytes is null"); + return (NULL); + } + if (len) + *len = temp->bytes->length; + return ((unsigned char *)temp->bytes->data); +} + +/* + * This should be an OpenSSL function, but couldn't find it yet. + * It gets the serial number safely without dereferencing null pointers. + * If it is ever found in OpenSSL, this should be removed and all + * calls to it need to be replaced with right OpenSSL function. + */ +unsigned char * +PKTOOL_X509_serial_number(X509 *x, int *len) +{ + ASN1_INTEGER *temp; + + cryptodebug("inside PKTOOL_X509_serial_number"); + + if ((temp = X509_get_serialNumber(x)) == NULL) { + cryptodebug("certificate serial number is null"); + return (NULL); + } + if (len) + *len = temp->length; + return (temp->data); +} + +/* + * This should be an OpenSSL function, but couldn't find it yet. + * It gets the cert value safely without dereferencing null pointers. + * If it is ever found in OpenSSL, this should be removed and all + * calls to it need to be replaced with right OpenSSL function. + */ +unsigned char * +PKTOOL_X509_cert_value(X509 *x, int *len) +{ + PKCS12_SAFEBAG *bag; + + cryptodebug("inside PKTOOL_X509_cert_value"); + + if ((bag = PKCS12_x5092certbag(x)) == NULL) { + cryptodebug("unable to convert cert to PKCS#12 bag"); + return (NULL); + } + if (bag->value.bag == NULL || bag->value.bag->value.x509cert == NULL) { + cryptodebug("PKCS#12 bag value or cert inside it is null"); + return (NULL); + } + if (len) + *len = bag->value.bag->value.x509cert->length; + return (bag->value.bag->value.x509cert->data); +} + +/* + * Convert OpenSSL's ASN1_TIME format into a character buffer that + * can then be converted into PKCS#11 format. The buffer must be + * at least 8 bytes long. The length of the result will be 8 bytes. + * Return value of 0 indicates failure, 1 indicates success. + */ +int +PKTOOL_cvt_ossltime(ASN1_TIME *t, char *buf) +{ + cryptodebug("inside PKTOOL_cvt_ossltime"); + + if (t == NULL) { + cryptodebug("time string is empty"); + buf[0] = '\0'; + return (0); + } + + if (t->length == 15) { /* generalized time: YYYYMMDDmmhhssZ */ + cryptodebug("time string is in generalized format"); + (void) snprintf(buf, 8, "%08.8s", t->data); + return (1); + } + + if (t->length == 13) { /* UTC time: YYMMDDmmhhssZ */ + cryptodebug("time string is in UTC format"); + /* Guess whether its a 197x to 199x date, or a 20xx date. */ + (void) snprintf(buf, 8, "%s%06.6s", + ('7' <= t->data[0] && t->data[0] <= '9') ? "19" : "20", + t->data); + return (1); + } + + cryptodebug("time string is in unknown format"); + buf[0] = '\0'; + return (0); +} diff --git a/deleted_files/usr/src/cmd/cmd-crypto/pktool/osslcommon.h b/deleted_files/usr/src/cmd/cmd-crypto/pktool/osslcommon.h new file mode 100644 index 0000000000..098d0e1f6a --- /dev/null +++ b/deleted_files/usr/src/cmd/cmd-crypto/pktool/osslcommon.h @@ -0,0 +1,50 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#ifndef _PKTOOL_OSSLCOMMON_H +#define _PKTOOL_OSSLCOMMON_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + +#include <openssl/x509.h> + +extern void PKTOOL_setup_openssl(void); +extern unsigned char *PKTOOL_X509_keyid_get0(X509 *x, int *len); +extern unsigned char *PKTOOL_X509_subject_name(X509 *x, int *len); +extern unsigned char *PKTOOL_X509_issuer_name(X509 *x, int *len); +extern unsigned char *PKTOOL_X509_serial_number(X509 *x, int *len); +extern unsigned char *PKTOOL_X509_cert_value(X509 *x, int *len); +extern int PKTOOL_cvt_ossltime(ASN1_TIME *t, char *buf); + +#ifdef __cplusplus +} +#endif + +#endif /* _PKTOOL_OSSLCOMMON_H */ diff --git a/deleted_files/usr/src/cmd/cmd-crypto/pktool/p12common.c b/deleted_files/usr/src/cmd/cmd-crypto/pktool/p12common.c new file mode 100644 index 0000000000..4e164ea911 --- /dev/null +++ b/deleted_files/usr/src/cmd/cmd-crypto/pktool/p12common.c @@ -0,0 +1,103 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + +/* + * This file implements some of the common PKCS#12 routines. + */ + +#include <errno.h> +#include <string.h> +#include <cryptoutil.h> +#include "p12common.h" +#include <openssl/pkcs12.h> + +/* I18N helpers. */ +#include <libintl.h> +#include <locale.h> + +/* + * Common function to create/open PKCS#12 files. + */ +static int +pkcs12_file(char *filename, boolean_t create, BIO **fbio) +{ + cryptodebug("inside pkcs12_file"); + + if (fbio == NULL) { + cryptoerror(LOG_STDERR, create ? + gettext("Error creating file \"%s\", invalid input.") : + gettext("Error opening file \"%s\", invalid input."), + filename); + return (-1); + } + + cryptodebug(create ? "creating %s for binary writes" : + "opening %s for binary reads", filename); + if ((*fbio = BIO_new_file(filename, create ? "wb" : "rb")) == NULL) { + cryptoerror(LOG_STDERR, create ? + gettext("Error creating file \"%s\" (%s).") : + gettext("Error opening file \"%s\" (%s)."), + filename, strerror(errno)); + return (-1); + } + + return (0); +} + +/* + * Create PKCS#12 export file. + */ +int +create_pkcs12(char *filename, BIO **fbio) +{ + cryptodebug("inside create_pkcs12"); + + return (pkcs12_file(filename, B_TRUE, fbio)); +} + +/* + * Opens PKCS#12 import file. + */ +int +open_pkcs12(char *filename, BIO **fbio) +{ + cryptodebug("inside open_pkcs12"); + + return (pkcs12_file(filename, B_FALSE, fbio)); +} + +/* + * Closes PKCS#12 export file. + */ +void +close_pkcs12(BIO *fbio) +{ + cryptodebug("inside close_pkcs12"); + + BIO_free_all(fbio); +} diff --git a/deleted_files/usr/src/cmd/cmd-crypto/pktool/p12common.h b/deleted_files/usr/src/cmd/cmd-crypto/pktool/p12common.h new file mode 100644 index 0000000000..03a2a6ae5e --- /dev/null +++ b/deleted_files/usr/src/cmd/cmd-crypto/pktool/p12common.h @@ -0,0 +1,46 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License, Version 1.0 only + * (the "License"). You may not use this file except in compliance + * with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#ifndef _PKTOOL_P12COMMON_H +#define _PKTOOL_P12COMMON_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + +#include <openssl/bio.h> + +extern int create_pkcs12(char *filename, BIO **fbio); +extern int open_pkcs12(char *filename, BIO **fbio); +extern void close_pkcs12(BIO *fbio); + +#ifdef __cplusplus +} +#endif + +#endif /* _PKTOOL_P12COMMON_H */ |