Skip to content

GitLab

Commit 7a1c268f authored by davidcunado-arm's avatar davidcunado-arm Committed by GitHub
Browse files

Merge pull request #833 from masahir0y/cert_create 

Bug fix and cleanup of cert_create tool
parents 27e16d85 c893c733
Show whitespace changes
Inline Side-by-side
tools/cert_create/include/key.h
View file @ 7a1c268f
...@@ -73,6 +73,7 @@ typedef struct key_s { ...@@ -73,6 +73,7 @@ typedef struct key_s {
/* Exported API */ /* Exported API */
int key_init(void); int key_init(void);
key_t *key_get_by_opt(const char *opt); key_t *key_get_by_opt(const char *opt);
int key_new(key_t *key);
int key_create(key_t *key, int type); int key_create(key_t *key, int type);
int key_load(key_t *key, unsigned int *err_code); int key_load(key_t *key, unsigned int *err_code);
int key_store(key_t *key); int key_store(key_t *key);
......
tools/cert_create/src/cert.c
View file @ 7a1c268f
...@@ -103,10 +103,10 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk) ...@@ -103,10 +103,10 @@ int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk)
cert_t *issuer_cert = &certs[cert->issuer]; cert_t *issuer_cert = &certs[cert->issuer];
EVP_PKEY *ikey = keys[issuer_cert->key].key; EVP_PKEY *ikey = keys[issuer_cert->key].key;
X509 *issuer = issuer_cert->x; X509 *issuer = issuer_cert->x;
X509 *x = NULL; X509 *x;
X509_EXTENSION *ex = NULL; X509_EXTENSION *ex;
X509_NAME *name = NULL; X509_NAME *name;
ASN1_INTEGER *sno = NULL; ASN1_INTEGER *sno;
int i, num; int i, num;
/* Create the certificate structure */ /* Create the certificate structure */
...@@ -202,7 +202,7 @@ int cert_init(void) ...@@ -202,7 +202,7 @@ int cert_init(void)
cert_t *cert_get_by_opt(const char *opt) cert_t *cert_get_by_opt(const char *opt)
{ {
cert_t *cert = NULL; cert_t *cert;
unsigned int i; unsigned int i;
for (i = 0; i < num_certs; i++) { for (i = 0; i < num_certs; i++) {
......
tools/cert_create/src/ext.c
View file @ 7a1c268f
...@@ -181,13 +181,13 @@ X509_EXTENSION *ext_new(int nid, int crit, unsigned char *data, int len) ...@@ -181,13 +181,13 @@ X509_EXTENSION *ext_new(int nid, int crit, unsigned char *data, int len)
X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md, X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
unsigned char *buf, size_t len) unsigned char *buf, size_t len)
{ {
X509_EXTENSION *ex = NULL; X509_EXTENSION *ex;
ASN1_OCTET_STRING *octet = NULL; ASN1_OCTET_STRING *octet;
HASH *hash = NULL; HASH *hash;
ASN1_OBJECT *algorithm = NULL; ASN1_OBJECT *algorithm;
X509_ALGOR *x509_algor = NULL; X509_ALGOR *x509_algor;
unsigned char *p = NULL; unsigned char *p = NULL;
int sz = -1; int sz;
/* OBJECT_IDENTIFIER with hash algorithm */ /* OBJECT_IDENTIFIER with hash algorithm */
algorithm = OBJ_nid2obj(md->type); algorithm = OBJ_nid2obj(md->type);
...@@ -254,16 +254,15 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md, ...@@ -254,16 +254,15 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
*/ */
X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value) X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value)
{ {
X509_EXTENSION *ex = NULL; X509_EXTENSION *ex;
ASN1_INTEGER *counter = NULL; ASN1_INTEGER *counter;
unsigned char *p = NULL; unsigned char *p = NULL;
int sz = -1; int sz;
/* Encode counter */ /* Encode counter */
counter = ASN1_INTEGER_new(); counter = ASN1_INTEGER_new();
ASN1_INTEGER_set(counter, value); ASN1_INTEGER_set(counter, value);
sz = i2d_ASN1_INTEGER(counter, NULL); sz = i2d_ASN1_INTEGER(counter, &p);
i2d_ASN1_INTEGER(counter, &p);
/* Create the extension */ /* Create the extension */
ex = ext_new(nid, crit, p, sz); ex = ext_new(nid, crit, p, sz);
...@@ -292,9 +291,9 @@ X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value) ...@@ -292,9 +291,9 @@ X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value)
*/ */
X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k) X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k)
{ {
X509_EXTENSION *ex = NULL; X509_EXTENSION *ex;
unsigned char *p = NULL; unsigned char *p;
int sz = -1; int sz;
/* Encode key */ /* Encode key */
BIO *mem = BIO_new(BIO_s_mem()); BIO *mem = BIO_new(BIO_s_mem());
...@@ -316,7 +315,7 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k) ...@@ -316,7 +315,7 @@ X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k)
ext_t *ext_get_by_opt(const char *opt) ext_t *ext_get_by_opt(const char *opt)
{ {
ext_t *ext = NULL; ext_t *ext;
unsigned int i; unsigned int i;
/* Sequential search. This is not a performance concern since the number /* Sequential search. This is not a performance concern since the number
......
tools/cert_create/src/key.c
View file @ 7a1c268f
...@@ -49,7 +49,7 @@ ...@@ -49,7 +49,7 @@
/* /*
* Create a new key container * Create a new key container
*/ */
static int key_new(key_t *key) int key_new(key_t *key)
{ {
/* Create key pair container */ /* Create key pair container */
key->key = EVP_PKEY_new(); key->key = EVP_PKEY_new();
...@@ -62,7 +62,7 @@ static int key_new(key_t *key) ...@@ -62,7 +62,7 @@ static int key_new(key_t *key)
static int key_create_rsa(key_t *key) static int key_create_rsa(key_t *key)
{ {
RSA *rsa = NULL; RSA *rsa;
rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL); rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
if (rsa == NULL) { if (rsa == NULL) {
...@@ -83,7 +83,7 @@ err: ...@@ -83,7 +83,7 @@ err:
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
static int key_create_ecdsa(key_t *key) static int key_create_ecdsa(key_t *key)
{ {
EC_KEY *ec = NULL; EC_KEY *ec;
ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ec == NULL) { if (ec == NULL) {
...@@ -123,11 +123,6 @@ int key_create(key_t *key, int type) ...@@ -123,11 +123,6 @@ int key_create(key_t *key, int type)
return 0; return 0;
} }
/* Create OpenSSL key container */
if (!key_new(key)) {
return 0;
}
if (key_create_fn[type]) { if (key_create_fn[type]) {
return key_create_fn[type](key); return key_create_fn[type](key);
} }
...@@ -137,14 +132,8 @@ int key_create(key_t *key, int type) ...@@ -137,14 +132,8 @@ int key_create(key_t *key, int type)
int key_load(key_t *key, unsigned int *err_code) int key_load(key_t *key, unsigned int *err_code)
{ {
FILE *fp = NULL; FILE *fp;
EVP_PKEY *k = NULL; EVP_PKEY *k;
/* Create OpenSSL key container */
if (!key_new(key)) {
*err_code = KEY_ERR_MALLOC;
return 0;
}
if (key->fn) { if (key->fn) {
/* Load key from file */ /* Load key from file */
...@@ -173,7 +162,7 @@ int key_load(key_t *key, unsigned int *err_code) ...@@ -173,7 +162,7 @@ int key_load(key_t *key, unsigned int *err_code)
int key_store(key_t *key) int key_store(key_t *key)
{ {
FILE *fp = NULL; FILE *fp;
if (key->fn) { if (key->fn) {
fp = fopen(key->fn, "w"); fp = fopen(key->fn, "w");
...@@ -196,7 +185,6 @@ int key_init(void) ...@@ -196,7 +185,6 @@ int key_init(void)
{ {
cmd_opt_t cmd_opt; cmd_opt_t cmd_opt;
key_t *key; key_t *key;
int rc = 0;
unsigned int i; unsigned int i;
for (i = 0; i < num_keys; i++) { for (i = 0; i < num_keys; i++) {
...@@ -211,12 +199,12 @@ int key_init(void) ...@@ -211,12 +199,12 @@ int key_init(void)
} }
} }
return rc; return 0;
} }
key_t *key_get_by_opt(const char *opt) key_t *key_get_by_opt(const char *opt)
{ {
key_t *key = NULL; key_t *key;
unsigned int i; unsigned int i;
/* Sequential search. This is not a performance concern since the number /* Sequential search. This is not a performance concern since the number
......
tools/cert_create/src/main.c
View file @ 7a1c268f
...@@ -134,7 +134,6 @@ static void print_help(const char *cmd, const struct option *long_opt) ...@@ -134,7 +134,6 @@ static void print_help(const char *cmd, const struct option *long_opt)
printf("\t%s [OPTIONS]\n\n", cmd); printf("\t%s [OPTIONS]\n\n", cmd);
printf("Available options:\n"); printf("Available options:\n");
i = 0;
opt = long_opt; opt = long_opt;
while (opt->name) { while (opt->name) {
p = line; p = line;
...@@ -261,12 +260,12 @@ static const cmd_opt_t common_cmd_opt[] = { ...@@ -261,12 +260,12 @@ static const cmd_opt_t common_cmd_opt[] = {
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
STACK_OF(X509_EXTENSION) * sk = NULL; STACK_OF(X509_EXTENSION) * sk;
X509_EXTENSION *cert_ext = NULL; X509_EXTENSION *cert_ext;
ext_t *ext = NULL; ext_t *ext;
key_t *key = NULL; key_t *key;
cert_t *cert = NULL; cert_t *cert;
FILE *file = NULL; FILE *file;
int i, j, ext_nid, nvctr; int i, j, ext_nid, nvctr;
int c, opt_idx = 0; int c, opt_idx = 0;
const struct option *cmd_opt; const struct option *cmd_opt;
...@@ -367,6 +366,11 @@ int main(int argc, char *argv[]) ...@@ -367,6 +366,11 @@ int main(int argc, char *argv[])
/* Load private keys from files (or generate new ones) */ /* Load private keys from files (or generate new ones) */
for (i = 0 ; i < num_keys ; i++) { for (i = 0 ; i < num_keys ; i++) {
if (!key_new(&keys[i])) {
ERROR("Failed to allocate key container\n");
exit(1);
}
/* First try to load the key from disk */ /* First try to load the key from disk */
if (key_load(&keys[i], &err_code)) { if (key_load(&keys[i], &err_code)) {
/* Key loaded successfully */ /* Key loaded successfully */
...@@ -374,11 +378,7 @@ int main(int argc, char *argv[]) ...@@ -374,11 +378,7 @@ int main(int argc, char *argv[])
} }
/* Key not loaded. Check the error code */ /* Key not loaded. Check the error code */
if (err_code == KEY_ERR_MALLOC) { if (err_code == KEY_ERR_LOAD) {
/* Cannot allocate memory. Abort. */
ERROR("Malloc error while loading '%s'\n", keys[i].fn);
exit(1);
} else if (err_code == KEY_ERR_LOAD) {
/* File exists, but it does not contain a valid private /* File exists, but it does not contain a valid private
* key. Abort. */ * key. Abort. */
ERROR("Error loading '%s'\n", keys[i].fn); ERROR("Error loading '%s'\n", keys[i].fn);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment