#include "io/bios.h"
#include "io/slipBio.h"
#include "config.h"
+#include <internal/bio.h>
#ifdef NO_DAEMON
#define DAEMON false
}
std::shared_ptr<JobProvider> jp = std::make_shared<PostgresJobProvider>( sqlHost, sqlUser, sqlPass, sqlDB );
std::shared_ptr<BIO> b = openSerial( serialPath );
- std::shared_ptr<BIO> slip1( BIO_new( toBio<SlipBIO>() ), BIO_free );
+ std::shared_ptr<BIO_METHOD> m( toBio<SlipBIO>(), BIO_meth_free);
+ std::shared_ptr<BIO> slip1( BIO_new( m.get() ), BIO_free );
static_cast<SlipBIO*>( slip1->ptr )->setTarget( std::make_shared<OpensslBIOWrapper>( b ), false );
auto sign = std::make_shared<RemoteSigner>( slip1, generateSSLContext( false ) );
// std::shared_ptr<Signer> sign( new SimpleOpensslSigner() );
X509_REVOKED_set_serialNumber( rev, ser.get() );
if( time != "" ) {
- const unsigned char* data = ( unsigned char* )( time.data() );
- d2i_ASN1_TIME( &rev->revocationDate, &data, time.size() );
- } else {
- X509_REVOKED_set_revocationDate( rev, tmptm.get() );
+ ASN1_TIME_set_string( tmptm.get(), time.data() );
}
+ X509_REVOKED_set_revocationDate( rev, tmptm.get() );
X509_CRL_add0_revoked( crl.get(), rev );
}
std::string CRL::getSignature() {
- int len = i2d_X509_ALGOR( crl->sig_alg, NULL );
- len += i2d_ASN1_BIT_STRING( crl->signature, NULL );
- len += i2d_ASN1_TIME( crl->crl->lastUpdate, NULL );
- len += i2d_ASN1_TIME( crl->crl->nextUpdate, NULL );
+ const X509_ALGOR *palg;
+ const ASN1_BIT_STRING *psig;
+
+ X509_CRL_get0_signature(crl.get(), &psig, &palg);
+ int len = i2d_X509_ALGOR( const_cast<X509_ALGOR*>(palg), NULL );
+ len += i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING*>(psig), NULL );
+ len += i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_lastUpdate(crl.get())), NULL );
+ len += i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_nextUpdate(crl.get())), NULL );
unsigned char* buffer = ( unsigned char* ) OPENSSL_malloc( len );
unsigned char* pos = buffer;
- i2d_X509_ALGOR( crl->sig_alg, &pos );
- i2d_ASN1_BIT_STRING( crl->signature, &pos );
- i2d_ASN1_TIME( crl->crl->lastUpdate, &pos );
- i2d_ASN1_TIME( crl->crl->nextUpdate, &pos );
+ i2d_X509_ALGOR( const_cast<X509_ALGOR*>(palg), &pos );
+ i2d_ASN1_BIT_STRING( const_cast<ASN1_BIT_STRING*>(psig), &pos );
+ i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_lastUpdate(crl.get())), &pos );
+ i2d_ASN1_TIME( const_cast<ASN1_TIME*>(X509_CRL_get0_nextUpdate(crl.get())), &pos );
std::string res = std::string( ( char* ) buffer, len );
OPENSSL_free( buffer );
void CRL::setSignature( std::string signature ) {
X509_CRL_sort( crl.get() );
+ X509_ALGOR *palg;
+ ASN1_BIT_STRING *psig;
+ // this is not intended use of the OPENSSL-API but API-limitations leave us with no other options.
+ X509_CRL_get0_signature(crl.get(), const_cast<const ASN1_BIT_STRING **>(&psig), const_cast<const X509_ALGOR**>(&palg));
+
const unsigned char* data = ( unsigned char* )( signature.data() );
const unsigned char* buffer = data;
- d2i_X509_ALGOR( &crl->sig_alg, &buffer, signature.size() );
- d2i_ASN1_BIT_STRING( &crl->signature, &buffer, signature.size() + data - buffer );
- d2i_ASN1_TIME( &crl->crl->lastUpdate, &buffer, signature.size() + data - buffer );
- d2i_ASN1_TIME( &crl->crl->nextUpdate, &buffer, signature.size() + data - buffer );
+ X509_ALGOR *alg = d2i_X509_ALGOR( NULL, &buffer, signature.size() );
+ ASN1_BIT_STRING *sig = d2i_ASN1_BIT_STRING( NULL, &buffer, signature.size() + data - buffer );
+ ASN1_TIME *a1 = d2i_ASN1_TIME( NULL, &buffer, signature.size() + data - buffer );
+ ASN1_TIME *a2 = d2i_ASN1_TIME( NULL, &buffer, signature.size() + data - buffer );
+ *palg = *alg;
+ *psig = *sig;
+ X509_CRL_set1_lastUpdate( crl.get(), a1);
+ X509_CRL_set1_nextUpdate( crl.get(), a2);
+
+ //X509_ALGOR_free(alg);
+ //ASN1_BIT_STRING_free(sig);
+ ASN1_TIME_free(a1);
+ ASN1_TIME_free(a2);
}
bool CRL::needsResign() {
time_t current;
time( ¤t );
current += 60 * 60;// 1 hour
- auto time = X509_CRL_get_nextUpdate( crl.get() );
+ auto time = X509_CRL_get0_nextUpdate( crl.get() );
if( !time ) {
return true;
}
void X509Cert::setSerialNumber( BIGNUM* num ) {
- BN_to_ASN1_INTEGER( num , target->cert_info->serialNumber );
+ ASN1_INTEGER *i = BN_to_ASN1_INTEGER( num, NULL);
+ X509_set_serialNumber(target.get(), i);
+ ASN1_INTEGER_free(i);
}
void X509Cert::setTimes( uint32_t before, uint32_t after ) {
goto merr;
}
- if( !( ext_oct = M_ASN1_OCTET_STRING_new() ) ) {
+ if( !( ext_oct = ASN1_OCTET_STRING_new() ) ) {
goto merr;
}
goto merr;
}
- M_ASN1_OCTET_STRING_free( ext_oct );
+ ASN1_OCTET_STRING_free( ext_oct );
return ext;
merr:
gen->type = name->type == "DNS" ? GEN_DNS : name->type == "email" ? GEN_EMAIL : 0; // GEN_EMAIL;
if( !gen->type
- || !( gen->d.ia5 = M_ASN1_IA5STRING_new() )
+ || !( gen->d.ia5 = ASN1_IA5STRING_new() )
|| !ASN1_STRING_set( gen->d.ia5, name->content.data(), name->content.size() ) ) {
GENERAL_NAME_free( gen );
throw std::runtime_error("initing iasting5 failed");
auto res = std::make_shared<SignedCertificate>();
res->certificate = std::string( buf->data, buf->data + buf->length );
- std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( target->cert_info->serialNumber, NULL ), BN_free );
+ std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber(target.get()), NULL ), BN_free );
if( !ser ) {
throw std::runtime_error("Failed to retrieve certificate serial of signed certificate.");
buf += dlen;
}
- std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ) );
+ std::shared_ptr<X509> pem( PEM_read_bio_X509( bios.get(), NULL, 0, NULL ), X509_free );
if( !pem ) {
throw std::runtime_error("Pem was not readable");
}
- std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( pem->cert_info->serialNumber, NULL ), BN_free );
+ std::shared_ptr<BIGNUM> ser( ASN1_INTEGER_to_BN( X509_get_serialNumber(pem.get()), NULL), BN_free );
std::shared_ptr<char> serStr(
BN_bn2hex( ser.get() ),
[]( char* p ) {
std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
std::shared_ptr<SSL_CTX> ctx = std::shared_ptr<SSL_CTX>(
- SSL_CTX_new( TLSv1_2_method() ),
+ SSL_CTX_new( TLS_method() ),
[]( SSL_CTX* p ) {
SSL_CTX_free( p );
} );
} else {
dh_param = std::shared_ptr<DH>( DH_new(), DH_free );
logger::note( "Generating DH params" );
- BN_GENCB cb;
- cb.ver = 2;
- cb.arg = 0;
- cb.cb.cb_2 = gencb;
+ BN_GENCB *cb = BN_GENCB_new();
+ BN_GENCB_set(cb, gencb, NULL);
- if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, &cb ) ) {
+ if( !DH_generate_parameters_ex( dh_param.get(), 2048, 5, cb ) ) {
throw std::runtime_error("DH generation failed");
}
+ BN_GENCB_free(cb);
std::cout << std::endl;
paramfile = std::shared_ptr<FILE>( fopen( "dh_param.pem", "w" ), fclose );
CAConfig::CAConfig( const std::string& name ) : path( "ca/" + name ), name( name ) {
ca = loadX509FromFile( path + "/ca.crt" );
caKey = loadPkeyFromFile( path + "/ca.key" );
- ASN1_TIME* tm = X509_get_notBefore( ca );
+ ASN1_TIME* tm = X509_get_notBefore( ca.get() );
notBefore = std::shared_ptr<ASN1_TIME>( tm, ASN1_TIME_free );
std::size_t pos = name.find("_");
if (pos == std::string::npos) {
std::string timeToString( std::shared_ptr<ASN1_TIME> time ) {
std::shared_ptr<ASN1_GENERALIZEDTIME> gtime( ASN1_TIME_to_generalizedtime( time.get(), 0 ) );
- std::string strdate( ( char* ) ASN1_STRING_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
+ std::string strdate( ( char* ) ASN1_STRING_get0_data( gtime.get() ), ASN1_STRING_length( gtime.get() ) );
logger::notef("openssl formatted me a date: %s", strdate);
if( strdate[strdate.size() - 1] != 'Z' ) {
#include <memory>
#include <string>
+#include <string.h>
#include <vector>
#include <cinttypes>
#include <ctime>
#include <openssl/bio.h>
+struct bio_st {
+ const BIO_METHOD *method;
+ /* bio, mode, argp, argi, argl, ret */
+ long (*callback) (struct bio_st *, int, const char *, int, long, long);
+ char *cb_arg; /* first argument for the callback */
+ int init;
+ int shutdown;
+ int flags; /* extra storage */
+ int retry_reason;
+ int num;
+ void *ptr;
+ struct bio_st *next_bio; /* used by filter BIOs */
+ struct bio_st *prev_bio; /* used by filter BIOs */
+ int references;
+ uint64_t num_read;
+ uint64_t num_write;
+ CRYPTO_EX_DATA ex_data;
+ CRYPTO_RWLOCK *lock;
+};
+
+
#define BIO_TYPE_CUSTOM 0xff
class OpensslBIO {
template <typename T>
BIO_METHOD* toBio( int ( *newfunc )( BIO* ) ) {
- static BIO_METHOD new_method = {
- T::typeID,
- T::getName(),
- BIOWrapper::write,
- BIOWrapper::read,
- BIOWrapper::puts,
- BIOWrapper::gets,
- BIOWrapper::ctrl,
- newfunc,
- BIOWrapper::free,
- NULL,
- };
-
- return &new_method;
+ BIO_METHOD *meth = BIO_meth_new(T::typeID, T::getName());
+ BIO_meth_set_write(meth, BIOWrapper::write);
+ BIO_meth_set_read(meth, BIOWrapper::read);
+ BIO_meth_set_puts(meth, BIOWrapper::puts);
+ BIO_meth_set_gets(meth, BIOWrapper::gets);
+ BIO_meth_set_ctrl(meth, BIOWrapper::ctrl);
+ BIO_meth_set_destroy(meth, BIOWrapper::free);
+ BIO_meth_set_create(meth, newfunc);
+
+ return meth;
}