Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-29 09:26:18 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

added missing memory clean calls in X509 certificate generation

Browse Source
This commit is contained in:
csoler 2015-10-20 21:03:08 -04:00
parent 6398ed2c17
commit 1d1904cae1
1 changed files with 119 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
libretroshare/src/pqi/sslfns.cc
View File

@ -76,18 +76,20 @@ X509_REQ *GenerateX509Req(
X509_REQ *req=X509_REQ_new(); X509_REQ *req=X509_REQ_new();
// setup output. // setup output.
BIO *bio_out = NULL; BIO *bio_out = BIO_new(BIO_s_file());
bio_out = BIO_new(BIO_s_file());
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
X509_NAME *x509_name = NULL ;
RSA *rsa = NULL ;
try
{
// first generate a key.... // first generate a key....
if ((pkey=EVP_PKEY_new()) == NULL) if ((pkey=EVP_PKEY_new()) == NULL)
{ {
fprintf(stderr,"GenerateX509Req: Couldn't Create Key\n"); fprintf(stderr,"GenerateX509Req: Couldn't Create Key\n");
errString = "Couldn't Create Key"; throw std::runtime_error("Couldn't Create Key") ;
return 0;
} }
int nbits = 2048; int nbits = 2048;
@ -103,69 +105,44 @@ X509_REQ *GenerateX509Req(
fprintf(stderr,"GenerateX509Req: reverting to %d\n", nbits); fprintf(stderr,"GenerateX509Req: reverting to %d\n", nbits);
} }
rsa = RSA_generate_key(nbits, e, NULL, NULL);
RSA *rsa = RSA_generate_key(nbits, e, NULL, NULL);
if ((rsa == NULL) || !EVP_PKEY_assign_RSA(pkey, rsa)) if ((rsa == NULL) || !EVP_PKEY_assign_RSA(pkey, rsa))
{ throw std::runtime_error("Couldn't generate RSA Key");
if(rsa) RSA_free(rsa);
fprintf(stderr,"GenerateX509Req: Couldn't Generate RSA Key!\n");
errString = "Couldn't generate RSA Key";
return 0;
}
// open the file. // open the file.
FILE *out; FILE *out;
if (NULL == (out = RsDirUtil::rs_fopen(pkey_file.c_str(), "w"))) if (NULL == (out = RsDirUtil::rs_fopen(pkey_file.c_str(), "w")))
{ throw std::runtime_error("Couldn't Create Key File \"" + pkey_file + "\"");
fprintf(stderr,"GenerateX509Req: Couldn't Create Key File!");
fprintf(stderr," : %s\n", pkey_file.c_str());
errString = "Couldn't Create Key File";
return 0;
}
const EVP_CIPHER *cipher = EVP_des_ede3_cbc(); const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
if (!PEM_write_PrivateKey(out,pkey,cipher, if (!PEM_write_PrivateKey(out,pkey,cipher, NULL,0,NULL,(void *) passwd.c_str()))
NULL,0,NULL,(void *) passwd.c_str()))
{ {
fprintf(stderr,"GenerateX509Req() Couldn't Save Private Key"); fclose(out) ;
fprintf(stderr," : %s\n", pkey_file.c_str()); throw std::runtime_error("Couldn't Save Private Key to file \""+pkey_file+"\"");
errString = "Couldn't Save Private Key File";
return 0;
} }
fclose(out); fclose(out);
// We have now created a private key.... // We have now created a private key....
fprintf(stderr,"GenerateX509Req() Saved Private Key"); std::cerr << "GenerateX509Req() Saved Private Key to file \"" << pkey_file << "\"" << std::endl;
fprintf(stderr," : %s\n", pkey_file.c_str());
/********** Test Loading the private Key.... ************/ /********** Test Loading the private Key.... ************/
FILE *tst_in = NULL; FILE *tst_in = NULL;
EVP_PKEY *tst_pkey = NULL; EVP_PKEY *tst_pkey = NULL;
if (NULL == (tst_in = RsDirUtil::rs_fopen(pkey_file.c_str(), "rb"))) if (NULL == (tst_in = RsDirUtil::rs_fopen(pkey_file.c_str(), "rb")))
{ throw std::runtime_error("GenerateX509Req() Couldn't Open Private Key file \""+pkey_file+"\"") ;
fprintf(stderr,"GenerateX509Req() Couldn't Open Private Key");
fprintf(stderr," : %s\n", pkey_file.c_str());
errString = "Couldn't Open Private Key"; if (NULL == (tst_pkey = PEM_read_PrivateKey(tst_in,NULL,NULL,(void *) passwd.c_str())))
return 0; {
fclose(tst_in);
throw std::runtime_error("GenerateX509Req() Couldn't read Private Key file \""+pkey_file+"\"") ;
} }
if (NULL == (tst_pkey =
PEM_read_PrivateKey(tst_in,NULL,NULL,(void *) passwd.c_str())))
{
fprintf(stderr,"GenerateX509Req() Couldn't Read Private Key");
fprintf(stderr," : %s\n", pkey_file.c_str());
errString = "Couldn't Read Private Key";
return 0;
}
fclose(tst_in); fclose(tst_in);
EVP_PKEY_free(tst_pkey); EVP_PKEY_free(tst_pkey);
/********** Test Loading the private Key.... ************/
/* Fill in details: fields. /* Fill in details: fields.
req->req_info; req->req_info;
@ -177,28 +154,19 @@ X509_REQ *GenerateX509Req(
long version = 0x00; long version = 0x00;
unsigned long chtype = MBSTRING_UTF8; unsigned long chtype = MBSTRING_UTF8;
X509_NAME *x509_name = X509_NAME_new(); x509_name = X509_NAME_new();
// fill in the request. // fill in the request.
/**** X509_REQ -> Version ********************************/ /**** X509_REQ -> Version ********************************/
if (!X509_REQ_set_version(req,version)) /* version 1 */ if(!X509_REQ_set_version(req,version)) /* version 1 */
{ throw std::runtime_error("GenerateX509Req(): Couldn't Set SSL certificate Version!");
fprintf(stderr,"GenerateX509Req(): Couldn't Set Version!\n");
errString = "Couldn't Set Version";
return 0;
}
/**** X509_REQ -> Version ********************************/ /**** X509_REQ -> Version ********************************/
/**** X509_REQ -> Key ********************************/ /**** X509_REQ -> Key ********************************/
if (!X509_REQ_set_pubkey(req,pkey)) if (!X509_REQ_set_pubkey(req,pkey))
{ throw std::runtime_error("GenerateX509Req(): Couldn't Set SSL certificate PUBKEY!");
fprintf(stderr,"GenerateX509Req() Couldn't Set PUBKEY !\n");
errString = "Couldn't Set PubKey";
return 0;
}
/**** SUBJECT ********************************/ /**** SUBJECT ********************************/
// create the name. // create the name.
@ -211,72 +179,61 @@ X509_REQ *GenerateX509Req(
// stateOrProvinceName ST // stateOrProvinceName ST
// countryName C // countryName C
if (0 < strlen(name.c_str())) if (0 == strlen(name.c_str()))
{ throw std::runtime_error("No name! Aborting.") ;
X509_NAME_add_entry_by_txt(x509_name, "CN", chtype,
(unsigned char *) name.c_str(), -1, -1, 0); X509_NAME_add_entry_by_txt(x509_name, "CN", chtype, (unsigned char *) name.c_str(), -1, -1, 0);
}
else
{
fprintf(stderr,"GenerateX509Req(): No Name -> Not creating X509 Cert Req\n");
errString = "No Name, Aborting";
return 0;
}
if (0 < strlen(email.c_str())) if (0 < strlen(email.c_str()))
{ X509_NAME_add_entry_by_NID(x509_name, 48, 0, (unsigned char *) email.c_str(), -1, -1, 0);
//X509_NAME_add_entry_by_txt(x509_name, "Email", 0,
// (unsigned char *) ui -> gen_email -> value(), -1, -1, 0);
X509_NAME_add_entry_by_NID(x509_name, 48, 0,
(unsigned char *) email.c_str(), -1, -1, 0);
}
if (0 < strlen(org.c_str())) if (0 < strlen(org.c_str()))
{ X509_NAME_add_entry_by_txt(x509_name, "O", chtype, (unsigned char *) org.c_str(), -1, -1, 0);
X509_NAME_add_entry_by_txt(x509_name, "O", chtype,
(unsigned char *) org.c_str(), -1, -1, 0);
}
if (0 < strlen(loc.c_str())) if (0 < strlen(loc.c_str()))
{ X509_NAME_add_entry_by_txt(x509_name, "L", chtype, (unsigned char *) loc.c_str(), -1, -1, 0);
X509_NAME_add_entry_by_txt(x509_name, "L", chtype,
(unsigned char *) loc.c_str(), -1, -1, 0);
}
if (0 < strlen(state.c_str())) if (0 < strlen(state.c_str()))
{ X509_NAME_add_entry_by_txt(x509_name, "ST", chtype, (unsigned char *) state.c_str(), -1, -1, 0);
X509_NAME_add_entry_by_txt(x509_name, "ST", chtype,
(unsigned char *) state.c_str(), -1, -1, 0);
}
if (0 < strlen(country.c_str())) if (0 < strlen(country.c_str()))
{ X509_NAME_add_entry_by_txt(x509_name, "C", chtype, (unsigned char *) country.c_str(), -1, -1, 0);
X509_NAME_add_entry_by_txt(x509_name, "C", chtype,
(unsigned char *) country.c_str(), -1, -1, 0);
}
if (!X509_REQ_set_subject_name(req,x509_name)) if (!X509_REQ_set_subject_name(req,x509_name))
{ throw std::runtime_error("GenerateX509Req() Couldn't Set Name to Request!");
fprintf(stderr,"GenerateX509Req() Couldn't Set Name to Request!\n");
X509_NAME_free(x509_name);
errString = "Couldn't Set Name";
return 0;
}
X509_NAME_free(x509_name); X509_NAME_free(x509_name);
/**** SUBJECT ********************************/ /**** SUBJECT ********************************/
if (!X509_REQ_sign(req,pkey,EVP_sha1())) if (!X509_REQ_sign(req,pkey,EVP_sha1()))
{ throw std::runtime_error("GenerateX509Req() Failed to sign REQ");
fprintf(stderr,"GenerateX509Req() Failed to Sign REQ\n");
errString = "Couldn't Sign Req";
return 0;
}
errString = "No Error"; errString = "No Error";
return req; return req;
}
catch(std::exception& e)
{
std::cerr << "(EE) Key creation failed: " << e.what() << std::endl;
errString = e.what() ;
req = NULL ;
}
if(rsa)
RSA_free(rsa);
if(x509_name)
X509_NAME_free(x509_name);
if(bio_out)
BIO_free_all(bio_out) ;
if(pkey)
EVP_PKEY_free(pkey);
return req ;
} }
#define SERIAL_RAND_BITS 64 #define SERIAL_RAND_BITS 64