|
Packit |
6b81fa |
/*
|
|
Packit |
6b81fa |
* Copyright (C) 2019 Anderson Toshiyuki Sasaki
|
|
Packit |
6b81fa |
* Copyright (C) 2019 Red Hat, Inc.
|
|
Packit |
6b81fa |
*
|
|
Packit |
6b81fa |
* This program is free software: you can redistribute it and/or modify
|
|
Packit |
6b81fa |
* it under the terms of the GNU General Public License as published by
|
|
Packit |
6b81fa |
* the Free Software Foundation, either version 3 of the License, or
|
|
Packit |
6b81fa |
* (at your option) any later version.
|
|
Packit |
6b81fa |
*
|
|
Packit |
6b81fa |
* This program is distributed in the hope that it will be useful,
|
|
Packit |
6b81fa |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6b81fa |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
6b81fa |
* GNU General Public License for more details.
|
|
Packit |
6b81fa |
*
|
|
Packit |
6b81fa |
* You should have received a copy of the GNU General Public License
|
|
Packit |
6b81fa |
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
Packit |
6b81fa |
*/
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#include <stdio.h>
|
|
Packit |
6b81fa |
#include <stdlib.h>
|
|
Packit |
6b81fa |
#include <unistd.h>
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#include <openssl/engine.h>
|
|
Packit |
6b81fa |
#include <openssl/conf.h>
|
|
Packit |
6b81fa |
#include <openssl/evp.h>
|
|
Packit |
6b81fa |
#include <openssl/x509.h>
|
|
Packit |
6b81fa |
#include <openssl/pem.h>
|
|
Packit |
6b81fa |
#include <openssl/err.h>
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
static void usage(char *argv[])
|
|
Packit |
6b81fa |
{
|
|
Packit |
6b81fa |
fprintf(stderr, "%s [certificate (PEM)] [private key URL] [module] [conf]\n", argv[0]);
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
static void display_openssl_errors(int l)
|
|
Packit |
6b81fa |
{
|
|
Packit |
6b81fa |
const char *file;
|
|
Packit |
6b81fa |
char buf[120];
|
|
Packit |
6b81fa |
int e, line;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
if (ERR_peek_error() == 0)
|
|
Packit |
6b81fa |
return;
|
|
Packit |
6b81fa |
fprintf(stderr, "At main.c:%d:\n", l);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
while ((e = ERR_get_error_line(&file, &line))) {
|
|
Packit |
6b81fa |
ERR_error_string(e, buf);
|
|
Packit |
6b81fa |
fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
int main(int argc, char *argv[])
|
|
Packit |
6b81fa |
{
|
|
Packit |
6b81fa |
ENGINE *engine;
|
|
Packit |
6b81fa |
EVP_PKEY *pkey;
|
|
Packit |
6b81fa |
X509 *cert;
|
|
Packit |
6b81fa |
FILE *cert_fp;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
const char *module, *efile, *certfile, *privkey;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
int ret = 0;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
if (argc < 4){
|
|
Packit |
6b81fa |
printf("Too few arguments\n");
|
|
Packit |
6b81fa |
usage(argv);
|
|
Packit |
6b81fa |
return 1;
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
certfile = argv[1];
|
|
Packit |
6b81fa |
privkey = argv[2];
|
|
Packit |
6b81fa |
module = argv[3];
|
|
Packit |
6b81fa |
efile = argv[4];
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
cert_fp = fopen(certfile, "rb");
|
|
Packit |
6b81fa |
if (!cert_fp) {
|
|
Packit |
6b81fa |
fprintf(stderr, "Could not open file %s\n", certfile);
|
|
Packit |
6b81fa |
ret = 1;
|
|
Packit |
6b81fa |
goto end;
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
cert = PEM_read_X509(cert_fp, NULL, NULL, NULL);
|
|
Packit |
6b81fa |
if (!cert) {
|
|
Packit |
6b81fa |
fprintf(stderr, "Could not read certificate file"
|
|
Packit |
6b81fa |
"(must be PEM format)\n");
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
if (cert_fp) {
|
|
Packit |
6b81fa |
fclose(cert_fp);
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
ret = CONF_modules_load_file(efile, "engines", 0);
|
|
Packit |
6b81fa |
if (ret <= 0) {
|
|
Packit |
6b81fa |
fprintf(stderr, "cannot load %s\n", efile);
|
|
Packit |
6b81fa |
display_openssl_errors(__LINE__);
|
|
Packit |
6b81fa |
exit(1);
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
ENGINE_add_conf_module();
|
|
Packit |
6b81fa |
#if OPENSSL_VERSION_NUMBER>=0x10100000
|
|
Packit |
6b81fa |
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
|
|
Packit |
6b81fa |
| OPENSSL_INIT_ADD_ALL_DIGESTS \
|
|
Packit |
6b81fa |
| OPENSSL_INIT_LOAD_CONFIG, NULL);
|
|
Packit |
6b81fa |
#else
|
|
Packit |
6b81fa |
OpenSSL_add_all_algorithms();
|
|
Packit |
6b81fa |
OpenSSL_add_all_digests();
|
|
Packit |
6b81fa |
ERR_load_crypto_strings();
|
|
Packit |
6b81fa |
#endif
|
|
Packit |
6b81fa |
ERR_clear_error();
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
ENGINE_load_builtin_engines();
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
engine = ENGINE_by_id("pkcs11");
|
|
Packit |
6b81fa |
if (engine == NULL) {
|
|
Packit |
6b81fa |
printf("Could not get engine\n");
|
|
Packit |
6b81fa |
display_openssl_errors(__LINE__);
|
|
Packit |
6b81fa |
ret = 1;
|
|
Packit |
6b81fa |
goto end;
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
|
|
Packit |
6b81fa |
display_openssl_errors(__LINE__);
|
|
Packit |
6b81fa |
exit(1);
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module, 0)) {
|
|
Packit |
6b81fa |
display_openssl_errors(__LINE__);
|
|
Packit |
6b81fa |
exit(1);
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
if (!ENGINE_init(engine)) {
|
|
Packit |
6b81fa |
printf("Could not initialize engine\n");
|
|
Packit |
6b81fa |
display_openssl_errors(__LINE__);
|
|
Packit |
6b81fa |
ret = 1;
|
|
Packit |
6b81fa |
goto end;
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
pkey = ENGINE_load_private_key(engine, privkey, 0, 0);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
if (pkey == NULL) {
|
|
Packit |
6b81fa |
printf("Could not load key\n");
|
|
Packit |
6b81fa |
display_openssl_errors(__LINE__);
|
|
Packit |
6b81fa |
ret = 1;
|
|
Packit |
6b81fa |
goto end;
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
ENGINE_finish(engine);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
ret = X509_check_private_key(cert, pkey);
|
|
Packit |
6b81fa |
if (!ret) {
|
|
Packit |
6b81fa |
printf("Could not check private key\n");
|
|
Packit |
6b81fa |
display_openssl_errors(__LINE__);
|
|
Packit |
6b81fa |
ret = 1;
|
|
Packit |
6b81fa |
goto end;
|
|
Packit |
6b81fa |
}
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
printf("Key and certificate matched\n");
|
|
Packit |
6b81fa |
ret = 0;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
CONF_modules_unload(1);
|
|
Packit |
6b81fa |
end:
|
|
Packit |
6b81fa |
X509_free(cert);
|
|
Packit |
6b81fa |
EVP_PKEY_free(pkey);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
return ret;
|
|
Packit |
6b81fa |
}
|