lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-01-06 11:41:12 +03:00
Code Activity

Switch to the new code style

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2023-01-11 14:52:35 +01:00
parent 480f683d15
commit 1b6c09a62e
391 changed files with 73134 additions and 75084 deletions
Download Patch File Download Diff File Expand all files Collapse all files

273
programs/x509/cert_req.c
View File

@@ -29,13 +29,13 @@
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_PEM_WRITE_C)
int main( void )
int main(void)
{
mbedtls_printf( "MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined.\n");
mbedtls_exit( 0 );
mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined.\n");
mbedtls_exit(0);
}
#else
@@ -99,8 +99,7 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
const char *filename; /* filename of the key file */
const char *password; /* password for the key file */
int debug_level; /* level of debugging */
@@ -113,36 +112,37 @@ struct options
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
int ret;
FILE *f;
unsigned char output_buf[4096];
size_t len = 0;
memset( output_buf, 0, 4096 );
if( ( ret = mbedtls_x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 )
return( ret );
len = strlen( (char *) output_buf );
if( ( f = fopen( output_file, "w" ) ) == NULL )
return( -1 );
if( fwrite( output_buf, 1, len, f ) != len )
{
fclose( f );
return( -1 );
memset(output_buf, 0, 4096);
if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
return ret;
}
fclose( f );
len = strlen((char *) output_buf);
return( 0 );
if ((f = fopen(output_file, "w")) == NULL) {
return -1;
}
if (fwrite(output_buf, 1, len, f) != len) {
fclose(f);
return -1;
}
fclose(f);
return 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@@ -158,15 +158,14 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
mbedtls_x509write_csr_init( &req );
mbedtls_pk_init( &key );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( buf, 0, sizeof( buf ) );
mbedtls_x509write_csr_init(&req);
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
@@ -181,214 +180,198 @@ int main( int argc, char *argv[] )
opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE;
opt.md_alg = DFL_MD_ALG;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "filename" ) == 0 )
if (strcmp(p, "filename") == 0) {
opt.filename = q;
else if( strcmp( p, "password" ) == 0 )
} else if (strcmp(p, "password") == 0) {
opt.password = q;
else if( strcmp( p, "output_file" ) == 0 )
} else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
else if( strcmp( p, "debug_level" ) == 0 )
{
opt.debug_level = atoi( q );
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "subject_name" ) == 0 )
{
opt.subject_name = q;
}
else if( strcmp( p, "md" ) == 0 )
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_string( q );
if( md_info == NULL )
{
mbedtls_printf( "Invalid argument for option %s\n", p );
} else if (strcmp(p, "debug_level") == 0) {
opt.debug_level = atoi(q);
if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
}
opt.md_alg = mbedtls_md_get_type( md_info );
}
else if( strcmp( p, "key_usage" ) == 0 )
{
while( q != NULL )
{
if( ( r = strchr( q, ',' ) ) != NULL )
} else if (strcmp(p, "subject_name") == 0) {
opt.subject_name = q;
} else if (strcmp(p, "md") == 0) {
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_string(q);
if (md_info == NULL) {
mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
opt.md_alg = mbedtls_md_get_type(md_info);
} else if (strcmp(p, "key_usage") == 0) {
while (q != NULL) {
if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
}
if( strcmp( q, "digital_signature" ) == 0 )
if (strcmp(q, "digital_signature") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
else if( strcmp( q, "non_repudiation" ) == 0 )
} else if (strcmp(q, "non_repudiation") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
else if( strcmp( q, "key_encipherment" ) == 0 )
} else if (strcmp(q, "key_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
else if( strcmp( q, "data_encipherment" ) == 0 )
} else if (strcmp(q, "data_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
else if( strcmp( q, "key_agreement" ) == 0 )
} else if (strcmp(q, "key_agreement") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
else if( strcmp( q, "key_cert_sign" ) == 0 )
} else if (strcmp(q, "key_cert_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
else if( strcmp( q, "crl_sign" ) == 0 )
} else if (strcmp(q, "crl_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
else
} else {
goto usage;
}
q = r;
}
}
else if( strcmp( p, "force_key_usage" ) == 0 )
{
switch( atoi( q ) )
{
} else if (strcmp(p, "force_key_usage") == 0) {
switch (atoi(q)) {
case 0: opt.force_key_usage = 0; break;
case 1: opt.force_key_usage = 1; break;
default: goto usage;
}
}
else if( strcmp( p, "ns_cert_type" ) == 0 )
{
while( q != NULL )
{
if( ( r = strchr( q, ',' ) ) != NULL )
} else if (strcmp(p, "ns_cert_type") == 0) {
while (q != NULL) {
if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
}
if( strcmp( q, "ssl_client" ) == 0 )
if (strcmp(q, "ssl_client") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
else if( strcmp( q, "ssl_server" ) == 0 )
} else if (strcmp(q, "ssl_server") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
else if( strcmp( q, "email" ) == 0 )
} else if (strcmp(q, "email") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
else if( strcmp( q, "object_signing" ) == 0 )
} else if (strcmp(q, "object_signing") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
else if( strcmp( q, "ssl_ca" ) == 0 )
} else if (strcmp(q, "ssl_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
else if( strcmp( q, "email_ca" ) == 0 )
} else if (strcmp(q, "email_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
else if( strcmp( q, "object_signing_ca" ) == 0 )
} else if (strcmp(q, "object_signing_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
else
} else {
goto usage;
}
q = r;
}
}
else if( strcmp( p, "force_ns_cert_type" ) == 0 )
{
switch( atoi( q ) )
{
} else if (strcmp(p, "force_ns_cert_type") == 0) {
switch (atoi(q)) {
case 0: opt.force_ns_cert_type = 0; break;
case 1: opt.force_ns_cert_type = 1; break;
default: goto usage;
}
}
else
} else {
goto usage;
}
}
mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
mbedtls_x509write_csr_set_md_alg(&req, opt.md_alg);
if( opt.key_usage || opt.force_key_usage == 1 )
mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
if (opt.key_usage || opt.force_key_usage == 1) {
mbedtls_x509write_csr_set_key_usage(&req, opt.key_usage);
}
if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
if (opt.ns_cert_type || opt.force_ns_cert_type == 1) {
mbedtls_x509write_csr_set_ns_cert_type(&req, opt.ns_cert_type);
}
/*
* 0. Seed the PRNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.0. Check the subject name for validity
*/
mbedtls_printf( " . Checking subject name..." );
fflush( stdout );
mbedtls_printf(" . Checking subject name...");
fflush(stdout);
if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret );
if ((ret = mbedtls_x509write_csr_set_subject_name(&req, opt.subject_name)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.1. Load the key
*/
mbedtls_printf( " . Loading the private key ..." );
fflush( stdout );
mbedtls_printf(" . Loading the private key ...");
fflush(stdout);
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password );
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d", ret );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
goto exit;
}
mbedtls_x509write_csr_set_key( &req, &key );
mbedtls_x509write_csr_set_key(&req, &key);
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2. Writing the request
*/
mbedtls_printf( " . Writing the certificate request ..." );
fflush( stdout );
mbedtls_printf(" . Writing the certificate request ...");
fflush(stdout);
if( ( ret = write_certificate_request( &req, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! write_certificate_request %d", ret );
if ((ret = write_certificate_request(&req, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
mbedtls_printf( " - %s\n", buf );
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" - %s\n", buf);
#else
mbedtls_printf("\n");
#endif
}
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
mbedtls_printf(" + Press Enter to exit this program.\n");
fflush(stdout); getchar();
#endif
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */