|
@@ -474,81 +474,80 @@ std::unique_ptr<EC_KEY, ECKEYDeleter> parse_ec_key(FILE* file) {
|
474
|
474
|
// Otherwise returns false if the file failed to parse, or if it contains zero
|
475
|
475
|
// keys. The contents in certs would be unspecified on failure.
|
476
|
476
|
bool load_keys(const char* filename, std::vector<Certificate>& certs) {
|
477
|
|
- std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose);
|
478
|
|
- if (!f) {
|
479
|
|
- PLOG(ERROR) << "error opening " << filename;
|
480
|
|
- return false;
|
481
|
|
- }
|
482
|
|
-
|
483
|
|
- while (true) {
|
484
|
|
- certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
|
485
|
|
- Certificate& cert = certs.back();
|
486
|
|
- uint32_t exponent = 0;
|
487
|
|
-
|
488
|
|
- char start_char;
|
489
|
|
- if (fscanf(f.get(), " %c", &start_char) != 1) return false;
|
490
|
|
- if (start_char == '{') {
|
491
|
|
- // a version 1 key has no version specifier.
|
492
|
|
- cert.key_type = Certificate::KEY_TYPE_RSA;
|
493
|
|
- exponent = 3;
|
494
|
|
- cert.hash_len = SHA_DIGEST_LENGTH;
|
495
|
|
- } else if (start_char == 'v') {
|
496
|
|
- int version;
|
497
|
|
- if (fscanf(f.get(), "%d {", &version) != 1) return false;
|
498
|
|
- switch (version) {
|
499
|
|
- case 2:
|
500
|
|
- cert.key_type = Certificate::KEY_TYPE_RSA;
|
501
|
|
- exponent = 65537;
|
502
|
|
- cert.hash_len = SHA_DIGEST_LENGTH;
|
503
|
|
- break;
|
504
|
|
- case 3:
|
505
|
|
- cert.key_type = Certificate::KEY_TYPE_RSA;
|
506
|
|
- exponent = 3;
|
507
|
|
- cert.hash_len = SHA256_DIGEST_LENGTH;
|
508
|
|
- break;
|
509
|
|
- case 4:
|
510
|
|
- cert.key_type = Certificate::KEY_TYPE_RSA;
|
511
|
|
- exponent = 65537;
|
512
|
|
- cert.hash_len = SHA256_DIGEST_LENGTH;
|
513
|
|
- break;
|
514
|
|
- case 5:
|
515
|
|
- cert.key_type = Certificate::KEY_TYPE_EC;
|
516
|
|
- cert.hash_len = SHA256_DIGEST_LENGTH;
|
517
|
|
- break;
|
518
|
|
- default:
|
519
|
|
- return false;
|
520
|
|
- }
|
521
|
|
- }
|
|
477
|
+ std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "re"), fclose);
|
|
478
|
+ if (!f) {
|
|
479
|
+ PLOG(ERROR) << "error opening " << filename;
|
|
480
|
+ return false;
|
|
481
|
+ }
|
522
|
482
|
|
523
|
|
- if (cert.key_type == Certificate::KEY_TYPE_RSA) {
|
524
|
|
- cert.rsa = parse_rsa_key(f.get(), exponent);
|
525
|
|
- if (!cert.rsa) {
|
526
|
|
- return false;
|
527
|
|
- }
|
|
483
|
+ while (true) {
|
|
484
|
+ certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
|
|
485
|
+ Certificate& cert = certs.back();
|
|
486
|
+ uint32_t exponent = 0;
|
|
487
|
+
|
|
488
|
+ char start_char;
|
|
489
|
+ if (fscanf(f.get(), " %c", &start_char) != 1) return false;
|
|
490
|
+ if (start_char == '{') {
|
|
491
|
+ // a version 1 key has no version specifier.
|
|
492
|
+ cert.key_type = Certificate::KEY_TYPE_RSA;
|
|
493
|
+ exponent = 3;
|
|
494
|
+ cert.hash_len = SHA_DIGEST_LENGTH;
|
|
495
|
+ } else if (start_char == 'v') {
|
|
496
|
+ int version;
|
|
497
|
+ if (fscanf(f.get(), "%d {", &version) != 1) return false;
|
|
498
|
+ switch (version) {
|
|
499
|
+ case 2:
|
|
500
|
+ cert.key_type = Certificate::KEY_TYPE_RSA;
|
|
501
|
+ exponent = 65537;
|
|
502
|
+ cert.hash_len = SHA_DIGEST_LENGTH;
|
|
503
|
+ break;
|
|
504
|
+ case 3:
|
|
505
|
+ cert.key_type = Certificate::KEY_TYPE_RSA;
|
|
506
|
+ exponent = 3;
|
|
507
|
+ cert.hash_len = SHA256_DIGEST_LENGTH;
|
|
508
|
+ break;
|
|
509
|
+ case 4:
|
|
510
|
+ cert.key_type = Certificate::KEY_TYPE_RSA;
|
|
511
|
+ exponent = 65537;
|
|
512
|
+ cert.hash_len = SHA256_DIGEST_LENGTH;
|
|
513
|
+ break;
|
|
514
|
+ case 5:
|
|
515
|
+ cert.key_type = Certificate::KEY_TYPE_EC;
|
|
516
|
+ cert.hash_len = SHA256_DIGEST_LENGTH;
|
|
517
|
+ break;
|
|
518
|
+ default:
|
|
519
|
+ return false;
|
|
520
|
+ }
|
|
521
|
+ }
|
528
|
522
|
|
529
|
|
- LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len;
|
530
|
|
- } else if (cert.key_type == Certificate::KEY_TYPE_EC) {
|
531
|
|
- cert.ec = parse_ec_key(f.get());
|
532
|
|
- if (!cert.ec) {
|
533
|
|
- return false;
|
534
|
|
- }
|
535
|
|
- } else {
|
536
|
|
- LOG(ERROR) << "Unknown key type " << cert.key_type;
|
537
|
|
- return false;
|
538
|
|
- }
|
|
523
|
+ if (cert.key_type == Certificate::KEY_TYPE_RSA) {
|
|
524
|
+ cert.rsa = parse_rsa_key(f.get(), exponent);
|
|
525
|
+ if (!cert.rsa) {
|
|
526
|
+ return false;
|
|
527
|
+ }
|
539
|
528
|
|
540
|
|
- // if the line ends in a comma, this file has more keys.
|
541
|
|
- int ch = fgetc(f.get());
|
542
|
|
- if (ch == ',') {
|
543
|
|
- // more keys to come.
|
544
|
|
- continue;
|
545
|
|
- } else if (ch == EOF) {
|
546
|
|
- break;
|
547
|
|
- } else {
|
548
|
|
- LOG(ERROR) << "unexpected character between keys";
|
549
|
|
- return false;
|
550
|
|
- }
|
|
529
|
+ LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len;
|
|
530
|
+ } else if (cert.key_type == Certificate::KEY_TYPE_EC) {
|
|
531
|
+ cert.ec = parse_ec_key(f.get());
|
|
532
|
+ if (!cert.ec) {
|
|
533
|
+ return false;
|
|
534
|
+ }
|
|
535
|
+ } else {
|
|
536
|
+ LOG(ERROR) << "Unknown key type " << cert.key_type;
|
|
537
|
+ return false;
|
551
|
538
|
}
|
552
|
539
|
|
553
|
|
- return true;
|
|
540
|
+ // if the line ends in a comma, this file has more keys.
|
|
541
|
+ int ch = fgetc(f.get());
|
|
542
|
+ if (ch == ',') {
|
|
543
|
+ // more keys to come.
|
|
544
|
+ continue;
|
|
545
|
+ } else if (ch == EOF) {
|
|
546
|
+ break;
|
|
547
|
+ } else {
|
|
548
|
+ LOG(ERROR) << "unexpected character between keys";
|
|
549
|
+ return false;
|
|
550
|
+ }
|
|
551
|
+ }
|
|
552
|
+ return true;
|
554
|
553
|
}
|