From a785771bfff402060c3af5a16cf9c666e9f37e02 Mon Sep 17 00:00:00 2001 From: Ørjan Malde Date: May 14 2018 13:45:28 +0000 Subject: remove python3 based certdata2pem, and add certdata2pem C implementation from sabotage-linux --- diff --git a/Makefile b/Makefile index b68925c..96d0166 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,3 @@ -PYTHON := python3 - all: update-ca-certificates c_rehash certdata.stamp update-ca-certificates: update-ca.c @@ -8,8 +6,11 @@ update-ca-certificates: update-ca.c c_rehash: c_rehash.c ${CC} ${CFLAGS} -o $@ c_rehash.c -lcrypto ${LDFLAGS} +certdata2pem: certdata2pem.c + ${CC} ${CFLAGS} -o $@ certdata2pem.c ${LDFLAGS} + certdata.stamp: - ${PYTHON} certdata2pem.py + ./certdata2pem touch $@ install: all diff --git a/certdata2pem.c b/certdata2pem.c new file mode 100644 index 0000000..9eae705 --- /dev/null +++ b/certdata2pem.c @@ -0,0 +1,142 @@ +/* Copyright (C) 2013, Felix Janda + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ + +#include +#include +#include +#include + +void xwrite(FILE *f, void *p, size_t size) +{ + if (fwrite(p, 1, size, f) != size) err(1, 0); +} + +int main(void) +{ + FILE *f; + char cert[4096], ecert[4096*4/3 + 100]; + char *line = 0, *tmp, *filename, *label, *pcert = 0; + ssize_t len; + size_t size, certsize; + int trust; + char **blacklist = 0, **node; + + filename = "./blacklist.txt"; + if (!(f = fopen(filename, "r"))) err(1, "%s", filename); + while ((len = getline(&line, &size, f)) != -1) { + if ((line[0] != '#') && (len > 1)) { + if (!(node = malloc(sizeof(void*) + len))) err(1, 0); + *node = (char*)blacklist; + memcpy(node + 1, line, len); + blacklist = node; + } + } + fclose(f); + + filename = "./certdata.txt"; + if (!(f = fopen(filename, "r"))) err(1, "%s", filename); + while ((len = getline(&line, &size, f)) != -1) { + tmp = line; + if (line[0] == '#') continue; + if (pcert) { + if (!strcmp(line, "END\n")) { + char *base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789+/"; + size_t i, j, k, val; + + for (i = 0, val = 0, tmp = ecert; i < (size_t)(pcert - cert); i++) { + val = (val << 8) + (unsigned char)cert[i]; + if (i % 3 == 2) { + for (j = 0; j < 4; j++, val >>= 6) tmp[3 - j] = base64[val & 0x3f]; + tmp += 4; + } + if (i && !(i % 48)) { + *tmp = '\n'; + tmp++; + } + } + if (k = i % 3) { + tmp[2] = '='; + tmp[3] = '='; + val <<= 6 - 2*k; + for (j = 0; j < k + 1; j++, val >>= 6) tmp[k - j] = base64[val & 0x3f]; + tmp += 4; + } + certsize = tmp - ecert; + pcert = 0; + } else while (sscanf(tmp, "\\%hho", pcert) == 1) pcert++, tmp += 4; + } else if (!memcmp(line, "CKA_LABEL UTF8 ", 15)) { + + char *p2, *tmp2; + len -= 15; + if (!(label = malloc(len))) err(1, 0); + memcpy(label, line + 15, len); + trust = 0; + for (node = blacklist; node; node = (char**)*node) + if (!strcmp(label, (char*)(node + 1))) trust = 4; + if (!(p2 = malloc(len + 2))) err(1, 0); + for (tmp = label + 1, tmp2 = p2; *tmp != '"'; tmp++, tmp2++) { + switch (*tmp) { + case '\\': + if (sscanf(tmp, "\\x%hhx", tmp2)!=1) errx(1, "Bad triple: %s\n", tmp); + tmp += 3; + break; + case '/': + case ' ': + *tmp2 = '_'; + break; + case '(': + case ')': + *tmp2 = '='; + break; + default: + *tmp2 = *tmp; + } + } + strcpy(tmp2, ".crt"); + free(label); + label = p2; + } else if (!strcmp(line, "CKA_VALUE MULTILINE_OCTAL\n")) pcert = cert; + else if (!memcmp(line, "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_", 39)) { + tmp += 39; + if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1; + else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2; + } else if (!memcmp(line, + "CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_", 44)) { + tmp += 44; + if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1; + else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2; + if (!trust) printf("Ignoring %s\n", label); + if (trust == 1) { + FILE *out; + if (!(out = fopen(label, "w"))) err(1, "%s", label); + xwrite(out, "-----BEGIN CERTIFICATE-----\n", 28); + xwrite(out, ecert, certsize); + xwrite(out, "\n-----END CERTIFICATE-----\n", 27); + fclose(out); + } + } + } + fclose(f); + + while (blacklist) { + node = (char**)*blacklist; + free(blacklist); + blacklist = node; + } + free(line); + free(label); + return 0; +} \ No newline at end of file