static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; int len; OCSP_RESPONSE *rsp; len = SSL_get_tlsext_status_ocsp_resp(s, &p); BIO_puts(arg, "OCSP response: "); if (!p) { BIO_puts(arg, "no response sent\n"); return 1; } rsp = d2i_OCSP_RESPONSE(NULL, &p, len); if (!rsp) { BIO_puts(arg, "response parse error\n"); BIO_dump_indent(arg, (char *)p, len, 4); return 0; } BIO_puts(arg, "\n======================================\n"); OCSP_RESPONSE_print(arg, rsp, 0); BIO_puts(arg, "======================================\n"); OCSP_RESPONSE_free(rsp); return 1; }
int BUF_MEM_print(BIO *out, const BUF_MEM *buf, int indent) { if (buf) { if (!BIO_dump_indent(out, buf->data, buf->length, indent)) return 0; } else { if (!BIO_indent(out, indent, 80) || !BIO_printf(out, "<ABSENT>\n")) return 0; } return 1; }
void openssl_bioBS_asnl() { int len; BIO *bp; FILE *fp; char buf[MAX4_LEN]; memset(buf, 0, sizeof(buf)); bp = BIO_new(BIO_s_file()); BIO_set_fp(bp, stdout, BIO_NOCLOSE); fp = fopen(RCERTF, "rb"); len = fread(buf, 1, sizeof(buf) - 1, fp); fclose(fp); printf("\nBIO_ASNL info:\n"); BIO_dump_indent(bp, buf, len, 5); BIO_free(bp); }
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { unsigned int i; const char *s; if (x == NULL) goto err; if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; if (x->ssl_version == SSL2_VERSION) s="SSLv2"; else if (x->ssl_version == SSL3_VERSION) s="SSLv3"; else if (x->ssl_version == TLS1_VERSION) s="TLSv1"; else s="unknown"; if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; if (x->cipher == NULL) { if (((x->cipher_id) & 0xff000000) == 0x02000000) { if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) goto err; } else { if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) goto err; } } else { if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) goto err; } if (BIO_puts(bp," Session-ID: ") <= 0) goto err; for (i=0; i<x->session_id_length; i++) { if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; } if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; for (i=0; i<x->sid_ctx_length; i++) { if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) goto err; } if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; for (i=0; i<(unsigned int)x->master_key_length; i++) { if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; } if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; if (x->key_arg_length == 0) { if (BIO_puts(bp,"None") <= 0) goto err; } else for (i=0; i<x->key_arg_length; i++) { if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; } #ifndef OPENSSL_NO_KRB5 if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; if (x->krb5_client_princ_len == 0) { if (BIO_puts(bp,"None") <= 0) goto err; } else for (i=0; i<x->krb5_client_princ_len; i++) { if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; } #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_TLSEXT if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", x->tlsext_tick_lifetime_hint) <=0) goto err; } if (x->tlsext_tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) goto err; } #endif #ifndef OPENSSL_NO_COMP if (x->compress_meth != 0) { SSL_COMP *comp = NULL; ssl_cipher_get_evp(x,NULL,NULL,&comp); if (comp == NULL) { if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; } else { if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; } } #endif if (x->time != 0L) { if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; } if (x->timeout != 0L) { if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; } if (BIO_puts(bp,"\n") <= 0) goto err; if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; return(1); err: return(0); }
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, int depth, int indent, int dump) { const unsigned char *p, *ep, *tot, *op, *opp; long len; int tag, xclass, ret = 0; int nl, hl, j, r; ASN1_OBJECT *o = NULL; ASN1_OCTET_STRING *os = NULL; /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent, dump_cont = 0; if (depth > ASN1_PARSE_MAXDEPTH) { BIO_puts(bp, "BAD RECURSION DEPTH\n"); return 0; } dump_indent = 6; /* Because we know BIO_dump_indent() */ p = *pp; tot = p + length; while (length > 0) { op = p; j = ASN1_get_object(&p, &len, &tag, &xclass, length); if (j & 0x80) { if (BIO_write(bp, "Error in encoding\n", 18) <= 0) goto end; ret = 0; goto end; } hl = (p - op); length -= hl; /* * if j == 0x21 it is a constructed indefinite length object */ if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp)) <= 0) goto end; if (j != (V_ASN1_CONSTRUCTED | 1)) { if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ", depth, (long)hl, len) <= 0) goto end; } else { if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0) goto end; } if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { const unsigned char *sp = p; ep = p + len; if (BIO_write(bp, "\n", 1) <= 0) goto end; if (len > length) { BIO_printf(bp, "length is greater than %ld\n", length); ret = 0; goto end; } if ((j == 0x21) && (len == 0)) { for (;;) { r = asn1_parse2(bp, &p, (long)(tot - p), offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } if ((r == 2) || (p >= tot)) { len = p - sp; break; } } } else { long tmp = len; while (p < ep) { sp = p; r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1, indent, dump); if (r == 0) { ret = 0; goto end; } tmp -= p - sp; } } } else if (xclass != 0) { p += len; if (BIO_write(bp, "\n", 1) <= 0) goto end; } else { nl = 0; if ((tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_NUMERICSTRING) || (tag == V_ASN1_UTF8STRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if (BIO_write(bp, ":", 1) <= 0) goto end; if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp = op; if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; i2a_ASN1_OBJECT(bp, o); } else { if (BIO_puts(bp, ":BAD OBJECT") <= 0) goto end; dump_cont = 1; } } else if (tag == V_ASN1_BOOLEAN) { if (len != 1) { if (BIO_puts(bp, ":BAD BOOLEAN") <= 0) goto end; dump_cont = 1; } if (len > 0) BIO_printf(bp, ":%u", p[0]); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { int i, printable = 1; opp = op; os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl); if (os != NULL && os->length > 0) { opp = os->data; /* * testing whether the octet string is printable */ for (i = 0; i < os->length; i++) { if (((opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) { printable = 0; break; } } if (printable) /* printable string */ { if (BIO_write(bp, ":", 1) <= 0) goto end; if (BIO_write(bp, (const char *)opp, os->length) <= 0) goto end; } else if (!dump) /* * not printable => print octet string as hex dump */ { if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) goto end; for (i = 0; i < os->length; i++) { if (BIO_printf(bp, "%02X", opp[i]) <= 0) goto end; } } else /* print the normal dump */ { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } if (BIO_dump_indent(bp, (const char *)opp, ((dump == -1 || dump > os-> length) ? os->length : dump), dump_indent) <= 0) goto end; nl = 1; } } ASN1_OCTET_STRING_free(os); os = NULL; } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; opp = op; bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); if (bs != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; if (bs->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp, "-", 1) <= 0) goto end; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } } else { if (BIO_puts(bp, ":BAD INTEGER") <= 0) goto end; dump_cont = 1; } ASN1_INTEGER_free(bs); } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; opp = op; bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); if (bs != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp, "-", 1) <= 0) goto end; for (i = 0; i < bs->length; i++) { if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } } else { if (BIO_puts(bp, ":BAD ENUMERATED") <= 0) goto end; dump_cont = 1; } ASN1_ENUMERATED_free(bs); } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } if (BIO_dump_indent(bp, (const char *)p, ((dump == -1 || dump > len) ? len : dump), dump_indent) <= 0) goto end; nl = 1; } if (dump_cont) { int i; const unsigned char *tmp = op + hl; if (BIO_puts(bp, ":[") <= 0) goto end; for (i = 0; i < len; i++) { if (BIO_printf(bp, "%02X", tmp[i]) <= 0) goto end; } if (BIO_puts(bp, "]") <= 0) goto end; } if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) goto end; } p += len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { ret = 2; /* End of sequence */ goto end; } } length -= len; } ret = 1; end: ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); *pp = p; return (ret); }
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { unsigned int i; const char *s; if (x == NULL) goto err; if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; if (x->ssl_version == SSL3_VERSION) s = "SSLv3"; else if (x->ssl_version == TLS1_2_VERSION) s = "TLSv1.2"; else if (x->ssl_version == TLS1_1_VERSION) s = "TLSv1.1"; else if (x->ssl_version == TLS1_VERSION) s = "TLSv1"; else if (x->ssl_version == DTLS1_VERSION) s = "DTLSv1"; else if (x->ssl_version == DTLS1_2_VERSION) s = "DTLSv1.2"; else if (x->ssl_version == DTLS1_BAD_VER) s = "DTLSv1-bad"; else s = "unknown"; if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) goto err; if (x->cipher == NULL) { if (((x->cipher_id) & 0xff000000) == 0x02000000) { if (BIO_printf (bp, " Cipher : %06lX\n", x->cipher_id & 0xffffff) <= 0) goto err; } else { if (BIO_printf (bp, " Cipher : %04lX\n", x->cipher_id & 0xffff) <= 0) goto err; } } else { if (BIO_printf (bp, " Cipher : %s\n", ((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0) goto err; } if (BIO_puts(bp, " Session-ID: ") <= 0) goto err; for (i = 0; i < x->session_id_length; i++) { if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) goto err; } if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) goto err; for (i = 0; i < x->sid_ctx_length; i++) { if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) goto err; } if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; for (i = 0; i < (unsigned int)x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } #ifndef OPENSSL_NO_PSK if (BIO_puts(bp, "\n PSK identity: ") <= 0) goto err; if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err; if (BIO_puts(bp, "\n PSK identity hint: ") <= 0) goto err; if (BIO_printf (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err; #endif #ifndef OPENSSL_NO_SRP if (BIO_puts(bp, "\n SRP username: "******"%s", x->srp_username ? x->srp_username : "******") <= 0) goto err; #endif #ifndef OPENSSL_NO_TLSEXT if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", x->tlsext_tick_lifetime_hint) <= 0) goto err; } if (x->tlsext_tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) goto err; } #endif #ifndef OPENSSL_NO_COMP if (x->compress_meth != 0) { SSL_COMP *comp = NULL; if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0)) goto err; if (comp == NULL) { if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <= 0) goto err; } else { if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, comp->name) <= 0) goto err; } } #endif if (x->time != 0L) { if (BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0) goto err; } if (x->timeout != 0L) { if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; } if (BIO_puts(bp, "\n") <= 0) goto err; if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; if (BIO_printf(bp, " Extended master secret: %s\n", x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0) goto err; return (1); err: return (0); }
int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { unsigned int i; const char *s; if (x == NULL) goto err; if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; s = ssl_version_string(x->ssl_version); if (BIO_printf(bp, " Protocol : %s\n", s) <= 0) goto err; if (x->cipher == NULL) { if (((x->cipher_id) & 0xff000000) == 0x02000000) { if (BIO_printf(bp, " Cipher : %06lX\n", x->cipher_id&0xffffff) <= 0) goto err; } else { if (BIO_printf(bp, " Cipher : %04lX\n", x->cipher_id&0xffff) <= 0) goto err; } } else { if (BIO_printf(bp, " Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) goto err; } if (BIO_puts(bp, " Session-ID: ") <= 0) goto err; for (i = 0; i < x->session_id_length; i++) { if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0) goto err; } if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0) goto err; for (i = 0; i < x->sid_ctx_length; i++) { if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0) goto err; } if (BIO_puts(bp, "\n Master-Key: ") <= 0) goto err; for (i = 0; i < (unsigned int)x->master_key_length; i++) { if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", x->tlsext_tick_lifetime_hint) <= 0) goto err; } if (x->tlsext_tick) { if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err; if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0) goto err; } if (x->time != 0) { if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) goto err; } if (x->timeout != 0L) { if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) goto err; } if (BIO_puts(bp, "\n") <= 0) goto err; if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; return (1); err: return (0); }
static int ssl_print_extension(BIO *bio, int indent, int server, int extype, const unsigned char *ext, size_t extlen) { size_t xlen; BIO_indent(bio, indent, 80); BIO_printf(bio, "extension_type=%s(%d), length=%d\n", ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); switch(extype) { case TLSEXT_TYPE_ec_point_formats: if (extlen < 1) return 0; xlen = ext[0]; if (extlen != xlen + 1) return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); case TLSEXT_TYPE_elliptic_curves: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_curve_tbl); case TLSEXT_TYPE_signature_algorithms: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; if (xlen & 1) return 0; ext += 2; while(xlen > 0) { BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "%s+%s (%d+%d)\n", ssl_trace_str(ext[0], ssl_md_tbl), ssl_trace_str(ext[1], ssl_sig_tbl), ext[0], ext[1]); xlen-= 2; ext+= 2; } break; case TLSEXT_TYPE_renegotiate: if (extlen < 1) return 0; xlen = ext[0]; if (xlen + 1 != extlen) return 0; ext++; if (xlen) { if (server) { if (xlen & 1) return 0; xlen >>= 1; } ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen); if (server) { ext += xlen; ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen); } } else { BIO_indent(bio, indent + 4, 80); BIO_puts(bio, "<EMPTY>\n"); } break; case TLSEXT_TYPE_heartbeat: if (extlen != 1) return 0; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "HeartbeatMode: %s\n", ssl_trace_str(ext[0], ssl_hb_tbl)); break; case TLSEXT_TYPE_session_ticket: if (extlen != 0) ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); break; default: BIO_dump_indent(bio, (char *)ext, extlen, indent + 2); }
int main(int argc, char *argv[]) { int r; BIO *bio = NULL; PACE_SEC *secret = NULL; EAC_CTX *picc_ctx = NULL, *pcd_ctx = NULL; BUF_MEM *enc_nonce = NULL, *pcd_mapping_data = NULL, *picc_mapping_data = NULL, *pcd_ephemeral_pubkey = NULL, *picc_ephemeral_pubkey = NULL, *pcd_token = NULL, *picc_token = NULL; EAC_init(); puts("EF.CardAccess:"); bio = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT); BIO_dump_indent(bio, (char *) EF_CARDACCESS, sizeof EF_CARDACCESS, 4); secret = PACE_SEC_new(PIN, strlen(PIN), PACE_PIN); puts("Secret:"); PACE_SEC_print_private(bio, secret, 4); picc_ctx = EAC_CTX_new(); pcd_ctx = EAC_CTX_new(); EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, sizeof EF_CARDACCESS, pcd_ctx); EAC_CTX_init_ef_cardaccess(EF_CARDACCESS, sizeof EF_CARDACCESS, picc_ctx); puts("PACE step 1"); enc_nonce = PACE_STEP1_enc_nonce(picc_ctx, secret); puts("PACE step 2"); PACE_STEP2_dec_nonce(pcd_ctx, secret, enc_nonce); puts("PACE step 3A"); pcd_mapping_data = PACE_STEP3A_generate_mapping_data(pcd_ctx); picc_mapping_data = PACE_STEP3A_generate_mapping_data(picc_ctx); PACE_STEP3A_map_generator(pcd_ctx, picc_mapping_data); PACE_STEP3A_map_generator(picc_ctx, pcd_mapping_data); puts("PACE step 3B"); pcd_ephemeral_pubkey = PACE_STEP3B_generate_ephemeral_key(pcd_ctx); picc_ephemeral_pubkey = PACE_STEP3B_generate_ephemeral_key(picc_ctx); PACE_STEP3B_compute_shared_secret(pcd_ctx, picc_ephemeral_pubkey); PACE_STEP3B_compute_shared_secret(picc_ctx, pcd_ephemeral_pubkey); puts("PACE step 3C"); PACE_STEP3C_derive_keys(pcd_ctx); PACE_STEP3C_derive_keys(picc_ctx); puts("PACE step 3D"); pcd_token = PACE_STEP3D_compute_authentication_token(pcd_ctx, picc_ephemeral_pubkey); picc_token = PACE_STEP3D_compute_authentication_token(picc_ctx, pcd_ephemeral_pubkey); r = PACE_STEP3D_verify_authentication_token(pcd_ctx, picc_token); if (r == 1) r = PACE_STEP3D_verify_authentication_token(picc_ctx, pcd_token); puts("PICC's EAC_CTX:"); EAC_CTX_print_private(bio, picc_ctx, 4); puts("PCD's EAC_CTX:"); EAC_CTX_print_private(bio, pcd_ctx, 4); EAC_CTX_clear_free(pcd_ctx); EAC_CTX_clear_free(picc_ctx); PACE_SEC_clear_free(secret); EAC_cleanup(); EAC_CTX_clear_free(pcd_ctx); EAC_CTX_clear_free(picc_ctx); PACE_SEC_clear_free(secret); if (bio) BIO_free_all(bio); if (enc_nonce) BUF_MEM_free(enc_nonce); if (pcd_mapping_data) BUF_MEM_free(pcd_mapping_data); if (picc_mapping_data) BUF_MEM_free(picc_mapping_data); if (pcd_ephemeral_pubkey) BUF_MEM_free(pcd_ephemeral_pubkey); if (picc_ephemeral_pubkey) BUF_MEM_free(picc_ephemeral_pubkey); if (pcd_token) BUF_MEM_free(pcd_token); if (picc_token) BUF_MEM_free(picc_token); if (r != 1) return 1; return 0; }
static int ssl_print_extension(BIO *bio, int indent, int server, int extype, const unsigned char *ext, size_t extlen) { size_t xlen, share_len; BIO_indent(bio, indent, 80); BIO_printf(bio, "extension_type=%s(%d), length=%d\n", ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen); switch (extype) { case TLSEXT_TYPE_ec_point_formats: if (extlen < 1) return 0; xlen = ext[0]; if (extlen != xlen + 1) return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl); case TLSEXT_TYPE_supported_groups: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl); case TLSEXT_TYPE_signature_algorithms: if (extlen < 2) return 0; xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; if (xlen & 1) return 0; ext += 2; while (xlen > 0) { BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "%s+%s (%d+%d)\n", ssl_trace_str(ext[0], ssl_md_tbl), ssl_trace_str(ext[1], ssl_sig_tbl), ext[0], ext[1]); xlen -= 2; ext += 2; } break; case TLSEXT_TYPE_renegotiate: if (extlen < 1) return 0; xlen = ext[0]; if (xlen + 1 != extlen) return 0; ext++; if (xlen) { if (server) { if (xlen & 1) return 0; xlen >>= 1; } ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen); if (server) { ext += xlen; ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen); } } else { BIO_indent(bio, indent + 4, 80); BIO_puts(bio, "<EMPTY>\n"); } break; case TLSEXT_TYPE_heartbeat: return 0; case TLSEXT_TYPE_session_ticket: if (extlen != 0) ssl_print_hex(bio, indent + 4, "ticket", ext, extlen); break; case TLSEXT_TYPE_key_share: if (extlen < 2) return 0; if (server) { xlen = extlen; } else { xlen = (ext[0] << 8) | ext[1]; if (extlen != xlen + 2) return 0; ext += 2; } for (; xlen > 0; ext += share_len, xlen -= share_len) { int group_id; if (xlen < 4) return 0; group_id = (ext[0] << 8) | ext[1]; share_len = (ext[2] << 8) | ext[3]; ext += 4; xlen -= 4; if (xlen < share_len) return 0; BIO_indent(bio, indent + 4, 80); BIO_printf(bio, "NamedGroup: %s\n", ssl_trace_str(group_id, ssl_groups_tbl)); ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len); } break; case TLSEXT_TYPE_supported_versions: if (extlen < 1) return 0; xlen = ext[0]; if (extlen != xlen + 1) return 0; return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2, ssl_version_tbl); default: BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2); }
static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, int depth, int indent, int dump) { unsigned char *p,*ep,*tot,*op,*opp; long len; int tag,xclass,ret=0; int nl,hl,j,r; ASN1_OBJECT *o=NULL; ASN1_OCTET_STRING *os=NULL; /* ASN1_BMPSTRING *bmp=NULL;*/ int dump_indent; #if 0 dump_indent = indent; #else dump_indent = 6; /* Because we know BIO_dump_indent() */ #endif p= *pp; tot=p+length; op=p-1; while ((p < tot) && (op < p)) { op=p; j=ASN1_get_object(&p,&len,&tag,&xclass,length); #ifdef LINT j=j; #endif if (j & 0x80) { if (BIO_write(bp,"Error in encoding\n",18) <= 0) goto end; ret=0; goto end; } hl=(p-op); length-=hl; /* if j == 0x21 it is a constructed indefinite length object */ if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) <= 0) goto end; if (j != (V_ASN1_CONSTRUCTED | 1)) { if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", depth,(long)hl,len) <= 0) goto end; } else { if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", depth,(long)hl) <= 0) goto end; } if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) goto end; if (j & V_ASN1_CONSTRUCTED) { ep=p+len; if (BIO_write(bp,"\n",1) <= 0) goto end; if (len > length) { BIO_printf(bp, "length is greater than %ld\n",length); ret=0; goto end; } if ((j == 0x21) && (len == 0)) { for (;;) { r=asn1_parse2(bp,&p,(long)(tot-p), offset+(p - *pp),depth+1, indent,dump); if (r == 0) { ret=0; goto end; } if ((r == 2) || (p >= tot)) break; } } else while (p < ep) { r=asn1_parse2(bp,&p,(long)len, offset+(p - *pp),depth+1, indent,dump); if (r == 0) { ret=0; goto end; } } } else if (xclass != 0) { p+=len; if (BIO_write(bp,"\n",1) <= 0) goto end; } else { nl=0; if ( (tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if (BIO_write(bp,":",1) <= 0) goto end; if ((len > 0) && BIO_write(bp,(char *)p,(int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp=op; if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; i2a_ASN1_OBJECT(bp,o); } else { if (BIO_write(bp,":BAD OBJECT",11) <= 0) goto end; } } else if (tag == V_ASN1_BOOLEAN) { int ii; opp=op; ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); if (ii < 0) { if (BIO_write(bp,"Bad boolean\n",12)) goto end; } BIO_printf(bp,":%d",ii); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { int i,printable=1; opp=op; os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); if (os != NULL) { opp=os->data; for (i=0; i<os->length; i++) { if (( (opp[i] < ' ') && (opp[i] != '\n') && (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) { printable=0; break; } } if (printable && (os->length > 0)) { if (BIO_write(bp,":",1) <= 0) goto end; if (BIO_write(bp,(char *)opp, os->length) <= 0) goto end; } if (!printable && (os->length > 0) && dump) { if (!nl) { if (BIO_write(bp,"\n",1) <= 0) goto end; } if (BIO_dump_indent(bp,(char *)opp, ((dump == -1 || dump > os->length)?os->length:dump), dump_indent) <= 0) goto end; nl=1; } M_ASN1_OCTET_STRING_free(os); os=NULL; } } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; opp=op; bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); if (bs != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; if (bs->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp,"-",1) <= 0) goto end; for (i=0; i<bs->length; i++) { if (BIO_printf(bp,"%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp,"00",2) <= 0) goto end; } } else { if (BIO_write(bp,"BAD INTEGER",11) <= 0) goto end; } M_ASN1_INTEGER_free(bs); } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; opp=op; bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); if (bs != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp,"-",1) <= 0) goto end; for (i=0; i<bs->length; i++) { if (BIO_printf(bp,"%02X", bs->data[i]) <= 0) goto end; } if (bs->length == 0) { if (BIO_write(bp,"00",2) <= 0) goto end; } } else { if (BIO_write(bp,"BAD ENUMERATED",11) <= 0) goto end; } M_ASN1_ENUMERATED_free(bs); } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp,"\n",1) <= 0) goto end; } if (BIO_dump_indent(bp,(char *)p, ((dump == -1 || dump > len)?len:dump), dump_indent) <= 0) goto end; nl=1; } if (!nl) { if (BIO_write(bp,"\n",1) <= 0) goto end; } p+=len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { ret=2; /* End of sequence */ goto end; } } length-=len; } ret=1; end: if (o != NULL) ASN1_OBJECT_free(o); if (os != NULL) M_ASN1_OCTET_STRING_free(os); *pp=p; return(ret); }
static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset, int depth, int indent, int dump, char *treecoords, struct GRSTasn1TagList taglist[], int maxtag, int *lasttag) { int sibling = 0; char sibtreecoords[512]; unsigned char *p,*ep,*tot,*op,*opp; long len; int tag,xclass,ret=0; int nl,hl,j,r; ASN1_OBJECT *o=NULL; ASN1_OCTET_STRING *os=NULL; int dump_indent; dump_indent = 6; /* Because we know BIO_dump_indent() */ p= *pp; tot=p+length; op=p-1; while ((p < tot) && (op < p)) { op=p; j=ASN1_get_object(&p,&len,&tag,&xclass,length); if (j & 0x80) { if ((bp != NULL) && (BIO_write(bp,"Error in encoding\n",18) <= 0)) goto end; ret=0; goto end; } hl=(p-op); length-=hl; ++sibling; sprintf(sibtreecoords, "%s-%d", treecoords, sibling); GRSTasn1AddToTaglist(taglist, maxtag, lasttag, sibtreecoords, (int)offset+(int)(op - *pp), (int) hl, len, tag); if (bp != NULL) { BIO_printf(bp, " %s %ld %ld %d %d ", sibtreecoords, (long)offset+(long)(op - *pp), hl, len, tag); GRSTasn1PrintPrintable(bp, p, // &((*pp)[(long)offset+(long)(op - *pp)+hl]), (len > 30) ? 30 : len); BIO_printf(bp, "\n"); } /* if j == 0x21 it is a constructed indefinite length object */ if ((bp != NULL) && (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) <= 0)) goto end; if (j != (V_ASN1_CONSTRUCTED | 1)) { if ((bp != NULL) && (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", depth,(long)hl,len) <= 0)) goto end; } else { if ((bp != NULL) && (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", depth,(long)hl) <= 0)) goto end; } if ((bp != NULL) && !asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) goto end; if (j & V_ASN1_CONSTRUCTED) { ep=p+len; if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; if (len > length) { if (bp != NULL) BIO_printf(bp, "length is greater than %ld\n",length); ret=0; goto end; } if ((j == 0x21) && (len == 0)) { for (;;) { r=GRSTasn1Parse2(bp,&p,(long)(tot-p), offset+(p - *pp),depth+1, indent,dump,sibtreecoords, taglist, maxtag, lasttag); if (r == 0) { ret=0; goto end; } if ((r == 2) || (p >= tot)) break; } } else while (p < ep) { r=GRSTasn1Parse2(bp,&p,(long)len, offset+(p - *pp),depth+1, indent,dump,sibtreecoords, taglist, maxtag, lasttag); if (r == 0) { ret=0; goto end; } } } else if (xclass != 0) { p+=len; if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; } else { nl=0; if ( (tag == V_ASN1_PRINTABLESTRING) || (tag == V_ASN1_T61STRING) || (tag == V_ASN1_IA5STRING) || (tag == V_ASN1_VISIBLESTRING) || (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if ((len > 0) && (bp != NULL) && BIO_write(bp,(char *)p,(int)len) != (int)len) goto end; } else if (tag == V_ASN1_OBJECT) { opp=op; if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) { if (bp != NULL) { if (BIO_write(bp,":",1) <= 0) goto end; i2a_ASN1_OBJECT(bp,o); } } else { if ((bp != NULL) && (BIO_write(bp,":BAD OBJECT",11) <= 0)) goto end; } } else if (tag == V_ASN1_BOOLEAN) { int ii; ii = (int)*p; if (ii < 0 || (int)len != 1) { if ((bp != NULL) && (BIO_write(bp,"Bad boolean\n",12))) goto end; } if (bp != NULL) BIO_printf(bp,":%d",ii); } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ } else if (tag == V_ASN1_OCTET_STRING) { int i; opp=op; os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); if (os != NULL) { opp=os->data; if (os->length > 0) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if ((bp != NULL) && (GRSTasn1PrintPrintable(bp, opp, os->length) <= 0)) goto end; } ASN1_OCTET_STRING_free(os); os=NULL; } } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; opp=op; bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); if (bs != NULL) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if (bs->type == V_ASN1_NEG_INTEGER) if ((bp != NULL) && (BIO_write(bp,"-",1) <= 0)) goto end; for (i=0; i<bs->length; i++) { if ((bp != NULL) && (BIO_printf(bp,"%02X", bs->data[i]) <= 0)) goto end; } if (bs->length == 0) { if ((bp != NULL) && (BIO_write(bp,"00",2) <= 0)) goto end; } } else { if ((bp != NULL) && (BIO_write(bp,"BAD INTEGER",11) <= 0)) goto end; } ASN1_INTEGER_free(bs); } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; opp=op; bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); if (bs != NULL) { if ((bp != NULL) && (BIO_write(bp,":",1) <= 0)) goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) if ((bp != NULL) && (BIO_write(bp,"-",1) <= 0)) goto end; for (i=0; i<bs->length; i++) { if ((bp != NULL) && (BIO_printf(bp,"%02X", bs->data[i]) <= 0)) goto end; } if (bs->length == 0) { if ((bp != NULL) && (BIO_write(bp,"00",2) <= 0)) goto end; } } else { if ((bp != NULL) && (BIO_write(bp,"BAD ENUMERATED",11) <= 0)) goto end; } ASN1_ENUMERATED_free(bs); } else if (len > 0 && dump) { if (!nl) { if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; } if ((bp != NULL) && (BIO_dump_indent(bp,(char *)p, ((dump == -1 || dump > len)?len:dump), dump_indent) <= 0)) goto end; nl=1; } if (!nl) { if ((bp != NULL) && (BIO_write(bp,"\n",1) <= 0)) goto end; } p+=len; if ((tag == V_ASN1_EOC) && (xclass == 0)) { ret=2; /* End of sequence */ goto end; } } length-=len; } ret=1; end: if (o != NULL) ASN1_OBJECT_free(o); if (os != NULL) ASN1_OCTET_STRING_free(os); *pp=p; return(ret); }