virtual void execute(cmd_context& ctx) { if (m_target == 0) { throw cmd_exception("invalid query command, argument expected"); } datalog::context& dlctx = m_dl_ctx->get_dl_context(); set_background(ctx); dlctx.updt_params(m_params); unsigned timeout = m_params.get_uint(":timeout", UINT_MAX); cancel_eh<datalog::context> eh(dlctx); lbool status = l_undef; { scoped_ctrl_c ctrlc(eh); scoped_timer timer(timeout, &eh); cmd_context::scoped_watch sw(ctx); try { status = dlctx.query(m_target); } catch (z3_error & ex) { throw ex; } catch (z3_exception& ex) { ctx.regular_stream() << "(error \"query failed: " << ex.msg() << "\")" << std::endl; } dlctx.cleanup(); } switch (status) { case l_false: ctx.regular_stream() << "unsat\n"; print_certificate(ctx); break; case l_true: ctx.regular_stream() << "sat\n"; print_answer(ctx); print_certificate(ctx); break; case l_undef: ctx.regular_stream() << "unknown\n"; switch(dlctx.get_status()) { case datalog::INPUT_ERROR: break; case datalog::MEMOUT: ctx.regular_stream() << "memory bounds exceeded\n"; break; case datalog::TIMEOUT: ctx.regular_stream() << "timeout\n"; break; case datalog::OK: break; default: UNREACHABLE(); } break; } print_statistics(ctx); m_target = 0; }
static int parse_pkcs7_data(const options_t *options, const CRYPT_DATA_BLOB *blob) { int result = 0; const cert_format_e input_fmt = CERT_FORMAT_DER; PKCS7 *p7 = NULL; BIO *in = NULL; CRYPTO_malloc_init(); ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); in = BIO_new_mem_buf(blob->pbData, blob->cbData); if (in == NULL) { result = -2; goto error; } switch (input_fmt) { default: EXIT_ERROR("unhandled input format for certificate"); case CERT_FORMAT_DER: p7 = d2i_PKCS7_bio(in, NULL); break; case CERT_FORMAT_PEM: p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); break; } if (p7 == NULL) { ERR_print_errors_fp(stderr); result = -3; goto error; } STACK_OF(X509) *certs = NULL; int type = OBJ_obj2nid(p7->type); switch (type) { default: break; case NID_pkcs7_signed: // PKCS7_type_is_signed(p7) certs = p7->d.sign->cert; break; case NID_pkcs7_signedAndEnveloped: // PKCS7_type_is_signedAndEnveloped(p7) certs = p7->d.signed_and_enveloped->cert; break; } const int numcerts = certs != NULL ? sk_X509_num(certs) : 0; for (int i = 0; i < numcerts; i++) { X509 *cert = sk_X509_value(certs, i); print_certificate(options->certout, options->certoutform, cert); // NOTE: Calling X509_free(cert) is unnecessary. } // Print whether certificate signature is valid if (numcerts > 0) { X509 *subject = sk_X509_value(certs, 0); X509 *issuer = sk_X509_value(certs, numcerts - 1); int valid_sig = X509_verify(subject, X509_get_pubkey(issuer)); output("Signature", valid_sig == 1 ? "valid" : "invalid"); } // Print signers if (numcerts > 0) { output_open_scope("signers", OUTPUT_SCOPE_TYPE_ARRAY); for (int i = 0; i < numcerts; i++) { X509 *cert = sk_X509_value(certs, i); X509_NAME *name = X509_get_subject_name(cert); int issuer_name_len = X509_NAME_get_text_by_NID(name, NID_commonName, NULL, 0); if (issuer_name_len > 0) { output_open_scope("signer", OUTPUT_SCOPE_TYPE_OBJECT); char issuer_name[issuer_name_len + 1]; X509_NAME_get_text_by_NID(name, NID_commonName, issuer_name, issuer_name_len + 1); output("Issuer", issuer_name); output_close_scope(); // signer } } output_close_scope(); // signers } error: if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); // Deallocate everything from OpenSSL_add_all_algorithms EVP_cleanup(); // Deallocate everything from ERR_load_crypto_strings ERR_free_strings(); return result; }