void openssl_x509_purpose() { BIO *b; int len; FILE *fp; X509 *x, *y; const unsigned char *p; unsigned char buf[MAX5_LEN]; fp = fopen(U1CERTF, "rb"); len = fread(buf, 1, MAX5_LEN, fp); fclose(fp); p = buf; x = X509_new(); y = d2i_X509(&x, &p, len); b = BIO_new(BIO_s_file()); BIO_set_fp(b, stdout, BIO_NOCLOSE); printf("\nX509_Purpose info:\n"); X509_print(b, x); X509_check_purpose(x, X509_PURPOSE_OCSP_HELPER, 0); BIO_free(b); X509_free(x); }
static int openssl_ocsp_request_parse(lua_State*L) { OCSP_REQUEST *req = CHECK_OBJECT(1, OCSP_REQUEST, "openssl.ocsp_request"); int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2); OCSP_REQINFO *inf = req->tbsRequest; OCSP_SIGNATURE *sig = req->optionalSignature; BIO* bio = BIO_new(BIO_s_mem()); int i, num; lua_newtable(L); AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(inf->version), integer); if (inf->requestorName) { opensl_push_general_name(L, inf->requestorName, utf8); lua_setfield(L, -2, "requestorName"); } num = sk_OCSP_ONEREQ_num(inf->requestList); lua_newtable(L); for (i = 0; i < num; i++) { OCSP_ONEREQ *one = sk_OCSP_ONEREQ_value(inf->requestList, i); OCSP_CERTID *a = one->reqCert; lua_newtable(L); { openssl_push_x509_algor(L, a->hashAlgorithm); lua_setfield(L, -2, "hashAlgorithm"); PUSH_ASN1_OCTET_STRING(L, a->issuerNameHash); lua_setfield(L, -2, "issuerNameHash"); PUSH_ASN1_OCTET_STRING(L, a->issuerKeyHash); lua_setfield(L, -2, "issuerKeyHash"); PUSH_ASN1_INTEGER(L, a->serialNumber); lua_setfield(L, -2, "serialNumber"); } lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "requestList"); if (inf->requestExtensions){ STACK_OF(X509_EXTENSION) *extensions = sk_X509_EXTENSION_dup(inf->requestExtensions); PUSH_OBJECT(extensions,"openssl.stack_of_x509_extension"); lua_setfield(L,-2, "extensions"); } if (sig) { BIO_reset(bio); X509_signature_print(bio, sig->signatureAlgorithm, sig->signature); for (i = 0; i < sk_X509_num(sig->certs); i++) { X509_print(bio, sk_X509_value(sig->certs, i)); PEM_write_bio_X509(bio, sk_X509_value(sig->certs, i)); } } BIO_free(bio); return 1; }
/** * functionName : x509_cert_print * @Param : X509 *x509_cert [ X509 format certification ] * @Param : const char* tile [ description of the certification, will be printed at the head] * Brief : * print the x509 format certification * return : * return 0 without error check */ int x509_cert_print(X509* x509_cert,const char* title){ BIO *bp = BIO_new(BIO_s_file()); printf("\t\t\t\t\t %s\n",title); BIO_set_fp(bp,stdout,BIO_NOCLOSE); X509_print(bp,x509_cert); BIO_free(bp); printf("\n"); return 0; }
static void print_certificate(BIO *out, cert_format_e format, X509 *cert) { if (out == NULL) return; switch (format) { default: case CERT_FORMAT_TEXT: X509_print(out, cert); break; case CERT_FORMAT_PEM: PEM_write_bio_X509(out, cert); break; case CERT_FORMAT_DER: EXIT_ERROR("DER format is not yet supported for output"); break; } }
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) { int i; long l; OCSP_CERTID* cid = NULL; OCSP_ONEREQ *one = NULL; OCSP_REQINFO *inf = o->tbsRequest; OCSP_SIGNATURE *sig = o->optionalSignature; if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err; l=ASN1_INTEGER_get(inf->version); if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) goto err; if (inf->requestorName != NULL) { if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) goto err; GENERAL_NAME_print(bp, inf->requestorName); } if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err; for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { one = sk_OCSP_ONEREQ_value(inf->requestList, i); cid = one->reqCert; ocsp_certid_print(bp, cid, 8); if (!X509V3_extensions_print(bp, "Request Single Extensions", one->singleRequestExtensions, flags, 8)) goto err; } if (!X509V3_extensions_print(bp, "Request Extensions", inf->requestExtensions, flags, 4)) goto err; if (sig) { X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); for (i=0; i<sk_X509_num(sig->certs); i++) { X509_print(bp, sk_X509_value(sig->certs,i)); PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); } } return 1; err: return 0; }
string Certificate::toString() const { char x509_str[MAX_CERT_STR_SIZE] = { 0 }; if (!x) return x509_str; BIO *bp = BIO_new(BIO_s_mem()); if (!bp) return x509_str; memset(x509_str, '\0', MAX_CERT_STR_SIZE); if (X509_print(bp, x)) BIO_read(bp, x509_str, MAX_CERT_STR_SIZE); BIO_free(bp); return x509_str; }
void QFrankSSL::K_ServerZertifikatUntersuchen()const { X509 *Zertifikat=SSL_get_peer_certificate(K_SSLStruktur); if(Zertifikat==NULL) qDebug("QFrankSSL Server Zertifikat untersuchen: Der Server zeigt kein Zertifikat vor."); else { BIO *Puffer = BIO_new(BIO_s_mem()); if(X509_print(Puffer,Zertifikat)==1) { QByteArray Serverzert; int Groesse=BIO_ctrl(Puffer,BIO_CTRL_PENDING,0,NULL); Serverzert.resize(Groesse); BIO_read(Puffer,Serverzert.data(),Groesse); BIO_free(Puffer); qDebug(qPrintable(QString("QFrankSSL Server Zertifikat untersuchen: Das Serverzertifikat:\r\n%1").arg(QString(Serverzert)))); } else { qDebug("QFrankSSL Server Zertifikat untersuchen: Zertifikat konnte nicht gelesen werden."); } } }
Str ssl_get_certificate(SSL * ssl, char *hostname) { BIO *bp; X509 *x; X509_NAME *xn; char *p; int len; Str s; char buf[2048]; Str amsg = NULL; Str emsg; char *ans; if (ssl == NULL) return NULL; x = SSL_get_peer_certificate(ssl); if (x == NULL) { if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) ans = "y"; else { /* FIXME: gettextize? */ emsg = Strnew_charp("No SSL peer certificate: accept? (y/n)"); ans = inputAnswer(emsg->ptr); } if (ans && TOLOWER(*ans) == 'y') /* FIXME: gettextize? */ amsg = Strnew_charp ("Accept SSL session without any peer certificate"); else { /* FIXME: gettextize? */ char *e = "This SSL session was rejected " "to prevent security violation: no peer certificate"; disp_err_message(e, FALSE); free_ssl_ctx(); return NULL; } if (amsg) disp_err_message(amsg->ptr, FALSE); ssl_accept_this_site(hostname); /* FIXME: gettextize? */ s = amsg ? amsg : Strnew_charp("valid certificate"); return s; } #ifdef USE_SSL_VERIFY /* check the cert chain. * The chain length is automatically checked by OpenSSL when we * set the verify depth in the ctx. */ if (ssl_verify_server) { long verr; if ((verr = SSL_get_verify_result(ssl)) != X509_V_OK) { const char *em = X509_verify_cert_error_string(verr); if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) ans = "y"; else { /* FIXME: gettextize? */ emsg = Sprintf("%s: accept? (y/n)", em); ans = inputAnswer(emsg->ptr); } if (ans && TOLOWER(*ans) == 'y') { /* FIXME: gettextize? */ amsg = Sprintf("Accept unsecure SSL session: " "unverified: %s", em); } else { /* FIXME: gettextize? */ char *e = Sprintf("This SSL session was rejected: %s", em)->ptr; disp_err_message(e, FALSE); free_ssl_ctx(); return NULL; } } } #endif emsg = ssl_check_cert_ident(x, hostname); if (emsg != NULL) { if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) ans = "y"; else { Str ep = Strdup(emsg); if (ep->length > COLS - 16) Strshrink(ep, ep->length - (COLS - 16)); Strcat_charp(ep, ": accept? (y/n)"); ans = inputAnswer(ep->ptr); } if (ans && TOLOWER(*ans) == 'y') { /* FIXME: gettextize? */ amsg = Strnew_charp("Accept unsecure SSL session:"); Strcat(amsg, emsg); } else { /* FIXME: gettextize? */ char *e = "This SSL session was rejected " "to prevent security violation"; disp_err_message(e, FALSE); free_ssl_ctx(); return NULL; } } if (amsg) disp_err_message(amsg->ptr, FALSE); ssl_accept_this_site(hostname); /* FIXME: gettextize? */ s = amsg ? amsg : Strnew_charp("valid certificate"); Strcat_charp(s, "\n"); xn = X509_get_subject_name(x); if (X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)) == -1) Strcat_charp(s, " subject=<unknown>"); else Strcat_m_charp(s, " subject=", buf, NULL); xn = X509_get_issuer_name(x); if (X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)) == -1) Strcat_charp(s, ": issuer=<unknown>"); else Strcat_m_charp(s, ": issuer=", buf, NULL); Strcat_charp(s, "\n\n"); bp = BIO_new(BIO_s_mem()); X509_print(bp, x); len = (int)BIO_ctrl(bp, BIO_CTRL_INFO, 0, (char *)&p); Strcat_charp_n(s, p, len); BIO_free_all(bp); X509_free(x); return s; }
int pkcs7_main(int argc, char **argv) { ENGINE *e = NULL; PKCS7 *p7 = NULL; BIO *in = NULL, *out = NULL; int informat = FORMAT_PEM, outformat = FORMAT_PEM; char *infile = NULL, *outfile = NULL, *prog; int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1; OPTION_CHOICE o; prog = opt_init(argc, argv, pkcs7_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: opt_help(pkcs7_options); ret = 0; goto end; case OPT_INFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) goto opthelp; break; case OPT_OUTFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) goto opthelp; break; case OPT_IN: infile = opt_arg(); break; case OPT_OUT: outfile = opt_arg(); break; case OPT_NOOUT: noout = 1; break; case OPT_TEXT: text = 1; break; case OPT_PRINT: p7_print = 1; break; case OPT_PRINT_CERTS: print_certs = 1; break; case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; } } argc = opt_num_rest(); if (argc != 0) goto opthelp; in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; if (informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); else p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); if (p7 == NULL) { BIO_printf(bio_err, "unable to load PKCS7 object\n"); ERR_print_errors(bio_err); goto end; } out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end; if (p7_print) PKCS7_print_ctx(out, p7, 0, NULL); if (print_certs) { STACK_OF(X509) *certs = NULL; STACK_OF(X509_CRL) *crls = NULL; i = OBJ_obj2nid(p7->type); switch (i) { case NID_pkcs7_signed: if (p7->d.sign != NULL) { certs = p7->d.sign->cert; crls = p7->d.sign->crl; } break; case NID_pkcs7_signedAndEnveloped: if (p7->d.signed_and_enveloped != NULL) { certs = p7->d.signed_and_enveloped->cert; crls = p7->d.signed_and_enveloped->crl; } break; default: break; } if (certs != NULL) { X509 *x; for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); if (text) X509_print(out, x); else dump_cert_text(out, x); if (!noout) PEM_write_bio_X509(out, x); BIO_puts(out, "\n"); } } if (crls != NULL) { X509_CRL *crl; for (i = 0; i < sk_X509_CRL_num(crls); i++) { crl = sk_X509_CRL_value(crls, i); X509_CRL_print_ex(out, crl, get_nameopt()); if (!noout) PEM_write_bio_X509_CRL(out, crl); BIO_puts(out, "\n"); } } ret = 0; goto end; } if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_PKCS7_bio(out, p7); else i = PEM_write_bio_PKCS7(out, p7); if (!i) { BIO_printf(bio_err, "unable to write pkcs7 object\n"); ERR_print_errors(bio_err); goto end; } } ret = 0; end: PKCS7_free(p7); release_engine(e); BIO_free(in); BIO_free_all(out); return ret; }
int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) { int i, ret = 0; long l; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; OCSP_RESPDATA *rd = NULL; OCSP_CERTSTATUS *cst = NULL; OCSP_REVOKEDINFO *rev = NULL; OCSP_SINGLERESP *single = NULL; OCSP_RESPBYTES *rb = o->responseBytes; if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; l=ASN1_ENUMERATED_get(o->responseStatus); if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", OCSP_response_status_str(l), l) <= 0) goto err; if (rb == NULL) return 1; if (BIO_puts(bp," Response Type: ") <= 0) goto err; if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) goto err; if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { BIO_puts(bp," (unknown response type)\n"); return 1; } i = ASN1_STRING_length(rb->response); if (!(br = OCSP_response_get1_basic(o))) goto err; rd = br->tbsResponseData; l=ASN1_INTEGER_get(rd->version); if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0) goto err; if (BIO_puts(bp," Responder Id: ") <= 0) goto err; rid = rd->responderId; switch (rid->type) { case V_OCSP_RESPID_NAME: X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); break; case V_OCSP_RESPID_KEY: i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); break; } if (BIO_printf(bp,"\n Produced At: ")<=0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err; if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err; for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue; single = sk_OCSP_SINGLERESP_value(rd->responses, i); cid = single->certId; if(ocsp_certid_print(bp, cid, 4) <= 0) goto err; cst = single->certStatus; if (BIO_printf(bp," Cert Status: %s", OCSP_cert_status_str(cst->type)) <= 0) goto err; if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { rev = cst->value.revoked; if (BIO_printf(bp, "\n Revocation Time: ") <= 0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime)) goto err; if (rev->revocationReason) { l=ASN1_ENUMERATED_get(rev->revocationReason); if (BIO_printf(bp, "\n Revocation Reason: %s (0x%lx)", OCSP_crl_reason_str(l), l) <= 0) goto err; } } if (BIO_printf(bp,"\n This Update: ") <= 0) goto err; if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) goto err; if (single->nextUpdate) { if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err; if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) goto err; } if (BIO_write(bp,"\n",1) <= 0) goto err; if (!X509V3_extensions_print(bp, "Response Single Extensions", single->singleExtensions, flags, 8)) goto err; if (BIO_write(bp,"\n",1) <= 0) goto err; } if (!X509V3_extensions_print(bp, "Response Extensions", rd->responseExtensions, flags, 4)) goto err; if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) goto err; for (i=0; i<sk_X509_num(br->certs); i++) { X509_print(bp, sk_X509_value(br->certs,i)); PEM_write_bio_X509(bp,sk_X509_value(br->certs,i)); } ret = 1; err: OCSP_BASICRESP_free(br); return ret; }
void enclave_main() { struct sockaddr_in sa; SSL* ssl; X509* server_cert; SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); SSL_CTX* ctx = SSL_CTX_new (SSLv23_method()); char* filename = "output.pem"; int sd = socket (AF_INET, SOCK_STREAM, 0);//create socket if (sd!=-1 && ctx!=NULL) { memset (&sa, '\0', sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr ("216.58.219.206"); /* Server IP */ sa.sin_port = htons (443); /* Server Port number */ if (connect(sd, (struct sockaddr*) &sa, sizeof(sa)) != -1) { ssl = SSL_new (ctx); if (ssl!=NULL) { SSL_set_fd(ssl, sd); int err = SSL_connect(ssl); if (err!=-1) { server_cert = SSL_get_peer_certificate(ssl); if (server_cert!=NULL) { BIO * bio_out = BIO_new_file(filename, "w"); if (bio_out) { X509_print(bio_out, server_cert); //parsed PEM_write_bio_X509(bio_out, server_cert); BIO_free(bio_out); printf("Done writing to %s\n", filename); } X509_free (server_cert); } else { printf("No cert found!\n"); } } SSL_free (ssl); } close(sd);//close socket } else { printf("Connection error %s\n", strerror(errno)); } } else{ printf("Can't open socket"); } SSL_CTX_free (ctx); sgx_exit(NULL); }
int pkcs7_main(int argc, char **argv) { PKCS7 *p7 = NULL; BIO *in = NULL, *out = NULL; int ret = 1; int i; memset(&pkcs7_config, 0, sizeof(pkcs7_config)); pkcs7_config.informat = FORMAT_PEM; pkcs7_config.outformat = FORMAT_PEM; if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) { pkcs7_usage(); goto end; } #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, pkcs7_config.engine, 0); #endif in = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (pkcs7_config.infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { if (BIO_read_filename(in, pkcs7_config.infile) <= 0) { perror(pkcs7_config.infile); goto end; } } if (pkcs7_config.informat == FORMAT_ASN1) p7 = d2i_PKCS7_bio(in, NULL); else if (pkcs7_config.informat == FORMAT_PEM) p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); else { BIO_printf(bio_err, "bad input format specified for pkcs7 object\n"); goto end; } if (p7 == NULL) { BIO_printf(bio_err, "unable to load PKCS7 object\n"); ERR_print_errors(bio_err); goto end; } if (pkcs7_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) { perror(pkcs7_config.outfile); goto end; } } if (pkcs7_config.p7_print) PKCS7_print_ctx(out, p7, 0, NULL); if (pkcs7_config.print_certs) { STACK_OF(X509) * certs = NULL; STACK_OF(X509_CRL) * crls = NULL; i = OBJ_obj2nid(p7->type); switch (i) { case NID_pkcs7_signed: certs = p7->d.sign->cert; crls = p7->d.sign->crl; break; case NID_pkcs7_signedAndEnveloped: certs = p7->d.signed_and_enveloped->cert; crls = p7->d.signed_and_enveloped->crl; break; default: break; } if (certs != NULL) { X509 *x; for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); if (pkcs7_config.text) X509_print(out, x); else dump_cert_text(out, x); if (!pkcs7_config.noout) PEM_write_bio_X509(out, x); BIO_puts(out, "\n"); } } if (crls != NULL) { X509_CRL *crl; for (i = 0; i < sk_X509_CRL_num(crls); i++) { crl = sk_X509_CRL_value(crls, i); X509_CRL_print(out, crl); if (!pkcs7_config.noout) PEM_write_bio_X509_CRL(out, crl); BIO_puts(out, "\n"); } } ret = 0; goto end; } if (!pkcs7_config.noout) { if (pkcs7_config.outformat == FORMAT_ASN1) i = i2d_PKCS7_bio(out, p7); else if (pkcs7_config.outformat == FORMAT_PEM) i = PEM_write_bio_PKCS7(out, p7); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write pkcs7 object\n"); ERR_print_errors(bio_err); goto end; } } ret = 0; end: if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); return (ret); }
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, int text, int noout, int recursive, int indent, BIO *out) { OSSL_STORE_CTX *store_ctx = NULL; int ret = 1, items = 0; if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL)) == NULL) { BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri); ERR_print_errors(bio_err); return ret; } /* From here on, we count errors, and we'll return the count at the end */ ret = 0; for (;;) { OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx); int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); const char *infostr = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); if (info == NULL) { if (OSSL_STORE_eof(store_ctx)) break; if (OSSL_STORE_error(store_ctx)) { if (recursive) ERR_clear_error(); else ERR_print_errors(bio_err); ret++; continue; } BIO_printf(bio_err, "ERROR: OSSL_STORE_load() returned NULL without " "eof or error indications\n"); BIO_printf(bio_err, " This is an error in the loader\n"); ERR_print_errors(bio_err); ret++; break; } if (type == OSSL_STORE_INFO_NAME) { const char *name = OSSL_STORE_INFO_get0_NAME(info); const char *desc = OSSL_STORE_INFO_get0_NAME_description(info); indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr, name); if (desc != NULL) indent_printf(indent, bio_out, "%s\n", desc); } else { indent_printf(indent, bio_out, "%d: %s\n", items, infostr); } /* * Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in * functionality, so we must figure out how exactly to write things * ourselves... */ switch (type) { case OSSL_STORE_INFO_NAME: if (recursive) { const char *suburi = OSSL_STORE_INFO_get0_NAME(info); ret += process(suburi, uimeth, uidata, text, noout, recursive, indent + 2, out); } break; case OSSL_STORE_INFO_PARAMS: if (text) EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info), 0, NULL); if (!noout) PEM_write_bio_Parameters(out, OSSL_STORE_INFO_get0_PARAMS(info)); break; case OSSL_STORE_INFO_PKEY: if (text) EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info), 0, NULL); if (!noout) PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info), NULL, NULL, 0, NULL, NULL); break; case OSSL_STORE_INFO_CERT: if (text) X509_print(out, OSSL_STORE_INFO_get0_CERT(info)); if (!noout) PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info)); break; case OSSL_STORE_INFO_CRL: if (text) X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info)); if (!noout) PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info)); break; default: BIO_printf(bio_err, "!!! Unknown code\n"); ret++; break; } items++; OSSL_STORE_INFO_free(info); } indent_printf(indent, out, "Total found: %d\n", items); if (!OSSL_STORE_close(store_ctx)) { ERR_print_errors(bio_err); ret++; } return ret; }
int sess_id_main(int argc, char **argv) { SSL_SESSION *x = NULL; X509 *peer = NULL; int ret = 1, i; BIO *out = NULL; memset(&sess_id_config, 0, sizeof(sess_id_config)); sess_id_config.informat = FORMAT_PEM; sess_id_config.outformat = FORMAT_PEM; if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) { sess_id_usage(); return (1); } x = load_sess_id(sess_id_config.infile, sess_id_config.informat); if (x == NULL) { goto end; } peer = SSL_SESSION_get0_peer(x); if (sess_id_config.context) { size_t ctx_len = strlen(sess_id_config.context); if (ctx_len > SSL_MAX_SID_CTX_LENGTH) { BIO_printf(bio_err, "Context too long\n"); goto end; } SSL_SESSION_set1_id_context(x, (unsigned char *)sess_id_config.context, ctx_len); } if (!sess_id_config.noout || sess_id_config.text) { out = BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (sess_id_config.outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, sess_id_config.outfile) <= 0) { perror(sess_id_config.outfile); goto end; } } } if (sess_id_config.text) { SSL_SESSION_print(out, x); if (sess_id_config.cert) { if (peer == NULL) BIO_puts(out, "No certificate present\n"); else X509_print(out, peer); } } if (!sess_id_config.noout && !sess_id_config.cert) { if (sess_id_config.outformat == FORMAT_ASN1) i = i2d_SSL_SESSION_bio(out, x); else if (sess_id_config.outformat == FORMAT_PEM) i = PEM_write_bio_SSL_SESSION(out, x); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write SSL_SESSION\n"); goto end; } } else if (!sess_id_config.noout && (peer != NULL)) { /* just print the certificate */ if (sess_id_config.outformat == FORMAT_ASN1) i = (int) i2d_X509_bio(out, peer); else if (sess_id_config.outformat == FORMAT_PEM) i = PEM_write_bio_X509(out, peer); else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err, "unable to write X509\n"); goto end; } } ret = 0; end: BIO_free_all(out); SSL_SESSION_free(x); return (ret); }
static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7, size_t len, char *pem_file, char *der_file) { #ifdef OPENSSL_IS_BORINGSSL CBS pkcs7_cbs; #else /* OPENSSL_IS_BORINGSSL */ PKCS7 *p7 = NULL; const unsigned char *p = pkcs7; #endif /* OPENSSL_IS_BORINGSSL */ STACK_OF(X509) *certs; int i, num, ret = -1; BIO *out = NULL; #ifdef OPENSSL_IS_BORINGSSL certs = sk_X509_new_null(); if (!certs) goto fail; CBS_init(&pkcs7_cbs, pkcs7, len); if (!PKCS7_get_certificates(certs, &pkcs7_cbs)) { wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s", ERR_error_string(ERR_get_error(), NULL)); write_result(ctx, "Could not parse PKCS#7 object from EST"); goto fail; } #else /* OPENSSL_IS_BORINGSSL */ p7 = d2i_PKCS7(NULL, &p, len); if (p7 == NULL) { wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s", ERR_error_string(ERR_get_error(), NULL)); write_result(ctx, "Could not parse PKCS#7 object from EST"); goto fail; } switch (OBJ_obj2nid(p7->type)) { case NID_pkcs7_signed: certs = p7->d.sign->cert; break; case NID_pkcs7_signedAndEnveloped: certs = p7->d.signed_and_enveloped->cert; break; default: certs = NULL; break; } #endif /* OPENSSL_IS_BORINGSSL */ if (!certs || ((num = sk_X509_num(certs)) == 0)) { wpa_printf(MSG_INFO, "No certificates found in PKCS#7 object"); write_result(ctx, "No certificates found in PKCS#7 object"); goto fail; } if (der_file) { FILE *f = fopen(der_file, "wb"); if (f == NULL) goto fail; i2d_X509_fp(f, sk_X509_value(certs, 0)); fclose(f); } if (pem_file) { out = BIO_new(BIO_s_file()); if (out == NULL || BIO_write_filename(out, pem_file) <= 0) goto fail; for (i = 0; i < num; i++) { X509 *cert = sk_X509_value(certs, i); X509_print(out, cert); PEM_write_bio_X509(out, cert); BIO_puts(out, "\n"); } } ret = 0; fail: #ifdef OPENSSL_IS_BORINGSSL if (certs) sk_X509_pop_free(certs, X509_free); #else /* OPENSSL_IS_BORINGSSL */ PKCS7_free(p7); #endif /* OPENSSL_IS_BORINGSSL */ if (out) BIO_free_all(out); return ret; }
int MAIN(int argc, char **argv) { SSL_SESSION *x=NULL; int ret=1,i,num,badops=0; BIO *out=NULL; int informat,outformat; char *infile=NULL,*outfile=NULL,*context=NULL; int cert=0,noout=0,text=0; char **pp; apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); informat=FORMAT_PEM; outformat=FORMAT_PEM; argc--; argv++; num=0; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-text") == 0) text= ++num; else if (strcmp(*argv,"-cert") == 0) cert= ++num; else if (strcmp(*argv,"-noout") == 0) noout= ++num; else if (strcmp(*argv,"-context") == 0) { if(--argc < 1) goto bad; context=*++argv; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: for (pp=sess_id_usage; (*pp != NULL); pp++) BIO_printf(bio_err,*pp); goto end; } ERR_load_crypto_strings(); x=load_sess_id(infile,informat); if (x == NULL) { goto end; } if(context) { x->sid_ctx_length=strlen(context); if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) { BIO_printf(bio_err,"Context too long\n"); goto end; } memcpy(x->sid_ctx,context,x->sid_ctx_length); } #ifdef undef /* just testing for memory leaks :-) */ { SSL_SESSION *s; char buf[1024*10],*p; int i; s=SSL_SESSION_new(); p= &buf; i=i2d_SSL_SESSION(x,&p); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); p= &buf; d2i_SSL_SESSION(&s,&p,(long)i); SSL_SESSION_free(s); } #endif if (!noout || text) { out=BIO_new(BIO_s_file()); if (out == NULL) { ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } } if (text) { SSL_SESSION_print(out,x); if (cert) { if (x->peer == NULL) BIO_puts(out,"No certificate present\n"); else X509_print(out,x->peer); } } if (!noout && !cert) { if (outformat == FORMAT_ASN1) i=(int)i2d_SSL_SESSION_bio(out,x); else if (outformat == FORMAT_PEM) i=PEM_write_bio_SSL_SESSION(out,x); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write SSL_SESSION\n"); goto end; } } else if (!noout && (x->peer != NULL)) /* just print the certificate */ { if (outformat == FORMAT_ASN1) i=(int)i2d_X509_bio(out,x->peer); else if (outformat == FORMAT_PEM) i=PEM_write_bio_X509(out,x->peer); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write X509\n"); goto end; } } ret=0; end: if (out != NULL) BIO_free_all(out); if (x != NULL) SSL_SESSION_free(x); EXIT(ret); }
int MAIN(int argc, char **argv) { PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; int informat,outformat; char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0,p7_print=0; int ret=1; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0) noout=1; else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0) text=1; else if (TINYCLR_SSL_STRCMP(*argv,"-print") == 0) p7_print=1; else if (TINYCLR_SSL_STRCMP(*argv,"-print_certs") == 0) print_certs=1; #ifndef OPENSSL_NO_ENGINE else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif ret = 1; goto end; } ERR_load_crypto_strings(); #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) if (in == NULL) { TINYCLR_SSL_PERROR(infile); goto end; } } if (informat == FORMAT_ASN1) p7=d2i_PKCS7_bio(in,NULL); else if (informat == FORMAT_PEM) p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified for pkcs7 object\n"); goto end; } if (p7 == NULL) { BIO_printf(bio_err,"unable to load PKCS7 object\n"); ERR_print_errors(bio_err); goto end; } if (outfile == NULL) { BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { TINYCLR_SSL_PERROR(outfile); goto end; } } if (p7_print) PKCS7_print_ctx(out, p7, 0, NULL); if (print_certs) { STACK_OF(X509) *certs=NULL; STACK_OF(X509_CRL) *crls=NULL; i=OBJ_obj2nid(p7->type); switch (i) { case NID_pkcs7_signed: certs=p7->d.sign->cert; crls=p7->d.sign->crl; break; case NID_pkcs7_signedAndEnveloped: certs=p7->d.signed_and_enveloped->cert; crls=p7->d.signed_and_enveloped->crl; break; default: break; } if (certs != NULL) { X509 *x; for (i=0; i<sk_X509_num(certs); i++) { x=sk_X509_value(certs,i); if(text) X509_print(out, x); else dump_cert_text(out, x); if(!noout) PEM_write_bio_X509(out,x); BIO_puts(out,"\n"); } } if (crls != NULL) { X509_CRL *crl; for (i=0; i<sk_X509_CRL_num(crls); i++) { crl=sk_X509_CRL_value(crls,i); X509_CRL_print(out, crl); if(!noout)PEM_write_bio_X509_CRL(out,crl); BIO_puts(out,"\n"); } } ret=0; goto end; } if(!noout) { if (outformat == FORMAT_ASN1) i=i2d_PKCS7_bio(out,p7); else if (outformat == FORMAT_PEM) i=PEM_write_bio_PKCS7(out,p7); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write pkcs7 object\n"); ERR_print_errors(bio_err); goto end; } } ret=0; end: if (p7 != NULL) PKCS7_free(p7); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); apps_shutdown(); OPENSSL_EXIT(ret); }