void openssl_x509_purpose()
{
BIO *b;
int len;
FILE *fp;
X509 *x, *y;
const unsigned char *p;
unsigned char buf[MAX5_LEN];
fp = fopen(U1CERTF, "rb");
len = fread(buf, 1, MAX5_LEN, fp);
fclose(fp);
p = buf;
x = X509_new();
y = d2i_X509(&x, &p, len);
b = BIO_new(BIO_s_file());
BIO_set_fp(b, stdout, BIO_NOCLOSE);
printf("\nX509_Purpose info:\n");
X509_print(b, x);
X509_check_purpose(x, X509_PURPOSE_OCSP_HELPER, 0);
BIO_free(b);
X509_free(x);
}
static int openssl_ocsp_request_parse(lua_State*L)
{
OCSP_REQUEST *req = CHECK_OBJECT(1, OCSP_REQUEST, "openssl.ocsp_request");
int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
OCSP_REQINFO *inf = req->tbsRequest;
OCSP_SIGNATURE *sig = req->optionalSignature;
BIO* bio = BIO_new(BIO_s_mem());
int i, num;
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(inf->version), integer);
if (inf->requestorName)
{
opensl_push_general_name(L, inf->requestorName, utf8);
lua_setfield(L, -2, "requestorName");
}
num = sk_OCSP_ONEREQ_num(inf->requestList);
lua_newtable(L);
for (i = 0; i < num; i++)
{
OCSP_ONEREQ *one = sk_OCSP_ONEREQ_value(inf->requestList, i);
OCSP_CERTID *a = one->reqCert;
lua_newtable(L);
{
openssl_push_x509_algor(L, a->hashAlgorithm);
lua_setfield(L, -2, "hashAlgorithm");
PUSH_ASN1_OCTET_STRING(L, a->issuerNameHash);
lua_setfield(L, -2, "issuerNameHash");
PUSH_ASN1_OCTET_STRING(L, a->issuerKeyHash);
lua_setfield(L, -2, "issuerKeyHash");
PUSH_ASN1_INTEGER(L, a->serialNumber);
lua_setfield(L, -2, "serialNumber");
}
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "requestList");
if (inf->requestExtensions){
STACK_OF(X509_EXTENSION) *extensions = sk_X509_EXTENSION_dup(inf->requestExtensions);
PUSH_OBJECT(extensions,"openssl.stack_of_x509_extension");
lua_setfield(L,-2, "extensions");
}
if (sig)
{
BIO_reset(bio);
X509_signature_print(bio, sig->signatureAlgorithm, sig->signature);
for (i = 0; i < sk_X509_num(sig->certs); i++)
{
X509_print(bio, sk_X509_value(sig->certs, i));
PEM_write_bio_X509(bio, sk_X509_value(sig->certs, i));
}
}
BIO_free(bio);
return 1;
}
/**
* functionName : x509_cert_print
* @Param : X509 *x509_cert [ X509 format certification ]
* @Param : const char* tile [ description of the certification, will be printed at the head]
* Brief :
* print the x509 format certification
* return :
* return 0 without error check
*/
int x509_cert_print(X509* x509_cert,const char* title){
BIO *bp = BIO_new(BIO_s_file());
printf("\t\t\t\t\t %s\n",title);
BIO_set_fp(bp,stdout,BIO_NOCLOSE);
X509_print(bp,x509_cert);
BIO_free(bp);
printf("\n");
return 0;
}
static void print_certificate(BIO *out, cert_format_e format, X509 *cert)
{
if (out == NULL)
return;
switch (format) {
default:
case CERT_FORMAT_TEXT:
X509_print(out, cert);
break;
case CERT_FORMAT_PEM:
PEM_write_bio_X509(out, cert);
break;
case CERT_FORMAT_DER:
EXIT_ERROR("DER format is not yet supported for output");
break;
}
}
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
{
int i;
long l;
OCSP_CERTID* cid = NULL;
OCSP_ONEREQ *one = NULL;
OCSP_REQINFO *inf = o->tbsRequest;
OCSP_SIGNATURE *sig = o->optionalSignature;
if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
l=ASN1_INTEGER_get(inf->version);
if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
if (inf->requestorName != NULL)
{
if (BIO_write(bp,"\n Requestor Name: ",21) <= 0)
goto err;
GENERAL_NAME_print(bp, inf->requestorName);
}
if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err;
for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
{
one = sk_OCSP_ONEREQ_value(inf->requestList, i);
cid = one->reqCert;
ocsp_certid_print(bp, cid, 8);
if (!X509V3_extensions_print(bp,
"Request Single Extensions",
one->singleRequestExtensions, flags, 8))
goto err;
}
if (!X509V3_extensions_print(bp, "Request Extensions",
inf->requestExtensions, flags, 4))
goto err;
if (sig)
{
X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
for (i=0; i<sk_X509_num(sig->certs); i++)
{
X509_print(bp, sk_X509_value(sig->certs,i));
PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
}
}
return 1;
err:
return 0;
}
string Certificate::toString() const
{
char x509_str[MAX_CERT_STR_SIZE] = { 0 };
if (!x)
return x509_str;
BIO *bp = BIO_new(BIO_s_mem());
if (!bp)
return x509_str;
memset(x509_str, '\0', MAX_CERT_STR_SIZE);
if (X509_print(bp, x))
BIO_read(bp, x509_str, MAX_CERT_STR_SIZE);
BIO_free(bp);
return x509_str;
}
void QFrankSSL::K_ServerZertifikatUntersuchen()const
{
X509 *Zertifikat=SSL_get_peer_certificate(K_SSLStruktur);
if(Zertifikat==NULL)
qDebug("QFrankSSL Server Zertifikat untersuchen: Der Server zeigt kein Zertifikat vor.");
else
{
BIO *Puffer = BIO_new(BIO_s_mem());
if(X509_print(Puffer,Zertifikat)==1)
{
QByteArray Serverzert;
int Groesse=BIO_ctrl(Puffer,BIO_CTRL_PENDING,0,NULL);
Serverzert.resize(Groesse);
BIO_read(Puffer,Serverzert.data(),Groesse);
BIO_free(Puffer);
qDebug(qPrintable(QString("QFrankSSL Server Zertifikat untersuchen: Das Serverzertifikat:\r\n%1").arg(QString(Serverzert))));
}
else
{
qDebug("QFrankSSL Server Zertifikat untersuchen: Zertifikat konnte nicht gelesen werden.");
}
}
}
Str
ssl_get_certificate(SSL * ssl, char *hostname)
{
BIO *bp;
X509 *x;
X509_NAME *xn;
char *p;
int len;
Str s;
char buf[2048];
Str amsg = NULL;
Str emsg;
char *ans;
if (ssl == NULL)
return NULL;
x = SSL_get_peer_certificate(ssl);
if (x == NULL) {
if (accept_this_site
&& strcasecmp(accept_this_site->ptr, hostname) == 0)
ans = "y";
else {
/* FIXME: gettextize? */
emsg = Strnew_charp("No SSL peer certificate: accept? (y/n)");
ans = inputAnswer(emsg->ptr);
}
if (ans && TOLOWER(*ans) == 'y')
/* FIXME: gettextize? */
amsg = Strnew_charp
("Accept SSL session without any peer certificate");
else {
/* FIXME: gettextize? */
char *e = "This SSL session was rejected "
"to prevent security violation: no peer certificate";
disp_err_message(e, FALSE);
free_ssl_ctx();
return NULL;
}
if (amsg)
disp_err_message(amsg->ptr, FALSE);
ssl_accept_this_site(hostname);
/* FIXME: gettextize? */
s = amsg ? amsg : Strnew_charp("valid certificate");
return s;
}
#ifdef USE_SSL_VERIFY
/* check the cert chain.
* The chain length is automatically checked by OpenSSL when we
* set the verify depth in the ctx.
*/
if (ssl_verify_server) {
long verr;
if ((verr = SSL_get_verify_result(ssl))
!= X509_V_OK) {
const char *em = X509_verify_cert_error_string(verr);
if (accept_this_site
&& strcasecmp(accept_this_site->ptr, hostname) == 0)
ans = "y";
else {
/* FIXME: gettextize? */
emsg = Sprintf("%s: accept? (y/n)", em);
ans = inputAnswer(emsg->ptr);
}
if (ans && TOLOWER(*ans) == 'y') {
/* FIXME: gettextize? */
amsg = Sprintf("Accept unsecure SSL session: "
"unverified: %s", em);
}
else {
/* FIXME: gettextize? */
char *e =
Sprintf("This SSL session was rejected: %s", em)->ptr;
disp_err_message(e, FALSE);
free_ssl_ctx();
return NULL;
}
}
}
#endif
emsg = ssl_check_cert_ident(x, hostname);
if (emsg != NULL) {
if (accept_this_site
&& strcasecmp(accept_this_site->ptr, hostname) == 0)
ans = "y";
else {
Str ep = Strdup(emsg);
if (ep->length > COLS - 16)
Strshrink(ep, ep->length - (COLS - 16));
Strcat_charp(ep, ": accept? (y/n)");
ans = inputAnswer(ep->ptr);
}
if (ans && TOLOWER(*ans) == 'y') {
/* FIXME: gettextize? */
amsg = Strnew_charp("Accept unsecure SSL session:");
Strcat(amsg, emsg);
}
else {
/* FIXME: gettextize? */
char *e = "This SSL session was rejected "
"to prevent security violation";
disp_err_message(e, FALSE);
free_ssl_ctx();
return NULL;
}
}
if (amsg)
disp_err_message(amsg->ptr, FALSE);
ssl_accept_this_site(hostname);
/* FIXME: gettextize? */
s = amsg ? amsg : Strnew_charp("valid certificate");
Strcat_charp(s, "\n");
xn = X509_get_subject_name(x);
if (X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)) == -1)
Strcat_charp(s, " subject=<unknown>");
else
Strcat_m_charp(s, " subject=", buf, NULL);
xn = X509_get_issuer_name(x);
if (X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)) == -1)
Strcat_charp(s, ": issuer=<unknown>");
else
Strcat_m_charp(s, ": issuer=", buf, NULL);
Strcat_charp(s, "\n\n");
bp = BIO_new(BIO_s_mem());
X509_print(bp, x);
len = (int)BIO_ctrl(bp, BIO_CTRL_INFO, 0, (char *)&p);
Strcat_charp_n(s, p, len);
BIO_free_all(bp);
X509_free(x);
return s;
}
int pkcs7_main(int argc, char **argv)
{
ENGINE *e = NULL;
PKCS7 *p7 = NULL;
BIO *in = NULL, *out = NULL;
int informat = FORMAT_PEM, outformat = FORMAT_PEM;
char *infile = NULL, *outfile = NULL, *prog;
int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
OPTION_CHOICE o;
prog = opt_init(argc, argv, pkcs7_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs7_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_PRINT:
p7_print = 1;
break;
case OPT_PRINT_CERTS:
print_certs = 1;
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
if (argc != 0)
goto opthelp;
in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
if (informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
if (p7 == NULL) {
BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (print_certs) {
STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL;
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
if (p7->d.sign != NULL) {
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
}
break;
case NID_pkcs7_signedAndEnveloped:
if (p7->d.signed_and_enveloped != NULL) {
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
}
break;
default:
break;
}
if (certs != NULL) {
X509 *x;
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
if (text)
X509_print(out, x);
else
dump_cert_text(out, x);
if (!noout)
PEM_write_bio_X509(out, x);
BIO_puts(out, "\n");
}
}
if (crls != NULL) {
X509_CRL *crl;
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
crl = sk_X509_CRL_value(crls, i);
X509_CRL_print_ex(out, crl, get_nameopt());
if (!noout)
PEM_write_bio_X509_CRL(out, crl);
BIO_puts(out, "\n");
}
}
ret = 0;
goto end;
}
if (!noout) {
if (outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else
i = PEM_write_bio_PKCS7(out, p7);
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
PKCS7_free(p7);
release_engine(e);
BIO_free(in);
BIO_free_all(out);
return ret;
}
int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
{
int i, ret = 0;
long l;
OCSP_CERTID *cid = NULL;
OCSP_BASICRESP *br = NULL;
OCSP_RESPID *rid = NULL;
OCSP_RESPDATA *rd = NULL;
OCSP_CERTSTATUS *cst = NULL;
OCSP_REVOKEDINFO *rev = NULL;
OCSP_SINGLERESP *single = NULL;
OCSP_RESPBYTES *rb = o->responseBytes;
if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
l=ASN1_ENUMERATED_get(o->responseStatus);
if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n",
OCSP_response_status_str(l), l) <= 0) goto err;
if (rb == NULL) return 1;
if (BIO_puts(bp," Response Type: ") <= 0)
goto err;
if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
goto err;
if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
{
BIO_puts(bp," (unknown response type)\n");
return 1;
}
i = ASN1_STRING_length(rb->response);
if (!(br = OCSP_response_get1_basic(o))) goto err;
rd = br->tbsResponseData;
l=ASN1_INTEGER_get(rd->version);
if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n",
l+1,l) <= 0) goto err;
if (BIO_puts(bp," Responder Id: ") <= 0) goto err;
rid = rd->responderId;
switch (rid->type)
{
case V_OCSP_RESPID_NAME:
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
break;
case V_OCSP_RESPID_KEY:
i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
break;
}
if (BIO_printf(bp,"\n Produced At: ")<=0) goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err;
for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
{
if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
single = sk_OCSP_SINGLERESP_value(rd->responses, i);
cid = single->certId;
if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
cst = single->certStatus;
if (BIO_printf(bp," Cert Status: %s",
OCSP_cert_status_str(cst->type)) <= 0)
goto err;
if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
{
rev = cst->value.revoked;
if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,
rev->revocationTime))
goto err;
if (rev->revocationReason)
{
l=ASN1_ENUMERATED_get(rev->revocationReason);
if (BIO_printf(bp,
"\n Revocation Reason: %s (0x%lx)",
OCSP_crl_reason_str(l), l) <= 0)
goto err;
}
}
if (BIO_printf(bp,"\n This Update: ") <= 0) goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
goto err;
if (single->nextUpdate)
{
if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
goto err;
}
if (BIO_write(bp,"\n",1) <= 0) goto err;
if (!X509V3_extensions_print(bp,
"Response Single Extensions",
single->singleExtensions, flags, 8))
goto err;
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
if (!X509V3_extensions_print(bp, "Response Extensions",
rd->responseExtensions, flags, 4))
goto err;
if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
goto err;
for (i=0; i<sk_X509_num(br->certs); i++)
{
X509_print(bp, sk_X509_value(br->certs,i));
PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
}
ret = 1;
err:
OCSP_BASICRESP_free(br);
return ret;
}
void enclave_main()
{
struct sockaddr_in sa;
SSL* ssl;
X509* server_cert;
SSLeay_add_ssl_algorithms();
SSL_load_error_strings();
SSL_CTX* ctx = SSL_CTX_new (SSLv23_method());
char* filename = "output.pem";
int sd = socket (AF_INET, SOCK_STREAM, 0);//create socket
if (sd!=-1 && ctx!=NULL)
{
memset (&sa, '\0', sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_addr.s_addr = inet_addr ("216.58.219.206"); /* Server IP */
sa.sin_port = htons (443); /* Server Port number */
if (connect(sd, (struct sockaddr*) &sa, sizeof(sa)) != -1)
{
ssl = SSL_new (ctx);
if (ssl!=NULL)
{
SSL_set_fd(ssl, sd);
int err = SSL_connect(ssl);
if (err!=-1)
{
server_cert = SSL_get_peer_certificate(ssl);
if (server_cert!=NULL)
{
BIO * bio_out = BIO_new_file(filename, "w");
if (bio_out)
{
X509_print(bio_out, server_cert); //parsed
PEM_write_bio_X509(bio_out, server_cert);
BIO_free(bio_out);
printf("Done writing to %s\n", filename);
}
X509_free (server_cert);
}
else {
printf("No cert found!\n");
}
}
SSL_free (ssl);
}
close(sd);//close socket
}
else {
printf("Connection error %s\n", strerror(errno));
}
}
else{
printf("Can't open socket");
}
SSL_CTX_free (ctx);
sgx_exit(NULL);
}
int
pkcs7_main(int argc, char **argv)
{
PKCS7 *p7 = NULL;
BIO *in = NULL, *out = NULL;
int ret = 1;
int i;
memset(&pkcs7_config, 0, sizeof(pkcs7_config));
pkcs7_config.informat = FORMAT_PEM;
pkcs7_config.outformat = FORMAT_PEM;
if (options_parse(argc, argv, pkcs7_options, NULL, NULL) != 0) {
pkcs7_usage();
goto end;
}
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, pkcs7_config.engine, 0);
#endif
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
if (pkcs7_config.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, pkcs7_config.infile) <= 0) {
perror(pkcs7_config.infile);
goto end;
}
}
if (pkcs7_config.informat == FORMAT_ASN1)
p7 = d2i_PKCS7_bio(in, NULL);
else if (pkcs7_config.informat == FORMAT_PEM)
p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
else {
BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
goto end;
}
if (p7 == NULL) {
BIO_printf(bio_err, "unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
if (pkcs7_config.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, pkcs7_config.outfile) <= 0) {
perror(pkcs7_config.outfile);
goto end;
}
}
if (pkcs7_config.p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (pkcs7_config.print_certs) {
STACK_OF(X509) * certs = NULL;
STACK_OF(X509_CRL) * crls = NULL;
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
break;
default:
break;
}
if (certs != NULL) {
X509 *x;
for (i = 0; i < sk_X509_num(certs); i++) {
x = sk_X509_value(certs, i);
if (pkcs7_config.text)
X509_print(out, x);
else
dump_cert_text(out, x);
if (!pkcs7_config.noout)
PEM_write_bio_X509(out, x);
BIO_puts(out, "\n");
}
}
if (crls != NULL) {
X509_CRL *crl;
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
crl = sk_X509_CRL_value(crls, i);
X509_CRL_print(out, crl);
if (!pkcs7_config.noout)
PEM_write_bio_X509_CRL(out, crl);
BIO_puts(out, "\n");
}
}
ret = 0;
goto end;
}
if (!pkcs7_config.noout) {
if (pkcs7_config.outformat == FORMAT_ASN1)
i = i2d_PKCS7_bio(out, p7);
else if (pkcs7_config.outformat == FORMAT_PEM)
i = PEM_write_bio_PKCS7(out, p7);
else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret = 0;
end:
if (p7 != NULL)
PKCS7_free(p7);
if (in != NULL)
BIO_free(in);
if (out != NULL)
BIO_free_all(out);
return (ret);
}
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
int text, int noout, int recursive, int indent, BIO *out)
{
OSSL_STORE_CTX *store_ctx = NULL;
int ret = 1, items = 0;
if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL))
== NULL) {
BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
ERR_print_errors(bio_err);
return ret;
}
/* From here on, we count errors, and we'll return the count at the end */
ret = 0;
for (;;) {
OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx);
int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
const char *infostr =
info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
if (info == NULL) {
if (OSSL_STORE_eof(store_ctx))
break;
if (OSSL_STORE_error(store_ctx)) {
if (recursive)
ERR_clear_error();
else
ERR_print_errors(bio_err);
ret++;
continue;
}
BIO_printf(bio_err,
"ERROR: OSSL_STORE_load() returned NULL without "
"eof or error indications\n");
BIO_printf(bio_err, " This is an error in the loader\n");
ERR_print_errors(bio_err);
ret++;
break;
}
if (type == OSSL_STORE_INFO_NAME) {
const char *name = OSSL_STORE_INFO_get0_NAME(info);
const char *desc = OSSL_STORE_INFO_get0_NAME_description(info);
indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr,
name);
if (desc != NULL)
indent_printf(indent, bio_out, "%s\n", desc);
} else {
indent_printf(indent, bio_out, "%d: %s\n", items, infostr);
}
/*
* Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in
* functionality, so we must figure out how exactly to write things
* ourselves...
*/
switch (type) {
case OSSL_STORE_INFO_NAME:
if (recursive) {
const char *suburi = OSSL_STORE_INFO_get0_NAME(info);
ret += process(suburi, uimeth, uidata, text, noout, recursive,
indent + 2, out);
}
break;
case OSSL_STORE_INFO_PARAMS:
if (text)
EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info),
0, NULL);
if (!noout)
PEM_write_bio_Parameters(out,
OSSL_STORE_INFO_get0_PARAMS(info));
break;
case OSSL_STORE_INFO_PKEY:
if (text)
EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info),
0, NULL);
if (!noout)
PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info),
NULL, NULL, 0, NULL, NULL);
break;
case OSSL_STORE_INFO_CERT:
if (text)
X509_print(out, OSSL_STORE_INFO_get0_CERT(info));
if (!noout)
PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info));
break;
case OSSL_STORE_INFO_CRL:
if (text)
X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info));
if (!noout)
PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info));
break;
default:
BIO_printf(bio_err, "!!! Unknown code\n");
ret++;
break;
}
items++;
OSSL_STORE_INFO_free(info);
}
indent_printf(indent, out, "Total found: %d\n", items);
if (!OSSL_STORE_close(store_ctx)) {
ERR_print_errors(bio_err);
ret++;
}
return ret;
}
int
sess_id_main(int argc, char **argv)
{
SSL_SESSION *x = NULL;
X509 *peer = NULL;
int ret = 1, i;
BIO *out = NULL;
memset(&sess_id_config, 0, sizeof(sess_id_config));
sess_id_config.informat = FORMAT_PEM;
sess_id_config.outformat = FORMAT_PEM;
if (options_parse(argc, argv, sess_id_options, NULL, NULL) != 0) {
sess_id_usage();
return (1);
}
x = load_sess_id(sess_id_config.infile, sess_id_config.informat);
if (x == NULL) {
goto end;
}
peer = SSL_SESSION_get0_peer(x);
if (sess_id_config.context) {
size_t ctx_len = strlen(sess_id_config.context);
if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
BIO_printf(bio_err, "Context too long\n");
goto end;
}
SSL_SESSION_set1_id_context(x,
(unsigned char *)sess_id_config.context, ctx_len);
}
if (!sess_id_config.noout || sess_id_config.text) {
out = BIO_new(BIO_s_file());
if (out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (sess_id_config.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, sess_id_config.outfile)
<= 0) {
perror(sess_id_config.outfile);
goto end;
}
}
}
if (sess_id_config.text) {
SSL_SESSION_print(out, x);
if (sess_id_config.cert) {
if (peer == NULL)
BIO_puts(out, "No certificate present\n");
else
X509_print(out, peer);
}
}
if (!sess_id_config.noout && !sess_id_config.cert) {
if (sess_id_config.outformat == FORMAT_ASN1)
i = i2d_SSL_SESSION_bio(out, x);
else if (sess_id_config.outformat == FORMAT_PEM)
i = PEM_write_bio_SSL_SESSION(out, x);
else {
BIO_printf(bio_err,
"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write SSL_SESSION\n");
goto end;
}
} else if (!sess_id_config.noout && (peer != NULL)) {
/* just print the certificate */
if (sess_id_config.outformat == FORMAT_ASN1)
i = (int) i2d_X509_bio(out, peer);
else if (sess_id_config.outformat == FORMAT_PEM)
i = PEM_write_bio_X509(out, peer);
else {
BIO_printf(bio_err,
"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err, "unable to write X509\n");
goto end;
}
}
ret = 0;
end:
BIO_free_all(out);
SSL_SESSION_free(x);
return (ret);
}
static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
size_t len, char *pem_file, char *der_file)
{
#ifdef OPENSSL_IS_BORINGSSL
CBS pkcs7_cbs;
#else /* OPENSSL_IS_BORINGSSL */
PKCS7 *p7 = NULL;
const unsigned char *p = pkcs7;
#endif /* OPENSSL_IS_BORINGSSL */
STACK_OF(X509) *certs;
int i, num, ret = -1;
BIO *out = NULL;
#ifdef OPENSSL_IS_BORINGSSL
certs = sk_X509_new_null();
if (!certs)
goto fail;
CBS_init(&pkcs7_cbs, pkcs7, len);
if (!PKCS7_get_certificates(certs, &pkcs7_cbs)) {
wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
ERR_error_string(ERR_get_error(), NULL));
write_result(ctx, "Could not parse PKCS#7 object from EST");
goto fail;
}
#else /* OPENSSL_IS_BORINGSSL */
p7 = d2i_PKCS7(NULL, &p, len);
if (p7 == NULL) {
wpa_printf(MSG_INFO, "Could not parse PKCS#7 object: %s",
ERR_error_string(ERR_get_error(), NULL));
write_result(ctx, "Could not parse PKCS#7 object from EST");
goto fail;
}
switch (OBJ_obj2nid(p7->type)) {
case NID_pkcs7_signed:
certs = p7->d.sign->cert;
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
break;
default:
certs = NULL;
break;
}
#endif /* OPENSSL_IS_BORINGSSL */
if (!certs || ((num = sk_X509_num(certs)) == 0)) {
wpa_printf(MSG_INFO, "No certificates found in PKCS#7 object");
write_result(ctx, "No certificates found in PKCS#7 object");
goto fail;
}
if (der_file) {
FILE *f = fopen(der_file, "wb");
if (f == NULL)
goto fail;
i2d_X509_fp(f, sk_X509_value(certs, 0));
fclose(f);
}
if (pem_file) {
out = BIO_new(BIO_s_file());
if (out == NULL ||
BIO_write_filename(out, pem_file) <= 0)
goto fail;
for (i = 0; i < num; i++) {
X509 *cert = sk_X509_value(certs, i);
X509_print(out, cert);
PEM_write_bio_X509(out, cert);
BIO_puts(out, "\n");
}
}
ret = 0;
fail:
#ifdef OPENSSL_IS_BORINGSSL
if (certs)
sk_X509_pop_free(certs, X509_free);
#else /* OPENSSL_IS_BORINGSSL */
PKCS7_free(p7);
#endif /* OPENSSL_IS_BORINGSSL */
if (out)
BIO_free_all(out);
return ret;
}
int MAIN(int argc, char **argv)
{
SSL_SESSION *x=NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
char *infile=NULL,*outfile=NULL,*context=NULL;
int cert=0,noout=0,text=0;
char **pp;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
argc--;
argv++;
num=0;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-text") == 0)
text= ++num;
else if (strcmp(*argv,"-cert") == 0)
cert= ++num;
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-context") == 0)
{
if(--argc < 1) goto bad;
context=*++argv;
}
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
for (pp=sess_id_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,*pp);
goto end;
}
ERR_load_crypto_strings();
x=load_sess_id(infile,informat);
if (x == NULL) { goto end; }
if(context)
{
x->sid_ctx_length=strlen(context);
if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
{
BIO_printf(bio_err,"Context too long\n");
goto end;
}
memcpy(x->sid_ctx,context,x->sid_ctx_length);
}
#ifdef undef
/* just testing for memory leaks :-) */
{
SSL_SESSION *s;
char buf[1024*10],*p;
int i;
s=SSL_SESSION_new();
p= &buf;
i=i2d_SSL_SESSION(x,&p);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
p= &buf;
d2i_SSL_SESSION(&s,&p,(long)i);
SSL_SESSION_free(s);
}
#endif
if (!noout || text)
{
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
}
if (text)
{
SSL_SESSION_print(out,x);
if (cert)
{
if (x->peer == NULL)
BIO_puts(out,"No certificate present\n");
else
X509_print(out,x->peer);
}
}
if (!noout && !cert)
{
if (outformat == FORMAT_ASN1)
i=(int)i2d_SSL_SESSION_bio(out,x);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_SSL_SESSION(out,x);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write SSL_SESSION\n");
goto end;
}
}
else if (!noout && (x->peer != NULL)) /* just print the certificate */
{
if (outformat == FORMAT_ASN1)
i=(int)i2d_X509_bio(out,x->peer);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_X509(out,x->peer);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i) {
BIO_printf(bio_err,"unable to write X509\n");
goto end;
}
}
ret=0;
end:
if (out != NULL) BIO_free_all(out);
if (x != NULL) SSL_SESSION_free(x);
EXIT(ret);
}
int MAIN(int argc, char **argv)
{
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
int informat,outformat;
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0,p7_print=0;
int ret=1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (TINYCLR_SSL_STRCMP(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (TINYCLR_SSL_STRCMP(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (TINYCLR_SSL_STRCMP(*argv,"-noout") == 0)
noout=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-text") == 0)
text=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-print") == 0)
p7_print=1;
else if (TINYCLR_SSL_STRCMP(*argv,"-print_certs") == 0)
print_certs=1;
#ifndef OPENSSL_NO_ENGINE
else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
ret = 1;
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
setup_engine(bio_err, engine, 0);
#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
if ((in == NULL) || (out == NULL))
{
ERR_print_errors(bio_err);
goto end;
}
if (infile == NULL)
BIO_set_fp(in,OPENSSL_TYPE__FILE_STDIN,BIO_NOCLOSE);
else
{
if (BIO_read_filename(in,infile) <= 0)
if (in == NULL)
{
TINYCLR_SSL_PERROR(infile);
goto end;
}
}
if (informat == FORMAT_ASN1)
p7=d2i_PKCS7_bio(in,NULL);
else if (informat == FORMAT_PEM)
p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
else
{
BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
goto end;
}
if (p7 == NULL)
{
BIO_printf(bio_err,"unable to load PKCS7 object\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
TINYCLR_SSL_PERROR(outfile);
goto end;
}
}
if (p7_print)
PKCS7_print_ctx(out, p7, 0, NULL);
if (print_certs)
{
STACK_OF(X509) *certs=NULL;
STACK_OF(X509_CRL) *crls=NULL;
i=OBJ_obj2nid(p7->type);
switch (i)
{
case NID_pkcs7_signed:
certs=p7->d.sign->cert;
crls=p7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
certs=p7->d.signed_and_enveloped->cert;
crls=p7->d.signed_and_enveloped->crl;
break;
default:
break;
}
if (certs != NULL)
{
X509 *x;
for (i=0; i<sk_X509_num(certs); i++)
{
x=sk_X509_value(certs,i);
if(text) X509_print(out, x);
else dump_cert_text(out, x);
if(!noout) PEM_write_bio_X509(out,x);
BIO_puts(out,"\n");
}
}
if (crls != NULL)
{
X509_CRL *crl;
for (i=0; i<sk_X509_CRL_num(crls); i++)
{
crl=sk_X509_CRL_value(crls,i);
X509_CRL_print(out, crl);
if(!noout)PEM_write_bio_X509_CRL(out,crl);
BIO_puts(out,"\n");
}
}
ret=0;
goto end;
}
if(!noout) {
if (outformat == FORMAT_ASN1)
i=i2d_PKCS7_bio(out,p7);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_PKCS7(out,p7);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write pkcs7 object\n");
ERR_print_errors(bio_err);
goto end;
}
}
ret=0;
end:
if (p7 != NULL) PKCS7_free(p7);
if (in != NULL) BIO_free(in);
if (out != NULL) BIO_free_all(out);
apps_shutdown();
OPENSSL_EXIT(ret);
}
