Asterisk - The Open Source Telephony Project GIT-master-0bf3178
|
#include "openssl/x509.h"
#include "openssl/x509_vfy.h"
#include "asterisk.h"
#include "asterisk/logger.h"
#include "asterisk/stringfields.h"
Go to the source code of this file.
Data Structures | |
struct | crypto_cert_store |
ao2 object wrapper for X509_STORE that provides locking and refcounting More... | |
Macros | |
#define | crypto_free_cert_store(store) ao2_cleanup(store) |
Free an X509 store. More... | |
#define | crypto_lock_cert_store(store) ao2_lock(store) |
Locks an X509 Store. More... | |
#define | crypto_unlock_cert_store(store) ao2_unlock(store) |
Unlocks an X509 Store. More... | |
Functions | |
time_t | crypto_asn_time_as_time_t (ASN1_TIME *at) |
Return a time_t for an ASN1_TIME. More... | |
struct crypto_cert_store * | crypto_create_cert_store (void) |
Create an empty X509 store. More... | |
int | crypto_extract_raw_privkey (EVP_PKEY *key, unsigned char **buffer) |
Extract raw private key from EVP_PKEY. More... | |
int | crypto_extract_raw_pubkey (EVP_PKEY *key, unsigned char **buffer) |
Extract raw public key from EVP_PKEY. More... | |
ASN1_OCTET_STRING * | crypto_get_cert_extension_data (X509 *cert, int nid, const char *short_name) |
Return the data from a specific extension in a cert. More... | |
char * | crypto_get_cert_subject (X509 *cert, const char *short_name) |
Returns the Subject (or component of Subject) from a certificate. More... | |
int | crypto_get_raw_pubkey_from_cert (X509 *cert, unsigned char **raw_key) |
Retrieve RAW public key from cert. More... | |
int | crypto_has_private_key_from_memory (const char *buffer, size_t size) |
Check if the supplied buffer has a private key. More... | |
int | crypto_is_cert_time_valid (X509 *cert, time_t reftime) |
Check if the reftime is within the cert's valid dates. More... | |
int | crypto_is_cert_trusted (struct crypto_cert_store *store, X509 *cert, const char **err_msg) |
Check if the cert is trusted. More... | |
int | crypto_load (void) |
Initialize the crypto utils. More... | |
X509 * | crypto_load_cert_from_file (const char *filename) |
Load an X509 Cert from a file. More... | |
X509 * | crypto_load_cert_from_memory (const char *buffer, size_t size) |
Load an X509 Cert from a NULL terminated buffer. More... | |
int | crypto_load_cert_store (struct crypto_cert_store *store, const char *file, const char *path) |
Load an X509 Store with either certificates or CRLs. More... | |
X509_CRL * | crypto_load_crl_from_file (const char *filename) |
Load an X509 CRL from a PEM file. More... | |
int | crypto_load_crl_store (struct crypto_cert_store *store, const char *file, const char *path) |
Load an X509 Store with certificate revocation lists. More... | |
EVP_PKEY * | crypto_load_private_key_from_memory (const char *buffer, size_t size) |
Load a private key from memory. More... | |
EVP_PKEY * | crypto_load_privkey_from_file (const char *filename) |
Load a private key from a file. More... | |
int | crypto_load_untrusted_cert_store (struct crypto_cert_store *store, const char *file, const char *path) |
Load an X509 Store with untrusted certificates. More... | |
void | crypto_log_openssl (int level, char *file, int line, const char *function, const char *fmt,...) |
Print a log message with any OpenSSL errors appended. More... | |
int | crypto_register_x509_extension (const char *oid, const char *short_name, const char *long_name) |
Register a certificate extension to openssl. More... | |
int | crypto_show_cli_store (struct crypto_cert_store *store, int fd) |
Dump a cert store to the asterisk CLI. More... | |
int | crypto_unload (void) |
Clean up the crypto utils. More... | |
#define crypto_free_cert_store | ( | store | ) | ao2_cleanup(store) |
Free an X509 store.
store | X509 Store to free |
Definition at line 195 of file crypto_utils.h.
#define crypto_lock_cert_store | ( | store | ) | ao2_lock(store) |
Locks an X509 Store.
store | X509 Store to lock |
<= | 0 failure |
0 | success |
Definition at line 267 of file crypto_utils.h.
#define crypto_unlock_cert_store | ( | store | ) | ao2_unlock(store) |
Unlocks an X509 Store.
store | X509 Store to unlock |
<= | 0 failure |
0 | success |
Definition at line 277 of file crypto_utils.h.
time_t crypto_asn_time_as_time_t | ( | ASN1_TIME * | at | ) |
Return a time_t for an ASN1_TIME.
at | ASN1_TIME |
Definition at line 770 of file crypto_utils.c.
References crypto_log_openssl(), LOG_ERROR, NULL, and SECS_PER_DAY.
Referenced by add_cert_expiration_to_astdb().
struct crypto_cert_store * crypto_create_cert_store | ( | void | ) |
Create an empty X509 store.
Definition at line 390 of file crypto_utils.c.
References ao2_alloc, ao2_ref, ast_log, crypto_cert_store::certs, crypto_cert_store::crls, crypto_cert_store_destructor(), crypto_log_openssl(), LOG_ERROR, NULL, and crypto_cert_store::untrusted.
Referenced by vs_check_common_config().
int crypto_extract_raw_privkey | ( | EVP_PKEY * | key, |
unsigned char ** | buffer | ||
) |
Extract raw private key from EVP_PKEY.
key | Key to extract from |
buffer | Pointer to unsigned char * to receive raw key Must be freed with ast_free after use |
<=0 | An error has occurred |
>0 | Length of raw key |
Definition at line 320 of file crypto_utils.c.
References crypto_log_openssl(), dump_mem_bio(), LOG_ERROR, NULL, and RAII_VAR.
Referenced by as_check_common_config().
int crypto_extract_raw_pubkey | ( | EVP_PKEY * | key, |
unsigned char ** | buffer | ||
) |
Extract raw public key from EVP_PKEY.
key | Key to extract from |
buffer | Pointer to unsigned char * to receive raw key Must be freed with ast_free after use |
<=0 | An error has occurred |
>0 | Length of raw key |
Definition at line 293 of file crypto_utils.c.
References crypto_log_openssl(), dump_mem_bio(), LOG_ERROR, NULL, and RAII_VAR.
Referenced by crypto_get_raw_pubkey_from_cert().
ASN1_OCTET_STRING * crypto_get_cert_extension_data | ( | X509 * | cert, |
int | nid, | ||
const char * | short_name | ||
) |
Return the data from a specific extension in a cert.
cert | The cert containing the extension |
nid | The NID of the extension (0 to search locally registered extensions by short_name) |
short_name | The short name of the extension (only for locally registered extensions) |
Definition at line 107 of file crypto_utils.c.
References ast_log, LOG_ERROR, NULL, and tmp().
Referenced by check_tn_auth_list().
char * crypto_get_cert_subject | ( | X509 * | cert, |
const char * | short_name | ||
) |
Returns the Subject (or component of Subject) from a certificate.
cert | The X509 certificate |
short_name | The upper case short name of the component to extract. May be NULL to extract the entire subject. |
Definition at line 787 of file crypto_utils.c.
References ast_asprintf, ast_begins_with(), ast_malloc, ast_read_line_from_buffer(), ast_std_free(), len(), NULL, and RAII_VAR.
Referenced by check_cert().
int crypto_get_raw_pubkey_from_cert | ( | X509 * | cert, |
unsigned char ** | raw_key | ||
) |
Retrieve RAW public key from cert.
cert | The cert containing the extension |
raw_key | Address of char * to place the raw key. Must be freed with ast_free after use |
<=0 | An error has occurred |
>0 | Length of raw key |
Definition at line 307 of file crypto_utils.c.
References crypto_extract_raw_pubkey(), crypto_log_openssl(), LOG_ERROR, and RAII_VAR.
Referenced by check_cert().
int crypto_has_private_key_from_memory | ( | const char * | buffer, |
size_t | size | ||
) |
Check if the supplied buffer has a private key.
buffer | arbitrary buffer |
size | buffer size |
1 | buffer has a private key |
0 | buffer does not have a private key |
Definition at line 266 of file crypto_utils.c.
References load_private_key_from_memory(), and RAII_VAR.
Referenced by as_check_common_config().
int crypto_is_cert_time_valid | ( | X509 * | cert, |
time_t | reftime | ||
) |
Check if the reftime is within the cert's valid dates.
cert | The cert to check |
reftime | to use or 0 to use current time |
1 | Cert is valid |
0 | Cert is not valid |
Definition at line 721 of file crypto_utils.c.
References ast_log, LOG_ERROR, and NULL.
Referenced by as_check_common_config(), and check_cert().
int crypto_is_cert_trusted | ( | struct crypto_cert_store * | store, |
X509 * | cert, | ||
const char ** | err_msg | ||
) |
Check if the cert is trusted.
store | The CA store to check against |
cert | The cert to check |
err_msg | Optional pointer to a const char * |
1 | Cert is trusted |
0 | Cert is not trusted |
Definition at line 740 of file crypto_utils.c.
References crypto_log_openssl(), LOG_ERROR, NULL, and pem_file_cb_data::store.
Referenced by check_cert(), and cli_verify_cert().
int crypto_load | ( | void | ) |
Initialize the crypto utils.
Definition at line 848 of file crypto_utils.c.
References AST_MODULE_LOAD_SUCCESS.
X509 * crypto_load_cert_from_file | ( | const char * | filename | ) |
Load an X509 Cert from a file.
filename | PEM file |
Definition at line 189 of file crypto_utils.c.
References ast_log, ast_strlen_zero(), crypto_log_openssl(), errno, LOG_ERROR, and NULL.
Referenced by cli_verify_cert(), crypto_load_store_from_cert_file(), and retrieve_cert_from_cache().
X509 * crypto_load_cert_from_memory | ( | const char * | buffer, |
size_t | size | ||
) |
Load an X509 Cert from a NULL terminated buffer.
buffer | containing the cert |
size | size of the buffer. May be -1 if the buffer is NULL terminated. |
Definition at line 213 of file crypto_utils.c.
References ast_log, ast_strlen_zero(), crypto_log_openssl(), LOG_ERROR, NULL, and RAII_VAR.
Referenced by as_check_common_config(), and retrieve_cert_from_url().
int crypto_load_cert_store | ( | struct crypto_cert_store * | store, |
const char * | file, | ||
const char * | path | ||
) |
Load an X509 Store with either certificates or CRLs.
store | X509 Store to load |
file | Certificate or CRL file to load or NULL |
path | Path to directory with hashed certs or CRLs to load or NULL |
<= | 0 failure |
0 | success |
Definition at line 563 of file crypto_utils.c.
References _crypto_load_cert_store(), ast_log, ast_strlen_zero(), make_ari_stubs::file, LOG_ERROR, and pem_file_cb_data::store.
Referenced by vs_check_common_config().
X509_CRL * crypto_load_crl_from_file | ( | const char * | filename | ) |
Load an X509 CRL from a PEM file.
filename | PEM file |
Definition at line 165 of file crypto_utils.c.
References ast_log, ast_strlen_zero(), crypto_log_openssl(), errno, LOG_ERROR, and NULL.
Referenced by crypto_load_store_from_crl_file().
int crypto_load_crl_store | ( | struct crypto_cert_store * | store, |
const char * | file, | ||
const char * | path | ||
) |
Load an X509 Store with certificate revocation lists.
store | X509 Store to load |
file | CRL file to load or NULL |
path | Path to directory with hashed CRLs to load or NULL |
<= | 0 failure |
0 | success |
Definition at line 622 of file crypto_utils.c.
References _crypto_load_crl_store(), ast_log, ast_strlen_zero(), c, make_ari_stubs::file, LOG_ERROR, NULL, and pem_file_cb_data::store.
Referenced by vs_check_common_config().
EVP_PKEY * crypto_load_private_key_from_memory | ( | const char * | buffer, |
size_t | size | ||
) |
Load a private key from memory.
buffer | private key |
size | buffer size |
Definition at line 257 of file crypto_utils.c.
References crypto_log_openssl(), load_private_key_from_memory(), and LOG_ERROR.
EVP_PKEY * crypto_load_privkey_from_file | ( | const char * | filename | ) |
Load a private key from a file.
filename | File to load from |
Definition at line 141 of file crypto_utils.c.
References ast_log, ast_strlen_zero(), crypto_log_openssl(), errno, LOG_ERROR, and NULL.
Referenced by as_check_common_config().
int crypto_load_untrusted_cert_store | ( | struct crypto_cert_store * | store, |
const char * | file, | ||
const char * | path | ||
) |
Load an X509 Store with untrusted certificates.
store | X509 Store to load |
file | Certificate file to load or NULL |
path | Path to directory with hashed certs to load or NULL |
<= | 0 failure |
0 | success |
Definition at line 579 of file crypto_utils.c.
References _crypto_load_cert_store(), ast_log, ast_strlen_zero(), c, make_ari_stubs::file, LOG_ERROR, NULL, and pem_file_cb_data::store.
Referenced by vs_check_common_config().
void crypto_log_openssl | ( | int | level, |
char * | file, | ||
int | line, | ||
const char * | function, | ||
const char * | fmt, | ||
... | |||
) |
Print a log message with any OpenSSL errors appended.
level | Type of log event |
file | Will be provided by the AST_LOG_* macro |
line | Will be provided by the AST_LOG_* macro |
function | Will be provided by the AST_LOG_* macro |
fmt | This is what is important. The format is the same as your favorite breed of printf. You know how that works, right? :-) |
Definition at line 45 of file crypto_utils.c.
References ast_log, ast_std_free(), ast_strdupa, ast_strlen_zero(), and make_ari_stubs::file.
Referenced by check_tn_auth_list(), crypto_asn_time_as_time_t(), crypto_create_cert_store(), crypto_extract_raw_privkey(), crypto_extract_raw_pubkey(), crypto_get_raw_pubkey_from_cert(), crypto_is_cert_trusted(), crypto_load_cert_from_file(), crypto_load_cert_from_memory(), crypto_load_crl_from_file(), crypto_load_private_key_from_memory(), crypto_load_privkey_from_file(), crypto_load_store_from_cert_file(), crypto_load_store_from_crl_file(), crypto_register_x509_extension(), dump_mem_bio(), and load_private_key_from_memory().
int crypto_register_x509_extension | ( | const char * | oid, |
const char * | short_name, | ||
const char * | long_name | ||
) |
Register a certificate extension to openssl.
oid | The OID of the extension |
short_name | The short name of the extension |
long_name | The long name of the extension |
<0 | Extension was not successfully added |
>= | NID of the added extension |
Definition at line 80 of file crypto_utils.c.
References ast_log, ast_strlen_zero(), crypto_log_openssl(), LOG_ERROR, and LOG_NOTICE.
Referenced by load_module().
int crypto_show_cli_store | ( | struct crypto_cert_store * | store, |
int | fd | ||
) |
Dump a cert store to the asterisk CLI.
store | X509 Store to dump |
fd | The CLI fd to print to |
Count | of objects printed |
Definition at line 665 of file crypto_utils.c.
References ast_cli(), ast_log, c, LOG_ERROR, NULL, and pem_file_cb_data::store.
int crypto_unload | ( | void | ) |
Clean up the crypto utils.
Definition at line 853 of file crypto_utils.c.
Referenced by unload_module().