#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/bio.h>
#include <openssl/obj_mac.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include "crypto_utils.h"
#include "asterisk.h"
#include "asterisk/logger.h"
#include "asterisk/module.h"
#include "asterisk/stringfields.h"
#include "asterisk/utils.h"
#include "asterisk/vector.h"
#include "asterisk/cli.h"

Include dependency graph for crypto_utils.c:

Macros
#define	SECS_PER_DAY 86400

Functions
time_t	crypto_asn_time_as_time_t (ASN1_TIME *at)
	Return a time_t for an ASN1_TIME. More...

static void	crypto_cert_store_destructor (void *obj)

struct crypto_cert_store *	crypto_create_cert_store (void)
	Create an empty X509 store. More...

int	crypto_extract_raw_privkey (EVP_PKEY key, unsigned char *buffer)
	Extract raw private key from EVP_PKEY. More...

int	crypto_extract_raw_pubkey (EVP_PKEY key, unsigned char *buffer)
	Extract raw public key from EVP_PKEY. More...

ASN1_OCTET_STRING *	crypto_get_cert_extension_data (X509 cert, int nid, const char short_name)
	Return the data from a specific extension in a cert. More...

char *	crypto_get_cert_subject (X509 cert, const char short_name)
	Returns the Subject (or component of Subject) from a certificate. More...

int	crypto_get_raw_pubkey_from_cert (X509 cert, unsigned char *buffer)
	Retrieve RAW public key from cert. More...

int	crypto_has_private_key_from_memory (const char *buffer, size_t size)
	Check if the supplied buffer has a private key. More...

int	crypto_is_cert_time_valid (X509 *cert, time_t reftime)
	Check if the reftime is within the cert's valid dates. More...

int	crypto_is_cert_trusted (struct crypto_cert_store store, X509 cert, const char **err_msg)
	Check if the cert is trusted. More...

int	crypto_load (void)
	Initialize the crypto utils. More...

X509 *	crypto_load_cert_from_file (const char *filename)
	Load an X509 Cert from a file. More...

X509 *	crypto_load_cert_from_memory (const char *buffer, size_t size)
	Load an X509 Cert from a NULL terminated buffer. More...

int	crypto_load_cert_store (struct crypto_cert_store store, const char file, const char *path)
	Load an X509 Store with either certificates or CRLs. More...

EVP_PKEY *	crypto_load_private_key_from_memory (const char *buffer, size_t size)
	Load a private key from memory. More...

EVP_PKEY *	crypto_load_privkey_from_file (const char *filename)
	Load a private key from a file. More...

void	crypto_log_openssl (int level, char file, int line, const char function, const char *fmt,...)
	Print a log message with any OpenSSL errors appended. More...

int	crypto_register_x509_extension (const char oid, const char short_name, const char *long_name)
	Register a certificate extension to openssl. More...

int	crypto_show_cli_store (struct crypto_cert_store *store, int fd)
	Dump a cert store to the asterisk CLI. More...

int	crypto_unload (void)
	Clean up the crypto utils. More...

static int	dump_mem_bio (BIO bio, unsigned char *buffer)

static EVP_PKEY *	load_private_key_from_memory (const char *buffer, size_t size)

Macro Definition Documentation

◆ SECS_PER_DAY

#define SECS_PER_DAY 86400

Definition at line 430 of file crypto_utils.c.

Function Documentation

◆ crypto_asn_time_as_time_t()

time_t crypto_asn_time_as_time_t ( ASN1_TIME * at )

Return a time_t for an ASN1_TIME.

Parameters

at ASN1_TIME

Returns: time_t corresponding to the ASN1_TIME

Definition at line 431 of file crypto_utils.c.

{
    int pday;
    int psec;
    time_t rt = time(NULL);
 
    if (!ASN1_TIME_diff(&pday, &psec, NULL, at)) {
        crypto_log_openssl(LOG_ERROR, "Unable to calculate time diff\n");
        return 0;
    }
 
    rt += ((pday * SECS_PER_DAY) + psec);
 
    return rt;
}

References crypto_log_openssl(), LOG_ERROR, NULL, and SECS_PER_DAY.

Referenced by add_cert_expiration_to_astdb().

◆ crypto_cert_store_destructor()

static void crypto_cert_store_destructor ( void * obj )

static

Definition at line 306 of file crypto_utils.c.

{
    struct crypto_cert_store *store = obj;
 
    if (store->store) {
        X509_STORE_free(store->store);
    }
}

References crypto_cert_store::store.

Referenced by crypto_create_cert_store().

◆ crypto_create_cert_store()

struct crypto_cert_store * crypto_create_cert_store ( void )

Create an empty X509 store.

Returns: crypto_cert_store * or NULL on error

Definition at line 315 of file crypto_utils.c.

{
    struct crypto_cert_store *store = ao2_alloc(sizeof(*store), crypto_cert_store_destructor);
    if (!store) {
        ast_log(LOG_ERROR, "Failed to create crypto_cert_store\n");
        return NULL;
    }
    store->store = X509_STORE_new();
 
    if (!store->store) {
        crypto_log_openssl(LOG_ERROR, "Failed to create X509_STORE\n");
        ao2_ref(store, -1);
        return NULL;
    }
 
    return store;
}

References ao2_alloc, ao2_ref, ast_log, crypto_cert_store_destructor(), crypto_log_openssl(), LOG_ERROR, NULL, and crypto_cert_store::store.

Referenced by vs_check_common_config().

◆ crypto_extract_raw_privkey()

int crypto_extract_raw_privkey	(	EVP_PKEY *	key,
		unsigned char **	buffer
	)

Extract raw private key from EVP_PKEY.

Parameters

key	Key to extract from
buffer	Pointer to unsigned char * to receive raw key Must be freed with ast_free after use

Return values

<=0	An error has occurred
>0	Length of raw key

Definition at line 292 of file crypto_utils.c.

{
    RAII_VAR(BIO *, bio, NULL, BIO_free_all);
 
    bio = BIO_new(BIO_s_mem());
 
    if (!bio || (PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL) <= 0)) {
        crypto_log_openssl(LOG_ERROR, "Unable to write privkey to BIO\n");
        return -1;
    }
 
    return dump_mem_bio(bio, buffer);
}

References crypto_log_openssl(), dump_mem_bio(), LOG_ERROR, NULL, and RAII_VAR.

Referenced by as_check_common_config().

◆ crypto_extract_raw_pubkey()

int crypto_extract_raw_pubkey	(	EVP_PKEY *	key,
		unsigned char **	buffer
	)

Extract raw public key from EVP_PKEY.

Parameters

key	Key to extract from
buffer	Pointer to unsigned char * to receive raw key Must be freed with ast_free after use

Return values

<=0	An error has occurred
>0	Length of raw key

Definition at line 265 of file crypto_utils.c.

{
    RAII_VAR(BIO *, bio, NULL, BIO_free_all);
 
    bio = BIO_new(BIO_s_mem());
 
    if (!bio || (PEM_write_bio_PUBKEY(bio, key) <= 0)) {
        crypto_log_openssl(LOG_ERROR, "Unable to write pubkey to BIO\n");
        return -1;
    }
 
    return dump_mem_bio(bio, buffer);
}

References crypto_log_openssl(), dump_mem_bio(), LOG_ERROR, NULL, and RAII_VAR.

Referenced by crypto_get_raw_pubkey_from_cert().

◆ crypto_get_cert_extension_data()

ASN1_OCTET_STRING * crypto_get_cert_extension_data	(	X509 *	cert,
		int	nid,
		const char *	short_name
	)

Return the data from a specific extension in a cert.

Parameters

cert	The cert containing the extension
nid	The NID of the extension (0 to search locally registered extensions by short_name)
short_name	The short name of the extension (only for locally registered extensions)

Note: Either nid or short_name may be supplied. If both are, nid takes precedence.; The extension nid may be any of the built-in values in openssl/obj_mac.h or a NID returned by ast_crypto_register_x509_extension().

Returns: The data for the extension or NULL if not found

Warning: Do NOT attempt to free the returned buffer.

Definition at line 103 of file crypto_utils.c.

{
    int ex_idx;
    X509_EXTENSION *ex;
 
    if (nid <= 0) {
        nid = OBJ_sn2nid(short_name);
        if (nid == NID_undef) {
            ast_log(LOG_ERROR, "Extension object for %s not found\n", short_name);
            return NULL;
        }
    } else {
        const char *tmp = OBJ_nid2sn(nid);
        if (!tmp) {
            ast_log(LOG_ERROR, "Extension object for NID %d not found\n", nid);
            return NULL;
        }
    }
 
    ex_idx = X509_get_ext_by_NID(cert, nid, -1);
    if (ex_idx < 0) {
        ast_log(LOG_ERROR, "Extension index not found in certificate\n");
        return NULL;
    }
    ex = X509_get_ext(cert, ex_idx);
    if (!ex) {
        ast_log(LOG_ERROR, "Extension not found in certificate\n");
        return NULL;
    }
 
    return X509_EXTENSION_get_data(ex);
}

References ast_log, LOG_ERROR, NULL, and tmp().

Referenced by check_tn_auth_list().

◆ crypto_get_cert_subject()

char * crypto_get_cert_subject	(	X509 *	cert,
		const char *	short_name
	)

Returns the Subject (or component of Subject) from a certificate.

Parameters

cert	The X509 certificate
short_name	The upper case short name of the component to extract. May be NULL to extract the entire subject.

Returns: Entire subject or component. Must be freed with ast_free();

Definition at line 448 of file crypto_utils.c.

{
    size_t len = 0;
    RAII_VAR(char *, buffer, NULL, ast_std_free);
    char *search_buff = NULL;
    char *search = NULL;
    size_t search_len = 0;
    char *rtn = NULL;
    char *line = NULL;
    /*
     * If short_name was supplied, we want a multiline subject
     * with each component on a separate line.  This makes it easier
     * to iterate over the components to find the one we want.
     * Otherwise, we just want the whole subject on one line.
     */
    unsigned long flags =
        short_name ? XN_FLAG_FN_SN | XN_FLAG_SEP_MULTILINE : XN_FLAG_ONELINE;
    FILE *fp = open_memstream(&buffer, &len);
    BIO *bio = fp ? BIO_new_fp(fp, BIO_CLOSE) : NULL;
    X509_NAME *subject = X509_get_subject_name(cert);
    int rc = 0;
 
    if (!fp || !bio || !subject) {
        return NULL;
    }
 
    rc = X509_NAME_print_ex(bio, subject, 0, flags);
    BIO_free(bio);
    if (rc < 0) {
        return NULL;
    }
 
    if (!short_name) {
        rtn = ast_malloc(len + 1);
        if (rtn) {
            strcpy(rtn, buffer); /* Safe */
        }
        return rtn;
    }
 
    search_len = strlen(short_name) + 1;
    rc = ast_asprintf(&search, "%s=", short_name);
    if (rc != search_len) {
        return NULL;
    }
 
    search_buff = buffer;
    while((line = ast_read_line_from_buffer(&search_buff))) {
        if (ast_begins_with(line, search)) {
            rtn = ast_malloc(strlen(line) - search_len + 1);
            if (rtn) {
                strcpy(rtn, line + search_len); /* Safe */
            }
            break;
        }
    }
 
    ast_std_free(search);
    return rtn;
}

References ast_asprintf, ast_begins_with(), ast_malloc, ast_read_line_from_buffer(), ast_std_free(), len(), NULL, and RAII_VAR.

Referenced by check_cert().

◆ crypto_get_raw_pubkey_from_cert()

int crypto_get_raw_pubkey_from_cert	(	X509 *	cert,
		unsigned char **	raw_key
	)

Retrieve RAW public key from cert.

Parameters

cert	The cert containing the extension
raw_key	Address of char * to place the raw key. Must be freed with ast_free after use

Return values

<=0	An error has occurred
>0	Length of raw key

Definition at line 279 of file crypto_utils.c.

{
    RAII_VAR(EVP_PKEY *, public_key, X509_get_pubkey(cert), EVP_PKEY_free);
 
    if (!public_key) {
        crypto_log_openssl(LOG_ERROR, "Unable to retrieve pubkey from cert\n");
        return -1;
    }
 
    return crypto_extract_raw_pubkey(public_key, buffer);
}

References crypto_extract_raw_pubkey(), crypto_log_openssl(), LOG_ERROR, and RAII_VAR.

Referenced by check_cert().

◆ crypto_has_private_key_from_memory()

int crypto_has_private_key_from_memory	(	const char *	buffer,
		size_t	size
	)

Check if the supplied buffer has a private key.

Note: This function can be used to check a certificate PEM file to see if it also has a private key in it.

Parameters

buffer	arbitrary buffer
size	buffer size

Return values

1	buffer has a private key
0	buffer does not have a private key

Definition at line 238 of file crypto_utils.c.

{
    RAII_VAR(EVP_PKEY *, key, load_private_key_from_memory(buffer, size), EVP_PKEY_free);
 
    return key ? 1 : 0;
}

References load_private_key_from_memory(), and RAII_VAR.

Referenced by as_check_common_config().

◆ crypto_is_cert_time_valid()

int crypto_is_cert_time_valid	(	X509 *	cert,
		time_t	reftime
	)

Check if the reftime is within the cert's valid dates.

Parameters

cert	The cert to check
reftime	to use or 0 to use current time

Return values

1	Cert is valid
0	Cert is not valid

Definition at line 383 of file crypto_utils.c.

{
    ASN1_STRING *notbefore;
    ASN1_STRING *notafter;
 
    if (!reftime) {
        reftime = time(NULL);
    }
    notbefore = X509_get_notBefore(cert);
    notafter = X509_get_notAfter(cert);
    if (!notbefore || !notafter) {
        ast_log(LOG_ERROR, "Either notbefore or notafter were not present in the cert\n");
        return 0;
    }
 
    return (X509_cmp_time(notbefore, &reftime) < 0 &&
        X509_cmp_time(notafter, &reftime) > 0);
}

References ast_log, LOG_ERROR, and NULL.

Referenced by as_check_common_config(), and check_cert().

◆ crypto_is_cert_trusted()

int crypto_is_cert_trusted	(	struct crypto_cert_store *	store,
		X509 *	cert,
		const char **	err_msg
	)

Check if the cert is trusted.

Parameters

store	The CA store to check against
cert	The cert to check
err_msg	Optional pointer to a const char *

Return values

1	Cert is trusted
0	Cert is not trusted

Definition at line 402 of file crypto_utils.c.

{
    X509_STORE_CTX *verify_ctx = NULL;
    int rc = 0;
 
    if (!(verify_ctx = X509_STORE_CTX_new())) {
        crypto_log_openssl(LOG_ERROR, "Unable to create verify_ctx\n");
        return 0;
    }
 
    if (X509_STORE_CTX_init(verify_ctx, store->store, cert, NULL) != 1) {
        X509_STORE_CTX_cleanup(verify_ctx);
        X509_STORE_CTX_free(verify_ctx);
        crypto_log_openssl(LOG_ERROR, "Unable to initialize verify_ctx\n");
        return 0;
    }
 
    rc = X509_verify_cert(verify_ctx);
    if (rc != 1 && err_msg != NULL) {
        int err = X509_STORE_CTX_get_error(verify_ctx);
        *err_msg = X509_verify_cert_error_string(err);
    }
    X509_STORE_CTX_cleanup(verify_ctx);
    X509_STORE_CTX_free(verify_ctx);
 
    return rc;
}

References crypto_log_openssl(), LOG_ERROR, NULL, and crypto_cert_store::store.

Referenced by check_cert().

◆ crypto_load()

int crypto_load ( void )

Initialize the crypto utils.

Definition at line 509 of file crypto_utils.c.

{
    return AST_MODULE_LOAD_SUCCESS;
}

References AST_MODULE_LOAD_SUCCESS.

◆ crypto_load_cert_from_file()

X509 * crypto_load_cert_from_file ( const char * filename )

Load an X509 Cert from a file.

Parameters

filename PEM file

Returns: X509* or NULL on error

Definition at line 161 of file crypto_utils.c.

{
    FILE *fp;
    X509 *cert = NULL;
 
    if (ast_strlen_zero(filename)) {
        ast_log(LOG_ERROR, "filename was null or empty\n");
        return NULL;
    }
 
    fp = fopen(filename, "r");
    if (!fp) {
        ast_log(LOG_ERROR, "Failed to open %s: %s\n", filename, strerror(errno));
        return NULL;
    }
 
    cert = PEM_read_X509(fp, &cert, NULL, NULL);
    fclose(fp);
    if (!cert) {
        crypto_log_openssl(LOG_ERROR, "Failed to create cert from %s\n", filename);
    }
    return cert;
}

References ast_log, ast_strlen_zero(), crypto_log_openssl(), errno, LOG_ERROR, and NULL.

Referenced by retrieve_cert_from_cache().

◆ crypto_load_cert_from_memory()

X509 * crypto_load_cert_from_memory	(	const char *	buffer,
		size_t	size
	)

Load an X509 Cert from a NULL terminated buffer.

Parameters

buffer	containing the cert
size	size of the buffer. May be -1 if the buffer is NULL terminated.

Returns: X509* or NULL on error

Definition at line 185 of file crypto_utils.c.

{
    RAII_VAR(BIO *, bio, NULL, BIO_free_all);
    X509 *cert = NULL;
 
    if (ast_strlen_zero(buffer) || size <= 0) {
        ast_log(LOG_ERROR, "buffer was null or empty\n");
        return NULL;
    }
 
    bio = BIO_new_mem_buf(buffer, size);
    if (!bio) {
        crypto_log_openssl(LOG_ERROR, "Unable to create memory BIO\n");
        return NULL;
    }
 
    cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
    if (!cert) {
        crypto_log_openssl(LOG_ERROR, "Failed to create cert from BIO\n");
    }
    return cert;
}

References ast_log, ast_strlen_zero(), crypto_log_openssl(), LOG_ERROR, NULL, and RAII_VAR.

Referenced by as_check_common_config(), and retrieve_cert_from_url().

◆ crypto_load_cert_store()

int crypto_load_cert_store	(	struct crypto_cert_store *	store,
		const char *	file,
		const char *	path
	)

Load an X509 Store with either certificates or CRLs.

Parameters

store	X509 Store to load
file	Certificate or CRL file to load or NULL
path	Path to directory with hashed certs or CRLs to load or NULL

Note: At least 1 file or path must be specified.

Return values

<=	0 failure
0	success

Definition at line 333 of file crypto_utils.c.

{
    if (ast_strlen_zero(file) && ast_strlen_zero(path)) {
        ast_log(LOG_ERROR, "Both file and path can't be NULL");
        return -1;
    }
 
    if (!store || !store->store) {
        ast_log(LOG_ERROR, "store is NULL");
        return -1;
    }
 
    /*
     * If the file or path are empty strings, we need to pass NULL
     * so openssl ignores it otherwise it'll try to open a file or
     * path named ''.
     */
    if (!X509_STORE_load_locations(store->store, S_OR(file, NULL), S_OR(path, NULL))) {
        crypto_log_openssl(LOG_ERROR, "Failed to load store from file '%s' or path '%s'\n",
            S_OR(file, "N/A"), S_OR(path, "N/A"));
        return -1;
    }
 
    return 0;
}

References ast_log, ast_strlen_zero(), crypto_log_openssl(), make_ari_stubs::file, LOG_ERROR, NULL, S_OR, and crypto_cert_store::store.

Referenced by vs_check_common_config().

◆ crypto_load_private_key_from_memory()

EVP_PKEY * crypto_load_private_key_from_memory	(	const char *	buffer,
		size_t	size
	)

Load a private key from memory.

Parameters

buffer	private key
size	buffer size

Returns: EVP_PKEY* or NULL on error

Definition at line 229 of file crypto_utils.c.

{
    EVP_PKEY *key = load_private_key_from_memory(buffer, size);
    if (!key) {
        crypto_log_openssl(LOG_ERROR, "Unable to load private key from memory\n");
    }
    return key;
}

References crypto_log_openssl(), load_private_key_from_memory(), and LOG_ERROR.

◆ crypto_load_privkey_from_file()

EVP_PKEY * crypto_load_privkey_from_file ( const char * filename )

Load a private key from a file.

Parameters

filename File to load from

Returns: EVP_PKEY *key or NULL on error

Definition at line 137 of file crypto_utils.c.

{
    EVP_PKEY *key = NULL;
    FILE *fp;
 
    if (ast_strlen_zero(filename)) {
        ast_log(LOG_ERROR, "filename was null or empty\n");
        return NULL;
    }
 
    fp = fopen(filename, "r");
    if (!fp) {
        ast_log(LOG_ERROR, "Failed to open %s: %s\n", filename, strerror(errno));
        return NULL;
    }
 
    key = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
    fclose(fp);
    if (!key) {
        crypto_log_openssl(LOG_ERROR, "Failed to load private key from %s\n", filename);
    }
    return key;
}

References ast_log, ast_strlen_zero(), crypto_log_openssl(), errno, LOG_ERROR, and NULL.

Referenced by as_check_common_config().

◆ crypto_log_openssl()

void crypto_log_openssl	(	int	level,
		char *	file,
		int	line,
		const char *	function,
		const char *	fmt,
			...
	)

Print a log message with any OpenSSL errors appended.

Parameters

level	Type of log event
file	Will be provided by the AST_LOG_* macro
line	Will be provided by the AST_LOG_* macro
function	Will be provided by the AST_LOG_* macro
fmt	This is what is important. The format is the same as your favorite breed of printf. You know how that works, right? :-)

Definition at line 41 of file crypto_utils.c.

{
    FILE *fp;
    char *buffer;
    size_t length;
    va_list ap;
    char *tmp_fmt;
 
    fp = open_memstream(&buffer, &length);
    if (!fp) {
        return;
    }
 
    va_start(ap, fmt);
    if (!ast_strlen_zero(fmt)) {
        size_t fmt_len = strlen(fmt);
        if (fmt[fmt_len - 1] == '\n') {
            tmp_fmt = ast_strdupa(fmt);
            tmp_fmt[fmt_len - 1] = '\0';
            fmt = tmp_fmt;
        }
    }
    vfprintf(fp, fmt, ap);
    fputs(": ", fp);
    ERR_print_errors_fp(fp);
    fclose(fp);
 
    if (length) {
        ast_log(level, file, line, function, "%s\n", buffer);
    }
 
    ast_std_free(buffer);
}

References ast_log, ast_std_free(), ast_strdupa, ast_strlen_zero(), and make_ari_stubs::file.

Referenced by check_tn_auth_list(), crypto_asn_time_as_time_t(), crypto_create_cert_store(), crypto_extract_raw_privkey(), crypto_extract_raw_pubkey(), crypto_get_raw_pubkey_from_cert(), crypto_is_cert_trusted(), crypto_load_cert_from_file(), crypto_load_cert_from_memory(), crypto_load_cert_store(), crypto_load_private_key_from_memory(), crypto_load_privkey_from_file(), crypto_register_x509_extension(), dump_mem_bio(), and load_private_key_from_memory().

◆ crypto_register_x509_extension()

int crypto_register_x509_extension	(	const char *	oid,
		const char *	short_name,
		const char *	long_name
	)

Register a certificate extension to openssl.

Parameters

oid	The OID of the extension
short_name	The short name of the extension
long_name	The long name of the extension

Return values

<0	Extension was not successfully added
>=	NID of the added extension

Definition at line 76 of file crypto_utils.c.

{
    int nid = 0;
 
    if (ast_strlen_zero(oid) || ast_strlen_zero(short_name) ||
        ast_strlen_zero(long_name)) {
        ast_log(LOG_ERROR, "One or more of oid, short_name or long_name are NULL or empty\n");
        return -1;
    }
 
    nid = OBJ_sn2nid(short_name);
    if (nid != NID_undef) {
        ast_log(LOG_NOTICE, "NID %d, object %s already registered\n", nid, short_name);
        return nid;
    }
 
    nid = OBJ_create(oid, short_name, long_name);
    if (nid == NID_undef) {
        crypto_log_openssl(LOG_ERROR, "Couldn't register %s X509 extension\n", short_name);
        return -1;
    }
    ast_log(LOG_NOTICE, "Registered object %s as NID %d\n", short_name, nid);
 
    return nid;
}

References ast_log, ast_strlen_zero(), crypto_log_openssl(), LOG_ERROR, and LOG_NOTICE.

Referenced by load_module().

◆ crypto_show_cli_store()

int crypto_show_cli_store	(	struct crypto_cert_store *	store,
		int	fd
	)

Dump a cert store to the asterisk CLI.

Parameters

store	X509 Store to dump
fd	The CLI fd to print to

Return values

Count of objects printed

Definition at line 360 of file crypto_utils.c.

{
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
    STACK_OF(X509_OBJECT) *certs = NULL;
    int count = 0;
    int i = 0;
    char subj[1024];
 
    certs = X509_STORE_get0_objects(store->store);
    count = sk_X509_OBJECT_num(certs);
    for (i = 0; i < count ; i++) {
        X509_OBJECT *o = sk_X509_OBJECT_value(certs, i);
        X509 *c = X509_OBJECT_get0_X509(o);
        X509_NAME_oneline(X509_get_subject_name(c), subj, 1024);
        ast_cli(fd, "%s\n", subj);
    }
    return count;
#else
    ast_cli(fd, "This command is not supported until OpenSSL 1.1.0\n");
    return 0;
#endif
}

References ast_cli(), c, NULL, and crypto_cert_store::store.

◆ crypto_unload()

int crypto_unload ( void )

Clean up the crypto utils.

Definition at line 514 of file crypto_utils.c.

{
    return 0;
}

Referenced by unload_module().

◆ dump_mem_bio()

static int dump_mem_bio	(	BIO *	bio,
		unsigned char **	buffer
	)

static

Definition at line 245 of file crypto_utils.c.

{
    char *temp_ptr;
    int raw_key_len;
 
    raw_key_len = BIO_get_mem_data(bio, &temp_ptr);
    if (raw_key_len <= 0) {
        crypto_log_openssl(LOG_ERROR, "Unable to extract raw public key\n");
        return -1;
    }
    *buffer = ast_malloc(raw_key_len);
    if (!*buffer) {
        ast_log(LOG_ERROR, "Unable to allocate memory for raw public key\n");
        return -1;
    }
    memcpy(*buffer, temp_ptr, raw_key_len);
 
    return raw_key_len;
}

References ast_log, ast_malloc, crypto_log_openssl(), and LOG_ERROR.

Referenced by crypto_extract_raw_privkey(), and crypto_extract_raw_pubkey().

◆ load_private_key_from_memory()

static EVP_PKEY * load_private_key_from_memory	(	const char *	buffer,
		size_t	size
	)

static

Definition at line 208 of file crypto_utils.c.

{
    RAII_VAR(BIO *, bio, NULL, BIO_free_all);
    EVP_PKEY *key = NULL;
 
    if (ast_strlen_zero(buffer) || size <= 0) {
        ast_log(LOG_ERROR, "buffer was null or empty\n");
        return NULL;
    }
 
    bio = BIO_new_mem_buf(buffer, size);
    if (!bio) {
        crypto_log_openssl(LOG_ERROR, "Unable to create memory BIO\n");
        return NULL;
    }
 
    key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
 
    return key;
}

References ast_log, ast_strlen_zero(), crypto_log_openssl(), LOG_ERROR, NULL, and RAII_VAR.

Referenced by crypto_has_private_key_from_memory(), and crypto_load_private_key_from_memory().

Macros

Functions

Macro Definition Documentation

◆ SECS_PER_DAY

Function Documentation

◆ crypto_asn_time_as_time_t()

◆ crypto_cert_store_destructor()

◆ crypto_create_cert_store()

◆ crypto_extract_raw_privkey()

◆ crypto_extract_raw_pubkey()

◆ crypto_get_cert_extension_data()

◆ crypto_get_cert_subject()

◆ crypto_get_raw_pubkey_from_cert()

◆ crypto_has_private_key_from_memory()

◆ crypto_is_cert_time_valid()

◆ crypto_is_cert_trusted()

◆ crypto_load()

◆ crypto_load_cert_from_file()

◆ crypto_load_cert_from_memory()

◆ crypto_load_cert_store()

◆ crypto_load_private_key_from_memory()

◆ crypto_load_privkey_from_file()

◆ crypto_log_openssl()

◆ crypto_register_x509_extension()

◆ crypto_show_cli_store()

◆ crypto_unload()

◆ dump_mem_bio()

◆ load_private_key_from_memory()