19#include <openssl/err.h>
20#include <openssl/ssl.h>
21#include <openssl/evp.h>
22#include <openssl/md5.h>
23#include <openssl/sha.h>
24#include <openssl/bio.h>
25#include <openssl/obj_mac.h>
26#include <openssl/x509.h>
27#include <openssl/x509v3.h>
28#include <openssl/x509_vfy.h>
40void __attribute__((format(printf, 5, 6)))
50 fp = open_memstream(&buffer, &length);
57 size_t fmt_len = strlen(fmt);
58 if (fmt[fmt_len - 1] ==
'\n') {
60 tmp_fmt[fmt_len - 1] =
'\0';
64 vfprintf(fp, fmt, ap);
66 ERR_print_errors_fp(fp);
70 ast_log(level,
file, line, function,
"%s\n", buffer);
77 const char *long_name)
83 ast_log(
LOG_ERROR,
"One or more of oid, short_name or long_name are NULL or empty\n");
87 nid = OBJ_sn2nid(short_name);
88 if (nid != NID_undef) {
93 nid = OBJ_create(oid, short_name, long_name);
94 if (nid == NID_undef) {
104 int nid,
const char *short_name)
110 nid = OBJ_sn2nid(short_name);
111 if (nid == NID_undef) {
116 const char *
tmp = OBJ_nid2sn(nid);
123 ex_idx = X509_get_ext_by_NID(cert, nid, -1);
128 ex = X509_get_ext(cert, ex_idx);
134 return X509_EXTENSION_get_data(ex);
139 EVP_PKEY *key =
NULL;
147 fp = fopen(filename,
"r");
171 fp = fopen(filename,
"r");
177 cert = PEM_read_X509(fp, &cert,
NULL,
NULL);
195 bio = BIO_new_mem_buf(buffer, size);
211 EVP_PKEY *key =
NULL;
218 bio = BIO_new_mem_buf(buffer, size);
250 raw_key_len = BIO_get_mem_data(bio, &temp_ptr);
251 if (raw_key_len <= 0) {
260 memcpy(*buffer, temp_ptr, raw_key_len);
269 bio = BIO_new(BIO_s_mem());
271 if (!bio || (PEM_write_bio_PUBKEY(bio, key) <= 0)) {
280 unsigned char **buffer)
282 RAII_VAR(EVP_PKEY *, public_key, X509_get_pubkey(cert), EVP_PKEY_free);
296 bio = BIO_new(BIO_s_mem());
298 if (!bio || (PEM_write_bio_PrivateKey(bio, key,
NULL,
NULL, 0,
NULL,
NULL) <= 0)) {
311 X509_STORE_free(
store->store);
322 store->store = X509_STORE_new();
362#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
363 STACK_OF(X509_OBJECT) *certs =
NULL;
368 certs = X509_STORE_get0_objects(
store->store);
369 count = sk_X509_OBJECT_num(certs);
370 for (i = 0; i < count ; i++) {
371 X509_OBJECT *o = sk_X509_OBJECT_value(certs, i);
372 X509 *
c = X509_OBJECT_get0_X509(o);
373 X509_NAME_oneline(X509_get_subject_name(
c), subj, 1024);
378 ast_cli(fd,
"This command is not supported until OpenSSL 1.1.0\n");
385 ASN1_STRING *notbefore;
386 ASN1_STRING *notafter;
389 reftime = time(
NULL);
391 notbefore = X509_get_notBefore(cert);
392 notafter = X509_get_notAfter(cert);
393 if (!notbefore || !notafter) {
394 ast_log(
LOG_ERROR,
"Either notbefore or notafter were not present in the cert\n");
398 return (X509_cmp_time(notbefore, &reftime) < 0 &&
399 X509_cmp_time(notafter, &reftime) > 0);
404 X509_STORE_CTX *verify_ctx =
NULL;
407 if (!(verify_ctx = X509_STORE_CTX_new())) {
412 if (X509_STORE_CTX_init(verify_ctx,
store->store, cert,
NULL) != 1) {
413 X509_STORE_CTX_cleanup(verify_ctx);
414 X509_STORE_CTX_free(verify_ctx);
419 rc = X509_verify_cert(verify_ctx);
420 if (rc != 1 && err_msg !=
NULL) {
421 int err = X509_STORE_CTX_get_error(verify_ctx);
422 *err_msg = X509_verify_cert_error_string(err);
424 X509_STORE_CTX_cleanup(verify_ctx);
425 X509_STORE_CTX_free(verify_ctx);
430#define SECS_PER_DAY 86400
435 time_t rt = time(
NULL);
437 if (!ASN1_TIME_diff(&pday, &psec,
NULL, at)) {
452 char *search_buff =
NULL;
454 size_t search_len = 0;
463 unsigned long flags =
464 short_name ? XN_FLAG_FN_SN | XN_FLAG_SEP_MULTILINE : XN_FLAG_ONELINE;
465 FILE *fp = open_memstream(&buffer, &
len);
466 BIO *bio = fp ? BIO_new_fp(fp, BIO_CLOSE) :
NULL;
467 X509_NAME *subject = X509_get_subject_name(cert);
470 if (!fp || !bio || !subject) {
474 rc = X509_NAME_print_ex(bio, subject, 0, flags);
488 search_len = strlen(short_name) + 1;
490 if (rc != search_len) {
494 search_buff = buffer;
497 rtn =
ast_malloc(strlen(line) - search_len + 1);
499 strcpy(rtn, line + search_len);
Asterisk main include file. File version handling, generic pbx functions.
void ast_std_free(void *ptr)
#define ast_strdupa(s)
duplicate a string in memory from the stack
#define ast_asprintf(ret, fmt,...)
A wrapper for asprintf()
#define ast_malloc(len)
A wrapper for malloc()
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
#define ao2_alloc(data_size, destructor_fn)
Standard Command Line Interface.
void ast_cli(int fd, const char *fmt,...)
X509 * crypto_load_cert_from_memory(const char *buffer, size_t size)
Load an X509 Cert from a NULL terminated buffer.
static EVP_PKEY * load_private_key_from_memory(const char *buffer, size_t size)
static void crypto_cert_store_destructor(void *obj)
int crypto_is_cert_trusted(struct crypto_cert_store *store, X509 *cert, const char **err_msg)
Check if the cert is trusted.
void crypto_log_openssl(int level, char *file, int line, const char *function, const char *fmt,...)
Print a log message with any OpenSSL errors appended.
int crypto_get_raw_pubkey_from_cert(X509 *cert, unsigned char **buffer)
Retrieve RAW public key from cert.
int crypto_extract_raw_pubkey(EVP_PKEY *key, unsigned char **buffer)
Extract raw public key from EVP_PKEY.
time_t crypto_asn_time_as_time_t(ASN1_TIME *at)
Return a time_t for an ASN1_TIME.
EVP_PKEY * crypto_load_privkey_from_file(const char *filename)
Load a private key from a file.
int crypto_register_x509_extension(const char *oid, const char *short_name, const char *long_name)
Register a certificate extension to openssl.
int crypto_extract_raw_privkey(EVP_PKEY *key, unsigned char **buffer)
Extract raw private key from EVP_PKEY.
int crypto_load(void)
Initialize the crypto utils.
char * crypto_get_cert_subject(X509 *cert, const char *short_name)
Returns the Subject (or component of Subject) from a certificate.
int crypto_is_cert_time_valid(X509 *cert, time_t reftime)
Check if the reftime is within the cert's valid dates.
struct crypto_cert_store * crypto_create_cert_store(void)
Create an empty X509 store.
static int dump_mem_bio(BIO *bio, unsigned char **buffer)
int crypto_has_private_key_from_memory(const char *buffer, size_t size)
Check if the supplied buffer has a private key.
int crypto_unload(void)
Clean up the crypto utils.
X509 * crypto_load_cert_from_file(const char *filename)
Load an X509 Cert from a file.
EVP_PKEY * crypto_load_private_key_from_memory(const char *buffer, size_t size)
Load a private key from memory.
int crypto_show_cli_store(struct crypto_cert_store *store, int fd)
Dump a cert store to the asterisk CLI.
ASN1_OCTET_STRING * crypto_get_cert_extension_data(X509 *cert, int nid, const char *short_name)
Return the data from a specific extension in a cert.
int crypto_load_cert_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with either certificates or CRLs.
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
Support for logging to various files, console and syslog Configuration in file logger....
Asterisk module definitions.
@ AST_MODULE_LOAD_SUCCESS
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
static force_inline int attribute_pure ast_strlen_zero(const char *s)
char * ast_read_line_from_buffer(char **buffer)
Read lines from a string buffer.
static int force_inline attribute_pure ast_begins_with(const char *str, const char *prefix)
Checks whether a string begins with another.
ao2 object wrapper for X509_STORE that provides locking and refcounting
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Vector container support.