zxid
view release on metacpan - search on metacpan
view release on metacpan or search on metacpan
call-anal.pl view on Meta::CPAN
qw(name_from_path vname_from_path open_fd_from_path vopen_fd_from_path close_file
zx_CreateFile write_all_fd write_all_fd_fmt
write_all_path_fmt write2_or_append_lock_c_path
read_all_fd read_all hexdump read_all_alloc get_file_size
sha1_safe_base64 zxid_nice_sha1
zx_strf zx_ref_str zx_ref_len_str zx_dup_str zx_dup_len_str zx_dup_cstr
zx_new_len_str zx_str_to_c
zx_ref_attr zx_ref_len_attr zx_attrf zx_dup_attr zx_dup_len_attr
zx_new_str_elem zx_ref_elem zx_ref_len_elem
zx_url_encode zx_url_encode_len zx_url_encode_raw unbase64_raw
zx_rand zx_report_openssl_err zx_memmem zxid_mk_self_sig_cert zxid_extract_private_key );
push @ignore_callee,
qw(hi_pdu_alloc hi_dump nonblock setkernelbufsizes zxid_get_ent_ss zx_pw_authn
xmtp_decode_resp test_ping http_decode smtp_decode_req smtp_decode_resp );
push @ignore_callee, qw(new_zx_ei);
select STDERR; $|=1; select STDOUT;
sub process_func {
const char* comment)
{
X509* ca_cert = NULL;
X509* new_cert = NULL;
X509_REQ* req = NULL;
EVP_PKEY* ca_pkey = NULL;
char* ret = NULL;
if (!ca_id_pem || !passwd || !req_pem) GOTO_ERR("NULL arg(s)");
if (!(ca_pkey = open_private_key(ca_id_pem, passwd))) goto err;
if (!(ca_cert = extract_certificate(ca_id_pem))) goto err;
if (!(req = extract_request(req_pem))) goto err;
if (!(new_cert = certification_authority(ca_cert, ca_pkey, req,
start_date, end_date, serial,
basic_constraints, cert_type,
key_usage, comment))) goto err;
write_certificate(new_cert, &ret);
err:
csharp/zxid.cs view on Meta::CPAN
public static void zxid_sha1_file(SWIGTYPE_p_zxid_conf cf, string name, string sha1) {
zxidPINVOKE.zxid_sha1_file(SWIGTYPE_p_zxid_conf.getCPtr(cf), name, sha1);
}
public static SWIGTYPE_p_X509 zxid_extract_cert(string buf, string name) {
IntPtr cPtr = zxidPINVOKE.zxid_extract_cert(buf, name);
SWIGTYPE_p_X509 ret = (cPtr == IntPtr.Zero) ? null : new SWIGTYPE_p_X509(cPtr, false);
return ret;
}
public static SWIGTYPE_p_p_void zxid_extract_private_key(string buf, string name) {
IntPtr cPtr = zxidPINVOKE.zxid_extract_private_key(buf, name);
SWIGTYPE_p_p_void ret = (cPtr == IntPtr.Zero) ? null : new SWIGTYPE_p_p_void(cPtr, false);
return ret;
}
public static SWIGTYPE_p_X509 zxid_read_cert(SWIGTYPE_p_zxid_conf cf, string name) {
IntPtr cPtr = zxidPINVOKE.zxid_read_cert(SWIGTYPE_p_zxid_conf.getCPtr(cf), name);
SWIGTYPE_p_X509 ret = (cPtr == IntPtr.Zero) ? null : new SWIGTYPE_p_X509(cPtr, false);
return ret;
}
public static SWIGTYPE_p_p_void zxid_read_private_key(SWIGTYPE_p_zxid_conf cf, string name) {
IntPtr cPtr = zxidPINVOKE.zxid_read_private_key(SWIGTYPE_p_zxid_conf.getCPtr(cf), name);
SWIGTYPE_p_p_void ret = (cPtr == IntPtr.Zero) ? null : new SWIGTYPE_p_p_void(cPtr, false);
return ret;
}
public static int zxid_lazy_load_sign_cert_and_pkey(SWIGTYPE_p_zxid_conf cf, SWIGTYPE_p_p_X509 cert, SWIGTYPE_p_p_p_void pkey, string logkey) {
int ret = zxidPINVOKE.zxid_lazy_load_sign_cert_and_pkey(SWIGTYPE_p_zxid_conf.getCPtr(cf), SWIGTYPE_p_p_X509.getCPtr(cert), SWIGTYPE_p_p_p_void.getCPtr(pkey), logkey);
return ret;
}
public static int zxid_set_opt(SWIGTYPE_p_zxid_conf cf, int which, int val) {
csharp/zxidPINVOKE.cs view on Meta::CPAN
[DllImport("zxid", EntryPoint="CSharp_zxid_my_issuer")]
public static extern IntPtr zxid_my_issuer(HandleRef jarg1);
[DllImport("zxid", EntryPoint="CSharp_zxid_sha1_file")]
public static extern void zxid_sha1_file(HandleRef jarg1, string jarg2, string jarg3);
[DllImport("zxid", EntryPoint="CSharp_zxid_extract_cert")]
public static extern IntPtr zxid_extract_cert(string jarg1, string jarg2);
[DllImport("zxid", EntryPoint="CSharp_zxid_extract_private_key")]
public static extern IntPtr zxid_extract_private_key(string jarg1, string jarg2);
[DllImport("zxid", EntryPoint="CSharp_zxid_read_cert")]
public static extern IntPtr zxid_read_cert(HandleRef jarg1, string jarg2);
[DllImport("zxid", EntryPoint="CSharp_zxid_read_private_key")]
public static extern IntPtr zxid_read_private_key(HandleRef jarg1, string jarg2);
[DllImport("zxid", EntryPoint="CSharp_zxid_lazy_load_sign_cert_and_pkey")]
public static extern int zxid_lazy_load_sign_cert_and_pkey(HandleRef jarg1, HandleRef jarg2, HandleRef jarg3, string jarg4);
[DllImport("zxid", EntryPoint="CSharp_zxid_set_opt")]
public static extern int zxid_set_opt(HandleRef jarg1, int jarg2, int jarg3);
[DllImport("zxid", EntryPoint="CSharp_zxid_set_opt_cstr")]
public static extern string zxid_set_opt_cstr(HandleRef jarg1, int jarg2, string jarg3);
* Normally this would cause the verification to happen, but we supply
* a callback that effectively causes verification to pass in any case,
* so that we postpone it to the moment when we see CONNECT. */
SSL_CTX_set_verify(shf->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, zxbus_verify_cb);
//SSL_CTX_set_cert_verify_callback(shf->ssl_ctx, zxbus_cert_verify_cb, cf);
/*SSL_CTX_load_verify_locations() SSL_CTX_set_client_CA_list(3) SSL_CTX_set_cert_store(3) */
if (!zxbus_cf->enc_cert)
zxbus_cf->enc_cert = zxid_read_cert(zxbus_cf, "enc-nopw-cert.pem");
if (!zxbus_cf->enc_pkey)
zxbus_cf->enc_pkey = zxid_read_private_key(zxbus_cf, "enc-nopw-cert.pem");
if (!SSL_CTX_use_certificate(shf->ssl_ctx, zxbus_cf->enc_cert)) {
ERR("SSL certificate problem %d", 0);
zx_report_openssl_err("new_shuffler-cert");
return 0;
}
if (!SSL_CTX_use_PrivateKey(shf->ssl_ctx, zxbus_cf->enc_pkey)) {
ERR("SSL private key problem %d", 0);
zx_report_openssl_err("new_shuffler-privkey");
return 0;
}
if (!SSL_CTX_check_private_key(shf->ssl_ctx)) {
ERR("SSL certificate-private key consistency problem %d", 0);
zx_report_openssl_err("new_shuffler-chk-privkey");
return 0;
}
#endif
return shf;
}
/* EOF -- hiinit.c */
if (priv_out) *priv_out = NULL;
if (x509ss_out) *x509ss_out = NULL;
if (request_out) *request_out = NULL;
if (keygen(dn, attr, comment, &pkey, &x509ss, &req) == -1) goto err;
/* Write private key to file. While its being
* written, it will also get encrypted. */
if (passwd && priv_out) {
if (write_private_key(pkey, passwd, priv_out) == -1) goto err;
EVP_PKEY_free(pkey); /* free early so memory can be reused */
pkey = NULL;
}
if (request_out) {
if (write_request(req, request_out) == -1) goto err;
X509_REQ_free(req); /* free early so memory can be reused */
req = NULL;
}
PKCS12_SAFEBAG* bag;
PKCS8_PRIV_KEY_INFO* p8;
PKCS7* authsafe;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
if (!x509 || !pkey || !pkcs12_passwd) GOTO_ERR("NULL arg(s)");
/* Figure out if cert goes with our private key */
if(X509_check_private_key(x509, pkey)) {
X509_digest(x509, EVP_sha1(), keyid, &keyidlen);
} else
GOTO_ERR("05 x509 cert does not match private key. Wrong files?");
if(!keyidlen) GOTO_ERR("05 No certificate matches private key");
/* Include the cert */
if (!(bags = (STACK_OF(PKCS12_SAFEBAG)*)sk_new(NULL))) GOTO_ERR("no memory?");
if (!(bag = M_PKCS12_x5092certbag(x509))) GOTO_ERR("M_PKCS12_x5092certbag");
smimemime.c view on Meta::CPAN
err:
return NULL;
}
/* Canonicalization involves converting LF->CRLF (Unix) and CR->CRLF (Mac).
* Canonicalization is of prime importance when signing data because
* verification assumes canonicalized form. This canonicalization is really
* not mime specific at all so you can use it for fixing PEM blobs
* on Mac (becaue OpenSSL does not understand lone CR as line termination). */
/* Called by: clear_sign, extract_certificate, extract_request, main, open_private_key, sign */
char*
mime_canon(const char* s)
{
char* d;
char* p;
int len;
len = strlen(s);
p = d = (char*)OPENSSL_malloc(len + len); /* Reserve spaces for CR's to be inserted. */
if (!d) GOTO_ERR("no memory?");
smimeutil.c view on Meta::CPAN
}
strcpy(smime_error_buf, SMIME_VERSION " no randomfile");
RAND_seed(&t,sizeof(t));
RAND_write_file(randomfile); /* create random file if possible */
return -1;
}
/* Initialize a memory BIO to have certain content */
/* Called by: encrypt1, extract_certificate, extract_request, get_pkcs7_from_pem, load_PKCS12, open_private_key, smime_base64, smime_pkcs12_to_pem_generic, smime_sign_engine, smime_verify_signature */
BIO* set_read_BIO_from_buf(const char* buf, int len)
{
BIO* rbio;
BUF_MEM* bm;
if (!buf) GOTO_ERR("NULL file buffer");
if (len == -1) len = strlen(buf);
LOG_PRINT3("set_read_BIO_from_buf %x, len %d", buf, len);
if (!(rbio = BIO_new(BIO_s_mem()))) GOTO_ERR("no memory?");
if (!(bm = BUF_MEM_new())) GOTO_ERR("no memory?");
if (!BUF_MEM_grow(bm, len)) GOTO_ERR("no memory?");
zxbusprod.c view on Meta::CPAN
case 0x02: /* Sx plain sha1 */
sigletter = 'S';
sig = ZX_ALLOC(cf->ctx, 20);
SHA1((unsigned char*)zbuf, zlen, (unsigned char*)sig);
len = 20;
break;
case 0x04: /* Rx RSA-SHA1 signature */
sigletter = 'R';
LOCK(cf->mx, "logsign-wrln");
if (!(log_sign_pkey = cf->log_sign_pkey))
log_sign_pkey = cf->log_sign_pkey = zxid_read_private_key(cf, "logsign-nopw-cert.pem");
UNLOCK(cf->mx, "logsign-wrln");
if (!log_sign_pkey)
break;
len = zxsig_data(cf->ctx, zlen, zbuf, &sig, log_sign_pkey, "enc log line", 0);
break;
case 0x06: /* Dx DSA-SHA1 signature */
ERR("DSA-SHA1 sig not implemented in encrypted mode. Use RSA-SHA1 or none. %x", encflags);
break;
case 0: break; /* Px no signing */
}
D("RSA public decrypt failed ret=%d len_cipher_data=%d",ret,ciphered->len);
zx_report_openssl_err("zx_public_decrypt_rsa fail");
return 0;
}
ASSERTOPI(ret, <=, siz);
plain->len = ret;
plain->s[ret] = 0;
return plain;
}
/*() RSA private key decryption. See zxid_read_private_key() and zxid_extract_private_key()
* for ways to read in the private key data structure.
* N.B. This function +only+ does the private key part. It does not
* perform combined dec-session-key-with-priv-key-and-then-data-with-session-key
* operation, though this function could be used as a component to implement
* such a system.
*
* This is considered a low level function. See zxenc_privkey_dec() for a higher level solution. */
/* Called by: zxenc_privkey_dec x2 */
struct zx_str* zx_rsa_priv_dec(struct zx_ctx* c, struct zx_str* ciphered, RSA* rsa_pkey, int pad)
zxencdectest.c view on Meta::CPAN
if (got_all <= 0) DIE("Missing data");
buf[got_all] = 0;
/* IBM padding debug */
cf = zxid_new_conf("/var/zxid/");
r = zx_dec_zx_root(cf->ctx, got_all, buf, "zxencdectest");
if (!r || !r->Envelope || r->Envelope->Body || r->Envelope->Body->LogoutRequest)
DIE("Decode failure");
#if 1
cf->enc_pkey = zxid_read_private_key(cf, "sym-idp-enc.pem");
#else
cf->enc_pkey = zxid_read_private_key(cf, "ibm-idp-enc.pem");
#endif
req = r->Envelope->Body->LogoutRequest;
req->NameID = zxid_decrypt_nameid(cf, req->NameID, req->EncryptedID);
printf("r1 nid(%.*s)\n", ZX_GET_CONTENT_LEN(req->NameID), ZX_GET_CONTENT_S(req->NameID));
}
/* Called by: opt */
void test_ibm_cert_problem_enc_dec() /* -r 2 */
{
zxid_httpd.c view on Meta::CPAN
die_perror("listen(2): can't bind to any address");
}
if (do_ssl) {
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
ssl_ctx = SSL_CTX_new(SSLv23_server_method());
if (certfile[0] != '\0')
if (!SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM) ||
!SSL_CTX_use_PrivateKey_file(ssl_ctx, certfile, SSL_FILETYPE_PEM) ||
!SSL_CTX_check_private_key(ssl_ctx)) {
ERR_print_errors_fp(stderr);
exit(1);
}
if (cipher) {
if (!SSL_CTX_set_cipher_list(ssl_ctx, cipher)) {
ERR_print_errors_fp(stderr);
exit(1);
}
}
}
ERR("DER decoding of X509 certificate failed.\n%d", 0);
return 0;
}
return x;
}
/*() Extract a private key from PEM encoded string.
* *** This function needs to expand to handle DSA and EC */
/* Called by: */
EVP_PKEY* zxid_extract_private_key(char* buf, char* name)
{
char* p;
char* e;
int typ;
EVP_PKEY* pk = 0; /* Forces d2i_PrivateKey() to alloc the memory. */
OpenSSL_add_all_algorithms();
if (p = strstr(buf, PEM_RSA_PRIV_KEY_START)) {
typ = EVP_PKEY_RSA;
e = PEM_RSA_PRIV_KEY_END;
zxlog(cf, 0, 0, 0, 0, 0, 0, 0, "N", "C", "EMISS", 0, "EncryptedKey not found");
return 0;
}
raw.s = ZX_ALLOC(cf->ctx, SIMPLE_BASE64_PESSIMISTIC_DECODE_LEN(ss->len));
lim = unbase64_raw(ss->s, ss->s+ss->len, raw.s, zx_std_index_64);
raw.len = lim - raw.s;
LOCK(cf->mx, "zxenc_privkey_dec");
if (!(enc_pkey = cf->enc_pkey))
enc_pkey = cf->enc_pkey = zxid_read_private_key(cf, "enc-nopw-cert.pem");
UNLOCK(cf->mx, "zxenc_privkey_dec");
if (!enc_pkey)
return 0;
if (!ek->EncryptionMethod || !(ss = &ek->EncryptionMethod->Algorithm->g) || !ss->len) {
ERR("Missing or malformed EncryptionMethod %p", ek->EncryptionMethod);
return 0;
}
if (sizeof(ENC_KEYTRAN_RSA_1_5)-1 == ss->len
view release on metacpan - search on metacpan
( run in 3.140 seconds using v1.00-cache-2.02-grep-82fe00e-cpan-f73e49a70403 )