EAP-SIM simulation, Is there any oepnssl utilities that will calculate the MAC value for AT_MAC attribute in EAP-SIM
Hi All, I need a help to calculate the MAC value for AT_MAC attribute in EAP-SIM. Is there any openssl utilities (e.g. openssl dgst .) or online tool which will calculate the MAC value when we pass the required input e.g AT_RAND. Thanks, Sanjay
Does any functions are available to encode and decode the TeletexString/T61String to DER formatEOM
Thanks, Sanjay
Need to send CN attribute in TeletexString/T61String format for ASN1DN Id and certificate
Hi, We need to send CN attribute in TeletexString format for ASN1DN Id and certificate. Does openssl support for TeletexString/ T61String(T61String, an arbitrary string of T.61 (eight-bit) characters.) ? What are function user to read the T61String format value ? Could someone help me with list of functions used for T61String ? Thanks, Sanjay
openssl function equivalent to openssl x509 -in test.crt -text -noout
Hi, I am looking for function to display the certificate in text format. What is openssl function equivalent to openssl x509 -in test.crt -text -noout Thanks, Sanjay
memory crash when calling X509_free function
Hi, I have below 2 functions 1. Received the certificate data is DER format and convert to X509 format RetCode convert_der_to_x509(uint8_t *cert_der, uint32_t cert_len) { const unsigned char *bptr = NULL; X509 *x509 = NULL; bptr = (unsigned char *)cert_der; x509 = d2i_X509(NULL, bptr, cert_len); /*x509 structure is allocated here*/ if (x509 == NULL) { syfer_log-ERR(DER to x509 converion failed); return RET_ERROR; } return RET_SUCCESS; } 2. Clean up the X509 structure Void cleanup_x509() { X509_free(x509); } Query: When I call the cleanup_x509 function: I get the memory crash Backtrace: Program terminated with signal 11, Segmentation fault. #0 0x081e7748 in ASN1_STRING_free () #0 0x081e7748 in ASN1_STRING_free () #1 0x081e2b90 in ASN1_primitive_free () #2 0x081e2b7a in ASN1_primitive_free () #3 0x081e2c1a in asn1_item_combine_free () #4 0x081e2e5d in ASN1_template_free () #5 0x081e2d9e in asn1_item_combine_free () #6 0x081e2e5d in ASN1_template_free () #7 0x081e2d9e in asn1_item_combine_free () #8 0x081e2e93 in ASN1_item_free () #9 0x081defd7 in X509_free () #10 0x08052673 in CertificateRemote::cleanup_x509 (this=0x9bb55f0) at syfer/crypto/Certificate.cpp:309 What could be possible reason for the above crash ? Thanks, Sanjay
facing issue with function d2i_X509
I have function to convert certificate from DER to x509 as follow. In below function I able to see in GDB cert_der and cert_len is currect But it crash on line as pointed below. Why d2i_X509 causing crash ? Any help ? RetCode convert_der_to_x509(uint8_t *cert_der, uint32_t cert_len) { const unsigned char *bptr = NULL; X509*x509; bptr = (unsigned char *)cert_der; x509 = d2i_X509(NULL, bptr, cert_len); /*CRASH on this line*/ if (x509 == NULL) { ERR_print_errors_fp(stderr); printf(DER to x509 converion failed); return -1; } return 0; } Thanks, sanjay kumar
Issue facing while using function const EVP_MD *EVP_get_digestbyname(const char *name)
Hello All, I have a test program to use the function EVP_get_digestbyname as below I am not able figure out why function EVP_get_digestbyname return NULL ? After running the program as below I am getting the print md is NULL Any help ? #include stdio.h #include openssl/evp.h int main(int argc, char *argv[]) { const EVP_MD *md; const char *hash_type = SHA1; md = EVP_get_digestbyname(hash_type); if(md == NULL) { printf(\n md is NULL\n); } return 0; } Compilation: cc test.c -lcrypto Running: ./a.out md is NULL Thanks, Sanjay
need to modifying the CN field of CERT subject name
Hi All, I have a requirement to get unique certificate for each user. To achieve that I am modifying the CN field of CERT subject name by appending the user index to CN field. Eg. If CN=sanjay For userIndex 1, I want to modify it like CN=sanjay01, considering the user count to 1 Lakh. I have the below code to achieve the above requirement. But I am memory dump in below line: if (!X509_NAME_add_entry(target_sub_name, target_entry, -1, 0)) { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed adding entry to certificate); } . Seems it this doesn't allow to increment the length of CN field(look like array overflow). Any help to achieve the above requirement or any other way of doing the same ? Thanks, Sanjay Function used to modify the CN field in certificate: int Certificateclass::generate_cert(X509 *x509, uint32_t user_id, uint8_t **user_cert, EVP_PKEY *cakey, uint32_t usr_cert_len) { unsigned char *ptr = NULL, *temp = NULL, target_cn_value[EAY_MAX_CN_LEN] = {'\0'}; int len = 0, nid = 0; uint8_t entry_count = 0, i = 0; char sub_name_str[EAY_MAX_CN_LEN] = {'\0'}; /*used for logging purpose*/ X509_NAME *base_sub_name = NULL, *target_sub_name = NULL; X509_NAME_ENTRY *entry = NULL, *target_entry = NULL; ASN1_OBJECT *entry_obj = NULL; ASN1_STRING *entry_string = NULL; char *dataStart = NULL; long nameLength = 0; BIO *subjectBio = BIO_new(BIO_s_mem()); char temp_cn[EAY_MAX_CN_LEN]= {'\0'}; base_sub_name = X509_get_subject_name(x509); entry_count = X509_NAME_entry_count(base_sub_name); target_sub_name = X509_NAME_new(); X509_NAME_print_ex(subjectBio, base_sub_name, 0, XN_FLAG_ONELINE); nameLength = BIO_get_mem_data(subjectBio, dataStart); memcpy(sub_name_str, dataStart, nameLength); sub_name_str[nameLength] = '\0'; for (i = 0; i entry_count; i++) { entry = X509_NAME_get_entry(base_sub_name, i); /*Get all element from cert sub name*/ if (entry) { entry_obj = X509_NAME_ENTRY_get_object(entry); if (entry_obj) { nid = OBJ_obj2nid(entry_obj); if (NID_commonName == nid) { /* if entry NID is CN then append user index, else simply add to target_sub_name */ if( NULL == commonName) { if(NULL != sub_name_str){ LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2, Certificate subject name received:%s, sub_name_str); } commonName = (uint8_t *)calloc(1, EAY_MAX_CN_LEN); X509_NAME_get_text_by_NID(base_sub_name, nid, (char *)commonName, EAY_MAX_CN_LEN); } { /*Modifying the certificate subject name */ memcpy(temp_cn, commonName, strlen((char *)commonName)); snprintf((char *)target_cn_value, EAY_MAX_CN_LEN, %s%06d, temp_cn, user_id); } /*adding the new subject to target Enrty*/ target_entry = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, target_cn_value, -1); if(NULL == target_entry) LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed to create target_entry, it is NULL); if (!X509_NAME_add_entry(target_sub_name, target_entry, -1, 0)) { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed adding entry to certificate); } } else { if (!X509_NAME_add_entry(target_sub_name, entry, -1, 0)) { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed adding entry to certificate); } } } } } X509_set_subject_name(x509, target_sub_name); BIO_free(subjectBio); subjectBio = BIO_new(BIO_s_mem()); X509_NAME_print_ex(subjectBio, target_sub_name, 0, XN_FLAG_ONELINE); nameLength = BIO_get_mem_data(subjectBio, dataStart); memcpy(sub_name_str, dataStart, nameLength); sub_name_str[nameLength] = '\0'; if(NULL != sub_name_str) { LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2, Certificate subject name updated to:%s for user_id:%d, sub_name_str, user_id); } X509_NAME_free(target_sub_name); BIO_free(subjectBio); if (!(X509_sign(x509, cakey, EVP_sha1( { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, failed to sign the certificate); return 0; } *user_cert= (unsigned char *) calloc(1, usr_cert_len + 1); ptr = *user_cert; temp = ptr; i2d_X509(x509,(unsigned char **)ptr); len = (ptr - temp); return len; }
need to modifying the CN field of CERT subject name
Hi All, I have a requirement to get unique certificate for each user. To achieve that I am modifying the CN field of CERT subject name by appending the user index to CN field. Eg. If CN=sanjay For userIndex 1, I want to modify it like CN=sanjay01, considering the user count to 1 Lakh. I have the below code to achieve the above requirement. But I am memory dump in below line: if (!X509_NAME_add_entry(target_sub_name, target_entry, -1, 0)) { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed adding entry to certificate); } . Seems it this doesn't allow to increment the length of CN field(look like array overflow). Any help to achieve the above requirement or any other way of doing the same ? Thanks, Sanjay Function used to modify the CN field in certificate: int Certificateclass::generate_cert(X509 *x509, uint32_t user_id, uint8_t **user_cert, EVP_PKEY *cakey, uint32_t usr_cert_len) { unsigned char *ptr = NULL, *temp = NULL, target_cn_value[EAY_MAX_CN_LEN] = {'\0'}; int len = 0, nid = 0; uint8_t entry_count = 0, i = 0; char sub_name_str[EAY_MAX_CN_LEN] = {'\0'}; /*used for logging purpose*/ X509_NAME *base_sub_name = NULL, *target_sub_name = NULL; X509_NAME_ENTRY *entry = NULL, *target_entry = NULL; ASN1_OBJECT *entry_obj = NULL; ASN1_STRING *entry_string = NULL; char *dataStart = NULL; long nameLength = 0; BIO *subjectBio = BIO_new(BIO_s_mem()); char temp_cn[EAY_MAX_CN_LEN]= {'\0'}; base_sub_name = X509_get_subject_name(x509); entry_count = X509_NAME_entry_count(base_sub_name); target_sub_name = X509_NAME_new(); X509_NAME_print_ex(subjectBio, base_sub_name, 0, XN_FLAG_ONELINE); nameLength = BIO_get_mem_data(subjectBio, dataStart); memcpy(sub_name_str, dataStart, nameLength); sub_name_str[nameLength] = '\0'; for (i = 0; i entry_count; i++) { entry = X509_NAME_get_entry(base_sub_name, i); /*Get all element from cert sub name*/ if (entry) { entry_obj = X509_NAME_ENTRY_get_object(entry); if (entry_obj) { nid = OBJ_obj2nid(entry_obj); if (NID_commonName == nid) { /* if entry NID is CN then append user index, else simply add to target_sub_name */ if( NULL == commonName) { if(NULL != sub_name_str){ LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2, Certificate subject name received:%s, sub_name_str); } commonName = (uint8_t *)calloc(1, EAY_MAX_CN_LEN); X509_NAME_get_text_by_NID(base_sub_name, nid, (char *)commonName, EAY_MAX_CN_LEN); } { /*Modifying the certificate subject name */ memcpy(temp_cn, commonName, strlen((char *)commonName)); snprintf((char *)target_cn_value, EAY_MAX_CN_LEN, %s%06d, temp_cn, user_id); } /*adding the new subject to target Enrty*/ target_entry = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, target_cn_value, -1); if(NULL == target_entry) LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed to create target_entry, it is NULL); if (!X509_NAME_add_entry(target_sub_name, target_entry, -1, 0)) { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed adding entry to certificate); } } else { if (!X509_NAME_add_entry(target_sub_name, entry, -1, 0)) { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed adding entry to certificate); } } } } } X509_set_subject_name(x509, target_sub_name); BIO_free(subjectBio); subjectBio = BIO_new(BIO_s_mem()); X509_NAME_print_ex(subjectBio, target_sub_name, 0, XN_FLAG_ONELINE); nameLength = BIO_get_mem_data(subjectBio, dataStart); memcpy(sub_name_str, dataStart, nameLength); sub_name_str[nameLength] = '\0'; if(NULL != sub_name_str) { LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2, Certificate subject name updated to:%s for user_id:%d, sub_name_str, user_id); } X509_NAME_free(target_sub_name); BIO_free(subjectBio); if (!(X509_sign(x509, cakey, EVP_sha1( { LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, failed to sign the certificate); return 0; } *user_cert= (unsigned char *) calloc(1, usr_cert_len + 1); ptr = *user_cert; temp = ptr; i2d_X509(x509,(unsigned char **)ptr); len = (ptr - temp); return len; }