EAP-SIM simulation, Is there any oepnssl utilities that will calculate the MAC value for AT_MAC attribute in EAP-SIM
Hi All, I need a help to calculate the MAC value for AT_MAC attribute in EAP-SIM. Is there any openssl utilities (e.g. openssl dgst .) or online tool which will calculate the MAC value when we pass the required input e.g AT_RAND. Thanks, Sanjay
Does any functions are available to encode and decode the TeletexString/T61String to DER formatEOM
Thanks, Sanjay
Need to send CN attribute in TeletexString/T61String format for ASN1DN Id and certificate
Hi, We need to send CN attribute in TeletexString format for ASN1DN Id and certificate. Does openssl support for TeletexString/ T61String(T61String, an arbitrary string of T.61 (eight-bit) characters.) ? What are function user to read the T61String format value ? Could someone help me with list of functions used for T61String ? Thanks, Sanjay
openssl function equivalent to openssl x509 -in test.crt -text -noout
Hi, I am looking for function to display the certificate in text format. What is openssl function equivalent to openssl x509 -in test.crt -text -noout Thanks, Sanjay
memory crash when calling X509_free function
Hi,
I have below 2 functions
1. Received the certificate data is DER format and convert to X509 format
RetCode convert_der_to_x509(uint8_t *cert_der, uint32_t cert_len)
{
const unsigned char *bptr = NULL;
X509 *x509 = NULL;
bptr = (unsigned char *)cert_der;
x509 = d2i_X509(NULL, bptr, cert_len); /*x509 structure is
allocated here*/
if (x509 == NULL)
{
syfer_log-ERR(DER to x509 converion failed);
return RET_ERROR;
}
return RET_SUCCESS;
}
2. Clean up the X509 structure
Void cleanup_x509()
{
X509_free(x509);
}
Query:
When I call the cleanup_x509 function:
I get the memory crash
Backtrace:
Program terminated with signal 11, Segmentation fault.
#0 0x081e7748 in ASN1_STRING_free ()
#0 0x081e7748 in ASN1_STRING_free ()
#1 0x081e2b90 in ASN1_primitive_free ()
#2 0x081e2b7a in ASN1_primitive_free ()
#3 0x081e2c1a in asn1_item_combine_free ()
#4 0x081e2e5d in ASN1_template_free ()
#5 0x081e2d9e in asn1_item_combine_free ()
#6 0x081e2e5d in ASN1_template_free ()
#7 0x081e2d9e in asn1_item_combine_free ()
#8 0x081e2e93 in ASN1_item_free ()
#9 0x081defd7 in X509_free ()
#10 0x08052673 in CertificateRemote::cleanup_x509 (this=0x9bb55f0) at
syfer/crypto/Certificate.cpp:309
What could be possible reason for the above crash ?
Thanks,
Sanjay
facing issue with function d2i_X509
I have function to convert certificate from DER to x509 as follow.
In below function I able to see in GDB cert_der and cert_len is currect
But it crash on line as pointed below.
Why d2i_X509 causing crash ?
Any help ?
RetCode convert_der_to_x509(uint8_t *cert_der, uint32_t cert_len)
{
const unsigned char *bptr = NULL;
X509*x509;
bptr = (unsigned char *)cert_der;
x509 = d2i_X509(NULL, bptr, cert_len); /*CRASH on this line*/
if (x509 == NULL)
{
ERR_print_errors_fp(stderr);
printf(DER to x509 converion failed);
return -1;
}
return 0;
}
Thanks,
sanjay kumar
Issue facing while using function const EVP_MD *EVP_get_digestbyname(const char *name)
Hello All,
I have a test program to use the function EVP_get_digestbyname as below
I am not able figure out why function EVP_get_digestbyname return NULL ?
After running the program as below I am getting the print md is NULL
Any help ?
#include stdio.h
#include openssl/evp.h
int main(int argc, char *argv[])
{
const EVP_MD *md;
const char *hash_type = SHA1;
md = EVP_get_digestbyname(hash_type);
if(md == NULL)
{
printf(\n md is NULL\n);
}
return 0;
}
Compilation:
cc test.c -lcrypto
Running:
./a.out
md is NULL
Thanks,
Sanjay
need to modifying the CN field of CERT subject name
Hi All,
I have a requirement to get unique certificate for each user.
To achieve that I am modifying the CN field of CERT subject name by appending
the user index to CN field.
Eg.
If CN=sanjay
For userIndex 1, I want to modify it like CN=sanjay01, considering the user
count to 1 Lakh.
I have the below code to achieve the above requirement.
But I am memory dump in below line:
if (!X509_NAME_add_entry(target_sub_name, target_entry, -1,
0))
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed
adding entry to certificate);
}
.
Seems it this doesn't allow to increment the length of CN field(look like array
overflow).
Any help to achieve the above requirement or any other way of doing the same ?
Thanks,
Sanjay
Function used to modify the CN field in certificate:
int Certificateclass::generate_cert(X509 *x509, uint32_t user_id, uint8_t
**user_cert, EVP_PKEY *cakey, uint32_t usr_cert_len)
{
unsigned char *ptr = NULL, *temp = NULL, target_cn_value[EAY_MAX_CN_LEN] =
{'\0'};
int len = 0, nid = 0;
uint8_t entry_count = 0, i = 0;
char sub_name_str[EAY_MAX_CN_LEN] = {'\0'}; /*used for logging purpose*/
X509_NAME *base_sub_name = NULL, *target_sub_name = NULL;
X509_NAME_ENTRY *entry = NULL, *target_entry = NULL;
ASN1_OBJECT *entry_obj = NULL;
ASN1_STRING *entry_string = NULL;
char *dataStart = NULL;
long nameLength = 0;
BIO *subjectBio = BIO_new(BIO_s_mem());
char temp_cn[EAY_MAX_CN_LEN]= {'\0'};
base_sub_name = X509_get_subject_name(x509);
entry_count = X509_NAME_entry_count(base_sub_name);
target_sub_name = X509_NAME_new();
X509_NAME_print_ex(subjectBio, base_sub_name, 0, XN_FLAG_ONELINE);
nameLength = BIO_get_mem_data(subjectBio, dataStart);
memcpy(sub_name_str, dataStart, nameLength);
sub_name_str[nameLength] = '\0';
for (i = 0; i entry_count; i++)
{
entry = X509_NAME_get_entry(base_sub_name, i); /*Get all element from
cert sub name*/
if (entry)
{
entry_obj = X509_NAME_ENTRY_get_object(entry);
if (entry_obj)
{
nid = OBJ_obj2nid(entry_obj);
if (NID_commonName == nid)
{
/* if entry NID is CN then append user index, else simply
add to target_sub_name */
if( NULL == commonName)
{
if(NULL != sub_name_str){
LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2,
Certificate subject name received:%s, sub_name_str);
}
commonName = (uint8_t *)calloc(1, EAY_MAX_CN_LEN);
X509_NAME_get_text_by_NID(base_sub_name, nid, (char
*)commonName, EAY_MAX_CN_LEN);
}
{
/*Modifying the certificate subject name */
memcpy(temp_cn, commonName, strlen((char *)commonName));
snprintf((char *)target_cn_value, EAY_MAX_CN_LEN,
%s%06d, temp_cn, user_id);
}
/*adding the new subject to target Enrty*/
target_entry = X509_NAME_ENTRY_create_by_NID(NULL, nid,
MBSTRING_ASC, target_cn_value, -1);
if(NULL == target_entry)
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed to
create target_entry, it is NULL);
if (!X509_NAME_add_entry(target_sub_name, target_entry, -1,
0))
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed
adding entry to certificate);
}
}
else
{
if (!X509_NAME_add_entry(target_sub_name, entry, -1, 0))
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed
adding entry to certificate);
}
}
}
}
}
X509_set_subject_name(x509, target_sub_name);
BIO_free(subjectBio);
subjectBio = BIO_new(BIO_s_mem());
X509_NAME_print_ex(subjectBio, target_sub_name, 0, XN_FLAG_ONELINE);
nameLength = BIO_get_mem_data(subjectBio, dataStart);
memcpy(sub_name_str, dataStart, nameLength);
sub_name_str[nameLength] = '\0';
if(NULL != sub_name_str)
{
LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2, Certificate subject name
updated to:%s for user_id:%d, sub_name_str, user_id);
}
X509_NAME_free(target_sub_name);
BIO_free(subjectBio);
if (!(X509_sign(x509, cakey, EVP_sha1(
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, failed to sign the
certificate);
return 0;
}
*user_cert= (unsigned char *) calloc(1, usr_cert_len + 1);
ptr = *user_cert;
temp = ptr;
i2d_X509(x509,(unsigned char **)ptr);
len = (ptr - temp);
return len;
}
need to modifying the CN field of CERT subject name
Hi All,
I have a requirement to get unique certificate for each user.
To achieve that I am modifying the CN field of CERT subject name by appending
the user index to CN field.
Eg.
If CN=sanjay
For userIndex 1, I want to modify it like CN=sanjay01, considering the user
count to 1 Lakh.
I have the below code to achieve the above requirement.
But I am memory dump in below line:
if (!X509_NAME_add_entry(target_sub_name, target_entry, -1,
0))
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed
adding entry to certificate);
}
.
Seems it this doesn't allow to increment the length of CN field(look like array
overflow).
Any help to achieve the above requirement or any other way of doing the same ?
Thanks,
Sanjay
Function used to modify the CN field in certificate:
int Certificateclass::generate_cert(X509 *x509, uint32_t user_id, uint8_t
**user_cert, EVP_PKEY *cakey, uint32_t usr_cert_len)
{
unsigned char *ptr = NULL, *temp = NULL, target_cn_value[EAY_MAX_CN_LEN] =
{'\0'};
int len = 0, nid = 0;
uint8_t entry_count = 0, i = 0;
char sub_name_str[EAY_MAX_CN_LEN] = {'\0'}; /*used for logging purpose*/
X509_NAME *base_sub_name = NULL, *target_sub_name = NULL;
X509_NAME_ENTRY *entry = NULL, *target_entry = NULL;
ASN1_OBJECT *entry_obj = NULL;
ASN1_STRING *entry_string = NULL;
char *dataStart = NULL;
long nameLength = 0;
BIO *subjectBio = BIO_new(BIO_s_mem());
char temp_cn[EAY_MAX_CN_LEN]= {'\0'};
base_sub_name = X509_get_subject_name(x509);
entry_count = X509_NAME_entry_count(base_sub_name);
target_sub_name = X509_NAME_new();
X509_NAME_print_ex(subjectBio, base_sub_name, 0, XN_FLAG_ONELINE);
nameLength = BIO_get_mem_data(subjectBio, dataStart);
memcpy(sub_name_str, dataStart, nameLength);
sub_name_str[nameLength] = '\0';
for (i = 0; i entry_count; i++)
{
entry = X509_NAME_get_entry(base_sub_name, i); /*Get all element from
cert sub name*/
if (entry)
{
entry_obj = X509_NAME_ENTRY_get_object(entry);
if (entry_obj)
{
nid = OBJ_obj2nid(entry_obj);
if (NID_commonName == nid)
{
/* if entry NID is CN then append user index, else simply
add to target_sub_name */
if( NULL == commonName)
{
if(NULL != sub_name_str){
LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2,
Certificate subject name received:%s, sub_name_str);
}
commonName = (uint8_t *)calloc(1, EAY_MAX_CN_LEN);
X509_NAME_get_text_by_NID(base_sub_name, nid, (char
*)commonName, EAY_MAX_CN_LEN);
}
{
/*Modifying the certificate subject name */
memcpy(temp_cn, commonName, strlen((char *)commonName));
snprintf((char *)target_cn_value, EAY_MAX_CN_LEN,
%s%06d, temp_cn, user_id);
}
/*adding the new subject to target Enrty*/
target_entry = X509_NAME_ENTRY_create_by_NID(NULL, nid,
MBSTRING_ASC, target_cn_value, -1);
if(NULL == target_entry)
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed to
create target_entry, it is NULL);
if (!X509_NAME_add_entry(target_sub_name, target_entry, -1,
0))
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed
adding entry to certificate);
}
}
else
{
if (!X509_NAME_add_entry(target_sub_name, entry, -1, 0))
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, Failed
adding entry to certificate);
}
}
}
}
}
X509_set_subject_name(x509, target_sub_name);
BIO_free(subjectBio);
subjectBio = BIO_new(BIO_s_mem());
X509_NAME_print_ex(subjectBio, target_sub_name, 0, XN_FLAG_ONELINE);
nameLength = BIO_get_mem_data(subjectBio, dataStart);
memcpy(sub_name_str, dataStart, nameLength);
sub_name_str[nameLength] = '\0';
if(NULL != sub_name_str)
{
LOG_EVENT (LOG_LEVEL_INFO, FACILITY_IKEV2, Certificate subject name
updated to:%s for user_id:%d, sub_name_str, user_id);
}
X509_NAME_free(target_sub_name);
BIO_free(subjectBio);
if (!(X509_sign(x509, cakey, EVP_sha1(
{
LOG_EVENT(LOG_LEVEL_ERROR, FACILITY_IKEV2, failed to sign the
certificate);
return 0;
}
*user_cert= (unsigned char *) calloc(1, usr_cert_len + 1);
ptr = *user_cert;
temp = ptr;
i2d_X509(x509,(unsigned char **)ptr);
len = (ptr - temp);
return len;
}
