storeutl.c@ 95000

Last change on this file since 95000 was 91772, checked in by vboxsync, 3 years ago
openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126
File size: 16.1 KB

Line
1	/*
2	* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/opensslconf.h>
11
12	#include "apps.h"
13	#include "progs.h"
14	#include <openssl/err.h>
15	#include <openssl/pem.h>
16	#include <openssl/store.h>
17	#include <openssl/x509v3.h> /* s2i_ASN1_INTEGER */
18
19	static int process(const char uri, const UI_METHOD uimeth, PW_CB_DATA *uidata,
20	int expected, int criterion, OSSL_STORE_SEARCH *search,
21	int text, int noout, int recursive, int indent, BIO *out,
22	const char *prog);
23
24	typedef enum OPTION_choice {
25	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN,
26	OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE,
27	OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS,
28	OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL,
29	OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS,
30	OPT_MD
31	} OPTION_CHOICE;
32
33	const OPTIONS storeutl_options[] = {
34	{OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\nValid options are:\n"},
35	{"help", OPT_HELP, '-', "Display this summary"},
36	{"out", OPT_OUT, '>', "Output file - default stdout"},
37	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
38	{"text", OPT_TEXT, '-', "Print a text form of the objects"},
39	{"noout", OPT_NOOUT, '-', "No PEM output, just status"},
40	{"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"},
41	{"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"},
42	{"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"},
43	{"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"},
44	{"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"},
45	{"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"},
46	{"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"},
47	{"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"},
48	{"", OPT_MD, '-', "Any supported digest"},
49	#ifndef OPENSSL_NO_ENGINE
50	{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
51	#endif
52	{"r", OPT_RECURSIVE, '-', "Recurse through names"},
53	{NULL}
54	};
55
56	int storeutl_main(int argc, char *argv[])
57	{
58	int ret = 1, noout = 0, text = 0, recursive = 0;
59	char outfile = NULL, passin = NULL, *passinarg = NULL;
60	BIO *out = NULL;
61	ENGINE *e = NULL;
62	OPTION_CHOICE o;
63	char *prog = opt_init(argc, argv, storeutl_options);
64	PW_CB_DATA pw_cb_data;
65	int expected = 0;
66	int criterion = 0;
67	X509_NAME subject = NULL, issuer = NULL;
68	ASN1_INTEGER *serial = NULL;
69	unsigned char *fingerprint = NULL;
70	size_t fingerprintlen = 0;
71	char *alias = NULL;
72	OSSL_STORE_SEARCH *search = NULL;
73	const EVP_MD *digest = NULL;
74
75	while ((o = opt_next()) != OPT_EOF) {
76	switch (o) {
77	case OPT_EOF:
78	case OPT_ERR:
79	opthelp:
80	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
81	goto end;
82	case OPT_HELP:
83	opt_help(storeutl_options);
84	ret = 0;
85	goto end;
86	case OPT_OUT:
87	outfile = opt_arg();
88	break;
89	case OPT_PASSIN:
90	passinarg = opt_arg();
91	break;
92	case OPT_NOOUT:
93	noout = 1;
94	break;
95	case OPT_TEXT:
96	text = 1;
97	break;
98	case OPT_RECURSIVE:
99	recursive = 1;
100	break;
101	case OPT_SEARCHFOR_CERTS:
102	case OPT_SEARCHFOR_KEYS:
103	case OPT_SEARCHFOR_CRLS:
104	if (expected != 0) {
105	BIO_printf(bio_err, "%s: only one search type can be given.\n",
106	prog);
107	goto end;
108	}
109	{
110	static const struct {
111	enum OPTION_choice choice;
112	int type;
113	} map[] = {
114	{OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT},
115	{OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY},
116	{OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL},
117	};
118	size_t i;
119
120	for (i = 0; i < OSSL_NELEM(map); i++) {
121	if (o == map[i].choice) {
122	expected = map[i].type;
123	break;
124	}
125	}
126	/*
127	* If expected wasn't set at this point, it means the map
128	* isn't synchronised with the possible options leading here.
129	*/
130	OPENSSL_assert(expected != 0);
131	}
132	break;
133	case OPT_CRITERION_SUBJECT:
134	if (criterion != 0) {
135	BIO_printf(bio_err, "%s: criterion already given.\n",
136	prog);
137	goto end;
138	}
139	criterion = OSSL_STORE_SEARCH_BY_NAME;
140	if (subject != NULL) {
141	BIO_printf(bio_err, "%s: subject already given.\n",
142	prog);
143	goto end;
144	}
145	if ((subject = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
146	BIO_printf(bio_err, "%s: can't parse subject argument.\n",
147	prog);
148	goto end;
149	}
150	break;
151	case OPT_CRITERION_ISSUER:
152	if (criterion != 0
153	\|\| (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
154	&& issuer != NULL)) {
155	BIO_printf(bio_err, "%s: criterion already given.\n",
156	prog);
157	goto end;
158	}
159	criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
160	if (issuer != NULL) {
161	BIO_printf(bio_err, "%s: issuer already given.\n",
162	prog);
163	goto end;
164	}
165	if ((issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
166	BIO_printf(bio_err, "%s: can't parse issuer argument.\n",
167	prog);
168	goto end;
169	}
170	break;
171	case OPT_CRITERION_SERIAL:
172	if (criterion != 0
173	\|\| (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
174	&& serial != NULL)) {
175	BIO_printf(bio_err, "%s: criterion already given.\n",
176	prog);
177	goto end;
178	}
179	criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
180	if (serial != NULL) {
181	BIO_printf(bio_err, "%s: serial number already given.\n",
182	prog);
183	goto end;
184	}
185	if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) {
186	BIO_printf(bio_err, "%s: can't parse serial number argument.\n",
187	prog);
188	goto end;
189	}
190	break;
191	case OPT_CRITERION_FINGERPRINT:
192	if (criterion != 0
193	\|\| (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
194	&& fingerprint != NULL)) {
195	BIO_printf(bio_err, "%s: criterion already given.\n",
196	prog);
197	goto end;
198	}
199	criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
200	if (fingerprint != NULL) {
201	BIO_printf(bio_err, "%s: fingerprint already given.\n",
202	prog);
203	goto end;
204	}
205	{
206	long tmplen = 0;
207
208	if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen))
209	== NULL) {
210	BIO_printf(bio_err,
211	"%s: can't parse fingerprint argument.\n",
212	prog);
213	goto end;
214	}
215	fingerprintlen = (size_t)tmplen;
216	}
217	break;
218	case OPT_CRITERION_ALIAS:
219	if (criterion != 0) {
220	BIO_printf(bio_err, "%s: criterion already given.\n",
221	prog);
222	goto end;
223	}
224	criterion = OSSL_STORE_SEARCH_BY_ALIAS;
225	if (alias != NULL) {
226	BIO_printf(bio_err, "%s: alias already given.\n",
227	prog);
228	goto end;
229	}
230	if ((alias = OPENSSL_strdup(opt_arg())) == NULL) {
231	BIO_printf(bio_err, "%s: can't parse alias argument.\n",
232	prog);
233	goto end;
234	}
235	break;
236	case OPT_ENGINE:
237	e = setup_engine(opt_arg(), 0);
238	break;
239	case OPT_MD:
240	if (!opt_md(opt_unknown(), &digest))
241	goto opthelp;
242	}
243	}
244	argc = opt_num_rest();
245	argv = opt_rest();
246
247	if (argc == 0) {
248	BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog);
249	goto opthelp;
250	}
251	if (argc > 1) {
252	BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog);
253	goto opthelp;
254	}
255
256	if (criterion != 0) {
257	switch (criterion) {
258	case OSSL_STORE_SEARCH_BY_NAME:
259	if ((search = OSSL_STORE_SEARCH_by_name(subject)) == NULL) {
260	ERR_print_errors(bio_err);
261	goto end;
262	}
263	break;
264	case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
265	if (issuer == NULL \|\| serial == NULL) {
266	BIO_printf(bio_err,
267	"%s: both -issuer and -serial must be given.\n",
268	prog);
269	goto end;
270	}
271	if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial))
272	== NULL) {
273	ERR_print_errors(bio_err);
274	goto end;
275	}
276	break;
277	case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
278	if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest,
279	fingerprint,
280	fingerprintlen))
281	== NULL) {
282	ERR_print_errors(bio_err);
283	goto end;
284	}
285	break;
286	case OSSL_STORE_SEARCH_BY_ALIAS:
287	if ((search = OSSL_STORE_SEARCH_by_alias(alias)) == NULL) {
288	ERR_print_errors(bio_err);
289	goto end;
290	}
291	break;
292	}
293	}
294
295	if (!app_passwd(passinarg, NULL, &passin, NULL)) {
296	BIO_printf(bio_err, "Error getting passwords\n");
297	goto end;
298	}
299	pw_cb_data.password = passin;
300	pw_cb_data.prompt_info = argv[0];
301
302	out = bio_open_default(outfile, 'w', FORMAT_TEXT);
303	if (out == NULL)
304	goto end;
305
306	ret = process(argv[0], get_ui_method(), &pw_cb_data,
307	expected, criterion, search,
308	text, noout, recursive, 0, out, prog);
309
310	end:
311	OPENSSL_free(fingerprint);
312	OPENSSL_free(alias);
313	ASN1_INTEGER_free(serial);
314	X509_NAME_free(subject);
315	X509_NAME_free(issuer);
316	OSSL_STORE_SEARCH_free(search);
317	BIO_free_all(out);
318	OPENSSL_free(passin);
319	release_engine(e);
320	return ret;
321	}
322
323	static int indent_printf(int indent, BIO bio, const char format, ...)
324	{
325	va_list args;
326	int ret;
327
328	va_start(args, format);
329
330	ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
331
332	va_end(args);
333	return ret;
334	}
335
336	static int process(const char uri, const UI_METHOD uimeth, PW_CB_DATA *uidata,
337	int expected, int criterion, OSSL_STORE_SEARCH *search,
338	int text, int noout, int recursive, int indent, BIO *out,
339	const char *prog)
340	{
341	OSSL_STORE_CTX *store_ctx = NULL;
342	int ret = 1, items = 0;
343
344	if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL))
345	== NULL) {
346	BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
347	ERR_print_errors(bio_err);
348	return ret;
349	}
350
351	if (expected != 0) {
352	if (!OSSL_STORE_expect(store_ctx, expected)) {
353	ERR_print_errors(bio_err);
354	goto end2;
355	}
356	}
357
358	if (criterion != 0) {
359	if (!OSSL_STORE_supports_search(store_ctx, criterion)) {
360	BIO_printf(bio_err,
361	"%s: the store scheme doesn't support the given search criteria.\n",
362	prog);
363	goto end2;
364	}
365
366	if (!OSSL_STORE_find(store_ctx, search)) {
367	ERR_print_errors(bio_err);
368	goto end2;
369	}
370	}
371
372	/* From here on, we count errors, and we'll return the count at the end */
373	ret = 0;
374
375	for (;;) {
376	OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx);
377	int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
378	const char *infostr =
379	info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
380
381	if (info == NULL) {
382	if (OSSL_STORE_eof(store_ctx))
383	break;
384
385	if (OSSL_STORE_error(store_ctx)) {
386	if (recursive)
387	ERR_clear_error();
388	else
389	ERR_print_errors(bio_err);
390	ret++;
391	continue;
392	}
393
394	BIO_printf(bio_err,
395	"ERROR: OSSL_STORE_load() returned NULL without "
396	"eof or error indications\n");
397	BIO_printf(bio_err, " This is an error in the loader\n");
398	ERR_print_errors(bio_err);
399	ret++;
400	break;
401	}
402
403	if (type == OSSL_STORE_INFO_NAME) {
404	const char *name = OSSL_STORE_INFO_get0_NAME(info);
405	const char *desc = OSSL_STORE_INFO_get0_NAME_description(info);
406	indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr,
407	name);
408	if (desc != NULL)
409	indent_printf(indent, bio_out, "%s\n", desc);
410	} else {
411	indent_printf(indent, bio_out, "%d: %s\n", items, infostr);
412	}
413
414	/*
415	* Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in
416	* functionality, so we must figure out how exactly to write things
417	* ourselves...
418	*/
419	switch (type) {
420	case OSSL_STORE_INFO_NAME:
421	if (recursive) {
422	const char *suburi = OSSL_STORE_INFO_get0_NAME(info);
423	ret += process(suburi, uimeth, uidata,
424	expected, criterion, search,
425	text, noout, recursive, indent + 2, out, prog);
426	}
427	break;
428	case OSSL_STORE_INFO_PARAMS:
429	if (text)
430	EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info),
431	0, NULL);
432	if (!noout)
433	PEM_write_bio_Parameters(out,
434	OSSL_STORE_INFO_get0_PARAMS(info));
435	break;
436	case OSSL_STORE_INFO_PKEY:
437	if (text)
438	EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info),
439	0, NULL);
440	if (!noout)
441	PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info),
442	NULL, NULL, 0, NULL, NULL);
443	break;
444	case OSSL_STORE_INFO_CERT:
445	if (text)
446	X509_print(out, OSSL_STORE_INFO_get0_CERT(info));
447	if (!noout)
448	PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info));
449	break;
450	case OSSL_STORE_INFO_CRL:
451	if (text)
452	X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info));
453	if (!noout)
454	PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info));
455	break;
456	default:
457	BIO_printf(bio_err, "!!! Unknown code\n");
458	ret++;
459	break;
460	}
461	items++;
462	OSSL_STORE_INFO_free(info);
463	}
464	indent_printf(indent, out, "Total found: %d\n", items);
465
466	end2:
467	if (!OSSL_STORE_close(store_ctx)) {
468	ERR_print_errors(bio_err);
469	ret++;
470	}
471
472	return ret;
473	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-1.1.1l/apps/storeutl.c@ 95000

Download in other formats: