~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/certs/extract-cert.c

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /certs/extract-cert.c (Version linux-6.12-rc7) and /certs/extract-cert.c (Version linux-5.15.169)


** Warning: Cannot open xref database.

  1 /* Extract X.509 certificate in DER form from       1 
  2  *                                                
  3  * Copyright © 2014-2015 Red Hat, Inc. All Ri    
  4  * Copyright © 2015      Intel Corporation.      
  5  *                                                
  6  * Authors: David Howells <dhowells@redhat.com    
  7  *          David Woodhouse <dwmw2@infradead.o    
  8  *                                                
  9  * This program is free software; you can redi    
 10  * modify it under the terms of the GNU Lesser    
 11  * as published by the Free Software Foundatio    
 12  * of the licence, or (at your option) any lat    
 13  */                                               
 14 #define _GNU_SOURCE                               
 15 #include <stdio.h>                                
 16 #include <stdlib.h>                               
 17 #include <stdint.h>                               
 18 #include <stdbool.h>                              
 19 #include <string.h>                               
 20 #include <err.h>                                  
 21 #include <openssl/bio.h>                          
 22 #include <openssl/pem.h>                          
 23 #include <openssl/err.h>                          
 24 #if OPENSSL_VERSION_MAJOR >= 3                    
 25 # define USE_PKCS11_PROVIDER                      
 26 # include <openssl/provider.h>                    
 27 # include <openssl/store.h>                       
 28 #else                                             
 29 # if !defined(OPENSSL_NO_ENGINE) && !defined(O    
 30 #  define USE_PKCS11_ENGINE                       
 31 #  include <openssl/engine.h>                     
 32 # endif                                           
 33 #endif                                            
 34 #include "ssl-common.h"                           
 35                                                   
 36 #define PKEY_ID_PKCS7 2                           
 37                                                   
 38 static __attribute__((noreturn))                  
 39 void format(void)                                 
 40 {                                                 
 41         fprintf(stderr,                           
 42                 "Usage: extract-cert <source>     
 43         exit(2);                                  
 44 }                                                 
 45                                                   
 46 static const char *key_pass;                      
 47 static BIO *wb;                                   
 48 static char *cert_dst;                            
 49 static bool verbose;                              
 50                                                   
 51 static void write_cert(X509 *x509)                
 52 {                                                 
 53         char buf[200];                            
 54                                                   
 55         if (!wb) {                                
 56                 wb = BIO_new_file(cert_dst, "w    
 57                 ERR(!wb, "%s", cert_dst);         
 58         }                                         
 59         X509_NAME_oneline(X509_get_subject_nam    
 60         ERR(!i2d_X509_bio(wb, x509), "%s", cer    
 61         if (verbose)                              
 62                 fprintf(stderr, "Extracted cer    
 63 }                                                 
 64                                                   
 65 static X509 *load_cert_pkcs11(const char *cert    
 66 {                                                 
 67         X509 *cert = NULL;                        
 68 #ifdef USE_PKCS11_PROVIDER                        
 69         OSSL_STORE_CTX *store;                    
 70                                                   
 71         if (!OSSL_PROVIDER_try_load(NULL, "pkc    
 72                 ERR(1, "OSSL_PROVIDER_try_load    
 73         if (!OSSL_PROVIDER_try_load(NULL, "def    
 74                 ERR(1, "OSSL_PROVIDER_try_load    
 75                                                   
 76         store = OSSL_STORE_open(cert_src, NULL    
 77         ERR(!store, "OSSL_STORE_open");           
 78                                                   
 79         while (!OSSL_STORE_eof(store)) {          
 80                 OSSL_STORE_INFO *info = OSSL_S    
 81                                                   
 82                 if (!info) {                      
 83                         drain_openssl_errors(_    
 84                         continue;                 
 85                 }                                 
 86                 if (OSSL_STORE_INFO_get_type(i    
 87                         cert = OSSL_STORE_INFO    
 88                         ERR(!cert, "OSSL_STORE    
 89                 }                                 
 90                 OSSL_STORE_INFO_free(info);       
 91                 if (cert)                         
 92                         break;                    
 93         }                                         
 94         OSSL_STORE_close(store);                  
 95 #elif defined(USE_PKCS11_ENGINE)                  
 96                 ENGINE *e;                        
 97                 struct {                          
 98                         const char *cert_id;      
 99                         X509 *cert;               
100                 } parms;                          
101                                                   
102                 parms.cert_id = cert_src;         
103                 parms.cert = NULL;                
104                                                   
105                 ENGINE_load_builtin_engines();    
106                 drain_openssl_errors(__LINE__,    
107                 e = ENGINE_by_id("pkcs11");       
108                 ERR(!e, "Load PKCS#11 ENGINE")    
109                 if (ENGINE_init(e))               
110                         drain_openssl_errors(_    
111                 else                              
112                         ERR(1, "ENGINE_init");    
113                 if (key_pass)                     
114                         ERR(!ENGINE_ctrl_cmd_s    
115                 ENGINE_ctrl_cmd(e, "LOAD_CERT_    
116                 ERR(!parms.cert, "Get X.509 fr    
117                 cert = parms.cert;                
118 #else                                             
119                 fprintf(stderr, "no pkcs11 eng    
120                 exit(1);                          
121 #endif                                            
122         return cert;                              
123 }                                                 
124                                                   
125 int main(int argc, char **argv)                   
126 {                                                 
127         char *cert_src;                           
128         char *verbose_env;                        
129                                                   
130         OpenSSL_add_all_algorithms();             
131         ERR_load_crypto_strings();                
132         ERR_clear_error();                        
133                                                   
134         verbose_env = getenv("KBUILD_VERBOSE")    
135         if (verbose_env && strchr(verbose_env,    
136                 verbose = true;                   
137                                                   
138         key_pass = getenv("KBUILD_SIGN_PIN");     
139                                                   
140         if (argc != 3)                            
141                 format();                         
142                                                   
143         cert_src = argv[1];                       
144         cert_dst = argv[2];                       
145                                                   
146         if (!cert_src[0]) {                       
147                 /* Invoked with no input; crea    
148                 FILE *f = fopen(cert_dst, "wb"    
149                 ERR(!f, "%s", cert_dst);          
150                 fclose(f);                        
151                 exit(0);                          
152         } else if (!strncmp(cert_src, "pkcs11:    
153                 X509 *cert = load_cert_pkcs11(    
154                                                   
155                 ERR(!cert, "load_cert_pkcs11 f    
156                 write_cert(cert);                 
157         } else {                                  
158                 BIO *b;                           
159                 X509 *x509;                       
160                                                   
161                 b = BIO_new_file(cert_src, "rb    
162                 ERR(!b, "%s", cert_src);          
163                                                   
164                 while (1) {                       
165                         x509 = PEM_read_bio_X5    
166                         if (wb && !x509) {        
167                                 unsigned long     
168                                 if (ERR_GET_LI    
169                                     ERR_GET_RE    
170                                         ERR_cl    
171                                         break;    
172                                 }                 
173                         }                         
174                         ERR(!x509, "%s", cert_    
175                         write_cert(x509);         
176                 }                                 
177         }                                         
178                                                   
179         BIO_free(wb);                             
180                                                   
181         return 0;                                 
182 }                                                 
183                                                   

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php