Revoke existing certificate in openssl - c

I have created openssl certificates so i have .crt and .key file. If I want to add those certificates in existing certificate revocation list then how can we do that ?
I have tried with below code.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/asn1.h>
#define DB_NUMBER 6
#define DB_name 5
#define DB_serial 3
#define DB_rev_date 2
static X509* load_cert(const char* usercert)
{
/* read usercert from file */
X509* x = NULL;
BIO* bio = BIO_new(BIO_s_file());
assert(bio != NULL);
assert(BIO_read_filename(bio, usercert) > 0);
x = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
BIO_free(bio);
assert(x != NULL);
return x;
}
int main()
{
int i;
ASN1_UTCTIME* tm = NULL;
char* rev_str = NULL;
BIGNUM* bn = NULL;
char* row[DB_NUMBER];
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
X509* x = load_cert("../client.crt");
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x), NULL);
assert(bn != NULL);
if (BN_is_zero(bn))
row[DB_serial] = BUF_strdup("00");
else
row[DB_serial] = BN_bn2hex(bn);
BN_free(bn);
//assert(row[DB_name] != NULL);
//assert(row[DB_serial] != NULL);
printf("Serial Number is: %s\n", row[DB_serial]);
printf("---- Now Updating CRL file with expired client certificates --------\n");
char *crl_file_path = "../root_mod.crl";
FILE *fp_crl_file = NULL;
X509_CRL *x_crl = NULL;
BIGNUM* serial = NULL;
/* Get the CA crl */
fp_crl_file = fopen(crl_file_path, "r");
if (!fp_crl_file)
{
printf("---- Error while opening CRL file --------\n");
exit(1);
}
x_crl = PEM_read_X509_CRL(fp_crl_file, NULL, NULL, NULL);
if (!x_crl)
{
printf("---- Error while reading X509 CRL file --------\n");
exit(1);
}
fclose(fp_crl_file);
X509_REVOKED* r = X509_REVOKED_new();
assert(r != NULL);
assert(BN_hex2bn(&serial, row[DB_serial]) > 0);
ASN1_INTEGER* tmpser = BN_to_ASN1_INTEGER(serial, NULL);
BN_free(serial);
serial = NULL;
assert(tmpser != NULL);
i = X509_REVOKED_set_serialNumber(r, tmpser);
ASN1_INTEGER_free(tmpser);
X509_CRL_add0_revoked(x_crl, r);
return 0;
}
I have wrote above code and i got the serial number but do not get added to revoked list in "root_mod.crl" file.
Can you suggest any pointers ?

Related

key_add is returning same signature values

so im trying to add ecryptfs fnek and fekek signatures to the user keyring and im using openssl to generate a random payload for the keys but for some reason the signatures are the same each time i run my program even though RAND_priv_bytes doesn't fail and the value of random_bytes changes each time but the signature stays the same.
here is the code currently.
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include <keyutils.h>
#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
int main(){
key_serial_t fekek_sig;
key_serial_t fnek_sig;
const int BYTE_NUM = 496;
char random_bytes[BYTE_NUM];
const EVP_MD *md = NULL;
const EVP_MD *md2 = NULL;
EVP_MD_CTX *md_ctx = NULL;
EVP_MD_CTX *md2_ctx = NULL;
unsigned char md_res[EVP_MAX_MD_SIZE], md2_res[EVP_MAX_MD_SIZE];
unsigned int md_len, md2_len;
const char KEY_TYPE[] = "user";
const char FEKEK_DESC[] = "EcryptFS FEKEK Signature";
const char FNEK_DESC[] = "EcryptFS FNEK Signature";
md = EVP_get_digestbyname("SHA512");
md2 = EVP_get_digestbyname("BLAKE2B512");
md_ctx = EVP_MD_CTX_new();
md2_ctx = EVP_MD_CTX_new();
EVP_DigestInit_ex(md_ctx, md, NULL);
EVP_DigestInit_ex(md2_ctx, md2, NULL);
int rc;
rc = RAND_priv_bytes(random_bytes, BYTE_NUM);
if (rc == 1)
{
EVP_DigestUpdate(md_ctx, random_bytes, BYTE_NUM);
}
else if (rc == -1 || rc == 0)
{
fprintf(stderr, "%d\n", ERR_get_error());
}
rc = RAND_priv_bytes(random_bytes, BYTE_NUM);
if (rc == 1)
{
EVP_DigestUpdate(md2_ctx, random_bytes, BYTE_NUM);
}
else if (rc == -1 || rc == 0)
{
fprintf(stderr, "%d\n", ERR_get_error());
}
EVP_DigestFinal_ex(md_ctx, md_res, &md_len);
EVP_DigestFinal_ex(md2_ctx, md2_res, &md2_len);
fekek_sig = add_key(KEY_TYPE, FEKEK_DESC, md_res, md_len, KEY_SPEC_USER_KEYRING);
fnek_sig = add_key(KEY_TYPE, FNEK_DESC, md2_res, md2_len, KEY_SPEC_USER_KEYRING);
EVP_MD_CTX_free(md_ctx);
EVP_MD_CTX_free(md2_ctx);
printf("FEKEK=%d\nFNEK=%d\n", fekek_sig, fnek_sig);
return 0;
}
and this is what gets printed
$ gcc main.c -o test -lkeyutils -lssl -lcrypto
$ ./test
FEKEK=570453362
FNEK=791909717
$ ./test
FEKEK=570453362
FNEK=791909717
does anyone know why this is?

Get all output from sqlite3 in C

I have a table with 2 entry :
id hostname ip port
1 Raspberry pi 192.168.1.49 22
2 Test 127.0.0.1 22
In my code i get only the first entry with sqlite3.
I have :
{"id": "1", "hostname": "Raspberry pi", "ip": "192.168.1.49", "port": "22"}
Where is the second entry ?
I tried with printf and get the same problem it's not json issue.
There is the code :
#include <stdarg.h> /* va_list */
#include <stddef.h> /* NULL */
#include <stdint.h> /* int64_t */
#include <stdlib.h>
#include <string.h> /* memset */
#include <stdio.h>
#include <sqlite3.h>
#include <kcgi.h>
#include <kcgihtml.h>
#include <kcgijson.h>
static int callback(void *ptr, int argc, char **argv, char **azColName) {
struct kjsonreq *req = (struct kjsonreq *)ptr;
struct khtmlreq r;
int i;
for(i=0; i<argc; i++){
kjson_putstringp(req, azColName[i], argv[i] ? argv[i] : "NULL");
}
}
int
main(void)
{
struct kreq r;
struct kjsonreq req;
const char *page = "index";
if (khttp_parse(&r, NULL, 0, &page, 1, 0) != KCGI_OK)
return EXIT_FAILURE;
khttp_head(&r, kresps[KRESP_STATUS],
"%s", khttps[KHTTP_200]);
khttp_head(&r, kresps[KRESP_CONTENT_TYPE],
"%s", kmimetypes[r.mime]);
khttp_body(&r);
kjson_open(&req, &r);
kjson_obj_open(&req);
sqlite3 *db;
char *zErrMsg = 0;
int rc;
rc = sqlite3_open("/var/www/MaSSH/databases/massh.db", &db);
if(rc){
sqlite3_close(db);
}
rc = sqlite3_exec(db, "SELECT * FROM hosts;", callback, &req, &zErrMsg);
if(rc!= SQLITE_OK){
sqlite3_free(zErrMsg);
}
sqlite3_close(db);
kjson_obj_close(&req);
kjson_close(&req);
khttp_free(&r);
return EXIT_SUCCESS;
}
#include <sys/types.h> /* size_t, ssize_t */
#include <stdarg.h> /* va_list */
#include <stddef.h> /* NULL */
#include <stdint.h> /* int64_t */
#include <stdlib.h>
#include <string.h> /* memset */
#include <stdio.h>
#include <sqlite3.h>
#include <kcgi.h>
#include <kcgihtml.h>
#include <kcgijson.h>
int
main(void)
{
struct kreq r;
struct kjsonreq req;
const char *page = "index";
if (khttp_parse(&r, NULL, 0, &page, 1, 0) != KCGI_OK)
return EXIT_FAILURE;
khttp_head(&r, kresps[KRESP_STATUS],
"%s", khttps[KHTTP_200]);
khttp_head(&r, kresps[KRESP_CONTENT_TYPE],
"%s", kmimetypes[r.mime]);
khttp_body(&r);
kjson_open(&req, &r);
kjson_obj_open(&req);
sqlite3 *db;
sqlite3_stmt *res;
int rc;
rc = sqlite3_open("/var/www/MaSSH/databases/massh.db", &db);
if(rc){
sqlite3_close(db);
}
rc = sqlite3_prepare_v2(db, "SELECT * FROM hosts;", -1, &res, 0);
while((rc = sqlite3_step(res)) == SQLITE_ROW){
kjson_objp_open(&req, "host");
kjson_putstringp(&req, "id", sqlite3_column_text(res,0));
kjson_putstringp(&req, "hostname", sqlite3_column_text(res,1));
kjson_putstringp(&req, "ip", sqlite3_column_text(res,2));
kjson_putstringp(&req, "port", sqlite3_column_text(res,3));
kjson_obj_close(&req);
}
sqlite3_close(db);
kjson_obj_close(&req);
kjson_close(&req);
khttp_free(&r);
return EXIT_SUCCESS;
}

How to use LLVM-C to JIT-compile the floating-point identity function

So far I have written the following code:
#include <stdlib.h>
#include <stdio.h>
#include <llvm-c/Core.h>
#include <llvm-c/Analysis.h>
#include <llvm-c/ExecutionEngine.h>
#include <llvm-c/Target.h>
#include <llvm-c/Transforms/Scalar.h>
int main (int argc, char const *argv[])
{
char *error = NULL;
LLVMLinkInMCJIT();
LLVMInitializeNativeTarget();
LLVMInitializeNativeAsmPrinter();
LLVMInitializeNativeAsmParser();
LLVMModuleRef mod = LLVMModuleCreateWithName("minimal_module");
LLVMTypeRef identity_args[] = { LLVMDoubleType(), NULL };
LLVMValueRef identity = LLVMAddFunction(mod, "identity", LLVMFunctionType(LLVMDoubleType(), identity_args, 1, 0));
LLVMSetFunctionCallConv(identity, LLVMCCallConv);
LLVMValueRef n = LLVMGetParam(identity, 0);
LLVMBasicBlockRef entry = LLVMAppendBasicBlock(identity, "entry");
LLVMBuilderRef builder = LLVMCreateBuilder();
LLVMPositionBuilderAtEnd(builder, entry);
LLVMBuildRet(builder, n);
LLVMVerifyModule(mod, LLVMAbortProcessAction, &error);
LLVMDisposeMessage(error);
LLVMExecutionEngineRef engine;
error = NULL;
if(LLVMCreateJITCompilerForModule(&engine, mod, 2, &error) != 0) {
fprintf(stderr, "%s\n", error);
LLVMDisposeMessage(error);
abort();
}
LLVMDumpModule(mod);
LLVMGenericValueRef exec_args[] = {LLVMCreateGenericValueOfFloat(LLVMDoubleType(), 1.25)};
LLVMGenericValueRef exec_res = LLVMRunFunction(engine, identity, 1, exec_args);
fprintf(stderr, "\n");
fprintf(stderr, "; Running identity(%f) with JIT...\n", 1.25);
fprintf(stderr, "; Result: %f\n", LLVMGenericValueToFloat(LLVMDoubleType(), exec_res));
LLVMRemoveModule(engine, mod, &mod, &error);
LLVMDisposeModule(mod);
LLVMDisposeExecutionEngine(engine);
LLVMDisposeBuilder(builder);
return 0;
}
The corresponding implementation using 32-bit integers works, i.e. identity(42) will return 42. However the floating-point version above returns 0.0. Above program generates the following output:
; ModuleID = 'minimal_module'
source_filename = "minimal_module"
target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
define double #identity(double) {
entry:
ret double %0
}
; Running identity(1.250000) with JIT...
; Result: 0.000000
I am using LLVM-3.9 under Debian Jessie on an AMD computer. My question is: What am I doing wrong?
I found a solution to the problem.
Instead of using LLVMRunFunction one can use LLVMGetFunctionAddress to get the address of the function and call it directly using C (or using an FFI library).
#include <stdlib.h>
#include <stdio.h>
#include <llvm-c/Core.h>
#include <llvm-c/Analysis.h>
#include <llvm-c/ExecutionEngine.h>
#include <llvm-c/Target.h>
#include <llvm-c/Transforms/Scalar.h>
int main (int argc, char const *argv[])
{
char *error = NULL;
LLVMLinkInMCJIT();
LLVMInitializeNativeTarget();
LLVMInitializeNativeAsmPrinter();
LLVMInitializeNativeAsmParser();
LLVMModuleRef mod = LLVMModuleCreateWithName("minimal_module");
LLVMTypeRef identity_args[] = { LLVMInt32Type() };
LLVMValueRef identity = LLVMAddFunction(mod, "identity", LLVMFunctionType(LLVMInt32Type(), identity_args, 1, 0));
LLVMSetFunctionCallConv(identity, LLVMCCallConv);
LLVMValueRef n = LLVMGetParam(identity, 0);
LLVMBasicBlockRef entry = LLVMAppendBasicBlock(identity, "entry");
LLVMBuilderRef builder = LLVMCreateBuilder();
LLVMPositionBuilderAtEnd(builder, entry);
LLVMBuildRet(builder, n);
LLVMVerifyModule(mod, LLVMAbortProcessAction, &error);
LLVMDisposeMessage(error);
LLVMExecutionEngineRef engine;
error = NULL;
if(LLVMCreateJITCompilerForModule(&engine, mod, 2, &error) != 0) {
fprintf(stderr, "%s\n", error);
LLVMDisposeMessage(error);
abort();
}
int (*fun)(int) = (int (*)(int))LLVMGetFunctionAddress(engine, "identity");
LLVMDumpModule(mod);
fprintf(stderr, "\n");
fprintf(stderr, "; Running identity(42) with JIT...\n");
fprintf(stderr, "; Result: %d\n", (*fun)(42));
LLVMRemoveModule(engine, mod, &mod, &error);
LLVMDisposeModule(mod);
LLVMDisposeExecutionEngine(engine);
LLVMDisposeBuilder(builder);
return 0;
}

RSA_verify() causes segmentation fault

Teh function below causes a segmentation fault when it gets to the RSA_verify() part. I'm a c-beginner so it's hard for me to find the reason for the problem. Maybe someone can point out what I'm doing wrong. It would be very helpful, thanks in advance.
Here's the Code:
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <openssl/sha.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/bio.h>
#define BUF 20000
#define DSS 20
int matchCipherToSign(unsigned char *signPath, char *cipherPath) {
unsigned char *bufCipher = malloc(BUF);
unsigned char *sha = malloc(SHA_DIGEST_LENGTH);
unsigned char *bufSign = malloc(BUF);
unsigned int retSign;
int ret=0;
int retCipher;
FILE *key;
RSA *rsa = RSA_new();
EVP_MD_CTX ctx;
key = fopen("key.bin", "rb");
if (key == NULL){
printf("Couldn't open file key.bin.\n");
exit(EXIT_FAILURE);
}
retSign = readFile(signPath, bufSign);
if (retSign == 0){
printf("Couldn't read file %s.\n", signPath);
exit(EXIT_FAILURE);
}
retCipher = readFile(cipherPath, bufCipher);
if (retCipher == 0){
printf("Couldn't open file %s.\n", cipherPath);
exit(EXIT_FAILURE);
}
rsa = PEM_read_RSA_PUBKEY(key, &rsa, NULL, NULL);
fclose(key);
if (1!=EVP_DigestInit(&ctx, EVP_sha1())) {
printf("EVP_DigestInit Error.\n");
exit(EXIT_FAILURE);
}
if (1!=EVP_DigestUpdate(&ctx, bufCipher, retCipher)) {
printf("VP_DigestUpdate Error.\n");
exit(EXIT_FAILURE);
}
if (1!=EVP_DigestFinal(&ctx, sha, NULL)) {
printf("EVP_DigestFinal Error.\n");
exit(EXIT_FAILURE);
}
ret = RSA_verify(NID_sha1, sha, SHA_DIGEST_LENGTH, bufSign, sizeof(bufSign), rsa);
RSA_free(rsa);
free(bufCipher);
free(bufSign);
free(sha);
return ret;
}
Thanks for your help!

record using /pulse/simple.h

i am trying to record my voice from the microphone on my laptop using the simple.h pulseaudio header file into an array, but i cant seem to figure it out. Every time i record and i replay my recording , it is a high pitched beep i followed examples, etc but i can't seem to get this down can someone please help me .
I am basically hacking the example "parec-simple.c" given in the doxygen page. I've tried routing the output of buf to stdout, then using libre-office calc to plot a graph to see if the output looks anything like sound but it does not.
here is the code i used
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <pulse/simple.h>
#include <pulse/error.h>
#define BUFSIZE 1024
FILE *output;
/* A simple routine calling UNIX write() in a loop */
void loop_write(uint8_t *data) {
register int size = 1023;
while (size > 0)
{
fprintf(output,"%"SCNu8"\n",data[size] ) ;
size --;
}
}
int main(int argc, char*argv[]) {
output = fopen("/home/donnell/output", "w");
/* The sample type to use */
static const pa_sample_spec ss = {
.format = PA_SAMPLE_S16LE,
.rate = 41000,
.channels = 2
};
pa_simple *s = NULL;
int ret = 1;
int error;
/* Create the recording stream */
if (!(s = pa_simple_new(NULL, argv[0], PA_STREAM_RECORD, NULL, "record", &ss, NULL, NULL, &error))) {
fprintf(stderr, __FILE__": pa_simple_new() failed: %s\n", pa_strerror(error));
goto finish;
}
for (;;) {
uint8_t buf[BUFSIZE];
/* Record some data ... */
if (pa_simple_read(s, buf, sizeof(buf), &error) < 0) {
fprintf(stderr, __FILE__": pa_simple_read() failed: %s\n", pa_strerror(error));
goto finish;
}
/* and write it to fle*/
loop_write(buf);
}
ret = 0;
finish:
if (s)
pa_simple_free(s);
return ret;
}

Resources