Ejemplo n.º 1
0
void openssl_pkcs7_sign()
{
	int len;
	BIO *in;
	X509 *x;
	FILE *fp;
	PKCS7 *p7;
	X509_ALGOR *md;
	PKCS7_SIGNER_INFO *si;
	char name[MAX1_LEN], tmp[MAX1_LEN];
	unsigned char *der, *p, buf[SHA_DIGEST_LENGTH] = "pkcs7 sign";

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_data);
	ASN1_OCTET_STRING_set(p7->d.data, buf, SHA_DIGEST_LENGTH);
	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);
	free(der);
	PKCS7_free(p7);

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_signed);
	p7->d.sign->cert = sk_X509_new_null();
	in = BIO_new_file("/tmp/test.cer", "r");
	x = PEM_read_bio_X509(in, NULL, NULL, NULL);
	sk_X509_push(p7->d.sign->cert, x);
	BIO_free(in);

	md = X509_ALGOR_new();
	md->algorithm = OBJ_nid2obj(NID_md5);
	sk_X509_ALGOR_push(p7->d.sign->md_algs, md);

	si = PKCS7_SIGNER_INFO_new();
	ASN1_INTEGER_set(si->version, 2);
	ASN1_INTEGER_set(si->issuer_and_serial->serial, 333);
	sk_PKCS7_SIGNER_INFO_push(p7->d.sign->signer_info, si);

	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);
	free(der);

	fp = fopen("/tmp/test.cer", "rb");
	len = fread(tmp, 1, MAX1_LEN, fp);
	fclose(fp);
	p = (unsigned char *)&tmp;
	d2i_PKCS7(&p7, (const unsigned char **)&p, len);
	OBJ_obj2txt(name, MAX1_LEN, p7->type, 0);

	PKCS7_free(p7);
}
Ejemplo n.º 2
0
int main(){
	PKCS7 *p7;	
	int		len;
	unsigned char *der,*p;
	FILE *fp;
	X509 *x;
	BIO  *in;
	X509_ALGOR *md;
	PKCS7_SIGNER_INFO *si;

	p7=PKCS7_new();
	PKCS7_set_type(p7,NID_pkcs7_signed);
	p7->d.sign->cert=sk_X509_new_null();
	in=BIO_new_file("b64cert.cer","r");
	x=PEM_read_bio_X509(in,NULL,NULL,NULL);
	sk_X509_push(p7->d.sign->cert,x);
	md=X509_ALGOR_new();
	md->algorithm=OBJ_nid2obj(NID_md5);
	sk_X509_ALGOR_push(p7->d.sign->md_algs,md);
	si=PKCS7_SIGNER_INFO_new();
	ASN1_INTEGER_set(si->version,2);
	ASN1_INTEGER_set(si->issuer_and_serial->serial,333);
	sk_PKCS7_SIGNER_INFO_push(p7->d.sign->signer_info,si);
	len=i2d_PKCS7(p7,NULL);
	der=(unsigned char *)malloc(len);
	p=der;
	len=i2d_PKCS7(p7,&p);
	fp=fopen("p7_sign.cer","wb");
	fwrite(der,1,len,fp);
	fclose(fp);
	free(der);
	PKCS7_free(p7);
	return 0;
}
Ejemplo n.º 3
0
void openssl_pkcs7_enveloped()
{
	int len;
	FILE *fp;
	PKCS7 *p7;
	PKCS7_RECIP_INFO *inf;
	unsigned char *der, *p;
	const unsigned char edata[COMM_LEN] = "info....";
	const unsigned char ekeys[COMM_LEN] = "key info....";

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_enveloped);
	ASN1_INTEGER_set(p7->d.enveloped->version, 3);

	inf = PKCS7_RECIP_INFO_new();
	ASN1_INTEGER_set(inf->version, 4);
	ASN1_INTEGER_set(inf->issuer_and_serial->serial, 888888);
	inf->key_enc_algor->algorithm = OBJ_nid2obj(NID_des_ede3_cbc);
	ASN1_OCTET_STRING_set(inf->enc_key, ekeys, 12);
	sk_PKCS7_RECIP_INFO_push(p7->d.enveloped->recipientinfo, inf);

	p7->d.enveloped->enc_data->algorithm->algorithm =
		OBJ_nid2obj(NID_des_ede3_cbc);
	p7->d.enveloped->enc_data->enc_data = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(p7->d.enveloped->enc_data->enc_data, edata, 8);

	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);

	free(der);
	PKCS7_free(p7);

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped);
	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/testEnv.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);

	PKCS7_free(p7);
	free(der);
}
int PKCS7_set_type(PKCS7 *p7, int type)
	{
	ASN1_OBJECT *obj;

	PKCS7_content_free(p7);
	obj=OBJ_nid2obj(type); /* will not fail */

	switch (type)
		{
	case NID_pkcs7_signed:
		p7->type=obj;
		if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
			goto err;
		ASN1_INTEGER_set(p7->d.sign->version,1);
		break;
	case NID_pkcs7_data:
		p7->type=obj;
		if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
			goto err;
		break;
	case NID_pkcs7_signedAndEnveloped:
		p7->type=obj;
		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
			== NULL) goto err;
		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
		break;
	case NID_pkcs7_enveloped:
		p7->type=obj;
		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
			== NULL) goto err;
		ASN1_INTEGER_set(p7->d.enveloped->version,0);
		break;
	case NID_pkcs7_encrypted:
		p7->type=obj;
		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
			== NULL) goto err;
		ASN1_INTEGER_set(p7->d.encrypted->version,0);
		break;

	case NID_pkcs7_digest:
	default:
		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
		goto err;
		}
	return(1);
err:
	return(0);
	}
Ejemplo n.º 5
0
int X509_REQ_set_version(X509_REQ *x, long version)
{
    if (x == NULL)
        return (0);
    x->req_info.enc.modified = 1;
    return (ASN1_INTEGER_set(x->req_info.version, version));
}
Ejemplo n.º 6
0
PKCS12 *
PKCS12_init(int mode)
{
	PKCS12 *pkcs12;

	if (!(pkcs12 = PKCS12_new())) {
		PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
		return NULL;
	}
	ASN1_INTEGER_set(pkcs12->version, 3);
	pkcs12->authsafes->type = OBJ_nid2obj(mode);
	switch (mode) {
	case NID_pkcs7_data:
		if (!(pkcs12->authsafes->d.data =
		    ASN1_OCTET_STRING_new())) {
			PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
			goto err;
		}
		break;
	default:
		PKCS12err(PKCS12_F_PKCS12_INIT,
		    PKCS12_R_UNSUPPORTED_PKCS12_MODE);
		goto err;
	}

	return pkcs12;

err:
	if (pkcs12 != NULL)
		PKCS12_free(pkcs12);
	return NULL;
}
Ejemplo n.º 7
0
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
                    int version,
                    int ptype, void *pval, unsigned char *penc, int penclen)
{
    unsigned char **ppenc = NULL;
    if (version >= 0) {
        if (!ASN1_INTEGER_set(priv->version, version))
            return 0;
    }
    if (penc) {
        int pmtype;
        ASN1_OCTET_STRING *oct;
        oct = ASN1_OCTET_STRING_new();
        if (!oct)
            return 0;
        oct->data = penc;
        ppenc = &oct->data;
        oct->length = penclen;
        if (priv->broken == PKCS8_NO_OCTET)
            pmtype = V_ASN1_SEQUENCE;
        else
            pmtype = V_ASN1_OCTET_STRING;
        ASN1_TYPE_set(priv->pkey, pmtype, oct);
    }
    if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
        /* If call fails do not swallow 'enc' */
        if (ppenc)
            *ppenc = NULL;
        return 0;
    }
    return 1;
}
Ejemplo n.º 8
0
/*
 * Copy the serial number from src certificate to dst certificate
 * and modify it by a random offset.
 * If reading the serial fails for some reason, generate a new
 * random serial and store it in the dst certificate.
 * Using the same serial is not a good idea since some SSL stacks
 * check for duplicate certificate serials.
 * Returns 0 on success, -1 on error.
 */
int
ssl_x509_serial_copyrand(X509 *dstcrt, X509 *srccrt)
{
	ASN1_INTEGER *srcptr, *dstptr;
	BIGNUM *bnserial;
	unsigned int rand;
	int rv;

#ifndef PURIFY
	rv = ssl_rand(&rand, sizeof(rand));
#else /* PURIFY */
	rand = 0xF001;
	rv = 0;
#endif /* PURIFY */
	dstptr = X509_get_serialNumber(dstcrt);
	srcptr = X509_get_serialNumber(srccrt);
	if ((rv == -1) || !dstptr || !srcptr)
		return -1;
	bnserial = ASN1_INTEGER_to_BN(srcptr, NULL);
	if (!bnserial) {
		/* random 32-bit serial */
		ASN1_INTEGER_set(dstptr, rand);
	} else {
		/* original serial plus random 32-bit offset */
		BN_add_word(bnserial, rand);
		BN_to_ASN1_INTEGER(bnserial, dstptr);
		BN_free(bnserial);
	}
	return 0;
}
Ejemplo n.º 9
0
int main(){
	PKCS7 *p7;
	int ret,len;
	char *der,*p;
	FILE *fp;


	p7 = PKCS7_new();
	ret=PKCS7_set_type(p7,NID_pkcs7_encrypted);
	ASN1_INTEGER_set(p7->d.encrypted->version,3);
	p7->d.encrypted->enc_data->algorithm->algorithm=OBJ_nid2obj(NID_des_ede3_cbc);
	p7->d.encrypted->enc_data->enc_data=ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(p7->d.encrypted->enc_data->enc_data,(const
				unsigned char *)"3434",4);
	len=i2d_PKCS7(p7,NULL);
	der=(char *)malloc(len);
	p=der;
	len=i2d_PKCS7(p7,(unsigned char **)&p);
	fp=fopen("p7_enc.cer","wb");
	fwrite(der,1,len,fp);
	fclose(fp);
	PKCS7_free(p7);
	free(der);
	return 0;
}
Ejemplo n.º 10
0
sqbind::SQINT COsslCert::Create( COsslKey *x_pKey, sqbind::SQINT x_nSerialNumber, sqbind::SQINT x_nSecondsValid )
{_STT();

	// Lose old cert
	Destroy();

	if ( !x_pKey || ! x_pKey->getPublicKeyPtr() )
		return 0;

	m_pX509 = X509_new();
	if ( !m_pX509 )
		return 0;

	// Set certificate version
	X509_set_version( m_pX509, 2 );
	
	ASN1_INTEGER_set( X509_get_serialNumber( m_pX509 ), x_nSerialNumber );

	X509_gmtime_adj( X509_get_notBefore( m_pX509 ), 0 );

	X509_gmtime_adj( X509_get_notAfter( m_pX509 ), x_nSecondsValid );

	X509_set_pubkey( m_pX509, x_pKey->getPublicKeyPtr() );

	return 1;
}
X509_EXTENSION* AuthorityKeyIdentifierExtension::getX509Extension()
{
    X509_EXTENSION *ret;
    AUTHORITY_KEYID *authKeyId;
    ByteArray temp;
    authKeyId = AUTHORITY_KEYID_new();
    if (this->keyIdentifier.size() > 0)
    {
        authKeyId->keyid = ASN1_OCTET_STRING_new();
        temp = this->keyIdentifier;
        ASN1_OCTET_STRING_set(authKeyId->keyid, temp.getDataPointer(), temp.size());
    }
    if (this->authorityCertIssuer.getNumberOfEntries() > 0)
    {
        authKeyId->issuer = this->authorityCertIssuer.getInternalGeneralNames();
    }
    if (this->serialNumber >= 0)
    {
        authKeyId->serial = ASN1_INTEGER_new();
        ASN1_INTEGER_set(authKeyId->serial, this->serialNumber);
    }
    ret = X509V3_EXT_i2d(NID_authority_key_identifier, this->critical?1:0, (void *)authKeyId);
    AUTHORITY_KEYID_free(authKeyId);
    return ret;
}
Ejemplo n.º 12
0
RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
                                      const EVP_MD *mgf1md, int saltlen)
{
    RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();

    if (pss == NULL)
        goto err;
    if (saltlen != 20) {
        pss->saltLength = ASN1_INTEGER_new();
        if (pss->saltLength == NULL)
            goto err;
        if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
            goto err;
    }
    if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
        goto err;
    if (mgf1md == NULL)
        mgf1md = sigmd;
    if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
        goto err;
    if (!rsa_md_to_algor(&pss->maskHash, mgf1md))
        goto err;
    return pss;
 err:
    RSA_PSS_PARAMS_free(pss);
    return NULL;
}
Ejemplo n.º 13
0
void AuthorityCertificateManager::getCertificateForTarget(boost::asio::ip::tcp::endpoint &endpoint,
							  bool wildcardOK,
							  X509 *serverCertificate,
							  Certificate **cert,
							  std::list<Certificate*> **chainList)
{
  X509_NAME *serverName   = X509_get_subject_name(serverCertificate);
  X509_NAME *issuerName   = X509_get_subject_name(authority->getCert());
  X509 *request           = X509_new();

  X509_set_version(request, 3);
  X509_set_subject_name(request, serverName);
  X509_set_issuer_name(request, issuerName);

  ASN1_INTEGER_set(X509_get_serialNumber(request), generateRandomSerial());
  X509_gmtime_adj(X509_get_notBefore(request), -365);
  X509_gmtime_adj(X509_get_notAfter(request), (long)60*60*24*365);
  X509_set_pubkey(request, this->leafPair);

  X509_sign(request, authority->getKey(), EVP_sha1());

  Certificate *leaf = new Certificate();
  leaf->setCert(request);
  leaf->setKey(this->leafPair);

  *cert  = leaf;
  *chainList = &(this->chainList);
  // *chain = this->authority;
}
Ejemplo n.º 14
0
/* creates a self-signed certificate for a key */
X509 *
ship_create_selfsigned_cert(char *subject, int ttl, RSA* signer_key)
{
	X509 *x = 0, *ret = 0;
	X509_NAME *tmp = 0;
	EVP_PKEY *pr_key = 0;
	
	ASSERT_TRUE(x = X509_new(), err);
	ASSERT_TRUE(pr_key = EVP_PKEY_new(), err);
	ASSERT_TRUE(EVP_PKEY_set1_RSA(pr_key, signer_key), err);
	
	ASSERT_TRUE(X509_set_version(x, 2), err); /* version 3 certificate */
	ASN1_INTEGER_set(X509_get_serialNumber(x), 0);
        ASSERT_TRUE(X509_gmtime_adj(X509_get_notBefore(x), 0), err);
	ASSERT_TRUE(X509_gmtime_adj(X509_get_notAfter(x), (long)ttl), err);
	
	ASSERT_TRUE(tmp = X509_get_subject_name(x), err);
	ASSERT_TRUE(X509_NAME_add_entry_by_txt(tmp, "CN", MBSTRING_ASC, 
					       (unsigned char*)subject, -1, -1, 0), err);
	ASSERT_TRUE(X509_set_subject_name(x, tmp), err);

	ASSERT_TRUE(X509_set_pubkey(x, pr_key), err);
	ASSERT_TRUE(X509_sign(x, pr_key, EVP_sha1()), err);
	ret = x;
	x = NULL;
 err:
	if (x)
		X509_free(x);
	if (pr_key)
		EVP_PKEY_free(pr_key);
	return ret;
}
Ejemplo n.º 15
0
int main(int argc, char const *argv[])
{
	/* code */
	long value;
	int ret, len, i;
	unsigned char *buf = NULL;
	unsigned char *p;
	ASN1_INTEGER *a = ASN1_INTEGER_new();
	ret = ASN1_INTEGER_set(a, 100);

	len = i2d_ASN1_INTEGER(a, NULL);
	p = buf = malloc(sizeof(unsigned char) * len);

	len = i2d_ASN1_INTEGER(a, &buf);
	for( i = 0; i < len; i++)
	{
		//printf("%0x\t", p[i]);
		printf("%0x\t", buf[i]);
	}
	printf("\n");

	a= d2i_ASN1_INTEGER(&a, &p, len);
	value = ASN1_INTEGER_get(a);
	printf("value = %d\n", value);
	ASN1_INTEGER_free(a);
	return 0;
}
Ejemplo n.º 16
0
/* rsa_ctx_to_pss converts EVP_PKEY_CTX in PSS mode into corresponding
 * algorithm parameter, suitable for setting as an AlgorithmIdentifier. */
static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) {
  const EVP_MD *sigmd, *mgf1md;
  RSA_PSS_PARAMS *pss = NULL;
  ASN1_STRING *os = NULL;
  EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
  int saltlen, rv = 0;

  if (!EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) ||
      !EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) ||
      !EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) {
    goto err;
  }

  if (saltlen == -1) {
    saltlen = EVP_MD_size(sigmd);
  } else if (saltlen == -2) {
    saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
    if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {
      saltlen--;
    }
  } else {
    goto err;
  }

  pss = RSA_PSS_PARAMS_new();
  if (!pss) {
    goto err;
  }

  if (saltlen != 20) {
    pss->saltLength = ASN1_INTEGER_new();
    if (!pss->saltLength ||
        !ASN1_INTEGER_set(pss->saltLength, saltlen)) {
      goto err;
    }
  }

  if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) ||
      !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) {
    goto err;
  }

  /* Finally create string with pss parameter encoding. */
  if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) {
    goto err;
  }
  rv = 1;

err:
  if (pss) {
    RSA_PSS_PARAMS_free(pss);
  }
  if (rv) {
    return os;
  }
  if (os) {
    ASN1_STRING_free(os);
  }
  return NULL;
}
Ejemplo n.º 17
0
int
X509_REQ_set_version(X509_REQ *x, long version)
{
	if (x == NULL)
		return (0);
	return (ASN1_INTEGER_set(x->req_info->version, version));
}
Ejemplo n.º 18
0
/* Set up a mac structure */
int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
	     const EVP_MD *md_type)
{
	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
	if (iter > 1) {
		if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
			return 0;
		}
		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
			return 0;
		}
	}
	if (!saltlen) saltlen = PKCS12_SALT_LEN;
	p12->mac->salt->length = saltlen;
	if (!(p12->mac->salt->data = malloc (saltlen))) {
		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (!salt) {
		if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
			return 0;
	}
	else memcpy (p12->mac->salt->data, salt, saltlen);
	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
	
	return 1;
}
Ejemplo n.º 19
0
void openssl_pkcs7_encrypt()
{
	BIO *b;
	int len;
	FILE *fp;
	PKCS7 *p7;
	unsigned char *der, *p;
	const unsigned char edata[COMM_LEN] = "pkcs7 encrypt";

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_encrypted);
	ASN1_INTEGER_set(p7->d.encrypted->version, 3);
	p7->d.encrypted->enc_data->algorithm->algorithm =
		OBJ_nid2obj(NID_des_ede3_cbc);
	p7->d.encrypted->enc_data->enc_data = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(p7->d.encrypted->enc_data->enc_data, edata, 14);
	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);

	PKCS7_free(p7);
	free(der);

	b = BIO_new_file("/tmp/test.pem", "r");
	p7 = PEM_read_bio_PKCS7(b, NULL, NULL, NULL);
	BIO_free(b);
	PKCS7_free(p7);
}
Ejemplo n.º 20
0
int X509_CRL_set_version(X509_CRL *x, long version)
{
	if (x == NULL) return(0);
	if (x->crl->version == NULL) {
		if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
			return(0);
	}
	return(ASN1_INTEGER_set(x->crl->version,version));
}
Ejemplo n.º 21
0
X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
	     int saltlen)
{
	PBEPARAM *pbe=NULL;
	ASN1_OBJECT *al;
	X509_ALGOR *algor;
	ASN1_TYPE *astype=NULL;

	if (!(pbe = PBEPARAM_new ())) {
		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
	if (!ASN1_INTEGER_set(pbe->iter, iter)) {
		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	if (!saltlen) saltlen = PKCS5_SALT_LEN;
	if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	pbe->salt->length = saltlen;
	if (salt) memcpy (pbe->salt->data, salt, saltlen);
	else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
		goto err;

	if (!(astype = ASN1_TYPE_new())) {
		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
		goto err;
	}

	astype->type = V_ASN1_SEQUENCE;
	if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
				&astype->value.sequence)) {
		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	PBEPARAM_free (pbe);
	pbe = NULL;
	
	al = OBJ_nid2obj(alg); /* never need to free al */
	if (!(algor = X509_ALGOR_new())) {
		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
		goto err;
	}
	ASN1_OBJECT_free(algor->algorithm);
	algor->algorithm = al;
	algor->parameter = astype;

	return (algor);
err:
	if (pbe != NULL) PBEPARAM_free(pbe);
	if (astype != NULL) ASN1_TYPE_free(astype);
	return NULL;
}
Ejemplo n.º 22
0
int
X509_CRL_set_version(X509_CRL *x, long version)
{
    if (x == NULL || x->crl == NULL) return 0;
    if (x->crl->version == NULL) {
	x->crl->version = M_ASN1_INTEGER_new();
	if (x->crl->version == NULL) return 0;
    }
    return ASN1_INTEGER_set(x->crl->version, version);
}
Ejemplo n.º 23
0
static X509 *X509_REQ_to_X509_ex(X509_REQ *r, int days, EVP_PKEY *pkey, const EVP_MD* md)
{
  X509 *ret = NULL;
  X509_CINF *xi = NULL;
  X509_NAME *xn;
  EVP_PKEY *pubkey = NULL;
  int res;

  if ((ret = X509_new()) == NULL)
  {
    X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
    return NULL;
  }

  /* duplicate the request */
  xi = ret->cert_info;

  if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
  {
    if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
      goto err;
    if (!ASN1_INTEGER_set(xi->version, 2))
      goto err;
    /*-     xi->extensions=ri->attributes; <- bad, should not ever be done
    ri->attributes=NULL; */
  }

  xn = X509_REQ_get_subject_name(r);
  if (X509_set_subject_name(ret, xn) == 0)
    goto err;
  if (X509_set_issuer_name(ret, xn) == 0)
    goto err;

  if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
    goto err;
  if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) ==
      NULL)
    goto err;

  pubkey = X509_REQ_get_pubkey(r);
  res = X509_set_pubkey(ret, pubkey);
  EVP_PKEY_free(pubkey);

  if (!md)
    goto err;
  if (!res || !X509_sign(ret, pkey, md))
    goto err;
  if (0)
  {
err:
    X509_free(ret);
    ret = NULL;
  }
  return (ret);
}
Ejemplo n.º 24
0
int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
  const EVP_MD *sigmd, *mgf1md;
  int saltlen;
  if (!EVP_PKEY_CTX_get_signature_md(ctx->pctx, &sigmd) ||
      !EVP_PKEY_CTX_get_rsa_mgf1_md(ctx->pctx, &mgf1md) ||
      !EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx->pctx, &saltlen)) {
    return 0;
  }

  EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
  if (saltlen == -1) {
    saltlen = EVP_MD_size(sigmd);
  } else if (saltlen == -2) {
    saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
    if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {
      saltlen--;
    }
  } else {
    return 0;
  }

  int ret = 0;
  ASN1_STRING *os = NULL;
  RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
  if (!pss) {
    goto err;
  }

  if (saltlen != 20) {
    pss->saltLength = ASN1_INTEGER_new();
    if (!pss->saltLength ||
        !ASN1_INTEGER_set(pss->saltLength, saltlen)) {
      goto err;
    }
  }

  if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) ||
      !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) {
    goto err;
  }

  /* Finally create string with pss parameter encoding. */
  if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) {
    goto err;
  }

  X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
  os = NULL;
  ret = 1;

err:
  RSA_PSS_PARAMS_free(pss);
  ASN1_STRING_free(os);
  return ret;
}
Ejemplo n.º 25
0
int
X509_set_version(X509 *x, long version)
{
	if (x == NULL)
		return (0);
	if (x->cert_info->version == NULL) {
		if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL)
			return (0);
	}
	return (ASN1_INTEGER_set(x->cert_info->version, version));
}
Ejemplo n.º 26
0
static void mkcert(std::shared_ptr<X509> &cert,
                  std::shared_ptr<EVP_PKEY> &pkey, int bits, int serial,
                  int days)
{
    RSA *rsa;
    X509_NAME *name=NULL;

    pkey.reset(EVP_PKEY_new(), &EVP_PKEY_free);
    if (!pkey)
        throw std::bad_alloc();
    cert.reset(X509_new(), &X509_free);
    if (!cert)
        throw std::bad_alloc();

    rsa = RSA_generate_key(bits,RSA_F4,NULL,NULL);
    MORDOR_VERIFY(EVP_PKEY_assign_RSA(pkey.get(),rsa));

    X509_set_version(cert.get(),2);
    ASN1_INTEGER_set(X509_get_serialNumber(cert.get()),serial);
    X509_gmtime_adj(X509_get_notBefore(cert.get()),0);
    X509_gmtime_adj(X509_get_notAfter(cert.get()),(long)60*60*24*days);
    X509_set_pubkey(cert.get(),pkey.get());

    name=X509_get_subject_name(cert.get());

    /* This function creates and adds the entry, working out the
     * correct string type and performing checks on its length.
     * Normally we'd check the return value for errors...
     */
    X509_NAME_add_entry_by_txt(name,"C",
                            MBSTRING_ASC,
                            (const unsigned char *)"United States",
                            -1, -1, 0);
    X509_NAME_add_entry_by_txt(name,"CN",
                            MBSTRING_ASC,
                            (const unsigned char *)"Mordor Default Self-signed Certificate",
                            -1, -1, 0);

    /* Its self signed so set the issuer name to be the same as the
     * subject.
     */
    X509_set_issuer_name(cert.get(),name);

    /* Add various extensions: standard extensions */
    add_ext(cert.get(), NID_basic_constraints, "critical,CA:TRUE");
    add_ext(cert.get(), NID_key_usage, "critical,keyCertSign,cRLSign");

    add_ext(cert.get(), NID_subject_key_identifier, "hash");

    /* Some Netscape specific extensions */
    add_ext(cert.get(), NID_netscape_cert_type, "sslCA");

    MORDOR_VERIFY(X509_sign(cert.get(),pkey.get(),EVP_md5()));
}
Ejemplo n.º 27
0
static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
	{
	ASN1_INTEGER *serial = ASN1_INTEGER_new();
	if (!serial) goto err;
	if (!ASN1_INTEGER_set(serial, 1)) goto err;
	return serial;
 err:
	TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
	TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
				    "Error during serial number generation.");
	return NULL;
	}
Ejemplo n.º 28
0
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
				const unsigned char *salt, int saltlen)
	{
	PBEPARAM *pbe=NULL;
	ASN1_STRING *pbe_str=NULL;
	unsigned char *sstr;

	pbe = PBEPARAM_new();
	if (!pbe)
		{
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
		goto err;
		}
	if(iter <= 0)
		iter = PKCS5_DEFAULT_ITER;
	if (!ASN1_INTEGER_set(pbe->iter, iter))
		{
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
		goto err;
		}
	if (!saltlen)
		saltlen = PKCS5_SALT_LEN;
	if (!ASN1_STRING_set(pbe->salt, NULL, saltlen))
		{
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
		goto err;
		}
	sstr = ASN1_STRING_data(pbe->salt);
	if (salt)
		TINYCLR_SSL_MEMCPY(sstr, salt, saltlen);
	else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
		goto err;

	if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str))
		{
		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
		goto err;
		}

	PBEPARAM_free(pbe);
	pbe = NULL;

	if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
		return 1;

err:
	if (pbe != NULL)
		PBEPARAM_free(pbe);
	if (pbe_str != NULL)
		ASN1_STRING_free(pbe_str);
	return 0;
	}
Ejemplo n.º 29
0
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
				const unsigned char *salt, int saltlen)
	{
	PBEPARAM *pbe=NULL;
	ASN1_STRING *pbe_str=NULL;
	unsigned char *sstr;

	pbe = PBEPARAM_new();
	if (!pbe)
		{
		OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE);
		goto err;
		}
	if(iter <= 0)
		iter = PKCS5_DEFAULT_ITERATIONS;
	if (!ASN1_INTEGER_set(pbe->iter, iter))
		{
		OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE);
		goto err;
		}
	if (!saltlen)
		saltlen = PKCS5_SALT_LEN;
	if (!ASN1_STRING_set(pbe->salt, NULL, saltlen))
		{
		OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE);
		goto err;
		}
	sstr = ASN1_STRING_data(pbe->salt);
	if (salt)
		memcpy(sstr, salt, saltlen);
	else if (!RAND_bytes(sstr, saltlen))
		goto err;

	if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str))
		{
		OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE);
		goto err;
		}

	PBEPARAM_free(pbe);
	pbe = NULL;

	if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
		return 1;

err:
	if (pbe != NULL)
		PBEPARAM_free(pbe);
	if (pbe_str != NULL)
		ASN1_STRING_free(pbe_str);
	return 0;
	}
Ejemplo n.º 30
0
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
                         const unsigned char *salt, int saltlen)
{
    PBEPARAM *pbe = NULL;
    ASN1_STRING *pbe_str = NULL;
    unsigned char *sstr = NULL;

    pbe = PBEPARAM_new();
    if (pbe == NULL) {
        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    if (iter <= 0)
        iter = PKCS5_DEFAULT_ITER;
    if (!ASN1_INTEGER_set(pbe->iter, iter)) {
        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    if (!saltlen)
        saltlen = PKCS5_SALT_LEN;

    sstr = OPENSSL_malloc(saltlen);
    if (sstr == NULL) {
        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    if (salt)
        memcpy(sstr, salt, saltlen);
    else if (RAND_bytes(sstr, saltlen) <= 0)
        goto err;

    ASN1_STRING_set0(pbe->salt, sstr, saltlen);
    sstr = NULL;

    if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    PBEPARAM_free(pbe);
    pbe = NULL;

    if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
        return 1;

 err:
    OPENSSL_free(sstr);
    PBEPARAM_free(pbe);
    ASN1_STRING_free(pbe_str);
    return 0;
}