static int pkey_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { MAC_PKEY_CTX *sctx, *dctx; if (!pkey_mac_init(dst)) return 0; sctx = EVP_PKEY_CTX_get_data(src); dctx = EVP_PKEY_CTX_get_data(dst); if (!EVP_MAC_CTX_copy(dctx->ctx, sctx->ctx)) goto err; switch (dctx->type) { case MAC_TYPE_RAW: dctx->raw_data.md = sctx->raw_data.md; if (ASN1_STRING_get0_data(&sctx->raw_data.ktmp) != NULL && !ASN1_STRING_copy(&dctx->raw_data.ktmp, &sctx->raw_data.ktmp)) goto err; break; case MAC_TYPE_MAC: /* Nothing more to do */ break; default: /* This should be dead code */ return 0; } return 1; err: pkey_mac_cleanup (dst); return 0; }
int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) { ASN1_TIME t; struct tm tm; int rv = 0; t.length = strlen(str); t.data = (unsigned char *)str; t.flags = ASN1_STRING_FLAG_X509_TIME; t.type = V_ASN1_UTCTIME; if (!ASN1_TIME_check(&t)) { t.type = V_ASN1_GENERALIZEDTIME; if (!ASN1_TIME_check(&t)) goto out; } /* * Per RFC 5280 (section 4.1.2.5.), the valid input time * strings should be encoded with the following rules: * * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ * * Only strings of the 4th rule should be reformatted, but since a * UTC can only present [1950, 2050), so if the given time string * is less than 1950 (e.g. 19230419000000Z), we do nothing... */ if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) { if (!asn1_time_to_tm(&tm, &t)) goto out; if (is_utc(tm.tm_year)) { t.length -= 2; /* * it's OK to let original t.data go since that's assigned * to a piece of memory allocated outside of this function. * new t.data would be freed after ASN1_STRING_copy is done. */ t.data = OPENSSL_zalloc(t.length + 1); if (t.data == NULL) goto out; memcpy(t.data, str + 2, t.length); t.type = V_ASN1_UTCTIME; } } if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) rv = 1; if (t.data != (unsigned char *)str) OPENSSL_free(t.data); out: return rv; }
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) { ASN1_INTEGER *in; if (x == NULL) return (0); in = &x->serialNumber; if (in != serial) return ASN1_STRING_copy(in, serial); return 1; }
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) { ASN1_INTEGER *in; if (x == NULL) return 0; in = &x->cert_info.serialNumber; if (in != serial) return ASN1_STRING_copy(in, serial); return 1; }
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, ASN1_BIT_STRING *issuerKey, ASN1_INTEGER *serialNumber) { int nid; unsigned int i; X509_ALGOR *alg; OCSP_CERTID *cid = NULL; unsigned char md[EVP_MAX_MD_SIZE]; if ((cid = OCSP_CERTID_new()) == NULL) goto err; alg = &cid->hashAlgorithm; ASN1_OBJECT_free(alg->algorithm); if ((nid = EVP_MD_type(dgst)) == NID_undef) { OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); goto err; } if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) goto err; if ((alg->parameter = ASN1_TYPE_new()) == NULL) goto err; alg->parameter->type = V_ASN1_NULL; if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr; if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) goto err; /* Calculate the issuerKey hash, excluding tag and length */ if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) goto err; if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) goto err; if (serialNumber) { if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) goto err; } return cid; digerr: OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); err: OCSP_CERTID_free(cid); return NULL; }
int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) { ASN1_GENERALIZEDTIME t; t.type = V_ASN1_GENERALIZEDTIME; t.length = strlen(str); t.data = (unsigned char *)str; t.flags = 0; if (!ASN1_GENERALIZEDTIME_check(&t)) return 0; if (s != NULL && !ASN1_STRING_copy(s, &t)) return 0; return 1; }
int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) { CMS_IssuerAndSerialNumber *ias; ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber); if (!ias) goto err; if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert))) goto err; if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert))) goto err; M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); *pias = ias; return 1; err: M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE); return 0; }
int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) { switch(type) { case CMS_SIGNERINFO_ISSUER_SERIAL: sid->d.issuerAndSerialNumber = M_ASN1_new_of(CMS_IssuerAndSerialNumber); if (!sid->d.issuerAndSerialNumber) goto merr; if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, X509_get_issuer_name(cert))) goto merr; if (!ASN1_STRING_copy( sid->d.issuerAndSerialNumber->serialNumber, X509_get_serialNumber(cert))) goto merr; break; case CMS_SIGNERINFO_KEYIDENTIFIER: if (!cert->skid) { CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_CERTIFICATE_HAS_NO_KEYID); return 0; } sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); if (!sid->d.subjectKeyIdentifier) goto merr; break; default: CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); return 0; } sid->type = type; return 1; merr: CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); return 0; }
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { ASN1_TIME t; t.length = strlen(str); t.data = (unsigned char *)str; t.flags = 0; t.type = V_ASN1_UTCTIME; if (!ASN1_TIME_check(&t)) { t.type = V_ASN1_GENERALIZEDTIME; if (!ASN1_TIME_check(&t)) return 0; } if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) return 0; return 1; }