STACK_OF(X509_EXTENSION) * X509_REQ_get_extensions(X509_REQ *req) { X509_ATTRIBUTE *attr; ASN1_TYPE *ext = NULL; int idx, *pnid; const unsigned char *p; if ((req == NULL) || (req->req_info == NULL) || !ext_nids) return (NULL); for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); if (attr->single) ext = attr->value.single; else if (sk_ASN1_TYPE_num(attr->value.set)) ext = sk_ASN1_TYPE_value(attr->value.set, 0); break; } if (!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; p = ext->value.sequence->data; return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p, ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS)); }
static int openssl_xattr_totable(lua_State*L, X509_ATTRIBUTE *attr, int utf8) { lua_newtable(L); openssl_push_asn1object(L, attr->object); lua_setfield(L, -2, "object"); AUXILIAR_SET(L, -1, "single", attr->single, boolean); if (attr->single) { openssl_push_asn1type(L, attr->value.single); lua_setfield(L, -2, "value"); } else { int i; lua_newtable(L); for (i = 0; i < sk_ASN1_TYPE_num(attr->value.set); i++) { ASN1_TYPE* t = sk_ASN1_TYPE_value(attr->value.set, i); openssl_push_asn1type(L, t); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "value"); } return 1; }
STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *sk; ASN1_TYPE *ext = NULL; int i; unsigned char *p; if ((req == NULL) || (req->req_info == NULL)) return(NULL); sk=req->req_info->attributes; if (!sk) return NULL; for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { attr = sk_X509_ATTRIBUTE_value(sk, i); if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) { if(attr->set && sk_ASN1_TYPE_num(attr->value.set)) ext = sk_ASN1_TYPE_value(attr->value.set, 0); else ext = attr->value.single; break; } } if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; p = ext->value.sequence->data; return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, ext->value.sequence->length, d2i_X509_EXTENSION, X509_EXTENSION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); }
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length) { STACK_OF(ASN1_TYPE) *inkey; const unsigned char *p; int keytype; p = *pp; /* * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by * analyzing it we can determine the passed structure: this assumes the * input is surrounded by an ASN1 SEQUENCE. */ inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); p = *pp; /* * Since we only need to discern "traditional format" RSA and DSA keys we * can just count the elements. */ if (sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA; else if (sk_ASN1_TYPE_num(inkey) == 4) keytype = EVP_PKEY_EC; else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not * traditional format */ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); EVP_PKEY *ret; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); if (!p8) { ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return NULL; } ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); if (ret == NULL) return NULL; *pp = p; if (a) { *a = ret; } return ret; } else keytype = EVP_PKEY_RSA; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); return d2i_PrivateKey(keytype, a, pp, length); }
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) { STACK_OF(ASN1_TYPE) *inkey; const uint8_t *p; int keytype; p = *inp; /* Dirty trick: read in the ASN1 data into out STACK_OF(ASN1_TYPE): * by analyzing it we can determine the passed structure: this * assumes the input is surrounded by an ASN1 SEQUENCE. */ inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, len); /* Since we only need to discern "traditional format" RSA and DSA * keys we can just count the elements. */ if (sk_ASN1_TYPE_num(inkey) == 6) { keytype = EVP_PKEY_DSA; } else if (sk_ASN1_TYPE_num(inkey) == 4) { keytype = EVP_PKEY_EC; } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not traditional format */ p = *inp; PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); EVP_PKEY *ret; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); if (!p8) { OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return NULL; } ret = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); if (ret == NULL) { return NULL; } *inp = p; if (out) { *out = ret; } return ret; } else { keytype = EVP_PKEY_RSA; } sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); return d2i_PrivateKey(keytype, out, inp, len); }
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length) { STACK_OF(ASN1_TYPE) *inkey; const unsigned char *p; int keytype; p = *pp; /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): * by analyzing it we can determine the passed structure: this * assumes the input is surrounded by an ASN1 SEQUENCE. */ inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); /* Since we only need to discern "traditional format" RSA and DSA * keys we can just count the elements. */ if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA; else if (sk_ASN1_TYPE_num(inkey) == 4) keytype = EVP_PKEY_EC; else keytype = EVP_PKEY_RSA; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); return d2i_PrivateKey(keytype, a, pp, length); }
static int openssl_xattr_totable(lua_State*L, X509_ATTRIBUTE *attr) { #if OPENSSL_VERSION_NUMBER < 0x10100000L lua_newtable(L); openssl_push_asn1object(L, attr->object); lua_setfield(L, -2, "object"); AUXILIAR_SET(L, -1, "single", attr->single, boolean); if (attr->single) { openssl_push_asn1type(L, attr->value.single); lua_setfield(L, -2, "value"); } else { int i; lua_newtable(L); for (i = 0; i < sk_ASN1_TYPE_num(attr->value.set); i++) { ASN1_TYPE* t = sk_ASN1_TYPE_value(attr->value.set, i); openssl_push_asn1type(L, t); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "value"); } return 1; #else int i; lua_newtable(L); openssl_push_asn1object(L, X509_ATTRIBUTE_get0_object(attr)); lua_setfield(L, -2, "object"); lua_newtable(L); for (i = 0; i < X509_ATTRIBUTE_count(attr); i++) { ASN1_TYPE* t = X509_ATTRIBUTE_get0_type(attr, i); openssl_push_asn1type(L, t); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "set"); return 1; #endif }
static QString getAttribute(X509_REQ *req, int nid) { int n; n = X509_REQ_get_attr_by_NID(req, nid, -1); if (n == -1) return QString(""); X509_ATTRIBUTE *att = X509_REQ_get_attr(req, n); if (!att) return QString(""); if (att->single) return asn1ToQString(att->value.single->value.asn1_string); int count = sk_ASN1_TYPE_num(att->value.set); QStringList ret; for (int j=0; j<count; j++) { ret << asn1ToQString(sk_ASN1_TYPE_value(att->value.set, j)-> value.asn1_string); } return ret.join(", "); }
void CertDetail::setReq(pki_x509req *req) { image->setPixmap(*MainWindow::csrImg); headerLabel->setText(tr("Details of the certificate signing request")); try { setX509super(req); // No issuer tabwidget->removeTab(2); // verification if (!req->verify() ) { signature->setRed(); signature->setText("Failed"); } else { signature->setGreen(); if (req->isSpki()) { signature->setText("SPKAC"); } else { signature->setText("PKCS#10"); } } signature->disableToolTip(); trustState->hide(); fingerprints->hide(); validity->hide(); serialLabel->hide(); serialNr->hide(); // The non extension attributes int cnt = X509_REQ_get_attr_count(req->getReq()); int added = 0; QGridLayout *attrLayout = new QGridLayout(attributes); attrLayout->setAlignment(Qt::AlignTop); attrLayout->setSpacing(6); attrLayout->setMargin(11); for (int i = 0; i<cnt; i++) { int nid; QLabel *label; QString trans; X509_ATTRIBUTE *att = X509_REQ_get_attr(req->getReq(), i); nid = OBJ_obj2nid(att->object); if (X509_REQ_extension_nid(nid)) { continue; } label = new QLabel(this); trans = dn_translations[nid]; if (translate_dn && !trans.isEmpty()) { label->setText(trans); label->setToolTip(QString(OBJ_nid2sn(nid))); } else { label->setText(QString(OBJ_nid2ln(nid))); label->setToolTip(trans); } label->setText(QString(OBJ_nid2ln(nid))); label->setToolTip(QString(OBJ_nid2sn(nid))); attrLayout->addWidget(label, i, 0); added++; if (att->single) { label = labelFromAsn1String(att->value.single->value.asn1_string); attrLayout->addWidget(label, i, 1); continue; } int count = sk_ASN1_TYPE_num(att->value.set); for (int j=0; j<count; j++) { label = labelFromAsn1String(sk_ASN1_TYPE_value(att->value.set, j)->value.asn1_string); attrLayout->addWidget(label, i, j +1); } } ASN1_IA5STRING *chal = req->spki_challange(); if (chal) { QLabel *label; label = new QLabel(this); label->setText(QString("SPKI Challenge String")); attrLayout->addWidget(label, 0, 0); label = labelFromAsn1String(chal); attrLayout->addWidget(label, 0, 1); added++; } if (!added) { tabwidget->removeTab(2); } openssl_error(); } catch (errorEx &err) { XCA_WARN(err.getString()); } }
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_RSA RSA *rsa = NULL; #endif #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; ASN1_TYPE *t1, *t2; ASN1_INTEGER *privkey; STACK_OF(ASN1_TYPE) *ndsa = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; const unsigned char *p_tmp; #endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) ASN1_TYPE *param = NULL; BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; const unsigned char *p; const unsigned char *cp; int pkeylen; int nid; char obj_tmp[80]; if(p8->pkey->type == V_ASN1_OCTET_STRING) { p8->broken = PKCS8_OK; p = p8->pkey->value.octet_string->data; pkeylen = p8->pkey->value.octet_string->length; } else { p8->broken = PKCS8_NO_OCTET; p = p8->pkey->value.sequence->data; pkeylen = p8->pkey->value.sequence->length; } if (!(pkey = EVP_PKEY_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); return NULL; } a = p8->pkeyalg; nid = OBJ_obj2nid(a->algorithm); switch(nid) { #ifndef OPENSSL_NO_RSA case NID_rsaEncryption: cp = p; if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); return NULL; } EVP_PKEY_assign_RSA (pkey, rsa); break; #endif #ifndef OPENSSL_NO_DSA case NID_dsa: /* PKCS#8 DSA is weird: you just get a private key integer * and parameters in the AlgorithmIdentifier the pubkey must * be recalculated. */ /* Check for broken DSA PKCS#8, UGH! */ if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, d2i_ASN1_TYPE, ASN1_TYPE_free))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(sk_ASN1_TYPE_num(ndsa) != 2 ) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); if(t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; param = t1; } else if(a->parameter->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_NS_DB; param = a->parameter; } else { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(t2->type != V_ASN1_INTEGER) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } privkey = t2->value.integer; } else { if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } param = p8->pkeyalg->parameter; } if (!param || (param->type != V_ASN1_SEQUENCE)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } cp = p = param->value.sequence->data; plen = param->value.sequence->length; if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* We have parameters now set private key */ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); goto dsaerr; } /* Calculate public key (ouch!) */ if (!(dsa->pub_key = BN_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!(ctx = BN_CTX_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); goto dsaerr; } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else ASN1_INTEGER_free(privkey); break; dsaerr: BN_CTX_free (ctx); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); EVP_PKEY_free(pkey); return NULL; break; #endif #ifndef OPENSSL_NO_EC case NID_X9_62_id_ecPublicKey: p_tmp = p; /* extract the ec parameters */ param = p8->pkeyalg->parameter; if (!param || ((param->type != V_ASN1_SEQUENCE) && (param->type != V_ASN1_OBJECT))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } if (param->type == V_ASN1_SEQUENCE) { cp = p = param->value.sequence->data; plen = param->value.sequence->length; if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } } else { EC_GROUP *group; cp = p = param->value.object->data; plen = param->value.object->length; /* type == V_ASN1_OBJECT => the parameters are given * by an asn1 OID */ if ((eckey = EC_KEY_new()) == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); goto ecerr; } group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); if (group == NULL) goto ecerr; EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); if (EC_KEY_set_group(eckey, group) == 0) goto ecerr; EC_GROUP_free(group); } /* We have parameters now set private key */ if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } /* calculate public key (if necessary) */ if (EC_KEY_get0_public_key(eckey) == NULL) { const BIGNUM *priv_key; const EC_GROUP *group; EC_POINT *pub_key; /* the public key was not included in the SEC1 private * key => calculate the public key */ group = EC_KEY_get0_group(eckey); pub_key = EC_POINT_new(group); if (pub_key == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } priv_key = EC_KEY_get0_private_key(eckey); if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } if (EC_KEY_set_public_key(eckey, pub_key) == 0) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } EC_POINT_free(pub_key); } EVP_PKEY_assign_EC_KEY(pkey, eckey); if (ctx) BN_CTX_free(ctx); break; ecerr: if (ctx) BN_CTX_free(ctx); if (eckey) EC_KEY_free(eckey); if (pkey) EVP_PKEY_free(pkey); return NULL; #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ERR_add_error_data(2, "TYPE=", obj_tmp); EVP_PKEY_free (pkey); return NULL; } return pkey; }
static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { const unsigned char *p, *pm; int pklen, pmlen; int ptype; void *pval; ASN1_STRING *pstr; X509_ALGOR *palg; ASN1_INTEGER *privkey = NULL; BN_CTX *ctx = NULL; STACK_OF(ASN1_TYPE) *ndsa = NULL; DSA *dsa = NULL; if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) return 0; X509_ALGOR_get0(NULL, &ptype, &pval, palg); /* Check for broken DSA PKCS#8, UGH! */ if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { ASN1_TYPE *t1, *t2; if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) goto decerr; if (sk_ASN1_TYPE_num(ndsa) != 2) goto decerr; /* Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); if (t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; pval = t1->value.ptr; } else if (ptype == V_ASN1_SEQUENCE) p8->broken = PKCS8_NS_DB; else goto decerr; if (t2->type != V_ASN1_INTEGER) goto decerr; privkey = t2->value.integer; } else { const unsigned char *q = p; if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) goto decerr; if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; ASN1_INTEGER_free(privkey); if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) goto decerr; } if (ptype != V_ASN1_SEQUENCE) goto decerr; } pstr = pval; pm = pstr->data; pmlen = pstr->length; if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) goto decerr; /* We have parameters now set private key */ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); goto dsaerr; } /* Calculate public key */ if (!(dsa->pub_key = BN_new())) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!(ctx = BN_CTX_new())) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); goto dsaerr; } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else ASN1_INTEGER_free(privkey); return 1; decerr: DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); dsaerr: BN_CTX_free (ctx); if (privkey) ASN1_INTEGER_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; }
char* CERTIFICATE_FILE_CLASS::derDecode(unsigned char **buf_ptrptr, long length) // DESCRIPTION : Determine the type of the DER data and decode it. // PRECONDITIONS : // POSTCONDITIONS : // EXCEPTIONS : // NOTES : Returns a pointer to a new'd DVT_STATUS, which must be deleted by the caller //<<=========================================================================== { DVT_STATUS status = MSG_ERROR; unsigned char *p; STACK_OF(ASN1_TYPE) *inkey_ptr = NULL; EVP_PKEY *pkey_ptr = NULL; X509 *cert_ptr = NULL; int count = 0; // try to determine the contents of the file [this is adapted from d2i_AutoPrivateKey()] p = *buf_ptrptr; inkey_ptr = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); if (inkey_ptr == NULL) { // probably not a DER file status = MSG_NO_VALUE; goto end; } switch (sk_ASN1_TYPE_num(inkey_ptr)) { case 3: // certificate file p = *buf_ptrptr; cert_ptr = (X509*)ASN1_item_d2i(NULL, &p, length, ASN1_ITEM_rptr(X509)); if (cert_ptr == NULL) { openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding certificate in DER file"); status = MSG_ERROR; goto end; } else { // save the certificate if (!push(cert_ptr)) { status = MSG_ERROR; goto end; } count++; } break; case 6: // DSA private key file p = *buf_ptrptr; pkey_ptr = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p, length); if (pkey_ptr == NULL) { openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file"); status = MSG_ERROR; goto end; } else { // save the private key if (!push(pkey_ptr)) { status = MSG_ERROR; goto end; } count++; } break; case 9: // RSA private key file p = *buf_ptrptr; pkey_ptr = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, length); if (pkey_ptr == NULL) { openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file"); status = MSG_ERROR; goto end; } else { // save the private key if (!push(pkey_ptr)) { status = MSG_ERROR; goto end; } count++; } break; default: // unknown data status = MSG_NO_VALUE; goto end; } if (count == 0) { status = MSG_NO_VALUE; } else { status = MSG_OK; } end: if (inkey_ptr != NULL) sk_ASN1_TYPE_pop_free(inkey_ptr, ASN1_TYPE_free); if (pkey_ptr != NULL) EVP_PKEY_free(pkey_ptr); if (cert_ptr != NULL) X509_free(cert_ptr); return (char*)(new DVT_STATUS(status)); }
ASN1_OCTET_STRING *sigattr_asn1_octet(scep_t *scep, char *attrname) { STACK_OF(X509_ATTRIBUTE) *sig_attribs; ASN1_OBJECT *asn1_obj; ASN1_TYPE *asn1_type; X509_ATTRIBUTE *attr; int i; scepmsg_t *msg; int single; if (debug) BIO_printf(bio_err, "%s:%d: looking for attribute '%s'\n", __FILE__, __LINE__, attrname); /* decide which message to study: client reads attrs from reply */ if (scep->client) msg = &scep->reply; else msg = &scep->request; /* find the object we by name */ asn1_obj = OBJ_nid2obj(OBJ_sn2nid(attrname)); asn1_type = NULL; /* retrieve the stack of signed attributes */ if (NULL == (sig_attribs = PKCS7_get_signed_attributes(msg->si))) { BIO_printf(bio_err, "%s:%d: signed attributes not found\n", __FILE__, __LINE__); return NULL; } /* scan all attributes for the one we are looking for */ for (i = 0; i < sk_X509_ATTRIBUTE_num(sig_attribs); i++) { attr = sk_X509_ATTRIBUTE_value(sig_attribs, i); if (OBJ_cmp(attr->object, asn1_obj) == 0) { #if OPENSSL_VERSION_NUMBER < 0x00907000L /* attr->set was replaced with attr->single (with opposite meaning) somewhere between 0.9.6m-engine and 0.9.7d */ single = !attr->set; #else single = attr->single; #endif if (single || (sk_ASN1_TYPE_num(attr->value.set) == 0)) { BIO_printf(bio_err, "%s:%d: attr has no val\n",__FILE__, __LINE__); goto err; BIO_printf(bio_err, "%s:%d: attr has no val\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: found matching " "attribute with %d values\n", __FILE__, __LINE__, sk_ASN1_TYPE_num(attr->value.set)); asn1_type = sk_ASN1_TYPE_value(attr->value.set, 0); if (debug) BIO_printf(bio_err, "%s:%d: type found: %p\n", __FILE__, __LINE__, asn1_type); break; } } /* if we cannot find the required argument, we just return NULL */ if (debug) BIO_printf(bio_err, "%s:%d: checking for attribute\n", __FILE__, __LINE__); if (asn1_type == NULL) { BIO_printf(bio_err, "%s:%d: attribute has no type\n", __FILE__, __LINE__); goto err; } if (ASN1_TYPE_get(asn1_type) != V_ASN1_OCTET_STRING) { BIO_printf(bio_err, "%s:%d: attribute has wrong type\n", __FILE__, __LINE__); goto err; } if (debug) BIO_printf(bio_err, "%s:%d: found attribute '%s'\n", __FILE__, __LINE__, attrname); /* this is an ASN1_OCTET_STRING, so we can retrieve the */ /* appropriate element of the union */ return asn1_type->value.octet_string; /* error return, or attribute not found */ err: if (debug) BIO_printf(bio_err, "%s:%d: attribute not found or error\n", __FILE__, __LINE__); ERR_print_errors(bio_err); return NULL; }
EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; #ifndef NO_RSA RSA *rsa = NULL; #endif #ifndef NO_DSA DSA *dsa = NULL; ASN1_INTEGER *privkey; ASN1_TYPE *t1, *t2, *param = NULL; STACK_OF(ASN1_TYPE) *ndsa = NULL; BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; unsigned char *p; int pkeylen; char obj_tmp[80]; if(p8->pkey->type == V_ASN1_OCTET_STRING) { p8->broken = PKCS8_OK; p = p8->pkey->value.octet_string->data; pkeylen = p8->pkey->value.octet_string->length; } else { p8->broken = PKCS8_NO_OCTET; p = p8->pkey->value.sequence->data; pkeylen = p8->pkey->value.sequence->length; } if (!(pkey = EVP_PKEY_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); return NULL; } a = p8->pkeyalg; switch (OBJ_obj2nid(a->algorithm)) { #ifndef NO_RSA case NID_rsaEncryption: if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); return NULL; } EVP_PKEY_assign_RSA (pkey, rsa); break; #endif #ifndef NO_DSA case NID_dsa: /* PKCS#8 DSA is weird: you just get a private key integer * and parameters in the AlgorithmIdentifier the pubkey must * be recalculated. */ /* Check for broken DSA PKCS#8, UGH! */ if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, d2i_ASN1_TYPE, ASN1_TYPE_free))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(sk_ASN1_TYPE_num(ndsa) != 2 ) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); if(t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; param = t1; } else if(a->parameter->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_NS_DB; param = a->parameter; } else { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(t2->type != V_ASN1_INTEGER) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } privkey = t2->value.integer; } else { if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } param = p8->pkeyalg->parameter; } if (!param || (param->type != V_ASN1_SEQUENCE)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } p = param->value.sequence->data; plen = param->value.sequence->length; if (!(dsa = d2i_DSAparams (NULL, &p, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* We have parameters now set private key */ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); goto dsaerr; } /* Calculate public key (ouch!) */ if (!(dsa->pub_key = BN_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!(ctx = BN_CTX_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); goto dsaerr; } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else ASN1_INTEGER_free(privkey); break; dsaerr: BN_CTX_free (ctx); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); EVP_PKEY_free(pkey); return NULL; break; #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); if (!a->algorithm) strcpy (obj_tmp, "NULL"); else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ERR_add_error_data(2, "TYPE=", obj_tmp); EVP_PKEY_free (pkey); return NULL; } return pkey; }
static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { const uint8_t *p, *pm; int pklen, pmlen; int ptype; void *pval; ASN1_STRING *pstr; X509_ALGOR *palg; ASN1_INTEGER *privkey = NULL; BN_CTX *ctx = NULL; /* In PKCS#8 DSA: you just get a private key integer and parameters in the * AlgorithmIdentifier the pubkey must be recalculated. */ STACK_OF(ASN1_TYPE) *ndsa = NULL; DSA *dsa = NULL; if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) { return 0; } X509_ALGOR_get0(NULL, &ptype, &pval, palg); /* Check for broken DSA PKCS#8, UGH! */ if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { ASN1_TYPE *t1, *t2; ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen); if (ndsa == NULL) { goto decerr; } if (sk_ASN1_TYPE_num(ndsa) != 2) { goto decerr; } /* Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key}. */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); if (t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; pval = t1->value.ptr; } else if (ptype == V_ASN1_SEQUENCE) { p8->broken = PKCS8_NS_DB; } else { goto decerr; } if (t2->type != V_ASN1_INTEGER) { goto decerr; } privkey = t2->value.integer; } else { const uint8_t *q = p; privkey = d2i_ASN1_INTEGER(NULL, &p, pklen); if (privkey == NULL) { goto decerr; } if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; ASN1_INTEGER_free(privkey); privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen); if (privkey == NULL) { goto decerr; } } if (ptype != V_ASN1_SEQUENCE) { goto decerr; } } pstr = pval; pm = pstr->data; pmlen = pstr->length; dsa = d2i_DSAparams(NULL, &pm, pmlen); if (dsa == NULL) { goto decerr; } /* We have parameters. Now set private key */ dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL); if (dsa->priv_key == NULL) { OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN); goto dsaerr; } /* Calculate public key. */ dsa->pub_key = BN_new(); if (dsa->pub_key == NULL) { OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto dsaerr; } ctx = BN_CTX_new(); if (ctx == NULL) { OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { OPENSSL_PUT_ERROR(EVP, ERR_LIB_BN); goto dsaerr; } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free(ctx); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); ASN1_INTEGER_free(privkey); return 1; decerr: OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); dsaerr: BN_CTX_free(ctx); ASN1_INTEGER_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; }
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag) { unsigned long l; int i; const char *neg; X509_REQ_INFO *ri; EVP_PKEY *pkey; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_EXTENSION) *exts; char mlch = ' '; int nmindent = 0; if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; nmindent = 12; } if(nmflags == X509_FLAG_COMPAT) nmindent = 16; ri=x->req_info; if(!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err; if (BIO_write(bp," Data:\n",10) <= 0) goto err; } if(!(cflag & X509_FLAG_NO_VERSION)) { neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; l=0; for (i=0; i<ri->version->length; i++) { l<<=8; l+=ri->version->data[i]; } if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg, l) <= 0) goto err; } if(!(cflag & X509_FLAG_NO_SUBJECT)) { if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err; if (BIO_write(bp,"\n",1) <= 0) goto err; } if(!(cflag & X509_FLAG_NO_PUBKEY)) { if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) goto err; if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) goto err; if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) goto err; if (BIO_puts(bp, "\n") <= 0) goto err; pkey=X509_REQ_get_pubkey(x); if (pkey == NULL) { BIO_printf(bp,"%12sUnable to load Public Key\n",""); ERR_print_errors(bp); } else #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", BN_num_bits(pkey->pkey.rsa->n)); RSA_print(bp,pkey->pkey.rsa,16); } else #endif #ifndef OPENSSL_NO_DSA if (pkey->type == EVP_PKEY_DSA) { BIO_printf(bp,"%12sDSA Public Key:\n",""); DSA_print(bp,pkey->pkey.dsa,16); } else #endif #ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { BIO_printf(bp, "%12sEC Public Key: \n",""); EC_KEY_print(bp, pkey->pkey.ec, 16); } else #endif BIO_printf(bp,"%12sUnknown Public Key:\n",""); EVP_PKEY_free(pkey); } if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) { /* may not be */ if(BIO_printf(bp,"%8sAttributes:\n","") <= 0) goto err; sk=x->req_info->attributes; if (sk_X509_ATTRIBUTE_num(sk) == 0) { if(BIO_printf(bp,"%12sa0:00\n","") <= 0) goto err; } else { for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) { ASN1_TYPE *at; X509_ATTRIBUTE *a; ASN1_BIT_STRING *bs=NULL; ASN1_TYPE *t; int j,type=0,count=1,ii=0; a=sk_X509_ATTRIBUTE_value(sk,i); if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) continue; if(BIO_printf(bp,"%12s","") <= 0) goto err; if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) { if (a->single) { t=a->value.single; type=t->type; bs=t->value.bit_string; } else { ii=0; count=sk_ASN1_TYPE_num(a->value.set); get_next: at=sk_ASN1_TYPE_value(a->value.set,ii); type=at->type; bs=at->value.asn1_string; } } for (j=25-j; j>0; j--) if (BIO_write(bp," ",1) != 1) goto err; if (BIO_puts(bp,":") <= 0) goto err; if ( (type == V_ASN1_PRINTABLESTRING) || (type == V_ASN1_T61STRING) || (type == V_ASN1_IA5STRING)) { if (BIO_write(bp,(char *)bs->data,bs->length) != bs->length) goto err; BIO_puts(bp,"\n"); } else { BIO_puts(bp,"unable to print attribute\n"); } if (++ii < count) goto get_next; } } } if(!(cflag & X509_FLAG_NO_EXTENSIONS)) { exts = X509_REQ_get_extensions(x); if(exts) { BIO_printf(bp,"%8sRequested Extensions:\n",""); for (i=0; i<sk_X509_EXTENSION_num(exts); i++) { ASN1_OBJECT *obj; X509_EXTENSION *ex; int j; ex=sk_X509_EXTENSION_value(exts, i); if (BIO_printf(bp,"%12s","") <= 0) goto err; obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0) goto err; if(!X509V3_EXT_print(bp, ex, cflag, 16)) { BIO_printf(bp, "%16s", ""); M_ASN1_OCTET_STRING_print(bp,ex->value); } if (BIO_write(bp,"\n",1) <= 0) goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } } if(!(cflag & X509_FLAG_NO_SIGDUMP)) { if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; } return(1); err: X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB); return(0); }