TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX (TS_REQ * req, TS_VERIFY_CTX * ctx)
{
TS_VERIFY_CTX *ret = ctx;
ASN1_OBJECT *policy;
TS_MSG_IMPRINT *imprint;
X509_ALGOR *md_alg;
ASN1_OCTET_STRING *msg;
const ASN1_INTEGER *nonce;
OPENSSL_assert (req != NULL);
if (ret)
TS_VERIFY_CTX_cleanup (ret);
else if (!(ret = TS_VERIFY_CTX_new ()))
return NULL;
/* Setting flags. */
ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
/* Setting policy. */
if ((policy = TS_REQ_get_policy_id (req)) != NULL)
{
if (!(ret->policy = OBJ_dup (policy)))
goto err;
}
else
ret->flags &= ~TS_VFY_POLICY;
/* Setting md_alg, imprint and imprint_len. */
imprint = TS_REQ_get_msg_imprint (req);
md_alg = TS_MSG_IMPRINT_get_algo (imprint);
if (!(ret->md_alg = X509_ALGOR_dup (md_alg)))
goto err;
msg = TS_MSG_IMPRINT_get_msg (imprint);
ret->imprint_len = ASN1_STRING_length (msg);
if (!(ret->imprint = OPENSSL_malloc (ret->imprint_len)))
goto err;
memcpy (ret->imprint, ASN1_STRING_data (msg), ret->imprint_len);
/* Setting nonce. */
if ((nonce = TS_REQ_get_nonce (req)) != NULL)
{
if (!(ret->nonce = ASN1_INTEGER_dup (nonce)))
goto err;
}
else
ret->flags &= ~TS_VFY_NONCE;
return ret;
err:
if (ctx)
TS_VERIFY_CTX_cleanup (ctx);
else
TS_VERIFY_CTX_free (ret);
return NULL;
}
OCSP_CERTID *OCSP_cert_id_new (const EVP_MD * dgst,
X509_NAME * issuerName, ASN1_BIT_STRING * issuerKey, ASN1_INTEGER * serialNumber)
{
int nid;
unsigned int i;
X509_ALGOR *alg;
OCSP_CERTID *cid = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
if (!(cid = OCSP_CERTID_new ()))
goto err;
alg = cid->hashAlgorithm;
if (alg->algorithm != NULL)
ASN1_OBJECT_free (alg->algorithm);
if ((nid = EVP_MD_type (dgst)) == NID_undef)
{
OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
goto err;
}
if (!(alg->algorithm = OBJ_nid2obj (nid)))
goto err;
if ((alg->parameter = ASN1_TYPE_new ()) == NULL)
goto err;
alg->parameter->type = V_ASN1_NULL;
if (!X509_NAME_digest (issuerName, dgst, md, &i))
goto digerr;
if (!(ASN1_OCTET_STRING_set (cid->issuerNameHash, md, i)))
goto err;
/* Calculate the issuerKey hash, excluding tag and length */
if (!EVP_Digest (issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
goto err;
if (!(ASN1_OCTET_STRING_set (cid->issuerKeyHash, md, i)))
goto err;
if (serialNumber)
{
ASN1_INTEGER_free (cid->serialNumber);
if (!(cid->serialNumber = ASN1_INTEGER_dup (serialNumber)))
goto err;
}
return cid;
digerr:
OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
err:
if (cid)
OCSP_CERTID_free (cid);
return NULL;
}
PKCS7_ISSUER_AND_SERIAL *X509_get_ISSUER_AND_SERIAL( X509 *cert ) {
PKCS7_ISSUER_AND_SERIAL *ias = NULL;
if(!cert) return NULL;
if((ias = PKCS7_ISSUER_AND_SERIAL_new()) == NULL )
return NULL;
ias->issuer = X509_NAME_dup( X509_get_issuer_name(cert));
ias->serial = ASN1_INTEGER_dup( X509_get_serialNumber(cert) );
return ias;
}
int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
{
ASN1_INTEGER *new_nonce;
if (a->nonce == nonce)
return 1;
new_nonce = ASN1_INTEGER_dup(nonce);
if (new_nonce == NULL) {
TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
return 0;
}
ASN1_INTEGER_free(a->nonce);
a->nonce = new_nonce;
return 1;
}
int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
{
ASN1_INTEGER *new_seconds;
if (a->seconds == seconds)
return 1;
new_seconds = ASN1_INTEGER_dup(seconds);
if (new_seconds == NULL) {
TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
return 0;
}
ASN1_INTEGER_free(a->seconds);
a->seconds = new_seconds;
return 1;
}
int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
{
ASN1_INTEGER *new_serial;
if (a->serial == serial)
return 1;
new_serial = ASN1_INTEGER_dup(serial);
if (new_serial == NULL) {
TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
return 0;
}
ASN1_INTEGER_free(a->serial);
a->serial = new_serial;
return 1;
}
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
{
ASN1_INTEGER *in;
if (x == NULL)
return (0);
in = x->cert_info.serialNumber;
if (in != serial) {
in = ASN1_INTEGER_dup(serial);
if (in != NULL) {
ASN1_INTEGER_free(x->cert_info.serialNumber);
x->cert_info.serialNumber = in;
}
}
return (in != NULL);
}
int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
{
ASN1_INTEGER *new_micros = NULL;
if (a->micros == micros)
return 1;
if (micros != NULL) {
new_micros = ASN1_INTEGER_dup(micros);
if (new_micros == NULL) {
TSerr(TS_F_TS_ACCURACY_SET_MICROS, ERR_R_MALLOC_FAILURE);
return 0;
}
}
ASN1_INTEGER_free(a->micros);
a->micros = new_micros;
return 1;
}
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
const EVP_MD *dgst)
{
int ret;
/* We now need to add another PKCS7_SIGNER_INFO entry */
if (!ASN1_INTEGER_set(p7i->version, 1))
goto err;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
goto err;
/*
* because ASN1_INTEGER_set is used to set a 'long' we will do things the
* ugly way.
*/
ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
goto err;
/* lets keep the pkey around for a while */
EVP_PKEY_up_ref(pkey);
p7i->pkey = pkey;
/* Set the algorithms */
X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
V_ASN1_NULL, NULL);
if (pkey->ameth && pkey->ameth->pkey_ctrl) {
ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i);
if (ret > 0)
return 1;
if (ret != -2) {
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
PKCS7_R_SIGNING_CTRL_FAILURE);
return 0;
}
}
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
err:
return 0;
}
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
int ret;
EVP_PKEY *pkey = NULL;
if (!ASN1_INTEGER_set(p7i->version, 0))
return 0;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
return 0;
ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
return 0;
pkey = X509_get0_pubkey(x509);
if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
goto err;
}
ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i);
if (ret == -2) {
PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
goto err;
}
if (ret <= 0) {
PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
PKCS7_R_ENCRYPTION_CTRL_FAILURE);
goto err;
}
X509_up_ref(x509);
p7i->cert = x509;
return 1;
err:
return 0;
}
static int openssl_push_pkcs7_signer_info(lua_State *L, PKCS7_SIGNER_INFO *info)
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(info->version), integer);
if (info->issuer_and_serial != NULL)
{
X509_NAME *i = X509_NAME_dup(info->issuer_and_serial->issuer);
ASN1_INTEGER *s = ASN1_INTEGER_dup(info->issuer_and_serial->serial);
if (info->issuer_and_serial->issuer)
AUXILIAR_SETOBJECT(L, i, "openssl.x509_name", -1, "issuer");
if (info->issuer_and_serial->serial)
AUXILIAR_SETOBJECT(L, s, "openssl.asn1_integer", -1, "serial");
}
if (info->digest_alg)
{
X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_alg");
}
if (info->digest_enc_alg)
{
X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_enc_alg");
}
if (info->enc_digest)
{
ASN1_STRING *dup = ASN1_STRING_dup(info->enc_digest);
AUXILIAR_SETOBJECT(L, dup, "openssl.asn1_string", -1, "enc_digest");
}
if (info->pkey)
{
CRYPTO_add(&info->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
AUXILIAR_SETOBJECT(L, info->pkey, "openssl.evp_pkey", -1, "pkey");
}
return 1;
}
ASN1_INTEGER *a1int::dup(const ASN1_INTEGER *a) const
{
// this wrapper casts the const to work around the nonconst
// declared ASN1_STRING_dup (actually it is const
return ASN1_INTEGER_dup((ASN1_INTEGER *)a);
}