Exemple #1
0
TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX (TS_REQ * req, TS_VERIFY_CTX * ctx)
{
    TS_VERIFY_CTX *ret = ctx;

    ASN1_OBJECT *policy;

    TS_MSG_IMPRINT *imprint;

    X509_ALGOR *md_alg;

    ASN1_OCTET_STRING *msg;

    const ASN1_INTEGER *nonce;

    OPENSSL_assert (req != NULL);
    if (ret)
        TS_VERIFY_CTX_cleanup (ret);
    else if (!(ret = TS_VERIFY_CTX_new ()))
        return NULL;

    /* Setting flags. */
    ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);

    /* Setting policy. */
    if ((policy = TS_REQ_get_policy_id (req)) != NULL)
    {
        if (!(ret->policy = OBJ_dup (policy)))
            goto err;
    }
    else
        ret->flags &= ~TS_VFY_POLICY;

    /* Setting md_alg, imprint and imprint_len. */
    imprint = TS_REQ_get_msg_imprint (req);
    md_alg = TS_MSG_IMPRINT_get_algo (imprint);
    if (!(ret->md_alg = X509_ALGOR_dup (md_alg)))
        goto err;
    msg = TS_MSG_IMPRINT_get_msg (imprint);
    ret->imprint_len = ASN1_STRING_length (msg);
    if (!(ret->imprint = OPENSSL_malloc (ret->imprint_len)))
        goto err;
    memcpy (ret->imprint, ASN1_STRING_data (msg), ret->imprint_len);

    /* Setting nonce. */
    if ((nonce = TS_REQ_get_nonce (req)) != NULL)
    {
        if (!(ret->nonce = ASN1_INTEGER_dup (nonce)))
            goto err;
    }
    else
        ret->flags &= ~TS_VFY_NONCE;

    return ret;
  err:
    if (ctx)
        TS_VERIFY_CTX_cleanup (ctx);
    else
        TS_VERIFY_CTX_free (ret);
    return NULL;
}
Exemple #2
0
OCSP_CERTID *OCSP_cert_id_new (const EVP_MD * dgst,
                               X509_NAME * issuerName, ASN1_BIT_STRING * issuerKey, ASN1_INTEGER * serialNumber)
{
    int nid;

    unsigned int i;

    X509_ALGOR *alg;

    OCSP_CERTID *cid = NULL;

    unsigned char md[EVP_MAX_MD_SIZE];

    if (!(cid = OCSP_CERTID_new ()))
        goto err;

    alg = cid->hashAlgorithm;
    if (alg->algorithm != NULL)
        ASN1_OBJECT_free (alg->algorithm);
    if ((nid = EVP_MD_type (dgst)) == NID_undef)
    {
        OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
        goto err;
    }
    if (!(alg->algorithm = OBJ_nid2obj (nid)))
        goto err;
    if ((alg->parameter = ASN1_TYPE_new ()) == NULL)
        goto err;
    alg->parameter->type = V_ASN1_NULL;

    if (!X509_NAME_digest (issuerName, dgst, md, &i))
        goto digerr;
    if (!(ASN1_OCTET_STRING_set (cid->issuerNameHash, md, i)))
        goto err;

    /* Calculate the issuerKey hash, excluding tag and length */
    if (!EVP_Digest (issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
        goto err;

    if (!(ASN1_OCTET_STRING_set (cid->issuerKeyHash, md, i)))
        goto err;

    if (serialNumber)
    {
        ASN1_INTEGER_free (cid->serialNumber);
        if (!(cid->serialNumber = ASN1_INTEGER_dup (serialNumber)))
            goto err;
    }
    return cid;
  digerr:
    OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
  err:
    if (cid)
        OCSP_CERTID_free (cid);
    return NULL;
}
Exemple #3
0
PKCS7_ISSUER_AND_SERIAL *X509_get_ISSUER_AND_SERIAL( X509 *cert ) {

	PKCS7_ISSUER_AND_SERIAL *ias = NULL;

	if(!cert) return NULL;

	if((ias = PKCS7_ISSUER_AND_SERIAL_new()) == NULL )
		return NULL;

	ias->issuer = X509_NAME_dup( X509_get_issuer_name(cert));
	ias->serial = ASN1_INTEGER_dup( X509_get_serialNumber(cert) );

	return ias;
}
int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
{
    ASN1_INTEGER *new_nonce;

    if (a->nonce == nonce)
        return 1;
    new_nonce = ASN1_INTEGER_dup(nonce);
    if (new_nonce == NULL) {
        TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    ASN1_INTEGER_free(a->nonce);
    a->nonce = new_nonce;
    return 1;
}
Exemple #5
0
int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
{
    ASN1_INTEGER *new_seconds;

    if (a->seconds == seconds)
        return 1;
    new_seconds = ASN1_INTEGER_dup(seconds);
    if (new_seconds == NULL) {
        TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    ASN1_INTEGER_free(a->seconds);
    a->seconds = new_seconds;
    return 1;
}
Exemple #6
0
int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
{
    ASN1_INTEGER *new_serial;

    if (a->serial == serial)
        return 1;
    new_serial = ASN1_INTEGER_dup(serial);
    if (new_serial == NULL) {
        TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    ASN1_INTEGER_free(a->serial);
    a->serial = new_serial;
    return 1;
}
Exemple #7
0
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
{
    ASN1_INTEGER *in;

    if (x == NULL)
        return (0);
    in = x->cert_info.serialNumber;
    if (in != serial) {
        in = ASN1_INTEGER_dup(serial);
        if (in != NULL) {
            ASN1_INTEGER_free(x->cert_info.serialNumber);
            x->cert_info.serialNumber = in;
        }
    }
    return (in != NULL);
}
Exemple #8
0
int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
{
    ASN1_INTEGER *new_micros = NULL;

    if (a->micros == micros)
        return 1;
    if (micros != NULL) {
        new_micros = ASN1_INTEGER_dup(micros);
        if (new_micros == NULL) {
            TSerr(TS_F_TS_ACCURACY_SET_MICROS, ERR_R_MALLOC_FAILURE);
            return 0;
        }
    }
    ASN1_INTEGER_free(a->micros);
    a->micros = new_micros;
    return 1;
}
Exemple #9
0
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                          const EVP_MD *dgst)
{
    int ret;

    /* We now need to add another PKCS7_SIGNER_INFO entry */
    if (!ASN1_INTEGER_set(p7i->version, 1))
        goto err;
    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
                       X509_get_issuer_name(x509)))
        goto err;

    /*
     * because ASN1_INTEGER_set is used to set a 'long' we will do things the
     * ugly way.
     */
    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
    if (!(p7i->issuer_and_serial->serial =
          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
        goto err;

    /* lets keep the pkey around for a while */
    EVP_PKEY_up_ref(pkey);
    p7i->pkey = pkey;

    /* Set the algorithms */

    X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
                    V_ASN1_NULL, NULL);

    if (pkey->ameth && pkey->ameth->pkey_ctrl) {
        ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i);
        if (ret > 0)
            return 1;
        if (ret != -2) {
            PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
                     PKCS7_R_SIGNING_CTRL_FAILURE);
            return 0;
        }
    }
    PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
             PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 err:
    return 0;
}
Exemple #10
0
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
    int ret;
    EVP_PKEY *pkey = NULL;
    if (!ASN1_INTEGER_set(p7i->version, 0))
        return 0;
    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
                       X509_get_issuer_name(x509)))
        return 0;

    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
    if (!(p7i->issuer_and_serial->serial =
          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
        return 0;

    pkey = X509_get0_pubkey(x509);

    if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
        goto err;
    }

    ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i);
    if (ret == -2) {
        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
        goto err;
    }
    if (ret <= 0) {
        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
                 PKCS7_R_ENCRYPTION_CTRL_FAILURE);
        goto err;
    }

    X509_up_ref(x509);
    p7i->cert = x509;

    return 1;

 err:
    return 0;
}
Exemple #11
0
static int openssl_push_pkcs7_signer_info(lua_State *L, PKCS7_SIGNER_INFO *info)
{
  lua_newtable(L);
  AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(info->version), integer);

  if (info->issuer_and_serial != NULL)
  {
    X509_NAME *i = X509_NAME_dup(info->issuer_and_serial->issuer);
    ASN1_INTEGER *s = ASN1_INTEGER_dup(info->issuer_and_serial->serial);
    if (info->issuer_and_serial->issuer)
      AUXILIAR_SETOBJECT(L, i, "openssl.x509_name", -1, "issuer");

    if (info->issuer_and_serial->serial)
      AUXILIAR_SETOBJECT(L, s, "openssl.asn1_integer", -1, "serial");
  }

  if (info->digest_alg)
  {
    X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
    AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_alg");
  }
  if (info->digest_enc_alg)
  {
    X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
    AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_enc_alg");
  }
  if (info->enc_digest)
  {
    ASN1_STRING *dup = ASN1_STRING_dup(info->enc_digest);
    AUXILIAR_SETOBJECT(L, dup, "openssl.asn1_string", -1, "enc_digest");
  }

  if (info->pkey)
  {
    CRYPTO_add(&info->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
    AUXILIAR_SETOBJECT(L, info->pkey, "openssl.evp_pkey", -1, "pkey");
  }
  return 1;
}
Exemple #12
0
ASN1_INTEGER *a1int::dup(const ASN1_INTEGER *a) const
{
	// this wrapper casts the const to work around the nonconst
	// declared ASN1_STRING_dup (actually it is const
	return ASN1_INTEGER_dup((ASN1_INTEGER *)a);
}