/**
* Validates the format of the boot signature block, and checks that
* the length in authenticated attributes matches the actual length of
* the image.
* @param bs The boot signature block to validate
* @param length The actual length of the boot image without the signature
*/
static int validate_signature_block(const BootSignature *bs, uint64_t length)
{
BIGNUM expected;
BIGNUM value;
int rc = -1;
if (!bs) {
return -1;
}
BN_init(&expected);
BN_init(&value);
/* Confirm that formatVersion matches our supported version */
if (!BN_set_word(&expected, FORMAT_VERSION)) {
ERR_print_errors(g_error);
goto vsb_done;
}
ASN1_INTEGER_to_BN(bs->formatVersion, &value);
if (BN_cmp(&expected, &value) != 0) {
printf("Unsupported signature version\n");
goto vsb_done;
}
BN_clear(&expected);
BN_clear(&value);
/* Confirm that the length of the image matches with the length in
the authenticated attributes */
length = htobe64(length);
BN_bin2bn((const unsigned char *) &length, sizeof(length), &expected);
ASN1_INTEGER_to_BN(bs->authenticatedAttributes->length, &value);
if (BN_cmp(&expected, &value) != 0) {
printf("Image length doesn't match signature attributes\n");
goto vsb_done;
}
rc = 0;
vsb_done:
BN_free(&expected);
BN_free(&value);
return rc;
}
static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
{
ASN1_OBJECT *aoid;
int atype;
void *aval;
ASN1_INTEGER *public_key = NULL;
int rv = 0;
EVP_PKEY *pkpeer = NULL, *pk = NULL;
DH *dhpeer = NULL;
const unsigned char *p;
int plen;
X509_ALGOR_get0(&aoid, &atype, &aval, alg);
if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
goto err;
/* Only absent parameters allowed in RFC XXXX */
if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
goto err;
pk = EVP_PKEY_CTX_get0_pkey(pctx);
if (!pk)
goto err;
if (pk->type != EVP_PKEY_DHX)
goto err;
/* Get parameters from parent key */
dhpeer = DHparams_dup(pk->pkey.dh);
/* We have parameters now set public key */
plen = ASN1_STRING_length(pubkey);
p = ASN1_STRING_data(pubkey);
if (!p || !plen)
goto err;
if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) {
DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
goto err;
}
/* We have parameters now set public key */
if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
goto err;
}
pkpeer = EVP_PKEY_new();
if (!pkpeer)
goto err;
EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
dhpeer = NULL;
if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
rv = 1;
err:
if (public_key)
ASN1_INTEGER_free(public_key);
if (pkpeer)
EVP_PKEY_free(pkpeer);
if (dhpeer)
DH_free(dhpeer);
return rv;
}
/*
* Copy the serial number from src certificate to dst certificate
* and modify it by a random offset.
* If reading the serial fails for some reason, generate a new
* random serial and store it in the dst certificate.
* Using the same serial is not a good idea since some SSL stacks
* check for duplicate certificate serials.
* Returns 0 on success, -1 on error.
*/
int
ssl_x509_serial_copyrand(X509 *dstcrt, X509 *srccrt)
{
ASN1_INTEGER *srcptr, *dstptr;
BIGNUM *bnserial;
unsigned int rand;
int rv;
#ifndef PURIFY
rv = ssl_rand(&rand, sizeof(rand));
#else /* PURIFY */
rand = 0xF001;
rv = 0;
#endif /* PURIFY */
dstptr = X509_get_serialNumber(dstcrt);
srcptr = X509_get_serialNumber(srccrt);
if ((rv == -1) || !dstptr || !srcptr)
return -1;
bnserial = ASN1_INTEGER_to_BN(srcptr, NULL);
if (!bnserial) {
/* random 32-bit serial */
ASN1_INTEGER_set(dstptr, rand);
} else {
/* original serial plus random 32-bit offset */
BN_add_word(bnserial, rand);
BN_to_ASN1_INTEGER(bnserial, dstptr);
BN_free(bnserial);
}
return 0;
}
Datum x509_get_serial_number(PG_FUNCTION_ARGS) {
bytea *raw;
bytea *result;
BIGNUM *bn;
X509 *cert;
// check for null value.
raw = PG_GETARG_BYTEA_P(0);
if (raw == NULL || VARSIZE(raw) == VARHDRSZ) {
PG_RETURN_NULL();
}
cert = x509_from_bytea(raw);
if (cert == NULL) {
ereport(ERROR,
(errcode(ERRCODE_DATA_CORRUPTED), errmsg(
"unable to decode X509 record")));
}
bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), NULL);
result = bn_to_bytea(bn);
BN_free(bn);
X509_free(cert);
PG_RETURN_BYTEA_P(result);
}
/* Convert ASN1_INTEGER to decimal string string */
static int
tls_parse_bigint(struct tls *ctx, const ASN1_INTEGER *asn1int, const char **dst_p)
{
long small;
BIGNUM *big;
char *tmp, buf[64];
*dst_p = NULL;
small = ASN1_INTEGER_get(asn1int);
if (small < 0) {
big = ASN1_INTEGER_to_BN(asn1int, NULL);
if (big) {
tmp = BN_bn2dec(big);
if (tmp)
*dst_p = strdup(tmp);
OPENSSL_free(tmp);
}
BN_free(big);
} else {
snprintf(buf, sizeof buf, "%lu", small);
*dst_p = strdup(buf);
}
if (*dst_p)
return 0;
tls_set_errorx(ctx, "cannot parse serial");
return -1;
}
/* retrieve basic constraints ingredients */
BOOL modssl_X509_getBC(X509 *cert, int *ca, int *pathlen)
{
BASIC_CONSTRAINTS *bc;
BIGNUM *bn = NULL;
char *cp;
bc = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
if (bc == NULL)
return FALSE;
*ca = bc->ca;
*pathlen = -1 /* unlimited */;
if (bc->pathlen != NULL) {
if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL) {
BASIC_CONSTRAINTS_free(bc);
return FALSE;
}
if ((cp = BN_bn2dec(bn)) == NULL) {
BN_free(bn);
BASIC_CONSTRAINTS_free(bc);
return FALSE;
}
*pathlen = atoi(cp);
OPENSSL_free(cp);
BN_free(bn);
}
BASIC_CONSTRAINTS_free(bc);
return TRUE;
}
VALUE
asn1integer_to_num(ASN1_INTEGER *ai)
{
BIGNUM *bn;
#if DO_IT_VIA_RUBY
char *txt;
#endif
VALUE num;
if (!ai) {
ossl_raise(rb_eTypeError, "ASN1_INTEGER is NULL!");
}
if (!(bn = ASN1_INTEGER_to_BN(ai, NULL))) {
ossl_raise(eOSSLError, NULL);
}
#if DO_IT_VIA_RUBY
if (!(txt = BN_bn2dec(bn))) {
BN_free(bn);
ossl_raise(eOSSLError, NULL);
}
num = rb_cstr_to_inum(txt, 10, Qtrue);
OPENSSL_free(txt);
#else
num = ossl_bn_new(bn);
#endif
BN_free(bn);
return num;
}
/* retrieve basic constraints ingredients */
BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
{
X509_EXTENSION *ext;
BASIC_CONSTRAINTS *bc;
int idx;
BIGNUM *bn = NULL;
char *cp;
if ((idx = X509_get_ext_by_NID(cert, NID_basic_constraints, -1)) < 0)
return FALSE;
ext = X509_get_ext(cert, idx);
if (ext == NULL)
return FALSE;
if ((bc = (BASIC_CONSTRAINTS *)X509V3_EXT_d2i(ext)) == NULL)
return FALSE;
*ca = bc->ca;
*pathlen = -1 /* unlimited */;
if (bc->pathlen != NULL) {
if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL)
return FALSE;
if ((cp = BN_bn2dec(bn)) == NULL)
return FALSE;
*pathlen = atoi(cp);
OPENSSL_free(cp);
BN_free(bn);
}
BASIC_CONSTRAINTS_free(bc);
return TRUE;
}
static int openssl_revoked_serialNumber(lua_State* L)
{
X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked");
BIGNUM *bn = ASN1_INTEGER_to_BN(revoked->serialNumber, NULL);
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
PUSH_OBJECT(bn, "openssl.bn");
return 2;
}
a1int &a1int::operator ++ (void)
{
BIGNUM *bn = ASN1_INTEGER_to_BN(in, NULL);
BN_add(bn, bn, BN_value_one());
BN_to_ASN1_INTEGER(bn, in);
BN_free(bn);
return *this;
}
static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) {
const uint8_t *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
DSA *dsa = NULL;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) {
return 0;
}
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (ptype == V_ASN1_SEQUENCE) {
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
dsa = d2i_DSAparams(NULL, &pm, pmlen);
if (dsa == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
}
} else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) {
dsa = DSA_new();
if (dsa == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
goto err;
}
} else {
OPENSSL_PUT_ERROR(EVP, EVP_R_PARAMETER_ENCODING_ERROR);
goto err;
}
public_key = d2i_ASN1_INTEGER(NULL, &p, pklen);
if (public_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
}
dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL);
if (dsa->pub_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_BN_DECODE_ERROR);
goto err;
}
ASN1_INTEGER_free(public_key);
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
err:
ASN1_INTEGER_free(public_key);
DSA_free(dsa);
return 0;
}
static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
DSA *dsa = NULL;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (ptype == V_ASN1_SEQUENCE) {
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) {
DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
goto err;
}
} else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
if (!(dsa = DSA_new())) {
DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
goto err;
}
} else {
DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
goto err;
}
if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) {
DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
goto err;
}
if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
goto err;
}
ASN1_INTEGER_free(public_key);
EVP_PKEY_assign_DSA(pkey, dsa);
return 1;
err:
if (public_key)
ASN1_INTEGER_free(public_key);
if (dsa)
DSA_free(dsa);
return 0;
}
static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *public_key = NULL;
DH *dh = NULL;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (ptype != V_ASN1_SEQUENCE)
{
DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
goto err;
}
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
{
DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
goto err;
}
if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
{
DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
goto err;
}
/* We have parameters now set public key */
if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
{
DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
goto err;
}
ASN1_INTEGER_free(public_key);
EVP_PKEY_assign_DH(pkey, dh);
return 1;
err:
if (public_key)
ASN1_INTEGER_free(public_key);
if (dh)
DH_free(dh);
return 0;
}
static int dh_priv_decode (EVP_PKEY * pkey, PKCS8_PRIV_KEY_INFO * p8)
{
const unsigned char *p, *pm;
int pklen, pmlen;
int ptype;
void *pval;
ASN1_STRING *pstr;
X509_ALGOR *palg;
ASN1_INTEGER *privkey = NULL;
DH *dh = NULL;
if (!PKCS8_pkey_get0 (NULL, &p, &pklen, &palg, p8))
return 0;
X509_ALGOR_get0 (NULL, &ptype, &pval, palg);
if (ptype != V_ASN1_SEQUENCE)
goto decerr;
if (!(privkey = d2i_ASN1_INTEGER (NULL, &p, pklen)))
goto decerr;
pstr = pval;
pm = pstr->data;
pmlen = pstr->length;
if (!(dh = d2i_DHparams (NULL, &pm, pmlen)))
goto decerr;
/* We have parameters now set private key */
if (!(dh->priv_key = ASN1_INTEGER_to_BN (privkey, NULL)))
{
DHerr (DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
goto dherr;
}
/* Calculate public key */
if (!DH_generate_key (dh))
goto dherr;
EVP_PKEY_assign_DH (pkey, dh);
ASN1_INTEGER_free (privkey);
return 1;
decerr:
DHerr (DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
dherr:
DH_free (dh);
return 0;
}
/* ------------------ private key functions -----------------------------*/
static int priv_decode_gost( EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf)
{
const unsigned char *pkey_buf = NULL,*p=NULL;
int priv_len = 0;
BIGNUM *pk_num=NULL;
int ret =0;
X509_ALGOR *palg =NULL;
ASN1_OBJECT *palg_obj = NULL;
ASN1_INTEGER *priv_key=NULL;
if (!PKCS8_pkey_get0(&palg_obj,&pkey_buf,&priv_len,&palg,p8inf))
return 0;
p = pkey_buf;
if (!decode_gost_algor_params(pk,palg))
{
return 0;
}
if (V_ASN1_OCTET_STRING == *p)
{
/* New format - Little endian octet string */
unsigned char rev_buf[32];
int i;
ASN1_OCTET_STRING *s = d2i_ASN1_OCTET_STRING(NULL,&p,priv_len);
if (!s||s->length !=32)
{
GOSTerr(GOST_F_PRIV_DECODE_GOST,
EVP_R_DECODE_ERROR);
return 0;
}
for (i=0;i<32;i++)
{
rev_buf[31-i]=s->data[i];
}
ASN1_STRING_free(s);
pk_num = getbnfrombuf(rev_buf,32);
}
else
{
priv_key=d2i_ASN1_INTEGER(NULL,&p,priv_len);
if (!priv_key) return 0;
ret= ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL))!=NULL) ;
ASN1_INTEGER_free(priv_key);
if (!ret)
{
GOSTerr(GOST_F_PRIV_DECODE_GOST,
EVP_R_DECODE_ERROR);
return 0;
}
}
ret= gost_set_priv_key(pk,pk_num);
BN_free(pk_num);
return ret;
}
const byteArray X509Certificate_OpenSSL::getSerialNumber() const
{
ASN1_INTEGER *serial = X509_get_serialNumber(m_data->cert);
BIGNUM *bnser = ASN1_INTEGER_to_BN(serial, NULL);
int n = BN_num_bytes(bnser);
byte_t* outbuf = new byte_t[n];
BN_bn2bin(bnser, outbuf);
byteArray ser(outbuf, outbuf + n);
delete [] outbuf;
BN_free(bnser);
return ser;
}
QString a1int::toDec() const
{
QString r;
if (in->length == 0) {
return r;
}
BIGNUM *bn = ASN1_INTEGER_to_BN(in, NULL);
char *res = BN_bn2dec(bn);
r = res;
BN_free(bn);
OPENSSL_free(res);
return r;
}
static char *
handle_serial (char * serial)
{
int hex = NULL != strchr (serial, ':');
/* Convert serial to a decimal serial when input is
a hexidecimal representation of the serial */
if (hex)
{
unsigned int i,ii;
char *tmp_serial = (char*) calloc (strlen (serial) + 1,1);
for (i=0,ii=0; '\0'!=serial[i];i++)
{
if (':'!=serial[i])
tmp_serial[ii++]=serial[i];
}
serial=tmp_serial;
}
else
{
unsigned int i;
for (i=0; ! hex && '\0' != serial[i]; i++)
hex = 'a'==serial[i]||'b'==serial[i]||'c'==serial[i]||'d'==serial[i]||'e'==serial[i]||'f'==serial[i];
}
if (hex)
{
ASN1_INTEGER* ai;
BIGNUM *ret;
BIO* in = BIO_new_mem_buf(serial, -1);
char buf[1025];
ai=ASN1_INTEGER_new();
if (ai == NULL) return NULL;
if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
{
return NULL;
}
ret=ASN1_INTEGER_to_BN(ai,NULL);
if (ret == NULL)
{
return NULL;
}
else
{
serial = BN_bn2dec(ret);
}
}
return serial;
} /* handle_serial */
/**
* Return the serial number.
*/
static int meth_serial(lua_State *L)
{
char *tmp;
BIGNUM *bn;
ASN1_INTEGER *serial;
X509* cert = lsec_checkx509(L, 1);
serial = X509_get_serialNumber(cert);
bn = ASN1_INTEGER_to_BN(serial, NULL);
tmp = BN_bn2hex(bn);
lua_pushstring(L, tmp);
BN_free(bn);
OPENSSL_free(tmp);
return 1;
}
char *
x509_get_serial (x509_cert_t *cert)
{
ASN1_INTEGER *asn1_i;
BIGNUM *bignum;
char *serial;
asn1_i = X509_get_serialNumber(cert);
bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
serial = BN_bn2dec(bignum);
BN_free(bignum);
return serial;
}
std::string cert_string_from_asn1_integer(ASN1_INTEGER* value)
{
std::string result;
BIGNUM *bn = ASN1_INTEGER_to_BN(value, NULL);
if(bn)
{
char * ascii_bn = BN_bn2hex(bn);
if(ascii_bn)
{
result = ascii_bn;
OPENSSL_free(ascii_bn);
}
BN_free(bn);
}
return result;
}
char *
x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
{
ASN1_INTEGER *asn1_i;
BIGNUM *bignum;
char *openssl_serial, *serial;
asn1_i = X509_get_serialNumber(cert);
bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
openssl_serial = BN_bn2dec(bignum);
serial = string_alloc(openssl_serial, gc);
BN_free(bignum);
OPENSSL_free(openssl_serial);
return serial;
}
std::string bdoc::X509Cert::getSerial() const
{
std::string serial;
ASN1_INTEGER* bs = NULL;
if (!(bs = X509_get_serialNumber(cert))) {
THROW_STACK_EXCEPTION("Failed to read certificate serial number from X.509 certificate: %s", ERR_reason_error_string(ERR_get_error()));
}
BIGNUM *bn = ASN1_INTEGER_to_BN(bs, NULL);
char *str = BN_bn2dec(bn);
serial = std::string(str);
BN_free(bn);
OPENSSL_free(str);
return serial;
}
static void CheckSerial(X509 *x509)
{
ASN1_INTEGER *serial = X509_get_serialNumber(x509);
BIGNUM *bn_serial = ASN1_INTEGER_to_BN(serial, NULL);
if (BN_is_negative(bn_serial) || BN_is_zero(bn_serial))
{
SetError(ERR_SERIAL_NOT_POSITIVE);
}
if (serial->length > 20)
{
SetError(ERR_SERIAL_TOO_LARGE);
}
CheckASN1_integer(serial);
BN_free(bn_serial);
}
static PyObject *
get_serial_number (certificate_x509 *self, PyObject *args)
{
PyObject *ret;
if (!PyArg_ParseTuple (args, "")) {
return NULL;
}
ASN1_INTEGER *serial_asn = X509_get_serialNumber (self->x509);
BIGNUM *bn = ASN1_INTEGER_to_BN (serial_asn, NULL);
char *hex = BN_bn2hex (bn);
BN_free (bn);
ret = PyLong_FromString (hex, NULL, 16);
OPENSSL_free (hex);
return ret;
}
static ASN1_INTEGER *next_serial(const char *serialfile)
{
int ret = 0;
BIO *in = NULL;
ASN1_INTEGER *serial = NULL;
BIGNUM *bn = NULL;
if ((serial = ASN1_INTEGER_new()) == NULL)
goto err;
if ((in = BIO_new_file(serialfile, "r")) == NULL) {
ERR_clear_error();
BIO_printf(bio_err, "Warning: could not open file %s for "
"reading, using serial number: 1\n", serialfile);
if (!ASN1_INTEGER_set(serial, 1))
goto err;
} else {
char buf[1024];
if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
BIO_printf(bio_err, "unable to load number from %s\n",
serialfile);
goto err;
}
if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL)
goto err;
ASN1_INTEGER_free(serial);
serial = NULL;
if (!BN_add_word(bn, 1))
goto err;
if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
goto err;
}
ret = 1;
err:
if (!ret) {
ASN1_INTEGER_free(serial);
serial = NULL;
}
BIO_free_all(in);
BN_free(bn);
return serial;
}
int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
{
BIGNUM *num_bn;
int result = 0;
char *hex;
num_bn = BN_new();
if (num_bn == NULL)
return -1;
ASN1_INTEGER_to_BN(num, num_bn);
if ((hex = BN_bn2hex(num_bn))) {
result = BIO_write(bio, "0x", 2) > 0;
result = result && BIO_write(bio, hex, strlen(hex)) > 0;
OPENSSL_free(hex);
}
BN_free(num_bn);
return result;
}
int output_serialNumber (BIO *out, BIO *err, X509 *x) {
ASN1_INTEGER *serial ;
BIO *b64 ;
BIGNUM *bn = NULL ;
unsigned char *binserial = NULL ;
int len ;
int res = 1 ;
if ((b64 = BIO_push(BIO_new(BIO_f_base64()), out)) == NULL) {
BIO_printf(err,
"Error - Cannot initialise Base64 output filter for serial number\n");
goto end ;
}
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL) ;
serial = X509_get_serialNumber(x) ;
bn = ASN1_INTEGER_to_BN (serial, NULL) ;
len = BN_num_bytes(bn);
binserial = malloc(len) ;
if (BN_bn2bin(bn, binserial) != len) {
BIO_printf(err,
"Error - Cannot get a binary representation of serial number\n");
goto end ;
}
BIO_printf(out, "4_serial ") ;
/* Assuming that serial number is positive, prepend 0x00 if first byte
of serial number is >= 0x80 */
if (binserial[0] & 0x80) {
BIO_write(b64, "\0", 1);
}
BIO_write(b64, binserial, len);
BIO_flush(b64);
BIO_printf(out, "\n") ;
res = 0 ;
end:
if (bn != NULL) BN_free (bn) ;
if (binserial != NULL) free (binserial) ;
return res ;
}
/**
* @return returns X.509 certificate serial number.
* @throws IOException exception is thrown if the serial is incorrect.
*/
std::string digidoc::X509Cert::getSerial() const throw(IOException)
{
std::string serial;
BIGNUM *bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), 0);
if(bn)
{
char *str = BN_bn2dec(bn);
if(str)
serial = str;
OPENSSL_free(str);
BN_free(bn);
}
if(serial.empty())
{
THROW_IOEXCEPTION("Failed to read certificate serial number from X.509 certificate: %s", ERR_reason_error_string(ERR_get_error()));
}
return serial;
}
@return: Serial number as a Python integer\n\
";
static PyObject *
crypto_X509_get_serial_number(crypto_X509Obj *self, PyObject *args)
{
ASN1_INTEGER *asn1_i;
BIGNUM *bignum;
char *hex;
PyObject *res;
if (!PyArg_ParseTuple(args, ":get_serial_number"))
return NULL;
asn1_i = X509_get_serialNumber(self->x509);
bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
hex = BN_bn2hex(bignum);
res = PyLong_FromString(hex, NULL, 16);
BN_free(bignum);
free(hex);
return res;
}
