Exemple #1
0
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
	{
	int ret;
	EVP_PKEY *pkey = NULL;
	if (!ASN1_INTEGER_set(p7i->version,0))
		return 0;
	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
		X509_get_issuer_name(x509)))
		return 0;

	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	if (!(p7i->issuer_and_serial->serial=
		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
		return 0;

	pkey = X509_get_pubkey(x509);

	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
		{
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
			PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
		}

	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
						0, p7i);
	if (ret == -2)
		{
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
			PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
		goto err;
		}
	if (ret <= 0)
		{
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
				PKCS7_R_ENCRYPTION_CTRL_FAILURE);
		goto err;
		}

	EVP_PKEY_free(pkey);

	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
	p7i->cert=x509;

	return 1;

	err:
	if (pkey)
		EVP_PKEY_free(pkey);
	return 0;
	}
Exemple #2
0
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
{
	ASN1_INTEGER *in;

	if (x == NULL) return(0);
	in=x->serialNumber;
	if (in != serial) {
		in=M_ASN1_INTEGER_dup(serial);
		if (in != NULL) {
			M_ASN1_INTEGER_free(x->serialNumber);
			x->serialNumber=in;
		}
	}
	return(in != NULL);
}
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
	     EVP_MD *dgst)
	{
	char is_dsa;
	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
	else is_dsa = 0;
	/* We now need to add another PKCS7_SIGNER_INFO entry */
	ASN1_INTEGER_set(p7i->version,1);
	X509_NAME_set(&p7i->issuer_and_serial->issuer,
		X509_get_issuer_name(x509));

	/* because ASN1_INTEGER_set is used to set a 'long' we will do
	 * things the ugly way. */
	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	p7i->issuer_and_serial->serial=
		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));

	/* lets keep the pkey around for a while */
	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
	p7i->pkey=pkey;

	/* Set the algorithms */
	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
	else	
		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));

	if (p7i->digest_alg->parameter != NULL)
		ASN1_TYPE_free(p7i->digest_alg->parameter);
	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
		goto err;
	p7i->digest_alg->parameter->type=V_ASN1_NULL;

	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));

	if (p7i->digest_enc_alg->parameter != NULL)
		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
	if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
	else {
		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
			goto err;
		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
	}

	return(1);
err:
	return(0);
	}
Exemple #4
0
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
	     const EVP_MD *dgst)
	{
	int ret;

	/* We now need to add another PKCS7_SIGNER_INFO entry */
	if (!ASN1_INTEGER_set(p7i->version,1))
		goto err;
	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
			X509_get_issuer_name(x509)))
		goto err;

	/* because ASN1_INTEGER_set is used to set a 'long' we will do
	 * things the ugly way. */
	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	if (!(p7i->issuer_and_serial->serial=
			M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
		goto err;

	/* lets keep the pkey around for a while */
	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
	p7i->pkey=pkey;

	/* Set the algorithms */

	X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
				V_ASN1_NULL, NULL);

	if (pkey->ameth && pkey->ameth->pkey_ctrl)
		{
		ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
						0, p7i);
		if (ret > 0)
			return 1;
		if (ret != -2)
			{
			PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
					PKCS7_R_SIGNING_CTRL_FAILURE);
			return 0;
			}
		}
	PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
			PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
err:
	return 0;
	}
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
	{
	ASN1_INTEGER_set(p7i->version,0);
	X509_NAME_set(&p7i->issuer_and_serial->issuer,
		X509_get_issuer_name(x509));

	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	p7i->issuer_and_serial->serial=
		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));

	X509_ALGOR_free(p7i->key_enc_algor);
	p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup((i2d_func_t)i2d_X509_ALGOR,
		(char *(*)())d2i_X509_ALGOR,
		(char *)x509->cert_info->key->algor);

	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
	p7i->cert=x509;

	return(1);
	}
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
    if (!ASN1_INTEGER_set(p7i->version, 0))
        return 0;
    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
                       X509_get_issuer_name(x509)))
        return 0;

    M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
    if (!(p7i->issuer_and_serial->serial =
          M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
        return 0;

    X509_ALGOR_free(p7i->key_enc_algor);
    if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor)))
        return 0;

    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
    p7i->cert = x509;

    return (1);
}
Exemple #7
0
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
    return M_ASN1_INTEGER_dup(x);
}
Exemple #8
0
ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
{ return M_ASN1_INTEGER_dup(x);}
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                          const EVP_MD *dgst)
{
    int nid;
    char is_dsa;

    if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
        is_dsa = 1;
    else
        is_dsa = 0;
    /* We now need to add another PKCS7_SIGNER_INFO entry */
    if (!ASN1_INTEGER_set(p7i->version, 1))
        goto err;
    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
                       X509_get_issuer_name(x509)))
        goto err;

    /*
     * because ASN1_INTEGER_set is used to set a 'long' we will do things the
     * ugly way.
     */
    M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
    if (!(p7i->issuer_and_serial->serial =
          M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
        goto err;

    /* lets keep the pkey around for a while */
    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
    p7i->pkey = pkey;

    /* Set the algorithms */
    if (is_dsa)
        p7i->digest_alg->algorithm = OBJ_nid2obj(NID_sha1);
    else
        p7i->digest_alg->algorithm = OBJ_nid2obj(EVP_MD_type(dgst));

    if (p7i->digest_alg->parameter != NULL)
        ASN1_TYPE_free(p7i->digest_alg->parameter);
    if ((p7i->digest_alg->parameter = ASN1_TYPE_new()) == NULL)
        goto err;
    p7i->digest_alg->parameter->type = V_ASN1_NULL;

    if (p7i->digest_enc_alg->parameter != NULL)
        ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
    nid = EVP_PKEY_type(pkey->type);
    if (nid == EVP_PKEY_RSA) {
        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
        if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
            goto err;
        p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
    } else if (nid == EVP_PKEY_DSA) {
#if 1
        /*
         * use 'dsaEncryption' OID for compatibility with other software
         * (PKCS #7 v1.5 does specify how to handle DSA) ...
         */
        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsa);
#else
        /*
         * ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for
         * CMS) would make more sense.
         */
        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsaWithSHA1);
#endif
        p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit
                                                * 'parameter'! */
    } else if (nid == EVP_PKEY_EC) {
        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1);
        if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
            goto err;
        p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
    } else
        return (0);

    return (1);
 err:
    return (0);
}