int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
int ret;
EVP_PKEY *pkey = NULL;
if (!ASN1_INTEGER_set(p7i->version,0))
return 0;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
return 0;
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
return 0;
pkey = X509_get_pubkey(x509);
if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
{
PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
goto err;
}
ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
0, p7i);
if (ret == -2)
{
PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
goto err;
}
if (ret <= 0)
{
PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
PKCS7_R_ENCRYPTION_CTRL_FAILURE);
goto err;
}
EVP_PKEY_free(pkey);
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
p7i->cert=x509;
return 1;
err:
if (pkey)
EVP_PKEY_free(pkey);
return 0;
}
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
{
ASN1_INTEGER *in;
if (x == NULL) return(0);
in=x->serialNumber;
if (in != serial) {
in=M_ASN1_INTEGER_dup(serial);
if (in != NULL) {
M_ASN1_INTEGER_free(x->serialNumber);
x->serialNumber=in;
}
}
return(in != NULL);
}
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
EVP_MD *dgst)
{
char is_dsa;
if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
else is_dsa = 0;
/* We now need to add another PKCS7_SIGNER_INFO entry */
ASN1_INTEGER_set(p7i->version,1);
X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509));
/* because ASN1_INTEGER_set is used to set a 'long' we will do
* things the ugly way. */
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
/* lets keep the pkey around for a while */
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
p7i->pkey=pkey;
/* Set the algorithms */
if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
else
p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
if (p7i->digest_alg->parameter != NULL)
ASN1_TYPE_free(p7i->digest_alg->parameter);
if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
goto err;
p7i->digest_alg->parameter->type=V_ASN1_NULL;
p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
if (p7i->digest_enc_alg->parameter != NULL)
ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
else {
if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
goto err;
p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
}
return(1);
err:
return(0);
}
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
const EVP_MD *dgst)
{
int ret;
/* We now need to add another PKCS7_SIGNER_INFO entry */
if (!ASN1_INTEGER_set(p7i->version,1))
goto err;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
goto err;
/* because ASN1_INTEGER_set is used to set a 'long' we will do
* things the ugly way. */
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
goto err;
/* lets keep the pkey around for a while */
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
p7i->pkey=pkey;
/* Set the algorithms */
X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
V_ASN1_NULL, NULL);
if (pkey->ameth && pkey->ameth->pkey_ctrl)
{
ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
0, p7i);
if (ret > 0)
return 1;
if (ret != -2)
{
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
PKCS7_R_SIGNING_CTRL_FAILURE);
return 0;
}
}
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
err:
return 0;
}
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
ASN1_INTEGER_set(p7i->version,0);
X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509));
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
X509_ALGOR_free(p7i->key_enc_algor);
p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup((i2d_func_t)i2d_X509_ALGOR,
(char *(*)())d2i_X509_ALGOR,
(char *)x509->cert_info->key->algor);
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
p7i->cert=x509;
return(1);
}
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
if (!ASN1_INTEGER_set(p7i->version, 0))
return 0;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
return 0;
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
return 0;
X509_ALGOR_free(p7i->key_enc_algor);
if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor)))
return 0;
CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
p7i->cert = x509;
return (1);
}
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
return M_ASN1_INTEGER_dup(x);
}
ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
{ return M_ASN1_INTEGER_dup(x);}
int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
const EVP_MD *dgst)
{
int nid;
char is_dsa;
if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
is_dsa = 1;
else
is_dsa = 0;
/* We now need to add another PKCS7_SIGNER_INFO entry */
if (!ASN1_INTEGER_set(p7i->version, 1))
goto err;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
goto err;
/*
* because ASN1_INTEGER_set is used to set a 'long' we will do things the
* ugly way.
*/
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
if (!(p7i->issuer_and_serial->serial =
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
goto err;
/* lets keep the pkey around for a while */
CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
p7i->pkey = pkey;
/* Set the algorithms */
if (is_dsa)
p7i->digest_alg->algorithm = OBJ_nid2obj(NID_sha1);
else
p7i->digest_alg->algorithm = OBJ_nid2obj(EVP_MD_type(dgst));
if (p7i->digest_alg->parameter != NULL)
ASN1_TYPE_free(p7i->digest_alg->parameter);
if ((p7i->digest_alg->parameter = ASN1_TYPE_new()) == NULL)
goto err;
p7i->digest_alg->parameter->type = V_ASN1_NULL;
if (p7i->digest_enc_alg->parameter != NULL)
ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
nid = EVP_PKEY_type(pkey->type);
if (nid == EVP_PKEY_RSA) {
p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
goto err;
p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
} else if (nid == EVP_PKEY_DSA) {
#if 1
/*
* use 'dsaEncryption' OID for compatibility with other software
* (PKCS #7 v1.5 does specify how to handle DSA) ...
*/
p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsa);
#else
/*
* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for
* CMS) would make more sense.
*/
p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsaWithSHA1);
#endif
p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit
* 'parameter'! */
} else if (nid == EVP_PKEY_EC) {
p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1);
if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
goto err;
p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
} else
return (0);
return (1);
err:
return (0);
}