void openssl_pkcs7_sign() { int len; BIO *in; X509 *x; FILE *fp; PKCS7 *p7; X509_ALGOR *md; PKCS7_SIGNER_INFO *si; char name[MAX1_LEN], tmp[MAX1_LEN]; unsigned char *der, *p, buf[SHA_DIGEST_LENGTH] = "pkcs7 sign"; p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_data); ASN1_OCTET_STRING_set(p7->d.data, buf, SHA_DIGEST_LENGTH); len = i2d_PKCS7(p7, NULL); der = (unsigned char *)malloc(len); p = der; len = i2d_PKCS7(p7, &p); fp = fopen("/tmp/test.cer", "wb"); fwrite(der, 1, len, fp); fclose(fp); free(der); PKCS7_free(p7); p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_signed); p7->d.sign->cert = sk_X509_new_null(); in = BIO_new_file("/tmp/test.cer", "r"); x = PEM_read_bio_X509(in, NULL, NULL, NULL); sk_X509_push(p7->d.sign->cert, x); BIO_free(in); md = X509_ALGOR_new(); md->algorithm = OBJ_nid2obj(NID_md5); sk_X509_ALGOR_push(p7->d.sign->md_algs, md); si = PKCS7_SIGNER_INFO_new(); ASN1_INTEGER_set(si->version, 2); ASN1_INTEGER_set(si->issuer_and_serial->serial, 333); sk_PKCS7_SIGNER_INFO_push(p7->d.sign->signer_info, si); len = i2d_PKCS7(p7, NULL); der = (unsigned char *)malloc(len); p = der; len = i2d_PKCS7(p7, &p); fp = fopen("/tmp/test.cer", "wb"); fwrite(der, 1, len, fp); fclose(fp); free(der); fp = fopen("/tmp/test.cer", "rb"); len = fread(tmp, 1, MAX1_LEN, fp); fclose(fp); p = (unsigned char *)&tmp; d2i_PKCS7(&p7, (const unsigned char **)&p, len); OBJ_obj2txt(name, MAX1_LEN, p7->type, 0); PKCS7_free(p7); }
int main(){ PKCS7 *p7; int len; unsigned char *der,*p; FILE *fp; X509 *x; BIO *in; X509_ALGOR *md; PKCS7_SIGNER_INFO *si; p7=PKCS7_new(); PKCS7_set_type(p7,NID_pkcs7_signed); p7->d.sign->cert=sk_X509_new_null(); in=BIO_new_file("b64cert.cer","r"); x=PEM_read_bio_X509(in,NULL,NULL,NULL); sk_X509_push(p7->d.sign->cert,x); md=X509_ALGOR_new(); md->algorithm=OBJ_nid2obj(NID_md5); sk_X509_ALGOR_push(p7->d.sign->md_algs,md); si=PKCS7_SIGNER_INFO_new(); ASN1_INTEGER_set(si->version,2); ASN1_INTEGER_set(si->issuer_and_serial->serial,333); sk_PKCS7_SIGNER_INFO_push(p7->d.sign->signer_info,si); len=i2d_PKCS7(p7,NULL); der=(unsigned char *)malloc(len); p=der; len=i2d_PKCS7(p7,&p); fp=fopen("p7_sign.cer","wb"); fwrite(der,1,len,fp); fclose(fp); free(der); PKCS7_free(p7); return 0; }
void openssl_pkcs7_enveloped() { int len; FILE *fp; PKCS7 *p7; PKCS7_RECIP_INFO *inf; unsigned char *der, *p; const unsigned char edata[COMM_LEN] = "info...."; const unsigned char ekeys[COMM_LEN] = "key info...."; p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_enveloped); ASN1_INTEGER_set(p7->d.enveloped->version, 3); inf = PKCS7_RECIP_INFO_new(); ASN1_INTEGER_set(inf->version, 4); ASN1_INTEGER_set(inf->issuer_and_serial->serial, 888888); inf->key_enc_algor->algorithm = OBJ_nid2obj(NID_des_ede3_cbc); ASN1_OCTET_STRING_set(inf->enc_key, ekeys, 12); sk_PKCS7_RECIP_INFO_push(p7->d.enveloped->recipientinfo, inf); p7->d.enveloped->enc_data->algorithm->algorithm = OBJ_nid2obj(NID_des_ede3_cbc); p7->d.enveloped->enc_data->enc_data = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(p7->d.enveloped->enc_data->enc_data, edata, 8); len = i2d_PKCS7(p7, NULL); der = (unsigned char *)malloc(len); p = der; len = i2d_PKCS7(p7, &p); fp = fopen("/tmp/test.cer", "wb"); fwrite(der, 1, len, fp); fclose(fp); free(der); PKCS7_free(p7); p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped); len = i2d_PKCS7(p7, NULL); der = (unsigned char *)malloc(len); p = der; len = i2d_PKCS7(p7, &p); fp = fopen("/tmp/testEnv.cer", "wb"); fwrite(der, 1, len, fp); fclose(fp); PKCS7_free(p7); free(der); }
int PKCS7_set_type(PKCS7 *p7, int type) { ASN1_OBJECT *obj; PKCS7_content_free(p7); obj=OBJ_nid2obj(type); /* will not fail */ switch (type) { case NID_pkcs7_signed: p7->type=obj; if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.sign->version,1); break; case NID_pkcs7_data: p7->type=obj; if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) goto err; break; case NID_pkcs7_signedAndEnveloped: p7->type=obj; if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); break; case NID_pkcs7_enveloped: p7->type=obj; if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.enveloped->version,0); break; case NID_pkcs7_encrypted: p7->type=obj; if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.encrypted->version,0); break; case NID_pkcs7_digest: default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } return(1); err: return(0); }
int X509_REQ_set_version(X509_REQ *x, long version) { if (x == NULL) return (0); x->req_info.enc.modified = 1; return (ASN1_INTEGER_set(x->req_info.version, version)); }
PKCS12 * PKCS12_init(int mode) { PKCS12 *pkcs12; if (!(pkcs12 = PKCS12_new())) { PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); return NULL; } ASN1_INTEGER_set(pkcs12->version, 3); pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: if (!(pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new())) { PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); goto err; } break; default: PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE); goto err; } return pkcs12; err: if (pkcs12 != NULL) PKCS12_free(pkcs12); return NULL; }
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, int ptype, void *pval, unsigned char *penc, int penclen) { unsigned char **ppenc = NULL; if (version >= 0) { if (!ASN1_INTEGER_set(priv->version, version)) return 0; } if (penc) { int pmtype; ASN1_OCTET_STRING *oct; oct = ASN1_OCTET_STRING_new(); if (!oct) return 0; oct->data = penc; ppenc = &oct->data; oct->length = penclen; if (priv->broken == PKCS8_NO_OCTET) pmtype = V_ASN1_SEQUENCE; else pmtype = V_ASN1_OCTET_STRING; ASN1_TYPE_set(priv->pkey, pmtype, oct); } if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) { /* If call fails do not swallow 'enc' */ if (ppenc) *ppenc = NULL; return 0; } return 1; }
/* * Copy the serial number from src certificate to dst certificate * and modify it by a random offset. * If reading the serial fails for some reason, generate a new * random serial and store it in the dst certificate. * Using the same serial is not a good idea since some SSL stacks * check for duplicate certificate serials. * Returns 0 on success, -1 on error. */ int ssl_x509_serial_copyrand(X509 *dstcrt, X509 *srccrt) { ASN1_INTEGER *srcptr, *dstptr; BIGNUM *bnserial; unsigned int rand; int rv; #ifndef PURIFY rv = ssl_rand(&rand, sizeof(rand)); #else /* PURIFY */ rand = 0xF001; rv = 0; #endif /* PURIFY */ dstptr = X509_get_serialNumber(dstcrt); srcptr = X509_get_serialNumber(srccrt); if ((rv == -1) || !dstptr || !srcptr) return -1; bnserial = ASN1_INTEGER_to_BN(srcptr, NULL); if (!bnserial) { /* random 32-bit serial */ ASN1_INTEGER_set(dstptr, rand); } else { /* original serial plus random 32-bit offset */ BN_add_word(bnserial, rand); BN_to_ASN1_INTEGER(bnserial, dstptr); BN_free(bnserial); } return 0; }
int main(){ PKCS7 *p7; int ret,len; char *der,*p; FILE *fp; p7 = PKCS7_new(); ret=PKCS7_set_type(p7,NID_pkcs7_encrypted); ASN1_INTEGER_set(p7->d.encrypted->version,3); p7->d.encrypted->enc_data->algorithm->algorithm=OBJ_nid2obj(NID_des_ede3_cbc); p7->d.encrypted->enc_data->enc_data=ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(p7->d.encrypted->enc_data->enc_data,(const unsigned char *)"3434",4); len=i2d_PKCS7(p7,NULL); der=(char *)malloc(len); p=der; len=i2d_PKCS7(p7,(unsigned char **)&p); fp=fopen("p7_enc.cer","wb"); fwrite(der,1,len,fp); fclose(fp); PKCS7_free(p7); free(der); return 0; }
sqbind::SQINT COsslCert::Create( COsslKey *x_pKey, sqbind::SQINT x_nSerialNumber, sqbind::SQINT x_nSecondsValid ) {_STT(); // Lose old cert Destroy(); if ( !x_pKey || ! x_pKey->getPublicKeyPtr() ) return 0; m_pX509 = X509_new(); if ( !m_pX509 ) return 0; // Set certificate version X509_set_version( m_pX509, 2 ); ASN1_INTEGER_set( X509_get_serialNumber( m_pX509 ), x_nSerialNumber ); X509_gmtime_adj( X509_get_notBefore( m_pX509 ), 0 ); X509_gmtime_adj( X509_get_notAfter( m_pX509 ), x_nSecondsValid ); X509_set_pubkey( m_pX509, x_pKey->getPublicKeyPtr() ); return 1; }
X509_EXTENSION* AuthorityKeyIdentifierExtension::getX509Extension() { X509_EXTENSION *ret; AUTHORITY_KEYID *authKeyId; ByteArray temp; authKeyId = AUTHORITY_KEYID_new(); if (this->keyIdentifier.size() > 0) { authKeyId->keyid = ASN1_OCTET_STRING_new(); temp = this->keyIdentifier; ASN1_OCTET_STRING_set(authKeyId->keyid, temp.getDataPointer(), temp.size()); } if (this->authorityCertIssuer.getNumberOfEntries() > 0) { authKeyId->issuer = this->authorityCertIssuer.getInternalGeneralNames(); } if (this->serialNumber >= 0) { authKeyId->serial = ASN1_INTEGER_new(); ASN1_INTEGER_set(authKeyId->serial, this->serialNumber); } ret = X509V3_EXT_i2d(NID_authority_key_identifier, this->critical?1:0, (void *)authKeyId); AUTHORITY_KEYID_free(authKeyId); return ret; }
RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd, const EVP_MD *mgf1md, int saltlen) { RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); if (pss == NULL) goto err; if (saltlen != 20) { pss->saltLength = ASN1_INTEGER_new(); if (pss->saltLength == NULL) goto err; if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) goto err; } if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd)) goto err; if (mgf1md == NULL) mgf1md = sigmd; if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) goto err; if (!rsa_md_to_algor(&pss->maskHash, mgf1md)) goto err; return pss; err: RSA_PSS_PARAMS_free(pss); return NULL; }
void AuthorityCertificateManager::getCertificateForTarget(boost::asio::ip::tcp::endpoint &endpoint, bool wildcardOK, X509 *serverCertificate, Certificate **cert, std::list<Certificate*> **chainList) { X509_NAME *serverName = X509_get_subject_name(serverCertificate); X509_NAME *issuerName = X509_get_subject_name(authority->getCert()); X509 *request = X509_new(); X509_set_version(request, 3); X509_set_subject_name(request, serverName); X509_set_issuer_name(request, issuerName); ASN1_INTEGER_set(X509_get_serialNumber(request), generateRandomSerial()); X509_gmtime_adj(X509_get_notBefore(request), -365); X509_gmtime_adj(X509_get_notAfter(request), (long)60*60*24*365); X509_set_pubkey(request, this->leafPair); X509_sign(request, authority->getKey(), EVP_sha1()); Certificate *leaf = new Certificate(); leaf->setCert(request); leaf->setKey(this->leafPair); *cert = leaf; *chainList = &(this->chainList); // *chain = this->authority; }
/* creates a self-signed certificate for a key */ X509 * ship_create_selfsigned_cert(char *subject, int ttl, RSA* signer_key) { X509 *x = 0, *ret = 0; X509_NAME *tmp = 0; EVP_PKEY *pr_key = 0; ASSERT_TRUE(x = X509_new(), err); ASSERT_TRUE(pr_key = EVP_PKEY_new(), err); ASSERT_TRUE(EVP_PKEY_set1_RSA(pr_key, signer_key), err); ASSERT_TRUE(X509_set_version(x, 2), err); /* version 3 certificate */ ASN1_INTEGER_set(X509_get_serialNumber(x), 0); ASSERT_TRUE(X509_gmtime_adj(X509_get_notBefore(x), 0), err); ASSERT_TRUE(X509_gmtime_adj(X509_get_notAfter(x), (long)ttl), err); ASSERT_TRUE(tmp = X509_get_subject_name(x), err); ASSERT_TRUE(X509_NAME_add_entry_by_txt(tmp, "CN", MBSTRING_ASC, (unsigned char*)subject, -1, -1, 0), err); ASSERT_TRUE(X509_set_subject_name(x, tmp), err); ASSERT_TRUE(X509_set_pubkey(x, pr_key), err); ASSERT_TRUE(X509_sign(x, pr_key, EVP_sha1()), err); ret = x; x = NULL; err: if (x) X509_free(x); if (pr_key) EVP_PKEY_free(pr_key); return ret; }
int main(int argc, char const *argv[]) { /* code */ long value; int ret, len, i; unsigned char *buf = NULL; unsigned char *p; ASN1_INTEGER *a = ASN1_INTEGER_new(); ret = ASN1_INTEGER_set(a, 100); len = i2d_ASN1_INTEGER(a, NULL); p = buf = malloc(sizeof(unsigned char) * len); len = i2d_ASN1_INTEGER(a, &buf); for( i = 0; i < len; i++) { //printf("%0x\t", p[i]); printf("%0x\t", buf[i]); } printf("\n"); a= d2i_ASN1_INTEGER(&a, &p, len); value = ASN1_INTEGER_get(a); printf("value = %d\n", value); ASN1_INTEGER_free(a); return 0; }
/* rsa_ctx_to_pss converts EVP_PKEY_CTX in PSS mode into corresponding * algorithm parameter, suitable for setting as an AlgorithmIdentifier. */ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) { const EVP_MD *sigmd, *mgf1md; RSA_PSS_PARAMS *pss = NULL; ASN1_STRING *os = NULL; EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); int saltlen, rv = 0; if (!EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) || !EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) || !EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) { goto err; } if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); } else if (saltlen == -2) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) { saltlen--; } } else { goto err; } pss = RSA_PSS_PARAMS_new(); if (!pss) { goto err; } if (saltlen != 20) { pss->saltLength = ASN1_INTEGER_new(); if (!pss->saltLength || !ASN1_INTEGER_set(pss->saltLength, saltlen)) { goto err; } } if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) || !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) { goto err; } /* Finally create string with pss parameter encoding. */ if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) { goto err; } rv = 1; err: if (pss) { RSA_PSS_PARAMS_free(pss); } if (rv) { return os; } if (os) { ASN1_STRING_free(os); } return NULL; }
int X509_REQ_set_version(X509_REQ *x, long version) { if (x == NULL) return (0); return (ASN1_INTEGER_set(x->req_info->version, version)); }
/* Set up a mac structure */ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; if (iter > 1) { if(!(p12->mac->iter = M_ASN1_INTEGER_new())) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } } if (!saltlen) saltlen = PKCS12_SALT_LEN; p12->mac->salt->length = saltlen; if (!(p12->mac->salt->data = malloc (saltlen))) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } if (!salt) { if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0) return 0; } else memcpy (p12->mac->salt->data, salt, saltlen); p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; return 1; }
void openssl_pkcs7_encrypt() { BIO *b; int len; FILE *fp; PKCS7 *p7; unsigned char *der, *p; const unsigned char edata[COMM_LEN] = "pkcs7 encrypt"; p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_encrypted); ASN1_INTEGER_set(p7->d.encrypted->version, 3); p7->d.encrypted->enc_data->algorithm->algorithm = OBJ_nid2obj(NID_des_ede3_cbc); p7->d.encrypted->enc_data->enc_data = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(p7->d.encrypted->enc_data->enc_data, edata, 14); len = i2d_PKCS7(p7, NULL); der = (unsigned char *)malloc(len); p = der; len = i2d_PKCS7(p7, &p); fp = fopen("/tmp/test.cer", "wb"); fwrite(der, 1, len, fp); fclose(fp); PKCS7_free(p7); free(der); b = BIO_new_file("/tmp/test.pem", "r"); p7 = PEM_read_bio_PKCS7(b, NULL, NULL, NULL); BIO_free(b); PKCS7_free(p7); }
int X509_CRL_set_version(X509_CRL *x, long version) { if (x == NULL) return(0); if (x->crl->version == NULL) { if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL) return(0); } return(ASN1_INTEGER_set(x->crl->version,version)); }
X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen) { PBEPARAM *pbe=NULL; ASN1_OBJECT *al; X509_ALGOR *algor; ASN1_TYPE *astype=NULL; if (!(pbe = PBEPARAM_new ())) { ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); goto err; } if(iter <= 0) iter = PKCS5_DEFAULT_ITER; if (!ASN1_INTEGER_set(pbe->iter, iter)) { ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); goto err; } if (!saltlen) saltlen = PKCS5_SALT_LEN; if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); goto err; } pbe->salt->length = saltlen; if (salt) memcpy (pbe->salt->data, salt, saltlen); else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) goto err; if (!(astype = ASN1_TYPE_new())) { ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); goto err; } astype->type = V_ASN1_SEQUENCE; if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, &astype->value.sequence)) { ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); goto err; } PBEPARAM_free (pbe); pbe = NULL; al = OBJ_nid2obj(alg); /* never need to free al */ if (!(algor = X509_ALGOR_new())) { ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); goto err; } ASN1_OBJECT_free(algor->algorithm); algor->algorithm = al; algor->parameter = astype; return (algor); err: if (pbe != NULL) PBEPARAM_free(pbe); if (astype != NULL) ASN1_TYPE_free(astype); return NULL; }
int X509_CRL_set_version(X509_CRL *x, long version) { if (x == NULL || x->crl == NULL) return 0; if (x->crl->version == NULL) { x->crl->version = M_ASN1_INTEGER_new(); if (x->crl->version == NULL) return 0; } return ASN1_INTEGER_set(x->crl->version, version); }
static X509 *X509_REQ_to_X509_ex(X509_REQ *r, int days, EVP_PKEY *pkey, const EVP_MD* md) { X509 *ret = NULL; X509_CINF *xi = NULL; X509_NAME *xn; EVP_PKEY *pubkey = NULL; int res; if ((ret = X509_new()) == NULL) { X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); return NULL; } /* duplicate the request */ xi = ret->cert_info; if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { if ((xi->version = M_ASN1_INTEGER_new()) == NULL) goto err; if (!ASN1_INTEGER_set(xi->version, 2)) goto err; /*- xi->extensions=ri->attributes; <- bad, should not ever be done ri->attributes=NULL; */ } xn = X509_REQ_get_subject_name(r); if (X509_set_subject_name(ret, xn) == 0) goto err; if (X509_set_issuer_name(ret, xn) == 0) goto err; if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) goto err; if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) == NULL) goto err; pubkey = X509_REQ_get_pubkey(r); res = X509_set_pubkey(ret, pubkey); EVP_PKEY_free(pubkey); if (!md) goto err; if (!res || !X509_sign(ret, pkey, md)) goto err; if (0) { err: X509_free(ret); ret = NULL; } return (ret); }
int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) { const EVP_MD *sigmd, *mgf1md; int saltlen; if (!EVP_PKEY_CTX_get_signature_md(ctx->pctx, &sigmd) || !EVP_PKEY_CTX_get_rsa_mgf1_md(ctx->pctx, &mgf1md) || !EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx->pctx, &saltlen)) { return 0; } EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx->pctx); if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); } else if (saltlen == -2) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) { saltlen--; } } else { return 0; } int ret = 0; ASN1_STRING *os = NULL; RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); if (!pss) { goto err; } if (saltlen != 20) { pss->saltLength = ASN1_INTEGER_new(); if (!pss->saltLength || !ASN1_INTEGER_set(pss->saltLength, saltlen)) { goto err; } } if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) || !rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) { goto err; } /* Finally create string with pss parameter encoding. */ if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) { goto err; } X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); os = NULL; ret = 1; err: RSA_PSS_PARAMS_free(pss); ASN1_STRING_free(os); return ret; }
int X509_set_version(X509 *x, long version) { if (x == NULL) return (0); if (x->cert_info->version == NULL) { if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL) return (0); } return (ASN1_INTEGER_set(x->cert_info->version, version)); }
static void mkcert(std::shared_ptr<X509> &cert, std::shared_ptr<EVP_PKEY> &pkey, int bits, int serial, int days) { RSA *rsa; X509_NAME *name=NULL; pkey.reset(EVP_PKEY_new(), &EVP_PKEY_free); if (!pkey) throw std::bad_alloc(); cert.reset(X509_new(), &X509_free); if (!cert) throw std::bad_alloc(); rsa = RSA_generate_key(bits,RSA_F4,NULL,NULL); MORDOR_VERIFY(EVP_PKEY_assign_RSA(pkey.get(),rsa)); X509_set_version(cert.get(),2); ASN1_INTEGER_set(X509_get_serialNumber(cert.get()),serial); X509_gmtime_adj(X509_get_notBefore(cert.get()),0); X509_gmtime_adj(X509_get_notAfter(cert.get()),(long)60*60*24*days); X509_set_pubkey(cert.get(),pkey.get()); name=X509_get_subject_name(cert.get()); /* This function creates and adds the entry, working out the * correct string type and performing checks on its length. * Normally we'd check the return value for errors... */ X509_NAME_add_entry_by_txt(name,"C", MBSTRING_ASC, (const unsigned char *)"United States", -1, -1, 0); X509_NAME_add_entry_by_txt(name,"CN", MBSTRING_ASC, (const unsigned char *)"Mordor Default Self-signed Certificate", -1, -1, 0); /* Its self signed so set the issuer name to be the same as the * subject. */ X509_set_issuer_name(cert.get(),name); /* Add various extensions: standard extensions */ add_ext(cert.get(), NID_basic_constraints, "critical,CA:TRUE"); add_ext(cert.get(), NID_key_usage, "critical,keyCertSign,cRLSign"); add_ext(cert.get(), NID_subject_key_identifier, "hash"); /* Some Netscape specific extensions */ add_ext(cert.get(), NID_netscape_cert_type, "sslCA"); MORDOR_VERIFY(X509_sign(cert.get(),pkey.get(),EVP_md5())); }
static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) { ASN1_INTEGER *serial = ASN1_INTEGER_new(); if (!serial) goto err; if (!ASN1_INTEGER_set(serial, 1)) goto err; return serial; err: TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number generation."); return NULL; }
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, const unsigned char *salt, int saltlen) { PBEPARAM *pbe=NULL; ASN1_STRING *pbe_str=NULL; unsigned char *sstr; pbe = PBEPARAM_new(); if (!pbe) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; } if(iter <= 0) iter = PKCS5_DEFAULT_ITER; if (!ASN1_INTEGER_set(pbe->iter, iter)) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; } if (!saltlen) saltlen = PKCS5_SALT_LEN; if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; } sstr = ASN1_STRING_data(pbe->salt); if (salt) TINYCLR_SSL_MEMCPY(sstr, salt, saltlen); else if (RAND_pseudo_bytes(sstr, saltlen) < 0) goto err; if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); goto err; } PBEPARAM_free(pbe); pbe = NULL; if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) return 1; err: if (pbe != NULL) PBEPARAM_free(pbe); if (pbe_str != NULL) ASN1_STRING_free(pbe_str); return 0; }
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, const unsigned char *salt, int saltlen) { PBEPARAM *pbe=NULL; ASN1_STRING *pbe_str=NULL; unsigned char *sstr; pbe = PBEPARAM_new(); if (!pbe) { OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); goto err; } if(iter <= 0) iter = PKCS5_DEFAULT_ITERATIONS; if (!ASN1_INTEGER_set(pbe->iter, iter)) { OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); goto err; } if (!saltlen) saltlen = PKCS5_SALT_LEN; if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); goto err; } sstr = ASN1_STRING_data(pbe->salt); if (salt) memcpy(sstr, salt, saltlen); else if (!RAND_bytes(sstr, saltlen)) goto err; if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { OPENSSL_PUT_ERROR(PKCS8, PKCS5_pbe_set0_algor, ERR_R_MALLOC_FAILURE); goto err; } PBEPARAM_free(pbe); pbe = NULL; if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) return 1; err: if (pbe != NULL) PBEPARAM_free(pbe); if (pbe_str != NULL) ASN1_STRING_free(pbe_str); return 0; }
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, const unsigned char *salt, int saltlen) { PBEPARAM *pbe = NULL; ASN1_STRING *pbe_str = NULL; unsigned char *sstr = NULL; pbe = PBEPARAM_new(); if (pbe == NULL) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); goto err; } if (iter <= 0) iter = PKCS5_DEFAULT_ITER; if (!ASN1_INTEGER_set(pbe->iter, iter)) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); goto err; } if (!saltlen) saltlen = PKCS5_SALT_LEN; sstr = OPENSSL_malloc(saltlen); if (sstr == NULL) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); goto err; } if (salt) memcpy(sstr, salt, saltlen); else if (RAND_bytes(sstr, saltlen) <= 0) goto err; ASN1_STRING_set0(pbe->salt, sstr, saltlen); sstr = NULL; if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); goto err; } PBEPARAM_free(pbe); pbe = NULL; if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) return 1; err: OPENSSL_free(sstr); PBEPARAM_free(pbe); ASN1_STRING_free(pbe_str); return 0; }