Пример #1
0
OCSP_CERTID *OCSP_cert_id_new (const EVP_MD * dgst,
                               X509_NAME * issuerName, ASN1_BIT_STRING * issuerKey, ASN1_INTEGER * serialNumber)
{
    int nid;

    unsigned int i;

    X509_ALGOR *alg;

    OCSP_CERTID *cid = NULL;

    unsigned char md[EVP_MAX_MD_SIZE];

    if (!(cid = OCSP_CERTID_new ()))
        goto err;

    alg = cid->hashAlgorithm;
    if (alg->algorithm != NULL)
        ASN1_OBJECT_free (alg->algorithm);
    if ((nid = EVP_MD_type (dgst)) == NID_undef)
    {
        OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
        goto err;
    }
    if (!(alg->algorithm = OBJ_nid2obj (nid)))
        goto err;
    if ((alg->parameter = ASN1_TYPE_new ()) == NULL)
        goto err;
    alg->parameter->type = V_ASN1_NULL;

    if (!X509_NAME_digest (issuerName, dgst, md, &i))
        goto digerr;
    if (!(ASN1_OCTET_STRING_set (cid->issuerNameHash, md, i)))
        goto err;

    /* Calculate the issuerKey hash, excluding tag and length */
    if (!EVP_Digest (issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
        goto err;

    if (!(ASN1_OCTET_STRING_set (cid->issuerKeyHash, md, i)))
        goto err;

    if (serialNumber)
    {
        ASN1_INTEGER_free (cid->serialNumber);
        if (!(cid->serialNumber = ASN1_INTEGER_dup (serialNumber)))
            goto err;
    }
    return cid;
  digerr:
    OCSPerr (OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
  err:
    if (cid)
        OCSP_CERTID_free (cid);
    return NULL;
}
Пример #2
0
int
gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params)
{
	int len = 0;
	unsigned char *buf = NULL;
	unsigned char *p = NULL;
	EVP_GOST2814789_CTX *c = ctx->cipher_data;
	ASN1_OCTET_STRING *os = NULL;
	GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();

	if (gcp == NULL) {
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) {
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
		return 0;
	}
	ASN1_OBJECT_free(gcp->enc_param_set);
	gcp->enc_param_set = OBJ_nid2obj(c->param_nid);

	len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
	p = buf = malloc(len);
	if (buf == NULL) {
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	i2d_GOST_CIPHER_PARAMS(gcp, &p);
	GOST_CIPHER_PARAMS_free(gcp);

	os = ASN1_OCTET_STRING_new();
	if (os == NULL) {
		free(buf);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS,
		    ERR_R_MALLOC_FAILURE);
		return 0;
	}
	if (ASN1_OCTET_STRING_set(os, buf, len) == 0) {
		ASN1_OCTET_STRING_free(os);
		free(buf);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, ERR_R_ASN1_LIB);
		return 0;
	}
	free(buf);

	ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
	return 1;
}
Пример #3
0
void openssl_pkcs7_enveloped()
{
	int len;
	FILE *fp;
	PKCS7 *p7;
	PKCS7_RECIP_INFO *inf;
	unsigned char *der, *p;
	const unsigned char edata[COMM_LEN] = "info....";
	const unsigned char ekeys[COMM_LEN] = "key info....";

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_enveloped);
	ASN1_INTEGER_set(p7->d.enveloped->version, 3);

	inf = PKCS7_RECIP_INFO_new();
	ASN1_INTEGER_set(inf->version, 4);
	ASN1_INTEGER_set(inf->issuer_and_serial->serial, 888888);
	inf->key_enc_algor->algorithm = OBJ_nid2obj(NID_des_ede3_cbc);
	ASN1_OCTET_STRING_set(inf->enc_key, ekeys, 12);
	sk_PKCS7_RECIP_INFO_push(p7->d.enveloped->recipientinfo, inf);

	p7->d.enveloped->enc_data->algorithm->algorithm =
		OBJ_nid2obj(NID_des_ede3_cbc);
	p7->d.enveloped->enc_data->enc_data = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(p7->d.enveloped->enc_data->enc_data, edata, 8);

	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);

	free(der);
	PKCS7_free(p7);

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped);
	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/testEnv.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);

	PKCS7_free(p7);
	free(der);
}
Пример #4
0
static void *
d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
{
	ASN1_OCTET_STRING *os, **pos;

	pos = a;
	if (pos == NULL || *pos == NULL) {
		os = ASN1_OCTET_STRING_new();
		if (os == NULL)
			goto err;
	} else
		os = *pos;
	if (ASN1_OCTET_STRING_set(os, *pp, length) == 0)
		goto err;

	*pp += length;

	if (pos != NULL)
		*pos = os;
	return os;

err:
	if (pos == NULL || *pos != os)
		ASN1_OCTET_STRING_free(os);
	OCSPerror(ERR_R_MALLOC_FAILURE);
	return NULL;
}
Пример #5
0
void openssl_pkcs7_encrypt()
{
	BIO *b;
	int len;
	FILE *fp;
	PKCS7 *p7;
	unsigned char *der, *p;
	const unsigned char edata[COMM_LEN] = "pkcs7 encrypt";

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_encrypted);
	ASN1_INTEGER_set(p7->d.encrypted->version, 3);
	p7->d.encrypted->enc_data->algorithm->algorithm =
		OBJ_nid2obj(NID_des_ede3_cbc);
	p7->d.encrypted->enc_data->enc_data = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(p7->d.encrypted->enc_data->enc_data, edata, 14);
	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);

	PKCS7_free(p7);
	free(der);

	b = BIO_new_file("/tmp/test.pem", "r");
	p7 = PEM_read_bio_PKCS7(b, NULL, NULL, NULL);
	BIO_free(b);
	PKCS7_free(p7);
}
Пример #6
0
void openssl_pkcs7_sign()
{
	int len;
	BIO *in;
	X509 *x;
	FILE *fp;
	PKCS7 *p7;
	X509_ALGOR *md;
	PKCS7_SIGNER_INFO *si;
	char name[MAX1_LEN], tmp[MAX1_LEN];
	unsigned char *der, *p, buf[SHA_DIGEST_LENGTH] = "pkcs7 sign";

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_data);
	ASN1_OCTET_STRING_set(p7->d.data, buf, SHA_DIGEST_LENGTH);
	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);
	free(der);
	PKCS7_free(p7);

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_signed);
	p7->d.sign->cert = sk_X509_new_null();
	in = BIO_new_file("/tmp/test.cer", "r");
	x = PEM_read_bio_X509(in, NULL, NULL, NULL);
	sk_X509_push(p7->d.sign->cert, x);
	BIO_free(in);

	md = X509_ALGOR_new();
	md->algorithm = OBJ_nid2obj(NID_md5);
	sk_X509_ALGOR_push(p7->d.sign->md_algs, md);

	si = PKCS7_SIGNER_INFO_new();
	ASN1_INTEGER_set(si->version, 2);
	ASN1_INTEGER_set(si->issuer_and_serial->serial, 333);
	sk_PKCS7_SIGNER_INFO_push(p7->d.sign->signer_info, si);

	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);
	free(der);

	fp = fopen("/tmp/test.cer", "rb");
	len = fread(tmp, 1, MAX1_LEN, fp);
	fclose(fp);
	p = (unsigned char *)&tmp;
	d2i_PKCS7(&p7, (const unsigned char **)&p, len);
	OBJ_obj2txt(name, MAX1_LEN, p7->type, 0);

	PKCS7_free(p7);
}
Пример #7
0
static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
{
    const EVP_MD *md, *mgf1md;
    RSA_OAEP_PARAMS *oaep = NULL;
    ASN1_STRING *os = NULL;
    X509_ALGOR *alg;
    EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
    int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
    unsigned char *label;
    CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg);
    if (pkctx) {
        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
            return 0;
    }
    if (pad_mode == RSA_PKCS1_PADDING) {
        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
        return 1;
    }
    /* Not supported */
    if (pad_mode != RSA_PKCS1_OAEP_PADDING)
        return 0;
    if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
        goto err;
    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
        goto err;
    labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
    if (labellen < 0)
        goto err;
    oaep = RSA_OAEP_PARAMS_new();
    if (oaep == NULL)
        goto err;
    if (!rsa_md_to_algor(&oaep->hashFunc, md))
        goto err;
    if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
        goto err;
    if (labellen > 0) {
        ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new();
        oaep->pSourceFunc = X509_ALGOR_new();
        if (oaep->pSourceFunc == NULL)
            goto err;
        if (los == NULL)
            goto err;
        if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
            ASN1_OCTET_STRING_free(los);
            goto err;
        }
        X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
                        V_ASN1_OCTET_STRING, los);
    }
    /* create string with pss parameter encoding. */
    if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
         goto err;
    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
    os = NULL;
    rv = 1;
 err:
    RSA_OAEP_PARAMS_free(oaep);
    ASN1_STRING_free(os);
    return rv;
}
Пример #8
0
static void *
d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
{
	ASN1_OCTET_STRING *os, **pos;

	pos = a;
	if (!pos || !*pos)
		os = ASN1_OCTET_STRING_new();
	else
		os = *pos;
	if (!ASN1_OCTET_STRING_set(os, *pp, length))
		goto err;

	*pp += length;

	if (pos)
		*pos = os;
	return os;

err:
	if (os && (!pos || (*pos != os)))
		M_ASN1_OCTET_STRING_free(os);
	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
	return NULL;
}
Пример #9
0
/**
 * @ingroup proxypolicy
 *
 * Sets the policy of the PROXYPOLICY
 *
 * @param proxypolicy the proxy policy to set the policy of
 * @param policy the policy to set it to
 * @param length the length of the policy
 *
 * @return 1 on success, 0 on error
 */
int PROXYPOLICY_set_policy(
    PROXYPOLICY *                       proxypolicy,
    unsigned char *                     policy,
    int                                 length)
{
    if(policy != NULL)
    {
        unsigned char *                 copy = malloc(length);
        memcpy(copy, policy, length);

        if(!proxypolicy->policy)
        {
            proxypolicy->policy = ASN1_OCTET_STRING_new();
        }
        
        ASN1_OCTET_STRING_set(proxypolicy->policy, copy, length);

    }
    else
    {
        if(proxypolicy->policy)
        {
            ASN1_OCTET_STRING_free(proxypolicy->policy);
        }
    }

    return 1;
}
Пример #10
0
static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
    EVP_PKEY *pk;
    ASN1_OCTET_STRING *key;
    switch (type) {

    case EVP_PKEY_CTRL_SET_MAC_KEY:
        if ((!p2 && p1 > 0) || (p1 < -1))
            return 0;
        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
            return 0;
        break;

    case EVP_PKEY_CTRL_MD:
        hctx->md = p2;
        break;

    case EVP_PKEY_CTRL_DIGESTINIT:
        pk = EVP_PKEY_CTX_get0_pkey(ctx);
        key = EVP_PKEY_get0(pk);
        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
            return 0;
        break;

    default:
        return -2;

    }
    return 1;
}
static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
	{
	HMAC_PKEY_CTX *hctx = (HMAC_PKEY_CTX *)ctx->data;
	ASN1_OCTET_STRING *key;
	switch (type)
		{

		case EVP_PKEY_CTRL_SET_MAC_KEY:
		if ((!p2 && p1 > 0) || (p1 < -1))
			return 0;
		if (!ASN1_OCTET_STRING_set(&hctx->ktmp, (const unsigned char*)p2, p1))
			return 0;
		break;

		case EVP_PKEY_CTRL_MD:
		hctx->md = (const EVP_MD*)p2;
		break;

		case EVP_PKEY_CTRL_DIGESTINIT:
		key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
		HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
				ctx->engine);
		break;

		default:
		return -2;

		}
	return 1;
	}
Пример #12
0
int main(){
	PKCS7 *p7;
	int ret,len;
	char *der,*p;
	FILE *fp;


	p7 = PKCS7_new();
	ret=PKCS7_set_type(p7,NID_pkcs7_encrypted);
	ASN1_INTEGER_set(p7->d.encrypted->version,3);
	p7->d.encrypted->enc_data->algorithm->algorithm=OBJ_nid2obj(NID_des_ede3_cbc);
	p7->d.encrypted->enc_data->enc_data=ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(p7->d.encrypted->enc_data->enc_data,(const
				unsigned char *)"3434",4);
	len=i2d_PKCS7(p7,NULL);
	der=(char *)malloc(len);
	p=der;
	len=i2d_PKCS7(p7,(unsigned char **)&p);
	fp=fopen("p7_enc.cer","wb");
	fwrite(der,1,len,fp);
	fclose(fp);
	PKCS7_free(p7);
	free(der);
	return 0;
}
Пример #13
0
static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
  HMAC_PKEY_CTX *hctx = ctx->data;
  ASN1_OCTET_STRING *key;

  switch (type) {
    case EVP_PKEY_CTRL_SET_MAC_KEY:
      if ((!p2 && p1 > 0) || (p1 < -1)) {
        return 0;
      }
      if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) {
        return 0;
      }
      break;

    case EVP_PKEY_CTRL_MD:
      hctx->md = p2;
      break;

    case EVP_PKEY_CTRL_DIGESTINIT:
      key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
      if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
                        ctx->engine)) {
        return 0;
      }
      break;

    default:
      OPENSSL_PUT_ERROR(EVP, pkey_hmac_ctrl, EVP_R_COMMAND_NOT_SUPPORTED);
      return 0;
  }
  return 1;
}
X509_EXTENSION* AuthorityKeyIdentifierExtension::getX509Extension()
{
    X509_EXTENSION *ret;
    AUTHORITY_KEYID *authKeyId;
    ByteArray temp;
    authKeyId = AUTHORITY_KEYID_new();
    if (this->keyIdentifier.size() > 0)
    {
        authKeyId->keyid = ASN1_OCTET_STRING_new();
        temp = this->keyIdentifier;
        ASN1_OCTET_STRING_set(authKeyId->keyid, temp.getDataPointer(), temp.size());
    }
    if (this->authorityCertIssuer.getNumberOfEntries() > 0)
    {
        authKeyId->issuer = this->authorityCertIssuer.getInternalGeneralNames();
    }
    if (this->serialNumber >= 0)
    {
        authKeyId->serial = ASN1_INTEGER_new();
        ASN1_INTEGER_set(authKeyId->serial, this->serialNumber);
    }
    ret = X509V3_EXT_i2d(NID_authority_key_identifier, this->critical?1:0, (void *)authKeyId);
    AUTHORITY_KEYID_free(authKeyId);
    return ret;
}
Пример #15
0
/* Set cipher parameters from ASN1 structure */
int gost89_set_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
	{
	int len=0;
	unsigned char *buf=NULL;
	unsigned char *p=NULL;
	struct ossl_gost_cipher_ctx *c = ctx->cipher_data;
	GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new();
	ASN1_OCTET_STRING *os = NULL;
	if (!gcp)
		{
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
		return 0;
		}
	if (!ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len))
		{
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
		return 0;
		}
	ASN1_OBJECT_free(gcp->enc_param_set);
	gcp->enc_param_set = OBJ_nid2obj(c->paramNID);

	len = i2d_GOST_CIPHER_PARAMS(gcp, NULL);
	p = buf = (unsigned char*)OPENSSL_malloc(len);
	if (!buf)
		{
		GOST_CIPHER_PARAMS_free(gcp);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
		return 0;
		}
	i2d_GOST_CIPHER_PARAMS(gcp, &p);
	GOST_CIPHER_PARAMS_free(gcp);

	os = ASN1_OCTET_STRING_new();

	if(!os || !ASN1_OCTET_STRING_set(os, buf, len))
		{
		OPENSSL_free(buf);
		GOSTerr(GOST_F_GOST89_SET_ASN1_PARAMETERS, GOST_R_NO_MEMORY);
		return 0;
		}
	OPENSSL_free(buf);

	ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os);
	return 1;
	}
Пример #16
0
static int old_hmac_decode(EVP_PKEY *pkey,
					const unsigned char **pder, int derlen)
	{
	ASN1_OCTET_STRING *os;
	os = ASN1_OCTET_STRING_new();
	if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
		return 0;
	EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os);
	return 1;
	}
Пример #17
0
X509_EXTENSION* Extension::getX509Extension()
{
	X509_EXTENSION *ret;
	ByteArray data;
	ret = X509_EXTENSION_new();
	ret->object = OBJ_dup(this->objectIdentifier.getObjectIdentifier());
	ret->critical = this->critical?1:0;
	ret->value = ASN1_OCTET_STRING_new();
	data = this->value;
	ASN1_OCTET_STRING_set(ret->value, data.getDataPointer(), this->value.size());
	return ret;
}
Пример #18
0
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx, char *str)
{
    ASN1_OCTET_STRING *oct;
    X509_PUBKEY *pubkey;
    const unsigned char *pk;
    int pklen;
    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
    unsigned int diglen;

    if (strcmp(str, "hash"))
        return s2i_ASN1_OCTET_STRING(method, ctx, str);

    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    if (ctx && (ctx->flags == CTX_TEST))
        return oct;

    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
        goto err;
    }

    if (ctx->subject_req)
        pubkey = ctx->subject_req->req_info.pubkey;
    else
        pubkey = ctx->subject_cert->cert_info.key;

    if (pubkey == NULL) {
        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
        goto err;
    }

    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);

    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
        goto err;

    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    return oct;

 err:
    ASN1_OCTET_STRING_free(oct);
    return NULL;
}
Пример #19
0
/* ########################################### */
int
add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
{
	/* To add an object of OID 1.9.999, which is a sequence containing
	 * 2 octet strings */
	unsigned char *p;
	ASN1_OCTET_STRING *os1, *os2;
	ASN1_STRING *seq;
	unsigned char *data;
	int i, total;

	if (signed_seq2string_nid == -1)
		signed_seq2string_nid =
		    OBJ_create("1.9.9999","OID_example","Our example OID");

	os1 = ASN1_OCTET_STRING_new();
	os2 = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
	ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
	i = i2d_ASN1_OCTET_STRING(os1, NULL);
	i += i2d_ASN1_OCTET_STRING(os2, NULL);
	total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);

	data = malloc(total);
	p = data;
	ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
	i2d_ASN1_OCTET_STRING(os1, &p);
	i2d_ASN1_OCTET_STRING(os2, &p);

	seq = ASN1_STRING_new();
	ASN1_STRING_set(seq, data, total);
	free(data);
	ASN1_OCTET_STRING_free(os1);
	ASN1_OCTET_STRING_free(os2);

	PKCS7_add_signed_attribute(si, signed_seq2string_nid,
	    V_ASN1_SEQUENCE, (char *)seq);
	return (1);
}
Пример #20
0
int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
{
    ASN1_STRING *os;

    if ((os = ASN1_OCTET_STRING_new()) == NULL)
        return (0);
    if (!ASN1_OCTET_STRING_set(os, data, len)) {
        ASN1_OCTET_STRING_free(os);
        return 0;
    }
    ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
    return (1);
}
X509_EXTENSION* SubjectKeyIdentifierExtension::getX509Extension()
{
	X509_EXTENSION *ret;
	ASN1_OCTET_STRING *octetString;
	ByteArray data;
	
	ret = X509_EXTENSION_new();
	octetString = ASN1_OCTET_STRING_new();
	data = this->keyIdentifier;
	ASN1_OCTET_STRING_set(octetString, data.getDataPointer(), data.size());
	ret = X509V3_EXT_i2d(NID_subject_key_identifier, this->critical?1:0, (void *)octetString);
	return ret;
}
void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
	{
	ASN1_OCTET_STRING *os;

	/* To a an object of OID 1.2.3.4.5, which is an octet string */
	if (signed_string_nid == -1)
		signed_string_nid=
			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
	os=ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(os,(unsigned char*)str,TINYCLR_SSL_STRLEN(str));
	/* When we add, we do not free */
	PKCS7_add_signed_attribute(si,signed_string_nid,
		V_ASN1_OCTET_STRING,(char *)os);
	}
Пример #23
0
static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx, char *str)
{
    ASN1_OCTET_STRING *oct;
    ASN1_BIT_STRING *pk;
    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
    unsigned int diglen;

    if (strcmp(str, "hash"))
        return s2i_ASN1_OCTET_STRING(method, ctx, str);

    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    if (ctx && (ctx->flags == CTX_TEST))
        return oct;

    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
        goto err;
    }

    if (ctx->subject_req)
        pk = ctx->subject_req->req_info->pubkey->public_key;
    else
        pk = ctx->subject_cert->cert_info->key->public_key;

    if (!pk) {
        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
        goto err;
    }

    if (!EVP_Digest
        (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
        goto err;

    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    return oct;

 err:
    ASN1_OCTET_STRING_free(oct);
    return NULL;
}
Пример #24
0
static int old_hmac_decode(EVP_PKEY *pkey,
                           const unsigned char **pder, int derlen)
{
    ASN1_OCTET_STRING *os;
    os = ASN1_OCTET_STRING_new();
    if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen))
        goto err;
    if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os))
        goto err;
    return 1;

 err:
    ASN1_OCTET_STRING_free(os);
    return 0;
}
Пример #25
0
static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
    OSSL_HMAC_PKEY_CTX *sctx, *dctx;
    if (!ossl_hmac_init(dst))
        return 0;
    sctx = EVP_PKEY_CTX_get_data(src);
    dctx = EVP_PKEY_CTX_get_data(dst);
    dctx->md = sctx->md;
    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
        return 0;
    if (sctx->ktmp.data) {
        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
                                   sctx->ktmp.data, sctx->ktmp.length))
            return 0;
    }
    return 1;
}
Пример #26
0
static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
    HMAC_PKEY_CTX *sctx, *dctx;
    if (!pkey_hmac_init(dst))
        return 0;
    sctx = src->data;
    dctx = dst->data;
    dctx->md = sctx->md;
    HMAC_CTX_init(&dctx->ctx);
    HMAC_CTX_copy(&dctx->ctx, &sctx->ctx);
    if (sctx->ktmp.data) {
        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
                                   sctx->ktmp.data, sctx->ktmp.length))
            return 0;
    }
    return 1;
}
Пример #27
0
/*
 * Create a new extension
 *
 * Extension  ::=  SEQUENCE  {
 *      id          OBJECT IDENTIFIER,
 *      critical    BOOLEAN DEFAULT FALSE,
 *      value       OCTET STRING  }
 *
 * Parameters:
 *   pex: OpenSSL extension pointer (output parameter)
 *   nid: extension identifier
 *   crit: extension critical (EXT_NON_CRIT, EXT_CRIT)
 *   data: extension data. This data will be encapsulated in an Octet String
 *
 * Return: Extension address, NULL if error
 */
static
X509_EXTENSION *ext_new(int nid, int crit, unsigned char *data, int len)
{
	X509_EXTENSION *ex;
	ASN1_OCTET_STRING *ext_data;

	/* Octet string containing the extension data */
	ext_data = ASN1_OCTET_STRING_new();
	ASN1_OCTET_STRING_set(ext_data, data, len);

	/* Create the extension */
	ex = X509_EXTENSION_create_by_NID(NULL, nid, crit, ext_data);

	/* The extension makes a copy of the data, so we can free this object */
	ASN1_OCTET_STRING_free(ext_data);

	return ex;
}
Пример #28
0
Файл: conv.c Проект: tiran/tang
int
conv_point2os(const EC_GROUP *grp, const EC_POINT *p, ASN1_OCTET_STRING *os,
              BN_CTX *ctx)
{
    size_t s;

    s = EC_POINT_point2oct(grp, p, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
    if (s == 0)
        return ENOMEM;

    unsigned char buf[s];

    s = EC_POINT_point2oct(grp, p, POINT_CONVERSION_COMPRESSED, buf, s, ctx);
    if (s == 0)
        return ENOMEM;

    if (ASN1_OCTET_STRING_set(os, buf, s) <= 0)
        return ENOMEM;

    return 0;
}
Пример #29
0
void openssl_pkcs7_msg()
{
	int len;
	FILE *fp;
	PKCS7 *p7;
	unsigned char *der, *p, buf[SHA_DIGEST_LENGTH] = "pkcs7 msg";

	p7 = PKCS7_new();
	PKCS7_set_type(p7, NID_pkcs7_data);
	ASN1_OCTET_STRING_set(p7->d.data, buf, SHA_DIGEST_LENGTH);

	len = i2d_PKCS7(p7, NULL);
	der = (unsigned char *)malloc(len);
	p = der;
	len = i2d_PKCS7(p7, &p);
	fp = fopen("/tmp/test.cer", "wb");
	fwrite(der, 1, len, fp);
	fclose(fp);
	free(der);

	PKCS7_free(p7);
}
Пример #30
0
static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
    OSSL_HMAC_PKEY_CTX *sctx, *dctx;

    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
    if (!ossl_hmac_init(dst))
        return 0;
    sctx = EVP_PKEY_CTX_get_data(src);
    dctx = EVP_PKEY_CTX_get_data(dst);
    dctx->md = sctx->md;
    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
        goto err;
    if (sctx->ktmp.data) {
        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
                                   sctx->ktmp.data, sctx->ktmp.length))
            goto err;
    }
    return 1;
err:
    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
    ossl_hmac_cleanup(dst);
    return 0;
}