本文整理汇总了C++中ASN1_STRING_set0函数的典型用法代码示例。如果您正苦于以下问题:C++ ASN1_STRING_set0函数的具体用法?C++ ASN1_STRING_set0怎么用?C++ ASN1_STRING_set0使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ASN1_STRING_set0函数的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: PKCS7_SIGNER_INFO_sign_0
static int PKCS7_SIGNER_INFO_sign_0(PKCS7_SIGNER_INFO *si)
{
EVP_MD_CTX mctx;
EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL;
int alen;
size_t siglen;
const EVP_MD *md = NULL;
md = EVP_get_digestbyobj(si->digest_alg->algorithm);
if (md == NULL)
return 0;
EVP_MD_CTX_init(&mctx);
if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)
{
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
goto err;
}
alen = ASN1_item_i2d((ASN1_VALUE *) si->auth_attr, &abuf,
ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
if (!abuf)
goto err;
if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
goto err;
OPENSSL_free(abuf);
abuf = NULL;
if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
goto err;
abuf = OPENSSL_malloc(siglen);
if (!abuf)
goto err;
if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)
{
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
goto err;
}
EVP_MD_CTX_cleanup(&mctx);
ASN1_STRING_set0(si->enc_digest, abuf, siglen);
return 1;
err:
if (abuf)
OPENSSL_free(abuf);
EVP_MD_CTX_cleanup(&mctx);
return 0;
}
示例2: cms_RecipientInfo_ktri_encrypt
static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_KeyTransRecipientInfo *ktri;
CMS_EncryptedContentInfo *ec;
EVP_PKEY_CTX *pctx = NULL;
unsigned char *ek = NULL;
size_t eklen;
int ret = 0;
if (ri->type != CMS_RECIPINFO_TRANS) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
return 0;
}
ktri = ri->d.ktri;
ec = cms->d.envelopedData->encryptedContentInfo;
pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
if (!pctx)
return 0;
if (EVP_PKEY_encrypt_init(pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
goto err;
}
if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
goto err;
ek = OPENSSL_malloc(eklen);
if (ek == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
goto err;
ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
ek = NULL;
ret = 1;
err:
if (pctx)
EVP_PKEY_CTX_free(pctx);
if (ek)
OPENSSL_free(ek);
return ret;
}
示例3: cms_RecipientInfo_kekri_encrypt
static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_EncryptedContentInfo *ec;
CMS_KEKRecipientInfo *kekri;
AES_KEY actx;
unsigned char *wkey = NULL;
int wkeylen;
int r = 0;
ec = cms->d.envelopedData->encryptedContentInfo;
kekri = ri->d.kekri;
if (!kekri->key)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
return 0;
}
if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
CMS_R_ERROR_SETTING_KEY);
goto err;
}
wkey = OPENSSL_malloc(ec->keylen + 8);
if (!wkey)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
ERR_R_MALLOC_FAILURE);
goto err;
}
wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
if (wkeylen <= 0)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
goto err;
}
ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
r = 1;
err:
if (!r && wkey)
OPENSSL_free(wkey);
OPENSSL_cleanse(&actx, sizeof(actx));
return r;
}
示例4: pkcs7_encode_rinfo
static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
unsigned char *key, int keylen)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char *ek = NULL;
int ret = 0;
size_t eklen;
pkey = X509_get_pubkey(ri->cert);
if (!pkey)
return 0;
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pctx)
return 0;
if (EVP_PKEY_encrypt_init(pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
{
PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
goto err;
}
if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
goto err;
ek = (unsigned char*)OPENSSL_malloc(eklen);
if (ek == NULL)
{
PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
goto err;
ASN1_STRING_set0(ri->enc_key, ek, eklen);
ek = NULL;
ret = 1;
err:
if (pkey)
EVP_PKEY_free(pkey);
if (pctx)
EVP_PKEY_CTX_free(pctx);
if (ek)
OPENSSL_free(ek);
return ret;
}
示例5: PKCS5_pbe_set0_algor
int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
const unsigned char *salt, int saltlen)
{
PBEPARAM *pbe = NULL;
ASN1_STRING *pbe_str = NULL;
unsigned char *sstr = NULL;
pbe = PBEPARAM_new();
if (pbe == NULL) {
ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (iter <= 0)
iter = PKCS5_DEFAULT_ITER;
if (!ASN1_INTEGER_set(pbe->iter, iter)) {
ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!saltlen)
saltlen = PKCS5_SALT_LEN;
sstr = OPENSSL_malloc(saltlen);
if (sstr == NULL) {
ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
goto err;
}
if (salt)
memcpy(sstr, salt, saltlen);
else if (RAND_bytes(sstr, saltlen) <= 0)
goto err;
ASN1_STRING_set0(pbe->salt, sstr, saltlen);
sstr = NULL;
if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
goto err;
}
PBEPARAM_free(pbe);
pbe = NULL;
if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
return 1;
err:
OPENSSL_free(sstr);
PBEPARAM_free(pbe);
ASN1_STRING_free(pbe_str);
return 0;
}
示例6: PKCS8_pkey_set0
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
int version,
int ptype, void *pval, unsigned char *penc, int penclen)
{
if (version >= 0) {
if (!ASN1_INTEGER_set(priv->version, version))
return 0;
}
if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
return 0;
if (penc)
ASN1_STRING_set0(priv->pkey, penc, penclen);
return 1;
}
示例7: cms_RecipientInfo_kari_encrypt
int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_KeyAgreeRecipientInfo *kari;
CMS_EncryptedContentInfo *ec;
CMS_RecipientEncryptedKey *rek;
STACK_OF(CMS_RecipientEncryptedKey) *reks;
int i;
if (ri->type != CMS_RECIPINFO_AGREE) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);
return 0;
}
kari = ri->d.kari;
reks = kari->recipientEncryptedKeys;
ec = cms->d.envelopedData->encryptedContentInfo;
/* Initialise wrap algorithm parameters */
if (!cms_wrap_init(kari, ec->cipher))
return 0;
/*
* If no orignator key set up initialise for ephemeral key the public key
* ASN1 structure will set the actual public key value.
*/
if (kari->originator->type == -1) {
CMS_OriginatorIdentifierOrKey *oik = kari->originator;
oik->type = CMS_OIK_PUBKEY;
oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);
if (!oik->d.originatorKey)
return 0;
}
/* Initialise KDF algorithm */
if (!cms_env_asn1_ctrl(ri, 0))
return 0;
/* For each rek, derive KEK, encrypt CEK */
for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
unsigned char *enckey;
size_t enckeylen;
rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0)
return 0;
if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
kari, 1))
return 0;
ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
}
return 1;
}
示例8: cms_RecipientInfo_ktri_encrypt
static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_KeyTransRecipientInfo *ktri;
CMS_EncryptedContentInfo *ec;
unsigned char *ek = NULL;
int eklen;
int ret = 0;
if (ri->type != CMS_RECIPINFO_TRANS)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
CMS_R_NOT_KEY_TRANSPORT);
return 0;
}
ktri = ri->d.ktri;
ec = cms->d.envelopedData->encryptedContentInfo;
eklen = EVP_PKEY_size(ktri->pkey);
ek = OPENSSL_malloc(eklen);
if (ek == NULL)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
ERR_R_MALLOC_FAILURE);
goto err;
}
eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
if (eklen <= 0)
goto err;
ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
ek = NULL;
ret = 1;
err:
if (ek)
OPENSSL_free(ek);
return ret;
}
示例9: CMS_dataFinal
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
{
ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
if (!pos)
return 0;
/* If ebmedded content find memory BIO and set content */
if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
{
BIO *mbio;
unsigned char *cont;
long contlen;
mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
if (!mbio)
{
CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
return 0;
}
contlen = BIO_get_mem_data(mbio, &cont);
/* Set bio as read only so its content can't be clobbered */
BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
BIO_set_mem_eof_return(mbio, 0);
ASN1_STRING_set0(*pos, cont, contlen);
(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
}
switch (OBJ_obj2nid(cms->contentType))
{
case NID_pkcs7_data:
case NID_pkcs7_enveloped:
case NID_pkcs7_encrypted:
case NID_id_smime_ct_compressedData:
/* Nothing to do */
return 1;
case NID_pkcs7_signed:
return cms_SignedData_final(cms, cmsbio);
case NID_pkcs7_digest:
return cms_DigestedData_do_final(cms, cmsbio, 0);
default:
CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
return 0;
}
}
示例10: PKCS7_dataFinal
//.........这里部分代码省略.........
os = PKCS7_get_octet_string(p7->d.digest->contents);
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
os = NULL;
p7->d.digest->contents->d.data = NULL;
}
break;
default:
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
goto err;
}
if (si_sk != NULL) {
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
if (si->pkey == NULL)
continue;
j = OBJ_obj2nid(si->digest_alg->algorithm);
btmp = bio;
btmp = PKCS7_find_digest(&mdc, btmp, j);
if (btmp == NULL)
goto err;
/*
* We now have the EVP_MD_CTX, lets do the signing.
*/
if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
goto err;
sk = si->auth_attr;
/*
* If there are attributes, we add the digest attribute and only
* sign the attributes
*/
if (sk_X509_ATTRIBUTE_num(sk) > 0) {
if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
goto err;
} else {
unsigned char *abuf = NULL;
unsigned int abuflen;
abuflen = EVP_PKEY_size(si->pkey);
abuf = OPENSSL_malloc(abuflen);
if (!abuf)
goto err;
if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) {
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
goto err;
}
ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
}
}
} else if (i == NID_pkcs7_digest) {
unsigned char md_data[EVP_MAX_MD_SIZE];
unsigned int md_len;
if (!PKCS7_find_digest(&mdc, bio,
OBJ_obj2nid(p7->d.digest->md->algorithm)))
goto err;
if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
goto err;
M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
}
if (!PKCS7_is_detached(p7)) {
/*
* NOTE(emilia): I think we only reach os == NULL here because detached
* digested data support is broken.
*/
if (os == NULL)
goto err;
if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
char *cont;
long contlen;
btmp = BIO_find_type(bio, BIO_TYPE_MEM);
if (btmp == NULL) {
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
goto err;
}
contlen = BIO_get_mem_data(btmp, &cont);
/*
* Mark the BIO read only then we can use its copy of the data
* instead of making an extra copy.
*/
BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
BIO_set_mem_eof_return(btmp, 0);
ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
}
}
ret = 1;
err:
EVP_MD_CTX_cleanup(&ctx_tmp);
return (ret);
}
示例11: dh_cms_encrypt
static int dh_cms_encrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pctx;
EVP_PKEY *pkey;
EVP_CIPHER_CTX *ctx;
int keylen;
X509_ALGOR *talg, *wrap_alg = NULL;
ASN1_OBJECT *aoid;
ASN1_BIT_STRING *pubkey;
ASN1_STRING *wrap_str;
ASN1_OCTET_STRING *ukm;
unsigned char *penc = NULL, *dukm = NULL;
int penclen;
size_t dukmlen = 0;
int rv = 0;
int kdf_type, wrap_nid;
const EVP_MD *kdf_md;
pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (!pctx)
return 0;
/* Get ephemeral key */
pkey = EVP_PKEY_CTX_get0_pkey(pctx);
if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
NULL, NULL, NULL))
goto err;
X509_ALGOR_get0(&aoid, NULL, NULL, talg);
/* Is everything uninitialised? */
if (aoid == OBJ_nid2obj(NID_undef)) {
ASN1_INTEGER *pubk;
pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
if (!pubk)
goto err;
/* Set the key */
penclen = i2d_ASN1_INTEGER(pubk, &penc);
ASN1_INTEGER_free(pubk);
if (penclen <= 0)
goto err;
ASN1_STRING_set0(pubkey, penc, penclen);
pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
penc = NULL;
X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
V_ASN1_UNDEF, NULL);
}
/* See if custom paraneters set */
kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
if (kdf_type <= 0)
goto err;
if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
goto err;
if (kdf_type == EVP_PKEY_DH_KDF_NONE) {
kdf_type = EVP_PKEY_DH_KDF_X9_42;
if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
/* Unknown KDF */
goto err;
if (kdf_md == NULL) {
/* Only SHA1 supported */
kdf_md = EVP_sha1();
if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
goto err;
} else if (EVP_MD_type(kdf_md) != NID_sha1)
/* Unsupported digest */
goto err;
if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
goto err;
/* Get wrap NID */
ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
wrap_nid = EVP_CIPHER_CTX_type(ctx);
if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
goto err;
keylen = EVP_CIPHER_CTX_key_length(ctx);
/* Package wrap algorithm in an AlgorithmIdentifier */
wrap_alg = X509_ALGOR_new();
if (!wrap_alg)
goto err;
wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
wrap_alg->parameter = ASN1_TYPE_new();
if (!wrap_alg->parameter)
goto err;
if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
goto err;
if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
ASN1_TYPE_free(wrap_alg->parameter);
wrap_alg->parameter = NULL;
}
if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
goto err;
if (ukm) {
//.........这里部分代码省略.........
示例12: cms_get0_enveloped
CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
unsigned char *key, size_t keylen,
unsigned char *id, size_t idlen,
ASN1_GENERALIZEDTIME *date,
ASN1_OBJECT *otherTypeId,
ASN1_TYPE *otherType)
{
CMS_RecipientInfo *ri = NULL;
CMS_EnvelopedData *env;
CMS_KEKRecipientInfo *kekri;
env = cms_get0_enveloped(cms);
if (!env)
goto err;
if (nid == NID_undef) {
switch (keylen) {
case 16:
nid = NID_id_aes128_wrap;
break;
case 24:
nid = NID_id_aes192_wrap;
break;
case 32:
nid = NID_id_aes256_wrap;
break;
default:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
goto err;
}
} else {
size_t exp_keylen = aes_wrap_keylen(nid);
if (!exp_keylen) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
CMS_R_UNSUPPORTED_KEK_ALGORITHM);
goto err;
}
if (keylen != exp_keylen) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
goto err;
}
}
/* Initialize recipient info */
ri = M_ASN1_new_of(CMS_RecipientInfo);
if (!ri)
goto merr;
ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
if (!ri->d.kekri)
goto merr;
ri->type = CMS_RECIPINFO_KEK;
kekri = ri->d.kekri;
if (otherTypeId) {
kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
if (kekri->kekid->other == NULL)
goto merr;
}
if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
goto merr;
/* After this point no calls can fail */
kekri->version = 4;
kekri->key = key;
kekri->keylen = keylen;
ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
kekri->kekid->date = date;
if (kekri->kekid->other) {
kekri->kekid->other->keyAttrId = otherTypeId;
kekri->kekid->other->keyAttr = otherType;
}
X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
return ri;
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
err:
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
return NULL;
}
示例13: ecdh_cms_encrypt
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pctx;
EVP_PKEY *pkey;
EVP_CIPHER_CTX *ctx;
int keylen;
X509_ALGOR *talg, *wrap_alg = NULL;
ASN1_OBJECT *aoid;
ASN1_BIT_STRING *pubkey;
ASN1_STRING *wrap_str;
ASN1_OCTET_STRING *ukm;
unsigned char *penc = NULL;
int penclen;
int rv = 0;
int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
const EVP_MD *kdf_md;
pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (!pctx)
return 0;
/* Get ephemeral key */
pkey = EVP_PKEY_CTX_get0_pkey(pctx);
if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
NULL, NULL, NULL))
goto err;
X509_ALGOR_get0(&aoid, NULL, NULL, talg);
/* Is everything uninitialised? */
if (aoid == OBJ_nid2obj(NID_undef)) {
EC_KEY *eckey = pkey->pkey.ec;
/* Set the key */
unsigned char *p;
penclen = i2o_ECPublicKey(eckey, NULL);
if (penclen <= 0)
goto err;
penc = OPENSSL_malloc(penclen);
if (!penc)
goto err;
p = penc;
penclen = i2o_ECPublicKey(eckey, &p);
if (penclen <= 0)
goto err;
ASN1_STRING_set0(pubkey, penc, penclen);
pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
penc = NULL;
X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
V_ASN1_UNDEF, NULL);
}
/* See if custom paraneters set */
kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
if (kdf_type <= 0)
goto err;
if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
goto err;
ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
if (ecdh_nid < 0)
goto err;
else if (ecdh_nid == 0)
ecdh_nid = NID_dh_std_kdf;
else if (ecdh_nid == 1)
ecdh_nid = NID_dh_cofactor_kdf;
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else
/* Uknown KDF */
goto err;
if (kdf_md == NULL) {
/* Fixme later for better MD */
kdf_md = EVP_sha1();
if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)
goto err;
}
if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
goto err;
/* Lookup NID for KDF+cofactor+digest */
if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid))
goto err;
/* Get wrap NID */
ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
wrap_nid = EVP_CIPHER_CTX_type(ctx);
keylen = EVP_CIPHER_CTX_key_length(ctx);
/* Package wrap algorithm in an AlgorithmIdentifier */
wrap_alg = X509_ALGOR_new();
if (!wrap_alg)
goto err;
wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
wrap_alg->parameter = ASN1_TYPE_new();
if (!wrap_alg->parameter)
goto err;
//.........这里部分代码省略.........
示例14: LUA_FUNCTION
//.........这里部分代码省略.........
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
goto err;
}
if (si_sk != NULL)
{
for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
{
si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
if (si->pkey == NULL)
continue;
j = OBJ_obj2nid(si->digest_alg->algorithm);
md = EVP_get_digestbynid(j);
EVP_DigestInit_ex(&mdc, md, NULL);
if (hash)
{
if (l == (size_t) mdc.digest->ctx_size)
{
memcpy(mdc.md_data, data, l);
}
else
{
EVP_MD_CTX_cleanup(&mdc);
luaL_argerror(L, 2, "data with wrong length");
}
}
else
EVP_DigestUpdate(&mdc, data, l);
sk = si->auth_attr;
/*
* If there are attributes, we add the digest attribute and only
* sign the attributes
*/
if (sk_X509_ATTRIBUTE_num(sk) > 0)
{
if (!do_pkcs7_signed_attrib(si, &mdc))
goto err;
}
else
{
unsigned char *abuf = NULL;
unsigned int abuflen;
abuflen = EVP_PKEY_size(si->pkey);
abuf = OPENSSL_malloc(abuflen);
if (!abuf)
goto err;
if (!EVP_SignFinal(&mdc, abuf, &abuflen, si->pkey))
{
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
goto err;
}
ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
}
}
}
else if (i == NID_pkcs7_digest)
{
unsigned char md_data[EVP_MAX_MD_SIZE];
unsigned int md_len;
md = EVP_get_digestbynid(OBJ_obj2nid(p7->d.digest->md->algorithm));
EVP_DigestInit_ex(&mdc, md, NULL);
if (l == (size_t) mdc.digest->ctx_size)
{
memcpy(mdc.md_data, data, l);
}
else
{
EVP_MD_CTX_cleanup(&mdc);
luaL_error(L, "data with wrong data");
}
if (!EVP_DigestFinal_ex(&mdc, md_data, &md_len))
goto err;
M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
}
if (!PKCS7_is_detached(p7))
{
/*
* NOTE(emilia): I think we only reach os == NULL here because detached
* digested data support is broken.
*/
if (os == NULL)
goto err;
if (!(os->flags & ASN1_STRING_FLAG_NDEF))
{
char *cont = memdup(data, l);
long contlen = l;
ASN1_STRING_set0(os, (unsigned char *) cont, contlen);
}
}
ret = 1;
err:
EVP_MD_CTX_cleanup(&mdc);
return openssl_pushresult(L, ret);
}