Fixed x509 certificate created during generation to comply with OpenSSL
1.0.1i more strict rules.
This commit is contained in:
+12
-3
@@ -36,7 +36,7 @@ CK_RV do_store_cert(CK_BYTE_PTR data, CK_ULONG len, X509 **cert) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_ULONG key_len,
|
CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_ULONG key_len,
|
||||||
CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
||||||
|
|
||||||
X509 *cert = NULL;
|
X509 *cert = NULL;
|
||||||
EVP_PKEY *key = NULL;
|
EVP_PKEY *key = NULL;
|
||||||
@@ -132,7 +132,6 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_
|
|||||||
if (X509_set_pubkey(cert, key) == 0) // TODO: there is also X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
|
if (X509_set_pubkey(cert, key) == 0) // TODO: there is also X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
|
||||||
goto create_empty_cert_cleanup;
|
goto create_empty_cert_cleanup;
|
||||||
|
|
||||||
// TODO: add more info like issuer?
|
|
||||||
tm = ASN1_TIME_new();
|
tm = ASN1_TIME_new();
|
||||||
if (tm == NULL)
|
if (tm == NULL)
|
||||||
goto create_empty_cert_cleanup;
|
goto create_empty_cert_cleanup;
|
||||||
@@ -141,6 +140,16 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa, CK_
|
|||||||
X509_set_notBefore(cert, tm);
|
X509_set_notBefore(cert, tm);
|
||||||
X509_set_notAfter(cert, tm);
|
X509_set_notAfter(cert, tm);
|
||||||
|
|
||||||
|
// Manually set the signature algorithms.
|
||||||
|
// OpenSSL 1.0.1i complains about empty DER fields
|
||||||
|
// 8 => md5WithRsaEncryption
|
||||||
|
cert->sig_alg->algorithm = OBJ_nid2obj(8);
|
||||||
|
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
|
||||||
|
|
||||||
|
// Manually set a signature (same reason as before)
|
||||||
|
ASN1_BIT_STRING_set_bit(cert->signature, 8, 1);
|
||||||
|
ASN1_BIT_STRING_set(cert->signature, "\x00", 1);
|
||||||
|
|
||||||
len = i2d_X509(cert, NULL);
|
len = i2d_X509(cert, NULL);
|
||||||
if (len < 0)
|
if (len < 0)
|
||||||
goto create_empty_cert_cleanup;
|
goto create_empty_cert_cleanup;
|
||||||
@@ -422,7 +431,7 @@ CK_RV do_pkcs_1_digest_info(CK_BYTE_PTR in, CK_ULONG in_len, int nid, CK_BYTE_PT
|
|||||||
}
|
}
|
||||||
|
|
||||||
CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid,
|
CK_RV do_pkcs_pss(RSA *key, CK_BYTE_PTR in, CK_ULONG in_len, int nid,
|
||||||
CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
CK_BYTE_PTR out, CK_ULONG_PTR out_len) {
|
||||||
unsigned char em[512]; // Max for this is ceil((|key_len_bits| - 1) / 8)
|
unsigned char em[512]; // Max for this is ceil((|key_len_bits| - 1) / 8)
|
||||||
|
|
||||||
OpenSSL_add_all_digests();
|
OpenSSL_add_all_digests();
|
||||||
|
|||||||
Reference in New Issue
Block a user