Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add functions for PKCS7, ASN1, CMS, CRL, RSA, & ECDSA #138

Open
wants to merge 49 commits into
base: master
Choose a base branch
from
Open

Add functions for PKCS7, ASN1, CMS, CRL, RSA, & ECDSA #138

wants to merge 49 commits into from

Conversation

emtammaru
Copy link

@emtammaru emtammaru commented Apr 30, 2020
edited
Loading

This adds the following functions:

  • ASN1Parse
  • LoadCertificatesFromPKCS7
  • VerifyTrustAndGetIssuerCertificate
  • VerifyAndGetSignedDataFromPKCS7
  • LoadCRLFromPEM
  • AddCRL
  • VerifyECDSASignature
  • VerifyRecoverRSASignature
  • GetECPublicKeyBitSize

All of these functions were added for purpose of migrating functionality from this NFC Passport Reader app written in swift: https://github.com/AndyQ/NFCPassportReader/blob/master/Sources/NFCPassportReader/OpenSSLUtils.swift So, credit goes in large part to https://github.com/AndyQ

I've verified that this works with openssl-1.1.1g.

Thank you in advance for any guidance/support with this.

Erik Tammaru and others added 22 commits April 7, 2020 15:43
add pkcs7 support for loading certificates
56ac6d0
wip: verify trust of cert for CA file
c9b885c
fix race condition with freeing X509 memory
2cd79ea
return VerifyResult
0eed56a
return issuer certificate from verification
6a12e16
add crl_check support to verify method
d97af91
add cms support to verify & get pkcs7 signed data
99188d1
bugfix and refactor to take entire CertificateStore
939c23c
add comments
ba4b425
fix typo
49d74ee
@jeanniekidd
Merge pull request #1 from emtammaru/feature/implement-cms
320bd7b 
Feature/implement cms
implement asn1 parsing
b524161
Merge branch 'master' into feature/implement-asn1
16c00a9
@jeanniekidd
Merge pull request #2 from emtammaru/feature/implement-asn1
4928b5c 
Feature/implement asn1
fix memory leak in pkcs7 loadCertificateStack
0330328
add ecdsa function to verify a signature
285317d
add copyright headers
1d3d340
move crl check flag to a generic cert store method
1cc975d
@emtammaru
Merge pull request #3 from emtammaru/fix/crl_check
867d093 
Fix crl check
update ecdsa code to work with openssl v1.1
8808977
add rsa signature recovery function
2620389
@emtammaru
Merge pull request #4 from emtammaru/feature/rsa-sig-recovery
2fa5e0e 
rsa sig recovery
@emtammaru emtammaru changed the title Add functions for PKCS7, ASN1, CMS, CRL, & ECDSA Add functions for PKCS7, ASN1, CMS, CRL, RSA, & ECDSA Jun 12, 2020
Jeannie Kidd and others added 20 commits April 6, 2021 09:51
add func to verify rsa signature
f41c7f6
make algo specific options as params
58095a4
update comment
9a247e8
@jeanniekidd
Merge pull request #8 from emtammaru/feature/verify-signature
913bfef 
add func to verify rsa signature
@eleniums
Fix pkeyopts to not range on map
1907c98 
Map order on range is nondeterministic, but some of the pkeyopts need to be set in a specific order. In this case, rsa_padding_mode needs to be set before rsa_pss_saltlen. This was causing some pss documents to randomly fail if salt length was set before the padding mode.
@eleniums
Adjust pss salt length so it will only be set if padding mode is pss
1ed5ad5
@eleniums
Add fallback for setting pkeyopt
c9ff239
@eleniums
Merge pull request #9 from eleniums/fix/set-pkeyopt
d88254e 
Fix pkeyopts to not range on map
@nathan454
Fix build for m1
b691872
@emtammaru
Merge pull request #10 from nathan454/fix-mac-m1-build
42de8e4 
Fix build for m1
Revert "Fix build for m1"
870070f 
This reverts commit b691872.
remove ripemd160 which is not supported (without legacy build flags)
9648483 
- see openssl/openssl#16994
add function to parse rsa public key fields
c05281c
fix for intermittent SIGTERM
1f0160f
@emtammaru
Merge pull request #11 from emtammaru/parse-rsa-pub-key
60a54cf 
Add function to parse RSA public key in PKCS1 format
@adrifern48
add support for getting cert issue/expire dates
66935e8
@emtammaru
Merge pull request #12 from emtammaru/add-cert-timestamp-getters
0e665ef 
Add support for getting cert issue/expire dates
add function to parse a cert from DER
bcddcaf
fix for "panic: runtime error: makeslice: cap out of range"
193f8d0
@emtammaru
Merge pull request #13 from emtammaru/robustness
3f10a64 
fix for "panic: runtime error: makeslice: cap out of range"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@emtammaru @jeanniekidd @snelson-mitek @eleniums @nathan454 @adrifern48