summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7
diff options
context:
space:
mode:
authormiod <>2014-07-10 21:42:43 +0000
committermiod <>2014-07-10 21:42:43 +0000
commitfeb74bdc75aa807a2ee5e7258869eb945d43d060 (patch)
treec90fd33600eac6a5009ef2d7900c832652f1f54a /src/lib/libcrypto/pkcs7
parenta3e198dc1d41cb94dfec713fbae8cf56bf53201f (diff)
downloadopenbsd-feb74bdc75aa807a2ee5e7258869eb945d43d060.tar.gz
openbsd-feb74bdc75aa807a2ee5e7258869eb945d43d060.tar.bz2
openbsd-feb74bdc75aa807a2ee5e7258869eb945d43d060.zip
KNF
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c60
1 files changed, 34 insertions, 26 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 01734bdd1b..6b7b1ccd46 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_smime.c,v 1.16 2014/07/10 21:40:59 miod Exp $ */ 1/* $OpenBSD: pk7_smime.c,v 1.17 2014/07/10 21:42:43 miod Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -199,7 +199,7 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
199 !add_cipher_smcap(smcap, NID_rc2_cbc, 64) || 199 !add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
200 !add_cipher_smcap(smcap, NID_des_cbc, -1) || 200 !add_cipher_smcap(smcap, NID_des_cbc, -1) ||
201 !add_cipher_smcap(smcap, NID_rc2_cbc, 40) || 201 !add_cipher_smcap(smcap, NID_rc2_cbc, 40) ||
202 !PKCS7_add_attrib_smimecap (si, smcap)) 202 !PKCS7_add_attrib_smimecap(si, smcap))
203 goto err; 203 goto err;
204 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 204 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
205 smcap = NULL; 205 smcap = NULL;
@@ -314,15 +314,18 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
314 if (!(flags & PKCS7_NOVERIFY)) 314 if (!(flags & PKCS7_NOVERIFY))
315 for (k = 0; k < sk_X509_num(signers); k++) { 315 for (k = 0; k < sk_X509_num(signers); k++) {
316 signer = sk_X509_value (signers, k); 316 signer = sk_X509_value (signers, k);
317 if (!(flags & PKCS7_NOCHAIN)) { 317 if (!(flags & PKCS7_NOCHAIN)) {
318 if (!X509_STORE_CTX_init(&cert_ctx, store, signer, 318 if (!X509_STORE_CTX_init(&cert_ctx, store,
319 p7->d.sign->cert)) { 319 signer, p7->d.sign->cert)) {
320 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); 320 PKCS7err(PKCS7_F_PKCS7_VERIFY,
321 ERR_R_X509_LIB);
321 sk_X509_free(signers); 322 sk_X509_free(signers);
322 return 0; 323 return 0;
323 } 324 }
324 X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); 325 X509_STORE_CTX_set_default(&cert_ctx,
325 } else if (!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { 326 "smime_sign");
327 } else if (!X509_STORE_CTX_init(&cert_ctx, store,
328 signer, NULL)) {
326 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); 329 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
327 sk_X509_free(signers); 330 sk_X509_free(signers);
328 return 0; 331 return 0;
@@ -334,7 +337,8 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
334 j = X509_STORE_CTX_get_error(&cert_ctx); 337 j = X509_STORE_CTX_get_error(&cert_ctx);
335 X509_STORE_CTX_cleanup(&cert_ctx); 338 X509_STORE_CTX_cleanup(&cert_ctx);
336 if (i <= 0) { 339 if (i <= 0) {
337 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CERTIFICATE_VERIFY_ERROR); 340 PKCS7err(PKCS7_F_PKCS7_VERIFY,
341 PKCS7_R_CERTIFICATE_VERIFY_ERROR);
338 ERR_asprintf_error_data("Verify error:%s", 342 ERR_asprintf_error_data("Verify error:%s",
339 X509_verify_cert_error_string(j)); 343 X509_verify_cert_error_string(j));
340 sk_X509_free(signers); 344 sk_X509_free(signers);
@@ -343,7 +347,8 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
343 /* Check for revocation status here */ 347 /* Check for revocation status here */
344 } 348 }
345 349
346 /* Performance optimization: if the content is a memory BIO then 350 /*
351 * Performance optimization: if the content is a memory BIO then
347 * store its contents in a temporary read only memory BIO. This 352 * store its contents in a temporary read only memory BIO. This
348 * avoids potentially large numbers of slow copies of data which will 353 * avoids potentially large numbers of slow copies of data which will
349 * occur when reading from a read write memory BIO when signatures 354 * occur when reading from a read write memory BIO when signatures
@@ -352,6 +357,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
352 if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) { 357 if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
353 char *ptr; 358 char *ptr;
354 long len; 359 long len;
360
355 len = BIO_get_mem_data(indata, &ptr); 361 len = BIO_get_mem_data(indata, &ptr);
356 tmpin = BIO_new_mem_buf(ptr, len); 362 tmpin = BIO_new_mem_buf(ptr, len);
357 if (tmpin == NULL) { 363 if (tmpin == NULL) {
@@ -371,7 +377,8 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
371 goto err; 377 goto err;
372 } 378 }
373 BIO_set_mem_eof_return(tmpout, 0); 379 BIO_set_mem_eof_return(tmpout, 0);
374 } else tmpout = out; 380 } else
381 tmpout = out;
375 382
376 /* We now have to 'read' from p7bio to calculate digests etc. */ 383 /* We now have to 'read' from p7bio to calculate digests etc. */
377 for (;;) { 384 for (;;) {
@@ -395,15 +402,15 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
395 /* Now Verify All Signatures */ 402 /* Now Verify All Signatures */
396 if (!(flags & PKCS7_NOSIGS)) 403 if (!(flags & PKCS7_NOSIGS))
397 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { 404 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
398 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); 405 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
399 signer = sk_X509_value (signers, i); 406 signer = sk_X509_value (signers, i);
400 j = PKCS7_signatureVerify(p7bio, p7, si, signer); 407 j = PKCS7_signatureVerify(p7bio, p7, si, signer);
401 if (j <= 0) { 408 if (j <= 0) {
402 PKCS7err(PKCS7_F_PKCS7_VERIFY, 409 PKCS7err(PKCS7_F_PKCS7_VERIFY,
403 PKCS7_R_SIGNATURE_FAILURE); 410 PKCS7_R_SIGNATURE_FAILURE);
404 goto err; 411 goto err;
412 }
405 } 413 }
406 }
407 414
408 ret = 1; 415 ret = 1;
409 416
@@ -413,13 +420,13 @@ err:
413 BIO_pop(p7bio); 420 BIO_pop(p7bio);
414 } 421 }
415 BIO_free_all(p7bio); 422 BIO_free_all(p7bio);
416
417 sk_X509_free(signers); 423 sk_X509_free(signers);
418 424
419 return ret; 425 return ret;
420} 426}
421 427
422STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) 428STACK_OF(X509) *
429PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
423{ 430{
424 STACK_OF(X509) *signers; 431 STACK_OF(X509) *signers;
425 STACK_OF(PKCS7_SIGNER_INFO) *sinfos; 432 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
@@ -457,12 +464,13 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
457 ias = si->issuer_and_serial; 464 ias = si->issuer_and_serial;
458 signer = NULL; 465 signer = NULL;
459 /* If any certificates passed they take priority */ 466 /* If any certificates passed they take priority */
460 if (certs) signer = X509_find_by_issuer_and_serial (certs, 467 if (certs)
461 ias->issuer, ias->serial); 468 signer = X509_find_by_issuer_and_serial (certs,
462 if (!signer && !(flags & PKCS7_NOINTERN) &&
463 p7->d.sign->cert) signer =
464 X509_find_by_issuer_and_serial (p7->d.sign->cert,
465 ias->issuer, ias->serial); 469 ias->issuer, ias->serial);
470 if (!signer && !(flags & PKCS7_NOINTERN) && p7->d.sign->cert)
471 signer =
472 X509_find_by_issuer_and_serial(p7->d.sign->cert,
473 ias->issuer, ias->serial);
466 if (!signer) { 474 if (!signer) {
467 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, 475 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
468 PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); 476 PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 21:31:51 +0000