summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7
diff options
context:
space:
mode:
authordjm <>2008-09-06 12:17:54 +0000
committerdjm <>2008-09-06 12:17:54 +0000
commit38ce604e3cc97706b876b0525ddff0121115456d (patch)
tree7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libcrypto/pkcs7
parent12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff)
downloadopenbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip
resolve conflicts
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
-rw-r--r--src/lib/libcrypto/pkcs7/bio_ber.c2
-rw-r--r--src/lib/libcrypto/pkcs7/example.c8
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_asn1.c41
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_attr.c3
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c354
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_lib.c117
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c104
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c109
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7.h15
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7err.c15
10 files changed, 514 insertions, 254 deletions
diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c
index 895a91177b..31973fcd1f 100644
--- a/src/lib/libcrypto/pkcs7/bio_ber.c
+++ b/src/lib/libcrypto/pkcs7/bio_ber.c
@@ -204,7 +204,7 @@ int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
204 if ((ctx->buf_len < BER_BUF_SIZE) && 204 if ((ctx->buf_len < BER_BUF_SIZE) &&
205 (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) 205 (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
206 { 206 {
207 ERR_get_error(); /* clear the error */ 207 ERR_clear_error(); /* clear the error */
208 BIO_set_retry_read(b); 208 BIO_set_retry_read(b);
209 } 209 }
210 return(-1); 210 return(-1);
diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c
index c993947cc3..2953d04b5c 100644
--- a/src/lib/libcrypto/pkcs7/example.c
+++ b/src/lib/libcrypto/pkcs7/example.c
@@ -123,7 +123,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
123 so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); 123 so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
124 if (so && (so->type == V_ASN1_SEQUENCE)) 124 if (so && (so->type == V_ASN1_SEQUENCE))
125 { 125 {
126 ASN1_CTX c; 126 ASN1_const_CTX c;
127 ASN1_STRING *s; 127 ASN1_STRING *s;
128 long length; 128 long length;
129 ASN1_OCTET_STRING *os1,*os2; 129 ASN1_OCTET_STRING *os1,*os2;
@@ -144,7 +144,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
144 goto err; 144 goto err;
145 c.slen-=(c.p-c.q); 145 c.slen-=(c.p-c.q);
146 146
147 if (!asn1_Finish(&c)) goto err; 147 if (!asn1_const_Finish(&c)) goto err;
148 *str1=malloc(os1->length+1); 148 *str1=malloc(os1->length+1);
149 *str2=malloc(os2->length+1); 149 *str2=malloc(os2->length+1);
150 memcpy(*str1,os1->data,os1->length); 150 memcpy(*str1,os1->data,os1->length);
@@ -290,7 +290,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
290 so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); 290 so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
291 if (so->type == V_ASN1_SEQUENCE) 291 if (so->type == V_ASN1_SEQUENCE)
292 { 292 {
293 ASN1_CTX c; 293 ASN1_const_CTX c;
294 ASN1_STRING *s; 294 ASN1_STRING *s;
295 long length; 295 long length;
296 ASN1_OCTET_STRING *os1,*os2; 296 ASN1_OCTET_STRING *os1,*os2;
@@ -311,7 +311,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
311 goto err; 311 goto err;
312 c.slen-=(c.p-c.q); 312 c.slen-=(c.p-c.q);
313 313
314 if (!asn1_Finish(&c)) goto err; 314 if (!asn1_const_Finish(&c)) goto err;
315 *str1=malloc(os1->length+1); 315 *str1=malloc(os1->length+1);
316 *str2=malloc(os2->length+1); 316 *str2=malloc(os2->length+1);
317 memcpy(*str1,os1->data,os1->length); 317 memcpy(*str1,os1->data,os1->length);
diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c
index 46f0fc9375..77931feeb4 100644
--- a/src/lib/libcrypto/pkcs7/pk7_asn1.c
+++ b/src/lib/libcrypto/pkcs7/pk7_asn1.c
@@ -69,30 +69,31 @@
69ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); 69ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
70 70
71ASN1_ADB(PKCS7) = { 71ASN1_ADB(PKCS7) = {
72 ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)), 72 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
73 ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), 73 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
74 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), 74 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
75 ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), 75 ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
76 ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), 76 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
77 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) 77 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
78} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); 78} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
79 79
80ASN1_SEQUENCE(PKCS7) = { 80ASN1_NDEF_SEQUENCE(PKCS7) = {
81 ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), 81 ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
82 ASN1_ADB_OBJECT(PKCS7) 82 ASN1_ADB_OBJECT(PKCS7)
83}ASN1_SEQUENCE_END(PKCS7) 83}ASN1_NDEF_SEQUENCE_END(PKCS7)
84 84
85IMPLEMENT_ASN1_FUNCTIONS(PKCS7) 85IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
86IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
86IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) 87IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
87 88
88ASN1_SEQUENCE(PKCS7_SIGNED) = { 89ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
89 ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), 90 ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
90 ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), 91 ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
91 ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), 92 ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
92 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), 93 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
93 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), 94 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
94 ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) 95 ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
95} ASN1_SEQUENCE_END(PKCS7_SIGNED) 96} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
96 97
97IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) 98IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
98 99
@@ -130,11 +131,11 @@ ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
130 131
131IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) 132IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
132 133
133ASN1_SEQUENCE(PKCS7_ENVELOPE) = { 134ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
134 ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), 135 ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
135 ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), 136 ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
136 ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) 137 ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
137} ASN1_SEQUENCE_END(PKCS7_ENVELOPE) 138} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
138 139
139IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) 140IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
140 141
@@ -157,15 +158,15 @@ ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
157 158
158IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) 159IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
159 160
160ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = { 161ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
161 ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), 162 ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
162 ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), 163 ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
163 ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) 164 ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
164} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT) 165} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
165 166
166IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) 167IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
167 168
168ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { 169ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
169 ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), 170 ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
170 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), 171 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
171 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), 172 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
@@ -173,23 +174,23 @@ ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
173 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), 174 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
174 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), 175 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
175 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) 176 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
176} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) 177} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
177 178
178IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) 179IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
179 180
180ASN1_SEQUENCE(PKCS7_ENCRYPT) = { 181ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
181 ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), 182 ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
182 ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) 183 ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
183} ASN1_SEQUENCE_END(PKCS7_ENCRYPT) 184} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
184 185
185IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) 186IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
186 187
187ASN1_SEQUENCE(PKCS7_DIGEST) = { 188ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
188 ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), 189 ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
189 ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), 190 ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
190 ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), 191 ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
191 ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) 192 ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
192} ASN1_SEQUENCE_END(PKCS7_DIGEST) 193} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
193 194
194IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) 195IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
195 196
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index 039141027a..735c8800e1 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -96,7 +96,8 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
96STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) 96STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
97 { 97 {
98 ASN1_TYPE *cap; 98 ASN1_TYPE *cap;
99 unsigned char *p; 99 const unsigned char *p;
100
100 cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); 101 cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
101 if (!cap || (cap->type != V_ASN1_SEQUENCE)) 102 if (!cap || (cap->type != V_ASN1_SEQUENCE))
102 return NULL; 103 return NULL;
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 4ac29ae14d..a03d7ebedf 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -62,6 +62,7 @@
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65#include <openssl/err.h>
65 66
66static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 67static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
67 void *value); 68 void *value);
@@ -101,18 +102,54 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
101 return NULL; 102 return NULL;
102 } 103 }
103 104
105static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
106 {
107 BIO *btmp;
108 const EVP_MD *md;
109 if ((btmp=BIO_new(BIO_f_md())) == NULL)
110 {
111 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
112 goto err;
113 }
114
115 md=EVP_get_digestbyobj(alg->algorithm);
116 if (md == NULL)
117 {
118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
119 goto err;
120 }
121
122 BIO_set_md(btmp,md);
123 if (*pbio == NULL)
124 *pbio=btmp;
125 else if (!BIO_push(*pbio,btmp))
126 {
127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
128 goto err;
129 }
130 btmp=NULL;
131
132 return 1;
133
134 err:
135 if (btmp)
136 BIO_free(btmp);
137 return 0;
138
139 }
140
104BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 141BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
105 { 142 {
106 int i; 143 int i;
107 BIO *out=NULL,*btmp=NULL; 144 BIO *out=NULL,*btmp=NULL;
108 X509_ALGOR *xa; 145 X509_ALGOR *xa = NULL;
109 const EVP_MD *evp_md;
110 const EVP_CIPHER *evp_cipher=NULL; 146 const EVP_CIPHER *evp_cipher=NULL;
111 STACK_OF(X509_ALGOR) *md_sk=NULL; 147 STACK_OF(X509_ALGOR) *md_sk=NULL;
112 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 148 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
113 X509_ALGOR *xalg=NULL; 149 X509_ALGOR *xalg=NULL;
114 PKCS7_RECIP_INFO *ri=NULL; 150 PKCS7_RECIP_INFO *ri=NULL;
115 EVP_PKEY *pkey; 151 EVP_PKEY *pkey;
152 ASN1_OCTET_STRING *os=NULL;
116 153
117 i=OBJ_obj2nid(p7->type); 154 i=OBJ_obj2nid(p7->type);
118 p7->state=PKCS7_S_HEADER; 155 p7->state=PKCS7_S_HEADER;
@@ -121,6 +158,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
121 { 158 {
122 case NID_pkcs7_signed: 159 case NID_pkcs7_signed:
123 md_sk=p7->d.sign->md_algs; 160 md_sk=p7->d.sign->md_algs;
161 os = PKCS7_get_octet_string(p7->d.sign->contents);
124 break; 162 break;
125 case NID_pkcs7_signedAndEnveloped: 163 case NID_pkcs7_signedAndEnveloped:
126 rsk=p7->d.signed_and_enveloped->recipientinfo; 164 rsk=p7->d.signed_and_enveloped->recipientinfo;
@@ -145,37 +183,21 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
145 goto err; 183 goto err;
146 } 184 }
147 break; 185 break;
186 case NID_pkcs7_digest:
187 xa = p7->d.digest->md;
188 os = PKCS7_get_octet_string(p7->d.digest->contents);
189 break;
148 default: 190 default:
149 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 191 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
150 goto err; 192 goto err;
151 } 193 }
152 194
153 if (md_sk != NULL) 195 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
154 { 196 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
155 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 197 goto err;
156 {
157 xa=sk_X509_ALGOR_value(md_sk,i);
158 if ((btmp=BIO_new(BIO_f_md())) == NULL)
159 {
160 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
161 goto err;
162 }
163
164 evp_md=EVP_get_digestbyobj(xa->algorithm);
165 if (evp_md == NULL)
166 {
167 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
168 goto err;
169 }
170 198
171 BIO_set_md(btmp,evp_md); 199 if (xa && !PKCS7_bio_add_digest(&out, xa))
172 if (out == NULL) 200 goto err;
173 out=btmp;
174 else
175 BIO_push(out,btmp);
176 btmp=NULL;
177 }
178 }
179 201
180 if (evp_cipher != NULL) 202 if (evp_cipher != NULL)
181 { 203 {
@@ -194,17 +216,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
194 BIO_get_cipher_ctx(btmp, &ctx); 216 BIO_get_cipher_ctx(btmp, &ctx);
195 keylen=EVP_CIPHER_key_length(evp_cipher); 217 keylen=EVP_CIPHER_key_length(evp_cipher);
196 ivlen=EVP_CIPHER_iv_length(evp_cipher); 218 ivlen=EVP_CIPHER_iv_length(evp_cipher);
197 if (RAND_bytes(key,keylen) <= 0)
198 goto err;
199 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 219 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
200 if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); 220 if (ivlen > 0)
201 EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1); 221 if (RAND_pseudo_bytes(iv,ivlen) <= 0)
222 goto err;
223 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
224 goto err;
225 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
226 goto err;
227 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
228 goto err;
202 229
203 if (ivlen > 0) { 230 if (ivlen > 0) {
204 if (xalg->parameter == NULL) 231 if (xalg->parameter == NULL) {
205 xalg->parameter=ASN1_TYPE_new(); 232 xalg->parameter = ASN1_TYPE_new();
233 if (xalg->parameter == NULL)
234 goto err;
235 }
206 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 236 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
207 goto err; 237 goto err;
208 } 238 }
209 239
210 /* Lets do the pub key stuff :-) */ 240 /* Lets do the pub key stuff :-) */
@@ -217,7 +247,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
217 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); 247 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
218 goto err; 248 goto err;
219 } 249 }
220 pkey=X509_get_pubkey(ri->cert); 250 if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
251 goto err;
221 jj=EVP_PKEY_size(pkey); 252 jj=EVP_PKEY_size(pkey);
222 EVP_PKEY_free(pkey); 253 EVP_PKEY_free(pkey);
223 if (max < jj) max=jj; 254 if (max < jj) max=jj;
@@ -230,7 +261,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
230 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 261 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
231 { 262 {
232 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 263 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
233 pkey=X509_get_pubkey(ri->cert); 264 if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
265 goto err;
234 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); 266 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
235 EVP_PKEY_free(pkey); 267 EVP_PKEY_free(pkey);
236 if (jj <= 0) 268 if (jj <= 0)
@@ -261,24 +293,16 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
261 { 293 {
262 if (PKCS7_is_detached(p7)) 294 if (PKCS7_is_detached(p7))
263 bio=BIO_new(BIO_s_null()); 295 bio=BIO_new(BIO_s_null());
264 else 296 else if (os && os->length > 0)
297 bio = BIO_new_mem_buf(os->data, os->length);
298 if(bio == NULL)
265 { 299 {
266 if (PKCS7_type_is_signed(p7)) 300 bio=BIO_new(BIO_s_mem());
267 { 301 if (bio == NULL)
268 ASN1_OCTET_STRING *os; 302 goto err;
269 os = PKCS7_get_octet_string( 303 BIO_set_mem_eof_return(bio,0);
270 p7->d.sign->contents);
271 if (os && os->length > 0)
272 bio = BIO_new_mem_buf(os->data,
273 os->length);
274 }
275 if(bio == NULL)
276 {
277 bio=BIO_new(BIO_s_mem());
278 BIO_set_mem_eof_return(bio,0);
279 }
280 } 304 }
281 } 305 }
282 BIO_push(out,bio); 306 BIO_push(out,bio);
283 bio=NULL; 307 bio=NULL;
284 if (0) 308 if (0)
@@ -293,6 +317,17 @@ err:
293 return(out); 317 return(out);
294 } 318 }
295 319
320static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
321 {
322 int ret;
323 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
324 pcert->cert_info->issuer);
325 if (ret)
326 return ret;
327 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
328 ri->issuer_and_serial->serial);
329 }
330
296/* int */ 331/* int */
297BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 332BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
298 { 333 {
@@ -403,18 +438,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
403 * (if any) 438 * (if any)
404 */ 439 */
405 440
406 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { 441 if (pcert) {
407 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 442 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
408 if(!X509_NAME_cmp(ri->issuer_and_serial->issuer, 443 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
409 pcert->cert_info->issuer) && 444 if (!pkcs7_cmp_ri(ri, pcert))
410 !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, 445 break;
411 ri->issuer_and_serial->serial)) break; 446 ri=NULL;
412 ri=NULL; 447 }
413 } 448 if (ri == NULL) {
414 if (ri == NULL) { 449 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
415 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 450 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
416 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 451 goto err;
417 goto err; 452 }
418 } 453 }
419 454
420 jj=EVP_PKEY_size(pkey); 455 jj=EVP_PKEY_size(pkey);
@@ -425,17 +460,46 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
425 goto err; 460 goto err;
426 } 461 }
427 462
428 jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key), 463 /* If we haven't got a certificate try each ri in turn */
429 M_ASN1_STRING_length(ri->enc_key), pkey); 464
430 if (jj <= 0) 465 if (pcert == NULL)
431 { 466 {
432 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); 467 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
433 goto err; 468 {
469 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
470 jj=EVP_PKEY_decrypt(tmp,
471 M_ASN1_STRING_data(ri->enc_key),
472 M_ASN1_STRING_length(ri->enc_key),
473 pkey);
474 if (jj > 0)
475 break;
476 ERR_clear_error();
477 ri = NULL;
478 }
479 if (ri == NULL)
480 {
481 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
482 PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
483 goto err;
484 }
485 }
486 else
487 {
488 jj=EVP_PKEY_decrypt(tmp,
489 M_ASN1_STRING_data(ri->enc_key),
490 M_ASN1_STRING_length(ri->enc_key), pkey);
491 if (jj <= 0)
492 {
493 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
494 ERR_R_EVP_LIB);
495 goto err;
496 }
434 } 497 }
435 498
436 evp_ctx=NULL; 499 evp_ctx=NULL;
437 BIO_get_cipher_ctx(etmp,&evp_ctx); 500 BIO_get_cipher_ctx(etmp,&evp_ctx);
438 EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0); 501 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
502 goto err;
439 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 503 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
440 goto err; 504 goto err;
441 505
@@ -451,7 +515,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
451 goto err; 515 goto err;
452 } 516 }
453 } 517 }
454 EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); 518 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
519 goto err;
455 520
456 OPENSSL_cleanse(tmp,jj); 521 OPENSSL_cleanse(tmp,jj);
457 522
@@ -485,6 +550,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
485 bio=BIO_new(BIO_s_mem()); 550 bio=BIO_new(BIO_s_mem());
486 BIO_set_mem_eof_return(bio,0); 551 BIO_set_mem_eof_return(bio,0);
487 } 552 }
553 if (bio == NULL)
554 goto err;
488#endif 555#endif
489 } 556 }
490 BIO_push(out,bio); 557 BIO_push(out,bio);
@@ -504,6 +571,29 @@ err:
504 return(out); 571 return(out);
505 } 572 }
506 573
574static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
575 {
576 for (;;)
577 {
578 bio=BIO_find_type(bio,BIO_TYPE_MD);
579 if (bio == NULL)
580 {
581 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
582 return NULL;
583 }
584 BIO_get_md_ctx(bio,pmd);
585 if (*pmd == NULL)
586 {
587 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
588 return NULL;
589 }
590 if (EVP_MD_CTX_type(*pmd) == nid)
591 return bio;
592 bio=BIO_next(bio);
593 }
594 return NULL;
595 }
596
507int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 597int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
508 { 598 {
509 int ret=0; 599 int ret=0;
@@ -528,7 +618,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
528 si_sk=p7->d.signed_and_enveloped->signer_info; 618 si_sk=p7->d.signed_and_enveloped->signer_info;
529 if (!(os=M_ASN1_OCTET_STRING_new())) 619 if (!(os=M_ASN1_OCTET_STRING_new()))
530 { 620 {
531 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE); 621 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
532 goto err; 622 goto err;
533 } 623 }
534 p7->d.signed_and_enveloped->enc_data->enc_data=os; 624 p7->d.signed_and_enveloped->enc_data->enc_data=os;
@@ -537,7 +627,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
537 /* XXXXXXXXXXXXXXXX */ 627 /* XXXXXXXXXXXXXXXX */
538 if (!(os=M_ASN1_OCTET_STRING_new())) 628 if (!(os=M_ASN1_OCTET_STRING_new()))
539 { 629 {
540 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE); 630 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
541 goto err; 631 goto err;
542 } 632 }
543 p7->d.enveloped->enc_data->enc_data=os; 633 p7->d.enveloped->enc_data->enc_data=os;
@@ -551,13 +641,24 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
551 p7->d.sign->contents->d.data = NULL; 641 p7->d.sign->contents->d.data = NULL;
552 } 642 }
553 break; 643 break;
644
645 case NID_pkcs7_digest:
646 os=PKCS7_get_octet_string(p7->d.digest->contents);
647 /* If detached data then the content is excluded */
648 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
649 {
650 M_ASN1_OCTET_STRING_free(os);
651 p7->d.digest->contents->d.data = NULL;
652 }
653 break;
654
554 } 655 }
555 656
556 if (si_sk != NULL) 657 if (si_sk != NULL)
557 { 658 {
558 if ((buf=BUF_MEM_new()) == NULL) 659 if ((buf=BUF_MEM_new()) == NULL)
559 { 660 {
560 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); 661 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
561 goto err; 662 goto err;
562 } 663 }
563 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 664 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
@@ -568,32 +669,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
568 j=OBJ_obj2nid(si->digest_alg->algorithm); 669 j=OBJ_obj2nid(si->digest_alg->algorithm);
569 670
570 btmp=bio; 671 btmp=bio;
571 for (;;) 672
572 { 673 btmp = PKCS7_find_digest(&mdc, btmp, j);
573 if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 674
574 == NULL) 675 if (btmp == NULL)
575 { 676 goto err;
576 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 677
577 goto err;
578 }
579 BIO_get_md_ctx(btmp,&mdc);
580 if (mdc == NULL)
581 {
582 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
583 goto err;
584 }
585 if (EVP_MD_CTX_type(mdc) == j)
586 break;
587 else
588 btmp=BIO_next(btmp);
589 }
590
591 /* We now have the EVP_MD_CTX, lets do the 678 /* We now have the EVP_MD_CTX, lets do the
592 * signing. */ 679 * signing. */
593 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); 680 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
594 if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) 681 if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
595 { 682 {
596 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); 683 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
597 goto err; 684 goto err;
598 } 685 }
599 686
@@ -615,13 +702,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
615 { 702 {
616 if (!(sign_time=X509_gmtime_adj(NULL,0))) 703 if (!(sign_time=X509_gmtime_adj(NULL,0)))
617 { 704 {
618 PKCS7err(PKCS7_F_PKCS7_DATASIGN, 705 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
619 ERR_R_MALLOC_FAILURE); 706 ERR_R_MALLOC_FAILURE);
620 goto err; 707 goto err;
621 } 708 }
622 PKCS7_add_signed_attribute(si, 709 if (!PKCS7_add_signed_attribute(si,
623 NID_pkcs9_signingTime, 710 NID_pkcs9_signingTime,
624 V_ASN1_UTCTIME,sign_time); 711 V_ASN1_UTCTIME,sign_time))
712 {
713 M_ASN1_UTCTIME_free(sign_time);
714 goto err;
715 }
625 } 716 }
626 717
627 /* Add digest */ 718 /* Add digest */
@@ -629,20 +720,25 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
629 EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); 720 EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
630 if (!(digest=M_ASN1_OCTET_STRING_new())) 721 if (!(digest=M_ASN1_OCTET_STRING_new()))
631 { 722 {
632 PKCS7err(PKCS7_F_PKCS7_DATASIGN, 723 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
633 ERR_R_MALLOC_FAILURE); 724 ERR_R_MALLOC_FAILURE);
634 goto err; 725 goto err;
635 } 726 }
636 if (!M_ASN1_OCTET_STRING_set(digest,md_data, 727 if (!M_ASN1_OCTET_STRING_set(digest,md_data,
637 md_len)) 728 md_len))
638 { 729 {
639 PKCS7err(PKCS7_F_PKCS7_DATASIGN, 730 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
640 ERR_R_MALLOC_FAILURE); 731 ERR_R_MALLOC_FAILURE);
732 M_ASN1_OCTET_STRING_free(digest);
641 goto err; 733 goto err;
642 } 734 }
643 PKCS7_add_signed_attribute(si, 735 if (!PKCS7_add_signed_attribute(si,
644 NID_pkcs9_messageDigest, 736 NID_pkcs9_messageDigest,
645 V_ASN1_OCTET_STRING,digest); 737 V_ASN1_OCTET_STRING,digest))
738 {
739 M_ASN1_OCTET_STRING_free(digest);
740 goto err;
741 }
646 742
647 /* Now sign the attributes */ 743 /* Now sign the attributes */
648 EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); 744 EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
@@ -657,28 +753,42 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
657 if (si->pkey->type == EVP_PKEY_DSA) 753 if (si->pkey->type == EVP_PKEY_DSA)
658 ctx_tmp.digest=EVP_dss1(); 754 ctx_tmp.digest=EVP_dss1();
659#endif 755#endif
756#ifndef OPENSSL_NO_ECDSA
757 if (si->pkey->type == EVP_PKEY_EC)
758 ctx_tmp.digest=EVP_ecdsa();
759#endif
660 760
661 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, 761 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
662 (unsigned int *)&buf->length,si->pkey)) 762 (unsigned int *)&buf->length,si->pkey))
663 { 763 {
664 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB); 764 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
665 goto err; 765 goto err;
666 } 766 }
667 if (!ASN1_STRING_set(si->enc_digest, 767 if (!ASN1_STRING_set(si->enc_digest,
668 (unsigned char *)buf->data,buf->length)) 768 (unsigned char *)buf->data,buf->length))
669 { 769 {
670 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB); 770 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);
671 goto err; 771 goto err;
672 } 772 }
673 } 773 }
674 } 774 }
775 else if (i == NID_pkcs7_digest)
776 {
777 unsigned char md_data[EVP_MAX_MD_SIZE];
778 unsigned int md_len;
779 if (!PKCS7_find_digest(&mdc, bio,
780 OBJ_obj2nid(p7->d.digest->md->algorithm)))
781 goto err;
782 EVP_DigestFinal_ex(mdc,md_data,&md_len);
783 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
784 }
675 785
676 if (!PKCS7_is_detached(p7)) 786 if (!PKCS7_is_detached(p7))
677 { 787 {
678 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 788 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
679 if (btmp == NULL) 789 if (btmp == NULL)
680 { 790 {
681 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 791 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
682 goto err; 792 goto err;
683 } 793 }
684 BIO_get_mem_ptr(btmp,&buf_mem); 794 BIO_get_mem_ptr(btmp,&buf_mem);
@@ -859,6 +969,9 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
859#ifndef OPENSSL_NO_DSA 969#ifndef OPENSSL_NO_DSA
860 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); 970 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
861#endif 971#endif
972#ifndef OPENSSL_NO_ECDSA
973 if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
974#endif
862 975
863 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 976 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
864 EVP_PKEY_free(pkey); 977 EVP_PKEY_free(pkey);
@@ -883,8 +996,13 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
883 int i; 996 int i;
884 997
885 i=OBJ_obj2nid(p7->type); 998 i=OBJ_obj2nid(p7->type);
886 if (i != NID_pkcs7_signedAndEnveloped) return(NULL); 999 if (i != NID_pkcs7_signedAndEnveloped)
1000 return NULL;
1001 if (p7->d.signed_and_enveloped == NULL)
1002 return NULL;
887 rsk=p7->d.signed_and_enveloped->recipientinfo; 1003 rsk=p7->d.signed_and_enveloped->recipientinfo;
1004 if (rsk == NULL)
1005 return NULL;
888 ri=sk_PKCS7_RECIP_INFO_value(rsk,0); 1006 ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
889 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); 1007 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
890 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); 1008 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
@@ -938,6 +1056,8 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
938 if (p7si->auth_attr != NULL) 1056 if (p7si->auth_attr != NULL)
939 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); 1057 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
940 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); 1058 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
1059 if (p7si->auth_attr == NULL)
1060 return 0;
941 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1061 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
942 { 1062 {
943 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, 1063 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
@@ -956,6 +1076,8 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
956 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, 1076 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
957 X509_ATTRIBUTE_free); 1077 X509_ATTRIBUTE_free);
958 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); 1078 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
1079 if (p7si->unauth_attr == NULL)
1080 return 0;
959 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1081 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
960 { 1082 {
961 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, 1083 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
@@ -985,10 +1107,16 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
985 1107
986 if (*sk == NULL) 1108 if (*sk == NULL)
987 { 1109 {
988 *sk = sk_X509_ATTRIBUTE_new_null(); 1110 if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
1111 return 0;
989new_attrib: 1112new_attrib:
990 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1113 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
991 sk_X509_ATTRIBUTE_push(*sk,attr); 1114 return 0;
1115 if (!sk_X509_ATTRIBUTE_push(*sk,attr))
1116 {
1117 X509_ATTRIBUTE_free(attr);
1118 return 0;
1119 }
992 } 1120 }
993 else 1121 else
994 { 1122 {
@@ -1001,7 +1129,13 @@ new_attrib:
1001 { 1129 {
1002 X509_ATTRIBUTE_free(attr); 1130 X509_ATTRIBUTE_free(attr);
1003 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1131 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
1004 sk_X509_ATTRIBUTE_set(*sk,i,attr); 1132 if (attr == NULL)
1133 return 0;
1134 if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
1135 {
1136 X509_ATTRIBUTE_free(attr);
1137 return 0;
1138 }
1005 goto end; 1139 goto end;
1006 } 1140 }
1007 } 1141 }
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index ee1817c7af..f2490941a3 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
138 p7->d.sign->contents=p7_data; 138 p7->d.sign->contents=p7_data;
139 break; 139 break;
140 case NID_pkcs7_digest: 140 case NID_pkcs7_digest:
141 if (p7->d.digest->contents != NULL)
142 PKCS7_free(p7->d.digest->contents);
143 p7->d.digest->contents=p7_data;
144 break;
141 case NID_pkcs7_data: 145 case NID_pkcs7_data:
142 case NID_pkcs7_enveloped: 146 case NID_pkcs7_enveloped:
143 case NID_pkcs7_signedAndEnveloped: 147 case NID_pkcs7_signedAndEnveloped:
@@ -206,6 +210,12 @@ int PKCS7_set_type(PKCS7 *p7, int type)
206 break; 210 break;
207 211
208 case NID_pkcs7_digest: 212 case NID_pkcs7_digest:
213 p7->type=obj;
214 if ((p7->d.digest=PKCS7_DIGEST_new())
215 == NULL) goto err;
216 if (!ASN1_INTEGER_set(p7->d.digest->version,0))
217 goto err;
218 break;
209 default: 219 default:
210 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 220 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
211 goto err; 221 goto err;
@@ -215,6 +225,13 @@ err:
215 return(0); 225 return(0);
216 } 226 }
217 227
228int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
229 {
230 p7->type = OBJ_nid2obj(type);
231 p7->d.other = other;
232 return 1;
233 }
234
218int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) 235int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
219 { 236 {
220 int i,j,nid; 237 int i,j,nid;
@@ -254,16 +271,23 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
254 if (!j) /* we need to add another algorithm */ 271 if (!j) /* we need to add another algorithm */
255 { 272 {
256 if(!(alg=X509_ALGOR_new()) 273 if(!(alg=X509_ALGOR_new())
257 || !(alg->parameter = ASN1_TYPE_new())) { 274 || !(alg->parameter = ASN1_TYPE_new()))
275 {
276 X509_ALGOR_free(alg);
258 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); 277 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
259 return(0); 278 return(0);
260 } 279 }
261 alg->algorithm=OBJ_nid2obj(nid); 280 alg->algorithm=OBJ_nid2obj(nid);
262 alg->parameter->type = V_ASN1_NULL; 281 alg->parameter->type = V_ASN1_NULL;
263 sk_X509_ALGOR_push(md_sk,alg); 282 if (!sk_X509_ALGOR_push(md_sk,alg))
283 {
284 X509_ALGOR_free(alg);
285 return 0;
286 }
264 } 287 }
265 288
266 sk_PKCS7_SIGNER_INFO_push(signer_sk,psi); 289 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
290 return 0;
267 return(1); 291 return(1);
268 } 292 }
269 293
@@ -288,8 +312,17 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
288 312
289 if (*sk == NULL) 313 if (*sk == NULL)
290 *sk=sk_X509_new_null(); 314 *sk=sk_X509_new_null();
315 if (*sk == NULL)
316 {
317 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
318 return 0;
319 }
291 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 320 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
292 sk_X509_push(*sk,x509); 321 if (!sk_X509_push(*sk,x509))
322 {
323 X509_free(x509);
324 return 0;
325 }
293 return(1); 326 return(1);
294 } 327 }
295 328
@@ -314,18 +347,31 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
314 347
315 if (*sk == NULL) 348 if (*sk == NULL)
316 *sk=sk_X509_CRL_new_null(); 349 *sk=sk_X509_CRL_new_null();
350 if (*sk == NULL)
351 {
352 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
353 return 0;
354 }
317 355
318 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); 356 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
319 sk_X509_CRL_push(*sk,crl); 357 if (!sk_X509_CRL_push(*sk,crl))
358 {
359 X509_CRL_free(crl);
360 return 0;
361 }
320 return(1); 362 return(1);
321 } 363 }
322 364
323int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 365int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
324 const EVP_MD *dgst) 366 const EVP_MD *dgst)
325 { 367 {
368 int nid;
326 char is_dsa; 369 char is_dsa;
327 if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; 370
328 else is_dsa = 0; 371 if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
372 is_dsa = 1;
373 else
374 is_dsa = 0;
329 /* We now need to add another PKCS7_SIGNER_INFO entry */ 375 /* We now need to add another PKCS7_SIGNER_INFO entry */
330 if (!ASN1_INTEGER_set(p7i->version,1)) 376 if (!ASN1_INTEGER_set(p7i->version,1))
331 goto err; 377 goto err;
@@ -355,16 +401,38 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
355 goto err; 401 goto err;
356 p7i->digest_alg->parameter->type=V_ASN1_NULL; 402 p7i->digest_alg->parameter->type=V_ASN1_NULL;
357 403
358 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
359
360 if (p7i->digest_enc_alg->parameter != NULL) 404 if (p7i->digest_enc_alg->parameter != NULL)
361 ASN1_TYPE_free(p7i->digest_enc_alg->parameter); 405 ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
362 if(is_dsa) p7i->digest_enc_alg->parameter = NULL; 406 nid = EVP_PKEY_type(pkey->type);
363 else { 407 if (nid == EVP_PKEY_RSA)
408 {
409 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
364 if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) 410 if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
365 goto err; 411 goto err;
366 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; 412 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
367 } 413 }
414 else if (nid == EVP_PKEY_DSA)
415 {
416#if 1
417 /* use 'dsaEncryption' OID for compatibility with other software
418 * (PKCS #7 v1.5 does specify how to handle DSA) ... */
419 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
420#else
421 /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
422 * would make more sense. */
423 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
424#endif
425 p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
426 }
427 else if (nid == EVP_PKEY_EC)
428 {
429 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
430 if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
431 goto err;
432 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
433 }
434 else
435 return(0);
368 436
369 return(1); 437 return(1);
370err: 438err:
@@ -381,9 +449,28 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
381 if (!PKCS7_add_signer(p7,si)) goto err; 449 if (!PKCS7_add_signer(p7,si)) goto err;
382 return(si); 450 return(si);
383err: 451err:
452 PKCS7_SIGNER_INFO_free(si);
384 return(NULL); 453 return(NULL);
385 } 454 }
386 455
456int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
457 {
458 if (PKCS7_type_is_digest(p7))
459 {
460 if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
461 {
462 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
463 return 0;
464 }
465 p7->d.digest->md->parameter->type = V_ASN1_NULL;
466 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
467 return 1;
468 }
469
470 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
471 return 1;
472 }
473
387STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) 474STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
388 { 475 {
389 if (PKCS7_type_is_signed(p7)) 476 if (PKCS7_type_is_signed(p7))
@@ -407,6 +494,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
407 if (!PKCS7_add_recipient_info(p7,ri)) goto err; 494 if (!PKCS7_add_recipient_info(p7,ri)) goto err;
408 return(ri); 495 return(ri);
409err: 496err:
497 PKCS7_RECIP_INFO_free(ri);
410 return(NULL); 498 return(NULL);
411 } 499 }
412 500
@@ -429,7 +517,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
429 return(0); 517 return(0);
430 } 518 }
431 519
432 sk_PKCS7_RECIP_INFO_push(sk,ri); 520 if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
521 return 0;
433 return(1); 522 return(1);
434 } 523 }
435 524
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index 927b88c3e7..17b68992f7 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -1,6 +1,6 @@
1/* pk7_mime.c */ 1/* pk7_mime.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999. 3 * project.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
@@ -86,6 +86,7 @@ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
86DECLARE_STACK_OF(MIME_HEADER) 86DECLARE_STACK_OF(MIME_HEADER)
87IMPLEMENT_STACK_OF(MIME_HEADER) 87IMPLEMENT_STACK_OF(MIME_HEADER)
88 88
89static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags);
89static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); 90static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
90static PKCS7 *B64_read_PKCS7(BIO *bio); 91static PKCS7 *B64_read_PKCS7(BIO *bio);
91static char * strip_ends(char *name); 92static char * strip_ends(char *name);
@@ -109,9 +110,6 @@ static void mime_hdr_free(MIME_HEADER *hdr);
109#define MAX_SMLEN 1024 110#define MAX_SMLEN 1024
110#define mime_debug(x) /* x */ 111#define mime_debug(x) /* x */
111 112
112
113typedef void (*stkfree)();
114
115/* Base 64 read and write of PKCS#7 structure */ 113/* Base 64 read and write of PKCS#7 structure */
116 114
117static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) 115static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
@@ -123,7 +121,7 @@ static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
123 } 121 }
124 bio = BIO_push(b64, bio); 122 bio = BIO_push(b64, bio);
125 i2d_PKCS7_bio(bio, p7); 123 i2d_PKCS7_bio(bio, p7);
126 BIO_flush(bio); 124 (void)BIO_flush(bio);
127 bio = BIO_pop(bio); 125 bio = BIO_pop(bio);
128 BIO_free(b64); 126 BIO_free(b64);
129 return 1; 127 return 1;
@@ -140,7 +138,7 @@ static PKCS7 *B64_read_PKCS7(BIO *bio)
140 bio = BIO_push(b64, bio); 138 bio = BIO_push(b64, bio);
141 if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 139 if(!(p7 = d2i_PKCS7_bio(bio, NULL)))
142 PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); 140 PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
143 BIO_flush(bio); 141 (void)BIO_flush(bio);
144 bio = BIO_pop(bio); 142 bio = BIO_pop(bio);
145 BIO_free(b64); 143 BIO_free(b64);
146 return p7; 144 return p7;
@@ -182,7 +180,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
182 mime_eol, mime_eol); 180 mime_eol, mime_eol);
183 /* Now write out the first part */ 181 /* Now write out the first part */
184 BIO_printf(bio, "------%s%s", bound, mime_eol); 182 BIO_printf(bio, "------%s%s", bound, mime_eol);
185 SMIME_crlf_copy(data, bio, flags); 183 pkcs7_output_data(bio, data, p7, flags);
186 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); 184 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
187 185
188 /* Headers for signature */ 186 /* Headers for signature */
@@ -196,7 +194,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
196 mime_eol, mime_eol); 194 mime_eol, mime_eol);
197 B64_write_PKCS7(bio, p7); 195 B64_write_PKCS7(bio, p7);
198 BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, 196 BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
199 mime_eol, mime_eol); 197 mime_eol, mime_eol);
200 return 1; 198 return 1;
201 } 199 }
202 200
@@ -231,6 +229,46 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
231 return 1; 229 return 1;
232} 230}
233 231
232/* Handle output of PKCS#7 data */
233
234
235static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags)
236 {
237 BIO *tmpbio, *p7bio;
238
239 if (!(flags & PKCS7_STREAM))
240 {
241 SMIME_crlf_copy(data, out, flags);
242 return 1;
243 }
244
245 /* Partial sign operation */
246
247 /* Initialize sign operation */
248 p7bio = PKCS7_dataInit(p7, out);
249
250 /* Copy data across, computing digests etc */
251 SMIME_crlf_copy(data, p7bio, flags);
252
253 /* Must be detached */
254 PKCS7_set_detached(p7, 1);
255
256 /* Finalize signatures */
257 PKCS7_dataFinal(p7, p7bio);
258
259 /* Now remove any digests prepended to the BIO */
260
261 while (p7bio != out)
262 {
263 tmpbio = BIO_pop(p7bio);
264 BIO_free(p7bio);
265 p7bio = tmpbio;
266 }
267
268 return 1;
269
270 }
271
234/* SMIME reader: handle multipart/signed and opaque signing. 272/* SMIME reader: handle multipart/signed and opaque signing.
235 * in multipart case the content is placed in a memory BIO 273 * in multipart case the content is placed in a memory BIO
236 * pointed to by "bcont". In opaque this is set to NULL 274 * pointed to by "bcont". In opaque this is set to NULL
@@ -339,56 +377,6 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
339 377
340} 378}
341 379
342/* Copy text from one BIO to another making the output CRLF at EOL */
343int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
344{
345 char eol;
346 int len;
347 char linebuf[MAX_SMLEN];
348 if(flags & PKCS7_BINARY) {
349 while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
350 BIO_write(out, linebuf, len);
351 return 1;
352 }
353 if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
354 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
355 eol = strip_eol(linebuf, &len);
356 if (len)
357 BIO_write(out, linebuf, len);
358 if(eol) BIO_write(out, "\r\n", 2);
359 }
360 return 1;
361}
362
363/* Strip off headers if they are text/plain */
364int SMIME_text(BIO *in, BIO *out)
365{
366 char iobuf[4096];
367 int len;
368 STACK_OF(MIME_HEADER) *headers;
369 MIME_HEADER *hdr;
370
371 if (!(headers = mime_parse_hdr(in))) {
372 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
373 return 0;
374 }
375 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
376 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
377 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
378 return 0;
379 }
380 if (strcmp (hdr->value, "text/plain")) {
381 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
382 ERR_add_error_data(2, "type: ", hdr->value);
383 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
384 return 0;
385 }
386 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
387 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
388 BIO_write(out, iobuf, len);
389 return 1;
390}
391
392/* Split a multipart/XXX message body into component parts: result is 380/* Split a multipart/XXX message body into component parts: result is
393 * canonical parts in a STACK of bios 381 * canonical parts in a STACK of bios
394 */ 382 */
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 99a0d63f38..5c6b0fe24b 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,9 +1,9 @@
1/* pk7_smime.c */ 1/* pk7_smime.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999. 3 * project.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -66,10 +66,10 @@
66PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 66PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
67 BIO *data, int flags) 67 BIO *data, int flags)
68{ 68{
69 PKCS7 *p7; 69 PKCS7 *p7 = NULL;
70 PKCS7_SIGNER_INFO *si; 70 PKCS7_SIGNER_INFO *si;
71 BIO *p7bio; 71 BIO *p7bio = NULL;
72 STACK_OF(X509_ALGOR) *smcap; 72 STACK_OF(X509_ALGOR) *smcap = NULL;
73 int i; 73 int i;
74 74
75 if(!X509_check_private_key(signcert, pkey)) { 75 if(!X509_check_private_key(signcert, pkey)) {
@@ -82,66 +82,87 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
82 return NULL; 82 return NULL;
83 } 83 }
84 84
85 PKCS7_set_type(p7, NID_pkcs7_signed); 85 if (!PKCS7_set_type(p7, NID_pkcs7_signed))
86 goto err;
86 87
87 PKCS7_content_new(p7, NID_pkcs7_data); 88 if (!PKCS7_content_new(p7, NID_pkcs7_data))
89 goto err;
88 90
89 if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { 91 if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
90 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); 92 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
91 return NULL; 93 goto err;
92 } 94 }
93 95
94 if(!(flags & PKCS7_NOCERTS)) { 96 if(!(flags & PKCS7_NOCERTS)) {
95 PKCS7_add_certificate(p7, signcert); 97 if (!PKCS7_add_certificate(p7, signcert))
98 goto err;
96 if(certs) for(i = 0; i < sk_X509_num(certs); i++) 99 if(certs) for(i = 0; i < sk_X509_num(certs); i++)
97 PKCS7_add_certificate(p7, sk_X509_value(certs, i)); 100 if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
98 } 101 goto err;
99
100 if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
101 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
102 return NULL;
103 } 102 }
104 103
105
106 SMIME_crlf_copy(data, p7bio, flags);
107
108 if(!(flags & PKCS7_NOATTR)) { 104 if(!(flags & PKCS7_NOATTR)) {
109 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, 105 if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
110 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); 106 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))
107 goto err;
111 /* Add SMIMECapabilities */ 108 /* Add SMIMECapabilities */
112 if(!(flags & PKCS7_NOSMIMECAP)) 109 if(!(flags & PKCS7_NOSMIMECAP))
113 { 110 {
114 if(!(smcap = sk_X509_ALGOR_new_null())) { 111 if(!(smcap = sk_X509_ALGOR_new_null())) {
115 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); 112 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
116 return NULL; 113 goto err;
117 } 114 }
118#ifndef OPENSSL_NO_DES 115#ifndef OPENSSL_NO_DES
119 PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); 116 if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1))
117 goto err;
120#endif 118#endif
121#ifndef OPENSSL_NO_RC2 119#ifndef OPENSSL_NO_RC2
122 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); 120 if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128))
123 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); 121 goto err;
122 if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64))
123 goto err;
124#endif 124#endif
125#ifndef OPENSSL_NO_DES 125#ifndef OPENSSL_NO_DES
126 PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); 126 if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1))
127 goto err;
127#endif 128#endif
128#ifndef OPENSSL_NO_RC2 129#ifndef OPENSSL_NO_RC2
129 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); 130 if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40))
131 goto err;
130#endif 132#endif
131 PKCS7_add_attrib_smimecap (si, smcap); 133 if (!PKCS7_add_attrib_smimecap (si, smcap))
134 goto err;
132 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 135 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
136 smcap = NULL;
133 } 137 }
134 } 138 }
135 139
136 if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); 140 if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
137 141
138 if (!PKCS7_dataFinal(p7,p7bio)) { 142 if (flags & PKCS7_STREAM)
143 return p7;
144
145
146 if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
147 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
148 goto err;
149 }
150
151 SMIME_crlf_copy(data, p7bio, flags);
152
153
154 if (!PKCS7_dataFinal(p7,p7bio)) {
139 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); 155 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
140 return NULL; 156 goto err;
141 } 157 }
142 158
143 BIO_free_all(p7bio); 159 BIO_free_all(p7bio);
144 return p7; 160 return p7;
161err:
162 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
163 BIO_free_all(p7bio);
164 PKCS7_free(p7);
165 return NULL;
145} 166}
146 167
147int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 168int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
@@ -215,6 +236,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
215 sk_X509_free(signers); 236 sk_X509_free(signers);
216 return 0; 237 return 0;
217 } 238 }
239 if (!(flags & PKCS7_NOCRL))
240 X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
218 i = X509_verify_cert(&cert_ctx); 241 i = X509_verify_cert(&cert_ctx);
219 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); 242 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
220 X509_STORE_CTX_cleanup(&cert_ctx); 243 X509_STORE_CTX_cleanup(&cert_ctx);
@@ -251,7 +274,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
251 tmpin = indata; 274 tmpin = indata;
252 275
253 276
254 p7bio=PKCS7_dataInit(p7,tmpin); 277 if (!(p7bio=PKCS7_dataInit(p7,tmpin)))
278 goto err;
255 279
256 if(flags & PKCS7_TEXT) { 280 if(flags & PKCS7_TEXT) {
257 if(!(tmpout = BIO_new(BIO_s_mem()))) { 281 if(!(tmpout = BIO_new(BIO_s_mem()))) {
@@ -330,7 +354,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
330 354
331 if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { 355 if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
332 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); 356 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
333 return 0; 357 return NULL;
334 } 358 }
335 359
336 if(!(signers = sk_X509_new_null())) { 360 if(!(signers = sk_X509_new_null())) {
@@ -353,10 +377,13 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
353 if (!signer) { 377 if (!signer) {
354 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); 378 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
355 sk_X509_free(signers); 379 sk_X509_free(signers);
356 return 0; 380 return NULL;
357 } 381 }
358 382
359 sk_X509_push(signers, signer); 383 if (!sk_X509_push(signers, signer)) {
384 sk_X509_free(signers);
385 return NULL;
386 }
360 } 387 }
361 return signers; 388 return signers;
362} 389}
@@ -376,7 +403,8 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
376 return NULL; 403 return NULL;
377 } 404 }
378 405
379 PKCS7_set_type(p7, NID_pkcs7_enveloped); 406 if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
407 goto err;
380 if(!PKCS7_set_cipher(p7, cipher)) { 408 if(!PKCS7_set_cipher(p7, cipher)) {
381 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); 409 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
382 goto err; 410 goto err;
@@ -398,7 +426,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
398 426
399 SMIME_crlf_copy(in, p7bio, flags); 427 SMIME_crlf_copy(in, p7bio, flags);
400 428
401 BIO_flush(p7bio); 429 (void)BIO_flush(p7bio);
402 430
403 if (!PKCS7_dataFinal(p7,p7bio)) { 431 if (!PKCS7_dataFinal(p7,p7bio)) {
404 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); 432 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
@@ -410,7 +438,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
410 438
411 err: 439 err:
412 440
413 BIO_free(p7bio); 441 BIO_free_all(p7bio);
414 PKCS7_free(p7); 442 PKCS7_free(p7);
415 return NULL; 443 return NULL;
416 444
@@ -432,7 +460,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
432 return 0; 460 return 0;
433 } 461 }
434 462
435 if(!X509_check_private_key(cert, pkey)) { 463 if(cert && !X509_check_private_key(cert, pkey)) {
436 PKCS7err(PKCS7_F_PKCS7_DECRYPT, 464 PKCS7err(PKCS7_F_PKCS7_DECRYPT,
437 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 465 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
438 return 0; 466 return 0;
@@ -448,10 +476,13 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
448 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ 476 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
449 if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { 477 if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
450 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); 478 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
479 BIO_free_all(tmpmem);
451 return 0; 480 return 0;
452 } 481 }
453 if(!(bread = BIO_push(tmpbuf, tmpmem))) { 482 if(!(bread = BIO_push(tmpbuf, tmpmem))) {
454 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); 483 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
484 BIO_free_all(tmpbuf);
485 BIO_free_all(tmpmem);
455 return 0; 486 return 0;
456 } 487 }
457 ret = SMIME_text(bread, data); 488 ret = SMIME_text(bread, data);
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
index 15372e18f8..cc092d262d 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -233,6 +233,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
233 (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) 233 (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
234#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) 234#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
235 235
236#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
237
236#define PKCS7_set_detached(p,v) \ 238#define PKCS7_set_detached(p,v) \
237 PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) 239 PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
238#define PKCS7_get_detached(p) \ 240#define PKCS7_get_detached(p) \
@@ -262,6 +264,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
262#define PKCS7_NOSMIMECAP 0x200 264#define PKCS7_NOSMIMECAP 0x200
263#define PKCS7_NOOLDMIMETYPE 0x400 265#define PKCS7_NOOLDMIMETYPE 0x400
264#define PKCS7_CRLFEOL 0x800 266#define PKCS7_CRLFEOL 0x800
267#define PKCS7_STREAM 0x1000
268#define PKCS7_NOCRL 0x2000
265 269
266/* Flags: for compatibility with older code */ 270/* Flags: for compatibility with older code */
267 271
@@ -302,10 +306,12 @@ DECLARE_ASN1_FUNCTIONS(PKCS7)
302DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) 306DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
303DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) 307DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
304 308
309DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
305 310
306long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); 311long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
307 312
308int PKCS7_set_type(PKCS7 *p7, int type); 313int PKCS7_set_type(PKCS7 *p7, int type);
314int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
309int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); 315int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
310int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 316int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
311 const EVP_MD *dgst); 317 const EVP_MD *dgst);
@@ -326,6 +332,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
326PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, 332PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
327 EVP_PKEY *pkey, const EVP_MD *dgst); 333 EVP_PKEY *pkey, const EVP_MD *dgst);
328X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); 334X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
335int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
329STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); 336STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
330 337
331PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); 338PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
@@ -381,16 +388,20 @@ void ERR_load_PKCS7_strings(void);
381#define PKCS7_F_PKCS7_ADD_CRL 101 388#define PKCS7_F_PKCS7_ADD_CRL 101
382#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 389#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
383#define PKCS7_F_PKCS7_ADD_SIGNER 103 390#define PKCS7_F_PKCS7_ADD_SIGNER 103
391#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125
384#define PKCS7_F_PKCS7_CTRL 104 392#define PKCS7_F_PKCS7_CTRL 104
385#define PKCS7_F_PKCS7_DATADECODE 112 393#define PKCS7_F_PKCS7_DATADECODE 112
394#define PKCS7_F_PKCS7_DATAFINAL 128
386#define PKCS7_F_PKCS7_DATAINIT 105 395#define PKCS7_F_PKCS7_DATAINIT 105
387#define PKCS7_F_PKCS7_DATASIGN 106 396#define PKCS7_F_PKCS7_DATASIGN 106
388#define PKCS7_F_PKCS7_DATAVERIFY 107 397#define PKCS7_F_PKCS7_DATAVERIFY 107
389#define PKCS7_F_PKCS7_DECRYPT 114 398#define PKCS7_F_PKCS7_DECRYPT 114
390#define PKCS7_F_PKCS7_ENCRYPT 115 399#define PKCS7_F_PKCS7_ENCRYPT 115
400#define PKCS7_F_PKCS7_FIND_DIGEST 127
391#define PKCS7_F_PKCS7_GET0_SIGNERS 124 401#define PKCS7_F_PKCS7_GET0_SIGNERS 124
392#define PKCS7_F_PKCS7_SET_CIPHER 108 402#define PKCS7_F_PKCS7_SET_CIPHER 108
393#define PKCS7_F_PKCS7_SET_CONTENT 109 403#define PKCS7_F_PKCS7_SET_CONTENT 109
404#define PKCS7_F_PKCS7_SET_DIGEST 126
394#define PKCS7_F_PKCS7_SET_TYPE 110 405#define PKCS7_F_PKCS7_SET_TYPE 110
395#define PKCS7_F_PKCS7_SIGN 116 406#define PKCS7_F_PKCS7_SIGN 116
396#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 407#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
@@ -421,13 +432,15 @@ void ERR_load_PKCS7_strings(void);
421#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 432#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
422#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 433#define PKCS7_R_NO_MULTIPART_BOUNDARY 137
423#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 434#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
435#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146
424#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 436#define PKCS7_R_NO_SIGNATURES_ON_DATA 123
425#define PKCS7_R_NO_SIGNERS 142 437#define PKCS7_R_NO_SIGNERS 142
426#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 438#define PKCS7_R_NO_SIG_CONTENT_TYPE 138
427#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 439#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
428#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 440#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
441#define PKCS7_R_PKCS7_DATAFINAL 126
429#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 442#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
430#define PKCS7_R_PKCS7_DATASIGN 126 443#define PKCS7_R_PKCS7_DATASIGN 145
431#define PKCS7_R_PKCS7_PARSE_ERROR 139 444#define PKCS7_R_PKCS7_PARSE_ERROR 139
432#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 445#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140
433#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 446#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
index 19894c80a4..c0e3d4cd33 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -77,16 +77,20 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
77{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, 77{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
78{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, 78{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
79{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, 79{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
80{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"},
80{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, 81{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
81{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, 82{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
83{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
82{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, 84{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
83{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, 85{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
84{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, 86{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
85{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, 87{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
86{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, 88{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
89{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"},
87{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, 90{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
88{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, 91{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
89{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, 92{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
93{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
90{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, 94{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
91{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, 95{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
92{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, 96{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
@@ -120,11 +124,13 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
120{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, 124{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
121{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, 125{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
122{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, 126{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
127{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},
123{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, 128{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
124{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, 129{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"},
125{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, 130{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
126{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, 131{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
127{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, 132{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
133{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"},
128{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, 134{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
129{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, 135{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"},
130{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, 136{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"},
@@ -150,15 +156,12 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
150 156
151void ERR_load_PKCS7_strings(void) 157void ERR_load_PKCS7_strings(void)
152 { 158 {
153 static int init=1; 159#ifndef OPENSSL_NO_ERR
154 160
155 if (init) 161 if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL)
156 { 162 {
157 init=0;
158#ifndef OPENSSL_NO_ERR
159 ERR_load_strings(0,PKCS7_str_functs); 163 ERR_load_strings(0,PKCS7_str_functs);
160 ERR_load_strings(0,PKCS7_str_reasons); 164 ERR_load_strings(0,PKCS7_str_reasons);
161#endif
162
163 } 165 }
166#endif
164 } 167 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 11:24:57 +0000