summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7
diff options
context:
space:
mode:
authorbeck <>2017-01-29 17:49:23 +0000
committerbeck <>2017-01-29 17:49:23 +0000
commitd1f47bd292f36094480caa49ada36b99a69c59b0 (patch)
tree1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/pkcs7
parentf8c627888330b75c2eea8a3c27d0efe947a4f9da (diff)
downloadopenbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_attr.c12
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c134
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_lib.c61
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c81
4 files changed, 115 insertions, 173 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index 07722f98e1..f882ba7795 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_attr.c,v 1.11 2016/12/30 15:38:13 jsing Exp $ */ 1/* $OpenBSD: pk7_attr.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -71,8 +71,7 @@ PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
71{ 71{
72 ASN1_STRING *seq; 72 ASN1_STRING *seq;
73 if (!(seq = ASN1_STRING_new())) { 73 if (!(seq = ASN1_STRING_new())) {
74 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, 74 PKCS7error(ERR_R_MALLOC_FAILURE);
75 ERR_R_MALLOC_FAILURE);
76 return 0; 75 return 0;
77 } 76 }
78 seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, 77 seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
@@ -103,7 +102,7 @@ PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
103 X509_ALGOR *alg; 102 X509_ALGOR *alg;
104 103
105 if (!(alg = X509_ALGOR_new())) { 104 if (!(alg = X509_ALGOR_new())) {
106 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); 105 PKCS7error(ERR_R_MALLOC_FAILURE);
107 return 0; 106 return 0;
108 } 107 }
109 ASN1_OBJECT_free(alg->algorithm); 108 ASN1_OBJECT_free(alg->algorithm);
@@ -127,7 +126,7 @@ PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
127 return 1; 126 return 1;
128 127
129err: 128err:
130 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); 129 PKCS7error(ERR_R_MALLOC_FAILURE);
131 X509_ALGOR_free(alg); 130 X509_ALGOR_free(alg);
132 return 0; 131 return 0;
133} 132}
@@ -147,8 +146,7 @@ int
147PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) 146PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
148{ 147{
149 if (!t && !(t = X509_gmtime_adj(NULL, 0))) { 148 if (!t && !(t = X509_gmtime_adj(NULL, 0))) {
150 PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 149 PKCS7error(ERR_R_MALLOC_FAILURE);
151 ERR_R_MALLOC_FAILURE);
152 return 0; 150 return 0;
153 } 151 }
154 return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, 152 return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index e84eee6d8f..484620a686 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_doit.c,v 1.40 2016/12/30 15:38:13 jsing Exp $ */ 1/* $OpenBSD: pk7_doit.c,v 1.41 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -110,14 +110,13 @@ PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
110 BIO *btmp; 110 BIO *btmp;
111 const EVP_MD *md; 111 const EVP_MD *md;
112 if ((btmp = BIO_new(BIO_f_md())) == NULL) { 112 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
113 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); 113 PKCS7error(ERR_R_BIO_LIB);
114 goto err; 114 goto err;
115 } 115 }
116 116
117 md = EVP_get_digestbyobj(alg->algorithm); 117 md = EVP_get_digestbyobj(alg->algorithm);
118 if (md == NULL) { 118 if (md == NULL) {
119 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, 119 PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
120 PKCS7_R_UNKNOWN_DIGEST_TYPE);
121 goto err; 120 goto err;
122 } 121 }
123 122
@@ -125,7 +124,7 @@ PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
125 if (*pbio == NULL) 124 if (*pbio == NULL)
126 *pbio = btmp; 125 *pbio = btmp;
127 else if (!BIO_push(*pbio, btmp)) { 126 else if (!BIO_push(*pbio, btmp)) {
128 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); 127 PKCS7error(ERR_R_BIO_LIB);
129 goto err; 128 goto err;
130 } 129 }
131 btmp = NULL; 130 btmp = NULL;
@@ -160,7 +159,7 @@ pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
160 159
161 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 160 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
162 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) { 161 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
163 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); 162 PKCS7error(PKCS7_R_CTRL_ERROR);
164 goto err; 163 goto err;
165 } 164 }
166 165
@@ -170,7 +169,7 @@ pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
170 ek = malloc(eklen); 169 ek = malloc(eklen);
171 170
172 if (ek == NULL) { 171 if (ek == NULL) {
173 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); 172 PKCS7error(ERR_R_MALLOC_FAILURE);
174 goto err; 173 goto err;
175 } 174 }
176 175
@@ -209,7 +208,7 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
209 208
210 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 209 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
211 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) { 210 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
212 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); 211 PKCS7error(PKCS7_R_CTRL_ERROR);
213 goto err; 212 goto err;
214 } 213 }
215 214
@@ -219,14 +218,14 @@ pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
219 218
220 ek = malloc(eklen); 219 ek = malloc(eklen);
221 if (ek == NULL) { 220 if (ek == NULL) {
222 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); 221 PKCS7error(ERR_R_MALLOC_FAILURE);
223 goto err; 222 goto err;
224 } 223 }
225 224
226 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 225 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
227 ri->enc_key->data, ri->enc_key->length) <= 0) { 226 ri->enc_key->data, ri->enc_key->length) <= 0) {
228 ret = 0; 227 ret = 0;
229 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); 228 PKCS7error(ERR_R_EVP_LIB);
230 goto err; 229 goto err;
231 } 230 }
232 231
@@ -262,7 +261,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
262 ASN1_OCTET_STRING *os = NULL; 261 ASN1_OCTET_STRING *os = NULL;
263 262
264 if (p7 == NULL) { 263 if (p7 == NULL) {
265 PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); 264 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
266 return NULL; 265 return NULL;
267 } 266 }
268 267
@@ -279,7 +278,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
279 * an error. 278 * an error.
280 */ 279 */
281 if (p7->d.ptr == NULL) { 280 if (p7->d.ptr == NULL) {
282 PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); 281 PKCS7error(PKCS7_R_NO_CONTENT);
283 return NULL; 282 return NULL;
284 } 283 }
285 284
@@ -297,8 +296,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
297 xalg = p7->d.signed_and_enveloped->enc_data->algorithm; 296 xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
298 evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; 297 evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
299 if (evp_cipher == NULL) { 298 if (evp_cipher == NULL) {
300 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 299 PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
301 PKCS7_R_CIPHER_NOT_INITIALIZED);
302 goto err; 300 goto err;
303 } 301 }
304 break; 302 break;
@@ -307,8 +305,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
307 xalg = p7->d.enveloped->enc_data->algorithm; 305 xalg = p7->d.enveloped->enc_data->algorithm;
308 evp_cipher = p7->d.enveloped->enc_data->cipher; 306 evp_cipher = p7->d.enveloped->enc_data->cipher;
309 if (evp_cipher == NULL) { 307 if (evp_cipher == NULL) {
310 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 308 PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
311 PKCS7_R_CIPHER_NOT_INITIALIZED);
312 goto err; 309 goto err;
313 } 310 }
314 break; 311 break;
@@ -319,8 +316,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
319 case NID_pkcs7_data: 316 case NID_pkcs7_data:
320 break; 317 break;
321 default: 318 default:
322 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 319 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
323 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
324 goto err; 320 goto err;
325 } 321 }
326 322
@@ -338,7 +334,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio)
338 EVP_CIPHER_CTX *ctx; 334 EVP_CIPHER_CTX *ctx;
339 335
340 if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { 336 if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
341 PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB); 337 PKCS7error(ERR_R_BIO_LIB);
342 goto err; 338 goto err;
343 } 339 }
344 BIO_get_cipher_ctx(btmp, &ctx); 340 BIO_get_cipher_ctx(btmp, &ctx);
@@ -440,13 +436,12 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
440 int eklen = 0, tkeylen = 0; 436 int eklen = 0, tkeylen = 0;
441 437
442 if (p7 == NULL) { 438 if (p7 == NULL) {
443 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 439 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
444 PKCS7_R_INVALID_NULL_POINTER);
445 return NULL; 440 return NULL;
446 } 441 }
447 442
448 if (p7->d.ptr == NULL) { 443 if (p7->d.ptr == NULL) {
449 PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); 444 PKCS7error(PKCS7_R_NO_CONTENT);
450 return NULL; 445 return NULL;
451 } 446 }
452 447
@@ -465,8 +460,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
465 enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; 460 enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
466 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); 461 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
467 if (evp_cipher == NULL) { 462 if (evp_cipher == NULL) {
468 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 463 PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
469 PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
470 goto err; 464 goto err;
471 } 465 }
472 break; 466 break;
@@ -476,14 +470,12 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
476 data_body = p7->d.enveloped->enc_data->enc_data; 470 data_body = p7->d.enveloped->enc_data->enc_data;
477 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); 471 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
478 if (evp_cipher == NULL) { 472 if (evp_cipher == NULL) {
479 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 473 PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
480 PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
481 goto err; 474 goto err;
482 } 475 }
483 break; 476 break;
484 default: 477 default:
485 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 478 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
486 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
487 goto err; 479 goto err;
488 } 480 }
489 481
@@ -492,16 +484,14 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
492 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { 484 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
493 xa = sk_X509_ALGOR_value(md_sk, i); 485 xa = sk_X509_ALGOR_value(md_sk, i);
494 if ((btmp = BIO_new(BIO_f_md())) == NULL) { 486 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
495 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 487 PKCS7error(ERR_R_BIO_LIB);
496 ERR_R_BIO_LIB);
497 goto err; 488 goto err;
498 } 489 }
499 490
500 j = OBJ_obj2nid(xa->algorithm); 491 j = OBJ_obj2nid(xa->algorithm);
501 evp_md = EVP_get_digestbynid(j); 492 evp_md = EVP_get_digestbynid(j);
502 if (evp_md == NULL) { 493 if (evp_md == NULL) {
503 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 494 PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
504 PKCS7_R_UNKNOWN_DIGEST_TYPE);
505 goto err; 495 goto err;
506 } 496 }
507 497
@@ -516,7 +506,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
516 506
517 if (evp_cipher != NULL) { 507 if (evp_cipher != NULL) {
518 if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { 508 if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
519 PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); 509 PKCS7error(ERR_R_BIO_LIB);
520 goto err; 510 goto err;
521 } 511 }
522 512
@@ -534,8 +524,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
534 ri = NULL; 524 ri = NULL;
535 } 525 }
536 if (ri == NULL) { 526 if (ri == NULL) {
537 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 527 PKCS7error(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
538 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
539 goto err; 528 goto err;
540 } 529 }
541 } 530 }
@@ -659,14 +648,12 @@ PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
659 for (;;) { 648 for (;;) {
660 bio = BIO_find_type(bio, BIO_TYPE_MD); 649 bio = BIO_find_type(bio, BIO_TYPE_MD);
661 if (bio == NULL) { 650 if (bio == NULL) {
662 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, 651 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
663 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
664 return NULL; 652 return NULL;
665 } 653 }
666 BIO_get_md_ctx(bio, pmd); 654 BIO_get_md_ctx(bio, pmd);
667 if (*pmd == NULL) { 655 if (*pmd == NULL) {
668 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, 656 PKCS7error(ERR_R_INTERNAL_ERROR);
669 ERR_R_INTERNAL_ERROR);
670 return NULL; 657 return NULL;
671 } 658 }
672 if (EVP_MD_CTX_type(*pmd) == nid) 659 if (EVP_MD_CTX_type(*pmd) == nid)
@@ -685,19 +672,18 @@ do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
685 /* Add signing time if not already present */ 672 /* Add signing time if not already present */
686 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { 673 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
687 if (!PKCS7_add0_attrib_signing_time(si, NULL)) { 674 if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
688 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 675 PKCS7error(ERR_R_MALLOC_FAILURE);
689 ERR_R_MALLOC_FAILURE);
690 return 0; 676 return 0;
691 } 677 }
692 } 678 }
693 679
694 /* Add digest */ 680 /* Add digest */
695 if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) { 681 if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
696 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); 682 PKCS7error(ERR_R_EVP_LIB);
697 return 0; 683 return 0;
698 } 684 }
699 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { 685 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
700 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); 686 PKCS7error(ERR_R_MALLOC_FAILURE);
701 return 0; 687 return 0;
702 } 688 }
703 689
@@ -722,13 +708,12 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
722 ASN1_OCTET_STRING *os = NULL; 708 ASN1_OCTET_STRING *os = NULL;
723 709
724 if (p7 == NULL) { 710 if (p7 == NULL) {
725 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 711 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
726 PKCS7_R_INVALID_NULL_POINTER);
727 return 0; 712 return 0;
728 } 713 }
729 714
730 if (p7->d.ptr == NULL) { 715 if (p7->d.ptr == NULL) {
731 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); 716 PKCS7error(PKCS7_R_NO_CONTENT);
732 return 0; 717 return 0;
733 } 718 }
734 719
@@ -747,8 +732,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
747 if (!os) { 732 if (!os) {
748 os = ASN1_OCTET_STRING_new(); 733 os = ASN1_OCTET_STRING_new();
749 if (!os) { 734 if (!os) {
750 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 735 PKCS7error(ERR_R_MALLOC_FAILURE);
751 ERR_R_MALLOC_FAILURE);
752 goto err; 736 goto err;
753 } 737 }
754 p7->d.signed_and_enveloped->enc_data->enc_data = os; 738 p7->d.signed_and_enveloped->enc_data->enc_data = os;
@@ -760,8 +744,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
760 if (!os) { 744 if (!os) {
761 os = ASN1_OCTET_STRING_new(); 745 os = ASN1_OCTET_STRING_new();
762 if (!os) { 746 if (!os) {
763 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 747 PKCS7error(ERR_R_MALLOC_FAILURE);
764 ERR_R_MALLOC_FAILURE);
765 goto err; 748 goto err;
766 } 749 }
767 p7->d.enveloped->enc_data->enc_data = os; 750 p7->d.enveloped->enc_data->enc_data = os;
@@ -771,7 +754,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
771 si_sk = p7->d.sign->signer_info; 754 si_sk = p7->d.sign->signer_info;
772 os = PKCS7_get_octet_string(p7->d.sign->contents); 755 os = PKCS7_get_octet_string(p7->d.sign->contents);
773 if (!PKCS7_is_detached(p7) && os == NULL) { 756 if (!PKCS7_is_detached(p7) && os == NULL) {
774 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); 757 PKCS7error(PKCS7_R_DECODE_ERROR);
775 goto err; 758 goto err;
776 } 759 }
777 /* If detached data then the content is excluded */ 760 /* If detached data then the content is excluded */
@@ -785,7 +768,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
785 case NID_pkcs7_digest: 768 case NID_pkcs7_digest:
786 os = PKCS7_get_octet_string(p7->d.digest->contents); 769 os = PKCS7_get_octet_string(p7->d.digest->contents);
787 if (os == NULL) { 770 if (os == NULL) {
788 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); 771 PKCS7error(PKCS7_R_DECODE_ERROR);
789 goto err; 772 goto err;
790 } 773 }
791 /* If detached data then the content is excluded */ 774 /* If detached data then the content is excluded */
@@ -798,8 +781,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
798 break; 781 break;
799 782
800 default: 783 default:
801 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 784 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
802 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
803 goto err; 785 goto err;
804 } 786 }
805 787
@@ -836,8 +818,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
836 818
837 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, 819 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
838 si->pkey)) { 820 si->pkey)) {
839 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 821 PKCS7error(ERR_R_EVP_LIB);
840 ERR_R_EVP_LIB);
841 goto err; 822 goto err;
842 } 823 }
843 ASN1_STRING_set0(si->enc_digest, abuf, abuflen); 824 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
@@ -870,8 +851,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
870 851
871 btmp = BIO_find_type(bio, BIO_TYPE_MEM); 852 btmp = BIO_find_type(bio, BIO_TYPE_MEM);
872 if (btmp == NULL) { 853 if (btmp == NULL) {
873 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 854 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
874 PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
875 goto err; 855 goto err;
876 } 856 }
877 contlen = BIO_get_mem_data(btmp, &cont); 857 contlen = BIO_get_mem_data(btmp, &cont);
@@ -910,7 +890,7 @@ PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
910 890
911 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 891 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
912 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) { 892 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
913 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 893 PKCS7error(PKCS7_R_CTRL_ERROR);
914 goto err; 894 goto err;
915 } 895 }
916 896
@@ -932,7 +912,7 @@ PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
932 912
933 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 913 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
934 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) { 914 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
935 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 915 PKCS7error(PKCS7_R_CTRL_ERROR);
936 goto err; 916 goto err;
937 } 917 }
938 918
@@ -958,13 +938,12 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
958 X509 *x509; 938 X509 *x509;
959 939
960 if (p7 == NULL) { 940 if (p7 == NULL) {
961 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, 941 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
962 PKCS7_R_INVALID_NULL_POINTER);
963 return 0; 942 return 0;
964 } 943 }
965 944
966 if (p7->d.ptr == NULL) { 945 if (p7->d.ptr == NULL) {
967 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); 946 PKCS7error(PKCS7_R_NO_CONTENT);
968 return 0; 947 return 0;
969 } 948 }
970 949
@@ -973,7 +952,7 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
973 } else if (PKCS7_type_is_signedAndEnveloped(p7)) { 952 } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
974 cert = p7->d.signed_and_enveloped->cert; 953 cert = p7->d.signed_and_enveloped->cert;
975 } else { 954 } else {
976 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); 955 PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
977 goto err; 956 goto err;
978 } 957 }
979 /* XXXX */ 958 /* XXXX */
@@ -983,14 +962,13 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
983 962
984 /* were we able to find the cert in passed to us */ 963 /* were we able to find the cert in passed to us */
985 if (x509 == NULL) { 964 if (x509 == NULL) {
986 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, 965 PKCS7error(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
987 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
988 goto err; 966 goto err;
989 } 967 }
990 968
991 /* Lets verify */ 969 /* Lets verify */
992 if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) { 970 if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
993 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); 971 PKCS7error(ERR_R_X509_LIB);
994 goto err; 972 goto err;
995 } 973 }
996 if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) { 974 if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) {
@@ -999,7 +977,7 @@ PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
999 } 977 }
1000 i = X509_verify_cert(ctx); 978 i = X509_verify_cert(ctx);
1001 if (i <= 0) { 979 if (i <= 0) {
1002 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); 980 PKCS7error(ERR_R_X509_LIB);
1003 X509_STORE_CTX_cleanup(ctx); 981 X509_STORE_CTX_cleanup(ctx);
1004 goto err; 982 goto err;
1005 } 983 }
@@ -1026,8 +1004,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1026 1004
1027 if (!PKCS7_type_is_signed(p7) && 1005 if (!PKCS7_type_is_signed(p7) &&
1028 !PKCS7_type_is_signedAndEnveloped(p7)) { 1006 !PKCS7_type_is_signedAndEnveloped(p7)) {
1029 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1007 PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
1030 PKCS7_R_WRONG_PKCS7_TYPE);
1031 goto err; 1008 goto err;
1032 } 1009 }
1033 1010
@@ -1037,14 +1014,12 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1037 for (;;) { 1014 for (;;) {
1038 if ((btmp == NULL) || 1015 if ((btmp == NULL) ||
1039 ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { 1016 ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
1040 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1017 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1041 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1042 goto err; 1018 goto err;
1043 } 1019 }
1044 BIO_get_md_ctx(btmp, &mdc); 1020 BIO_get_md_ctx(btmp, &mdc);
1045 if (mdc == NULL) { 1021 if (mdc == NULL) {
1046 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1022 PKCS7error(ERR_R_INTERNAL_ERROR);
1047 ERR_R_INTERNAL_ERROR);
1048 goto err; 1023 goto err;
1049 } 1024 }
1050 if (EVP_MD_CTX_type(mdc) == md_type) 1025 if (EVP_MD_CTX_type(mdc) == md_type)
@@ -1073,14 +1048,12 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1073 goto err; 1048 goto err;
1074 message_digest = PKCS7_digest_from_attributes(sk); 1049 message_digest = PKCS7_digest_from_attributes(sk);
1075 if (!message_digest) { 1050 if (!message_digest) {
1076 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1051 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1077 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1078 goto err; 1052 goto err;
1079 } 1053 }
1080 if ((message_digest->length != (int)md_len) || 1054 if ((message_digest->length != (int)md_len) ||
1081 (memcmp(message_digest->data, md_dat, md_len))) { 1055 (memcmp(message_digest->data, md_dat, md_len))) {
1082 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1056 PKCS7error(PKCS7_R_DIGEST_FAILURE);
1083 PKCS7_R_DIGEST_FAILURE);
1084 ret = -1; 1057 ret = -1;
1085 goto err; 1058 goto err;
1086 } 1059 }
@@ -1092,7 +1065,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1092 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, 1065 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
1093 &PKCS7_ATTR_VERIFY_it); 1066 &PKCS7_ATTR_VERIFY_it);
1094 if (alen <= 0) { 1067 if (alen <= 0) {
1095 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB); 1068 PKCS7error(ERR_R_ASN1_LIB);
1096 ret = -1; 1069 ret = -1;
1097 goto err; 1070 goto err;
1098 } 1071 }
@@ -1112,8 +1085,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1112 i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); 1085 i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
1113 EVP_PKEY_free(pkey); 1086 EVP_PKEY_free(pkey);
1114 if (i <= 0) { 1087 if (i <= 0) {
1115 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1088 PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
1116 PKCS7_R_SIGNATURE_FAILURE);
1117 ret = -1; 1089 ret = -1;
1118 goto err; 1090 goto err;
1119 } else 1091 } else
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index b3dc068f3d..dc407dad55 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_lib.c,v 1.18 2015/09/30 18:41:06 jsing Exp $ */ 1/* $OpenBSD: pk7_lib.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -83,8 +83,7 @@ PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
83 p7->d.sign->contents->d.data = NULL; 83 p7->d.sign->contents->d.data = NULL;
84 } 84 }
85 } else { 85 } else {
86 PKCS7err(PKCS7_F_PKCS7_CTRL, 86 PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
87 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
88 ret = 0; 87 ret = 0;
89 } 88 }
90 break; 89 break;
@@ -97,14 +96,13 @@ PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
97 96
98 p7->detached = ret; 97 p7->detached = ret;
99 } else { 98 } else {
100 PKCS7err(PKCS7_F_PKCS7_CTRL, 99 PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
101 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
102 ret = 0; 100 ret = 0;
103 } 101 }
104 102
105 break; 103 break;
106 default: 104 default:
107 PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION); 105 PKCS7error(PKCS7_R_UNKNOWN_OPERATION);
108 ret = 0; 106 ret = 0;
109 } 107 }
110 return (ret); 108 return (ret);
@@ -151,8 +149,7 @@ PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
151 case NID_pkcs7_signedAndEnveloped: 149 case NID_pkcs7_signedAndEnveloped:
152 case NID_pkcs7_encrypted: 150 case NID_pkcs7_encrypted:
153 default: 151 default:
154 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, 152 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
155 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
156 goto err; 153 goto err;
157 } 154 }
158 return (1); 155 return (1);
@@ -222,8 +219,7 @@ PKCS7_set_type(PKCS7 *p7, int type)
222 goto err; 219 goto err;
223 break; 220 break;
224 default: 221 default:
225 PKCS7err(PKCS7_F_PKCS7_SET_TYPE, 222 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
226 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
227 goto err; 223 goto err;
228 } 224 }
229 return (1); 225 return (1);
@@ -258,7 +254,7 @@ PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
258 md_sk = p7->d.signed_and_enveloped->md_algs; 254 md_sk = p7->d.signed_and_enveloped->md_algs;
259 break; 255 break;
260 default: 256 default:
261 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE); 257 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
262 return (0); 258 return (0);
263 } 259 }
264 260
@@ -278,8 +274,7 @@ PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
278 if (!(alg = X509_ALGOR_new()) || 274 if (!(alg = X509_ALGOR_new()) ||
279 !(alg->parameter = ASN1_TYPE_new())) { 275 !(alg->parameter = ASN1_TYPE_new())) {
280 X509_ALGOR_free(alg); 276 X509_ALGOR_free(alg);
281 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, 277 PKCS7error(ERR_R_MALLOC_FAILURE);
282 ERR_R_MALLOC_FAILURE);
283 return (0); 278 return (0);
284 } 279 }
285 alg->algorithm = OBJ_nid2obj(nid); 280 alg->algorithm = OBJ_nid2obj(nid);
@@ -310,15 +305,14 @@ PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
310 sk = &(p7->d.signed_and_enveloped->cert); 305 sk = &(p7->d.signed_and_enveloped->cert);
311 break; 306 break;
312 default: 307 default:
313 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, 308 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
314 PKCS7_R_WRONG_CONTENT_TYPE);
315 return (0); 309 return (0);
316 } 310 }
317 311
318 if (*sk == NULL) 312 if (*sk == NULL)
319 *sk = sk_X509_new_null(); 313 *sk = sk_X509_new_null();
320 if (*sk == NULL) { 314 if (*sk == NULL) {
321 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); 315 PKCS7error(ERR_R_MALLOC_FAILURE);
322 return 0; 316 return 0;
323 } 317 }
324 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); 318 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
@@ -344,14 +338,14 @@ PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
344 sk = &(p7->d.signed_and_enveloped->crl); 338 sk = &(p7->d.signed_and_enveloped->crl);
345 break; 339 break;
346 default: 340 default:
347 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE); 341 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
348 return (0); 342 return (0);
349 } 343 }
350 344
351 if (*sk == NULL) 345 if (*sk == NULL)
352 *sk = sk_X509_CRL_new_null(); 346 *sk = sk_X509_CRL_new_null();
353 if (*sk == NULL) { 347 if (*sk == NULL) {
354 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE); 348 PKCS7error(ERR_R_MALLOC_FAILURE);
355 return 0; 349 return 0;
356 } 350 }
357 351
@@ -398,13 +392,11 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
398 if (ret > 0) 392 if (ret > 0)
399 return 1; 393 return 1;
400 if (ret != -2) { 394 if (ret != -2) {
401 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 395 PKCS7error(PKCS7_R_SIGNING_CTRL_FAILURE);
402 PKCS7_R_SIGNING_CTRL_FAILURE);
403 return 0; 396 return 0;
404 } 397 }
405 } 398 }
406 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 399 PKCS7error(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
407 PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
408err: 400err:
409 return 0; 401 return 0;
410} 402}
@@ -420,8 +412,7 @@ PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst)
420 goto err; 412 goto err;
421 dgst = EVP_get_digestbynid(def_nid); 413 dgst = EVP_get_digestbynid(def_nid);
422 if (dgst == NULL) { 414 if (dgst == NULL) {
423 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, 415 PKCS7error(PKCS7_R_NO_DEFAULT_DIGEST);
424 PKCS7_R_NO_DEFAULT_DIGEST);
425 goto err; 416 goto err;
426 } 417 }
427 } 418 }
@@ -444,8 +435,7 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
444{ 435{
445 if (PKCS7_type_is_digest(p7)) { 436 if (PKCS7_type_is_digest(p7)) {
446 if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { 437 if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
447 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, 438 PKCS7error(ERR_R_MALLOC_FAILURE);
448 ERR_R_MALLOC_FAILURE);
449 return 0; 439 return 0;
450 } 440 }
451 p7->d.digest->md->parameter->type = V_ASN1_NULL; 441 p7->d.digest->md->parameter->type = V_ASN1_NULL;
@@ -453,7 +443,7 @@ PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
453 return 1; 443 return 1;
454 } 444 }
455 445
456 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE); 446 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
457 return 1; 447 return 1;
458} 448}
459 449
@@ -522,8 +512,7 @@ PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
522 sk = p7->d.enveloped->recipientinfo; 512 sk = p7->d.enveloped->recipientinfo;
523 break; 513 break;
524 default: 514 default:
525 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 515 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
526 PKCS7_R_WRONG_CONTENT_TYPE);
527 return (0); 516 return (0);
528 } 517 }
529 518
@@ -551,21 +540,18 @@ PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
551 pkey = X509_get_pubkey(x509); 540 pkey = X509_get_pubkey(x509);
552 541
553 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { 542 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
554 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 543 PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
555 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
556 goto err; 544 goto err;
557 } 545 }
558 546
559 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 547 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
560 0, p7i); 548 0, p7i);
561 if (ret == -2) { 549 if (ret == -2) {
562 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 550 PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
563 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
564 goto err; 551 goto err;
565 } 552 }
566 if (ret <= 0) { 553 if (ret <= 0) {
567 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 554 PKCS7error(PKCS7_R_ENCRYPTION_CTRL_FAILURE);
568 PKCS7_R_ENCRYPTION_CTRL_FAILURE);
569 goto err; 555 goto err;
570 } 556 }
571 557
@@ -607,15 +593,14 @@ PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
607 ec = p7->d.enveloped->enc_data; 593 ec = p7->d.enveloped->enc_data;
608 break; 594 break;
609 default: 595 default:
610 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE); 596 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
611 return (0); 597 return (0);
612 } 598 }
613 599
614 /* Check cipher OID exists and has data in it*/ 600 /* Check cipher OID exists and has data in it*/
615 i = EVP_CIPHER_type(cipher); 601 i = EVP_CIPHER_type(cipher);
616 if (i == NID_undef) { 602 if (i == NID_undef) {
617 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, 603 PKCS7error(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
618 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
619 return (0); 604 return (0);
620 } 605 }
621 606
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index a2f23b37f3..bf9f2dd82a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_smime.c,v 1.21 2016/11/05 15:19:07 miod Exp $ */ 1/* $OpenBSD: pk7_smime.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -74,7 +74,7 @@ PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
74 int i; 74 int i;
75 75
76 if (!(p7 = PKCS7_new())) { 76 if (!(p7 = PKCS7_new())) {
77 PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); 77 PKCS7error(ERR_R_MALLOC_FAILURE);
78 return NULL; 78 return NULL;
79 } 79 }
80 80
@@ -85,7 +85,7 @@ PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
85 goto err; 85 goto err;
86 86
87 if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) { 87 if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
88 PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR); 88 PKCS7error(PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
89 goto err; 89 goto err;
90 } 90 }
91 91
@@ -117,7 +117,7 @@ PKCS7_final(PKCS7 *p7, BIO *data, int flags)
117 int ret = 0; 117 int ret = 0;
118 118
119 if (!(p7bio = PKCS7_dataInit(p7, NULL))) { 119 if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
120 PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); 120 PKCS7error(ERR_R_MALLOC_FAILURE);
121 return 0; 121 return 0;
122 } 122 }
123 123
@@ -126,7 +126,7 @@ PKCS7_final(PKCS7 *p7, BIO *data, int flags)
126 (void)BIO_flush(p7bio); 126 (void)BIO_flush(p7bio);
127 127
128 if (!PKCS7_dataFinal(p7, p7bio)) { 128 if (!PKCS7_dataFinal(p7, p7bio)) {
129 PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN); 129 PKCS7error(PKCS7_R_PKCS7_DATASIGN);
130 goto err; 130 goto err;
131 } 131 }
132 132
@@ -164,14 +164,12 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
164 STACK_OF(X509_ALGOR) *smcap = NULL; 164 STACK_OF(X509_ALGOR) *smcap = NULL;
165 165
166 if (!X509_check_private_key(signcert, pkey)) { 166 if (!X509_check_private_key(signcert, pkey)) {
167 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 167 PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
168 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
169 return NULL; 168 return NULL;
170 } 169 }
171 170
172 if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { 171 if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {
173 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 172 PKCS7error(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
174 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
175 return NULL; 173 return NULL;
176 } 174 }
177 175
@@ -186,8 +184,7 @@ PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
186 /* Add SMIMECapabilities */ 184 /* Add SMIMECapabilities */
187 if (!(flags & PKCS7_NOSMIMECAP)) { 185 if (!(flags & PKCS7_NOSMIMECAP)) {
188 if (!(smcap = sk_X509_ALGOR_new_null())) { 186 if (!(smcap = sk_X509_ALGOR_new_null())) {
189 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 187 PKCS7error(ERR_R_MALLOC_FAILURE);
190 ERR_R_MALLOC_FAILURE);
191 goto err; 188 goto err;
192 } 189 }
193 if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) || 190 if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
@@ -253,8 +250,7 @@ pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
253 if (osdig) 250 if (osdig)
254 return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); 251 return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
255 252
256 PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 253 PKCS7error(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
257 PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
258 return 0; 254 return 0;
259} 255}
260 256
@@ -273,18 +269,18 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
273 BIO *tmpin, *tmpout; 269 BIO *tmpin, *tmpout;
274 270
275 if (!p7) { 271 if (!p7) {
276 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER); 272 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
277 return 0; 273 return 0;
278 } 274 }
279 275
280 if (!PKCS7_type_is_signed(p7)) { 276 if (!PKCS7_type_is_signed(p7)) {
281 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE); 277 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
282 return 0; 278 return 0;
283 } 279 }
284 280
285 /* Check for no data and no content: no data to verify signature */ 281 /* Check for no data and no content: no data to verify signature */
286 if (PKCS7_get_detached(p7) && !indata) { 282 if (PKCS7_get_detached(p7) && !indata) {
287 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); 283 PKCS7error(PKCS7_R_NO_CONTENT);
288 return 0; 284 return 0;
289 } 285 }
290 286
@@ -294,14 +290,14 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
294 */ 290 */
295 /* Check for data and content: two sets of data */ 291 /* Check for data and content: two sets of data */
296 if (!PKCS7_get_detached(p7) && indata) { 292 if (!PKCS7_get_detached(p7) && indata) {
297 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); 293 PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT);
298 return 0; 294 return 0;
299 } 295 }
300 296
301 sinfos = PKCS7_get_signer_info(p7); 297 sinfos = PKCS7_get_signer_info(p7);
302 298
303 if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { 299 if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
304 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA); 300 PKCS7error(PKCS7_R_NO_SIGNATURES_ON_DATA);
305 return 0; 301 return 0;
306 } 302 }
307 303
@@ -319,8 +315,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
319 if (!(flags & PKCS7_NOCHAIN)) { 315 if (!(flags & PKCS7_NOCHAIN)) {
320 if (!X509_STORE_CTX_init(&cert_ctx, store, 316 if (!X509_STORE_CTX_init(&cert_ctx, store,
321 signer, p7->d.sign->cert)) { 317 signer, p7->d.sign->cert)) {
322 PKCS7err(PKCS7_F_PKCS7_VERIFY, 318 PKCS7error(ERR_R_X509_LIB);
323 ERR_R_X509_LIB);
324 sk_X509_free(signers); 319 sk_X509_free(signers);
325 return 0; 320 return 0;
326 } 321 }
@@ -331,7 +326,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
331 } 326 }
332 } else if (!X509_STORE_CTX_init(&cert_ctx, store, 327 } else if (!X509_STORE_CTX_init(&cert_ctx, store,
333 signer, NULL)) { 328 signer, NULL)) {
334 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); 329 PKCS7error(ERR_R_X509_LIB);
335 sk_X509_free(signers); 330 sk_X509_free(signers);
336 return 0; 331 return 0;
337 } 332 }
@@ -342,8 +337,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
342 j = X509_STORE_CTX_get_error(&cert_ctx); 337 j = X509_STORE_CTX_get_error(&cert_ctx);
343 X509_STORE_CTX_cleanup(&cert_ctx); 338 X509_STORE_CTX_cleanup(&cert_ctx);
344 if (i <= 0) { 339 if (i <= 0) {
345 PKCS7err(PKCS7_F_PKCS7_VERIFY, 340 PKCS7error(PKCS7_R_CERTIFICATE_VERIFY_ERROR);
346 PKCS7_R_CERTIFICATE_VERIFY_ERROR);
347 ERR_asprintf_error_data("Verify error:%s", 341 ERR_asprintf_error_data("Verify error:%s",
348 X509_verify_cert_error_string(j)); 342 X509_verify_cert_error_string(j));
349 sk_X509_free(signers); 343 sk_X509_free(signers);
@@ -366,7 +360,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
366 len = BIO_get_mem_data(indata, &ptr); 360 len = BIO_get_mem_data(indata, &ptr);
367 tmpin = BIO_new_mem_buf(ptr, len); 361 tmpin = BIO_new_mem_buf(ptr, len);
368 if (tmpin == NULL) { 362 if (tmpin == NULL) {
369 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); 363 PKCS7error(ERR_R_MALLOC_FAILURE);
370 return 0; 364 return 0;
371 } 365 }
372 } else 366 } else
@@ -378,7 +372,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
378 372
379 if (flags & PKCS7_TEXT) { 373 if (flags & PKCS7_TEXT) {
380 if (!(tmpout = BIO_new(BIO_s_mem()))) { 374 if (!(tmpout = BIO_new(BIO_s_mem()))) {
381 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); 375 PKCS7error(ERR_R_MALLOC_FAILURE);
382 goto err; 376 goto err;
383 } 377 }
384 BIO_set_mem_eof_return(tmpout, 0); 378 BIO_set_mem_eof_return(tmpout, 0);
@@ -396,8 +390,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
396 390
397 if (flags & PKCS7_TEXT) { 391 if (flags & PKCS7_TEXT) {
398 if (!SMIME_text(tmpout, out)) { 392 if (!SMIME_text(tmpout, out)) {
399 PKCS7err(PKCS7_F_PKCS7_VERIFY, 393 PKCS7error(PKCS7_R_SMIME_TEXT_ERROR);
400 PKCS7_R_SMIME_TEXT_ERROR);
401 BIO_free(tmpout); 394 BIO_free(tmpout);
402 goto err; 395 goto err;
403 } 396 }
@@ -411,8 +404,7 @@ PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
411 signer = sk_X509_value (signers, i); 404 signer = sk_X509_value (signers, i);
412 j = PKCS7_signatureVerify(p7bio, p7, si, signer); 405 j = PKCS7_signatureVerify(p7bio, p7, si, signer);
413 if (j <= 0) { 406 if (j <= 0) {
414 PKCS7err(PKCS7_F_PKCS7_VERIFY, 407 PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
415 PKCS7_R_SIGNATURE_FAILURE);
416 goto err; 408 goto err;
417 } 409 }
418 } 410 }
@@ -441,26 +433,24 @@ PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
441 int i; 433 int i;
442 434
443 if (!p7) { 435 if (!p7) {
444 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, 436 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
445 PKCS7_R_INVALID_NULL_POINTER);
446 return NULL; 437 return NULL;
447 } 438 }
448 439
449 if (!PKCS7_type_is_signed(p7)) { 440 if (!PKCS7_type_is_signed(p7)) {
450 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, 441 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
451 PKCS7_R_WRONG_CONTENT_TYPE);
452 return NULL; 442 return NULL;
453 } 443 }
454 444
455 /* Collect all the signers together */ 445 /* Collect all the signers together */
456 sinfos = PKCS7_get_signer_info(p7); 446 sinfos = PKCS7_get_signer_info(p7);
457 if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { 447 if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
458 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS); 448 PKCS7error(PKCS7_R_NO_SIGNERS);
459 return 0; 449 return 0;
460 } 450 }
461 451
462 if (!(signers = sk_X509_new_null())) { 452 if (!(signers = sk_X509_new_null())) {
463 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); 453 PKCS7error(ERR_R_MALLOC_FAILURE);
464 return NULL; 454 return NULL;
465 } 455 }
466 456
@@ -477,8 +467,7 @@ PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
477 X509_find_by_issuer_and_serial(p7->d.sign->cert, 467 X509_find_by_issuer_and_serial(p7->d.sign->cert,
478 ias->issuer, ias->serial); 468 ias->issuer, ias->serial);
479 if (!signer) { 469 if (!signer) {
480 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, 470 PKCS7error(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
481 PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
482 sk_X509_free(signers); 471 sk_X509_free(signers);
483 return 0; 472 return 0;
484 } 473 }
@@ -503,22 +492,21 @@ PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
503 X509 *x509; 492 X509 *x509;
504 493
505 if (!(p7 = PKCS7_new())) { 494 if (!(p7 = PKCS7_new())) {
506 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); 495 PKCS7error(ERR_R_MALLOC_FAILURE);
507 return NULL; 496 return NULL;
508 } 497 }
509 498
510 if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) 499 if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
511 goto err; 500 goto err;
512 if (!PKCS7_set_cipher(p7, cipher)) { 501 if (!PKCS7_set_cipher(p7, cipher)) {
513 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER); 502 PKCS7error(PKCS7_R_ERROR_SETTING_CIPHER);
514 goto err; 503 goto err;
515 } 504 }
516 505
517 for (i = 0; i < sk_X509_num(certs); i++) { 506 for (i = 0; i < sk_X509_num(certs); i++) {
518 x509 = sk_X509_value(certs, i); 507 x509 = sk_X509_value(certs, i);
519 if (!PKCS7_add_recipient(p7, x509)) { 508 if (!PKCS7_add_recipient(p7, x509)) {
520 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, 509 PKCS7error(PKCS7_R_ERROR_ADDING_RECIPIENT);
521 PKCS7_R_ERROR_ADDING_RECIPIENT);
522 goto err; 510 goto err;
523 } 511 }
524 } 512 }
@@ -543,23 +531,22 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
543 char buf[4096]; 531 char buf[4096];
544 532
545 if (!p7) { 533 if (!p7) {
546 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); 534 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
547 return 0; 535 return 0;
548 } 536 }
549 537
550 if (!PKCS7_type_is_enveloped(p7)) { 538 if (!PKCS7_type_is_enveloped(p7)) {
551 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE); 539 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE);
552 return 0; 540 return 0;
553 } 541 }
554 542
555 if (cert && !X509_check_private_key(cert, pkey)) { 543 if (cert && !X509_check_private_key(cert, pkey)) {
556 PKCS7err(PKCS7_F_PKCS7_DECRYPT, 544 PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
557 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
558 return 0; 545 return 0;
559 } 546 }
560 547
561 if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { 548 if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
562 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); 549 PKCS7error(PKCS7_R_DECRYPT_ERROR);
563 return 0; 550 return 0;
564 } 551 }
565 552
@@ -568,7 +555,7 @@ PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
568 555
569 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ 556 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
570 if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { 557 if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
571 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); 558 PKCS7error(ERR_R_MALLOC_FAILURE);
572 BIO_free_all(tmpmem); 559 BIO_free_all(tmpmem);
573 return 0; 560 return 0;
574 } 561 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 08:09:04 +0000