summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2014-06-29 17:05:36 +0000
committerjsing <>2014-06-29 17:05:36 +0000
commit65797b47d303414106c290cf6f046b5e030a6eaf (patch)
treea4b77bc415a0ed73aa4cc548cf42bb540b90de9d /src
parenta0b0af8d68705c778afa7d47ffc5ad421a87d2c1 (diff)
downloadopenbsd-65797b47d303414106c290cf6f046b5e030a6eaf.tar.gz
openbsd-65797b47d303414106c290cf6f046b5e030a6eaf.tar.bz2
openbsd-65797b47d303414106c290cf6f046b5e030a6eaf.zip
KNF.
I just spent too long chasing a bug in here and really should have done this first. Gem of the day... is it an if test or a for loop? No, it is a super ifloop! if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/pkcs7/bio_pk7.c7
-rw-r--r--src/lib/libcrypto/pkcs7/example.c402
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_asn1.c77
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_attr.c97
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_dgst.c14
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c1186
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_enc.c23
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_lib.c656
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c40
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c444
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7err.c223
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/bio_pk7.c7
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/example.c402
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c77
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_attr.c97
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c14
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_doit.c1186
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_enc.c23
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_lib.c656
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_mime.c40
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_smime.c444
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pkcs7err.c223
22 files changed, 3126 insertions, 3212 deletions
diff --git a/src/lib/libcrypto/pkcs7/bio_pk7.c b/src/lib/libcrypto/pkcs7/bio_pk7.c
index 3d9eba9713..0e4a4f7559 100644
--- a/src/lib/libcrypto/pkcs7/bio_pk7.c
+++ b/src/lib/libcrypto/pkcs7/bio_pk7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bio_pk7.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: bio_pk7.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -59,7 +59,8 @@
59#include <stdio.h> 59#include <stdio.h>
60 60
61/* Streaming encode support for PKCS#7 */ 61/* Streaming encode support for PKCS#7 */
62BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 62BIO *
63BIO_new_PKCS7(BIO *out, PKCS7 *p7)
63{ 64{
64 return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); 65 return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
65} 66}
diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c
index 611c27b113..2dc1b655b1 100644
--- a/src/lib/libcrypto/pkcs7/example.c
+++ b/src/lib/libcrypto/pkcs7/example.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: example.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: example.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */
2#include <stdio.h> 2#include <stdio.h>
3#include <stdlib.h> 3#include <stdlib.h>
4#include <string.h> 4#include <string.h>
@@ -6,325 +6,335 @@
6#include <openssl/asn1_mac.h> 6#include <openssl/asn1_mac.h>
7#include <openssl/x509.h> 7#include <openssl/x509.h>
8 8
9int add_signed_time(PKCS7_SIGNER_INFO *si) 9int
10 { 10add_signed_time(PKCS7_SIGNER_INFO *si)
11{
11 ASN1_UTCTIME *sign_time; 12 ASN1_UTCTIME *sign_time;
12 13
13 /* The last parameter is the amount to add/subtract from the current 14 /* The last parameter is the amount to add/subtract from the current
14 * time (in seconds) */ 15 * time (in seconds) */
15 sign_time=X509_gmtime_adj(NULL,0); 16 sign_time = X509_gmtime_adj(NULL, 0);
16 PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime, 17 PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
17 V_ASN1_UTCTIME,(char *)sign_time); 18 V_ASN1_UTCTIME, (char *)sign_time);
18 return(1); 19 return (1);
19 } 20}
20 21
21ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si) 22ASN1_UTCTIME *
22 { 23get_signed_time(PKCS7_SIGNER_INFO *si)
24{
23 ASN1_TYPE *so; 25 ASN1_TYPE *so;
24 26
25 so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime); 27 so = PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime);
26 if (so->type == V_ASN1_UTCTIME) 28 if (so->type == V_ASN1_UTCTIME)
27 return so->value.utctime; 29 return so->value.utctime;
28 return NULL; 30 return NULL;
29 } 31}
30
31static int signed_string_nid= -1;
32 32
33void add_signed_string(PKCS7_SIGNER_INFO *si, char *str) 33static int signed_string_nid = -1;
34 { 34
35void
36add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
37{
35 ASN1_OCTET_STRING *os; 38 ASN1_OCTET_STRING *os;
36 39
37 /* To a an object of OID 1.2.3.4.5, which is an octet string */ 40 /* To a an object of OID 1.2.3.4.5, which is an octet string */
38 if (signed_string_nid == -1) 41 if (signed_string_nid == -1)
39 signed_string_nid= 42 signed_string_nid =
40 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 43 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
41 os=ASN1_OCTET_STRING_new(); 44 os = ASN1_OCTET_STRING_new();
42 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); 45 ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
43 /* When we add, we do not free */ 46 /* When we add, we do not free */
44 PKCS7_add_signed_attribute(si,signed_string_nid, 47 PKCS7_add_signed_attribute(si, signed_string_nid,
45 V_ASN1_OCTET_STRING,(char *)os); 48 V_ASN1_OCTET_STRING, (char *)os);
46 } 49}
47 50
48int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) 51int
49 { 52get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
53{
50 ASN1_TYPE *so; 54 ASN1_TYPE *so;
51 ASN1_OCTET_STRING *os; 55 ASN1_OCTET_STRING *os;
52 int i; 56 int i;
53 57
54 if (signed_string_nid == -1) 58 if (signed_string_nid == -1)
55 signed_string_nid= 59 signed_string_nid =
56 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 60 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
57 /* To retrieve */ 61 /* To retrieve */
58 so=PKCS7_get_signed_attribute(si,signed_string_nid); 62 so = PKCS7_get_signed_attribute(si, signed_string_nid);
59 if (so != NULL) 63 if (so != NULL) {
60 { 64 if (so->type == V_ASN1_OCTET_STRING) {
61 if (so->type == V_ASN1_OCTET_STRING) 65 os = so->value.octet_string;
62 { 66 i = os->length;
63 os=so->value.octet_string; 67 if ((i + 1) > len)
64 i=os->length; 68 i = len - 1;
65 if ((i+1) > len) 69 memcpy(buf, os->data, i);
66 i=len-1; 70 return (i);
67 memcpy(buf,os->data,i);
68 return(i);
69 }
70 } 71 }
71 return(0);
72 } 72 }
73 return (0);
74}
73 75
74static int signed_seq2string_nid= -1; 76static int signed_seq2string_nid = -1;
75/* ########################################### */ 77/* ########################################### */
76int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) 78int
77 { 79add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
80{
78 /* To add an object of OID 1.9.999, which is a sequence containing 81 /* To add an object of OID 1.9.999, which is a sequence containing
79 * 2 octet strings */ 82 * 2 octet strings */
80 unsigned char *p; 83 unsigned char *p;
81 ASN1_OCTET_STRING *os1,*os2; 84 ASN1_OCTET_STRING *os1, *os2;
82 ASN1_STRING *seq; 85 ASN1_STRING *seq;
83 unsigned char *data; 86 unsigned char *data;
84 int i,total; 87 int i, total;
85 88
86 if (signed_seq2string_nid == -1) 89 if (signed_seq2string_nid == -1)
87 signed_seq2string_nid= 90 signed_seq2string_nid =
88 OBJ_create("1.9.9999","OID_example","Our example OID"); 91 OBJ_create("1.9.9999","OID_example","Our example OID");
89 92
90 os1=ASN1_OCTET_STRING_new(); 93 os1 = ASN1_OCTET_STRING_new();
91 os2=ASN1_OCTET_STRING_new(); 94 os2 = ASN1_OCTET_STRING_new();
92 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); 95 ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
93 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); 96 ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
94 i =i2d_ASN1_OCTET_STRING(os1,NULL); 97 i = i2d_ASN1_OCTET_STRING(os1, NULL);
95 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 98 i += i2d_ASN1_OCTET_STRING(os2, NULL);
96 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 99 total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
97 100
98 data=malloc(total); 101 data = malloc(total);
99 p=data; 102 p = data;
100 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); 103 ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
101 i2d_ASN1_OCTET_STRING(os1,&p); 104 i2d_ASN1_OCTET_STRING(os1, &p);
102 i2d_ASN1_OCTET_STRING(os2,&p); 105 i2d_ASN1_OCTET_STRING(os2, &p);
103 106
104 seq=ASN1_STRING_new(); 107 seq = ASN1_STRING_new();
105 ASN1_STRING_set(seq,data,total); 108 ASN1_STRING_set(seq, data, total);
106 free(data); 109 free(data);
107 ASN1_OCTET_STRING_free(os1); 110 ASN1_OCTET_STRING_free(os1);
108 ASN1_OCTET_STRING_free(os2); 111 ASN1_OCTET_STRING_free(os2);
109 112
110 PKCS7_add_signed_attribute(si,signed_seq2string_nid, 113 PKCS7_add_signed_attribute(si, signed_seq2string_nid,
111 V_ASN1_SEQUENCE,(char *)seq); 114 V_ASN1_SEQUENCE, (char *)seq);
112 return(1); 115 return (1);
113 } 116}
114 117
115/* For this case, I will malloc the return strings */ 118/* For this case, I will malloc the return strings */
116int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) 119int
117 { 120get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
121{
118 ASN1_TYPE *so; 122 ASN1_TYPE *so;
119 123
120 if (signed_seq2string_nid == -1) 124 if (signed_seq2string_nid == -1)
121 signed_seq2string_nid= 125 signed_seq2string_nid =
122 OBJ_create("1.9.9999","OID_example","Our example OID"); 126 OBJ_create("1.9.9999","OID_example","Our example OID");
123 /* To retrieve */ 127 /* To retrieve */
124 so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); 128 so = PKCS7_get_signed_attribute(si, signed_seq2string_nid);
125 if (so && (so->type == V_ASN1_SEQUENCE)) 129 if (so && (so->type == V_ASN1_SEQUENCE)) {
126 {
127 ASN1_const_CTX c; 130 ASN1_const_CTX c;
128 ASN1_STRING *s; 131 ASN1_STRING *s;
129 long length; 132 long length;
130 ASN1_OCTET_STRING *os1,*os2; 133 ASN1_OCTET_STRING *os1, *os2;
131 134
132 s=so->value.sequence; 135 s = so->value.sequence;
133 c.p=ASN1_STRING_data(s); 136 c.p = ASN1_STRING_data(s);
134 c.max=c.p+ASN1_STRING_length(s); 137 c.max = c.p + ASN1_STRING_length(s);
135 if (!asn1_GetSequence(&c,&length)) goto err; 138 if (!asn1_GetSequence(&c, &length))
139 goto err;
136 /* Length is the length of the seqence */ 140 /* Length is the length of the seqence */
137 141
138 c.q=c.p; 142 c.q = c.p;
139 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 143 if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
140 goto err; 144 goto err;
141 c.slen-=(c.p-c.q); 145 c.slen -= (c.p - c.q);
142 146
143 c.q=c.p; 147 c.q = c.p;
144 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 148 if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
145 goto err; 149 goto err;
146 c.slen-=(c.p-c.q); 150 c.slen -= (c.p - c.q);
147 151
148 if (!asn1_const_Finish(&c)) goto err; 152 if (!asn1_const_Finish(&c))
149 *str1=malloc(os1->length+1); 153 goto err;
150 *str2=malloc(os2->length+1); 154 *str1 = malloc(os1->length + 1);
151 memcpy(*str1,os1->data,os1->length); 155 *str2 = malloc(os2->length + 1);
152 memcpy(*str2,os2->data,os2->length); 156 memcpy(*str1, os1->data, os1->length);
157 memcpy(*str2, os2->data, os2->length);
153 (*str1)[os1->length]='\0'; 158 (*str1)[os1->length]='\0';
154 (*str2)[os2->length]='\0'; 159 (*str2)[os2->length]='\0';
155 ASN1_OCTET_STRING_free(os1); 160 ASN1_OCTET_STRING_free(os1);
156 ASN1_OCTET_STRING_free(os2); 161 ASN1_OCTET_STRING_free(os2);
157 return(1); 162 return (1);
158 }
159err:
160 return(0);
161 } 163 }
164err:
165 return (0);
166}
162 167
163 168
164/* ####################################### 169/* #######################################
165 * THE OTHER WAY TO DO THINGS 170 * THE OTHER WAY TO DO THINGS
166 * ####################################### 171 * #######################################
167 */ 172 */
168X509_ATTRIBUTE *create_time(void) 173X509_ATTRIBUTE *
169 { 174create_time(void)
175{
170 ASN1_UTCTIME *sign_time; 176 ASN1_UTCTIME *sign_time;
171 X509_ATTRIBUTE *ret; 177 X509_ATTRIBUTE *ret;
172 178
173 /* The last parameter is the amount to add/subtract from the current 179 /* The last parameter is the amount to add/subtract from the current
174 * time (in seconds) */ 180 * time (in seconds) */
175 sign_time=X509_gmtime_adj(NULL,0); 181 sign_time = X509_gmtime_adj(NULL, 0);
176 ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime, 182 ret = X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
177 V_ASN1_UTCTIME,(char *)sign_time); 183 V_ASN1_UTCTIME, (char *)sign_time);
178 return(ret); 184 return (ret);
179 } 185}
180 186
181ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) 187ASN1_UTCTIME *
182 { 188sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
189{
183 ASN1_TYPE *so; 190 ASN1_TYPE *so;
184 PKCS7_SIGNER_INFO si; 191 PKCS7_SIGNER_INFO si;
185 192
186 si.auth_attr=sk; 193 si.auth_attr = sk;
187 so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime); 194 so = PKCS7_get_signed_attribute(&si, NID_pkcs9_signingTime);
188 if (so->type == V_ASN1_UTCTIME) 195 if (so->type == V_ASN1_UTCTIME)
189 return so->value.utctime; 196 return so->value.utctime;
190 return NULL; 197 return NULL;
191 } 198}
192 199
193X509_ATTRIBUTE *create_string(char *str) 200X509_ATTRIBUTE *
194 { 201create_string(char *str)
202{
195 ASN1_OCTET_STRING *os; 203 ASN1_OCTET_STRING *os;
196 X509_ATTRIBUTE *ret; 204 X509_ATTRIBUTE *ret;
197 205
198 /* To a an object of OID 1.2.3.4.5, which is an octet string */ 206 /* To a an object of OID 1.2.3.4.5, which is an octet string */
199 if (signed_string_nid == -1) 207 if (signed_string_nid == -1)
200 signed_string_nid= 208 signed_string_nid =
201 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 209 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
202 os=ASN1_OCTET_STRING_new(); 210 os = ASN1_OCTET_STRING_new();
203 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); 211 ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
204 /* When we add, we do not free */ 212 /* When we add, we do not free */
205 ret=X509_ATTRIBUTE_create(signed_string_nid, 213 ret = X509_ATTRIBUTE_create(signed_string_nid,
206 V_ASN1_OCTET_STRING,(char *)os); 214 V_ASN1_OCTET_STRING, (char *)os);
207 return(ret); 215 return (ret);
208 } 216}
209 217
210int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) 218int
211 { 219sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
220{
212 ASN1_TYPE *so; 221 ASN1_TYPE *so;
213 ASN1_OCTET_STRING *os; 222 ASN1_OCTET_STRING *os;
214 int i; 223 int i;
215 PKCS7_SIGNER_INFO si; 224 PKCS7_SIGNER_INFO si;
216 225
217 si.auth_attr=sk; 226 si.auth_attr = sk;
218 227
219 if (signed_string_nid == -1) 228 if (signed_string_nid == -1)
220 signed_string_nid= 229 signed_string_nid =
221 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 230 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
222 /* To retrieve */ 231 /* To retrieve */
223 so=PKCS7_get_signed_attribute(&si,signed_string_nid); 232 so = PKCS7_get_signed_attribute(&si, signed_string_nid);
224 if (so != NULL) 233 if (so != NULL) {
225 { 234 if (so->type == V_ASN1_OCTET_STRING) {
226 if (so->type == V_ASN1_OCTET_STRING) 235 os = so->value.octet_string;
227 { 236 i = os->length;
228 os=so->value.octet_string; 237 if ((i + 1) > len)
229 i=os->length; 238 i = len - 1;
230 if ((i+1) > len) 239 memcpy(buf, os->data, i);
231 i=len-1; 240 return (i);
232 memcpy(buf,os->data,i);
233 return(i);
234 }
235 } 241 }
236 return(0);
237 } 242 }
243 return (0);
244}
238 245
239X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) 246X509_ATTRIBUTE *
240 { 247add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
248{
241 /* To add an object of OID 1.9.999, which is a sequence containing 249 /* To add an object of OID 1.9.999, which is a sequence containing
242 * 2 octet strings */ 250 * 2 octet strings */
243 unsigned char *p; 251 unsigned char *p;
244 ASN1_OCTET_STRING *os1,*os2; 252 ASN1_OCTET_STRING *os1, *os2;
245 ASN1_STRING *seq; 253 ASN1_STRING *seq;
246 X509_ATTRIBUTE *ret; 254 X509_ATTRIBUTE *ret;
247 unsigned char *data; 255 unsigned char *data;
248 int i,total; 256 int i, total;
249 257
250 if (signed_seq2string_nid == -1) 258 if (signed_seq2string_nid == -1)
251 signed_seq2string_nid= 259 signed_seq2string_nid =
252 OBJ_create("1.9.9999","OID_example","Our example OID"); 260 OBJ_create("1.9.9999","OID_example","Our example OID");
253 261
254 os1=ASN1_OCTET_STRING_new(); 262 os1 = ASN1_OCTET_STRING_new();
255 os2=ASN1_OCTET_STRING_new(); 263 os2 = ASN1_OCTET_STRING_new();
256 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); 264 ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
257 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); 265 ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
258 i =i2d_ASN1_OCTET_STRING(os1,NULL); 266 i = i2d_ASN1_OCTET_STRING(os1, NULL);
259 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 267 i += i2d_ASN1_OCTET_STRING(os2, NULL);
260 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 268 total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
261 269
262 data=malloc(total); 270 data = malloc(total);
263 p=data; 271 p = data;
264 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); 272 ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
265 i2d_ASN1_OCTET_STRING(os1,&p); 273 i2d_ASN1_OCTET_STRING(os1, &p);
266 i2d_ASN1_OCTET_STRING(os2,&p); 274 i2d_ASN1_OCTET_STRING(os2, &p);
267 275
268 seq=ASN1_STRING_new(); 276 seq = ASN1_STRING_new();
269 ASN1_STRING_set(seq,data,total); 277 ASN1_STRING_set(seq, data, total);
270 free(data); 278 free(data);
271 ASN1_OCTET_STRING_free(os1); 279 ASN1_OCTET_STRING_free(os1);
272 ASN1_OCTET_STRING_free(os2); 280 ASN1_OCTET_STRING_free(os2);
273 281
274 ret=X509_ATTRIBUTE_create(signed_seq2string_nid, 282 ret = X509_ATTRIBUTE_create(signed_seq2string_nid,
275 V_ASN1_SEQUENCE,(char *)seq); 283 V_ASN1_SEQUENCE, (char *)seq);
276 return(ret); 284 return (ret);
277 } 285}
278 286
279/* For this case, I will malloc the return strings */ 287/* For this case, I will malloc the return strings */
280int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) 288int
281 { 289sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
290{
282 ASN1_TYPE *so; 291 ASN1_TYPE *so;
283 PKCS7_SIGNER_INFO si; 292 PKCS7_SIGNER_INFO si;
284 293
285 if (signed_seq2string_nid == -1) 294 if (signed_seq2string_nid == -1)
286 signed_seq2string_nid= 295 signed_seq2string_nid =
287 OBJ_create("1.9.9999","OID_example","Our example OID"); 296 OBJ_create("1.9.9999","OID_example","Our example OID");
288 297
289 si.auth_attr=sk; 298 si.auth_attr = sk;
290 /* To retrieve */ 299 /* To retrieve */
291 so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); 300 so = PKCS7_get_signed_attribute(&si, signed_seq2string_nid);
292 if (so->type == V_ASN1_SEQUENCE) 301 if (so->type == V_ASN1_SEQUENCE) {
293 {
294 ASN1_const_CTX c; 302 ASN1_const_CTX c;
295 ASN1_STRING *s; 303 ASN1_STRING *s;
296 long length; 304 long length;
297 ASN1_OCTET_STRING *os1,*os2; 305 ASN1_OCTET_STRING *os1, *os2;
298 306
299 s=so->value.sequence; 307 s = so->value.sequence;
300 c.p=ASN1_STRING_data(s); 308 c.p = ASN1_STRING_data(s);
301 c.max=c.p+ASN1_STRING_length(s); 309 c.max = c.p + ASN1_STRING_length(s);
302 if (!asn1_GetSequence(&c,&length)) goto err; 310 if (!asn1_GetSequence(&c, &length))
311 goto err;
303 /* Length is the length of the seqence */ 312 /* Length is the length of the seqence */
304 313
305 c.q=c.p; 314 c.q = c.p;
306 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 315 if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
307 goto err; 316 goto err;
308 c.slen-=(c.p-c.q); 317 c.slen -= (c.p - c.q);
309 318
310 c.q=c.p; 319 c.q = c.p;
311 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 320 if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
312 goto err; 321 goto err;
313 c.slen-=(c.p-c.q); 322 c.slen -= (c.p - c.q);
314 323
315 if (!asn1_const_Finish(&c)) goto err; 324 if (!asn1_const_Finish(&c))
316 *str1=malloc(os1->length+1); 325 goto err;
317 *str2=malloc(os2->length+1); 326 *str1 = malloc(os1->length + 1);
318 memcpy(*str1,os1->data,os1->length); 327 *str2 = malloc(os2->length + 1);
319 memcpy(*str2,os2->data,os2->length); 328 memcpy(*str1, os1->data, os1->length);
329 memcpy(*str2, os2->data, os2->length);
320 (*str1)[os1->length]='\0'; 330 (*str1)[os1->length]='\0';
321 (*str2)[os2->length]='\0'; 331 (*str2)[os2->length]='\0';
322 ASN1_OCTET_STRING_free(os1); 332 ASN1_OCTET_STRING_free(os1);
323 ASN1_OCTET_STRING_free(os2); 333 ASN1_OCTET_STRING_free(os2);
324 return(1); 334 return (1);
325 }
326err:
327 return(0);
328 } 335 }
336err:
337 return (0);
338}
329 339
330 340
diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c
index e3a5b53d75..8be5447518 100644
--- a/src/lib/libcrypto/pkcs7/pk7_asn1.c
+++ b/src/lib/libcrypto/pkcs7/pk7_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_asn1.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_asn1.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -69,40 +69,45 @@
69ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); 69ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
70 70
71ASN1_ADB(PKCS7) = { 71ASN1_ADB(PKCS7) = {
72 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), 72 ADB_ENTRY(NID_pkcs7_data,
73 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), 73 ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
74 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), 74 ADB_ENTRY(NID_pkcs7_signed,
75 ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), 75 ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
76 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), 76 ADB_ENTRY(NID_pkcs7_enveloped,
77 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) 77 ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
78 ADB_ENTRY(NID_pkcs7_signedAndEnveloped,
79 ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped,
80 PKCS7_SIGN_ENVELOPE, 0)),
81 ADB_ENTRY(NID_pkcs7_digest,
82 ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
83 ADB_ENTRY(NID_pkcs7_encrypted,
84 ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
78} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); 85} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
79 86
80/* PKCS#7 streaming support */ 87/* PKCS#7 streaming support */
81static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 88static int
82 void *exarg) 89pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
83{ 90{
84 ASN1_STREAM_ARG *sarg = exarg; 91 ASN1_STREAM_ARG *sarg = exarg;
85 PKCS7 **pp7 = (PKCS7 **)pval; 92 PKCS7 **pp7 = (PKCS7 **)pval;
86 93
87 switch(operation) 94 switch (operation) {
88 { 95 case ASN1_OP_STREAM_PRE:
89
90 case ASN1_OP_STREAM_PRE:
91 if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) 96 if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
92 return 0; 97 return 0;
93 case ASN1_OP_DETACHED_PRE: 98
99 case ASN1_OP_DETACHED_PRE:
94 sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); 100 sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
95 if (!sarg->ndef_bio) 101 if (!sarg->ndef_bio)
96 return 0; 102 return 0;
97 break; 103 break;
98 104
99 case ASN1_OP_STREAM_POST: 105 case ASN1_OP_STREAM_POST:
100 case ASN1_OP_DETACHED_POST: 106 case ASN1_OP_DETACHED_POST:
101 if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) 107 if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
102 return 0; 108 return 0;
103 break; 109 break;
104 110 }
105 }
106 return 1; 111 return 1;
107} 112}
108 113
@@ -127,10 +132,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
127IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) 132IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
128 133
129/* Minor tweak to operation: free up EVP_PKEY */ 134/* Minor tweak to operation: free up EVP_PKEY */
130static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 135static int
131 void *exarg) 136si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
132{ 137{
133 if(operation == ASN1_OP_FREE_POST) { 138 if (operation == ASN1_OP_FREE_POST) {
134 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; 139 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
135 EVP_PKEY_free(si->pkey); 140 EVP_PKEY_free(si->pkey);
136 } 141 }
@@ -139,14 +144,16 @@ static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
139 144
140ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { 145ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
141 ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), 146 ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
142 ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), 147 ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial,
148 PKCS7_ISSUER_AND_SERIAL),
143 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), 149 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
144 /* NB this should be a SET OF but we use a SEQUENCE OF so the 150 /* NB this should be a SET OF but we use a SEQUENCE OF so the
145 * original order * is retained when the structure is reencoded. 151 * original order * is retained when the structure is reencoded.
146 * Since the attributes are implicitly tagged this will not affect 152 * Since the attributes are implicitly tagged this will not affect
147 * the encoding. 153 * the encoding.
148 */ 154 */
149 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), 155 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr,
156 X509_ATTRIBUTE, 0),
150 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), 157 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
151 ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), 158 ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
152 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) 159 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
@@ -170,10 +177,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
170IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) 177IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
171 178
172/* Minor tweak to operation: free up X509 */ 179/* Minor tweak to operation: free up X509 */
173static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 180static int
174 void *exarg) 181ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
175{ 182{
176 if(operation == ASN1_OP_FREE_POST) { 183 if (operation == ASN1_OP_FREE_POST) {
177 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; 184 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
178 X509_free(ri->cert); 185 X509_free(ri->cert);
179 } 186 }
@@ -182,7 +189,8 @@ static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
182 189
183ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { 190ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
184 ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), 191 ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
185 ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), 192 ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial,
193 PKCS7_ISSUER_AND_SERIAL),
186 ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), 194 ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
187 ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) 195 ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
188} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) 196} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
@@ -231,17 +239,18 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
231 * encoding. 239 * encoding.
232 */ 240 */
233 241
234ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 242ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
235 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) 243 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES,
244 X509_ATTRIBUTE)
236ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) 245ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
237 246
238/* When verifying attributes we need to use the received order. So 247/* When verifying attributes we need to use the received order. So
239 * we use SEQUENCE OF and tag it to SET OF 248 * we use SEQUENCE OF and tag it to SET OF
240 */ 249 */
241 250
242ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 251ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
243 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 252 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG |
244 V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) 253 ASN1_TFLG_UNIVERSAL, V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
245ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) 254ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
246 255
247IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) 256IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index f4c2fadac9..2f4d5089f5 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_attr.c,v 1.8 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_attr.c,v 1.9 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -66,21 +66,24 @@
66#include <openssl/x509.h> 66#include <openssl/x509.h>
67#include <openssl/err.h> 67#include <openssl/err.h>
68 68
69int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) 69int
70PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
70{ 71{
71 ASN1_STRING *seq; 72 ASN1_STRING *seq;
72 if(!(seq = ASN1_STRING_new())) { 73 if (!(seq = ASN1_STRING_new())) {
73 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); 74 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,
75 ERR_R_MALLOC_FAILURE);
74 return 0; 76 return 0;
75 } 77 }
76 seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data, 78 seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
77 ASN1_ITEM_rptr(X509_ALGORS)); 79 ASN1_ITEM_rptr(X509_ALGORS));
78 return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, 80 return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
79 V_ASN1_SEQUENCE, seq); 81 V_ASN1_SEQUENCE, seq);
80} 82}
81 83
82STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) 84STACK_OF(X509_ALGOR) *
83 { 85PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
86{
84 ASN1_TYPE *cap; 87 ASN1_TYPE *cap;
85 const unsigned char *p; 88 const unsigned char *p;
86 89
@@ -89,33 +92,37 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
89 return NULL; 92 return NULL;
90 p = cap->value.sequence->data; 93 p = cap->value.sequence->data;
91 return (STACK_OF(X509_ALGOR) *) 94 return (STACK_OF(X509_ALGOR) *)
92 ASN1_item_d2i(NULL, &p, cap->value.sequence->length, 95 ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
93 ASN1_ITEM_rptr(X509_ALGORS)); 96 ASN1_ITEM_rptr(X509_ALGORS));
94 } 97}
95 98
96/* Basic smime-capabilities OID and optional integer arg */ 99/* Basic smime-capabilities OID and optional integer arg */
97int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) 100int
101PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
98{ 102{
99 X509_ALGOR *alg; 103 X509_ALGOR *alg;
100 104
101 if(!(alg = X509_ALGOR_new())) { 105 if (!(alg = X509_ALGOR_new())) {
102 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 106 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
103 return 0; 107 return 0;
104 } 108 }
105 ASN1_OBJECT_free(alg->algorithm); 109 ASN1_OBJECT_free(alg->algorithm);
106 alg->algorithm = OBJ_nid2obj (nid); 110 alg->algorithm = OBJ_nid2obj (nid);
107 if (arg > 0) { 111 if (arg > 0) {
108 ASN1_INTEGER *nbit; 112 ASN1_INTEGER *nbit;
109 if(!(alg->parameter = ASN1_TYPE_new())) { 113 if (!(alg->parameter = ASN1_TYPE_new())) {
110 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 114 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
115 ERR_R_MALLOC_FAILURE);
111 return 0; 116 return 0;
112 } 117 }
113 if(!(nbit = ASN1_INTEGER_new())) { 118 if (!(nbit = ASN1_INTEGER_new())) {
114 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 119 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
120 ERR_R_MALLOC_FAILURE);
115 return 0; 121 return 0;
116 } 122 }
117 if(!ASN1_INTEGER_set (nbit, arg)) { 123 if (!ASN1_INTEGER_set (nbit, arg)) {
118 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 124 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
125 ERR_R_MALLOC_FAILURE);
119 return 0; 126 return 0;
120 } 127 }
121 alg->parameter->value.integer = nbit; 128 alg->parameter->value.integer = nbit;
@@ -125,41 +132,43 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
125 return 1; 132 return 1;
126} 133}
127 134
128int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) 135int
129 { 136PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
137{
130 if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) 138 if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
131 return 0; 139 return 0;
132 if (!coid) 140 if (!coid)
133 coid = OBJ_nid2obj(NID_pkcs7_data); 141 coid = OBJ_nid2obj(NID_pkcs7_data);
134 return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, 142 return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
135 V_ASN1_OBJECT, coid); 143 V_ASN1_OBJECT, coid);
136 } 144}
137 145
138int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) 146int
139 { 147PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
140 if (!t && !(t=X509_gmtime_adj(NULL,0))) 148{
141 { 149 if (!t && !(t = X509_gmtime_adj(NULL, 0))) {
142 PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 150 PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
143 ERR_R_MALLOC_FAILURE); 151 ERR_R_MALLOC_FAILURE);
144 return 0; 152 return 0;
145 }
146 return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
147 V_ASN1_UTCTIME, t);
148 } 153 }
154 return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
155 V_ASN1_UTCTIME, t);
156}
149 157
150int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, 158int
151 const unsigned char *md, int mdlen) 159PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, const unsigned char *md,
152 { 160 int mdlen)
161{
153 ASN1_OCTET_STRING *os; 162 ASN1_OCTET_STRING *os;
163
154 os = ASN1_OCTET_STRING_new(); 164 os = ASN1_OCTET_STRING_new();
155 if (!os) 165 if (!os)
156 return 0; 166 return 0;
157 if (!ASN1_STRING_set(os, md, mdlen) 167 if (!ASN1_STRING_set(os, md, mdlen) ||
158 || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, 168 !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
159 V_ASN1_OCTET_STRING, os)) 169 V_ASN1_OCTET_STRING, os)) {
160 {
161 ASN1_OCTET_STRING_free(os); 170 ASN1_OCTET_STRING_free(os);
162 return 0; 171 return 0;
163 }
164 return 1;
165 } 172 }
173 return 1;
174}
diff --git a/src/lib/libcrypto/pkcs7/pk7_dgst.c b/src/lib/libcrypto/pkcs7/pk7_dgst.c
index 13578443bc..225dc2fd97 100644
--- a/src/lib/libcrypto/pkcs7/pk7_dgst.c
+++ b/src/lib/libcrypto/pkcs7/pk7_dgst.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_dgst.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_dgst.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index 5d85f6e124..46f9c2b8c6 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_doit.c,v 1.22 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_doit.c,v 1.23 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,82 +65,82 @@
65#include <openssl/err.h> 65#include <openssl/err.h>
66 66
67static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 67static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
68 void *value); 68 void *value);
69static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); 69static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
70 70
71static int PKCS7_type_is_other(PKCS7* p7) 71static int
72 { 72PKCS7_type_is_other(PKCS7* p7)
73 int isOther=1; 73{
74 74 int isOther = 1;
75 int nid=OBJ_obj2nid(p7->type); 75
76 int nid = OBJ_obj2nid(p7->type);
76 77
77 switch( nid ) 78 switch (nid ) {
78 {
79 case NID_pkcs7_data: 79 case NID_pkcs7_data:
80 case NID_pkcs7_signed: 80 case NID_pkcs7_signed:
81 case NID_pkcs7_enveloped: 81 case NID_pkcs7_enveloped:
82 case NID_pkcs7_signedAndEnveloped: 82 case NID_pkcs7_signedAndEnveloped:
83 case NID_pkcs7_digest: 83 case NID_pkcs7_digest:
84 case NID_pkcs7_encrypted: 84 case NID_pkcs7_encrypted:
85 isOther=0; 85 isOther = 0;
86 break; 86 break;
87 default: 87 default:
88 isOther=1; 88 isOther = 1;
89 } 89 }
90 90
91 return isOther; 91 return isOther;
92 92
93 } 93}
94 94
95static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) 95static ASN1_OCTET_STRING *
96 { 96PKCS7_get_octet_string(PKCS7 *p7)
97 if ( PKCS7_type_is_data(p7)) 97{
98 if (PKCS7_type_is_data(p7))
98 return p7->d.data; 99 return p7->d.data;
99 if ( PKCS7_type_is_other(p7) && p7->d.other 100 if (PKCS7_type_is_other(p7) && p7->d.other &&
100 && (p7->d.other->type == V_ASN1_OCTET_STRING)) 101 (p7->d.other->type == V_ASN1_OCTET_STRING))
101 return p7->d.other->value.octet_string; 102 return p7->d.other->value.octet_string;
102 return NULL; 103 return NULL;
103 } 104}
104 105
105static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) 106static int
106 { 107PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
108{
107 BIO *btmp; 109 BIO *btmp;
108 const EVP_MD *md; 110 const EVP_MD *md;
109 if ((btmp=BIO_new(BIO_f_md())) == NULL) 111 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
110 { 112 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
111 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
112 goto err; 113 goto err;
113 } 114 }
114 115
115 md=EVP_get_digestbyobj(alg->algorithm); 116 md = EVP_get_digestbyobj(alg->algorithm);
116 if (md == NULL) 117 if (md == NULL) {
117 { 118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,
118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); 119 PKCS7_R_UNKNOWN_DIGEST_TYPE);
119 goto err; 120 goto err;
120 } 121 }
121 122
122 BIO_set_md(btmp,md); 123 BIO_set_md(btmp, md);
123 if (*pbio == NULL) 124 if (*pbio == NULL)
124 *pbio=btmp; 125 *pbio = btmp;
125 else if (!BIO_push(*pbio,btmp)) 126 else if (!BIO_push(*pbio, btmp)) {
126 { 127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
128 goto err; 128 goto err;
129 } 129 }
130 btmp=NULL; 130 btmp = NULL;
131 131
132 return 1; 132 return 1;
133 133
134 err: 134err:
135 if (btmp) 135 if (btmp)
136 BIO_free(btmp); 136 BIO_free(btmp);
137 return 0; 137 return 0;
138 138
139 } 139}
140 140
141static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, 141static int
142 unsigned char *key, int keylen) 142pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
143 { 143{
144 EVP_PKEY_CTX *pctx = NULL; 144 EVP_PKEY_CTX *pctx = NULL;
145 EVP_PKEY *pkey = NULL; 145 EVP_PKEY *pkey = NULL;
146 unsigned char *ek = NULL; 146 unsigned char *ek = NULL;
@@ -148,7 +148,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
148 size_t eklen; 148 size_t eklen;
149 149
150 pkey = X509_get_pubkey(ri->cert); 150 pkey = X509_get_pubkey(ri->cert);
151
152 if (!pkey) 151 if (!pkey)
153 return 0; 152 return 0;
154 153
@@ -160,22 +159,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
160 goto err; 159 goto err;
161 160
162 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 161 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
163 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) 162 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
164 {
165 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); 163 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
166 goto err; 164 goto err;
167 } 165 }
168 166
169 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) 167 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
170 goto err; 168 goto err;
171 169
172 ek = malloc(eklen); 170 ek = malloc(eklen);
173 171
174 if (ek == NULL) 172 if (ek == NULL) {
175 {
176 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); 173 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
177 goto err; 174 goto err;
178 } 175 }
179 176
180 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) 177 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
181 goto err; 178 goto err;
@@ -185,20 +182,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
185 182
186 ret = 1; 183 ret = 1;
187 184
188 err: 185err:
189 if (pkey) 186 if (pkey)
190 EVP_PKEY_free(pkey); 187 EVP_PKEY_free(pkey);
191 if (pctx) 188 if (pctx)
192 EVP_PKEY_CTX_free(pctx); 189 EVP_PKEY_CTX_free(pctx);
193 free(ek); 190 free(ek);
194 return ret; 191 return ret;
195 192}
196 }
197 193
198 194
199static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, 195static int
200 PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) 196pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
201 { 197 EVP_PKEY *pkey)
198{
202 EVP_PKEY_CTX *pctx = NULL; 199 EVP_PKEY_CTX *pctx = NULL;
203 unsigned char *ek = NULL; 200 unsigned char *ek = NULL;
204 size_t eklen; 201 size_t eklen;
@@ -213,95 +210,88 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
213 goto err; 210 goto err;
214 211
215 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 212 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
216 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) 213 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
217 {
218 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); 214 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
219 goto err; 215 goto err;
220 } 216 }
221 217
222 if (EVP_PKEY_decrypt(pctx, NULL, &eklen, 218 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
223 ri->enc_key->data, ri->enc_key->length) <= 0) 219 ri->enc_key->data, ri->enc_key->length) <= 0)
224 goto err; 220 goto err;
225 221
226 ek = malloc(eklen); 222 ek = malloc(eklen);
227 223 if (ek == NULL) {
228 if (ek == NULL)
229 {
230 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); 224 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
231 goto err; 225 goto err;
232 } 226 }
233 227
234 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 228 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
235 ri->enc_key->data, ri->enc_key->length) <= 0) 229 ri->enc_key->data, ri->enc_key->length) <= 0) {
236 {
237 ret = 0; 230 ret = 0;
238 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); 231 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
239 goto err; 232 goto err;
240 } 233 }
241 234
242 ret = 1; 235 ret = 1;
243 236
244 if (*pek) 237 if (*pek) {
245 {
246 OPENSSL_cleanse(*pek, *peklen); 238 OPENSSL_cleanse(*pek, *peklen);
247 free(*pek); 239 free(*pek);
248 } 240 }
249 241
250 *pek = ek; 242 *pek = ek;
251 *peklen = eklen; 243 *peklen = eklen;
252 244
253 err: 245err:
254 if (pctx) 246 if (pctx)
255 EVP_PKEY_CTX_free(pctx); 247 EVP_PKEY_CTX_free(pctx);
256 if (!ret && ek) 248 if (!ret && ek)
257 free(ek); 249 free(ek);
258 250
259 return ret; 251 return ret;
260 } 252}
261 253
262BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 254BIO *
263 { 255PKCS7_dataInit(PKCS7 *p7, BIO *bio)
256{
264 int i; 257 int i;
265 BIO *out=NULL,*btmp=NULL; 258 BIO *out = NULL, *btmp = NULL;
266 X509_ALGOR *xa = NULL; 259 X509_ALGOR *xa = NULL;
267 const EVP_CIPHER *evp_cipher=NULL; 260 const EVP_CIPHER *evp_cipher = NULL;
268 STACK_OF(X509_ALGOR) *md_sk=NULL; 261 STACK_OF(X509_ALGOR) *md_sk = NULL;
269 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 262 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
270 X509_ALGOR *xalg=NULL; 263 X509_ALGOR *xalg = NULL;
271 PKCS7_RECIP_INFO *ri=NULL; 264 PKCS7_RECIP_INFO *ri = NULL;
272 ASN1_OCTET_STRING *os=NULL; 265 ASN1_OCTET_STRING *os = NULL;
273 266
274 i=OBJ_obj2nid(p7->type); 267 i = OBJ_obj2nid(p7->type);
275 p7->state=PKCS7_S_HEADER; 268 p7->state = PKCS7_S_HEADER;
276 269
277 switch (i) 270 switch (i) {
278 {
279 case NID_pkcs7_signed: 271 case NID_pkcs7_signed:
280 md_sk=p7->d.sign->md_algs; 272 md_sk = p7->d.sign->md_algs;
281 os = PKCS7_get_octet_string(p7->d.sign->contents); 273 os = PKCS7_get_octet_string(p7->d.sign->contents);
282 break; 274 break;
283 case NID_pkcs7_signedAndEnveloped: 275 case NID_pkcs7_signedAndEnveloped:
284 rsk=p7->d.signed_and_enveloped->recipientinfo; 276 rsk = p7->d.signed_and_enveloped->recipientinfo;
285 md_sk=p7->d.signed_and_enveloped->md_algs; 277 md_sk = p7->d.signed_and_enveloped->md_algs;
286 xalg=p7->d.signed_and_enveloped->enc_data->algorithm; 278 xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
287 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; 279 evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
288 if (evp_cipher == NULL) 280 if (evp_cipher == NULL) {
289 {
290 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 281 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
291 PKCS7_R_CIPHER_NOT_INITIALIZED); 282 PKCS7_R_CIPHER_NOT_INITIALIZED);
292 goto err; 283 goto err;
293 } 284 }
294 break; 285 break;
295 case NID_pkcs7_enveloped: 286 case NID_pkcs7_enveloped:
296 rsk=p7->d.enveloped->recipientinfo; 287 rsk = p7->d.enveloped->recipientinfo;
297 xalg=p7->d.enveloped->enc_data->algorithm; 288 xalg = p7->d.enveloped->enc_data->algorithm;
298 evp_cipher=p7->d.enveloped->enc_data->cipher; 289 evp_cipher = p7->d.enveloped->enc_data->cipher;
299 if (evp_cipher == NULL) 290 if (evp_cipher == NULL) {
300 {
301 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 291 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
302 PKCS7_R_CIPHER_NOT_INITIALIZED); 292 PKCS7_R_CIPHER_NOT_INITIALIZED);
303 goto err; 293 goto err;
304 } 294 }
305 break; 295 break;
306 case NID_pkcs7_digest: 296 case NID_pkcs7_digest:
307 xa = p7->d.digest->md; 297 xa = p7->d.digest->md;
@@ -310,37 +300,37 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
310 case NID_pkcs7_data: 300 case NID_pkcs7_data:
311 break; 301 break;
312 default: 302 default:
313 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 303 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
314 goto err; 304 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
315 } 305 goto err;
306 }
316 307
317 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 308 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
318 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) 309 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
319 goto err; 310 goto err;
320 311
321 if (xa && !PKCS7_bio_add_digest(&out, xa)) 312 if (xa && !PKCS7_bio_add_digest(&out, xa))
322 goto err; 313 goto err;
323 314
324 if (evp_cipher != NULL) 315 if (evp_cipher != NULL) {
325 {
326 unsigned char key[EVP_MAX_KEY_LENGTH]; 316 unsigned char key[EVP_MAX_KEY_LENGTH];
327 unsigned char iv[EVP_MAX_IV_LENGTH]; 317 unsigned char iv[EVP_MAX_IV_LENGTH];
328 int keylen,ivlen; 318 int keylen, ivlen;
329 EVP_CIPHER_CTX *ctx; 319 EVP_CIPHER_CTX *ctx;
330 320
331 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 321 if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
332 { 322 PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
333 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
334 goto err; 323 goto err;
335 } 324 }
336 BIO_get_cipher_ctx(btmp, &ctx); 325 BIO_get_cipher_ctx(btmp, &ctx);
337 keylen=EVP_CIPHER_key_length(evp_cipher); 326 keylen = EVP_CIPHER_key_length(evp_cipher);
338 ivlen=EVP_CIPHER_iv_length(evp_cipher); 327 ivlen = EVP_CIPHER_iv_length(evp_cipher);
339 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 328 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
340 if (ivlen > 0) 329 if (ivlen > 0)
341 if (RAND_pseudo_bytes(iv,ivlen) <= 0) 330 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
342 goto err; 331 goto err;
343 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) 332 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL,
333 NULL, 1) <= 0)
344 goto err; 334 goto err;
345 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) 335 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
346 goto err; 336 goto err;
@@ -353,167 +343,162 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
353 if (xalg->parameter == NULL) 343 if (xalg->parameter == NULL)
354 goto err; 344 goto err;
355 } 345 }
356 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 346 if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
357 goto err; 347 goto err;
358 } 348 }
359 349
360 /* Lets do the pub key stuff :-) */ 350 /* Lets do the pub key stuff :-) */
361 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 351 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
362 { 352 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
363 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
364 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) 353 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
365 goto err; 354 goto err;
366 } 355 }
367 OPENSSL_cleanse(key, keylen); 356 OPENSSL_cleanse(key, keylen);
368 357
369 if (out == NULL) 358 if (out == NULL)
370 out=btmp; 359 out = btmp;
371 else 360 else
372 BIO_push(out,btmp); 361 BIO_push(out, btmp);
373 btmp=NULL; 362 btmp = NULL;
374 } 363 }
375 364
376 if (bio == NULL) 365 if (bio == NULL) {
377 {
378 if (PKCS7_is_detached(p7)) 366 if (PKCS7_is_detached(p7))
379 bio=BIO_new(BIO_s_null()); 367 bio = BIO_new(BIO_s_null());
380 else if (os && os->length > 0) 368 else if (os && os->length > 0)
381 bio = BIO_new_mem_buf(os->data, os->length); 369 bio = BIO_new_mem_buf(os->data, os->length);
382 if(bio == NULL) 370 if (bio == NULL) {
383 { 371 bio = BIO_new(BIO_s_mem());
384 bio=BIO_new(BIO_s_mem());
385 if (bio == NULL) 372 if (bio == NULL)
386 goto err; 373 goto err;
387 BIO_set_mem_eof_return(bio,0); 374 BIO_set_mem_eof_return(bio, 0);
388 }
389 } 375 }
376 }
390 if (out) 377 if (out)
391 BIO_push(out,bio); 378 BIO_push(out, bio);
392 else 379 else
393 out = bio; 380 out = bio;
394 bio=NULL; 381 bio = NULL;
395 if (0) 382 if (0) {
396 {
397err: 383err:
398 if (out != NULL) 384 if (out != NULL)
399 BIO_free_all(out); 385 BIO_free_all(out);
400 if (btmp != NULL) 386 if (btmp != NULL)
401 BIO_free_all(btmp); 387 BIO_free_all(btmp);
402 out=NULL; 388 out = NULL;
403 }
404 return(out);
405 } 389 }
390 return (out);
391}
406 392
407static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) 393static int
408 { 394pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
395{
409 int ret; 396 int ret;
397
410 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, 398 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
411 pcert->cert_info->issuer); 399 pcert->cert_info->issuer);
412 if (ret) 400 if (ret)
413 return ret; 401 return ret;
414 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, 402 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
415 ri->issuer_and_serial->serial); 403 ri->issuer_and_serial->serial);
416 } 404}
417 405
418/* int */ 406/* int */
419BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 407BIO *
420 { 408PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
421 int i,j; 409{
422 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; 410 int i, j;
411 BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
423 X509_ALGOR *xa; 412 X509_ALGOR *xa;
424 ASN1_OCTET_STRING *data_body=NULL; 413 ASN1_OCTET_STRING *data_body = NULL;
425 const EVP_MD *evp_md; 414 const EVP_MD *evp_md;
426 const EVP_CIPHER *evp_cipher=NULL; 415 const EVP_CIPHER *evp_cipher = NULL;
427 EVP_CIPHER_CTX *evp_ctx=NULL; 416 EVP_CIPHER_CTX *evp_ctx = NULL;
428 X509_ALGOR *enc_alg=NULL; 417 X509_ALGOR *enc_alg = NULL;
429 STACK_OF(X509_ALGOR) *md_sk=NULL; 418 STACK_OF(X509_ALGOR) *md_sk = NULL;
430 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 419 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
431 PKCS7_RECIP_INFO *ri=NULL; 420 PKCS7_RECIP_INFO *ri = NULL;
432 unsigned char *ek = NULL, *tkey = NULL; 421 unsigned char *ek = NULL, *tkey = NULL;
433 int eklen = 0, tkeylen = 0; 422 int eklen = 0, tkeylen = 0;
434 423
435 i=OBJ_obj2nid(p7->type); 424 i = OBJ_obj2nid(p7->type);
436 p7->state=PKCS7_S_HEADER; 425 p7->state = PKCS7_S_HEADER;
437 426
438 switch (i) 427 switch (i) {
439 {
440 case NID_pkcs7_signed: 428 case NID_pkcs7_signed:
441 data_body=PKCS7_get_octet_string(p7->d.sign->contents); 429 data_body = PKCS7_get_octet_string(p7->d.sign->contents);
442 md_sk=p7->d.sign->md_algs; 430 md_sk = p7->d.sign->md_algs;
443 break; 431 break;
444 case NID_pkcs7_signedAndEnveloped: 432 case NID_pkcs7_signedAndEnveloped:
445 rsk=p7->d.signed_and_enveloped->recipientinfo; 433 rsk = p7->d.signed_and_enveloped->recipientinfo;
446 md_sk=p7->d.signed_and_enveloped->md_algs; 434 md_sk = p7->d.signed_and_enveloped->md_algs;
447 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 435 data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
448 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 436 enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
449 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 437 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
450 if (evp_cipher == NULL) 438 if (evp_cipher == NULL) {
451 { 439 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
452 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 440 PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
453 goto err; 441 goto err;
454 } 442 }
455 break; 443 break;
456 case NID_pkcs7_enveloped: 444 case NID_pkcs7_enveloped:
457 rsk=p7->d.enveloped->recipientinfo; 445 rsk = p7->d.enveloped->recipientinfo;
458 enc_alg=p7->d.enveloped->enc_data->algorithm; 446 enc_alg = p7->d.enveloped->enc_data->algorithm;
459 data_body=p7->d.enveloped->enc_data->enc_data; 447 data_body = p7->d.enveloped->enc_data->enc_data;
460 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 448 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
461 if (evp_cipher == NULL) 449 if (evp_cipher == NULL) {
462 { 450 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
463 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 451 PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
464 goto err; 452 goto err;
465 } 453 }
466 break; 454 break;
467 default: 455 default:
468 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 456 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
469 goto err; 457 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
470 } 458 goto err;
459 }
471 460
472 /* We will be checking the signature */ 461 /* We will be checking the signature */
473 if (md_sk != NULL) 462 if (md_sk != NULL) {
474 { 463 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
475 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 464 xa = sk_X509_ALGOR_value(md_sk, i);
476 { 465 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
477 xa=sk_X509_ALGOR_value(md_sk,i); 466 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
478 if ((btmp=BIO_new(BIO_f_md())) == NULL) 467 ERR_R_BIO_LIB);
479 {
480 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
481 goto err; 468 goto err;
482 } 469 }
483 470
484 j=OBJ_obj2nid(xa->algorithm); 471 j = OBJ_obj2nid(xa->algorithm);
485 evp_md=EVP_get_digestbynid(j); 472 evp_md = EVP_get_digestbynid(j);
486 if (evp_md == NULL) 473 if (evp_md == NULL) {
487 { 474 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
488 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 475 PKCS7_R_UNKNOWN_DIGEST_TYPE);
489 goto err; 476 goto err;
490 } 477 }
491 478
492 BIO_set_md(btmp,evp_md); 479 BIO_set_md(btmp, evp_md);
493 if (out == NULL) 480 if (out == NULL)
494 out=btmp; 481 out = btmp;
495 else 482 else
496 BIO_push(out,btmp); 483 BIO_push(out, btmp);
497 btmp=NULL; 484 btmp = NULL;
498 }
499 } 485 }
486 }
500 487
501 if (evp_cipher != NULL) 488 if (evp_cipher != NULL) {
502 {
503#if 0 489#if 0
504 unsigned char key[EVP_MAX_KEY_LENGTH]; 490 unsigned char key[EVP_MAX_KEY_LENGTH];
505 unsigned char iv[EVP_MAX_IV_LENGTH]; 491 unsigned char iv[EVP_MAX_IV_LENGTH];
506 unsigned char *p; 492 unsigned char *p;
507 int keylen,ivlen; 493 int keylen, ivlen;
508 int max; 494 int max;
509 X509_OBJECT ret; 495 X509_OBJECT ret;
510#endif 496#endif
511 497
512 if ((etmp=BIO_new(BIO_f_cipher())) == NULL) 498 if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
513 { 499 PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
514 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
515 goto err; 500 goto err;
516 } 501 }
517 502
518 /* It was encrypted, we need to decrypt the secret key 503 /* It was encrypted, we need to decrypt the secret key
519 * with the private key */ 504 * with the private key */
@@ -521,54 +506,47 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
521 /* Find the recipientInfo which matches the passed certificate 506 /* Find the recipientInfo which matches the passed certificate
522 * (if any) 507 * (if any)
523 */ 508 */
524 509 if (pcert) {
525 if (pcert) 510 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
526 { 511 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
527 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
528 {
529 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
530 if (!pkcs7_cmp_ri(ri, pcert)) 512 if (!pkcs7_cmp_ri(ri, pcert))
531 break; 513 break;
532 ri=NULL; 514 ri = NULL;
533 } 515 }
534 if (ri == NULL) 516 if (ri == NULL) {
535 {
536 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 517 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
537 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 518 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
538 goto err; 519 goto err;
539 }
540 } 520 }
521 }
541 522
542 /* If we haven't got a certificate try each ri in turn */ 523 /* If we haven't got a certificate try each ri in turn */
543 if (pcert == NULL) 524 if (pcert == NULL) {
544 {
545 /* Always attempt to decrypt all rinfo even 525 /* Always attempt to decrypt all rinfo even
546 * after sucess as a defence against MMA timing 526 * after sucess as a defence against MMA timing
547 * attacks. 527 * attacks.
548 */ 528 */
549 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 529 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
550 { 530 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
551 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 531
552
553 if (pkcs7_decrypt_rinfo(&ek, &eklen, 532 if (pkcs7_decrypt_rinfo(&ek, &eklen,
554 ri, pkey) < 0) 533 ri, pkey) < 0)
555 goto err; 534 goto err;
556 ERR_clear_error(); 535 ERR_clear_error();
557 }
558 } 536 }
559 else 537 } else {
560 {
561 /* Only exit on fatal errors, not decrypt failure */ 538 /* Only exit on fatal errors, not decrypt failure */
562 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) 539 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
563 goto err; 540 goto err;
564 ERR_clear_error(); 541 ERR_clear_error();
565 } 542 }
566 543
567 evp_ctx=NULL; 544 evp_ctx = NULL;
568 BIO_get_cipher_ctx(etmp,&evp_ctx); 545 BIO_get_cipher_ctx(etmp, &evp_ctx);
569 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) 546 if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL,
547 NULL, 0) <= 0)
570 goto err; 548 goto err;
571 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 549 if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
572 goto err; 550 goto err;
573 /* Generate random key as MMA defence */ 551 /* Generate random key as MMA defence */
574 tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); 552 tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
@@ -577,257 +555,245 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
577 goto err; 555 goto err;
578 if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) 556 if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
579 goto err; 557 goto err;
580 if (ek == NULL) 558 if (ek == NULL) {
581 {
582 ek = tkey; 559 ek = tkey;
583 eklen = tkeylen; 560 eklen = tkeylen;
584 tkey = NULL; 561 tkey = NULL;
585 } 562 }
586 563
587 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { 564 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
588 /* Some S/MIME clients don't use the same key 565 /* Some S/MIME clients don't use the same key
589 * and effective key length. The key length is 566 * and effective key length. The key length is
590 * determined by the size of the decrypted RSA key. 567 * determined by the size of the decrypted RSA key.
591 */ 568 */
592 if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) 569 if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
593 {
594 /* Use random key as MMA defence */ 570 /* Use random key as MMA defence */
595 OPENSSL_cleanse(ek, eklen); 571 OPENSSL_cleanse(ek, eklen);
596 free(ek); 572 free(ek);
597 ek = tkey; 573 ek = tkey;
598 eklen = tkeylen; 574 eklen = tkeylen;
599 tkey = NULL; 575 tkey = NULL;
600 } 576 }
601 } 577 }
602 /* Clear errors so we don't leak information useful in MMA */ 578 /* Clear errors so we don't leak information useful in MMA */
603 ERR_clear_error(); 579 ERR_clear_error();
604 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) 580 if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
605 goto err; 581 goto err;
606 582
607 if (ek) 583 if (ek) {
608 { 584 OPENSSL_cleanse(ek, eklen);
609 OPENSSL_cleanse(ek,eklen);
610 free(ek); 585 free(ek);
611 ek = NULL; 586 ek = NULL;
612 } 587 }
613 if (tkey) 588 if (tkey) {
614 { 589 OPENSSL_cleanse(tkey, tkeylen);
615 OPENSSL_cleanse(tkey,tkeylen);
616 free(tkey); 590 free(tkey);
617 tkey = NULL; 591 tkey = NULL;
618 } 592 }
619 593
620 if (out == NULL) 594 if (out == NULL)
621 out=etmp; 595 out = etmp;
622 else 596 else
623 BIO_push(out,etmp); 597 BIO_push(out, etmp);
624 etmp=NULL; 598 etmp = NULL;
625 } 599 }
626 600
627#if 1 601#if 1
628 if (PKCS7_is_detached(p7) || (in_bio != NULL)) 602 if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
629 { 603 bio = in_bio;
630 bio=in_bio; 604 } else {
631 }
632 else
633 {
634#if 0 605#if 0
635 bio=BIO_new(BIO_s_mem()); 606 bio = BIO_new(BIO_s_mem());
636 /* We need to set this so that when we have read all 607 /* We need to set this so that when we have read all
637 * the data, the encrypt BIO, if present, will read 608 * the data, the encrypt BIO, if present, will read
638 * EOF and encode the last few bytes */ 609 * EOF and encode the last few bytes */
639 BIO_set_mem_eof_return(bio,0); 610 BIO_set_mem_eof_return(bio, 0);
640 611
641 if (data_body != NULL && data_body->length > 0) 612 if (data_body != NULL && data_body->length > 0)
642 BIO_write(bio,(char *)data_body->data,data_body->length); 613 BIO_write(bio, (char *)data_body->data, data_body->length);
643#else 614#else
644 if (data_body != NULL && data_body->length > 0) 615 if (data_body != NULL && data_body->length > 0)
645 bio = BIO_new_mem_buf(data_body->data,data_body->length); 616 bio = BIO_new_mem_buf(data_body->data, data_body->length);
646 else { 617 else {
647 bio=BIO_new(BIO_s_mem()); 618 bio = BIO_new(BIO_s_mem());
648 BIO_set_mem_eof_return(bio,0); 619 BIO_set_mem_eof_return(bio, 0);
649 } 620 }
650 if (bio == NULL) 621 if (bio == NULL)
651 goto err; 622 goto err;
652#endif 623#endif
653 } 624 }
654 BIO_push(out,bio); 625 BIO_push(out, bio);
655 bio=NULL; 626 bio = NULL;
656#endif 627#endif
657 if (0) 628 if (0) {
658 {
659err: 629err:
660 if (ek) 630 if (ek) {
661 { 631 OPENSSL_cleanse(ek, eklen);
662 OPENSSL_cleanse(ek,eklen); 632 free(ek);
663 free(ek); 633 }
664 } 634 if (tkey) {
665 if (tkey) 635 OPENSSL_cleanse(tkey, tkeylen);
666 { 636 free(tkey);
667 OPENSSL_cleanse(tkey,tkeylen);
668 free(tkey);
669 }
670 if (out != NULL) BIO_free_all(out);
671 if (btmp != NULL) BIO_free_all(btmp);
672 if (etmp != NULL) BIO_free_all(etmp);
673 if (bio != NULL) BIO_free_all(bio);
674 out=NULL;
675 } 637 }
676 return(out); 638 if (out != NULL)
639 BIO_free_all(out);
640 if (btmp != NULL)
641 BIO_free_all(btmp);
642 if (etmp != NULL)
643 BIO_free_all(etmp);
644 if (bio != NULL)
645 BIO_free_all(bio);
646 out = NULL;
677 } 647 }
648 return (out);
649}
678 650
679static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) 651static BIO *
680 { 652PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
681 for (;;) 653{
682 { 654 for (;;) {
683 bio=BIO_find_type(bio,BIO_TYPE_MD); 655 bio = BIO_find_type(bio, BIO_TYPE_MD);
684 if (bio == NULL) 656 if (bio == NULL) {
685 { 657 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
686 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 658 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
687 return NULL;
688 }
689 BIO_get_md_ctx(bio,pmd);
690 if (*pmd == NULL)
691 {
692 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
693 return NULL; 659 return NULL;
694 } 660 }
661 BIO_get_md_ctx(bio, pmd);
662 if (*pmd == NULL) {
663 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
664 ERR_R_INTERNAL_ERROR);
665 return NULL;
666 }
695 if (EVP_MD_CTX_type(*pmd) == nid) 667 if (EVP_MD_CTX_type(*pmd) == nid)
696 return bio; 668 return bio;
697 bio=BIO_next(bio); 669 bio = BIO_next(bio);
698 }
699 return NULL;
700 } 670 }
671 return NULL;
672}
701 673
702static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) 674static int
703 { 675do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
676{
704 unsigned char md_data[EVP_MAX_MD_SIZE]; 677 unsigned char md_data[EVP_MAX_MD_SIZE];
705 unsigned int md_len; 678 unsigned int md_len;
706 679
707 /* Add signing time if not already present */ 680 /* Add signing time if not already present */
708 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) 681 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
709 { 682 if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
710 if (!PKCS7_add0_attrib_signing_time(si, NULL))
711 {
712 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 683 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
713 ERR_R_MALLOC_FAILURE); 684 ERR_R_MALLOC_FAILURE);
714 return 0; 685 return 0;
715 }
716 } 686 }
687 }
717 688
718 /* Add digest */ 689 /* Add digest */
719 if (!EVP_DigestFinal_ex(mctx, md_data,&md_len)) 690 if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
720 {
721 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); 691 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
722 return 0; 692 return 0;
723 } 693 }
724 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) 694 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
725 {
726 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); 695 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
727 return 0; 696 return 0;
728 } 697 }
729 698
730 /* Now sign the attributes */ 699 /* Now sign the attributes */
731 if (!PKCS7_SIGNER_INFO_sign(si)) 700 if (!PKCS7_SIGNER_INFO_sign(si))
732 return 0; 701 return 0;
733 702
734 return 1; 703 return 1;
735 } 704}
736 705
737 706
738int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 707int
739 { 708PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
740 int ret=0; 709{
741 int i,j; 710 int ret = 0;
711 int i, j;
742 BIO *btmp; 712 BIO *btmp;
743 PKCS7_SIGNER_INFO *si; 713 PKCS7_SIGNER_INFO *si;
744 EVP_MD_CTX *mdc,ctx_tmp; 714 EVP_MD_CTX *mdc, ctx_tmp;
745 STACK_OF(X509_ATTRIBUTE) *sk; 715 STACK_OF(X509_ATTRIBUTE) *sk;
746 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; 716 STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
747 ASN1_OCTET_STRING *os=NULL; 717 ASN1_OCTET_STRING *os = NULL;
748 718
749 EVP_MD_CTX_init(&ctx_tmp); 719 EVP_MD_CTX_init(&ctx_tmp);
750 i=OBJ_obj2nid(p7->type); 720 i = OBJ_obj2nid(p7->type);
751 p7->state=PKCS7_S_HEADER; 721 p7->state = PKCS7_S_HEADER;
752 722
753 switch (i) 723 switch (i) {
754 {
755 case NID_pkcs7_data: 724 case NID_pkcs7_data:
756 os = p7->d.data; 725 os = p7->d.data;
757 break; 726 break;
758 case NID_pkcs7_signedAndEnveloped: 727 case NID_pkcs7_signedAndEnveloped:
759 /* XXX */ 728 /* XXX */
760 si_sk=p7->d.signed_and_enveloped->signer_info; 729 si_sk = p7->d.signed_and_enveloped->signer_info;
761 os = p7->d.signed_and_enveloped->enc_data->enc_data; 730 os = p7->d.signed_and_enveloped->enc_data->enc_data;
762 if (!os) 731 if (!os) {
763 { 732 os = M_ASN1_OCTET_STRING_new();
764 os=M_ASN1_OCTET_STRING_new(); 733 if (!os) {
765 if (!os) 734 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
766 { 735 ERR_R_MALLOC_FAILURE);
767 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
768 goto err; 736 goto err;
769 }
770 p7->d.signed_and_enveloped->enc_data->enc_data=os;
771 } 737 }
738 p7->d.signed_and_enveloped->enc_data->enc_data = os;
739 }
772 break; 740 break;
773 case NID_pkcs7_enveloped: 741 case NID_pkcs7_enveloped:
774 /* XXX */ 742 /* XXX */
775 os = p7->d.enveloped->enc_data->enc_data; 743 os = p7->d.enveloped->enc_data->enc_data;
776 if (!os) 744 if (!os) {
777 { 745 os = M_ASN1_OCTET_STRING_new();
778 os=M_ASN1_OCTET_STRING_new(); 746 if (!os) {
779 if (!os) 747 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
780 { 748 ERR_R_MALLOC_FAILURE);
781 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
782 goto err; 749 goto err;
783 }
784 p7->d.enveloped->enc_data->enc_data=os;
785 } 750 }
751 p7->d.enveloped->enc_data->enc_data = os;
752 }
786 break; 753 break;
787 case NID_pkcs7_signed: 754 case NID_pkcs7_signed:
788 si_sk=p7->d.sign->signer_info; 755 si_sk = p7->d.sign->signer_info;
789 os=PKCS7_get_octet_string(p7->d.sign->contents); 756 os = PKCS7_get_octet_string(p7->d.sign->contents);
790 if (os == NULL) { 757 if (os == NULL) {
791 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); 758 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
792 goto err; 759 goto err;
793 } 760 }
794 /* If detached data then the content is excluded */ 761 /* If detached data then the content is excluded */
795 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { 762 if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
796 M_ASN1_OCTET_STRING_free(os); 763 M_ASN1_OCTET_STRING_free(os);
797 p7->d.sign->contents->d.data = NULL; 764 p7->d.sign->contents->d.data = NULL;
798 } 765 }
799 break; 766 break;
800 767
801 case NID_pkcs7_digest: 768 case NID_pkcs7_digest:
802 os=PKCS7_get_octet_string(p7->d.digest->contents); 769 os = PKCS7_get_octet_string(p7->d.digest->contents);
803 if (os == NULL) { 770 if (os == NULL) {
804 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); 771 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
805 goto err; 772 goto err;
806 } 773 }
807 /* If detached data then the content is excluded */ 774 /* If detached data then the content is excluded */
808 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) 775 if (PKCS7_type_is_data(p7->d.digest->contents) &&
809 { 776 p7->detached) {
810 M_ASN1_OCTET_STRING_free(os); 777 M_ASN1_OCTET_STRING_free(os);
811 p7->d.digest->contents->d.data = NULL; 778 p7->d.digest->contents->d.data = NULL;
812 } 779 }
813 break; 780 break;
814 781
815 default: 782 default:
816 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 783 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
817 goto err; 784 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
818 } 785 goto err;
786 }
819 787
820 if (si_sk != NULL) 788 if (si_sk != NULL) {
821 { 789 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
822 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 790 si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
823 {
824 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
825 if (si->pkey == NULL) 791 if (si->pkey == NULL)
826 continue; 792 continue;
827 793
828 j = OBJ_obj2nid(si->digest_alg->algorithm); 794 j = OBJ_obj2nid(si->digest_alg->algorithm);
829 795
830 btmp=bio; 796 btmp = bio;
831 797
832 btmp = PKCS7_find_digest(&mdc, btmp, j); 798 btmp = PKCS7_find_digest(&mdc, btmp, j);
833 799
@@ -836,20 +802,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
836 802
837 /* We now have the EVP_MD_CTX, lets do the 803 /* We now have the EVP_MD_CTX, lets do the
838 * signing. */ 804 * signing. */
839 if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc)) 805 if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
840 goto err; 806 goto err;
841 807
842 sk=si->auth_attr; 808 sk = si->auth_attr;
843 809
844 /* If there are attributes, we add the digest 810 /* If there are attributes, we add the digest
845 * attribute and only sign the attributes */ 811 * attribute and only sign the attributes */
846 if (sk_X509_ATTRIBUTE_num(sk) > 0) 812 if (sk_X509_ATTRIBUTE_num(sk) > 0) {
847 {
848 if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) 813 if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
849 goto err; 814 goto err;
850 } 815 } else {
851 else
852 {
853 unsigned char *abuf = NULL; 816 unsigned char *abuf = NULL;
854 unsigned int abuflen; 817 unsigned int abuflen;
855 abuflen = EVP_PKEY_size(si->pkey); 818 abuflen = EVP_PKEY_size(si->pkey);
@@ -858,38 +821,34 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
858 goto err; 821 goto err;
859 822
860 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, 823 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
861 si->pkey)) 824 si->pkey)) {
862 {
863 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 825 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
864 ERR_R_EVP_LIB); 826 ERR_R_EVP_LIB);
865 goto err; 827 goto err;
866 }
867 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
868 } 828 }
829 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
869 } 830 }
870 } 831 }
871 else if (i == NID_pkcs7_digest) 832 } else if (i == NID_pkcs7_digest) {
872 {
873 unsigned char md_data[EVP_MAX_MD_SIZE]; 833 unsigned char md_data[EVP_MAX_MD_SIZE];
874 unsigned int md_len; 834 unsigned int md_len;
875 if (!PKCS7_find_digest(&mdc, bio, 835 if (!PKCS7_find_digest(&mdc, bio,
876 OBJ_obj2nid(p7->d.digest->md->algorithm))) 836 OBJ_obj2nid(p7->d.digest->md->algorithm)))
877 goto err; 837 goto err;
878 if (!EVP_DigestFinal_ex(mdc,md_data,&md_len)) 838 if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
879 goto err; 839 goto err;
880 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); 840 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
881 } 841 }
882 842
883 if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) 843 if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
884 {
885 char *cont; 844 char *cont;
886 long contlen; 845 long contlen;
887 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 846 btmp = BIO_find_type(bio, BIO_TYPE_MEM);
888 if (btmp == NULL) 847 if (btmp == NULL) {
889 { 848 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
890 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 849 PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
891 goto err; 850 goto err;
892 } 851 }
893 contlen = BIO_get_mem_data(btmp, &cont); 852 contlen = BIO_get_mem_data(btmp, &cont);
894 /* Mark the BIO read only then we can use its copy of the data 853 /* Mark the BIO read only then we can use its copy of the data
895 * instead of making an extra copy. 854 * instead of making an extra copy.
@@ -897,15 +856,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
897 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); 856 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
898 BIO_set_mem_eof_return(btmp, 0); 857 BIO_set_mem_eof_return(btmp, 0);
899 ASN1_STRING_set0(os, (unsigned char *)cont, contlen); 858 ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
900 } 859 }
901 ret=1; 860 ret = 1;
902err: 861err:
903 EVP_MD_CTX_cleanup(&ctx_tmp); 862 EVP_MD_CTX_cleanup(&ctx_tmp);
904 return(ret); 863 return (ret);
905 } 864}
906 865
907int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) 866int
908 { 867PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
868{
909 EVP_MD_CTX mctx; 869 EVP_MD_CTX mctx;
910 EVP_PKEY_CTX *pctx; 870 EVP_PKEY_CTX *pctx;
911 unsigned char *abuf = NULL; 871 unsigned char *abuf = NULL;
@@ -918,38 +878,36 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
918 return 0; 878 return 0;
919 879
920 EVP_MD_CTX_init(&mctx); 880 EVP_MD_CTX_init(&mctx);
921 if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) 881 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
922 goto err; 882 goto err;
923 883
924 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 884 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
925 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) 885 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
926 {
927 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 886 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
928 goto err; 887 goto err;
929 } 888 }
930 889
931 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, 890 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
932 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); 891 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
933 if(!abuf) 892 if (!abuf)
934 goto err; 893 goto err;
935 if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) 894 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
936 goto err; 895 goto err;
937 free(abuf); 896 free(abuf);
938 abuf = NULL; 897 abuf = NULL;
939 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) 898 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
940 goto err; 899 goto err;
941 abuf = malloc(siglen); 900 abuf = malloc(siglen);
942 if(!abuf) 901 if (!abuf)
943 goto err; 902 goto err;
944 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) 903 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
945 goto err; 904 goto err;
946 905
947 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 906 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
948 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) 907 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
949 {
950 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 908 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
951 goto err; 909 goto err;
952 } 910 }
953 911
954 EVP_MD_CTX_cleanup(&mctx); 912 EVP_MD_CTX_cleanup(&mctx);
955 913
@@ -957,73 +915,66 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
957 915
958 return 1; 916 return 1;
959 917
960 err: 918err:
961 free(abuf); 919 free(abuf);
962 EVP_MD_CTX_cleanup(&mctx); 920 EVP_MD_CTX_cleanup(&mctx);
963 return 0; 921 return 0;
922}
964 923
965 } 924int
966 925PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
967int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, 926 PKCS7 *p7, PKCS7_SIGNER_INFO *si)
968 PKCS7 *p7, PKCS7_SIGNER_INFO *si) 927{
969 {
970 PKCS7_ISSUER_AND_SERIAL *ias; 928 PKCS7_ISSUER_AND_SERIAL *ias;
971 int ret=0,i; 929 int ret = 0, i;
972 STACK_OF(X509) *cert; 930 STACK_OF(X509) *cert;
973 X509 *x509; 931 X509 *x509;
974 932
975 if (PKCS7_type_is_signed(p7)) 933 if (PKCS7_type_is_signed(p7)) {
976 { 934 cert = p7->d.sign->cert;
977 cert=p7->d.sign->cert; 935 } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
978 } 936 cert = p7->d.signed_and_enveloped->cert;
979 else if (PKCS7_type_is_signedAndEnveloped(p7)) 937 } else {
980 { 938 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
981 cert=p7->d.signed_and_enveloped->cert;
982 }
983 else
984 {
985 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
986 goto err; 939 goto err;
987 } 940 }
988 /* XXXX */ 941 /* XXXX */
989 ias=si->issuer_and_serial; 942 ias = si->issuer_and_serial;
990 943
991 x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); 944 x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
992 945
993 /* were we able to find the cert in passed to us */ 946 /* were we able to find the cert in passed to us */
994 if (x509 == NULL) 947 if (x509 == NULL) {
995 { 948 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
996 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); 949 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
997 goto err; 950 goto err;
998 } 951 }
999 952
1000 /* Lets verify */ 953 /* Lets verify */
1001 if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) 954 if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
1002 { 955 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
1003 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
1004 goto err; 956 goto err;
1005 } 957 }
1006 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); 958 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
1007 i=X509_verify_cert(ctx); 959 i = X509_verify_cert(ctx);
1008 if (i <= 0) 960 if (i <= 0) {
1009 { 961 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
1010 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
1011 X509_STORE_CTX_cleanup(ctx); 962 X509_STORE_CTX_cleanup(ctx);
1012 goto err; 963 goto err;
1013 } 964 }
1014 X509_STORE_CTX_cleanup(ctx); 965 X509_STORE_CTX_cleanup(ctx);
1015 966
1016 return PKCS7_signatureVerify(bio, p7, si, x509); 967 return PKCS7_signatureVerify(bio, p7, si, x509);
1017 err: 968err:
1018 return ret; 969 return ret;
1019 } 970}
1020 971
1021int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, 972int
1022 X509 *x509) 973PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1023 { 974{
1024 ASN1_OCTET_STRING *os; 975 ASN1_OCTET_STRING *os;
1025 EVP_MD_CTX mdc_tmp,*mdc; 976 EVP_MD_CTX mdc_tmp, *mdc;
1026 int ret=0,i; 977 int ret = 0, i;
1027 int md_type; 978 int md_type;
1028 STACK_OF(X509_ATTRIBUTE) *sk; 979 STACK_OF(X509_ATTRIBUTE) *sk;
1029 BIO *btmp; 980 BIO *btmp;
@@ -1031,32 +982,29 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
1031 982
1032 EVP_MD_CTX_init(&mdc_tmp); 983 EVP_MD_CTX_init(&mdc_tmp);
1033 984
1034 if (!PKCS7_type_is_signed(p7) && 985 if (!PKCS7_type_is_signed(p7) &&
1035 !PKCS7_type_is_signedAndEnveloped(p7)) { 986 !PKCS7_type_is_signedAndEnveloped(p7)) {
1036 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 987 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1037 PKCS7_R_WRONG_PKCS7_TYPE); 988 PKCS7_R_WRONG_PKCS7_TYPE);
1038 goto err; 989 goto err;
1039 } 990 }
1040 991
1041 md_type=OBJ_obj2nid(si->digest_alg->algorithm); 992 md_type = OBJ_obj2nid(si->digest_alg->algorithm);
1042 993
1043 btmp=bio; 994 btmp = bio;
1044 for (;;) 995 for (;;) {
1045 {
1046 if ((btmp == NULL) || 996 if ((btmp == NULL) ||
1047 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) 997 ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
1048 {
1049 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 998 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1050 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 999 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1051 goto err; 1000 goto err;
1052 } 1001 }
1053 BIO_get_md_ctx(btmp,&mdc); 1002 BIO_get_md_ctx(btmp, &mdc);
1054 if (mdc == NULL) 1003 if (mdc == NULL) {
1055 {
1056 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1004 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1057 ERR_R_INTERNAL_ERROR); 1005 ERR_R_INTERNAL_ERROR);
1058 goto err; 1006 goto err;
1059 } 1007 }
1060 if (EVP_MD_CTX_type(mdc) == md_type) 1008 if (EVP_MD_CTX_type(mdc) == md_type)
1061 break; 1009 break;
1062 /* Workaround for some broken clients that put the signature 1010 /* Workaround for some broken clients that put the signature
@@ -1064,243 +1012,239 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
1064 */ 1012 */
1065 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) 1013 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
1066 break; 1014 break;
1067 btmp=BIO_next(btmp); 1015 btmp = BIO_next(btmp);
1068 } 1016 }
1069 1017
1070 /* mdc is the digest ctx that we want, unless there are attributes, 1018 /* mdc is the digest ctx that we want, unless there are attributes,
1071 * in which case the digest is the signed attributes */ 1019 * in which case the digest is the signed attributes */
1072 if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc)) 1020 if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
1073 goto err; 1021 goto err;
1074 1022
1075 sk=si->auth_attr; 1023 sk = si->auth_attr;
1076 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) 1024 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
1077 {
1078 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; 1025 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
1079 unsigned int md_len; 1026 unsigned int md_len;
1080 int alen; 1027 int alen;
1081 ASN1_OCTET_STRING *message_digest; 1028 ASN1_OCTET_STRING *message_digest;
1082 1029
1083 if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len)) 1030 if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
1084 goto err; 1031 goto err;
1085 message_digest=PKCS7_digest_from_attributes(sk); 1032 message_digest = PKCS7_digest_from_attributes(sk);
1086 if (!message_digest) 1033 if (!message_digest) {
1087 {
1088 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1034 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1089 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1035 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1090 goto err; 1036 goto err;
1091 } 1037 }
1092 if ((message_digest->length != (int)md_len) || 1038 if ((message_digest->length != (int)md_len) ||
1093 (memcmp(message_digest->data,md_dat,md_len))) 1039 (memcmp(message_digest->data, md_dat, md_len))) {
1094 {
1095#if 0 1040#if 0
1096{ 1041 {
1097int ii; 1042 int ii;
1098for (ii=0; ii<message_digest->length; ii++) 1043 for (ii = 0; ii < message_digest->length; ii++)
1099 printf("%02X",message_digest->data[ii]); printf(" sent\n"); 1044 printf("%02X",message_digest->data[ii]); printf(" sent\n");
1100for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); 1045 for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
1101} 1046 }
1102#endif 1047#endif
1103 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1048 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1104 PKCS7_R_DIGEST_FAILURE); 1049 PKCS7_R_DIGEST_FAILURE);
1105 ret= -1; 1050 ret = -1;
1106 goto err; 1051 goto err;
1107 } 1052 }
1108 1053
1109 if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL)) 1054 if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type),
1055 NULL))
1110 goto err; 1056 goto err;
1111 1057
1112 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, 1058 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
1113 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); 1059 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
1114 if (alen <= 0) 1060 if (alen <= 0) {
1115 { 1061 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
1116 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB);
1117 ret = -1; 1062 ret = -1;
1118 goto err; 1063 goto err;
1119 } 1064 }
1120 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) 1065 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
1121 goto err; 1066 goto err;
1122 1067
1123 free(abuf); 1068 free(abuf);
1124 } 1069 }
1125 1070
1126 os=si->enc_digest; 1071 os = si->enc_digest;
1127 pkey = X509_get_pubkey(x509); 1072 pkey = X509_get_pubkey(x509);
1128 if (!pkey) 1073 if (!pkey) {
1129 {
1130 ret = -1; 1074 ret = -1;
1131 goto err; 1075 goto err;
1132 } 1076 }
1133 1077
1134 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 1078 i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
1135 EVP_PKEY_free(pkey); 1079 EVP_PKEY_free(pkey);
1136 if (i <= 0) 1080 if (i <= 0) {
1137 {
1138 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1081 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1139 PKCS7_R_SIGNATURE_FAILURE); 1082 PKCS7_R_SIGNATURE_FAILURE);
1140 ret= -1; 1083 ret = -1;
1141 goto err; 1084 goto err;
1142 } 1085 } else
1143 else 1086 ret = 1;
1144 ret=1;
1145err: 1087err:
1146 EVP_MD_CTX_cleanup(&mdc_tmp); 1088 EVP_MD_CTX_cleanup(&mdc_tmp);
1147 return(ret); 1089 return (ret);
1148 } 1090}
1149 1091
1150PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) 1092PKCS7_ISSUER_AND_SERIAL *
1151 { 1093PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
1094{
1152 STACK_OF(PKCS7_RECIP_INFO) *rsk; 1095 STACK_OF(PKCS7_RECIP_INFO) *rsk;
1153 PKCS7_RECIP_INFO *ri; 1096 PKCS7_RECIP_INFO *ri;
1154 int i; 1097 int i;
1155 1098
1156 i=OBJ_obj2nid(p7->type); 1099 i = OBJ_obj2nid(p7->type);
1157 if (i != NID_pkcs7_signedAndEnveloped) 1100 if (i != NID_pkcs7_signedAndEnveloped)
1158 return NULL; 1101 return NULL;
1159 if (p7->d.signed_and_enveloped == NULL) 1102 if (p7->d.signed_and_enveloped == NULL)
1160 return NULL; 1103 return NULL;
1161 rsk=p7->d.signed_and_enveloped->recipientinfo; 1104 rsk = p7->d.signed_and_enveloped->recipientinfo;
1162 if (rsk == NULL) 1105 if (rsk == NULL)
1163 return NULL; 1106 return NULL;
1164 ri=sk_PKCS7_RECIP_INFO_value(rsk,0); 1107 ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
1165 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); 1108 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
1166 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); 1109 return (NULL);
1167 return(ri->issuer_and_serial); 1110 ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
1168 } 1111 return (ri->issuer_and_serial);
1112}
1169 1113
1170ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) 1114ASN1_TYPE *
1171 { 1115PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
1172 return(get_attribute(si->auth_attr,nid)); 1116{
1173 } 1117 return (get_attribute(si->auth_attr, nid));
1118}
1174 1119
1175ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) 1120ASN1_TYPE *
1176 { 1121PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
1177 return(get_attribute(si->unauth_attr,nid)); 1122{
1178 } 1123 return (get_attribute(si->unauth_attr, nid));
1124}
1179 1125
1180static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) 1126static ASN1_TYPE *
1181 { 1127get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
1128{
1182 int i; 1129 int i;
1183 X509_ATTRIBUTE *xa; 1130 X509_ATTRIBUTE *xa;
1184 ASN1_OBJECT *o; 1131 ASN1_OBJECT *o;
1185 1132
1186 o=OBJ_nid2obj(nid); 1133 o = OBJ_nid2obj(nid);
1187 if (!o || !sk) return(NULL); 1134 if (!o || !sk)
1188 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1135 return (NULL);
1189 { 1136 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1190 xa=sk_X509_ATTRIBUTE_value(sk,i); 1137 xa = sk_X509_ATTRIBUTE_value(sk, i);
1191 if (OBJ_cmp(xa->object,o) == 0) 1138 if (OBJ_cmp(xa->object, o) == 0) {
1192 {
1193 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) 1139 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
1194 return(sk_ASN1_TYPE_value(xa->value.set,0)); 1140 return (sk_ASN1_TYPE_value(xa->value.set, 0));
1195 else 1141 else
1196 return(NULL); 1142 return (NULL);
1197 }
1198 } 1143 }
1199 return(NULL);
1200 } 1144 }
1145 return (NULL);
1146}
1201 1147
1202ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) 1148ASN1_OCTET_STRING *
1149PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
1203{ 1150{
1204 ASN1_TYPE *astype; 1151 ASN1_TYPE *astype;
1205 if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; 1152
1153 if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
1154 return NULL;
1206 return astype->value.octet_string; 1155 return astype->value.octet_string;
1207} 1156}
1208 1157
1209int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, 1158int
1210 STACK_OF(X509_ATTRIBUTE) *sk) 1159PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
1211 { 1160 STACK_OF(X509_ATTRIBUTE) *sk)
1161{
1212 int i; 1162 int i;
1213 1163
1214 if (p7si->auth_attr != NULL) 1164 if (p7si->auth_attr != NULL)
1215 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); 1165 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,
1216 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); 1166 X509_ATTRIBUTE_free);
1167 p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
1217 if (p7si->auth_attr == NULL) 1168 if (p7si->auth_attr == NULL)
1218 return 0; 1169 return 0;
1219 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1170 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1220 { 1171 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
1221 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, 1172 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1222 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
1223 == NULL) 1173 == NULL)
1224 return(0); 1174 return (0);
1225 }
1226 return(1);
1227 } 1175 }
1176 return (1);
1177}
1228 1178
1229int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) 1179int
1230 { 1180PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
1181{
1231 int i; 1182 int i;
1232 1183
1233 if (p7si->unauth_attr != NULL) 1184 if (p7si->unauth_attr != NULL)
1234 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, 1185 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
1235 X509_ATTRIBUTE_free); 1186 X509_ATTRIBUTE_free);
1236 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); 1187 p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
1237 if (p7si->unauth_attr == NULL) 1188 if (p7si->unauth_attr == NULL)
1238 return 0; 1189 return 0;
1239 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1190 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1240 { 1191 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
1241 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, 1192 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1242 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
1243 == NULL) 1193 == NULL)
1244 return(0); 1194 return (0);
1245 }
1246 return(1);
1247 } 1195 }
1196 return (1);
1197}
1248 1198
1249int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1199int
1250 void *value) 1200PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
1251 { 1201 void *value)
1252 return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); 1202{
1253 } 1203 return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
1204}
1254 1205
1255int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1206int
1256 void *value) 1207PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
1257 { 1208{
1258 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); 1209 return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
1259 } 1210}
1260 1211
1261static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 1212static int
1262 void *value) 1213add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value)
1263 { 1214{
1264 X509_ATTRIBUTE *attr=NULL; 1215 X509_ATTRIBUTE *attr = NULL;
1265 1216
1266 if (*sk == NULL) 1217 if (*sk == NULL) {
1267 {
1268 *sk = sk_X509_ATTRIBUTE_new_null(); 1218 *sk = sk_X509_ATTRIBUTE_new_null();
1269 if (*sk == NULL) 1219 if (*sk == NULL)
1270 return 0; 1220 return 0;
1271new_attrib: 1221new_attrib:
1272 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) 1222 if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
1273 return 0; 1223 return 0;
1274 if (!sk_X509_ATTRIBUTE_push(*sk,attr)) 1224 if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
1275 {
1276 X509_ATTRIBUTE_free(attr); 1225 X509_ATTRIBUTE_free(attr);
1277 return 0; 1226 return 0;
1278 }
1279 } 1227 }
1280 else 1228 } else {
1281 {
1282 int i; 1229 int i;
1283 1230
1284 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) 1231 for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
1285 { 1232 attr = sk_X509_ATTRIBUTE_value(*sk, i);
1286 attr=sk_X509_ATTRIBUTE_value(*sk,i); 1233 if (OBJ_obj2nid(attr->object) == nid) {
1287 if (OBJ_obj2nid(attr->object) == nid)
1288 {
1289 X509_ATTRIBUTE_free(attr); 1234 X509_ATTRIBUTE_free(attr);
1290 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1235 attr = X509_ATTRIBUTE_create(nid, atrtype,
1236 value);
1291 if (attr == NULL) 1237 if (attr == NULL)
1292 return 0; 1238 return 0;
1293 if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) 1239 if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
1294 {
1295 X509_ATTRIBUTE_free(attr); 1240 X509_ATTRIBUTE_free(attr);
1296 return 0; 1241 return 0;
1297 }
1298 goto end;
1299 } 1242 }
1243 goto end;
1300 } 1244 }
1301 goto new_attrib;
1302 } 1245 }
1303end: 1246 goto new_attrib;
1304 return(1);
1305 } 1247 }
1306 1248end:
1249 return (1);
1250}
diff --git a/src/lib/libcrypto/pkcs7/pk7_enc.c b/src/lib/libcrypto/pkcs7/pk7_enc.c
index cc63ef75f7..fac9e5c8b1 100644
--- a/src/lib/libcrypto/pkcs7/pk7_enc.c
+++ b/src/lib/libcrypto/pkcs7/pk7_enc.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_enc.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_enc.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -64,13 +64,12 @@
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65#include <openssl/pkcs7.h> 65#include <openssl/pkcs7.h>
66 66
67PKCS7_in_bio(PKCS7 *p7,BIO *in); 67PKCS7_in_bio(PKCS7 *p7, BIO *in);
68PKCS7_out_bio(PKCS7 *p7,BIO *out); 68PKCS7_out_bio(PKCS7 *p7, BIO *out);
69 69
70PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key); 70PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key);
71PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher); 71PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
72 72
73PKCS7_Init(PKCS7 *p7); 73PKCS7_Init(PKCS7 *p7);
74PKCS7_Update(PKCS7 *p7); 74PKCS7_Update(PKCS7 *p7);
75PKCS7_Finish(PKCS7 *p7); 75PKCS7_Finish(PKCS7 *p7);
76
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index 5d7d0b18a0..9eed9fc74a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_lib.c,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_lib.c,v 1.11 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,599 +62,597 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include "asn1_locl.h" 63#include "asn1_locl.h"
64 64
65long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) 65long
66 { 66PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
67{
67 int nid; 68 int nid;
68 long ret; 69 long ret;
69 70
70 nid=OBJ_obj2nid(p7->type); 71 nid = OBJ_obj2nid(p7->type);
71 72
72 switch (cmd) 73 switch (cmd) {
73 {
74 case PKCS7_OP_SET_DETACHED_SIGNATURE: 74 case PKCS7_OP_SET_DETACHED_SIGNATURE:
75 if (nid == NID_pkcs7_signed) 75 if (nid == NID_pkcs7_signed) {
76 { 76 ret = p7->detached = (int)larg;
77 ret=p7->detached=(int)larg; 77 if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
78 if (ret && PKCS7_type_is_data(p7->d.sign->contents)) 78 ASN1_OCTET_STRING *os;
79 { 79 os = p7->d.sign->contents->d.data;
80 ASN1_OCTET_STRING *os; 80 ASN1_OCTET_STRING_free(os);
81 os=p7->d.sign->contents->d.data; 81 p7->d.sign->contents->d.data = NULL;
82 ASN1_OCTET_STRING_free(os);
83 p7->d.sign->contents->d.data = NULL;
84 }
85 }
86 else
87 {
88 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
89 ret=0;
90 } 82 }
83 } else {
84 PKCS7err(PKCS7_F_PKCS7_CTRL,
85 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
86 ret = 0;
87 }
91 break; 88 break;
92 case PKCS7_OP_GET_DETACHED_SIGNATURE: 89 case PKCS7_OP_GET_DETACHED_SIGNATURE:
93 if (nid == NID_pkcs7_signed) 90 if (nid == NID_pkcs7_signed) {
94 { 91 if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
95 if(!p7->d.sign || !p7->d.sign->contents->d.ptr)
96 ret = 1; 92 ret = 1;
97 else ret = 0; 93 else
98 94 ret = 0;
95
99 p7->detached = ret; 96 p7->detached = ret;
100 } 97 } else {
101 else 98 PKCS7err(PKCS7_F_PKCS7_CTRL,
102 { 99 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
103 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 100 ret = 0;
104 ret=0; 101 }
105 } 102
106
107 break; 103 break;
108 default: 104 default:
109 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); 105 PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
110 ret=0; 106 ret = 0;
111 }
112 return(ret);
113 } 107 }
108 return (ret);
109}
114 110
115int PKCS7_content_new(PKCS7 *p7, int type) 111int
116 { 112PKCS7_content_new(PKCS7 *p7, int type)
117 PKCS7 *ret=NULL; 113{
114 PKCS7 *ret = NULL;
118 115
119 if ((ret=PKCS7_new()) == NULL) goto err; 116 if ((ret = PKCS7_new()) == NULL)
120 if (!PKCS7_set_type(ret,type)) goto err; 117 goto err;
121 if (!PKCS7_set_content(p7,ret)) goto err; 118 if (!PKCS7_set_type(ret, type))
119 goto err;
120 if (!PKCS7_set_content(p7, ret))
121 goto err;
122 122
123 return(1); 123 return (1);
124err: 124err:
125 if (ret != NULL) PKCS7_free(ret); 125 if (ret != NULL)
126 return(0); 126 PKCS7_free(ret);
127 } 127 return (0);
128 128}
129int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) 129
130 { 130int
131PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
132{
131 int i; 133 int i;
132 134
133 i=OBJ_obj2nid(p7->type); 135 i = OBJ_obj2nid(p7->type);
134 switch (i) 136 switch (i) {
135 {
136 case NID_pkcs7_signed: 137 case NID_pkcs7_signed:
137 if (p7->d.sign->contents != NULL) 138 if (p7->d.sign->contents != NULL)
138 PKCS7_free(p7->d.sign->contents); 139 PKCS7_free(p7->d.sign->contents);
139 p7->d.sign->contents=p7_data; 140 p7->d.sign->contents = p7_data;
140 break; 141 break;
141 case NID_pkcs7_digest: 142 case NID_pkcs7_digest:
142 if (p7->d.digest->contents != NULL) 143 if (p7->d.digest->contents != NULL)
143 PKCS7_free(p7->d.digest->contents); 144 PKCS7_free(p7->d.digest->contents);
144 p7->d.digest->contents=p7_data; 145 p7->d.digest->contents = p7_data;
145 break; 146 break;
146 case NID_pkcs7_data: 147 case NID_pkcs7_data:
147 case NID_pkcs7_enveloped: 148 case NID_pkcs7_enveloped:
148 case NID_pkcs7_signedAndEnveloped: 149 case NID_pkcs7_signedAndEnveloped:
149 case NID_pkcs7_encrypted: 150 case NID_pkcs7_encrypted:
150 default: 151 default:
151 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 152 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,
153 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
152 goto err; 154 goto err;
153 }
154 return(1);
155err:
156 return(0);
157 } 155 }
156 return (1);
157err:
158 return (0);
159}
158 160
159int PKCS7_set_type(PKCS7 *p7, int type) 161int
160 { 162PKCS7_set_type(PKCS7 *p7, int type)
163{
161 ASN1_OBJECT *obj; 164 ASN1_OBJECT *obj;
162 165
163 /*PKCS7_content_free(p7);*/ 166 /*PKCS7_content_free(p7);*/
164 obj=OBJ_nid2obj(type); /* will not fail */ 167 obj=OBJ_nid2obj(type); /* will not fail */
165 168
166 switch (type) 169 switch (type) {
167 {
168 case NID_pkcs7_signed: 170 case NID_pkcs7_signed:
169 p7->type=obj; 171 p7->type = obj;
170 if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) 172 if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
171 goto err; 173 goto err;
172 if (!ASN1_INTEGER_set(p7->d.sign->version,1)) 174 if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
173 {
174 PKCS7_SIGNED_free(p7->d.sign); 175 PKCS7_SIGNED_free(p7->d.sign);
175 p7->d.sign=NULL; 176 p7->d.sign = NULL;
176 goto err; 177 goto err;
177 } 178 }
178 break; 179 break;
179 case NID_pkcs7_data: 180 case NID_pkcs7_data:
180 p7->type=obj; 181 p7->type = obj;
181 if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) 182 if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL)
182 goto err; 183 goto err;
183 break; 184 break;
184 case NID_pkcs7_signedAndEnveloped: 185 case NID_pkcs7_signedAndEnveloped:
185 p7->type=obj; 186 p7->type = obj;
186 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) 187 if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
187 == NULL) goto err; 188 == NULL) goto err;
188 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); 189 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
189 if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) 190 if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
190 goto err; 191 goto err;
191 p7->d.signed_and_enveloped->enc_data->content_type 192 p7->d.signed_and_enveloped->enc_data->content_type
192 = OBJ_nid2obj(NID_pkcs7_data); 193 = OBJ_nid2obj(NID_pkcs7_data);
193 break; 194 break;
194 case NID_pkcs7_enveloped: 195 case NID_pkcs7_enveloped:
195 p7->type=obj; 196 p7->type = obj;
196 if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) 197 if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
197 == NULL) goto err; 198 == NULL) goto err;
198 if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) 199 if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
199 goto err; 200 goto err;
200 p7->d.enveloped->enc_data->content_type 201 p7->d.enveloped->enc_data->content_type
201 = OBJ_nid2obj(NID_pkcs7_data); 202 = OBJ_nid2obj(NID_pkcs7_data);
202 break; 203 break;
203 case NID_pkcs7_encrypted: 204 case NID_pkcs7_encrypted:
204 p7->type=obj; 205 p7->type = obj;
205 if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) 206 if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
206 == NULL) goto err; 207 == NULL) goto err;
207 if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) 208 if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
208 goto err; 209 goto err;
209 p7->d.encrypted->enc_data->content_type 210 p7->d.encrypted->enc_data->content_type
210 = OBJ_nid2obj(NID_pkcs7_data); 211 = OBJ_nid2obj(NID_pkcs7_data);
211 break; 212 break;
212 213
213 case NID_pkcs7_digest: 214 case NID_pkcs7_digest:
214 p7->type=obj; 215 p7->type = obj;
215 if ((p7->d.digest=PKCS7_DIGEST_new()) 216 if ((p7->d.digest = PKCS7_DIGEST_new())
216 == NULL) goto err; 217 == NULL) goto err;
217 if (!ASN1_INTEGER_set(p7->d.digest->version,0)) 218 if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
218 goto err; 219 goto err;
219 break; 220 break;
220 default: 221 default:
221 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 222 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,
223 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
222 goto err; 224 goto err;
223 }
224 return(1);
225err:
226 return(0);
227 } 225 }
226 return (1);
227err:
228 return (0);
229}
228 230
229int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) 231int
230 { 232PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
233{
231 p7->type = OBJ_nid2obj(type); 234 p7->type = OBJ_nid2obj(type);
232 p7->d.other = other; 235 p7->d.other = other;
233 return 1; 236 return 1;
234 } 237}
235 238
236int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) 239int
237 { 240PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
238 int i,j,nid; 241{
242 int i, j, nid;
239 X509_ALGOR *alg; 243 X509_ALGOR *alg;
240 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; 244 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
241 STACK_OF(X509_ALGOR) *md_sk; 245 STACK_OF(X509_ALGOR) *md_sk;
242 246
243 i=OBJ_obj2nid(p7->type); 247 i = OBJ_obj2nid(p7->type);
244 switch (i) 248 switch (i) {
245 {
246 case NID_pkcs7_signed: 249 case NID_pkcs7_signed:
247 signer_sk= p7->d.sign->signer_info; 250 signer_sk = p7->d.sign->signer_info;
248 md_sk= p7->d.sign->md_algs; 251 md_sk = p7->d.sign->md_algs;
249 break; 252 break;
250 case NID_pkcs7_signedAndEnveloped: 253 case NID_pkcs7_signedAndEnveloped:
251 signer_sk= p7->d.signed_and_enveloped->signer_info; 254 signer_sk = p7->d.signed_and_enveloped->signer_info;
252 md_sk= p7->d.signed_and_enveloped->md_algs; 255 md_sk = p7->d.signed_and_enveloped->md_algs;
253 break; 256 break;
254 default: 257 default:
255 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); 258 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
256 return(0); 259 return (0);
257 } 260 }
258 261
259 nid=OBJ_obj2nid(psi->digest_alg->algorithm); 262 nid = OBJ_obj2nid(psi->digest_alg->algorithm);
260 263
261 /* If the digest is not currently listed, add it */ 264 /* If the digest is not currently listed, add it */
262 j=0; 265 j = 0;
263 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 266 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
264 { 267 alg = sk_X509_ALGOR_value(md_sk, i);
265 alg=sk_X509_ALGOR_value(md_sk,i); 268 if (OBJ_obj2nid(alg->algorithm) == nid) {
266 if (OBJ_obj2nid(alg->algorithm) == nid) 269 j = 1;
267 {
268 j=1;
269 break; 270 break;
270 }
271 } 271 }
272 }
272 if (!j) /* we need to add another algorithm */ 273 if (!j) /* we need to add another algorithm */
273 { 274 {
274 if(!(alg=X509_ALGOR_new()) 275 if (!(alg = X509_ALGOR_new()) ||
275 || !(alg->parameter = ASN1_TYPE_new())) 276 !(alg->parameter = ASN1_TYPE_new())) {
276 {
277 X509_ALGOR_free(alg); 277 X509_ALGOR_free(alg);
278 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); 278 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,
279 return(0); 279 ERR_R_MALLOC_FAILURE);
280 } 280 return (0);
281 alg->algorithm=OBJ_nid2obj(nid); 281 }
282 alg->algorithm = OBJ_nid2obj(nid);
282 alg->parameter->type = V_ASN1_NULL; 283 alg->parameter->type = V_ASN1_NULL;
283 if (!sk_X509_ALGOR_push(md_sk,alg)) 284 if (!sk_X509_ALGOR_push(md_sk, alg)) {
284 {
285 X509_ALGOR_free(alg); 285 X509_ALGOR_free(alg);
286 return 0; 286 return 0;
287 }
288 } 287 }
288 }
289 289
290 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) 290 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
291 return 0; 291 return 0;
292 return(1); 292 return (1);
293 } 293}
294 294
295int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) 295int
296 { 296PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
297{
297 int i; 298 int i;
298 STACK_OF(X509) **sk; 299 STACK_OF(X509) **sk;
299 300
300 i=OBJ_obj2nid(p7->type); 301 i = OBJ_obj2nid(p7->type);
301 switch (i) 302 switch (i) {
302 {
303 case NID_pkcs7_signed: 303 case NID_pkcs7_signed:
304 sk= &(p7->d.sign->cert); 304 sk = &(p7->d.sign->cert);
305 break; 305 break;
306 case NID_pkcs7_signedAndEnveloped: 306 case NID_pkcs7_signedAndEnveloped:
307 sk= &(p7->d.signed_and_enveloped->cert); 307 sk = &(p7->d.signed_and_enveloped->cert);
308 break; 308 break;
309 default: 309 default:
310 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); 310 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,
311 return(0); 311 PKCS7_R_WRONG_CONTENT_TYPE);
312 } 312 return (0);
313 }
313 314
314 if (*sk == NULL) 315 if (*sk == NULL)
315 *sk=sk_X509_new_null(); 316 *sk = sk_X509_new_null();
316 if (*sk == NULL) 317 if (*sk == NULL) {
317 {
318 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); 318 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
319 return 0; 319 return 0;
320 } 320 }
321 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 321 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
322 if (!sk_X509_push(*sk,x509)) 322 if (!sk_X509_push(*sk, x509)) {
323 {
324 X509_free(x509); 323 X509_free(x509);
325 return 0; 324 return 0;
326 }
327 return(1);
328 } 325 }
326 return (1);
327}
329 328
330int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) 329int
331 { 330PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
331{
332 int i; 332 int i;
333 STACK_OF(X509_CRL) **sk; 333 STACK_OF(X509_CRL) **sk;
334 334
335 i=OBJ_obj2nid(p7->type); 335 i = OBJ_obj2nid(p7->type);
336 switch (i) 336 switch (i) {
337 {
338 case NID_pkcs7_signed: 337 case NID_pkcs7_signed:
339 sk= &(p7->d.sign->crl); 338 sk = &(p7->d.sign->crl);
340 break; 339 break;
341 case NID_pkcs7_signedAndEnveloped: 340 case NID_pkcs7_signedAndEnveloped:
342 sk= &(p7->d.signed_and_enveloped->crl); 341 sk = &(p7->d.signed_and_enveloped->crl);
343 break; 342 break;
344 default: 343 default:
345 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); 344 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
346 return(0); 345 return (0);
347 } 346 }
348 347
349 if (*sk == NULL) 348 if (*sk == NULL)
350 *sk=sk_X509_CRL_new_null(); 349 *sk = sk_X509_CRL_new_null();
351 if (*sk == NULL) 350 if (*sk == NULL) {
352 { 351 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
353 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
354 return 0; 352 return 0;
355 } 353 }
356 354
357 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); 355 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
358 if (!sk_X509_CRL_push(*sk,crl)) 356 if (!sk_X509_CRL_push(*sk, crl)) {
359 {
360 X509_CRL_free(crl); 357 X509_CRL_free(crl);
361 return 0; 358 return 0;
362 }
363 return(1);
364 } 359 }
360 return (1);
361}
365 362
366int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 363int
367 const EVP_MD *dgst) 364PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
368 { 365 const EVP_MD *dgst)
366{
369 int ret; 367 int ret;
370 368
371 /* We now need to add another PKCS7_SIGNER_INFO entry */ 369 /* We now need to add another PKCS7_SIGNER_INFO entry */
372 if (!ASN1_INTEGER_set(p7i->version,1)) 370 if (!ASN1_INTEGER_set(p7i->version, 1))
373 goto err; 371 goto err;
374 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 372 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
375 X509_get_issuer_name(x509))) 373 X509_get_issuer_name(x509)))
376 goto err; 374 goto err;
377 375
378 /* because ASN1_INTEGER_set is used to set a 'long' we will do 376 /* because ASN1_INTEGER_set is used to set a 'long' we will do
379 * things the ugly way. */ 377 * things the ugly way. */
380 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 378 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
381 if (!(p7i->issuer_and_serial->serial= 379 if (!(p7i->issuer_and_serial->serial =
382 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 380 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
383 goto err; 381 goto err;
384 382
385 /* lets keep the pkey around for a while */ 383 /* lets keep the pkey around for a while */
386 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 384 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
387 p7i->pkey=pkey; 385 p7i->pkey = pkey;
388 386
389 /* Set the algorithms */ 387 /* Set the algorithms */
390 388
391 X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), 389 X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
392 V_ASN1_NULL, NULL); 390 V_ASN1_NULL, NULL);
393 391
394 if (pkey->ameth && pkey->ameth->pkey_ctrl) 392 if (pkey->ameth && pkey->ameth->pkey_ctrl) {
395 {
396 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 393 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
397 0, p7i); 394 0, p7i);
398 if (ret > 0) 395 if (ret > 0)
399 return 1; 396 return 1;
400 if (ret != -2) 397 if (ret != -2) {
401 {
402 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 398 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
403 PKCS7_R_SIGNING_CTRL_FAILURE); 399 PKCS7_R_SIGNING_CTRL_FAILURE);
404 return 0; 400 return 0;
405 }
406 } 401 }
402 }
407 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 403 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
408 PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 404 PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
409err: 405err:
410 return 0; 406 return 0;
411 } 407}
412 408
413PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, 409PKCS7_SIGNER_INFO *
414 const EVP_MD *dgst) 410PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst)
415 { 411{
416 PKCS7_SIGNER_INFO *si = NULL; 412 PKCS7_SIGNER_INFO *si = NULL;
417 413
418 if (dgst == NULL) 414 if (dgst == NULL) {
419 {
420 int def_nid; 415 int def_nid;
421 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) 416 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
422 goto err; 417 goto err;
423 dgst = EVP_get_digestbynid(def_nid); 418 dgst = EVP_get_digestbynid(def_nid);
424 if (dgst == NULL) 419 if (dgst == NULL) {
425 {
426 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, 420 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
427 PKCS7_R_NO_DEFAULT_DIGEST); 421 PKCS7_R_NO_DEFAULT_DIGEST);
428 goto err; 422 goto err;
429 }
430 } 423 }
424 }
431 425
432 if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; 426 if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
433 if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; 427 goto err;
434 if (!PKCS7_add_signer(p7,si)) goto err; 428 if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
435 return(si); 429 goto err;
430 if (!PKCS7_add_signer(p7, si))
431 goto err;
432 return (si);
436err: 433err:
437 if (si) 434 if (si)
438 PKCS7_SIGNER_INFO_free(si); 435 PKCS7_SIGNER_INFO_free(si);
439 return(NULL); 436 return (NULL);
440 } 437}
441 438
442int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) 439int
443 { 440PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
444 if (PKCS7_type_is_digest(p7)) 441{
445 { 442 if (PKCS7_type_is_digest(p7)) {
446 if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) 443 if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
447 { 444 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,
448 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); 445 ERR_R_MALLOC_FAILURE);
449 return 0; 446 return 0;
450 } 447 }
451 p7->d.digest->md->parameter->type = V_ASN1_NULL; 448 p7->d.digest->md->parameter->type = V_ASN1_NULL;
452 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); 449 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
453 return 1; 450 return 1;
454 }
455
456 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
457 return 1;
458 } 451 }
459 452
460STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) 453 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
461 { 454 return 1;
462 if (PKCS7_type_is_signed(p7)) 455}
463 {
464 return(p7->d.sign->signer_info);
465 }
466 else if (PKCS7_type_is_signedAndEnveloped(p7))
467 {
468 return(p7->d.signed_and_enveloped->signer_info);
469 }
470 else
471 return(NULL);
472 }
473 456
474void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, 457STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
475 X509_ALGOR **pdig, X509_ALGOR **psig) 458{
476 { 459 if (PKCS7_type_is_signed(p7)) {
460 return (p7->d.sign->signer_info);
461 } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
462 return (p7->d.signed_and_enveloped->signer_info);
463 } else
464 return (NULL);
465}
466
467void
468PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
469 X509_ALGOR **pdig, X509_ALGOR **psig)
470{
477 if (pk) 471 if (pk)
478 *pk = si->pkey; 472 *pk = si->pkey;
479 if (pdig) 473 if (pdig)
480 *pdig = si->digest_alg; 474 *pdig = si->digest_alg;
481 if (psig) 475 if (psig)
482 *psig = si->digest_enc_alg; 476 *psig = si->digest_enc_alg;
483 } 477}
484 478
485void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) 479void
486 { 480PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
481{
487 if (penc) 482 if (penc)
488 *penc = ri->key_enc_algor; 483 *penc = ri->key_enc_algor;
489 } 484}
490 485
491PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) 486PKCS7_RECIP_INFO *
492 { 487PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
488{
493 PKCS7_RECIP_INFO *ri; 489 PKCS7_RECIP_INFO *ri;
494 490
495 if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; 491 if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
496 if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; 492 goto err;
497 if (!PKCS7_add_recipient_info(p7,ri)) goto err; 493 if (!PKCS7_RECIP_INFO_set(ri, x509))
494 goto err;
495 if (!PKCS7_add_recipient_info(p7, ri))
496 goto err;
498 return ri; 497 return ri;
499err: 498err:
500 if (ri) 499 if (ri)
501 PKCS7_RECIP_INFO_free(ri); 500 PKCS7_RECIP_INFO_free(ri);
502 return NULL; 501 return NULL;
503 } 502}
504 503
505int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) 504int
506 { 505PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
506{
507 int i; 507 int i;
508 STACK_OF(PKCS7_RECIP_INFO) *sk; 508 STACK_OF(PKCS7_RECIP_INFO) *sk;
509 509
510 i=OBJ_obj2nid(p7->type); 510 i = OBJ_obj2nid(p7->type);
511 switch (i) 511 switch (i) {
512 {
513 case NID_pkcs7_signedAndEnveloped: 512 case NID_pkcs7_signedAndEnveloped:
514 sk= p7->d.signed_and_enveloped->recipientinfo; 513 sk = p7->d.signed_and_enveloped->recipientinfo;
515 break; 514 break;
516 case NID_pkcs7_enveloped: 515 case NID_pkcs7_enveloped:
517 sk= p7->d.enveloped->recipientinfo; 516 sk = p7->d.enveloped->recipientinfo;
518 break; 517 break;
519 default: 518 default:
520 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); 519 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
521 return(0); 520 PKCS7_R_WRONG_CONTENT_TYPE);
522 } 521 return (0);
522 }
523 523
524 if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) 524 if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
525 return 0; 525 return 0;
526 return(1); 526 return (1);
527 } 527}
528 528
529int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) 529int
530 { 530PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
531{
531 int ret; 532 int ret;
532 EVP_PKEY *pkey = NULL; 533 EVP_PKEY *pkey = NULL;
533 if (!ASN1_INTEGER_set(p7i->version,0)) 534 if (!ASN1_INTEGER_set(p7i->version, 0))
534 return 0; 535 return 0;
535 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 536 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
536 X509_get_issuer_name(x509))) 537 X509_get_issuer_name(x509)))
537 return 0; 538 return 0;
538 539
539 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 540 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
540 if (!(p7i->issuer_and_serial->serial= 541 if (!(p7i->issuer_and_serial->serial =
541 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 542 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
542 return 0; 543 return 0;
543 544
544 pkey = X509_get_pubkey(x509); 545 pkey = X509_get_pubkey(x509);
545 546
546 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) 547 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
547 {
548 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 548 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
549 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 549 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
550 goto err; 550 goto err;
551 } 551 }
552 552
553 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 553 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
554 0, p7i); 554 0, p7i);
555 if (ret == -2) 555 if (ret == -2) {
556 {
557 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 556 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
558 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 557 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
559 goto err; 558 goto err;
560 } 559 }
561 if (ret <= 0) 560 if (ret <= 0) {
562 {
563 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 561 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
564 PKCS7_R_ENCRYPTION_CTRL_FAILURE); 562 PKCS7_R_ENCRYPTION_CTRL_FAILURE);
565 goto err; 563 goto err;
566 } 564 }
567 565
568 EVP_PKEY_free(pkey); 566 EVP_PKEY_free(pkey);
569 567
570 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 568 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
571 p7i->cert=x509; 569 p7i->cert = x509;
572 570
573 return 1; 571 return 1;
574 572
575 err: 573err:
576 if (pkey) 574 if (pkey)
577 EVP_PKEY_free(pkey); 575 EVP_PKEY_free(pkey);
578 return 0; 576 return 0;
579 } 577}
580 578
581X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) 579X509 *
582 { 580PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
581{
583 if (PKCS7_type_is_signed(p7)) 582 if (PKCS7_type_is_signed(p7))
584 return(X509_find_by_issuer_and_serial(p7->d.sign->cert, 583 return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
585 si->issuer_and_serial->issuer, 584 si->issuer_and_serial->issuer,
586 si->issuer_and_serial->serial)); 585 si->issuer_and_serial->serial));
587 else 586 else
588 return(NULL); 587 return (NULL);
589 } 588}
590 589
591int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) 590int
592 { 591PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
592{
593 int i; 593 int i;
594 PKCS7_ENC_CONTENT *ec; 594 PKCS7_ENC_CONTENT *ec;
595 595
596 i=OBJ_obj2nid(p7->type); 596 i = OBJ_obj2nid(p7->type);
597 switch (i) 597 switch (i) {
598 {
599 case NID_pkcs7_signedAndEnveloped: 598 case NID_pkcs7_signedAndEnveloped:
600 ec=p7->d.signed_and_enveloped->enc_data; 599 ec = p7->d.signed_and_enveloped->enc_data;
601 break; 600 break;
602 case NID_pkcs7_enveloped: 601 case NID_pkcs7_enveloped:
603 ec=p7->d.enveloped->enc_data; 602 ec = p7->d.enveloped->enc_data;
604 break; 603 break;
605 default: 604 default:
606 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); 605 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
607 return(0); 606 return (0);
608 } 607 }
609 608
610 /* Check cipher OID exists and has data in it*/ 609 /* Check cipher OID exists and has data in it*/
611 i = EVP_CIPHER_type(cipher); 610 i = EVP_CIPHER_type(cipher);
612 if(i == NID_undef) { 611 if (i == NID_undef) {
613 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 612 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
614 return(0); 613 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
614 return (0);
615 } 615 }
616 616
617 ec->cipher = cipher; 617 ec->cipher = cipher;
618 return 1; 618 return 1;
619 } 619}
620 620
621int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) 621int
622 { 622PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
623{
623 ASN1_OCTET_STRING *os = NULL; 624 ASN1_OCTET_STRING *os = NULL;
624 625
625 switch (OBJ_obj2nid(p7->type)) 626 switch (OBJ_obj2nid(p7->type)) {
626 { 627 case NID_pkcs7_data:
627 case NID_pkcs7_data:
628 os = p7->d.data; 628 os = p7->d.data;
629 break; 629 break;
630 630
631 case NID_pkcs7_signedAndEnveloped: 631 case NID_pkcs7_signedAndEnveloped:
632 os = p7->d.signed_and_enveloped->enc_data->enc_data; 632 os = p7->d.signed_and_enveloped->enc_data->enc_data;
633 if (os == NULL) 633 if (os == NULL) {
634 { 634 os = M_ASN1_OCTET_STRING_new();
635 os=M_ASN1_OCTET_STRING_new(); 635 p7->d.signed_and_enveloped->enc_data->enc_data = os;
636 p7->d.signed_and_enveloped->enc_data->enc_data=os; 636 }
637 }
638 break; 637 break;
639 638
640 case NID_pkcs7_enveloped: 639 case NID_pkcs7_enveloped:
641 os = p7->d.enveloped->enc_data->enc_data; 640 os = p7->d.enveloped->enc_data->enc_data;
642 if (os == NULL) 641 if (os == NULL) {
643 { 642 os = M_ASN1_OCTET_STRING_new();
644 os=M_ASN1_OCTET_STRING_new(); 643 p7->d.enveloped->enc_data->enc_data = os;
645 p7->d.enveloped->enc_data->enc_data=os; 644 }
646 }
647 break; 645 break;
648 646
649 case NID_pkcs7_signed: 647 case NID_pkcs7_signed:
650 os=p7->d.sign->contents->d.data; 648 os = p7->d.sign->contents->d.data;
651 break; 649 break;
652 650
653 default: 651 default:
654 os = NULL; 652 os = NULL;
655 break; 653 break;
656 } 654 }
657 655
658 if (os == NULL) 656 if (os == NULL)
659 return 0; 657 return 0;
660 658
@@ -662,4 +660,4 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
662 *boundary = &os->data; 660 *boundary = &os->data;
663 661
664 return 1; 662 return 1;
665 } 663}
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index 46d3dfd513..8f32125f0b 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_mime.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_mime.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,21 +61,23 @@
61 61
62/* PKCS#7 wrappers round generalised stream and MIME routines */ 62/* PKCS#7 wrappers round generalised stream and MIME routines */
63 63
64int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) 64int
65 { 65i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
66{
66 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, 67 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
67 ASN1_ITEM_rptr(PKCS7)); 68 ASN1_ITEM_rptr(PKCS7));
68 } 69}
69 70
70int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) 71int
71 { 72PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
73{
72 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags, 74 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
73 "PKCS7", 75 "PKCS7", ASN1_ITEM_rptr(PKCS7));
74 ASN1_ITEM_rptr(PKCS7)); 76}
75 }
76 77
77int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) 78int
78 { 79SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
80{
79 STACK_OF(X509_ALGOR) *mdalgs; 81 STACK_OF(X509_ALGOR) *mdalgs;
80 int ctype_nid = OBJ_obj2nid(p7->type); 82 int ctype_nid = OBJ_obj2nid(p7->type);
81 if (ctype_nid == NID_pkcs7_signed) 83 if (ctype_nid == NID_pkcs7_signed)
@@ -87,11 +89,11 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
87 89
88 90
89 return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, 91 return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
90 ctype_nid, NID_undef, mdalgs, 92 ctype_nid, NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7));
91 ASN1_ITEM_rptr(PKCS7)); 93}
92 }
93 94
94PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) 95PKCS7 *
95 { 96SMIME_read_PKCS7(BIO *bio, BIO **bcont)
97{
96 return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); 98 return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
97 } 99}
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 692967e72e..5d174f7644 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_smime.c,v 1.14 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_smime.c,v 1.15 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -65,17 +65,17 @@
65 65
66static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); 66static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
67 67
68PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 68PKCS7 *
69 BIO *data, int flags) 69PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
70 int flags)
70{ 71{
71 PKCS7 *p7; 72 PKCS7 *p7;
72 int i; 73 int i;
73 74
74 if(!(p7 = PKCS7_new())) 75 if (!(p7 = PKCS7_new())) {
75 { 76 PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
76 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
77 return NULL; 77 return NULL;
78 } 78 }
79 79
80 if (!PKCS7_set_type(p7, NID_pkcs7_signed)) 80 if (!PKCS7_set_type(p7, NID_pkcs7_signed))
81 goto err; 81 goto err;
@@ -83,22 +83,19 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
83 if (!PKCS7_content_new(p7, NID_pkcs7_data)) 83 if (!PKCS7_content_new(p7, NID_pkcs7_data))
84 goto err; 84 goto err;
85 85
86 if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) 86 if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
87 { 87 PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
88 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
89 goto err; 88 goto err;
90 } 89 }
91 90
92 if(!(flags & PKCS7_NOCERTS)) 91 if (!(flags & PKCS7_NOCERTS)) {
93 { 92 for (i = 0; i < sk_X509_num(certs); i++) {
94 for(i = 0; i < sk_X509_num(certs); i++)
95 {
96 if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) 93 if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
97 goto err; 94 goto err;
98 }
99 } 95 }
96 }
100 97
101 if(flags & PKCS7_DETACHED) 98 if (flags & PKCS7_DETACHED)
102 PKCS7_set_detached(p7, 1); 99 PKCS7_set_detached(p7, 1);
103 100
104 if (flags & (PKCS7_STREAM|PKCS7_PARTIAL)) 101 if (flags & (PKCS7_STREAM|PKCS7_PARTIAL))
@@ -107,164 +104,160 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
107 if (PKCS7_final(p7, data, flags)) 104 if (PKCS7_final(p7, data, flags))
108 return p7; 105 return p7;
109 106
110 err: 107err:
111 PKCS7_free(p7); 108 PKCS7_free(p7);
112 return NULL; 109 return NULL;
113} 110}
114 111
115int PKCS7_final(PKCS7 *p7, BIO *data, int flags) 112int
116 { 113PKCS7_final(PKCS7 *p7, BIO *data, int flags)
114{
117 BIO *p7bio; 115 BIO *p7bio;
118 int ret = 0; 116 int ret = 0;
119 if (!(p7bio = PKCS7_dataInit(p7, NULL))) 117
120 { 118 if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
121 PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE); 119 PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
122 return 0; 120 return 0;
123 } 121 }
124 122
125 SMIME_crlf_copy(data, p7bio, flags); 123 SMIME_crlf_copy(data, p7bio, flags);
126 124
127 (void)BIO_flush(p7bio); 125 (void)BIO_flush(p7bio);
128 126
129 127 if (!PKCS7_dataFinal(p7, p7bio)) {
130 if (!PKCS7_dataFinal(p7,p7bio)) 128 PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
131 {
132 PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN);
133 goto err; 129 goto err;
134 } 130 }
135 131
136 ret = 1; 132 ret = 1;
137 133
138 err: 134err:
139 BIO_free_all(p7bio); 135 BIO_free_all(p7bio);
140 136
141 return ret; 137 return ret;
142 138}
143 }
144 139
145/* Check to see if a cipher exists and if so add S/MIME capabilities */ 140/* Check to see if a cipher exists and if so add S/MIME capabilities */
146 141
147static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) 142static int
148 { 143add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
144{
149 if (EVP_get_cipherbynid(nid)) 145 if (EVP_get_cipherbynid(nid))
150 return PKCS7_simple_smimecap(sk, nid, arg); 146 return PKCS7_simple_smimecap(sk, nid, arg);
151 return 1; 147 return 1;
152 } 148}
153 149
154static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) 150static int
155 { 151add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
152{
156 if (EVP_get_digestbynid(nid)) 153 if (EVP_get_digestbynid(nid))
157 return PKCS7_simple_smimecap(sk, nid, arg); 154 return PKCS7_simple_smimecap(sk, nid, arg);
158 return 1; 155 return 1;
159 } 156}
160 157
161PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, 158PKCS7_SIGNER_INFO *
162 EVP_PKEY *pkey, const EVP_MD *md, 159PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
163 int flags) 160 const EVP_MD *md, int flags)
164 { 161{
165 PKCS7_SIGNER_INFO *si = NULL; 162 PKCS7_SIGNER_INFO *si = NULL;
166 STACK_OF(X509_ALGOR) *smcap = NULL; 163 STACK_OF(X509_ALGOR) *smcap = NULL;
167 if(!X509_check_private_key(signcert, pkey)) 164
168 { 165 if (!X509_check_private_key(signcert, pkey)) {
169 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 166 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
170 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 167 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
171 return NULL; 168 return NULL;
172 } 169 }
173 170
174 if (!(si = PKCS7_add_signature(p7,signcert,pkey, md))) 171 if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {
175 {
176 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 172 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
177 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); 173 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
178 return NULL; 174 return NULL;
179 } 175 }
180 176
181 if(!(flags & PKCS7_NOCERTS)) 177 if (!(flags & PKCS7_NOCERTS)) {
182 {
183 if (!PKCS7_add_certificate(p7, signcert)) 178 if (!PKCS7_add_certificate(p7, signcert))
184 goto err; 179 goto err;
185 } 180 }
186 181
187 if(!(flags & PKCS7_NOATTR)) 182 if (!(flags & PKCS7_NOATTR)) {
188 {
189 if (!PKCS7_add_attrib_content_type(si, NULL)) 183 if (!PKCS7_add_attrib_content_type(si, NULL))
190 goto err; 184 goto err;
191 /* Add SMIMECapabilities */ 185 /* Add SMIMECapabilities */
192 if(!(flags & PKCS7_NOSMIMECAP)) 186 if (!(flags & PKCS7_NOSMIMECAP)) {
193 { 187 if (!(smcap = sk_X509_ALGOR_new_null())) {
194 if(!(smcap = sk_X509_ALGOR_new_null()))
195 {
196 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 188 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
197 ERR_R_MALLOC_FAILURE); 189 ERR_R_MALLOC_FAILURE);
198 goto err; 190 goto err;
199 } 191 }
200 if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 192 if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
201 || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 193 !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
202 || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 194 !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
203 || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 195 !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
204 || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 196 !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
205 || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 197 !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
206 || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) 198 !add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
207 || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) 199 !add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
208 || !add_cipher_smcap(smcap, NID_des_cbc, -1) 200 !add_cipher_smcap(smcap, NID_des_cbc, -1) ||
209 || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) 201 !add_cipher_smcap(smcap, NID_rc2_cbc, 40) ||
210 || !PKCS7_add_attrib_smimecap (si, smcap)) 202 !PKCS7_add_attrib_smimecap (si, smcap))
211 goto err; 203 goto err;
212 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 204 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
213 smcap = NULL; 205 smcap = NULL;
214 } 206 }
215 if (flags & PKCS7_REUSE_DIGEST) 207 if (flags & PKCS7_REUSE_DIGEST) {
216 {
217 if (!pkcs7_copy_existing_digest(p7, si)) 208 if (!pkcs7_copy_existing_digest(p7, si))
218 goto err; 209 goto err;
219 if (!(flags & PKCS7_PARTIAL) && 210 if (!(flags & PKCS7_PARTIAL) &&
220 !PKCS7_SIGNER_INFO_sign(si)) 211 !PKCS7_SIGNER_INFO_sign(si))
221 goto err; 212 goto err;
222 }
223 } 213 }
214 }
224 return si; 215 return si;
225 err: 216
217err:
226 if (smcap) 218 if (smcap)
227 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 219 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
228 return NULL; 220 return NULL;
229 } 221}
230 222
231/* Search for a digest matching SignerInfo digest type and if found 223/* Search for a digest matching SignerInfo digest type and if found
232 * copy across. 224 * copy across.
233 */ 225 */
234 226
235static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) 227static int
236 { 228pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
229{
237 int i; 230 int i;
238 STACK_OF(PKCS7_SIGNER_INFO) *sinfos; 231 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
239 PKCS7_SIGNER_INFO *sitmp; 232 PKCS7_SIGNER_INFO *sitmp;
240 ASN1_OCTET_STRING *osdig = NULL; 233 ASN1_OCTET_STRING *osdig = NULL;
234
241 sinfos = PKCS7_get_signer_info(p7); 235 sinfos = PKCS7_get_signer_info(p7);
242 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) 236 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
243 {
244 sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); 237 sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
245 if (si == sitmp) 238 if (si == sitmp)
246 break; 239 break;
247 if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) 240 if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
248 continue; 241 continue;
249 if (!OBJ_cmp(si->digest_alg->algorithm, 242 if (!OBJ_cmp(si->digest_alg->algorithm,
250 sitmp->digest_alg->algorithm)) 243 sitmp->digest_alg->algorithm)) {
251 {
252 osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); 244 osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
253 break; 245 break;
254 }
255
256 } 246 }
257 247
248 }
249
258 if (osdig) 250 if (osdig)
259 return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); 251 return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
260 252
261 PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 253 PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
262 PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); 254 PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
263 return 0; 255 return 0;
264 } 256}
265 257
266int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 258int
267 BIO *indata, BIO *out, int flags) 259PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
260 BIO *out, int flags)
268{ 261{
269 STACK_OF(X509) *signers; 262 STACK_OF(X509) *signers;
270 X509 *signer; 263 X509 *signer;
@@ -272,23 +265,23 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
272 PKCS7_SIGNER_INFO *si; 265 PKCS7_SIGNER_INFO *si;
273 X509_STORE_CTX cert_ctx; 266 X509_STORE_CTX cert_ctx;
274 char buf[4096]; 267 char buf[4096];
275 int i, j=0, k, ret = 0; 268 int i, j = 0, k, ret = 0;
276 BIO *p7bio; 269 BIO *p7bio;
277 BIO *tmpin, *tmpout; 270 BIO *tmpin, *tmpout;
278 271
279 if(!p7) { 272 if (!p7) {
280 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); 273 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
281 return 0; 274 return 0;
282 } 275 }
283 276
284 if(!PKCS7_type_is_signed(p7)) { 277 if (!PKCS7_type_is_signed(p7)) {
285 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); 278 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
286 return 0; 279 return 0;
287 } 280 }
288 281
289 /* Check for no data and no content: no data to verify signature */ 282 /* Check for no data and no content: no data to verify signature */
290 if(PKCS7_get_detached(p7) && !indata) { 283 if (PKCS7_get_detached(p7) && !indata) {
291 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); 284 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
292 return 0; 285 return 0;
293 } 286 }
294#if 0 287#if 0
@@ -297,56 +290,58 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
297 */ 290 */
298 291
299 /* Check for data and content: two sets of data */ 292 /* Check for data and content: two sets of data */
300 if(!PKCS7_get_detached(p7) && indata) { 293 if (!PKCS7_get_detached(p7) && indata) {
301 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); 294 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
302 return 0; 295 return 0;
303 } 296 }
304#endif 297#endif
305 298
306 sinfos = PKCS7_get_signer_info(p7); 299 sinfos = PKCS7_get_signer_info(p7);
307 300
308 if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { 301 if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
309 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); 302 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
310 return 0; 303 return 0;
311 } 304 }
312 305
313 306
314 signers = PKCS7_get0_signers(p7, certs, flags); 307 signers = PKCS7_get0_signers(p7, certs, flags);
315 308
316 if(!signers) return 0; 309 if (!signers)
310 return 0;
317 311
318 /* Now verify the certificates */ 312 /* Now verify the certificates */
319 313
320 if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { 314 if (!(flags & PKCS7_NOVERIFY))
321 signer = sk_X509_value (signers, k); 315 for (k = 0; k < sk_X509_num(signers); k++) {
322 if (!(flags & PKCS7_NOCHAIN)) { 316 signer = sk_X509_value (signers, k);
323 if(!X509_STORE_CTX_init(&cert_ctx, store, signer, 317 if (!(flags & PKCS7_NOCHAIN)) {
324 p7->d.sign->cert)) 318 if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
325 { 319 p7->d.sign->cert)) {
326 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); 320 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
321 sk_X509_free(signers);
322 return 0;
323 }
324 X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
325 } else if (!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
326 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
327 sk_X509_free(signers); 327 sk_X509_free(signers);
328 return 0; 328 return 0;
329 } 329 }
330 X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); 330 if (!(flags & PKCS7_NOCRL))
331 } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { 331 X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
332 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); 332 i = X509_verify_cert(&cert_ctx);
333 sk_X509_free(signers); 333 if (i <= 0)
334 return 0; 334 j = X509_STORE_CTX_get_error(&cert_ctx);
335 } 335 X509_STORE_CTX_cleanup(&cert_ctx);
336 if (!(flags & PKCS7_NOCRL)) 336 if (i <= 0) {
337 X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); 337 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CERTIFICATE_VERIFY_ERROR);
338 i = X509_verify_cert(&cert_ctx); 338 ERR_asprintf_error_data("Verify error:%s",
339 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); 339 X509_verify_cert_error_string(j));
340 X509_STORE_CTX_cleanup(&cert_ctx); 340 sk_X509_free(signers);
341 if (i <= 0) { 341 return 0;
342 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); 342 }
343 ERR_asprintf_error_data("Verify error:%s", 343 /* Check for revocation status here */
344 X509_verify_cert_error_string(j));
345 sk_X509_free(signers);
346 return 0;
347 } 344 }
348 /* Check for revocation status here */
349 }
350 345
351 /* Performance optimization: if the content is a memory BIO then 346 /* Performance optimization: if the content is a memory BIO then
352 * store its contents in a temporary read only memory BIO. This 347 * store its contents in a temporary read only memory BIO. This
@@ -354,45 +349,43 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
354 * occur when reading from a read write memory BIO when signatures 349 * occur when reading from a read write memory BIO when signatures
355 * are calculated. 350 * are calculated.
356 */ 351 */
357 352 if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
358 if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
359 {
360 char *ptr; 353 char *ptr;
361 long len; 354 long len;
362 len = BIO_get_mem_data(indata, &ptr); 355 len = BIO_get_mem_data(indata, &ptr);
363 tmpin = BIO_new_mem_buf(ptr, len); 356 tmpin = BIO_new_mem_buf(ptr, len);
364 if (tmpin == NULL) 357 if (tmpin == NULL) {
365 { 358 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
366 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
367 return 0; 359 return 0;
368 }
369 } 360 }
370 else 361 } else
371 tmpin = indata; 362 tmpin = indata;
372
373 363
374 if (!(p7bio=PKCS7_dataInit(p7,tmpin))) 364
365 if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
375 goto err; 366 goto err;
376 367
377 if(flags & PKCS7_TEXT) { 368 if (flags & PKCS7_TEXT) {
378 if(!(tmpout = BIO_new(BIO_s_mem()))) { 369 if (!(tmpout = BIO_new(BIO_s_mem()))) {
379 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); 370 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
380 goto err; 371 goto err;
381 } 372 }
382 BIO_set_mem_eof_return(tmpout, 0); 373 BIO_set_mem_eof_return(tmpout, 0);
383 } else tmpout = out; 374 } else tmpout = out;
384 375
385 /* We now have to 'read' from p7bio to calculate digests etc. */ 376 /* We now have to 'read' from p7bio to calculate digests etc. */
386 for (;;) 377 for (;;) {
387 { 378 i = BIO_read(p7bio, buf, sizeof(buf));
388 i=BIO_read(p7bio,buf,sizeof(buf)); 379 if (i <= 0)
389 if (i <= 0) break; 380 break;
390 if (tmpout) BIO_write(tmpout, buf, i); 381 if (tmpout)
382 BIO_write(tmpout, buf, i);
391 } 383 }
392 384
393 if(flags & PKCS7_TEXT) { 385 if (flags & PKCS7_TEXT) {
394 if(!SMIME_text(tmpout, out)) { 386 if (!SMIME_text(tmpout, out)) {
395 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); 387 PKCS7err(PKCS7_F_PKCS7_VERIFY,
388 PKCS7_R_SMIME_TEXT_ERROR);
396 BIO_free(tmpout); 389 BIO_free(tmpout);
397 goto err; 390 goto err;
398 } 391 }
@@ -401,25 +394,24 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
401 394
402 /* Now Verify All Signatures */ 395 /* Now Verify All Signatures */
403 if (!(flags & PKCS7_NOSIGS)) 396 if (!(flags & PKCS7_NOSIGS))
404 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++) 397 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
405 { 398 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
406 si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
407 signer = sk_X509_value (signers, i); 399 signer = sk_X509_value (signers, i);
408 j=PKCS7_signatureVerify(p7bio,p7,si, signer); 400 j = PKCS7_signatureVerify(p7bio, p7, si, signer);
409 if (j <= 0) { 401 if (j <= 0) {
410 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE); 402 PKCS7err(PKCS7_F_PKCS7_VERIFY,
403 PKCS7_R_SIGNATURE_FAILURE);
411 goto err; 404 goto err;
412 } 405 }
413 } 406 }
414 407
415 ret = 1; 408 ret = 1;
416 409
417 err: 410err:
418 411 if (tmpin == indata) {
419 if (tmpin == indata) 412 if (indata)
420 { 413 BIO_pop(p7bio);
421 if (indata) BIO_pop(p7bio); 414 }
422 }
423 BIO_free_all(p7bio); 415 BIO_free_all(p7bio);
424 416
425 sk_X509_free(signers); 417 sk_X509_free(signers);
@@ -436,83 +428,84 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
436 X509 *signer; 428 X509 *signer;
437 int i; 429 int i;
438 430
439 if(!p7) { 431 if (!p7) {
440 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); 432 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
433 PKCS7_R_INVALID_NULL_POINTER);
441 return NULL; 434 return NULL;
442 } 435 }
443 436
444 if(!PKCS7_type_is_signed(p7)) { 437 if (!PKCS7_type_is_signed(p7)) {
445 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); 438 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
439 PKCS7_R_WRONG_CONTENT_TYPE);
446 return NULL; 440 return NULL;
447 } 441 }
448 442
449 /* Collect all the signers together */ 443 /* Collect all the signers together */
450
451 sinfos = PKCS7_get_signer_info(p7); 444 sinfos = PKCS7_get_signer_info(p7);
452 445 if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
453 if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { 446 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
454 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
455 return 0; 447 return 0;
456 } 448 }
457 449
458 if(!(signers = sk_X509_new_null())) { 450 if (!(signers = sk_X509_new_null())) {
459 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); 451 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
460 return NULL; 452 return NULL;
461 } 453 }
462 454
463 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) 455 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
464 { 456 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
465 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); 457 ias = si->issuer_and_serial;
466 ias = si->issuer_and_serial; 458 signer = NULL;
467 signer = NULL;
468 /* If any certificates passed they take priority */ 459 /* If any certificates passed they take priority */
469 if (certs) signer = X509_find_by_issuer_and_serial (certs, 460 if (certs) signer = X509_find_by_issuer_and_serial (certs,
470 ias->issuer, ias->serial); 461 ias->issuer, ias->serial);
471 if (!signer && !(flags & PKCS7_NOINTERN) 462 if (!signer && !(flags & PKCS7_NOINTERN) &&
472 && p7->d.sign->cert) signer = 463 p7->d.sign->cert) signer =
473 X509_find_by_issuer_and_serial (p7->d.sign->cert, 464 X509_find_by_issuer_and_serial (p7->d.sign->cert,
474 ias->issuer, ias->serial); 465 ias->issuer, ias->serial);
475 if (!signer) { 466 if (!signer) {
476 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); 467 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
468 PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
477 sk_X509_free(signers); 469 sk_X509_free(signers);
478 return 0; 470 return 0;
479 } 471 }
480 472
481 if (!sk_X509_push(signers, signer)) { 473 if (!sk_X509_push(signers, signer)) {
482 sk_X509_free(signers); 474 sk_X509_free(signers);
483 return NULL; 475 return NULL;
484 } 476 }
485 } 477 }
486 return signers; 478 return signers;
487} 479}
488 480
489
490/* Build a complete PKCS#7 enveloped data */ 481/* Build a complete PKCS#7 enveloped data */
491 482
492PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, 483PKCS7 *
493 int flags) 484PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
485 int flags)
494{ 486{
495 PKCS7 *p7; 487 PKCS7 *p7;
496 BIO *p7bio = NULL; 488 BIO *p7bio = NULL;
497 int i; 489 int i;
498 X509 *x509; 490 X509 *x509;
499 if(!(p7 = PKCS7_new())) { 491
500 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); 492 if (!(p7 = PKCS7_new())) {
493 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
501 return NULL; 494 return NULL;
502 } 495 }
503 496
504 if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) 497 if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
505 goto err; 498 goto err;
506 if (!PKCS7_set_cipher(p7, cipher)) { 499 if (!PKCS7_set_cipher(p7, cipher)) {
507 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); 500 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
508 goto err; 501 goto err;
509 } 502 }
510 503
511 for(i = 0; i < sk_X509_num(certs); i++) { 504 for (i = 0; i < sk_X509_num(certs); i++) {
512 x509 = sk_X509_value(certs, i); 505 x509 = sk_X509_value(certs, i);
513 if(!PKCS7_add_recipient(p7, x509)) { 506 if (!PKCS7_add_recipient(p7, x509)) {
514 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, 507 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
515 PKCS7_R_ERROR_ADDING_RECIPIENT); 508 PKCS7_R_ERROR_ADDING_RECIPIENT);
516 goto err; 509 goto err;
517 } 510 }
518 } 511 }
@@ -523,37 +516,36 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
523 if (PKCS7_final(p7, in, flags)) 516 if (PKCS7_final(p7, in, flags))
524 return p7; 517 return p7;
525 518
526 err: 519err:
527
528 BIO_free_all(p7bio); 520 BIO_free_all(p7bio);
529 PKCS7_free(p7); 521 PKCS7_free(p7);
530 return NULL; 522 return NULL;
531
532} 523}
533 524
534int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) 525int
526PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
535{ 527{
536 BIO *tmpmem; 528 BIO *tmpmem;
537 int ret, i; 529 int ret, i;
538 char buf[4096]; 530 char buf[4096];
539 531
540 if(!p7) { 532 if (!p7) {
541 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); 533 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
542 return 0; 534 return 0;
543 } 535 }
544 536
545 if(!PKCS7_type_is_enveloped(p7)) { 537 if (!PKCS7_type_is_enveloped(p7)) {
546 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); 538 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
547 return 0; 539 return 0;
548 } 540 }
549 541
550 if(cert && !X509_check_private_key(cert, pkey)) { 542 if (cert && !X509_check_private_key(cert, pkey)) {
551 PKCS7err(PKCS7_F_PKCS7_DECRYPT, 543 PKCS7err(PKCS7_F_PKCS7_DECRYPT,
552 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 544 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
553 return 0; 545 return 0;
554 } 546 }
555 547
556 if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { 548 if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
557 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); 549 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
558 return 0; 550 return 0;
559 } 551 }
@@ -561,44 +553,40 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
561 if (flags & PKCS7_TEXT) { 553 if (flags & PKCS7_TEXT) {
562 BIO *tmpbuf, *bread; 554 BIO *tmpbuf, *bread;
563 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ 555 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
564 if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { 556 if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
565 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); 557 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
566 BIO_free_all(tmpmem); 558 BIO_free_all(tmpmem);
567 return 0; 559 return 0;
568 } 560 }
569 if(!(bread = BIO_push(tmpbuf, tmpmem))) { 561 if (!(bread = BIO_push(tmpbuf, tmpmem))) {
570 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); 562 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
571 BIO_free_all(tmpbuf); 563 BIO_free_all(tmpbuf);
572 BIO_free_all(tmpmem); 564 BIO_free_all(tmpmem);
573 return 0; 565 return 0;
574 } 566 }
575 ret = SMIME_text(bread, data); 567 ret = SMIME_text(bread, data);
576 if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) 568 if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
577 {
578 if (!BIO_get_cipher_status(tmpmem)) 569 if (!BIO_get_cipher_status(tmpmem))
579 ret = 0; 570 ret = 0;
580 } 571 }
581 BIO_free_all(bread); 572 BIO_free_all(bread);
582 return ret; 573 return ret;
583 } else { 574 } else {
584 for(;;) { 575 for (;;) {
585 i = BIO_read(tmpmem, buf, sizeof(buf)); 576 i = BIO_read(tmpmem, buf, sizeof(buf));
586 if(i <= 0) 577 if (i <= 0) {
587 {
588 ret = 1; 578 ret = 1;
589 if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) 579 if (BIO_method_type(tmpmem) ==
590 { 580 BIO_TYPE_CIPHER) {
591 if (!BIO_get_cipher_status(tmpmem)) 581 if (!BIO_get_cipher_status(tmpmem))
592 ret = 0; 582 ret = 0;
593 }
594
595 break;
596 } 583 }
597 if (BIO_write(data, buf, i) != i) 584 break;
598 { 585 }
586 if (BIO_write(data, buf, i) != i) {
599 ret = 0; 587 ret = 0;
600 break; 588 break;
601 } 589 }
602 } 590 }
603 BIO_free_all(tmpmem); 591 BIO_free_all(tmpmem);
604 return ret; 592 return ret;
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
index 0f7c66c975..a194e2dadc 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs7err.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pkcs7err.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,120 +68,117 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
70 70
71static ERR_STRING_DATA PKCS7_str_functs[]= 71static ERR_STRING_DATA PKCS7_str_functs[]= {
72 { 72 {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
73{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, 73 {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
74{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, 74 {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"},
75{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, 75 {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"},
76{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, 76 {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"},
77{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, 77 {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
78{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, 78 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
79{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, 79 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
80{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, 80 {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
81{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, 81 {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
82{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, 82 {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
83{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, 83 {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"},
84{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, 84 {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"},
85{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"}, 85 {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
86{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, 86 {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
87{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, 87 {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
88{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, 88 {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
89{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, 89 {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
90{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, 90 {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
91{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, 91 {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
92{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, 92 {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"},
93{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, 93 {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"},
94{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, 94 {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
95{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, 95 {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"},
96{ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, 96 {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"},
97{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, 97 {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
98{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, 98 {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"},
99{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, 99 {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
100{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, 100 {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
101{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, 101 {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
102{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, 102 {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
103{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, 103 {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
104{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, 104 {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
105{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, 105 {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"},
106{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, 106 {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"},
107{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, 107 {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"},
108{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, 108 {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
109{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, 109 {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
110{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, 110 {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
111{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, 111 {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
112{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, 112 {0, NULL}
113{0,NULL} 113};
114 };
115 114
116static ERR_STRING_DATA PKCS7_str_reasons[]= 115static ERR_STRING_DATA PKCS7_str_reasons[]= {
117 { 116 {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
118{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, 117 {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"},
119{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, 118 {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
120{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, 119 {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), "content and data present"},
121{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, 120 {ERR_REASON(PKCS7_R_CTRL_ERROR) , "ctrl error"},
122{ERR_REASON(PKCS7_R_CTRL_ERROR) ,"ctrl error"}, 121 {ERR_REASON(PKCS7_R_DECODE_ERROR) , "decode error"},
123{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, 122 {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), "decrypted key is wrong length"},
124{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, 123 {ERR_REASON(PKCS7_R_DECRYPT_ERROR) , "decrypt error"},
125{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, 124 {ERR_REASON(PKCS7_R_DIGEST_FAILURE) , "digest failure"},
126{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, 125 {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
127{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"}, 126 {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "encryption not supported for this key type"},
128{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"}, 127 {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
129{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, 128 {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
130{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, 129 {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) , "invalid mime type"},
131{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, 130 {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
132{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, 131 {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
133{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, 132 {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) , "mime parse error"},
134{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, 133 {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
135{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, 134 {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"},
136{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, 135 {ERR_REASON(PKCS7_R_NO_CONTENT) , "no content"},
137{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, 136 {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) , "no content type"},
138{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, 137 {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) , "no default digest"},
139{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) ,"no default digest"}, 138 {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), "no matching digest type found"},
140{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"}, 139 {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), "no multipart body failure"},
141{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, 140 {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
142{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, 141 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), "no recipient matches certificate"},
143{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, 142 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), "no recipient matches key"},
144{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, 143 {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
145{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, 144 {ERR_REASON(PKCS7_R_NO_SIGNERS) , "no signers"},
146{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, 145 {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) , "no sig content type"},
147{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, 146 {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), "operation not supported on this type"},
148{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, 147 {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"},
149{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, 148 {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"},
150{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"}, 149 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) , "pkcs7 datafinal"},
151{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, 150 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"},
152{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, 151 {ERR_REASON(PKCS7_R_PKCS7_DATASIGN) , "pkcs7 datasign"},
153{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, 152 {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) , "pkcs7 parse error"},
154{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, 153 {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"},
155{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, 154 {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
156{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, 155 {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) , "signature failure"},
157{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, 156 {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
158{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, 157 {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
159{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"}, 158 {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "signing not supported for this key type"},
160{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"}, 159 {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
161{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, 160 {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) , "smime text error"},
162{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, 161 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), "unable to find certificate"},
163{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, 162 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
164{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, 163 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), "unable to find message digest"},
165{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, 164 {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) , "unknown digest type"},
166{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, 165 {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) , "unknown operation"},
167{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, 166 {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
168{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, 167 {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
169{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, 168 {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) , "wrong content type"},
170{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, 169 {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) , "wrong pkcs7 type"},
171{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, 170 {0, NULL}
172{0,NULL} 171};
173 };
174 172
175#endif 173#endif
176 174
177void ERR_load_PKCS7_strings(void) 175void
178 { 176ERR_load_PKCS7_strings(void)
177{
179#ifndef OPENSSL_NO_ERR 178#ifndef OPENSSL_NO_ERR
180 179 if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
181 if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) 180 ERR_load_strings(0, PKCS7_str_functs);
182 { 181 ERR_load_strings(0, PKCS7_str_reasons);
183 ERR_load_strings(0,PKCS7_str_functs);
184 ERR_load_strings(0,PKCS7_str_reasons);
185 }
186#endif
187 } 182 }
183#endif
184}
diff --git a/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c b/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c
index 3d9eba9713..0e4a4f7559 100644
--- a/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c
+++ b/src/lib/libssl/src/crypto/pkcs7/bio_pk7.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bio_pk7.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: bio_pk7.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -59,7 +59,8 @@
59#include <stdio.h> 59#include <stdio.h>
60 60
61/* Streaming encode support for PKCS#7 */ 61/* Streaming encode support for PKCS#7 */
62BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) 62BIO *
63BIO_new_PKCS7(BIO *out, PKCS7 *p7)
63{ 64{
64 return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); 65 return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
65} 66}
diff --git a/src/lib/libssl/src/crypto/pkcs7/example.c b/src/lib/libssl/src/crypto/pkcs7/example.c
index 611c27b113..2dc1b655b1 100644
--- a/src/lib/libssl/src/crypto/pkcs7/example.c
+++ b/src/lib/libssl/src/crypto/pkcs7/example.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: example.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: example.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */
2#include <stdio.h> 2#include <stdio.h>
3#include <stdlib.h> 3#include <stdlib.h>
4#include <string.h> 4#include <string.h>
@@ -6,325 +6,335 @@
6#include <openssl/asn1_mac.h> 6#include <openssl/asn1_mac.h>
7#include <openssl/x509.h> 7#include <openssl/x509.h>
8 8
9int add_signed_time(PKCS7_SIGNER_INFO *si) 9int
10 { 10add_signed_time(PKCS7_SIGNER_INFO *si)
11{
11 ASN1_UTCTIME *sign_time; 12 ASN1_UTCTIME *sign_time;
12 13
13 /* The last parameter is the amount to add/subtract from the current 14 /* The last parameter is the amount to add/subtract from the current
14 * time (in seconds) */ 15 * time (in seconds) */
15 sign_time=X509_gmtime_adj(NULL,0); 16 sign_time = X509_gmtime_adj(NULL, 0);
16 PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime, 17 PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
17 V_ASN1_UTCTIME,(char *)sign_time); 18 V_ASN1_UTCTIME, (char *)sign_time);
18 return(1); 19 return (1);
19 } 20}
20 21
21ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si) 22ASN1_UTCTIME *
22 { 23get_signed_time(PKCS7_SIGNER_INFO *si)
24{
23 ASN1_TYPE *so; 25 ASN1_TYPE *so;
24 26
25 so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime); 27 so = PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime);
26 if (so->type == V_ASN1_UTCTIME) 28 if (so->type == V_ASN1_UTCTIME)
27 return so->value.utctime; 29 return so->value.utctime;
28 return NULL; 30 return NULL;
29 } 31}
30
31static int signed_string_nid= -1;
32 32
33void add_signed_string(PKCS7_SIGNER_INFO *si, char *str) 33static int signed_string_nid = -1;
34 { 34
35void
36add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
37{
35 ASN1_OCTET_STRING *os; 38 ASN1_OCTET_STRING *os;
36 39
37 /* To a an object of OID 1.2.3.4.5, which is an octet string */ 40 /* To a an object of OID 1.2.3.4.5, which is an octet string */
38 if (signed_string_nid == -1) 41 if (signed_string_nid == -1)
39 signed_string_nid= 42 signed_string_nid =
40 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 43 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
41 os=ASN1_OCTET_STRING_new(); 44 os = ASN1_OCTET_STRING_new();
42 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); 45 ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
43 /* When we add, we do not free */ 46 /* When we add, we do not free */
44 PKCS7_add_signed_attribute(si,signed_string_nid, 47 PKCS7_add_signed_attribute(si, signed_string_nid,
45 V_ASN1_OCTET_STRING,(char *)os); 48 V_ASN1_OCTET_STRING, (char *)os);
46 } 49}
47 50
48int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) 51int
49 { 52get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
53{
50 ASN1_TYPE *so; 54 ASN1_TYPE *so;
51 ASN1_OCTET_STRING *os; 55 ASN1_OCTET_STRING *os;
52 int i; 56 int i;
53 57
54 if (signed_string_nid == -1) 58 if (signed_string_nid == -1)
55 signed_string_nid= 59 signed_string_nid =
56 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 60 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
57 /* To retrieve */ 61 /* To retrieve */
58 so=PKCS7_get_signed_attribute(si,signed_string_nid); 62 so = PKCS7_get_signed_attribute(si, signed_string_nid);
59 if (so != NULL) 63 if (so != NULL) {
60 { 64 if (so->type == V_ASN1_OCTET_STRING) {
61 if (so->type == V_ASN1_OCTET_STRING) 65 os = so->value.octet_string;
62 { 66 i = os->length;
63 os=so->value.octet_string; 67 if ((i + 1) > len)
64 i=os->length; 68 i = len - 1;
65 if ((i+1) > len) 69 memcpy(buf, os->data, i);
66 i=len-1; 70 return (i);
67 memcpy(buf,os->data,i);
68 return(i);
69 }
70 } 71 }
71 return(0);
72 } 72 }
73 return (0);
74}
73 75
74static int signed_seq2string_nid= -1; 76static int signed_seq2string_nid = -1;
75/* ########################################### */ 77/* ########################################### */
76int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) 78int
77 { 79add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
80{
78 /* To add an object of OID 1.9.999, which is a sequence containing 81 /* To add an object of OID 1.9.999, which is a sequence containing
79 * 2 octet strings */ 82 * 2 octet strings */
80 unsigned char *p; 83 unsigned char *p;
81 ASN1_OCTET_STRING *os1,*os2; 84 ASN1_OCTET_STRING *os1, *os2;
82 ASN1_STRING *seq; 85 ASN1_STRING *seq;
83 unsigned char *data; 86 unsigned char *data;
84 int i,total; 87 int i, total;
85 88
86 if (signed_seq2string_nid == -1) 89 if (signed_seq2string_nid == -1)
87 signed_seq2string_nid= 90 signed_seq2string_nid =
88 OBJ_create("1.9.9999","OID_example","Our example OID"); 91 OBJ_create("1.9.9999","OID_example","Our example OID");
89 92
90 os1=ASN1_OCTET_STRING_new(); 93 os1 = ASN1_OCTET_STRING_new();
91 os2=ASN1_OCTET_STRING_new(); 94 os2 = ASN1_OCTET_STRING_new();
92 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); 95 ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
93 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); 96 ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
94 i =i2d_ASN1_OCTET_STRING(os1,NULL); 97 i = i2d_ASN1_OCTET_STRING(os1, NULL);
95 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 98 i += i2d_ASN1_OCTET_STRING(os2, NULL);
96 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 99 total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
97 100
98 data=malloc(total); 101 data = malloc(total);
99 p=data; 102 p = data;
100 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); 103 ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
101 i2d_ASN1_OCTET_STRING(os1,&p); 104 i2d_ASN1_OCTET_STRING(os1, &p);
102 i2d_ASN1_OCTET_STRING(os2,&p); 105 i2d_ASN1_OCTET_STRING(os2, &p);
103 106
104 seq=ASN1_STRING_new(); 107 seq = ASN1_STRING_new();
105 ASN1_STRING_set(seq,data,total); 108 ASN1_STRING_set(seq, data, total);
106 free(data); 109 free(data);
107 ASN1_OCTET_STRING_free(os1); 110 ASN1_OCTET_STRING_free(os1);
108 ASN1_OCTET_STRING_free(os2); 111 ASN1_OCTET_STRING_free(os2);
109 112
110 PKCS7_add_signed_attribute(si,signed_seq2string_nid, 113 PKCS7_add_signed_attribute(si, signed_seq2string_nid,
111 V_ASN1_SEQUENCE,(char *)seq); 114 V_ASN1_SEQUENCE, (char *)seq);
112 return(1); 115 return (1);
113 } 116}
114 117
115/* For this case, I will malloc the return strings */ 118/* For this case, I will malloc the return strings */
116int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) 119int
117 { 120get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
121{
118 ASN1_TYPE *so; 122 ASN1_TYPE *so;
119 123
120 if (signed_seq2string_nid == -1) 124 if (signed_seq2string_nid == -1)
121 signed_seq2string_nid= 125 signed_seq2string_nid =
122 OBJ_create("1.9.9999","OID_example","Our example OID"); 126 OBJ_create("1.9.9999","OID_example","Our example OID");
123 /* To retrieve */ 127 /* To retrieve */
124 so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); 128 so = PKCS7_get_signed_attribute(si, signed_seq2string_nid);
125 if (so && (so->type == V_ASN1_SEQUENCE)) 129 if (so && (so->type == V_ASN1_SEQUENCE)) {
126 {
127 ASN1_const_CTX c; 130 ASN1_const_CTX c;
128 ASN1_STRING *s; 131 ASN1_STRING *s;
129 long length; 132 long length;
130 ASN1_OCTET_STRING *os1,*os2; 133 ASN1_OCTET_STRING *os1, *os2;
131 134
132 s=so->value.sequence; 135 s = so->value.sequence;
133 c.p=ASN1_STRING_data(s); 136 c.p = ASN1_STRING_data(s);
134 c.max=c.p+ASN1_STRING_length(s); 137 c.max = c.p + ASN1_STRING_length(s);
135 if (!asn1_GetSequence(&c,&length)) goto err; 138 if (!asn1_GetSequence(&c, &length))
139 goto err;
136 /* Length is the length of the seqence */ 140 /* Length is the length of the seqence */
137 141
138 c.q=c.p; 142 c.q = c.p;
139 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 143 if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
140 goto err; 144 goto err;
141 c.slen-=(c.p-c.q); 145 c.slen -= (c.p - c.q);
142 146
143 c.q=c.p; 147 c.q = c.p;
144 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 148 if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
145 goto err; 149 goto err;
146 c.slen-=(c.p-c.q); 150 c.slen -= (c.p - c.q);
147 151
148 if (!asn1_const_Finish(&c)) goto err; 152 if (!asn1_const_Finish(&c))
149 *str1=malloc(os1->length+1); 153 goto err;
150 *str2=malloc(os2->length+1); 154 *str1 = malloc(os1->length + 1);
151 memcpy(*str1,os1->data,os1->length); 155 *str2 = malloc(os2->length + 1);
152 memcpy(*str2,os2->data,os2->length); 156 memcpy(*str1, os1->data, os1->length);
157 memcpy(*str2, os2->data, os2->length);
153 (*str1)[os1->length]='\0'; 158 (*str1)[os1->length]='\0';
154 (*str2)[os2->length]='\0'; 159 (*str2)[os2->length]='\0';
155 ASN1_OCTET_STRING_free(os1); 160 ASN1_OCTET_STRING_free(os1);
156 ASN1_OCTET_STRING_free(os2); 161 ASN1_OCTET_STRING_free(os2);
157 return(1); 162 return (1);
158 }
159err:
160 return(0);
161 } 163 }
164err:
165 return (0);
166}
162 167
163 168
164/* ####################################### 169/* #######################################
165 * THE OTHER WAY TO DO THINGS 170 * THE OTHER WAY TO DO THINGS
166 * ####################################### 171 * #######################################
167 */ 172 */
168X509_ATTRIBUTE *create_time(void) 173X509_ATTRIBUTE *
169 { 174create_time(void)
175{
170 ASN1_UTCTIME *sign_time; 176 ASN1_UTCTIME *sign_time;
171 X509_ATTRIBUTE *ret; 177 X509_ATTRIBUTE *ret;
172 178
173 /* The last parameter is the amount to add/subtract from the current 179 /* The last parameter is the amount to add/subtract from the current
174 * time (in seconds) */ 180 * time (in seconds) */
175 sign_time=X509_gmtime_adj(NULL,0); 181 sign_time = X509_gmtime_adj(NULL, 0);
176 ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime, 182 ret = X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
177 V_ASN1_UTCTIME,(char *)sign_time); 183 V_ASN1_UTCTIME, (char *)sign_time);
178 return(ret); 184 return (ret);
179 } 185}
180 186
181ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) 187ASN1_UTCTIME *
182 { 188sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
189{
183 ASN1_TYPE *so; 190 ASN1_TYPE *so;
184 PKCS7_SIGNER_INFO si; 191 PKCS7_SIGNER_INFO si;
185 192
186 si.auth_attr=sk; 193 si.auth_attr = sk;
187 so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime); 194 so = PKCS7_get_signed_attribute(&si, NID_pkcs9_signingTime);
188 if (so->type == V_ASN1_UTCTIME) 195 if (so->type == V_ASN1_UTCTIME)
189 return so->value.utctime; 196 return so->value.utctime;
190 return NULL; 197 return NULL;
191 } 198}
192 199
193X509_ATTRIBUTE *create_string(char *str) 200X509_ATTRIBUTE *
194 { 201create_string(char *str)
202{
195 ASN1_OCTET_STRING *os; 203 ASN1_OCTET_STRING *os;
196 X509_ATTRIBUTE *ret; 204 X509_ATTRIBUTE *ret;
197 205
198 /* To a an object of OID 1.2.3.4.5, which is an octet string */ 206 /* To a an object of OID 1.2.3.4.5, which is an octet string */
199 if (signed_string_nid == -1) 207 if (signed_string_nid == -1)
200 signed_string_nid= 208 signed_string_nid =
201 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 209 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
202 os=ASN1_OCTET_STRING_new(); 210 os = ASN1_OCTET_STRING_new();
203 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); 211 ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str));
204 /* When we add, we do not free */ 212 /* When we add, we do not free */
205 ret=X509_ATTRIBUTE_create(signed_string_nid, 213 ret = X509_ATTRIBUTE_create(signed_string_nid,
206 V_ASN1_OCTET_STRING,(char *)os); 214 V_ASN1_OCTET_STRING, (char *)os);
207 return(ret); 215 return (ret);
208 } 216}
209 217
210int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) 218int
211 { 219sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
220{
212 ASN1_TYPE *so; 221 ASN1_TYPE *so;
213 ASN1_OCTET_STRING *os; 222 ASN1_OCTET_STRING *os;
214 int i; 223 int i;
215 PKCS7_SIGNER_INFO si; 224 PKCS7_SIGNER_INFO si;
216 225
217 si.auth_attr=sk; 226 si.auth_attr = sk;
218 227
219 if (signed_string_nid == -1) 228 if (signed_string_nid == -1)
220 signed_string_nid= 229 signed_string_nid =
221 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 230 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
222 /* To retrieve */ 231 /* To retrieve */
223 so=PKCS7_get_signed_attribute(&si,signed_string_nid); 232 so = PKCS7_get_signed_attribute(&si, signed_string_nid);
224 if (so != NULL) 233 if (so != NULL) {
225 { 234 if (so->type == V_ASN1_OCTET_STRING) {
226 if (so->type == V_ASN1_OCTET_STRING) 235 os = so->value.octet_string;
227 { 236 i = os->length;
228 os=so->value.octet_string; 237 if ((i + 1) > len)
229 i=os->length; 238 i = len - 1;
230 if ((i+1) > len) 239 memcpy(buf, os->data, i);
231 i=len-1; 240 return (i);
232 memcpy(buf,os->data,i);
233 return(i);
234 }
235 } 241 }
236 return(0);
237 } 242 }
243 return (0);
244}
238 245
239X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) 246X509_ATTRIBUTE *
240 { 247add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
248{
241 /* To add an object of OID 1.9.999, which is a sequence containing 249 /* To add an object of OID 1.9.999, which is a sequence containing
242 * 2 octet strings */ 250 * 2 octet strings */
243 unsigned char *p; 251 unsigned char *p;
244 ASN1_OCTET_STRING *os1,*os2; 252 ASN1_OCTET_STRING *os1, *os2;
245 ASN1_STRING *seq; 253 ASN1_STRING *seq;
246 X509_ATTRIBUTE *ret; 254 X509_ATTRIBUTE *ret;
247 unsigned char *data; 255 unsigned char *data;
248 int i,total; 256 int i, total;
249 257
250 if (signed_seq2string_nid == -1) 258 if (signed_seq2string_nid == -1)
251 signed_seq2string_nid= 259 signed_seq2string_nid =
252 OBJ_create("1.9.9999","OID_example","Our example OID"); 260 OBJ_create("1.9.9999","OID_example","Our example OID");
253 261
254 os1=ASN1_OCTET_STRING_new(); 262 os1 = ASN1_OCTET_STRING_new();
255 os2=ASN1_OCTET_STRING_new(); 263 os2 = ASN1_OCTET_STRING_new();
256 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); 264 ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1));
257 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); 265 ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1));
258 i =i2d_ASN1_OCTET_STRING(os1,NULL); 266 i = i2d_ASN1_OCTET_STRING(os1, NULL);
259 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 267 i += i2d_ASN1_OCTET_STRING(os2, NULL);
260 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 268 total = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
261 269
262 data=malloc(total); 270 data = malloc(total);
263 p=data; 271 p = data;
264 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); 272 ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
265 i2d_ASN1_OCTET_STRING(os1,&p); 273 i2d_ASN1_OCTET_STRING(os1, &p);
266 i2d_ASN1_OCTET_STRING(os2,&p); 274 i2d_ASN1_OCTET_STRING(os2, &p);
267 275
268 seq=ASN1_STRING_new(); 276 seq = ASN1_STRING_new();
269 ASN1_STRING_set(seq,data,total); 277 ASN1_STRING_set(seq, data, total);
270 free(data); 278 free(data);
271 ASN1_OCTET_STRING_free(os1); 279 ASN1_OCTET_STRING_free(os1);
272 ASN1_OCTET_STRING_free(os2); 280 ASN1_OCTET_STRING_free(os2);
273 281
274 ret=X509_ATTRIBUTE_create(signed_seq2string_nid, 282 ret = X509_ATTRIBUTE_create(signed_seq2string_nid,
275 V_ASN1_SEQUENCE,(char *)seq); 283 V_ASN1_SEQUENCE, (char *)seq);
276 return(ret); 284 return (ret);
277 } 285}
278 286
279/* For this case, I will malloc the return strings */ 287/* For this case, I will malloc the return strings */
280int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) 288int
281 { 289sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
290{
282 ASN1_TYPE *so; 291 ASN1_TYPE *so;
283 PKCS7_SIGNER_INFO si; 292 PKCS7_SIGNER_INFO si;
284 293
285 if (signed_seq2string_nid == -1) 294 if (signed_seq2string_nid == -1)
286 signed_seq2string_nid= 295 signed_seq2string_nid =
287 OBJ_create("1.9.9999","OID_example","Our example OID"); 296 OBJ_create("1.9.9999","OID_example","Our example OID");
288 297
289 si.auth_attr=sk; 298 si.auth_attr = sk;
290 /* To retrieve */ 299 /* To retrieve */
291 so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); 300 so = PKCS7_get_signed_attribute(&si, signed_seq2string_nid);
292 if (so->type == V_ASN1_SEQUENCE) 301 if (so->type == V_ASN1_SEQUENCE) {
293 {
294 ASN1_const_CTX c; 302 ASN1_const_CTX c;
295 ASN1_STRING *s; 303 ASN1_STRING *s;
296 long length; 304 long length;
297 ASN1_OCTET_STRING *os1,*os2; 305 ASN1_OCTET_STRING *os1, *os2;
298 306
299 s=so->value.sequence; 307 s = so->value.sequence;
300 c.p=ASN1_STRING_data(s); 308 c.p = ASN1_STRING_data(s);
301 c.max=c.p+ASN1_STRING_length(s); 309 c.max = c.p + ASN1_STRING_length(s);
302 if (!asn1_GetSequence(&c,&length)) goto err; 310 if (!asn1_GetSequence(&c, &length))
311 goto err;
303 /* Length is the length of the seqence */ 312 /* Length is the length of the seqence */
304 313
305 c.q=c.p; 314 c.q = c.p;
306 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 315 if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
307 goto err; 316 goto err;
308 c.slen-=(c.p-c.q); 317 c.slen -= (c.p - c.q);
309 318
310 c.q=c.p; 319 c.q = c.p;
311 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 320 if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
312 goto err; 321 goto err;
313 c.slen-=(c.p-c.q); 322 c.slen -= (c.p - c.q);
314 323
315 if (!asn1_const_Finish(&c)) goto err; 324 if (!asn1_const_Finish(&c))
316 *str1=malloc(os1->length+1); 325 goto err;
317 *str2=malloc(os2->length+1); 326 *str1 = malloc(os1->length + 1);
318 memcpy(*str1,os1->data,os1->length); 327 *str2 = malloc(os2->length + 1);
319 memcpy(*str2,os2->data,os2->length); 328 memcpy(*str1, os1->data, os1->length);
329 memcpy(*str2, os2->data, os2->length);
320 (*str1)[os1->length]='\0'; 330 (*str1)[os1->length]='\0';
321 (*str2)[os2->length]='\0'; 331 (*str2)[os2->length]='\0';
322 ASN1_OCTET_STRING_free(os1); 332 ASN1_OCTET_STRING_free(os1);
323 ASN1_OCTET_STRING_free(os2); 333 ASN1_OCTET_STRING_free(os2);
324 return(1); 334 return (1);
325 }
326err:
327 return(0);
328 } 335 }
336err:
337 return (0);
338}
329 339
330 340
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
index e3a5b53d75..8be5447518 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_asn1.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_asn1.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -69,40 +69,45 @@
69ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); 69ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
70 70
71ASN1_ADB(PKCS7) = { 71ASN1_ADB(PKCS7) = {
72 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), 72 ADB_ENTRY(NID_pkcs7_data,
73 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), 73 ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
74 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), 74 ADB_ENTRY(NID_pkcs7_signed,
75 ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), 75 ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
76 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), 76 ADB_ENTRY(NID_pkcs7_enveloped,
77 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) 77 ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
78 ADB_ENTRY(NID_pkcs7_signedAndEnveloped,
79 ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped,
80 PKCS7_SIGN_ENVELOPE, 0)),
81 ADB_ENTRY(NID_pkcs7_digest,
82 ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
83 ADB_ENTRY(NID_pkcs7_encrypted,
84 ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
78} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); 85} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
79 86
80/* PKCS#7 streaming support */ 87/* PKCS#7 streaming support */
81static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 88static int
82 void *exarg) 89pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
83{ 90{
84 ASN1_STREAM_ARG *sarg = exarg; 91 ASN1_STREAM_ARG *sarg = exarg;
85 PKCS7 **pp7 = (PKCS7 **)pval; 92 PKCS7 **pp7 = (PKCS7 **)pval;
86 93
87 switch(operation) 94 switch (operation) {
88 { 95 case ASN1_OP_STREAM_PRE:
89
90 case ASN1_OP_STREAM_PRE:
91 if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) 96 if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
92 return 0; 97 return 0;
93 case ASN1_OP_DETACHED_PRE: 98
99 case ASN1_OP_DETACHED_PRE:
94 sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); 100 sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
95 if (!sarg->ndef_bio) 101 if (!sarg->ndef_bio)
96 return 0; 102 return 0;
97 break; 103 break;
98 104
99 case ASN1_OP_STREAM_POST: 105 case ASN1_OP_STREAM_POST:
100 case ASN1_OP_DETACHED_POST: 106 case ASN1_OP_DETACHED_POST:
101 if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) 107 if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
102 return 0; 108 return 0;
103 break; 109 break;
104 110 }
105 }
106 return 1; 111 return 1;
107} 112}
108 113
@@ -127,10 +132,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
127IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) 132IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
128 133
129/* Minor tweak to operation: free up EVP_PKEY */ 134/* Minor tweak to operation: free up EVP_PKEY */
130static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 135static int
131 void *exarg) 136si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
132{ 137{
133 if(operation == ASN1_OP_FREE_POST) { 138 if (operation == ASN1_OP_FREE_POST) {
134 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; 139 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
135 EVP_PKEY_free(si->pkey); 140 EVP_PKEY_free(si->pkey);
136 } 141 }
@@ -139,14 +144,16 @@ static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
139 144
140ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { 145ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
141 ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), 146 ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
142 ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), 147 ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial,
148 PKCS7_ISSUER_AND_SERIAL),
143 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), 149 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
144 /* NB this should be a SET OF but we use a SEQUENCE OF so the 150 /* NB this should be a SET OF but we use a SEQUENCE OF so the
145 * original order * is retained when the structure is reencoded. 151 * original order * is retained when the structure is reencoded.
146 * Since the attributes are implicitly tagged this will not affect 152 * Since the attributes are implicitly tagged this will not affect
147 * the encoding. 153 * the encoding.
148 */ 154 */
149 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), 155 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr,
156 X509_ATTRIBUTE, 0),
150 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), 157 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
151 ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), 158 ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
152 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) 159 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
@@ -170,10 +177,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
170IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) 177IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
171 178
172/* Minor tweak to operation: free up X509 */ 179/* Minor tweak to operation: free up X509 */
173static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 180static int
174 void *exarg) 181ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
175{ 182{
176 if(operation == ASN1_OP_FREE_POST) { 183 if (operation == ASN1_OP_FREE_POST) {
177 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; 184 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
178 X509_free(ri->cert); 185 X509_free(ri->cert);
179 } 186 }
@@ -182,7 +189,8 @@ static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
182 189
183ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { 190ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
184 ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), 191 ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
185 ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), 192 ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial,
193 PKCS7_ISSUER_AND_SERIAL),
186 ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), 194 ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
187 ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) 195 ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
188} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) 196} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
@@ -231,17 +239,18 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
231 * encoding. 239 * encoding.
232 */ 240 */
233 241
234ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 242ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
235 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) 243 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES,
244 X509_ATTRIBUTE)
236ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) 245ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
237 246
238/* When verifying attributes we need to use the received order. So 247/* When verifying attributes we need to use the received order. So
239 * we use SEQUENCE OF and tag it to SET OF 248 * we use SEQUENCE OF and tag it to SET OF
240 */ 249 */
241 250
242ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 251ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
243 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 252 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG |
244 V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) 253 ASN1_TFLG_UNIVERSAL, V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
245ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) 254ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
246 255
247IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) 256IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
index f4c2fadac9..2f4d5089f5 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_attr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_attr.c,v 1.8 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_attr.c,v 1.9 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001. 3 * project 2001.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -66,21 +66,24 @@
66#include <openssl/x509.h> 66#include <openssl/x509.h>
67#include <openssl/err.h> 67#include <openssl/err.h>
68 68
69int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) 69int
70PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
70{ 71{
71 ASN1_STRING *seq; 72 ASN1_STRING *seq;
72 if(!(seq = ASN1_STRING_new())) { 73 if (!(seq = ASN1_STRING_new())) {
73 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); 74 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,
75 ERR_R_MALLOC_FAILURE);
74 return 0; 76 return 0;
75 } 77 }
76 seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data, 78 seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
77 ASN1_ITEM_rptr(X509_ALGORS)); 79 ASN1_ITEM_rptr(X509_ALGORS));
78 return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, 80 return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
79 V_ASN1_SEQUENCE, seq); 81 V_ASN1_SEQUENCE, seq);
80} 82}
81 83
82STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) 84STACK_OF(X509_ALGOR) *
83 { 85PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
86{
84 ASN1_TYPE *cap; 87 ASN1_TYPE *cap;
85 const unsigned char *p; 88 const unsigned char *p;
86 89
@@ -89,33 +92,37 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
89 return NULL; 92 return NULL;
90 p = cap->value.sequence->data; 93 p = cap->value.sequence->data;
91 return (STACK_OF(X509_ALGOR) *) 94 return (STACK_OF(X509_ALGOR) *)
92 ASN1_item_d2i(NULL, &p, cap->value.sequence->length, 95 ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
93 ASN1_ITEM_rptr(X509_ALGORS)); 96 ASN1_ITEM_rptr(X509_ALGORS));
94 } 97}
95 98
96/* Basic smime-capabilities OID and optional integer arg */ 99/* Basic smime-capabilities OID and optional integer arg */
97int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) 100int
101PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
98{ 102{
99 X509_ALGOR *alg; 103 X509_ALGOR *alg;
100 104
101 if(!(alg = X509_ALGOR_new())) { 105 if (!(alg = X509_ALGOR_new())) {
102 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 106 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
103 return 0; 107 return 0;
104 } 108 }
105 ASN1_OBJECT_free(alg->algorithm); 109 ASN1_OBJECT_free(alg->algorithm);
106 alg->algorithm = OBJ_nid2obj (nid); 110 alg->algorithm = OBJ_nid2obj (nid);
107 if (arg > 0) { 111 if (arg > 0) {
108 ASN1_INTEGER *nbit; 112 ASN1_INTEGER *nbit;
109 if(!(alg->parameter = ASN1_TYPE_new())) { 113 if (!(alg->parameter = ASN1_TYPE_new())) {
110 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 114 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
115 ERR_R_MALLOC_FAILURE);
111 return 0; 116 return 0;
112 } 117 }
113 if(!(nbit = ASN1_INTEGER_new())) { 118 if (!(nbit = ASN1_INTEGER_new())) {
114 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 119 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
120 ERR_R_MALLOC_FAILURE);
115 return 0; 121 return 0;
116 } 122 }
117 if(!ASN1_INTEGER_set (nbit, arg)) { 123 if (!ASN1_INTEGER_set (nbit, arg)) {
118 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); 124 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,
125 ERR_R_MALLOC_FAILURE);
119 return 0; 126 return 0;
120 } 127 }
121 alg->parameter->value.integer = nbit; 128 alg->parameter->value.integer = nbit;
@@ -125,41 +132,43 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
125 return 1; 132 return 1;
126} 133}
127 134
128int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) 135int
129 { 136PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
137{
130 if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) 138 if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
131 return 0; 139 return 0;
132 if (!coid) 140 if (!coid)
133 coid = OBJ_nid2obj(NID_pkcs7_data); 141 coid = OBJ_nid2obj(NID_pkcs7_data);
134 return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, 142 return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
135 V_ASN1_OBJECT, coid); 143 V_ASN1_OBJECT, coid);
136 } 144}
137 145
138int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) 146int
139 { 147PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
140 if (!t && !(t=X509_gmtime_adj(NULL,0))) 148{
141 { 149 if (!t && !(t = X509_gmtime_adj(NULL, 0))) {
142 PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 150 PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
143 ERR_R_MALLOC_FAILURE); 151 ERR_R_MALLOC_FAILURE);
144 return 0; 152 return 0;
145 }
146 return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
147 V_ASN1_UTCTIME, t);
148 } 153 }
154 return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
155 V_ASN1_UTCTIME, t);
156}
149 157
150int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, 158int
151 const unsigned char *md, int mdlen) 159PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, const unsigned char *md,
152 { 160 int mdlen)
161{
153 ASN1_OCTET_STRING *os; 162 ASN1_OCTET_STRING *os;
163
154 os = ASN1_OCTET_STRING_new(); 164 os = ASN1_OCTET_STRING_new();
155 if (!os) 165 if (!os)
156 return 0; 166 return 0;
157 if (!ASN1_STRING_set(os, md, mdlen) 167 if (!ASN1_STRING_set(os, md, mdlen) ||
158 || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, 168 !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
159 V_ASN1_OCTET_STRING, os)) 169 V_ASN1_OCTET_STRING, os)) {
160 {
161 ASN1_OCTET_STRING_free(os); 170 ASN1_OCTET_STRING_free(os);
162 return 0; 171 return 0;
163 }
164 return 1;
165 } 172 }
173 return 1;
174}
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c b/src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
index 13578443bc..225dc2fd97 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_dgst.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_dgst.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_dgst.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index 5d85f6e124..46f9c2b8c6 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_doit.c,v 1.22 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_doit.c,v 1.23 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,82 +65,82 @@
65#include <openssl/err.h> 65#include <openssl/err.h>
66 66
67static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 67static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
68 void *value); 68 void *value);
69static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); 69static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
70 70
71static int PKCS7_type_is_other(PKCS7* p7) 71static int
72 { 72PKCS7_type_is_other(PKCS7* p7)
73 int isOther=1; 73{
74 74 int isOther = 1;
75 int nid=OBJ_obj2nid(p7->type); 75
76 int nid = OBJ_obj2nid(p7->type);
76 77
77 switch( nid ) 78 switch (nid ) {
78 {
79 case NID_pkcs7_data: 79 case NID_pkcs7_data:
80 case NID_pkcs7_signed: 80 case NID_pkcs7_signed:
81 case NID_pkcs7_enveloped: 81 case NID_pkcs7_enveloped:
82 case NID_pkcs7_signedAndEnveloped: 82 case NID_pkcs7_signedAndEnveloped:
83 case NID_pkcs7_digest: 83 case NID_pkcs7_digest:
84 case NID_pkcs7_encrypted: 84 case NID_pkcs7_encrypted:
85 isOther=0; 85 isOther = 0;
86 break; 86 break;
87 default: 87 default:
88 isOther=1; 88 isOther = 1;
89 } 89 }
90 90
91 return isOther; 91 return isOther;
92 92
93 } 93}
94 94
95static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) 95static ASN1_OCTET_STRING *
96 { 96PKCS7_get_octet_string(PKCS7 *p7)
97 if ( PKCS7_type_is_data(p7)) 97{
98 if (PKCS7_type_is_data(p7))
98 return p7->d.data; 99 return p7->d.data;
99 if ( PKCS7_type_is_other(p7) && p7->d.other 100 if (PKCS7_type_is_other(p7) && p7->d.other &&
100 && (p7->d.other->type == V_ASN1_OCTET_STRING)) 101 (p7->d.other->type == V_ASN1_OCTET_STRING))
101 return p7->d.other->value.octet_string; 102 return p7->d.other->value.octet_string;
102 return NULL; 103 return NULL;
103 } 104}
104 105
105static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) 106static int
106 { 107PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
108{
107 BIO *btmp; 109 BIO *btmp;
108 const EVP_MD *md; 110 const EVP_MD *md;
109 if ((btmp=BIO_new(BIO_f_md())) == NULL) 111 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
110 { 112 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
111 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
112 goto err; 113 goto err;
113 } 114 }
114 115
115 md=EVP_get_digestbyobj(alg->algorithm); 116 md = EVP_get_digestbyobj(alg->algorithm);
116 if (md == NULL) 117 if (md == NULL) {
117 { 118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,
118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); 119 PKCS7_R_UNKNOWN_DIGEST_TYPE);
119 goto err; 120 goto err;
120 } 121 }
121 122
122 BIO_set_md(btmp,md); 123 BIO_set_md(btmp, md);
123 if (*pbio == NULL) 124 if (*pbio == NULL)
124 *pbio=btmp; 125 *pbio = btmp;
125 else if (!BIO_push(*pbio,btmp)) 126 else if (!BIO_push(*pbio, btmp)) {
126 { 127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
128 goto err; 128 goto err;
129 } 129 }
130 btmp=NULL; 130 btmp = NULL;
131 131
132 return 1; 132 return 1;
133 133
134 err: 134err:
135 if (btmp) 135 if (btmp)
136 BIO_free(btmp); 136 BIO_free(btmp);
137 return 0; 137 return 0;
138 138
139 } 139}
140 140
141static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, 141static int
142 unsigned char *key, int keylen) 142pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
143 { 143{
144 EVP_PKEY_CTX *pctx = NULL; 144 EVP_PKEY_CTX *pctx = NULL;
145 EVP_PKEY *pkey = NULL; 145 EVP_PKEY *pkey = NULL;
146 unsigned char *ek = NULL; 146 unsigned char *ek = NULL;
@@ -148,7 +148,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
148 size_t eklen; 148 size_t eklen;
149 149
150 pkey = X509_get_pubkey(ri->cert); 150 pkey = X509_get_pubkey(ri->cert);
151
152 if (!pkey) 151 if (!pkey)
153 return 0; 152 return 0;
154 153
@@ -160,22 +159,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
160 goto err; 159 goto err;
161 160
162 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 161 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
163 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) 162 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
164 {
165 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); 163 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
166 goto err; 164 goto err;
167 } 165 }
168 166
169 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) 167 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
170 goto err; 168 goto err;
171 169
172 ek = malloc(eklen); 170 ek = malloc(eklen);
173 171
174 if (ek == NULL) 172 if (ek == NULL) {
175 {
176 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); 173 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
177 goto err; 174 goto err;
178 } 175 }
179 176
180 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) 177 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
181 goto err; 178 goto err;
@@ -185,20 +182,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
185 182
186 ret = 1; 183 ret = 1;
187 184
188 err: 185err:
189 if (pkey) 186 if (pkey)
190 EVP_PKEY_free(pkey); 187 EVP_PKEY_free(pkey);
191 if (pctx) 188 if (pctx)
192 EVP_PKEY_CTX_free(pctx); 189 EVP_PKEY_CTX_free(pctx);
193 free(ek); 190 free(ek);
194 return ret; 191 return ret;
195 192}
196 }
197 193
198 194
199static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, 195static int
200 PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) 196pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
201 { 197 EVP_PKEY *pkey)
198{
202 EVP_PKEY_CTX *pctx = NULL; 199 EVP_PKEY_CTX *pctx = NULL;
203 unsigned char *ek = NULL; 200 unsigned char *ek = NULL;
204 size_t eklen; 201 size_t eklen;
@@ -213,95 +210,88 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
213 goto err; 210 goto err;
214 211
215 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 212 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
216 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) 213 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
217 {
218 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); 214 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
219 goto err; 215 goto err;
220 } 216 }
221 217
222 if (EVP_PKEY_decrypt(pctx, NULL, &eklen, 218 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
223 ri->enc_key->data, ri->enc_key->length) <= 0) 219 ri->enc_key->data, ri->enc_key->length) <= 0)
224 goto err; 220 goto err;
225 221
226 ek = malloc(eklen); 222 ek = malloc(eklen);
227 223 if (ek == NULL) {
228 if (ek == NULL)
229 {
230 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); 224 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
231 goto err; 225 goto err;
232 } 226 }
233 227
234 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 228 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
235 ri->enc_key->data, ri->enc_key->length) <= 0) 229 ri->enc_key->data, ri->enc_key->length) <= 0) {
236 {
237 ret = 0; 230 ret = 0;
238 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); 231 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
239 goto err; 232 goto err;
240 } 233 }
241 234
242 ret = 1; 235 ret = 1;
243 236
244 if (*pek) 237 if (*pek) {
245 {
246 OPENSSL_cleanse(*pek, *peklen); 238 OPENSSL_cleanse(*pek, *peklen);
247 free(*pek); 239 free(*pek);
248 } 240 }
249 241
250 *pek = ek; 242 *pek = ek;
251 *peklen = eklen; 243 *peklen = eklen;
252 244
253 err: 245err:
254 if (pctx) 246 if (pctx)
255 EVP_PKEY_CTX_free(pctx); 247 EVP_PKEY_CTX_free(pctx);
256 if (!ret && ek) 248 if (!ret && ek)
257 free(ek); 249 free(ek);
258 250
259 return ret; 251 return ret;
260 } 252}
261 253
262BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 254BIO *
263 { 255PKCS7_dataInit(PKCS7 *p7, BIO *bio)
256{
264 int i; 257 int i;
265 BIO *out=NULL,*btmp=NULL; 258 BIO *out = NULL, *btmp = NULL;
266 X509_ALGOR *xa = NULL; 259 X509_ALGOR *xa = NULL;
267 const EVP_CIPHER *evp_cipher=NULL; 260 const EVP_CIPHER *evp_cipher = NULL;
268 STACK_OF(X509_ALGOR) *md_sk=NULL; 261 STACK_OF(X509_ALGOR) *md_sk = NULL;
269 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 262 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
270 X509_ALGOR *xalg=NULL; 263 X509_ALGOR *xalg = NULL;
271 PKCS7_RECIP_INFO *ri=NULL; 264 PKCS7_RECIP_INFO *ri = NULL;
272 ASN1_OCTET_STRING *os=NULL; 265 ASN1_OCTET_STRING *os = NULL;
273 266
274 i=OBJ_obj2nid(p7->type); 267 i = OBJ_obj2nid(p7->type);
275 p7->state=PKCS7_S_HEADER; 268 p7->state = PKCS7_S_HEADER;
276 269
277 switch (i) 270 switch (i) {
278 {
279 case NID_pkcs7_signed: 271 case NID_pkcs7_signed:
280 md_sk=p7->d.sign->md_algs; 272 md_sk = p7->d.sign->md_algs;
281 os = PKCS7_get_octet_string(p7->d.sign->contents); 273 os = PKCS7_get_octet_string(p7->d.sign->contents);
282 break; 274 break;
283 case NID_pkcs7_signedAndEnveloped: 275 case NID_pkcs7_signedAndEnveloped:
284 rsk=p7->d.signed_and_enveloped->recipientinfo; 276 rsk = p7->d.signed_and_enveloped->recipientinfo;
285 md_sk=p7->d.signed_and_enveloped->md_algs; 277 md_sk = p7->d.signed_and_enveloped->md_algs;
286 xalg=p7->d.signed_and_enveloped->enc_data->algorithm; 278 xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
287 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; 279 evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
288 if (evp_cipher == NULL) 280 if (evp_cipher == NULL) {
289 {
290 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 281 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
291 PKCS7_R_CIPHER_NOT_INITIALIZED); 282 PKCS7_R_CIPHER_NOT_INITIALIZED);
292 goto err; 283 goto err;
293 } 284 }
294 break; 285 break;
295 case NID_pkcs7_enveloped: 286 case NID_pkcs7_enveloped:
296 rsk=p7->d.enveloped->recipientinfo; 287 rsk = p7->d.enveloped->recipientinfo;
297 xalg=p7->d.enveloped->enc_data->algorithm; 288 xalg = p7->d.enveloped->enc_data->algorithm;
298 evp_cipher=p7->d.enveloped->enc_data->cipher; 289 evp_cipher = p7->d.enveloped->enc_data->cipher;
299 if (evp_cipher == NULL) 290 if (evp_cipher == NULL) {
300 {
301 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 291 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
302 PKCS7_R_CIPHER_NOT_INITIALIZED); 292 PKCS7_R_CIPHER_NOT_INITIALIZED);
303 goto err; 293 goto err;
304 } 294 }
305 break; 295 break;
306 case NID_pkcs7_digest: 296 case NID_pkcs7_digest:
307 xa = p7->d.digest->md; 297 xa = p7->d.digest->md;
@@ -310,37 +300,37 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
310 case NID_pkcs7_data: 300 case NID_pkcs7_data:
311 break; 301 break;
312 default: 302 default:
313 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 303 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
314 goto err; 304 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
315 } 305 goto err;
306 }
316 307
317 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 308 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
318 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) 309 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
319 goto err; 310 goto err;
320 311
321 if (xa && !PKCS7_bio_add_digest(&out, xa)) 312 if (xa && !PKCS7_bio_add_digest(&out, xa))
322 goto err; 313 goto err;
323 314
324 if (evp_cipher != NULL) 315 if (evp_cipher != NULL) {
325 {
326 unsigned char key[EVP_MAX_KEY_LENGTH]; 316 unsigned char key[EVP_MAX_KEY_LENGTH];
327 unsigned char iv[EVP_MAX_IV_LENGTH]; 317 unsigned char iv[EVP_MAX_IV_LENGTH];
328 int keylen,ivlen; 318 int keylen, ivlen;
329 EVP_CIPHER_CTX *ctx; 319 EVP_CIPHER_CTX *ctx;
330 320
331 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 321 if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
332 { 322 PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
333 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
334 goto err; 323 goto err;
335 } 324 }
336 BIO_get_cipher_ctx(btmp, &ctx); 325 BIO_get_cipher_ctx(btmp, &ctx);
337 keylen=EVP_CIPHER_key_length(evp_cipher); 326 keylen = EVP_CIPHER_key_length(evp_cipher);
338 ivlen=EVP_CIPHER_iv_length(evp_cipher); 327 ivlen = EVP_CIPHER_iv_length(evp_cipher);
339 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 328 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
340 if (ivlen > 0) 329 if (ivlen > 0)
341 if (RAND_pseudo_bytes(iv,ivlen) <= 0) 330 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
342 goto err; 331 goto err;
343 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) 332 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL,
333 NULL, 1) <= 0)
344 goto err; 334 goto err;
345 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) 335 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
346 goto err; 336 goto err;
@@ -353,167 +343,162 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
353 if (xalg->parameter == NULL) 343 if (xalg->parameter == NULL)
354 goto err; 344 goto err;
355 } 345 }
356 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 346 if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
357 goto err; 347 goto err;
358 } 348 }
359 349
360 /* Lets do the pub key stuff :-) */ 350 /* Lets do the pub key stuff :-) */
361 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 351 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
362 { 352 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
363 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
364 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) 353 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
365 goto err; 354 goto err;
366 } 355 }
367 OPENSSL_cleanse(key, keylen); 356 OPENSSL_cleanse(key, keylen);
368 357
369 if (out == NULL) 358 if (out == NULL)
370 out=btmp; 359 out = btmp;
371 else 360 else
372 BIO_push(out,btmp); 361 BIO_push(out, btmp);
373 btmp=NULL; 362 btmp = NULL;
374 } 363 }
375 364
376 if (bio == NULL) 365 if (bio == NULL) {
377 {
378 if (PKCS7_is_detached(p7)) 366 if (PKCS7_is_detached(p7))
379 bio=BIO_new(BIO_s_null()); 367 bio = BIO_new(BIO_s_null());
380 else if (os && os->length > 0) 368 else if (os && os->length > 0)
381 bio = BIO_new_mem_buf(os->data, os->length); 369 bio = BIO_new_mem_buf(os->data, os->length);
382 if(bio == NULL) 370 if (bio == NULL) {
383 { 371 bio = BIO_new(BIO_s_mem());
384 bio=BIO_new(BIO_s_mem());
385 if (bio == NULL) 372 if (bio == NULL)
386 goto err; 373 goto err;
387 BIO_set_mem_eof_return(bio,0); 374 BIO_set_mem_eof_return(bio, 0);
388 }
389 } 375 }
376 }
390 if (out) 377 if (out)
391 BIO_push(out,bio); 378 BIO_push(out, bio);
392 else 379 else
393 out = bio; 380 out = bio;
394 bio=NULL; 381 bio = NULL;
395 if (0) 382 if (0) {
396 {
397err: 383err:
398 if (out != NULL) 384 if (out != NULL)
399 BIO_free_all(out); 385 BIO_free_all(out);
400 if (btmp != NULL) 386 if (btmp != NULL)
401 BIO_free_all(btmp); 387 BIO_free_all(btmp);
402 out=NULL; 388 out = NULL;
403 }
404 return(out);
405 } 389 }
390 return (out);
391}
406 392
407static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) 393static int
408 { 394pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
395{
409 int ret; 396 int ret;
397
410 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, 398 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
411 pcert->cert_info->issuer); 399 pcert->cert_info->issuer);
412 if (ret) 400 if (ret)
413 return ret; 401 return ret;
414 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, 402 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
415 ri->issuer_and_serial->serial); 403 ri->issuer_and_serial->serial);
416 } 404}
417 405
418/* int */ 406/* int */
419BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 407BIO *
420 { 408PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
421 int i,j; 409{
422 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; 410 int i, j;
411 BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
423 X509_ALGOR *xa; 412 X509_ALGOR *xa;
424 ASN1_OCTET_STRING *data_body=NULL; 413 ASN1_OCTET_STRING *data_body = NULL;
425 const EVP_MD *evp_md; 414 const EVP_MD *evp_md;
426 const EVP_CIPHER *evp_cipher=NULL; 415 const EVP_CIPHER *evp_cipher = NULL;
427 EVP_CIPHER_CTX *evp_ctx=NULL; 416 EVP_CIPHER_CTX *evp_ctx = NULL;
428 X509_ALGOR *enc_alg=NULL; 417 X509_ALGOR *enc_alg = NULL;
429 STACK_OF(X509_ALGOR) *md_sk=NULL; 418 STACK_OF(X509_ALGOR) *md_sk = NULL;
430 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 419 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
431 PKCS7_RECIP_INFO *ri=NULL; 420 PKCS7_RECIP_INFO *ri = NULL;
432 unsigned char *ek = NULL, *tkey = NULL; 421 unsigned char *ek = NULL, *tkey = NULL;
433 int eklen = 0, tkeylen = 0; 422 int eklen = 0, tkeylen = 0;
434 423
435 i=OBJ_obj2nid(p7->type); 424 i = OBJ_obj2nid(p7->type);
436 p7->state=PKCS7_S_HEADER; 425 p7->state = PKCS7_S_HEADER;
437 426
438 switch (i) 427 switch (i) {
439 {
440 case NID_pkcs7_signed: 428 case NID_pkcs7_signed:
441 data_body=PKCS7_get_octet_string(p7->d.sign->contents); 429 data_body = PKCS7_get_octet_string(p7->d.sign->contents);
442 md_sk=p7->d.sign->md_algs; 430 md_sk = p7->d.sign->md_algs;
443 break; 431 break;
444 case NID_pkcs7_signedAndEnveloped: 432 case NID_pkcs7_signedAndEnveloped:
445 rsk=p7->d.signed_and_enveloped->recipientinfo; 433 rsk = p7->d.signed_and_enveloped->recipientinfo;
446 md_sk=p7->d.signed_and_enveloped->md_algs; 434 md_sk = p7->d.signed_and_enveloped->md_algs;
447 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 435 data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
448 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 436 enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
449 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 437 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
450 if (evp_cipher == NULL) 438 if (evp_cipher == NULL) {
451 { 439 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
452 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 440 PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
453 goto err; 441 goto err;
454 } 442 }
455 break; 443 break;
456 case NID_pkcs7_enveloped: 444 case NID_pkcs7_enveloped:
457 rsk=p7->d.enveloped->recipientinfo; 445 rsk = p7->d.enveloped->recipientinfo;
458 enc_alg=p7->d.enveloped->enc_data->algorithm; 446 enc_alg = p7->d.enveloped->enc_data->algorithm;
459 data_body=p7->d.enveloped->enc_data->enc_data; 447 data_body = p7->d.enveloped->enc_data->enc_data;
460 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 448 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
461 if (evp_cipher == NULL) 449 if (evp_cipher == NULL) {
462 { 450 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
463 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 451 PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
464 goto err; 452 goto err;
465 } 453 }
466 break; 454 break;
467 default: 455 default:
468 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 456 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
469 goto err; 457 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
470 } 458 goto err;
459 }
471 460
472 /* We will be checking the signature */ 461 /* We will be checking the signature */
473 if (md_sk != NULL) 462 if (md_sk != NULL) {
474 { 463 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
475 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 464 xa = sk_X509_ALGOR_value(md_sk, i);
476 { 465 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
477 xa=sk_X509_ALGOR_value(md_sk,i); 466 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
478 if ((btmp=BIO_new(BIO_f_md())) == NULL) 467 ERR_R_BIO_LIB);
479 {
480 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
481 goto err; 468 goto err;
482 } 469 }
483 470
484 j=OBJ_obj2nid(xa->algorithm); 471 j = OBJ_obj2nid(xa->algorithm);
485 evp_md=EVP_get_digestbynid(j); 472 evp_md = EVP_get_digestbynid(j);
486 if (evp_md == NULL) 473 if (evp_md == NULL) {
487 { 474 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
488 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 475 PKCS7_R_UNKNOWN_DIGEST_TYPE);
489 goto err; 476 goto err;
490 } 477 }
491 478
492 BIO_set_md(btmp,evp_md); 479 BIO_set_md(btmp, evp_md);
493 if (out == NULL) 480 if (out == NULL)
494 out=btmp; 481 out = btmp;
495 else 482 else
496 BIO_push(out,btmp); 483 BIO_push(out, btmp);
497 btmp=NULL; 484 btmp = NULL;
498 }
499 } 485 }
486 }
500 487
501 if (evp_cipher != NULL) 488 if (evp_cipher != NULL) {
502 {
503#if 0 489#if 0
504 unsigned char key[EVP_MAX_KEY_LENGTH]; 490 unsigned char key[EVP_MAX_KEY_LENGTH];
505 unsigned char iv[EVP_MAX_IV_LENGTH]; 491 unsigned char iv[EVP_MAX_IV_LENGTH];
506 unsigned char *p; 492 unsigned char *p;
507 int keylen,ivlen; 493 int keylen, ivlen;
508 int max; 494 int max;
509 X509_OBJECT ret; 495 X509_OBJECT ret;
510#endif 496#endif
511 497
512 if ((etmp=BIO_new(BIO_f_cipher())) == NULL) 498 if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
513 { 499 PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
514 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
515 goto err; 500 goto err;
516 } 501 }
517 502
518 /* It was encrypted, we need to decrypt the secret key 503 /* It was encrypted, we need to decrypt the secret key
519 * with the private key */ 504 * with the private key */
@@ -521,54 +506,47 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
521 /* Find the recipientInfo which matches the passed certificate 506 /* Find the recipientInfo which matches the passed certificate
522 * (if any) 507 * (if any)
523 */ 508 */
524 509 if (pcert) {
525 if (pcert) 510 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
526 { 511 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
527 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
528 {
529 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
530 if (!pkcs7_cmp_ri(ri, pcert)) 512 if (!pkcs7_cmp_ri(ri, pcert))
531 break; 513 break;
532 ri=NULL; 514 ri = NULL;
533 } 515 }
534 if (ri == NULL) 516 if (ri == NULL) {
535 {
536 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 517 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
537 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 518 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
538 goto err; 519 goto err;
539 }
540 } 520 }
521 }
541 522
542 /* If we haven't got a certificate try each ri in turn */ 523 /* If we haven't got a certificate try each ri in turn */
543 if (pcert == NULL) 524 if (pcert == NULL) {
544 {
545 /* Always attempt to decrypt all rinfo even 525 /* Always attempt to decrypt all rinfo even
546 * after sucess as a defence against MMA timing 526 * after sucess as a defence against MMA timing
547 * attacks. 527 * attacks.
548 */ 528 */
549 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 529 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
550 { 530 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
551 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 531
552
553 if (pkcs7_decrypt_rinfo(&ek, &eklen, 532 if (pkcs7_decrypt_rinfo(&ek, &eklen,
554 ri, pkey) < 0) 533 ri, pkey) < 0)
555 goto err; 534 goto err;
556 ERR_clear_error(); 535 ERR_clear_error();
557 }
558 } 536 }
559 else 537 } else {
560 {
561 /* Only exit on fatal errors, not decrypt failure */ 538 /* Only exit on fatal errors, not decrypt failure */
562 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) 539 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
563 goto err; 540 goto err;
564 ERR_clear_error(); 541 ERR_clear_error();
565 } 542 }
566 543
567 evp_ctx=NULL; 544 evp_ctx = NULL;
568 BIO_get_cipher_ctx(etmp,&evp_ctx); 545 BIO_get_cipher_ctx(etmp, &evp_ctx);
569 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) 546 if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL,
547 NULL, 0) <= 0)
570 goto err; 548 goto err;
571 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 549 if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
572 goto err; 550 goto err;
573 /* Generate random key as MMA defence */ 551 /* Generate random key as MMA defence */
574 tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); 552 tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
@@ -577,257 +555,245 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
577 goto err; 555 goto err;
578 if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) 556 if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
579 goto err; 557 goto err;
580 if (ek == NULL) 558 if (ek == NULL) {
581 {
582 ek = tkey; 559 ek = tkey;
583 eklen = tkeylen; 560 eklen = tkeylen;
584 tkey = NULL; 561 tkey = NULL;
585 } 562 }
586 563
587 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { 564 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
588 /* Some S/MIME clients don't use the same key 565 /* Some S/MIME clients don't use the same key
589 * and effective key length. The key length is 566 * and effective key length. The key length is
590 * determined by the size of the decrypted RSA key. 567 * determined by the size of the decrypted RSA key.
591 */ 568 */
592 if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) 569 if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
593 {
594 /* Use random key as MMA defence */ 570 /* Use random key as MMA defence */
595 OPENSSL_cleanse(ek, eklen); 571 OPENSSL_cleanse(ek, eklen);
596 free(ek); 572 free(ek);
597 ek = tkey; 573 ek = tkey;
598 eklen = tkeylen; 574 eklen = tkeylen;
599 tkey = NULL; 575 tkey = NULL;
600 } 576 }
601 } 577 }
602 /* Clear errors so we don't leak information useful in MMA */ 578 /* Clear errors so we don't leak information useful in MMA */
603 ERR_clear_error(); 579 ERR_clear_error();
604 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) 580 if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
605 goto err; 581 goto err;
606 582
607 if (ek) 583 if (ek) {
608 { 584 OPENSSL_cleanse(ek, eklen);
609 OPENSSL_cleanse(ek,eklen);
610 free(ek); 585 free(ek);
611 ek = NULL; 586 ek = NULL;
612 } 587 }
613 if (tkey) 588 if (tkey) {
614 { 589 OPENSSL_cleanse(tkey, tkeylen);
615 OPENSSL_cleanse(tkey,tkeylen);
616 free(tkey); 590 free(tkey);
617 tkey = NULL; 591 tkey = NULL;
618 } 592 }
619 593
620 if (out == NULL) 594 if (out == NULL)
621 out=etmp; 595 out = etmp;
622 else 596 else
623 BIO_push(out,etmp); 597 BIO_push(out, etmp);
624 etmp=NULL; 598 etmp = NULL;
625 } 599 }
626 600
627#if 1 601#if 1
628 if (PKCS7_is_detached(p7) || (in_bio != NULL)) 602 if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
629 { 603 bio = in_bio;
630 bio=in_bio; 604 } else {
631 }
632 else
633 {
634#if 0 605#if 0
635 bio=BIO_new(BIO_s_mem()); 606 bio = BIO_new(BIO_s_mem());
636 /* We need to set this so that when we have read all 607 /* We need to set this so that when we have read all
637 * the data, the encrypt BIO, if present, will read 608 * the data, the encrypt BIO, if present, will read
638 * EOF and encode the last few bytes */ 609 * EOF and encode the last few bytes */
639 BIO_set_mem_eof_return(bio,0); 610 BIO_set_mem_eof_return(bio, 0);
640 611
641 if (data_body != NULL && data_body->length > 0) 612 if (data_body != NULL && data_body->length > 0)
642 BIO_write(bio,(char *)data_body->data,data_body->length); 613 BIO_write(bio, (char *)data_body->data, data_body->length);
643#else 614#else
644 if (data_body != NULL && data_body->length > 0) 615 if (data_body != NULL && data_body->length > 0)
645 bio = BIO_new_mem_buf(data_body->data,data_body->length); 616 bio = BIO_new_mem_buf(data_body->data, data_body->length);
646 else { 617 else {
647 bio=BIO_new(BIO_s_mem()); 618 bio = BIO_new(BIO_s_mem());
648 BIO_set_mem_eof_return(bio,0); 619 BIO_set_mem_eof_return(bio, 0);
649 } 620 }
650 if (bio == NULL) 621 if (bio == NULL)
651 goto err; 622 goto err;
652#endif 623#endif
653 } 624 }
654 BIO_push(out,bio); 625 BIO_push(out, bio);
655 bio=NULL; 626 bio = NULL;
656#endif 627#endif
657 if (0) 628 if (0) {
658 {
659err: 629err:
660 if (ek) 630 if (ek) {
661 { 631 OPENSSL_cleanse(ek, eklen);
662 OPENSSL_cleanse(ek,eklen); 632 free(ek);
663 free(ek); 633 }
664 } 634 if (tkey) {
665 if (tkey) 635 OPENSSL_cleanse(tkey, tkeylen);
666 { 636 free(tkey);
667 OPENSSL_cleanse(tkey,tkeylen);
668 free(tkey);
669 }
670 if (out != NULL) BIO_free_all(out);
671 if (btmp != NULL) BIO_free_all(btmp);
672 if (etmp != NULL) BIO_free_all(etmp);
673 if (bio != NULL) BIO_free_all(bio);
674 out=NULL;
675 } 637 }
676 return(out); 638 if (out != NULL)
639 BIO_free_all(out);
640 if (btmp != NULL)
641 BIO_free_all(btmp);
642 if (etmp != NULL)
643 BIO_free_all(etmp);
644 if (bio != NULL)
645 BIO_free_all(bio);
646 out = NULL;
677 } 647 }
648 return (out);
649}
678 650
679static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) 651static BIO *
680 { 652PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
681 for (;;) 653{
682 { 654 for (;;) {
683 bio=BIO_find_type(bio,BIO_TYPE_MD); 655 bio = BIO_find_type(bio, BIO_TYPE_MD);
684 if (bio == NULL) 656 if (bio == NULL) {
685 { 657 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
686 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 658 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
687 return NULL;
688 }
689 BIO_get_md_ctx(bio,pmd);
690 if (*pmd == NULL)
691 {
692 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
693 return NULL; 659 return NULL;
694 } 660 }
661 BIO_get_md_ctx(bio, pmd);
662 if (*pmd == NULL) {
663 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
664 ERR_R_INTERNAL_ERROR);
665 return NULL;
666 }
695 if (EVP_MD_CTX_type(*pmd) == nid) 667 if (EVP_MD_CTX_type(*pmd) == nid)
696 return bio; 668 return bio;
697 bio=BIO_next(bio); 669 bio = BIO_next(bio);
698 }
699 return NULL;
700 } 670 }
671 return NULL;
672}
701 673
702static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) 674static int
703 { 675do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
676{
704 unsigned char md_data[EVP_MAX_MD_SIZE]; 677 unsigned char md_data[EVP_MAX_MD_SIZE];
705 unsigned int md_len; 678 unsigned int md_len;
706 679
707 /* Add signing time if not already present */ 680 /* Add signing time if not already present */
708 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) 681 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
709 { 682 if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
710 if (!PKCS7_add0_attrib_signing_time(si, NULL))
711 {
712 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 683 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
713 ERR_R_MALLOC_FAILURE); 684 ERR_R_MALLOC_FAILURE);
714 return 0; 685 return 0;
715 }
716 } 686 }
687 }
717 688
718 /* Add digest */ 689 /* Add digest */
719 if (!EVP_DigestFinal_ex(mctx, md_data,&md_len)) 690 if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
720 {
721 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); 691 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
722 return 0; 692 return 0;
723 } 693 }
724 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) 694 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
725 {
726 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); 695 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
727 return 0; 696 return 0;
728 } 697 }
729 698
730 /* Now sign the attributes */ 699 /* Now sign the attributes */
731 if (!PKCS7_SIGNER_INFO_sign(si)) 700 if (!PKCS7_SIGNER_INFO_sign(si))
732 return 0; 701 return 0;
733 702
734 return 1; 703 return 1;
735 } 704}
736 705
737 706
738int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 707int
739 { 708PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
740 int ret=0; 709{
741 int i,j; 710 int ret = 0;
711 int i, j;
742 BIO *btmp; 712 BIO *btmp;
743 PKCS7_SIGNER_INFO *si; 713 PKCS7_SIGNER_INFO *si;
744 EVP_MD_CTX *mdc,ctx_tmp; 714 EVP_MD_CTX *mdc, ctx_tmp;
745 STACK_OF(X509_ATTRIBUTE) *sk; 715 STACK_OF(X509_ATTRIBUTE) *sk;
746 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; 716 STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
747 ASN1_OCTET_STRING *os=NULL; 717 ASN1_OCTET_STRING *os = NULL;
748 718
749 EVP_MD_CTX_init(&ctx_tmp); 719 EVP_MD_CTX_init(&ctx_tmp);
750 i=OBJ_obj2nid(p7->type); 720 i = OBJ_obj2nid(p7->type);
751 p7->state=PKCS7_S_HEADER; 721 p7->state = PKCS7_S_HEADER;
752 722
753 switch (i) 723 switch (i) {
754 {
755 case NID_pkcs7_data: 724 case NID_pkcs7_data:
756 os = p7->d.data; 725 os = p7->d.data;
757 break; 726 break;
758 case NID_pkcs7_signedAndEnveloped: 727 case NID_pkcs7_signedAndEnveloped:
759 /* XXX */ 728 /* XXX */
760 si_sk=p7->d.signed_and_enveloped->signer_info; 729 si_sk = p7->d.signed_and_enveloped->signer_info;
761 os = p7->d.signed_and_enveloped->enc_data->enc_data; 730 os = p7->d.signed_and_enveloped->enc_data->enc_data;
762 if (!os) 731 if (!os) {
763 { 732 os = M_ASN1_OCTET_STRING_new();
764 os=M_ASN1_OCTET_STRING_new(); 733 if (!os) {
765 if (!os) 734 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
766 { 735 ERR_R_MALLOC_FAILURE);
767 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
768 goto err; 736 goto err;
769 }
770 p7->d.signed_and_enveloped->enc_data->enc_data=os;
771 } 737 }
738 p7->d.signed_and_enveloped->enc_data->enc_data = os;
739 }
772 break; 740 break;
773 case NID_pkcs7_enveloped: 741 case NID_pkcs7_enveloped:
774 /* XXX */ 742 /* XXX */
775 os = p7->d.enveloped->enc_data->enc_data; 743 os = p7->d.enveloped->enc_data->enc_data;
776 if (!os) 744 if (!os) {
777 { 745 os = M_ASN1_OCTET_STRING_new();
778 os=M_ASN1_OCTET_STRING_new(); 746 if (!os) {
779 if (!os) 747 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
780 { 748 ERR_R_MALLOC_FAILURE);
781 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
782 goto err; 749 goto err;
783 }
784 p7->d.enveloped->enc_data->enc_data=os;
785 } 750 }
751 p7->d.enveloped->enc_data->enc_data = os;
752 }
786 break; 753 break;
787 case NID_pkcs7_signed: 754 case NID_pkcs7_signed:
788 si_sk=p7->d.sign->signer_info; 755 si_sk = p7->d.sign->signer_info;
789 os=PKCS7_get_octet_string(p7->d.sign->contents); 756 os = PKCS7_get_octet_string(p7->d.sign->contents);
790 if (os == NULL) { 757 if (os == NULL) {
791 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); 758 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
792 goto err; 759 goto err;
793 } 760 }
794 /* If detached data then the content is excluded */ 761 /* If detached data then the content is excluded */
795 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { 762 if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
796 M_ASN1_OCTET_STRING_free(os); 763 M_ASN1_OCTET_STRING_free(os);
797 p7->d.sign->contents->d.data = NULL; 764 p7->d.sign->contents->d.data = NULL;
798 } 765 }
799 break; 766 break;
800 767
801 case NID_pkcs7_digest: 768 case NID_pkcs7_digest:
802 os=PKCS7_get_octet_string(p7->d.digest->contents); 769 os = PKCS7_get_octet_string(p7->d.digest->contents);
803 if (os == NULL) { 770 if (os == NULL) {
804 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); 771 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR);
805 goto err; 772 goto err;
806 } 773 }
807 /* If detached data then the content is excluded */ 774 /* If detached data then the content is excluded */
808 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) 775 if (PKCS7_type_is_data(p7->d.digest->contents) &&
809 { 776 p7->detached) {
810 M_ASN1_OCTET_STRING_free(os); 777 M_ASN1_OCTET_STRING_free(os);
811 p7->d.digest->contents->d.data = NULL; 778 p7->d.digest->contents->d.data = NULL;
812 } 779 }
813 break; 780 break;
814 781
815 default: 782 default:
816 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 783 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
817 goto err; 784 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
818 } 785 goto err;
786 }
819 787
820 if (si_sk != NULL) 788 if (si_sk != NULL) {
821 { 789 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
822 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 790 si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
823 {
824 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
825 if (si->pkey == NULL) 791 if (si->pkey == NULL)
826 continue; 792 continue;
827 793
828 j = OBJ_obj2nid(si->digest_alg->algorithm); 794 j = OBJ_obj2nid(si->digest_alg->algorithm);
829 795
830 btmp=bio; 796 btmp = bio;
831 797
832 btmp = PKCS7_find_digest(&mdc, btmp, j); 798 btmp = PKCS7_find_digest(&mdc, btmp, j);
833 799
@@ -836,20 +802,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
836 802
837 /* We now have the EVP_MD_CTX, lets do the 803 /* We now have the EVP_MD_CTX, lets do the
838 * signing. */ 804 * signing. */
839 if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc)) 805 if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
840 goto err; 806 goto err;
841 807
842 sk=si->auth_attr; 808 sk = si->auth_attr;
843 809
844 /* If there are attributes, we add the digest 810 /* If there are attributes, we add the digest
845 * attribute and only sign the attributes */ 811 * attribute and only sign the attributes */
846 if (sk_X509_ATTRIBUTE_num(sk) > 0) 812 if (sk_X509_ATTRIBUTE_num(sk) > 0) {
847 {
848 if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) 813 if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
849 goto err; 814 goto err;
850 } 815 } else {
851 else
852 {
853 unsigned char *abuf = NULL; 816 unsigned char *abuf = NULL;
854 unsigned int abuflen; 817 unsigned int abuflen;
855 abuflen = EVP_PKEY_size(si->pkey); 818 abuflen = EVP_PKEY_size(si->pkey);
@@ -858,38 +821,34 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
858 goto err; 821 goto err;
859 822
860 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, 823 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
861 si->pkey)) 824 si->pkey)) {
862 {
863 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 825 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
864 ERR_R_EVP_LIB); 826 ERR_R_EVP_LIB);
865 goto err; 827 goto err;
866 }
867 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
868 } 828 }
829 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
869 } 830 }
870 } 831 }
871 else if (i == NID_pkcs7_digest) 832 } else if (i == NID_pkcs7_digest) {
872 {
873 unsigned char md_data[EVP_MAX_MD_SIZE]; 833 unsigned char md_data[EVP_MAX_MD_SIZE];
874 unsigned int md_len; 834 unsigned int md_len;
875 if (!PKCS7_find_digest(&mdc, bio, 835 if (!PKCS7_find_digest(&mdc, bio,
876 OBJ_obj2nid(p7->d.digest->md->algorithm))) 836 OBJ_obj2nid(p7->d.digest->md->algorithm)))
877 goto err; 837 goto err;
878 if (!EVP_DigestFinal_ex(mdc,md_data,&md_len)) 838 if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
879 goto err; 839 goto err;
880 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); 840 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
881 } 841 }
882 842
883 if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) 843 if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
884 {
885 char *cont; 844 char *cont;
886 long contlen; 845 long contlen;
887 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 846 btmp = BIO_find_type(bio, BIO_TYPE_MEM);
888 if (btmp == NULL) 847 if (btmp == NULL) {
889 { 848 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
890 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 849 PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
891 goto err; 850 goto err;
892 } 851 }
893 contlen = BIO_get_mem_data(btmp, &cont); 852 contlen = BIO_get_mem_data(btmp, &cont);
894 /* Mark the BIO read only then we can use its copy of the data 853 /* Mark the BIO read only then we can use its copy of the data
895 * instead of making an extra copy. 854 * instead of making an extra copy.
@@ -897,15 +856,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
897 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); 856 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
898 BIO_set_mem_eof_return(btmp, 0); 857 BIO_set_mem_eof_return(btmp, 0);
899 ASN1_STRING_set0(os, (unsigned char *)cont, contlen); 858 ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
900 } 859 }
901 ret=1; 860 ret = 1;
902err: 861err:
903 EVP_MD_CTX_cleanup(&ctx_tmp); 862 EVP_MD_CTX_cleanup(&ctx_tmp);
904 return(ret); 863 return (ret);
905 } 864}
906 865
907int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) 866int
908 { 867PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
868{
909 EVP_MD_CTX mctx; 869 EVP_MD_CTX mctx;
910 EVP_PKEY_CTX *pctx; 870 EVP_PKEY_CTX *pctx;
911 unsigned char *abuf = NULL; 871 unsigned char *abuf = NULL;
@@ -918,38 +878,36 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
918 return 0; 878 return 0;
919 879
920 EVP_MD_CTX_init(&mctx); 880 EVP_MD_CTX_init(&mctx);
921 if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) 881 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
922 goto err; 882 goto err;
923 883
924 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 884 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
925 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) 885 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
926 {
927 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 886 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
928 goto err; 887 goto err;
929 } 888 }
930 889
931 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, 890 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
932 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); 891 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
933 if(!abuf) 892 if (!abuf)
934 goto err; 893 goto err;
935 if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) 894 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
936 goto err; 895 goto err;
937 free(abuf); 896 free(abuf);
938 abuf = NULL; 897 abuf = NULL;
939 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) 898 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
940 goto err; 899 goto err;
941 abuf = malloc(siglen); 900 abuf = malloc(siglen);
942 if(!abuf) 901 if (!abuf)
943 goto err; 902 goto err;
944 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) 903 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
945 goto err; 904 goto err;
946 905
947 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 906 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
948 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) 907 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
949 {
950 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 908 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
951 goto err; 909 goto err;
952 } 910 }
953 911
954 EVP_MD_CTX_cleanup(&mctx); 912 EVP_MD_CTX_cleanup(&mctx);
955 913
@@ -957,73 +915,66 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
957 915
958 return 1; 916 return 1;
959 917
960 err: 918err:
961 free(abuf); 919 free(abuf);
962 EVP_MD_CTX_cleanup(&mctx); 920 EVP_MD_CTX_cleanup(&mctx);
963 return 0; 921 return 0;
922}
964 923
965 } 924int
966 925PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
967int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, 926 PKCS7 *p7, PKCS7_SIGNER_INFO *si)
968 PKCS7 *p7, PKCS7_SIGNER_INFO *si) 927{
969 {
970 PKCS7_ISSUER_AND_SERIAL *ias; 928 PKCS7_ISSUER_AND_SERIAL *ias;
971 int ret=0,i; 929 int ret = 0, i;
972 STACK_OF(X509) *cert; 930 STACK_OF(X509) *cert;
973 X509 *x509; 931 X509 *x509;
974 932
975 if (PKCS7_type_is_signed(p7)) 933 if (PKCS7_type_is_signed(p7)) {
976 { 934 cert = p7->d.sign->cert;
977 cert=p7->d.sign->cert; 935 } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
978 } 936 cert = p7->d.signed_and_enveloped->cert;
979 else if (PKCS7_type_is_signedAndEnveloped(p7)) 937 } else {
980 { 938 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
981 cert=p7->d.signed_and_enveloped->cert;
982 }
983 else
984 {
985 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
986 goto err; 939 goto err;
987 } 940 }
988 /* XXXX */ 941 /* XXXX */
989 ias=si->issuer_and_serial; 942 ias = si->issuer_and_serial;
990 943
991 x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); 944 x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
992 945
993 /* were we able to find the cert in passed to us */ 946 /* were we able to find the cert in passed to us */
994 if (x509 == NULL) 947 if (x509 == NULL) {
995 { 948 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
996 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); 949 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
997 goto err; 950 goto err;
998 } 951 }
999 952
1000 /* Lets verify */ 953 /* Lets verify */
1001 if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) 954 if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
1002 { 955 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
1003 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
1004 goto err; 956 goto err;
1005 } 957 }
1006 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); 958 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
1007 i=X509_verify_cert(ctx); 959 i = X509_verify_cert(ctx);
1008 if (i <= 0) 960 if (i <= 0) {
1009 { 961 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
1010 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
1011 X509_STORE_CTX_cleanup(ctx); 962 X509_STORE_CTX_cleanup(ctx);
1012 goto err; 963 goto err;
1013 } 964 }
1014 X509_STORE_CTX_cleanup(ctx); 965 X509_STORE_CTX_cleanup(ctx);
1015 966
1016 return PKCS7_signatureVerify(bio, p7, si, x509); 967 return PKCS7_signatureVerify(bio, p7, si, x509);
1017 err: 968err:
1018 return ret; 969 return ret;
1019 } 970}
1020 971
1021int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, 972int
1022 X509 *x509) 973PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
1023 { 974{
1024 ASN1_OCTET_STRING *os; 975 ASN1_OCTET_STRING *os;
1025 EVP_MD_CTX mdc_tmp,*mdc; 976 EVP_MD_CTX mdc_tmp, *mdc;
1026 int ret=0,i; 977 int ret = 0, i;
1027 int md_type; 978 int md_type;
1028 STACK_OF(X509_ATTRIBUTE) *sk; 979 STACK_OF(X509_ATTRIBUTE) *sk;
1029 BIO *btmp; 980 BIO *btmp;
@@ -1031,32 +982,29 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
1031 982
1032 EVP_MD_CTX_init(&mdc_tmp); 983 EVP_MD_CTX_init(&mdc_tmp);
1033 984
1034 if (!PKCS7_type_is_signed(p7) && 985 if (!PKCS7_type_is_signed(p7) &&
1035 !PKCS7_type_is_signedAndEnveloped(p7)) { 986 !PKCS7_type_is_signedAndEnveloped(p7)) {
1036 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 987 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1037 PKCS7_R_WRONG_PKCS7_TYPE); 988 PKCS7_R_WRONG_PKCS7_TYPE);
1038 goto err; 989 goto err;
1039 } 990 }
1040 991
1041 md_type=OBJ_obj2nid(si->digest_alg->algorithm); 992 md_type = OBJ_obj2nid(si->digest_alg->algorithm);
1042 993
1043 btmp=bio; 994 btmp = bio;
1044 for (;;) 995 for (;;) {
1045 {
1046 if ((btmp == NULL) || 996 if ((btmp == NULL) ||
1047 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) 997 ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
1048 {
1049 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 998 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1050 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 999 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1051 goto err; 1000 goto err;
1052 } 1001 }
1053 BIO_get_md_ctx(btmp,&mdc); 1002 BIO_get_md_ctx(btmp, &mdc);
1054 if (mdc == NULL) 1003 if (mdc == NULL) {
1055 {
1056 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1004 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1057 ERR_R_INTERNAL_ERROR); 1005 ERR_R_INTERNAL_ERROR);
1058 goto err; 1006 goto err;
1059 } 1007 }
1060 if (EVP_MD_CTX_type(mdc) == md_type) 1008 if (EVP_MD_CTX_type(mdc) == md_type)
1061 break; 1009 break;
1062 /* Workaround for some broken clients that put the signature 1010 /* Workaround for some broken clients that put the signature
@@ -1064,243 +1012,239 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
1064 */ 1012 */
1065 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) 1013 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
1066 break; 1014 break;
1067 btmp=BIO_next(btmp); 1015 btmp = BIO_next(btmp);
1068 } 1016 }
1069 1017
1070 /* mdc is the digest ctx that we want, unless there are attributes, 1018 /* mdc is the digest ctx that we want, unless there are attributes,
1071 * in which case the digest is the signed attributes */ 1019 * in which case the digest is the signed attributes */
1072 if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc)) 1020 if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
1073 goto err; 1021 goto err;
1074 1022
1075 sk=si->auth_attr; 1023 sk = si->auth_attr;
1076 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) 1024 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
1077 {
1078 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; 1025 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
1079 unsigned int md_len; 1026 unsigned int md_len;
1080 int alen; 1027 int alen;
1081 ASN1_OCTET_STRING *message_digest; 1028 ASN1_OCTET_STRING *message_digest;
1082 1029
1083 if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len)) 1030 if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
1084 goto err; 1031 goto err;
1085 message_digest=PKCS7_digest_from_attributes(sk); 1032 message_digest = PKCS7_digest_from_attributes(sk);
1086 if (!message_digest) 1033 if (!message_digest) {
1087 {
1088 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1034 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1089 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1035 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1090 goto err; 1036 goto err;
1091 } 1037 }
1092 if ((message_digest->length != (int)md_len) || 1038 if ((message_digest->length != (int)md_len) ||
1093 (memcmp(message_digest->data,md_dat,md_len))) 1039 (memcmp(message_digest->data, md_dat, md_len))) {
1094 {
1095#if 0 1040#if 0
1096{ 1041 {
1097int ii; 1042 int ii;
1098for (ii=0; ii<message_digest->length; ii++) 1043 for (ii = 0; ii < message_digest->length; ii++)
1099 printf("%02X",message_digest->data[ii]); printf(" sent\n"); 1044 printf("%02X",message_digest->data[ii]); printf(" sent\n");
1100for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); 1045 for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
1101} 1046 }
1102#endif 1047#endif
1103 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1048 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1104 PKCS7_R_DIGEST_FAILURE); 1049 PKCS7_R_DIGEST_FAILURE);
1105 ret= -1; 1050 ret = -1;
1106 goto err; 1051 goto err;
1107 } 1052 }
1108 1053
1109 if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL)) 1054 if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type),
1055 NULL))
1110 goto err; 1056 goto err;
1111 1057
1112 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, 1058 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
1113 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); 1059 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
1114 if (alen <= 0) 1060 if (alen <= 0) {
1115 { 1061 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
1116 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB);
1117 ret = -1; 1062 ret = -1;
1118 goto err; 1063 goto err;
1119 } 1064 }
1120 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) 1065 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
1121 goto err; 1066 goto err;
1122 1067
1123 free(abuf); 1068 free(abuf);
1124 } 1069 }
1125 1070
1126 os=si->enc_digest; 1071 os = si->enc_digest;
1127 pkey = X509_get_pubkey(x509); 1072 pkey = X509_get_pubkey(x509);
1128 if (!pkey) 1073 if (!pkey) {
1129 {
1130 ret = -1; 1074 ret = -1;
1131 goto err; 1075 goto err;
1132 } 1076 }
1133 1077
1134 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 1078 i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
1135 EVP_PKEY_free(pkey); 1079 EVP_PKEY_free(pkey);
1136 if (i <= 0) 1080 if (i <= 0) {
1137 {
1138 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1081 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
1139 PKCS7_R_SIGNATURE_FAILURE); 1082 PKCS7_R_SIGNATURE_FAILURE);
1140 ret= -1; 1083 ret = -1;
1141 goto err; 1084 goto err;
1142 } 1085 } else
1143 else 1086 ret = 1;
1144 ret=1;
1145err: 1087err:
1146 EVP_MD_CTX_cleanup(&mdc_tmp); 1088 EVP_MD_CTX_cleanup(&mdc_tmp);
1147 return(ret); 1089 return (ret);
1148 } 1090}
1149 1091
1150PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) 1092PKCS7_ISSUER_AND_SERIAL *
1151 { 1093PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
1094{
1152 STACK_OF(PKCS7_RECIP_INFO) *rsk; 1095 STACK_OF(PKCS7_RECIP_INFO) *rsk;
1153 PKCS7_RECIP_INFO *ri; 1096 PKCS7_RECIP_INFO *ri;
1154 int i; 1097 int i;
1155 1098
1156 i=OBJ_obj2nid(p7->type); 1099 i = OBJ_obj2nid(p7->type);
1157 if (i != NID_pkcs7_signedAndEnveloped) 1100 if (i != NID_pkcs7_signedAndEnveloped)
1158 return NULL; 1101 return NULL;
1159 if (p7->d.signed_and_enveloped == NULL) 1102 if (p7->d.signed_and_enveloped == NULL)
1160 return NULL; 1103 return NULL;
1161 rsk=p7->d.signed_and_enveloped->recipientinfo; 1104 rsk = p7->d.signed_and_enveloped->recipientinfo;
1162 if (rsk == NULL) 1105 if (rsk == NULL)
1163 return NULL; 1106 return NULL;
1164 ri=sk_PKCS7_RECIP_INFO_value(rsk,0); 1107 ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
1165 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); 1108 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
1166 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); 1109 return (NULL);
1167 return(ri->issuer_and_serial); 1110 ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
1168 } 1111 return (ri->issuer_and_serial);
1112}
1169 1113
1170ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) 1114ASN1_TYPE *
1171 { 1115PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
1172 return(get_attribute(si->auth_attr,nid)); 1116{
1173 } 1117 return (get_attribute(si->auth_attr, nid));
1118}
1174 1119
1175ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) 1120ASN1_TYPE *
1176 { 1121PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
1177 return(get_attribute(si->unauth_attr,nid)); 1122{
1178 } 1123 return (get_attribute(si->unauth_attr, nid));
1124}
1179 1125
1180static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) 1126static ASN1_TYPE *
1181 { 1127get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
1128{
1182 int i; 1129 int i;
1183 X509_ATTRIBUTE *xa; 1130 X509_ATTRIBUTE *xa;
1184 ASN1_OBJECT *o; 1131 ASN1_OBJECT *o;
1185 1132
1186 o=OBJ_nid2obj(nid); 1133 o = OBJ_nid2obj(nid);
1187 if (!o || !sk) return(NULL); 1134 if (!o || !sk)
1188 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1135 return (NULL);
1189 { 1136 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1190 xa=sk_X509_ATTRIBUTE_value(sk,i); 1137 xa = sk_X509_ATTRIBUTE_value(sk, i);
1191 if (OBJ_cmp(xa->object,o) == 0) 1138 if (OBJ_cmp(xa->object, o) == 0) {
1192 {
1193 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) 1139 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
1194 return(sk_ASN1_TYPE_value(xa->value.set,0)); 1140 return (sk_ASN1_TYPE_value(xa->value.set, 0));
1195 else 1141 else
1196 return(NULL); 1142 return (NULL);
1197 }
1198 } 1143 }
1199 return(NULL);
1200 } 1144 }
1145 return (NULL);
1146}
1201 1147
1202ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) 1148ASN1_OCTET_STRING *
1149PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
1203{ 1150{
1204 ASN1_TYPE *astype; 1151 ASN1_TYPE *astype;
1205 if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; 1152
1153 if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
1154 return NULL;
1206 return astype->value.octet_string; 1155 return astype->value.octet_string;
1207} 1156}
1208 1157
1209int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, 1158int
1210 STACK_OF(X509_ATTRIBUTE) *sk) 1159PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
1211 { 1160 STACK_OF(X509_ATTRIBUTE) *sk)
1161{
1212 int i; 1162 int i;
1213 1163
1214 if (p7si->auth_attr != NULL) 1164 if (p7si->auth_attr != NULL)
1215 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); 1165 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,
1216 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); 1166 X509_ATTRIBUTE_free);
1167 p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
1217 if (p7si->auth_attr == NULL) 1168 if (p7si->auth_attr == NULL)
1218 return 0; 1169 return 0;
1219 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1170 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1220 { 1171 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
1221 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, 1172 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1222 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
1223 == NULL) 1173 == NULL)
1224 return(0); 1174 return (0);
1225 }
1226 return(1);
1227 } 1175 }
1176 return (1);
1177}
1228 1178
1229int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) 1179int
1230 { 1180PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
1181{
1231 int i; 1182 int i;
1232 1183
1233 if (p7si->unauth_attr != NULL) 1184 if (p7si->unauth_attr != NULL)
1234 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, 1185 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
1235 X509_ATTRIBUTE_free); 1186 X509_ATTRIBUTE_free);
1236 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); 1187 p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
1237 if (p7si->unauth_attr == NULL) 1188 if (p7si->unauth_attr == NULL)
1238 return 0; 1189 return 0;
1239 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1190 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1240 { 1191 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
1241 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, 1192 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1242 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
1243 == NULL) 1193 == NULL)
1244 return(0); 1194 return (0);
1245 }
1246 return(1);
1247 } 1195 }
1196 return (1);
1197}
1248 1198
1249int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1199int
1250 void *value) 1200PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
1251 { 1201 void *value)
1252 return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); 1202{
1253 } 1203 return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
1204}
1254 1205
1255int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1206int
1256 void *value) 1207PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
1257 { 1208{
1258 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); 1209 return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
1259 } 1210}
1260 1211
1261static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 1212static int
1262 void *value) 1213add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value)
1263 { 1214{
1264 X509_ATTRIBUTE *attr=NULL; 1215 X509_ATTRIBUTE *attr = NULL;
1265 1216
1266 if (*sk == NULL) 1217 if (*sk == NULL) {
1267 {
1268 *sk = sk_X509_ATTRIBUTE_new_null(); 1218 *sk = sk_X509_ATTRIBUTE_new_null();
1269 if (*sk == NULL) 1219 if (*sk == NULL)
1270 return 0; 1220 return 0;
1271new_attrib: 1221new_attrib:
1272 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) 1222 if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
1273 return 0; 1223 return 0;
1274 if (!sk_X509_ATTRIBUTE_push(*sk,attr)) 1224 if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
1275 {
1276 X509_ATTRIBUTE_free(attr); 1225 X509_ATTRIBUTE_free(attr);
1277 return 0; 1226 return 0;
1278 }
1279 } 1227 }
1280 else 1228 } else {
1281 {
1282 int i; 1229 int i;
1283 1230
1284 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) 1231 for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
1285 { 1232 attr = sk_X509_ATTRIBUTE_value(*sk, i);
1286 attr=sk_X509_ATTRIBUTE_value(*sk,i); 1233 if (OBJ_obj2nid(attr->object) == nid) {
1287 if (OBJ_obj2nid(attr->object) == nid)
1288 {
1289 X509_ATTRIBUTE_free(attr); 1234 X509_ATTRIBUTE_free(attr);
1290 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1235 attr = X509_ATTRIBUTE_create(nid, atrtype,
1236 value);
1291 if (attr == NULL) 1237 if (attr == NULL)
1292 return 0; 1238 return 0;
1293 if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) 1239 if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
1294 {
1295 X509_ATTRIBUTE_free(attr); 1240 X509_ATTRIBUTE_free(attr);
1296 return 0; 1241 return 0;
1297 }
1298 goto end;
1299 } 1242 }
1243 goto end;
1300 } 1244 }
1301 goto new_attrib;
1302 } 1245 }
1303end: 1246 goto new_attrib;
1304 return(1);
1305 } 1247 }
1306 1248end:
1249 return (1);
1250}
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_enc.c b/src/lib/libssl/src/crypto/pkcs7/pk7_enc.c
index cc63ef75f7..fac9e5c8b1 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_enc.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_enc.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_enc.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_enc.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -64,13 +64,12 @@
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65#include <openssl/pkcs7.h> 65#include <openssl/pkcs7.h>
66 66
67PKCS7_in_bio(PKCS7 *p7,BIO *in); 67PKCS7_in_bio(PKCS7 *p7, BIO *in);
68PKCS7_out_bio(PKCS7 *p7,BIO *out); 68PKCS7_out_bio(PKCS7 *p7, BIO *out);
69 69
70PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key); 70PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key);
71PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher); 71PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
72 72
73PKCS7_Init(PKCS7 *p7); 73PKCS7_Init(PKCS7 *p7);
74PKCS7_Update(PKCS7 *p7); 74PKCS7_Update(PKCS7 *p7);
75PKCS7_Finish(PKCS7 *p7); 75PKCS7_Finish(PKCS7 *p7);
76
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
index 5d7d0b18a0..9eed9fc74a 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_lib.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: pk7_lib.c,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_lib.c,v 1.11 2014/06/29 17:05:36 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,599 +62,597 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include "asn1_locl.h" 63#include "asn1_locl.h"
64 64
65long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) 65long
66 { 66PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
67{
67 int nid; 68 int nid;
68 long ret; 69 long ret;
69 70
70 nid=OBJ_obj2nid(p7->type); 71 nid = OBJ_obj2nid(p7->type);
71 72
72 switch (cmd) 73 switch (cmd) {
73 {
74 case PKCS7_OP_SET_DETACHED_SIGNATURE: 74 case PKCS7_OP_SET_DETACHED_SIGNATURE:
75 if (nid == NID_pkcs7_signed) 75 if (nid == NID_pkcs7_signed) {
76 { 76 ret = p7->detached = (int)larg;
77 ret=p7->detached=(int)larg; 77 if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
78 if (ret && PKCS7_type_is_data(p7->d.sign->contents)) 78 ASN1_OCTET_STRING *os;
79 { 79 os = p7->d.sign->contents->d.data;
80 ASN1_OCTET_STRING *os; 80 ASN1_OCTET_STRING_free(os);
81 os=p7->d.sign->contents->d.data; 81 p7->d.sign->contents->d.data = NULL;
82 ASN1_OCTET_STRING_free(os);
83 p7->d.sign->contents->d.data = NULL;
84 }
85 }
86 else
87 {
88 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
89 ret=0;
90 } 82 }
83 } else {
84 PKCS7err(PKCS7_F_PKCS7_CTRL,
85 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
86 ret = 0;
87 }
91 break; 88 break;
92 case PKCS7_OP_GET_DETACHED_SIGNATURE: 89 case PKCS7_OP_GET_DETACHED_SIGNATURE:
93 if (nid == NID_pkcs7_signed) 90 if (nid == NID_pkcs7_signed) {
94 { 91 if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
95 if(!p7->d.sign || !p7->d.sign->contents->d.ptr)
96 ret = 1; 92 ret = 1;
97 else ret = 0; 93 else
98 94 ret = 0;
95
99 p7->detached = ret; 96 p7->detached = ret;
100 } 97 } else {
101 else 98 PKCS7err(PKCS7_F_PKCS7_CTRL,
102 { 99 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
103 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 100 ret = 0;
104 ret=0; 101 }
105 } 102
106
107 break; 103 break;
108 default: 104 default:
109 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); 105 PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
110 ret=0; 106 ret = 0;
111 }
112 return(ret);
113 } 107 }
108 return (ret);
109}
114 110
115int PKCS7_content_new(PKCS7 *p7, int type) 111int
116 { 112PKCS7_content_new(PKCS7 *p7, int type)
117 PKCS7 *ret=NULL; 113{
114 PKCS7 *ret = NULL;
118 115
119 if ((ret=PKCS7_new()) == NULL) goto err; 116 if ((ret = PKCS7_new()) == NULL)
120 if (!PKCS7_set_type(ret,type)) goto err; 117 goto err;
121 if (!PKCS7_set_content(p7,ret)) goto err; 118 if (!PKCS7_set_type(ret, type))
119 goto err;
120 if (!PKCS7_set_content(p7, ret))
121 goto err;
122 122
123 return(1); 123 return (1);
124err: 124err:
125 if (ret != NULL) PKCS7_free(ret); 125 if (ret != NULL)
126 return(0); 126 PKCS7_free(ret);
127 } 127 return (0);
128 128}
129int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) 129
130 { 130int
131PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
132{
131 int i; 133 int i;
132 134
133 i=OBJ_obj2nid(p7->type); 135 i = OBJ_obj2nid(p7->type);
134 switch (i) 136 switch (i) {
135 {
136 case NID_pkcs7_signed: 137 case NID_pkcs7_signed:
137 if (p7->d.sign->contents != NULL) 138 if (p7->d.sign->contents != NULL)
138 PKCS7_free(p7->d.sign->contents); 139 PKCS7_free(p7->d.sign->contents);
139 p7->d.sign->contents=p7_data; 140 p7->d.sign->contents = p7_data;
140 break; 141 break;
141 case NID_pkcs7_digest: 142 case NID_pkcs7_digest:
142 if (p7->d.digest->contents != NULL) 143 if (p7->d.digest->contents != NULL)
143 PKCS7_free(p7->d.digest->contents); 144 PKCS7_free(p7->d.digest->contents);
144 p7->d.digest->contents=p7_data; 145 p7->d.digest->contents = p7_data;
145 break; 146 break;
146 case NID_pkcs7_data: 147 case NID_pkcs7_data:
147 case NID_pkcs7_enveloped: 148 case NID_pkcs7_enveloped:
148 case NID_pkcs7_signedAndEnveloped: 149 case NID_pkcs7_signedAndEnveloped:
149 case NID_pkcs7_encrypted: 150 case NID_pkcs7_encrypted:
150 default: 151 default:
151 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 152 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,
153 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
152 goto err; 154 goto err;
153 }
154 return(1);
155err:
156 return(0);
157 } 155 }
156 return (1);
157err:
158 return (0);
159}
158 160
159int PKCS7_set_type(PKCS7 *p7, int type) 161int
160 { 162PKCS7_set_type(PKCS7 *p7, int type)
163{
161 ASN1_OBJECT *obj; 164 ASN1_OBJECT *obj;
162 165
163 /*PKCS7_content_free(p7);*/ 166 /*PKCS7_content_free(p7);*/
164 obj=OBJ_nid2obj(type); /* will not fail */ 167 obj=OBJ_nid2obj(type); /* will not fail */
165 168
166 switch (type) 169 switch (type) {
167 {
168 case NID_pkcs7_signed: 170 case NID_pkcs7_signed:
169 p7->type=obj; 171 p7->type = obj;
170 if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) 172 if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
171 goto err; 173 goto err;
172 if (!ASN1_INTEGER_set(p7->d.sign->version,1)) 174 if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
173 {
174 PKCS7_SIGNED_free(p7->d.sign); 175 PKCS7_SIGNED_free(p7->d.sign);
175 p7->d.sign=NULL; 176 p7->d.sign = NULL;
176 goto err; 177 goto err;
177 } 178 }
178 break; 179 break;
179 case NID_pkcs7_data: 180 case NID_pkcs7_data:
180 p7->type=obj; 181 p7->type = obj;
181 if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) 182 if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL)
182 goto err; 183 goto err;
183 break; 184 break;
184 case NID_pkcs7_signedAndEnveloped: 185 case NID_pkcs7_signedAndEnveloped:
185 p7->type=obj; 186 p7->type = obj;
186 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) 187 if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
187 == NULL) goto err; 188 == NULL) goto err;
188 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); 189 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
189 if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) 190 if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
190 goto err; 191 goto err;
191 p7->d.signed_and_enveloped->enc_data->content_type 192 p7->d.signed_and_enveloped->enc_data->content_type
192 = OBJ_nid2obj(NID_pkcs7_data); 193 = OBJ_nid2obj(NID_pkcs7_data);
193 break; 194 break;
194 case NID_pkcs7_enveloped: 195 case NID_pkcs7_enveloped:
195 p7->type=obj; 196 p7->type = obj;
196 if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) 197 if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
197 == NULL) goto err; 198 == NULL) goto err;
198 if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) 199 if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
199 goto err; 200 goto err;
200 p7->d.enveloped->enc_data->content_type 201 p7->d.enveloped->enc_data->content_type
201 = OBJ_nid2obj(NID_pkcs7_data); 202 = OBJ_nid2obj(NID_pkcs7_data);
202 break; 203 break;
203 case NID_pkcs7_encrypted: 204 case NID_pkcs7_encrypted:
204 p7->type=obj; 205 p7->type = obj;
205 if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) 206 if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
206 == NULL) goto err; 207 == NULL) goto err;
207 if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) 208 if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
208 goto err; 209 goto err;
209 p7->d.encrypted->enc_data->content_type 210 p7->d.encrypted->enc_data->content_type
210 = OBJ_nid2obj(NID_pkcs7_data); 211 = OBJ_nid2obj(NID_pkcs7_data);
211 break; 212 break;
212 213
213 case NID_pkcs7_digest: 214 case NID_pkcs7_digest:
214 p7->type=obj; 215 p7->type = obj;
215 if ((p7->d.digest=PKCS7_DIGEST_new()) 216 if ((p7->d.digest = PKCS7_DIGEST_new())
216 == NULL) goto err; 217 == NULL) goto err;
217 if (!ASN1_INTEGER_set(p7->d.digest->version,0)) 218 if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
218 goto err; 219 goto err;
219 break; 220 break;
220 default: 221 default:
221 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 222 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,
223 PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
222 goto err; 224 goto err;
223 }
224 return(1);
225err:
226 return(0);
227 } 225 }
226 return (1);
227err:
228 return (0);
229}
228 230
229int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) 231int
230 { 232PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
233{
231 p7->type = OBJ_nid2obj(type); 234 p7->type = OBJ_nid2obj(type);
232 p7->d.other = other; 235 p7->d.other = other;
233 return 1; 236 return 1;
234 } 237}
235 238
236int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) 239int
237 { 240PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
238 int i,j,nid; 241{
242 int i, j, nid;
239 X509_ALGOR *alg; 243 X509_ALGOR *alg;
240 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; 244 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
241 STACK_OF(X509_ALGOR) *md_sk; 245 STACK_OF(X509_ALGOR) *md_sk;
242 246
243 i=OBJ_obj2nid(p7->type); 247 i = OBJ_obj2nid(p7->type);
244 switch (i) 248 switch (i) {
245 {
246 case NID_pkcs7_signed: 249 case NID_pkcs7_signed:
247 signer_sk= p7->d.sign->signer_info; 250 signer_sk = p7->d.sign->signer_info;
248 md_sk= p7->d.sign->md_algs; 251 md_sk = p7->d.sign->md_algs;
249 break; 252 break;
250 case NID_pkcs7_signedAndEnveloped: 253 case NID_pkcs7_signedAndEnveloped:
251 signer_sk= p7->d.signed_and_enveloped->signer_info; 254 signer_sk = p7->d.signed_and_enveloped->signer_info;
252 md_sk= p7->d.signed_and_enveloped->md_algs; 255 md_sk = p7->d.signed_and_enveloped->md_algs;
253 break; 256 break;
254 default: 257 default:
255 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); 258 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
256 return(0); 259 return (0);
257 } 260 }
258 261
259 nid=OBJ_obj2nid(psi->digest_alg->algorithm); 262 nid = OBJ_obj2nid(psi->digest_alg->algorithm);
260 263
261 /* If the digest is not currently listed, add it */ 264 /* If the digest is not currently listed, add it */
262 j=0; 265 j = 0;
263 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 266 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
264 { 267 alg = sk_X509_ALGOR_value(md_sk, i);
265 alg=sk_X509_ALGOR_value(md_sk,i); 268 if (OBJ_obj2nid(alg->algorithm) == nid) {
266 if (OBJ_obj2nid(alg->algorithm) == nid) 269 j = 1;
267 {
268 j=1;
269 break; 270 break;
270 }
271 } 271 }
272 }
272 if (!j) /* we need to add another algorithm */ 273 if (!j) /* we need to add another algorithm */
273 { 274 {
274 if(!(alg=X509_ALGOR_new()) 275 if (!(alg = X509_ALGOR_new()) ||
275 || !(alg->parameter = ASN1_TYPE_new())) 276 !(alg->parameter = ASN1_TYPE_new())) {
276 {
277 X509_ALGOR_free(alg); 277 X509_ALGOR_free(alg);
278 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); 278 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,
279 return(0); 279 ERR_R_MALLOC_FAILURE);
280 } 280 return (0);
281 alg->algorithm=OBJ_nid2obj(nid); 281 }
282 alg->algorithm = OBJ_nid2obj(nid);
282 alg->parameter->type = V_ASN1_NULL; 283 alg->parameter->type = V_ASN1_NULL;
283 if (!sk_X509_ALGOR_push(md_sk,alg)) 284 if (!sk_X509_ALGOR_push(md_sk, alg)) {
284 {
285 X509_ALGOR_free(alg); 285 X509_ALGOR_free(alg);
286 return 0; 286 return 0;
287 }
288 } 287 }
288 }
289 289
290 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) 290 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
291 return 0; 291 return 0;
292 return(1); 292 return (1);
293 } 293}
294 294
295int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) 295int
296 { 296PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
297{
297 int i; 298 int i;
298 STACK_OF(X509) **sk; 299 STACK_OF(X509) **sk;
299 300
300 i=OBJ_obj2nid(p7->type); 301 i = OBJ_obj2nid(p7->type);
301 switch (i) 302 switch (i) {
302 {
303 case NID_pkcs7_signed: 303 case NID_pkcs7_signed:
304 sk= &(p7->d.sign->cert); 304 sk = &(p7->d.sign->cert);
305 break; 305 break;
306 case NID_pkcs7_signedAndEnveloped: 306 case NID_pkcs7_signedAndEnveloped:
307 sk= &(p7->d.signed_and_enveloped->cert); 307 sk = &(p7->d.signed_and_enveloped->cert);
308 break; 308 break;
309 default: 309 default:
310 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); 310 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,
311 return(0); 311 PKCS7_R_WRONG_CONTENT_TYPE);
312 } 312 return (0);
313 }
313 314
314 if (*sk == NULL) 315 if (*sk == NULL)
315 *sk=sk_X509_new_null(); 316 *sk = sk_X509_new_null();
316 if (*sk == NULL) 317 if (*sk == NULL) {
317 {
318 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); 318 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
319 return 0; 319 return 0;
320 } 320 }
321 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 321 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
322 if (!sk_X509_push(*sk,x509)) 322 if (!sk_X509_push(*sk, x509)) {
323 {
324 X509_free(x509); 323 X509_free(x509);
325 return 0; 324 return 0;
326 }
327 return(1);
328 } 325 }
326 return (1);
327}
329 328
330int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) 329int
331 { 330PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
331{
332 int i; 332 int i;
333 STACK_OF(X509_CRL) **sk; 333 STACK_OF(X509_CRL) **sk;
334 334
335 i=OBJ_obj2nid(p7->type); 335 i = OBJ_obj2nid(p7->type);
336 switch (i) 336 switch (i) {
337 {
338 case NID_pkcs7_signed: 337 case NID_pkcs7_signed:
339 sk= &(p7->d.sign->crl); 338 sk = &(p7->d.sign->crl);
340 break; 339 break;
341 case NID_pkcs7_signedAndEnveloped: 340 case NID_pkcs7_signedAndEnveloped:
342 sk= &(p7->d.signed_and_enveloped->crl); 341 sk = &(p7->d.signed_and_enveloped->crl);
343 break; 342 break;
344 default: 343 default:
345 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); 344 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
346 return(0); 345 return (0);
347 } 346 }
348 347
349 if (*sk == NULL) 348 if (*sk == NULL)
350 *sk=sk_X509_CRL_new_null(); 349 *sk = sk_X509_CRL_new_null();
351 if (*sk == NULL) 350 if (*sk == NULL) {
352 { 351 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
353 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
354 return 0; 352 return 0;
355 } 353 }
356 354
357 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); 355 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
358 if (!sk_X509_CRL_push(*sk,crl)) 356 if (!sk_X509_CRL_push(*sk, crl)) {
359 {
360 X509_CRL_free(crl); 357 X509_CRL_free(crl);
361 return 0; 358 return 0;
362 }
363 return(1);
364 } 359 }
360 return (1);
361}
365 362
366int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 363int
367 const EVP_MD *dgst) 364PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
368 { 365 const EVP_MD *dgst)
366{
369 int ret; 367 int ret;
370 368
371 /* We now need to add another PKCS7_SIGNER_INFO entry */ 369 /* We now need to add another PKCS7_SIGNER_INFO entry */
372 if (!ASN1_INTEGER_set(p7i->version,1)) 370 if (!ASN1_INTEGER_set(p7i->version, 1))
373 goto err; 371 goto err;
374 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 372 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
375 X509_get_issuer_name(x509))) 373 X509_get_issuer_name(x509)))
376 goto err; 374 goto err;
377 375
378 /* because ASN1_INTEGER_set is used to set a 'long' we will do 376 /* because ASN1_INTEGER_set is used to set a 'long' we will do
379 * things the ugly way. */ 377 * things the ugly way. */
380 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 378 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
381 if (!(p7i->issuer_and_serial->serial= 379 if (!(p7i->issuer_and_serial->serial =
382 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 380 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
383 goto err; 381 goto err;
384 382
385 /* lets keep the pkey around for a while */ 383 /* lets keep the pkey around for a while */
386 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 384 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
387 p7i->pkey=pkey; 385 p7i->pkey = pkey;
388 386
389 /* Set the algorithms */ 387 /* Set the algorithms */
390 388
391 X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), 389 X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
392 V_ASN1_NULL, NULL); 390 V_ASN1_NULL, NULL);
393 391
394 if (pkey->ameth && pkey->ameth->pkey_ctrl) 392 if (pkey->ameth && pkey->ameth->pkey_ctrl) {
395 {
396 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 393 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
397 0, p7i); 394 0, p7i);
398 if (ret > 0) 395 if (ret > 0)
399 return 1; 396 return 1;
400 if (ret != -2) 397 if (ret != -2) {
401 {
402 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 398 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
403 PKCS7_R_SIGNING_CTRL_FAILURE); 399 PKCS7_R_SIGNING_CTRL_FAILURE);
404 return 0; 400 return 0;
405 }
406 } 401 }
402 }
407 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 403 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
408 PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 404 PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
409err: 405err:
410 return 0; 406 return 0;
411 } 407}
412 408
413PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, 409PKCS7_SIGNER_INFO *
414 const EVP_MD *dgst) 410PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst)
415 { 411{
416 PKCS7_SIGNER_INFO *si = NULL; 412 PKCS7_SIGNER_INFO *si = NULL;
417 413
418 if (dgst == NULL) 414 if (dgst == NULL) {
419 {
420 int def_nid; 415 int def_nid;
421 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) 416 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
422 goto err; 417 goto err;
423 dgst = EVP_get_digestbynid(def_nid); 418 dgst = EVP_get_digestbynid(def_nid);
424 if (dgst == NULL) 419 if (dgst == NULL) {
425 {
426 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, 420 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
427 PKCS7_R_NO_DEFAULT_DIGEST); 421 PKCS7_R_NO_DEFAULT_DIGEST);
428 goto err; 422 goto err;
429 }
430 } 423 }
424 }
431 425
432 if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; 426 if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
433 if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; 427 goto err;
434 if (!PKCS7_add_signer(p7,si)) goto err; 428 if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
435 return(si); 429 goto err;
430 if (!PKCS7_add_signer(p7, si))
431 goto err;
432 return (si);
436err: 433err:
437 if (si) 434 if (si)
438 PKCS7_SIGNER_INFO_free(si); 435 PKCS7_SIGNER_INFO_free(si);
439 return(NULL); 436 return (NULL);
440 } 437}
441 438
442int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) 439int
443 { 440PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
444 if (PKCS7_type_is_digest(p7)) 441{
445 { 442 if (PKCS7_type_is_digest(p7)) {
446 if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) 443 if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
447 { 444 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,
448 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); 445 ERR_R_MALLOC_FAILURE);
449 return 0; 446 return 0;
450 } 447 }
451 p7->d.digest->md->parameter->type = V_ASN1_NULL; 448 p7->d.digest->md->parameter->type = V_ASN1_NULL;
452 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); 449 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
453 return 1; 450 return 1;
454 }
455
456 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
457 return 1;
458 } 451 }
459 452
460STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) 453 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
461 { 454 return 1;
462 if (PKCS7_type_is_signed(p7)) 455}
463 {
464 return(p7->d.sign->signer_info);
465 }
466 else if (PKCS7_type_is_signedAndEnveloped(p7))
467 {
468 return(p7->d.signed_and_enveloped->signer_info);
469 }
470 else
471 return(NULL);
472 }
473 456
474void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, 457STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
475 X509_ALGOR **pdig, X509_ALGOR **psig) 458{
476 { 459 if (PKCS7_type_is_signed(p7)) {
460 return (p7->d.sign->signer_info);
461 } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
462 return (p7->d.signed_and_enveloped->signer_info);
463 } else
464 return (NULL);
465}
466
467void
468PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
469 X509_ALGOR **pdig, X509_ALGOR **psig)
470{
477 if (pk) 471 if (pk)
478 *pk = si->pkey; 472 *pk = si->pkey;
479 if (pdig) 473 if (pdig)
480 *pdig = si->digest_alg; 474 *pdig = si->digest_alg;
481 if (psig) 475 if (psig)
482 *psig = si->digest_enc_alg; 476 *psig = si->digest_enc_alg;
483 } 477}
484 478
485void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) 479void
486 { 480PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
481{
487 if (penc) 482 if (penc)
488 *penc = ri->key_enc_algor; 483 *penc = ri->key_enc_algor;
489 } 484}
490 485
491PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) 486PKCS7_RECIP_INFO *
492 { 487PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
488{
493 PKCS7_RECIP_INFO *ri; 489 PKCS7_RECIP_INFO *ri;
494 490
495 if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; 491 if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
496 if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; 492 goto err;
497 if (!PKCS7_add_recipient_info(p7,ri)) goto err; 493 if (!PKCS7_RECIP_INFO_set(ri, x509))
494 goto err;
495 if (!PKCS7_add_recipient_info(p7, ri))
496 goto err;
498 return ri; 497 return ri;
499err: 498err:
500 if (ri) 499 if (ri)
501 PKCS7_RECIP_INFO_free(ri); 500 PKCS7_RECIP_INFO_free(ri);
502 return NULL; 501 return NULL;
503 } 502}
504 503
505int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) 504int
506 { 505PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
506{
507 int i; 507 int i;
508 STACK_OF(PKCS7_RECIP_INFO) *sk; 508 STACK_OF(PKCS7_RECIP_INFO) *sk;
509 509
510 i=OBJ_obj2nid(p7->type); 510 i = OBJ_obj2nid(p7->type);
511 switch (i) 511 switch (i) {
512 {
513 case NID_pkcs7_signedAndEnveloped: 512 case NID_pkcs7_signedAndEnveloped:
514 sk= p7->d.signed_and_enveloped->recipientinfo; 513 sk = p7->d.signed_and_enveloped->recipientinfo;
515 break; 514 break;
516 case NID_pkcs7_enveloped: 515 case NID_pkcs7_enveloped:
517 sk= p7->d.enveloped->recipientinfo; 516 sk = p7->d.enveloped->recipientinfo;
518 break; 517 break;
519 default: 518 default:
520 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); 519 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
521 return(0); 520 PKCS7_R_WRONG_CONTENT_TYPE);
522 } 521 return (0);
522 }
523 523
524 if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) 524 if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
525 return 0; 525 return 0;
526 return(1); 526 return (1);
527 } 527}
528 528
529int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) 529int
530 { 530PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
531{
531 int ret; 532 int ret;
532 EVP_PKEY *pkey = NULL; 533 EVP_PKEY *pkey = NULL;
533 if (!ASN1_INTEGER_set(p7i->version,0)) 534 if (!ASN1_INTEGER_set(p7i->version, 0))
534 return 0; 535 return 0;
535 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 536 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
536 X509_get_issuer_name(x509))) 537 X509_get_issuer_name(x509)))
537 return 0; 538 return 0;
538 539
539 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 540 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
540 if (!(p7i->issuer_and_serial->serial= 541 if (!(p7i->issuer_and_serial->serial =
541 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 542 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
542 return 0; 543 return 0;
543 544
544 pkey = X509_get_pubkey(x509); 545 pkey = X509_get_pubkey(x509);
545 546
546 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) 547 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
547 {
548 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 548 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
549 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 549 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
550 goto err; 550 goto err;
551 } 551 }
552 552
553 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 553 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
554 0, p7i); 554 0, p7i);
555 if (ret == -2) 555 if (ret == -2) {
556 {
557 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 556 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
558 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 557 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
559 goto err; 558 goto err;
560 } 559 }
561 if (ret <= 0) 560 if (ret <= 0) {
562 {
563 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 561 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
564 PKCS7_R_ENCRYPTION_CTRL_FAILURE); 562 PKCS7_R_ENCRYPTION_CTRL_FAILURE);
565 goto err; 563 goto err;
566 } 564 }
567 565
568 EVP_PKEY_free(pkey); 566 EVP_PKEY_free(pkey);
569 567
570 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 568 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
571 p7i->cert=x509; 569 p7i->cert = x509;
572 570
573 return 1; 571 return 1;
574 572
575 err: 573err:
576 if (pkey) 574 if (pkey)
577 EVP_PKEY_free(pkey); 575 EVP_PKEY_free(pkey);
578 return 0; 576 return 0;
579 } 577}
580 578
581X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) 579X509 *
582 { 580PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
581{
583 if (PKCS7_type_is_signed(p7)) 582 if (PKCS7_type_is_signed(p7))
584 return(X509_find_by_issuer_and_serial(p7->d.sign->cert, 583 return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
585 si->issuer_and_serial->issuer, 584 si->issuer_and_serial->issuer,
586 si->issuer_and_serial->serial)); 585 si->issuer_and_serial->serial));
587 else 586 else
588 return(NULL); 587 return (NULL);
589 } 588}
590 589
591int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) 590int
592 { 591PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
592{
593 int i; 593 int i;
594 PKCS7_ENC_CONTENT *ec; 594 PKCS7_ENC_CONTENT *ec;
595 595
596 i=OBJ_obj2nid(p7->type); 596 i = OBJ_obj2nid(p7->type);
597 switch (i) 597 switch (i) {
598 {
599 case NID_pkcs7_signedAndEnveloped: 598 case NID_pkcs7_signedAndEnveloped:
600 ec=p7->d.signed_and_enveloped->enc_data; 599 ec = p7->d.signed_and_enveloped->enc_data;
601 break; 600 break;
602 case NID_pkcs7_enveloped: 601 case NID_pkcs7_enveloped:
603 ec=p7->d.enveloped->enc_data; 602 ec = p7->d.enveloped->enc_data;
604 break; 603 break;
605 default: 604 default:
606 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); 605 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
607 return(0); 606 return (0);
608 } 607 }
609 608
610 /* Check cipher OID exists and has data in it*/ 609 /* Check cipher OID exists and has data in it*/
611 i = EVP_CIPHER_type(cipher); 610 i = EVP_CIPHER_type(cipher);
612 if(i == NID_undef) { 611 if (i == NID_undef) {
613 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 612 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
614 return(0); 613 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
614 return (0);
615 } 615 }
616 616
617 ec->cipher = cipher; 617 ec->cipher = cipher;
618 return 1; 618 return 1;
619 } 619}
620 620
621int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) 621int
622 { 622PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
623{
623 ASN1_OCTET_STRING *os = NULL; 624 ASN1_OCTET_STRING *os = NULL;
624 625
625 switch (OBJ_obj2nid(p7->type)) 626 switch (OBJ_obj2nid(p7->type)) {
626 { 627 case NID_pkcs7_data:
627 case NID_pkcs7_data:
628 os = p7->d.data; 628 os = p7->d.data;
629 break; 629 break;
630 630
631 case NID_pkcs7_signedAndEnveloped: 631 case NID_pkcs7_signedAndEnveloped:
632 os = p7->d.signed_and_enveloped->enc_data->enc_data; 632 os = p7->d.signed_and_enveloped->enc_data->enc_data;
633 if (os == NULL) 633 if (os == NULL) {
634 { 634 os = M_ASN1_OCTET_STRING_new();
635 os=M_ASN1_OCTET_STRING_new(); 635 p7->d.signed_and_enveloped->enc_data->enc_data = os;
636 p7->d.signed_and_enveloped->enc_data->enc_data=os; 636 }
637 }
638 break; 637 break;
639 638
640 case NID_pkcs7_enveloped: 639 case NID_pkcs7_enveloped:
641 os = p7->d.enveloped->enc_data->enc_data; 640 os = p7->d.enveloped->enc_data->enc_data;
642 if (os == NULL) 641 if (os == NULL) {
643 { 642 os = M_ASN1_OCTET_STRING_new();
644 os=M_ASN1_OCTET_STRING_new(); 643 p7->d.enveloped->enc_data->enc_data = os;
645 p7->d.enveloped->enc_data->enc_data=os; 644 }
646 }
647 break; 645 break;
648 646
649 case NID_pkcs7_signed: 647 case NID_pkcs7_signed:
650 os=p7->d.sign->contents->d.data; 648 os = p7->d.sign->contents->d.data;
651 break; 649 break;
652 650
653 default: 651 default:
654 os = NULL; 652 os = NULL;
655 break; 653 break;
656 } 654 }
657 655
658 if (os == NULL) 656 if (os == NULL)
659 return 0; 657 return 0;
660 658
@@ -662,4 +660,4 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
662 *boundary = &os->data; 660 *boundary = &os->data;
663 661
664 return 1; 662 return 1;
665 } 663}
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
index 46d3dfd513..8f32125f0b 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_mime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_mime.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_mime.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,21 +61,23 @@
61 61
62/* PKCS#7 wrappers round generalised stream and MIME routines */ 62/* PKCS#7 wrappers round generalised stream and MIME routines */
63 63
64int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) 64int
65 { 65i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
66{
66 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, 67 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
67 ASN1_ITEM_rptr(PKCS7)); 68 ASN1_ITEM_rptr(PKCS7));
68 } 69}
69 70
70int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) 71int
71 { 72PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
73{
72 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags, 74 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
73 "PKCS7", 75 "PKCS7", ASN1_ITEM_rptr(PKCS7));
74 ASN1_ITEM_rptr(PKCS7)); 76}
75 }
76 77
77int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) 78int
78 { 79SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
80{
79 STACK_OF(X509_ALGOR) *mdalgs; 81 STACK_OF(X509_ALGOR) *mdalgs;
80 int ctype_nid = OBJ_obj2nid(p7->type); 82 int ctype_nid = OBJ_obj2nid(p7->type);
81 if (ctype_nid == NID_pkcs7_signed) 83 if (ctype_nid == NID_pkcs7_signed)
@@ -87,11 +89,11 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
87 89
88 90
89 return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, 91 return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
90 ctype_nid, NID_undef, mdalgs, 92 ctype_nid, NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7));
91 ASN1_ITEM_rptr(PKCS7)); 93}
92 }
93 94
94PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) 95PKCS7 *
95 { 96SMIME_read_PKCS7(BIO *bio, BIO **bcont)
97{
96 return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); 98 return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
97 } 99}
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
index 692967e72e..5d174f7644 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pk7_smime.c,v 1.14 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pk7_smime.c,v 1.15 2014/06/29 17:05:36 jsing Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -65,17 +65,17 @@
65 65
66static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); 66static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
67 67
68PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 68PKCS7 *
69 BIO *data, int flags) 69PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
70 int flags)
70{ 71{
71 PKCS7 *p7; 72 PKCS7 *p7;
72 int i; 73 int i;
73 74
74 if(!(p7 = PKCS7_new())) 75 if (!(p7 = PKCS7_new())) {
75 { 76 PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
76 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
77 return NULL; 77 return NULL;
78 } 78 }
79 79
80 if (!PKCS7_set_type(p7, NID_pkcs7_signed)) 80 if (!PKCS7_set_type(p7, NID_pkcs7_signed))
81 goto err; 81 goto err;
@@ -83,22 +83,19 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
83 if (!PKCS7_content_new(p7, NID_pkcs7_data)) 83 if (!PKCS7_content_new(p7, NID_pkcs7_data))
84 goto err; 84 goto err;
85 85
86 if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) 86 if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
87 { 87 PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
88 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
89 goto err; 88 goto err;
90 } 89 }
91 90
92 if(!(flags & PKCS7_NOCERTS)) 91 if (!(flags & PKCS7_NOCERTS)) {
93 { 92 for (i = 0; i < sk_X509_num(certs); i++) {
94 for(i = 0; i < sk_X509_num(certs); i++)
95 {
96 if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) 93 if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
97 goto err; 94 goto err;
98 }
99 } 95 }
96 }
100 97
101 if(flags & PKCS7_DETACHED) 98 if (flags & PKCS7_DETACHED)
102 PKCS7_set_detached(p7, 1); 99 PKCS7_set_detached(p7, 1);
103 100
104 if (flags & (PKCS7_STREAM|PKCS7_PARTIAL)) 101 if (flags & (PKCS7_STREAM|PKCS7_PARTIAL))
@@ -107,164 +104,160 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
107 if (PKCS7_final(p7, data, flags)) 104 if (PKCS7_final(p7, data, flags))
108 return p7; 105 return p7;
109 106
110 err: 107err:
111 PKCS7_free(p7); 108 PKCS7_free(p7);
112 return NULL; 109 return NULL;
113} 110}
114 111
115int PKCS7_final(PKCS7 *p7, BIO *data, int flags) 112int
116 { 113PKCS7_final(PKCS7 *p7, BIO *data, int flags)
114{
117 BIO *p7bio; 115 BIO *p7bio;
118 int ret = 0; 116 int ret = 0;
119 if (!(p7bio = PKCS7_dataInit(p7, NULL))) 117
120 { 118 if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
121 PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE); 119 PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
122 return 0; 120 return 0;
123 } 121 }
124 122
125 SMIME_crlf_copy(data, p7bio, flags); 123 SMIME_crlf_copy(data, p7bio, flags);
126 124
127 (void)BIO_flush(p7bio); 125 (void)BIO_flush(p7bio);
128 126
129 127 if (!PKCS7_dataFinal(p7, p7bio)) {
130 if (!PKCS7_dataFinal(p7,p7bio)) 128 PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
131 {
132 PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN);
133 goto err; 129 goto err;
134 } 130 }
135 131
136 ret = 1; 132 ret = 1;
137 133
138 err: 134err:
139 BIO_free_all(p7bio); 135 BIO_free_all(p7bio);
140 136
141 return ret; 137 return ret;
142 138}
143 }
144 139
145/* Check to see if a cipher exists and if so add S/MIME capabilities */ 140/* Check to see if a cipher exists and if so add S/MIME capabilities */
146 141
147static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) 142static int
148 { 143add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
144{
149 if (EVP_get_cipherbynid(nid)) 145 if (EVP_get_cipherbynid(nid))
150 return PKCS7_simple_smimecap(sk, nid, arg); 146 return PKCS7_simple_smimecap(sk, nid, arg);
151 return 1; 147 return 1;
152 } 148}
153 149
154static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) 150static int
155 { 151add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
152{
156 if (EVP_get_digestbynid(nid)) 153 if (EVP_get_digestbynid(nid))
157 return PKCS7_simple_smimecap(sk, nid, arg); 154 return PKCS7_simple_smimecap(sk, nid, arg);
158 return 1; 155 return 1;
159 } 156}
160 157
161PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, 158PKCS7_SIGNER_INFO *
162 EVP_PKEY *pkey, const EVP_MD *md, 159PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey,
163 int flags) 160 const EVP_MD *md, int flags)
164 { 161{
165 PKCS7_SIGNER_INFO *si = NULL; 162 PKCS7_SIGNER_INFO *si = NULL;
166 STACK_OF(X509_ALGOR) *smcap = NULL; 163 STACK_OF(X509_ALGOR) *smcap = NULL;
167 if(!X509_check_private_key(signcert, pkey)) 164
168 { 165 if (!X509_check_private_key(signcert, pkey)) {
169 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 166 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
170 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 167 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
171 return NULL; 168 return NULL;
172 } 169 }
173 170
174 if (!(si = PKCS7_add_signature(p7,signcert,pkey, md))) 171 if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) {
175 {
176 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 172 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
177 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); 173 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
178 return NULL; 174 return NULL;
179 } 175 }
180 176
181 if(!(flags & PKCS7_NOCERTS)) 177 if (!(flags & PKCS7_NOCERTS)) {
182 {
183 if (!PKCS7_add_certificate(p7, signcert)) 178 if (!PKCS7_add_certificate(p7, signcert))
184 goto err; 179 goto err;
185 } 180 }
186 181
187 if(!(flags & PKCS7_NOATTR)) 182 if (!(flags & PKCS7_NOATTR)) {
188 {
189 if (!PKCS7_add_attrib_content_type(si, NULL)) 183 if (!PKCS7_add_attrib_content_type(si, NULL))
190 goto err; 184 goto err;
191 /* Add SMIMECapabilities */ 185 /* Add SMIMECapabilities */
192 if(!(flags & PKCS7_NOSMIMECAP)) 186 if (!(flags & PKCS7_NOSMIMECAP)) {
193 { 187 if (!(smcap = sk_X509_ALGOR_new_null())) {
194 if(!(smcap = sk_X509_ALGOR_new_null()))
195 {
196 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 188 PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
197 ERR_R_MALLOC_FAILURE); 189 ERR_R_MALLOC_FAILURE);
198 goto err; 190 goto err;
199 } 191 }
200 if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 192 if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
201 || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 193 !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
202 || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 194 !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
203 || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 195 !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
204 || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 196 !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
205 || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 197 !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
206 || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) 198 !add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
207 || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) 199 !add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
208 || !add_cipher_smcap(smcap, NID_des_cbc, -1) 200 !add_cipher_smcap(smcap, NID_des_cbc, -1) ||
209 || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) 201 !add_cipher_smcap(smcap, NID_rc2_cbc, 40) ||
210 || !PKCS7_add_attrib_smimecap (si, smcap)) 202 !PKCS7_add_attrib_smimecap (si, smcap))
211 goto err; 203 goto err;
212 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 204 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
213 smcap = NULL; 205 smcap = NULL;
214 } 206 }
215 if (flags & PKCS7_REUSE_DIGEST) 207 if (flags & PKCS7_REUSE_DIGEST) {
216 {
217 if (!pkcs7_copy_existing_digest(p7, si)) 208 if (!pkcs7_copy_existing_digest(p7, si))
218 goto err; 209 goto err;
219 if (!(flags & PKCS7_PARTIAL) && 210 if (!(flags & PKCS7_PARTIAL) &&
220 !PKCS7_SIGNER_INFO_sign(si)) 211 !PKCS7_SIGNER_INFO_sign(si))
221 goto err; 212 goto err;
222 }
223 } 213 }
214 }
224 return si; 215 return si;
225 err: 216
217err:
226 if (smcap) 218 if (smcap)
227 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 219 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
228 return NULL; 220 return NULL;
229 } 221}
230 222
231/* Search for a digest matching SignerInfo digest type and if found 223/* Search for a digest matching SignerInfo digest type and if found
232 * copy across. 224 * copy across.
233 */ 225 */
234 226
235static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) 227static int
236 { 228pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
229{
237 int i; 230 int i;
238 STACK_OF(PKCS7_SIGNER_INFO) *sinfos; 231 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
239 PKCS7_SIGNER_INFO *sitmp; 232 PKCS7_SIGNER_INFO *sitmp;
240 ASN1_OCTET_STRING *osdig = NULL; 233 ASN1_OCTET_STRING *osdig = NULL;
234
241 sinfos = PKCS7_get_signer_info(p7); 235 sinfos = PKCS7_get_signer_info(p7);
242 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) 236 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
243 {
244 sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); 237 sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
245 if (si == sitmp) 238 if (si == sitmp)
246 break; 239 break;
247 if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) 240 if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
248 continue; 241 continue;
249 if (!OBJ_cmp(si->digest_alg->algorithm, 242 if (!OBJ_cmp(si->digest_alg->algorithm,
250 sitmp->digest_alg->algorithm)) 243 sitmp->digest_alg->algorithm)) {
251 {
252 osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); 244 osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
253 break; 245 break;
254 }
255
256 } 246 }
257 247
248 }
249
258 if (osdig) 250 if (osdig)
259 return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); 251 return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
260 252
261 PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 253 PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
262 PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); 254 PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
263 return 0; 255 return 0;
264 } 256}
265 257
266int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 258int
267 BIO *indata, BIO *out, int flags) 259PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata,
260 BIO *out, int flags)
268{ 261{
269 STACK_OF(X509) *signers; 262 STACK_OF(X509) *signers;
270 X509 *signer; 263 X509 *signer;
@@ -272,23 +265,23 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
272 PKCS7_SIGNER_INFO *si; 265 PKCS7_SIGNER_INFO *si;
273 X509_STORE_CTX cert_ctx; 266 X509_STORE_CTX cert_ctx;
274 char buf[4096]; 267 char buf[4096];
275 int i, j=0, k, ret = 0; 268 int i, j = 0, k, ret = 0;
276 BIO *p7bio; 269 BIO *p7bio;
277 BIO *tmpin, *tmpout; 270 BIO *tmpin, *tmpout;
278 271
279 if(!p7) { 272 if (!p7) {
280 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); 273 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
281 return 0; 274 return 0;
282 } 275 }
283 276
284 if(!PKCS7_type_is_signed(p7)) { 277 if (!PKCS7_type_is_signed(p7)) {
285 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); 278 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
286 return 0; 279 return 0;
287 } 280 }
288 281
289 /* Check for no data and no content: no data to verify signature */ 282 /* Check for no data and no content: no data to verify signature */
290 if(PKCS7_get_detached(p7) && !indata) { 283 if (PKCS7_get_detached(p7) && !indata) {
291 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); 284 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
292 return 0; 285 return 0;
293 } 286 }
294#if 0 287#if 0
@@ -297,56 +290,58 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
297 */ 290 */
298 291
299 /* Check for data and content: two sets of data */ 292 /* Check for data and content: two sets of data */
300 if(!PKCS7_get_detached(p7) && indata) { 293 if (!PKCS7_get_detached(p7) && indata) {
301 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); 294 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
302 return 0; 295 return 0;
303 } 296 }
304#endif 297#endif
305 298
306 sinfos = PKCS7_get_signer_info(p7); 299 sinfos = PKCS7_get_signer_info(p7);
307 300
308 if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { 301 if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
309 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); 302 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
310 return 0; 303 return 0;
311 } 304 }
312 305
313 306
314 signers = PKCS7_get0_signers(p7, certs, flags); 307 signers = PKCS7_get0_signers(p7, certs, flags);
315 308
316 if(!signers) return 0; 309 if (!signers)
310 return 0;
317 311
318 /* Now verify the certificates */ 312 /* Now verify the certificates */
319 313
320 if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { 314 if (!(flags & PKCS7_NOVERIFY))
321 signer = sk_X509_value (signers, k); 315 for (k = 0; k < sk_X509_num(signers); k++) {
322 if (!(flags & PKCS7_NOCHAIN)) { 316 signer = sk_X509_value (signers, k);
323 if(!X509_STORE_CTX_init(&cert_ctx, store, signer, 317 if (!(flags & PKCS7_NOCHAIN)) {
324 p7->d.sign->cert)) 318 if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
325 { 319 p7->d.sign->cert)) {
326 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); 320 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
321 sk_X509_free(signers);
322 return 0;
323 }
324 X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
325 } else if (!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
326 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
327 sk_X509_free(signers); 327 sk_X509_free(signers);
328 return 0; 328 return 0;
329 } 329 }
330 X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); 330 if (!(flags & PKCS7_NOCRL))
331 } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { 331 X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
332 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); 332 i = X509_verify_cert(&cert_ctx);
333 sk_X509_free(signers); 333 if (i <= 0)
334 return 0; 334 j = X509_STORE_CTX_get_error(&cert_ctx);
335 } 335 X509_STORE_CTX_cleanup(&cert_ctx);
336 if (!(flags & PKCS7_NOCRL)) 336 if (i <= 0) {
337 X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); 337 PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CERTIFICATE_VERIFY_ERROR);
338 i = X509_verify_cert(&cert_ctx); 338 ERR_asprintf_error_data("Verify error:%s",
339 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); 339 X509_verify_cert_error_string(j));
340 X509_STORE_CTX_cleanup(&cert_ctx); 340 sk_X509_free(signers);
341 if (i <= 0) { 341 return 0;
342 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); 342 }
343 ERR_asprintf_error_data("Verify error:%s", 343 /* Check for revocation status here */
344 X509_verify_cert_error_string(j));
345 sk_X509_free(signers);
346 return 0;
347 } 344 }
348 /* Check for revocation status here */
349 }
350 345
351 /* Performance optimization: if the content is a memory BIO then 346 /* Performance optimization: if the content is a memory BIO then
352 * store its contents in a temporary read only memory BIO. This 347 * store its contents in a temporary read only memory BIO. This
@@ -354,45 +349,43 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
354 * occur when reading from a read write memory BIO when signatures 349 * occur when reading from a read write memory BIO when signatures
355 * are calculated. 350 * are calculated.
356 */ 351 */
357 352 if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
358 if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
359 {
360 char *ptr; 353 char *ptr;
361 long len; 354 long len;
362 len = BIO_get_mem_data(indata, &ptr); 355 len = BIO_get_mem_data(indata, &ptr);
363 tmpin = BIO_new_mem_buf(ptr, len); 356 tmpin = BIO_new_mem_buf(ptr, len);
364 if (tmpin == NULL) 357 if (tmpin == NULL) {
365 { 358 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
366 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
367 return 0; 359 return 0;
368 }
369 } 360 }
370 else 361 } else
371 tmpin = indata; 362 tmpin = indata;
372
373 363
374 if (!(p7bio=PKCS7_dataInit(p7,tmpin))) 364
365 if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
375 goto err; 366 goto err;
376 367
377 if(flags & PKCS7_TEXT) { 368 if (flags & PKCS7_TEXT) {
378 if(!(tmpout = BIO_new(BIO_s_mem()))) { 369 if (!(tmpout = BIO_new(BIO_s_mem()))) {
379 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); 370 PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
380 goto err; 371 goto err;
381 } 372 }
382 BIO_set_mem_eof_return(tmpout, 0); 373 BIO_set_mem_eof_return(tmpout, 0);
383 } else tmpout = out; 374 } else tmpout = out;
384 375
385 /* We now have to 'read' from p7bio to calculate digests etc. */ 376 /* We now have to 'read' from p7bio to calculate digests etc. */
386 for (;;) 377 for (;;) {
387 { 378 i = BIO_read(p7bio, buf, sizeof(buf));
388 i=BIO_read(p7bio,buf,sizeof(buf)); 379 if (i <= 0)
389 if (i <= 0) break; 380 break;
390 if (tmpout) BIO_write(tmpout, buf, i); 381 if (tmpout)
382 BIO_write(tmpout, buf, i);
391 } 383 }
392 384
393 if(flags & PKCS7_TEXT) { 385 if (flags & PKCS7_TEXT) {
394 if(!SMIME_text(tmpout, out)) { 386 if (!SMIME_text(tmpout, out)) {
395 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); 387 PKCS7err(PKCS7_F_PKCS7_VERIFY,
388 PKCS7_R_SMIME_TEXT_ERROR);
396 BIO_free(tmpout); 389 BIO_free(tmpout);
397 goto err; 390 goto err;
398 } 391 }
@@ -401,25 +394,24 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
401 394
402 /* Now Verify All Signatures */ 395 /* Now Verify All Signatures */
403 if (!(flags & PKCS7_NOSIGS)) 396 if (!(flags & PKCS7_NOSIGS))
404 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++) 397 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
405 { 398 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
406 si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
407 signer = sk_X509_value (signers, i); 399 signer = sk_X509_value (signers, i);
408 j=PKCS7_signatureVerify(p7bio,p7,si, signer); 400 j = PKCS7_signatureVerify(p7bio, p7, si, signer);
409 if (j <= 0) { 401 if (j <= 0) {
410 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE); 402 PKCS7err(PKCS7_F_PKCS7_VERIFY,
403 PKCS7_R_SIGNATURE_FAILURE);
411 goto err; 404 goto err;
412 } 405 }
413 } 406 }
414 407
415 ret = 1; 408 ret = 1;
416 409
417 err: 410err:
418 411 if (tmpin == indata) {
419 if (tmpin == indata) 412 if (indata)
420 { 413 BIO_pop(p7bio);
421 if (indata) BIO_pop(p7bio); 414 }
422 }
423 BIO_free_all(p7bio); 415 BIO_free_all(p7bio);
424 416
425 sk_X509_free(signers); 417 sk_X509_free(signers);
@@ -436,83 +428,84 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
436 X509 *signer; 428 X509 *signer;
437 int i; 429 int i;
438 430
439 if(!p7) { 431 if (!p7) {
440 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); 432 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
433 PKCS7_R_INVALID_NULL_POINTER);
441 return NULL; 434 return NULL;
442 } 435 }
443 436
444 if(!PKCS7_type_is_signed(p7)) { 437 if (!PKCS7_type_is_signed(p7)) {
445 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); 438 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
439 PKCS7_R_WRONG_CONTENT_TYPE);
446 return NULL; 440 return NULL;
447 } 441 }
448 442
449 /* Collect all the signers together */ 443 /* Collect all the signers together */
450
451 sinfos = PKCS7_get_signer_info(p7); 444 sinfos = PKCS7_get_signer_info(p7);
452 445 if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
453 if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { 446 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
454 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
455 return 0; 447 return 0;
456 } 448 }
457 449
458 if(!(signers = sk_X509_new_null())) { 450 if (!(signers = sk_X509_new_null())) {
459 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); 451 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
460 return NULL; 452 return NULL;
461 } 453 }
462 454
463 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) 455 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
464 { 456 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
465 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); 457 ias = si->issuer_and_serial;
466 ias = si->issuer_and_serial; 458 signer = NULL;
467 signer = NULL;
468 /* If any certificates passed they take priority */ 459 /* If any certificates passed they take priority */
469 if (certs) signer = X509_find_by_issuer_and_serial (certs, 460 if (certs) signer = X509_find_by_issuer_and_serial (certs,
470 ias->issuer, ias->serial); 461 ias->issuer, ias->serial);
471 if (!signer && !(flags & PKCS7_NOINTERN) 462 if (!signer && !(flags & PKCS7_NOINTERN) &&
472 && p7->d.sign->cert) signer = 463 p7->d.sign->cert) signer =
473 X509_find_by_issuer_and_serial (p7->d.sign->cert, 464 X509_find_by_issuer_and_serial (p7->d.sign->cert,
474 ias->issuer, ias->serial); 465 ias->issuer, ias->serial);
475 if (!signer) { 466 if (!signer) {
476 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); 467 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
468 PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
477 sk_X509_free(signers); 469 sk_X509_free(signers);
478 return 0; 470 return 0;
479 } 471 }
480 472
481 if (!sk_X509_push(signers, signer)) { 473 if (!sk_X509_push(signers, signer)) {
482 sk_X509_free(signers); 474 sk_X509_free(signers);
483 return NULL; 475 return NULL;
484 } 476 }
485 } 477 }
486 return signers; 478 return signers;
487} 479}
488 480
489
490/* Build a complete PKCS#7 enveloped data */ 481/* Build a complete PKCS#7 enveloped data */
491 482
492PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, 483PKCS7 *
493 int flags) 484PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
485 int flags)
494{ 486{
495 PKCS7 *p7; 487 PKCS7 *p7;
496 BIO *p7bio = NULL; 488 BIO *p7bio = NULL;
497 int i; 489 int i;
498 X509 *x509; 490 X509 *x509;
499 if(!(p7 = PKCS7_new())) { 491
500 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); 492 if (!(p7 = PKCS7_new())) {
493 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
501 return NULL; 494 return NULL;
502 } 495 }
503 496
504 if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) 497 if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
505 goto err; 498 goto err;
506 if (!PKCS7_set_cipher(p7, cipher)) { 499 if (!PKCS7_set_cipher(p7, cipher)) {
507 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); 500 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
508 goto err; 501 goto err;
509 } 502 }
510 503
511 for(i = 0; i < sk_X509_num(certs); i++) { 504 for (i = 0; i < sk_X509_num(certs); i++) {
512 x509 = sk_X509_value(certs, i); 505 x509 = sk_X509_value(certs, i);
513 if(!PKCS7_add_recipient(p7, x509)) { 506 if (!PKCS7_add_recipient(p7, x509)) {
514 PKCS7err(PKCS7_F_PKCS7_ENCRYPT, 507 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
515 PKCS7_R_ERROR_ADDING_RECIPIENT); 508 PKCS7_R_ERROR_ADDING_RECIPIENT);
516 goto err; 509 goto err;
517 } 510 }
518 } 511 }
@@ -523,37 +516,36 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
523 if (PKCS7_final(p7, in, flags)) 516 if (PKCS7_final(p7, in, flags))
524 return p7; 517 return p7;
525 518
526 err: 519err:
527
528 BIO_free_all(p7bio); 520 BIO_free_all(p7bio);
529 PKCS7_free(p7); 521 PKCS7_free(p7);
530 return NULL; 522 return NULL;
531
532} 523}
533 524
534int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) 525int
526PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
535{ 527{
536 BIO *tmpmem; 528 BIO *tmpmem;
537 int ret, i; 529 int ret, i;
538 char buf[4096]; 530 char buf[4096];
539 531
540 if(!p7) { 532 if (!p7) {
541 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); 533 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
542 return 0; 534 return 0;
543 } 535 }
544 536
545 if(!PKCS7_type_is_enveloped(p7)) { 537 if (!PKCS7_type_is_enveloped(p7)) {
546 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); 538 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
547 return 0; 539 return 0;
548 } 540 }
549 541
550 if(cert && !X509_check_private_key(cert, pkey)) { 542 if (cert && !X509_check_private_key(cert, pkey)) {
551 PKCS7err(PKCS7_F_PKCS7_DECRYPT, 543 PKCS7err(PKCS7_F_PKCS7_DECRYPT,
552 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 544 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
553 return 0; 545 return 0;
554 } 546 }
555 547
556 if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { 548 if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
557 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); 549 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
558 return 0; 550 return 0;
559 } 551 }
@@ -561,44 +553,40 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
561 if (flags & PKCS7_TEXT) { 553 if (flags & PKCS7_TEXT) {
562 BIO *tmpbuf, *bread; 554 BIO *tmpbuf, *bread;
563 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ 555 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
564 if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { 556 if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
565 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); 557 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
566 BIO_free_all(tmpmem); 558 BIO_free_all(tmpmem);
567 return 0; 559 return 0;
568 } 560 }
569 if(!(bread = BIO_push(tmpbuf, tmpmem))) { 561 if (!(bread = BIO_push(tmpbuf, tmpmem))) {
570 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); 562 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
571 BIO_free_all(tmpbuf); 563 BIO_free_all(tmpbuf);
572 BIO_free_all(tmpmem); 564 BIO_free_all(tmpmem);
573 return 0; 565 return 0;
574 } 566 }
575 ret = SMIME_text(bread, data); 567 ret = SMIME_text(bread, data);
576 if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) 568 if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
577 {
578 if (!BIO_get_cipher_status(tmpmem)) 569 if (!BIO_get_cipher_status(tmpmem))
579 ret = 0; 570 ret = 0;
580 } 571 }
581 BIO_free_all(bread); 572 BIO_free_all(bread);
582 return ret; 573 return ret;
583 } else { 574 } else {
584 for(;;) { 575 for (;;) {
585 i = BIO_read(tmpmem, buf, sizeof(buf)); 576 i = BIO_read(tmpmem, buf, sizeof(buf));
586 if(i <= 0) 577 if (i <= 0) {
587 {
588 ret = 1; 578 ret = 1;
589 if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) 579 if (BIO_method_type(tmpmem) ==
590 { 580 BIO_TYPE_CIPHER) {
591 if (!BIO_get_cipher_status(tmpmem)) 581 if (!BIO_get_cipher_status(tmpmem))
592 ret = 0; 582 ret = 0;
593 }
594
595 break;
596 } 583 }
597 if (BIO_write(data, buf, i) != i) 584 break;
598 { 585 }
586 if (BIO_write(data, buf, i) != i) {
599 ret = 0; 587 ret = 0;
600 break; 588 break;
601 } 589 }
602 } 590 }
603 BIO_free_all(tmpmem); 591 BIO_free_all(tmpmem);
604 return ret; 592 return ret;
diff --git a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
index 0f7c66c975..a194e2dadc 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pkcs7err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs7err.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ 1/* $OpenBSD: pkcs7err.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,120 +68,117 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
70 70
71static ERR_STRING_DATA PKCS7_str_functs[]= 71static ERR_STRING_DATA PKCS7_str_functs[]= {
72 { 72 {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
73{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, 73 {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
74{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, 74 {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"},
75{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, 75 {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"},
76{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, 76 {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"},
77{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, 77 {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
78{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, 78 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
79{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, 79 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
80{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, 80 {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
81{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, 81 {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
82{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, 82 {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
83{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, 83 {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"},
84{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, 84 {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"},
85{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"}, 85 {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
86{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, 86 {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
87{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, 87 {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
88{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, 88 {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
89{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, 89 {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
90{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, 90 {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
91{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, 91 {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
92{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, 92 {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"},
93{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, 93 {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"},
94{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, 94 {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
95{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, 95 {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"},
96{ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, 96 {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"},
97{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, 97 {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
98{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, 98 {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"},
99{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, 99 {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
100{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, 100 {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
101{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, 101 {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
102{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, 102 {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
103{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, 103 {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
104{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, 104 {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
105{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, 105 {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"},
106{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, 106 {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"},
107{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, 107 {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"},
108{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, 108 {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
109{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, 109 {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
110{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, 110 {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
111{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, 111 {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
112{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, 112 {0, NULL}
113{0,NULL} 113};
114 };
115 114
116static ERR_STRING_DATA PKCS7_str_reasons[]= 115static ERR_STRING_DATA PKCS7_str_reasons[]= {
117 { 116 {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
118{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, 117 {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"},
119{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, 118 {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
120{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, 119 {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), "content and data present"},
121{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, 120 {ERR_REASON(PKCS7_R_CTRL_ERROR) , "ctrl error"},
122{ERR_REASON(PKCS7_R_CTRL_ERROR) ,"ctrl error"}, 121 {ERR_REASON(PKCS7_R_DECODE_ERROR) , "decode error"},
123{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, 122 {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), "decrypted key is wrong length"},
124{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, 123 {ERR_REASON(PKCS7_R_DECRYPT_ERROR) , "decrypt error"},
125{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, 124 {ERR_REASON(PKCS7_R_DIGEST_FAILURE) , "digest failure"},
126{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, 125 {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"},
127{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"}, 126 {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "encryption not supported for this key type"},
128{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"}, 127 {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
129{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, 128 {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
130{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, 129 {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) , "invalid mime type"},
131{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, 130 {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
132{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, 131 {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
133{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, 132 {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) , "mime parse error"},
134{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, 133 {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
135{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, 134 {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"},
136{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, 135 {ERR_REASON(PKCS7_R_NO_CONTENT) , "no content"},
137{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, 136 {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) , "no content type"},
138{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, 137 {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) , "no default digest"},
139{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) ,"no default digest"}, 138 {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), "no matching digest type found"},
140{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"}, 139 {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), "no multipart body failure"},
141{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, 140 {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
142{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, 141 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), "no recipient matches certificate"},
143{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, 142 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), "no recipient matches key"},
144{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, 143 {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
145{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, 144 {ERR_REASON(PKCS7_R_NO_SIGNERS) , "no signers"},
146{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, 145 {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) , "no sig content type"},
147{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, 146 {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), "operation not supported on this type"},
148{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, 147 {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"},
149{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, 148 {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"},
150{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"}, 149 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) , "pkcs7 datafinal"},
151{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, 150 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"},
152{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, 151 {ERR_REASON(PKCS7_R_PKCS7_DATASIGN) , "pkcs7 datasign"},
153{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, 152 {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) , "pkcs7 parse error"},
154{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, 153 {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"},
155{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, 154 {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
156{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, 155 {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) , "signature failure"},
157{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, 156 {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
158{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, 157 {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"},
159{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"}, 158 {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "signing not supported for this key type"},
160{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"}, 159 {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
161{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, 160 {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) , "smime text error"},
162{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, 161 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), "unable to find certificate"},
163{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, 162 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
164{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, 163 {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), "unable to find message digest"},
165{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, 164 {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) , "unknown digest type"},
166{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, 165 {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) , "unknown operation"},
167{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, 166 {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
168{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, 167 {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
169{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, 168 {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) , "wrong content type"},
170{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, 169 {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) , "wrong pkcs7 type"},
171{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, 170 {0, NULL}
172{0,NULL} 171};
173 };
174 172
175#endif 173#endif
176 174
177void ERR_load_PKCS7_strings(void) 175void
178 { 176ERR_load_PKCS7_strings(void)
177{
179#ifndef OPENSSL_NO_ERR 178#ifndef OPENSSL_NO_ERR
180 179 if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
181 if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) 180 ERR_load_strings(0, PKCS7_str_functs);
182 { 181 ERR_load_strings(0, PKCS7_str_reasons);
183 ERR_load_strings(0,PKCS7_str_functs);
184 ERR_load_strings(0,PKCS7_str_reasons);
185 }
186#endif
187 } 182 }
183#endif
184}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-31 19:29:17 +0000