summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1')
-rw-r--r--src/lib/libcrypto/asn1/a_digest.c6
-rw-r--r--src/lib/libcrypto/asn1/a_int.c4
-rw-r--r--src/lib/libcrypto/asn1/a_sign.c111
-rw-r--r--src/lib/libcrypto/asn1/a_verify.c77
-rw-r--r--src/lib/libcrypto/asn1/asn1.h8
-rw-r--r--src/lib/libcrypto/asn1/asn1_err.c5
-rw-r--r--src/lib/libcrypto/asn1/asn_mime.c23
-rw-r--r--src/lib/libcrypto/asn1/n_pkey.c38
-rw-r--r--src/lib/libcrypto/asn1/p5_pbev2.c143
-rw-r--r--src/lib/libcrypto/asn1/t_crl.c3
-rw-r--r--src/lib/libcrypto/asn1/t_x509.c55
-rw-r--r--src/lib/libcrypto/asn1/tasn_prn.c12
-rw-r--r--src/lib/libcrypto/asn1/x_algor.c14
-rw-r--r--src/lib/libcrypto/asn1/x_name.c3
-rw-r--r--src/lib/libcrypto/asn1/x_pubkey.c11
15 files changed, 353 insertions, 160 deletions
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c
index d00d9e22b1..cbdeea6ac0 100644
--- a/src/lib/libcrypto/asn1/a_digest.c
+++ b/src/lib/libcrypto/asn1/a_digest.c
@@ -87,7 +87,8 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
87 p=str; 87 p=str;
88 i2d(data,&p); 88 i2d(data,&p);
89 89
90 EVP_Digest(str, i, md, len, type, NULL); 90 if (!EVP_Digest(str, i, md, len, type, NULL))
91 return 0;
91 OPENSSL_free(str); 92 OPENSSL_free(str);
92 return(1); 93 return(1);
93 } 94 }
@@ -104,7 +105,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
104 i=ASN1_item_i2d(asn,&str, it); 105 i=ASN1_item_i2d(asn,&str, it);
105 if (!str) return(0); 106 if (!str) return(0);
106 107
107 EVP_Digest(str, i, md, len, type, NULL); 108 if (!EVP_Digest(str, i, md, len, type, NULL))
109 return 0;
108 OPENSSL_free(str); 110 OPENSSL_free(str);
109 return(1); 111 return(1);
110 } 112 }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index 3348b8762c..ad0d2506f6 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -386,8 +386,8 @@ long ASN1_INTEGER_get(const ASN1_INTEGER *a)
386 386
387 if (a->length > (int)sizeof(long)) 387 if (a->length > (int)sizeof(long))
388 { 388 {
389 /* hmm... a bit ugly */ 389 /* hmm... a bit ugly, return all ones */
390 return(0xffffffffL); 390 return -1;
391 } 391 }
392 if (a->data == NULL) 392 if (a->data == NULL)
393 return 0; 393 return 0;
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index ff63bfc7be..7b4a193d6b 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -184,9 +184,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
184 p=buf_in; 184 p=buf_in;
185 185
186 i2d(data,&p); 186 i2d(data,&p);
187 EVP_SignInit_ex(&ctx,type, NULL); 187 if (!EVP_SignInit_ex(&ctx,type, NULL)
188 EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); 188 || !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl)
189 if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, 189 || !EVP_SignFinal(&ctx,(unsigned char *)buf_out,
190 (unsigned int *)&outl,pkey)) 190 (unsigned int *)&outl,pkey))
191 { 191 {
192 outl=0; 192 outl=0;
@@ -218,65 +218,100 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
218 const EVP_MD *type) 218 const EVP_MD *type)
219 { 219 {
220 EVP_MD_CTX ctx; 220 EVP_MD_CTX ctx;
221 EVP_MD_CTX_init(&ctx);
222 if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey))
223 {
224 EVP_MD_CTX_cleanup(&ctx);
225 return 0;
226 }
227 return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
228 }
229
230
231int ASN1_item_sign_ctx(const ASN1_ITEM *it,
232 X509_ALGOR *algor1, X509_ALGOR *algor2,
233 ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
234 {
235 const EVP_MD *type;
236 EVP_PKEY *pkey;
221 unsigned char *buf_in=NULL,*buf_out=NULL; 237 unsigned char *buf_in=NULL,*buf_out=NULL;
222 int inl=0,outl=0,outll=0; 238 size_t inl=0,outl=0,outll=0;
223 int signid, paramtype; 239 int signid, paramtype;
240 int rv;
241
242 type = EVP_MD_CTX_md(ctx);
243 pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
224 244
225 if (type == NULL) 245 if (!type || !pkey)
226 { 246 {
227 int def_nid; 247 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
228 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) 248 return 0;
229 type = EVP_get_digestbynid(def_nid);
230 } 249 }
231 250
232 if (type == NULL) 251 if (pkey->ameth->item_sign)
233 { 252 {
234 ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST); 253 rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
235 return 0; 254 signature);
255 if (rv == 1)
256 outl = signature->length;
257 /* Return value meanings:
258 * <=0: error.
259 * 1: method does everything.
260 * 2: carry on as normal.
261 * 3: ASN1 method sets algorithm identifiers: just sign.
262 */
263 if (rv <= 0)
264 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
265 if (rv <= 1)
266 goto err;
236 } 267 }
268 else
269 rv = 2;
237 270
238 if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) 271 if (rv == 2)
239 { 272 {
240 if (!pkey->ameth || 273 if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
241 !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
242 pkey->ameth->pkey_id))
243 { 274 {
244 ASN1err(ASN1_F_ASN1_ITEM_SIGN, 275 if (!pkey->ameth ||
245 ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); 276 !OBJ_find_sigid_by_algs(&signid,
246 return 0; 277 EVP_MD_nid(type),
278 pkey->ameth->pkey_id))
279 {
280 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
281 ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
282 return 0;
283 }
247 } 284 }
248 } 285 else
249 else 286 signid = type->pkey_type;
250 signid = type->pkey_type;
251 287
252 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) 288 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
253 paramtype = V_ASN1_NULL; 289 paramtype = V_ASN1_NULL;
254 else 290 else
255 paramtype = V_ASN1_UNDEF; 291 paramtype = V_ASN1_UNDEF;
256 292
257 if (algor1) 293 if (algor1)
258 X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); 294 X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
259 if (algor2) 295 if (algor2)
260 X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); 296 X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
297
298 }
261 299
262 EVP_MD_CTX_init(&ctx);
263 inl=ASN1_item_i2d(asn,&buf_in, it); 300 inl=ASN1_item_i2d(asn,&buf_in, it);
264 outll=outl=EVP_PKEY_size(pkey); 301 outll=outl=EVP_PKEY_size(pkey);
265 buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); 302 buf_out=OPENSSL_malloc((unsigned int)outl);
266 if ((buf_in == NULL) || (buf_out == NULL)) 303 if ((buf_in == NULL) || (buf_out == NULL))
267 { 304 {
268 outl=0; 305 outl=0;
269 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); 306 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE);
270 goto err; 307 goto err;
271 } 308 }
272 309
273 EVP_SignInit_ex(&ctx,type, NULL); 310 if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
274 EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); 311 || !EVP_DigestSignFinal(ctx, buf_out, &outl))
275 if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
276 (unsigned int *)&outl,pkey))
277 { 312 {
278 outl=0; 313 outl=0;
279 ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); 314 ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB);
280 goto err; 315 goto err;
281 } 316 }
282 if (signature->data != NULL) OPENSSL_free(signature->data); 317 if (signature->data != NULL) OPENSSL_free(signature->data);
@@ -289,7 +324,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
289 signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 324 signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
290 signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; 325 signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
291err: 326err:
292 EVP_MD_CTX_cleanup(&ctx); 327 EVP_MD_CTX_cleanup(ctx);
293 if (buf_in != NULL) 328 if (buf_in != NULL)
294 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } 329 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
295 if (buf_out != NULL) 330 if (buf_out != NULL)
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index cecdb13c70..432722e409 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -101,8 +101,13 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
101 p=buf_in; 101 p=buf_in;
102 102
103 i2d(data,&p); 103 i2d(data,&p);
104 EVP_VerifyInit_ex(&ctx,type, NULL); 104 if (!EVP_VerifyInit_ex(&ctx,type, NULL)
105 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); 105 || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
106 {
107 ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
108 ret=0;
109 goto err;
110 }
106 111
107 OPENSSL_cleanse(buf_in,(unsigned int)inl); 112 OPENSSL_cleanse(buf_in,(unsigned int)inl);
108 OPENSSL_free(buf_in); 113 OPENSSL_free(buf_in);
@@ -126,11 +131,10 @@ err:
126#endif 131#endif
127 132
128 133
129int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, 134int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
130 void *asn, EVP_PKEY *pkey) 135 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
131 { 136 {
132 EVP_MD_CTX ctx; 137 EVP_MD_CTX ctx;
133 const EVP_MD *type = NULL;
134 unsigned char *buf_in=NULL; 138 unsigned char *buf_in=NULL;
135 int ret= -1,inl; 139 int ret= -1,inl;
136 140
@@ -144,25 +148,47 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
144 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); 148 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
145 goto err; 149 goto err;
146 } 150 }
147 type=EVP_get_digestbynid(mdnid); 151 if (mdnid == NID_undef)
148 if (type == NULL)
149 { 152 {
150 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); 153 if (!pkey->ameth || !pkey->ameth->item_verify)
151 goto err; 154 {
155 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
156 goto err;
157 }
158 ret = pkey->ameth->item_verify(&ctx, it, asn, a,
159 signature, pkey);
160 /* Return value of 2 means carry on, anything else means we
161 * exit straight away: either a fatal error of the underlying
162 * verification routine handles all verification.
163 */
164 if (ret != 2)
165 goto err;
166 ret = -1;
152 } 167 }
153 168 else
154 /* Check public key OID matches public key type */
155 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
156 { 169 {
157 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); 170 const EVP_MD *type;
158 goto err; 171 type=EVP_get_digestbynid(mdnid);
159 } 172 if (type == NULL)
173 {
174 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
175 goto err;
176 }
177
178 /* Check public key OID matches public key type */
179 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
180 {
181 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
182 goto err;
183 }
184
185 if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))
186 {
187 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
188 ret=0;
189 goto err;
190 }
160 191
161 if (!EVP_VerifyInit_ex(&ctx,type, NULL))
162 {
163 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
164 ret=0;
165 goto err;
166 } 192 }
167 193
168 inl = ASN1_item_i2d(asn, &buf_in, it); 194 inl = ASN1_item_i2d(asn, &buf_in, it);
@@ -173,13 +199,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
173 goto err; 199 goto err;
174 } 200 }
175 201
176 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); 202 if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
203 {
204 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
205 ret=0;
206 goto err;
207 }
177 208
178 OPENSSL_cleanse(buf_in,(unsigned int)inl); 209 OPENSSL_cleanse(buf_in,(unsigned int)inl);
179 OPENSSL_free(buf_in); 210 OPENSSL_free(buf_in);
180 211
181 if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, 212 if (EVP_DigestVerifyFinal(&ctx,signature->data,
182 (unsigned int)signature->length,pkey) <= 0) 213 (size_t)signature->length) <= 0)
183 { 214 {
184 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); 215 ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
185 ret=0; 216 ret=0;
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index 59540e4e79..220a0c8c63 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -235,7 +235,7 @@ typedef struct asn1_object_st
235 */ 235 */
236#define ASN1_STRING_FLAG_MSTRING 0x040 236#define ASN1_STRING_FLAG_MSTRING 0x040
237/* This is the base type that holds just about everything :-) */ 237/* This is the base type that holds just about everything :-) */
238typedef struct asn1_string_st 238struct asn1_string_st
239 { 239 {
240 int length; 240 int length;
241 int type; 241 int type;
@@ -245,7 +245,7 @@ typedef struct asn1_string_st
245 * input data has a non-zero 'unused bits' value, it will be 245 * input data has a non-zero 'unused bits' value, it will be
246 * handled correctly */ 246 * handled correctly */
247 long flags; 247 long flags;
248 } ASN1_STRING; 248 };
249 249
250/* ASN1_ENCODING structure: this is used to save the received 250/* ASN1_ENCODING structure: this is used to save the received
251 * encoding of an ASN1 type. This is useful to get round 251 * encoding of an ASN1 type. This is useful to get round
@@ -293,7 +293,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
293 * see asn1t.h 293 * see asn1t.h
294 */ 294 */
295typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; 295typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
296typedef struct ASN1_ITEM_st ASN1_ITEM;
297typedef struct ASN1_TLC_st ASN1_TLC; 296typedef struct ASN1_TLC_st ASN1_TLC;
298/* This is just an opaque pointer */ 297/* This is just an opaque pointer */
299typedef struct ASN1_VALUE_st ASN1_VALUE; 298typedef struct ASN1_VALUE_st ASN1_VALUE;
@@ -1194,6 +1193,7 @@ void ERR_load_ASN1_strings(void);
1194#define ASN1_F_ASN1_ITEM_I2D_FP 193 1193#define ASN1_F_ASN1_ITEM_I2D_FP 193
1195#define ASN1_F_ASN1_ITEM_PACK 198 1194#define ASN1_F_ASN1_ITEM_PACK 198
1196#define ASN1_F_ASN1_ITEM_SIGN 195 1195#define ASN1_F_ASN1_ITEM_SIGN 195
1196#define ASN1_F_ASN1_ITEM_SIGN_CTX 220
1197#define ASN1_F_ASN1_ITEM_UNPACK 199 1197#define ASN1_F_ASN1_ITEM_UNPACK 199
1198#define ASN1_F_ASN1_ITEM_VERIFY 197 1198#define ASN1_F_ASN1_ITEM_VERIFY 197
1199#define ASN1_F_ASN1_MBSTRING_NCOPY 122 1199#define ASN1_F_ASN1_MBSTRING_NCOPY 122
@@ -1266,6 +1266,7 @@ void ERR_load_ASN1_strings(void);
1266#define ASN1_F_PKCS5_PBE2_SET_IV 167 1266#define ASN1_F_PKCS5_PBE2_SET_IV 167
1267#define ASN1_F_PKCS5_PBE_SET 202 1267#define ASN1_F_PKCS5_PBE_SET 202
1268#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 1268#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215
1269#define ASN1_F_PKCS5_PBKDF2_SET 219
1269#define ASN1_F_SMIME_READ_ASN1 212 1270#define ASN1_F_SMIME_READ_ASN1 212
1270#define ASN1_F_SMIME_TEXT 213 1271#define ASN1_F_SMIME_TEXT 213
1271#define ASN1_F_X509_CINF_NEW 168 1272#define ASN1_F_X509_CINF_NEW 168
@@ -1291,6 +1292,7 @@ void ERR_load_ASN1_strings(void);
1291#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 1292#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
1292#define ASN1_R_BUFFER_TOO_SMALL 107 1293#define ASN1_R_BUFFER_TOO_SMALL 107
1293#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 1294#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108
1295#define ASN1_R_CONTEXT_NOT_INITIALISED 217
1294#define ASN1_R_DATA_IS_WRONG 109 1296#define ASN1_R_DATA_IS_WRONG 109
1295#define ASN1_R_DECODE_ERROR 110 1297#define ASN1_R_DECODE_ERROR 110
1296#define ASN1_R_DECODING_ERROR 111 1298#define ASN1_R_DECODING_ERROR 111
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 6e04d08f31..1a30bf119b 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
1/* crypto/asn1/asn1_err.c */ 1/* crypto/asn1/asn1_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -107,6 +107,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
107{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, 107{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
108{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, 108{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
109{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, 109{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
110{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"},
110{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, 111{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
111{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, 112{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
112{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, 113{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
@@ -179,6 +180,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
179{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, 180{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"},
180{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, 181{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
181{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, 182{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"},
183{ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"},
182{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, 184{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
183{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, 185{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
184{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, 186{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
@@ -207,6 +209,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
207{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, 209{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
208{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, 210{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
209{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, 211{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
212{ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED),"context not initialised"},
210{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, 213{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"},
211{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, 214{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"},
212{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, 215{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"},
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
index c1d1b12291..54a704a969 100644
--- a/src/lib/libcrypto/asn1/asn_mime.c
+++ b/src/lib/libcrypto/asn1/asn_mime.c
@@ -377,8 +377,12 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
377 BIO *tmpbio; 377 BIO *tmpbio;
378 const ASN1_AUX *aux = it->funcs; 378 const ASN1_AUX *aux = it->funcs;
379 ASN1_STREAM_ARG sarg; 379 ASN1_STREAM_ARG sarg;
380 int rv = 1;
380 381
381 if (!(flags & SMIME_DETACHED)) 382 /* If data is not deteched or resigning then the output BIO is
383 * already set up to finalise when it is written through.
384 */
385 if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST))
382 { 386 {
383 SMIME_crlf_copy(data, out, flags); 387 SMIME_crlf_copy(data, out, flags);
384 return 1; 388 return 1;
@@ -405,7 +409,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
405 409
406 /* Finalize structure */ 410 /* Finalize structure */
407 if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) 411 if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
408 return 0; 412 rv = 0;
409 413
410 /* Now remove any digests prepended to the BIO */ 414 /* Now remove any digests prepended to the BIO */
411 415
@@ -416,7 +420,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
416 sarg.ndef_bio = tmpbio; 420 sarg.ndef_bio = tmpbio;
417 } 421 }
418 422
419 return 1; 423 return rv;
420 424
421 } 425 }
422 426
@@ -486,9 +490,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
486 490
487 if(strcmp(hdr->value, "application/x-pkcs7-signature") && 491 if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
488 strcmp(hdr->value, "application/pkcs7-signature")) { 492 strcmp(hdr->value, "application/pkcs7-signature")) {
489 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
490 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); 493 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
491 ERR_add_error_data(2, "type: ", hdr->value); 494 ERR_add_error_data(2, "type: ", hdr->value);
495 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
492 sk_BIO_pop_free(parts, BIO_vfree); 496 sk_BIO_pop_free(parts, BIO_vfree);
493 return NULL; 497 return NULL;
494 } 498 }
@@ -801,7 +805,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
801 if(name) { 805 if(name) {
802 if(!(tmpname = BUF_strdup(name))) return NULL; 806 if(!(tmpname = BUF_strdup(name))) return NULL;
803 for(p = tmpname ; *p; p++) { 807 for(p = tmpname ; *p; p++) {
804 c = *p; 808 c = (unsigned char)*p;
805 if(isupper(c)) { 809 if(isupper(c)) {
806 c = tolower(c); 810 c = tolower(c);
807 *p = c; 811 *p = c;
@@ -811,7 +815,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
811 if(value) { 815 if(value) {
812 if(!(tmpval = BUF_strdup(value))) return NULL; 816 if(!(tmpval = BUF_strdup(value))) return NULL;
813 for(p = tmpval ; *p; p++) { 817 for(p = tmpval ; *p; p++) {
814 c = *p; 818 c = (unsigned char)*p;
815 if(isupper(c)) { 819 if(isupper(c)) {
816 c = tolower(c); 820 c = tolower(c);
817 *p = c; 821 *p = c;
@@ -835,7 +839,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
835 tmpname = BUF_strdup(name); 839 tmpname = BUF_strdup(name);
836 if(!tmpname) return 0; 840 if(!tmpname) return 0;
837 for(p = tmpname ; *p; p++) { 841 for(p = tmpname ; *p; p++) {
838 c = *p; 842 c = (unsigned char)*p;
839 if(isupper(c)) { 843 if(isupper(c)) {
840 c = tolower(c); 844 c = tolower(c);
841 *p = c; 845 *p = c;
@@ -858,12 +862,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
858static int mime_hdr_cmp(const MIME_HEADER * const *a, 862static int mime_hdr_cmp(const MIME_HEADER * const *a,
859 const MIME_HEADER * const *b) 863 const MIME_HEADER * const *b)
860{ 864{
865 if (!(*a)->name || !(*b)->name)
866 return !!(*a)->name - !!(*b)->name;
867
861 return(strcmp((*a)->name, (*b)->name)); 868 return(strcmp((*a)->name, (*b)->name));
862} 869}
863 870
864static int mime_param_cmp(const MIME_PARAM * const *a, 871static int mime_param_cmp(const MIME_PARAM * const *a,
865 const MIME_PARAM * const *b) 872 const MIME_PARAM * const *b)
866{ 873{
874 if (!(*a)->param_name || !(*b)->param_name)
875 return !!(*a)->param_name - !!(*b)->param_name;
867 return(strcmp((*a)->param_name, (*b)->param_name)); 876 return(strcmp((*a)->param_name, (*b)->param_name));
868} 877}
869 878
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index e7d0439062..e251739933 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -129,6 +129,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
129 unsigned char buf[256],*zz; 129 unsigned char buf[256],*zz;
130 unsigned char key[EVP_MAX_KEY_LENGTH]; 130 unsigned char key[EVP_MAX_KEY_LENGTH];
131 EVP_CIPHER_CTX ctx; 131 EVP_CIPHER_CTX ctx;
132 EVP_CIPHER_CTX_init(&ctx);
132 133
133 if (a == NULL) return(0); 134 if (a == NULL) return(0);
134 135
@@ -206,24 +207,28 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
206 i = strlen((char *)buf); 207 i = strlen((char *)buf);
207 /* If the key is used for SGC the algorithm is modified a little. */ 208 /* If the key is used for SGC the algorithm is modified a little. */
208 if(sgckey) { 209 if(sgckey) {
209 EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); 210 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
211 goto err;
210 memcpy(buf + 16, "SGCKEYSALT", 10); 212 memcpy(buf + 16, "SGCKEYSALT", 10);
211 i = 26; 213 i = 26;
212 } 214 }
213 215
214 EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); 216 if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
217 goto err;
215 OPENSSL_cleanse(buf,256); 218 OPENSSL_cleanse(buf,256);
216 219
217 /* Encrypt private key in place */ 220 /* Encrypt private key in place */
218 zz = enckey->enckey->digest->data; 221 zz = enckey->enckey->digest->data;
219 EVP_CIPHER_CTX_init(&ctx); 222 if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))
220 EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL); 223 goto err;
221 EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); 224 if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))
222 EVP_EncryptFinal_ex(&ctx,zz + i,&j); 225 goto err;
223 EVP_CIPHER_CTX_cleanup(&ctx); 226 if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))
227 goto err;
224 228
225 ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); 229 ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
226err: 230err:
231 EVP_CIPHER_CTX_cleanup(&ctx);
227 NETSCAPE_ENCRYPTED_PKEY_free(enckey); 232 NETSCAPE_ENCRYPTED_PKEY_free(enckey);
228 NETSCAPE_PKEY_free(pkey); 233 NETSCAPE_PKEY_free(pkey);
229 return(ret); 234 return(ret);
@@ -288,6 +293,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
288 const unsigned char *zz; 293 const unsigned char *zz;
289 unsigned char key[EVP_MAX_KEY_LENGTH]; 294 unsigned char key[EVP_MAX_KEY_LENGTH];
290 EVP_CIPHER_CTX ctx; 295 EVP_CIPHER_CTX ctx;
296 EVP_CIPHER_CTX_init(&ctx);
291 297
292 i=cb((char *)buf,256,"Enter Private Key password:",0); 298 i=cb((char *)buf,256,"Enter Private Key password:",0);
293 if (i != 0) 299 if (i != 0)
@@ -298,19 +304,22 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
298 304
299 i = strlen((char *)buf); 305 i = strlen((char *)buf);
300 if(sgckey){ 306 if(sgckey){
301 EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); 307 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
308 goto err;
302 memcpy(buf + 16, "SGCKEYSALT", 10); 309 memcpy(buf + 16, "SGCKEYSALT", 10);
303 i = 26; 310 i = 26;
304 } 311 }
305 312
306 EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); 313 if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
314 goto err;
307 OPENSSL_cleanse(buf,256); 315 OPENSSL_cleanse(buf,256);
308 316
309 EVP_CIPHER_CTX_init(&ctx); 317 if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))
310 EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); 318 goto err;
311 EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); 319 if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))
312 EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j); 320 goto err;
313 EVP_CIPHER_CTX_cleanup(&ctx); 321 if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))
322 goto err;
314 os->length=i+j; 323 os->length=i+j;
315 324
316 zz=os->data; 325 zz=os->data;
@@ -328,6 +337,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
328 goto err; 337 goto err;
329 } 338 }
330err: 339err:
340 EVP_CIPHER_CTX_cleanup(&ctx);
331 NETSCAPE_PKEY_free(pkey); 341 NETSCAPE_PKEY_free(pkey);
332 return(ret); 342 return(ret);
333 } 343 }
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index cb49b6651d..4ea683036b 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -91,12 +91,10 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
91 unsigned char *aiv, int prf_nid) 91 unsigned char *aiv, int prf_nid)
92{ 92{
93 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; 93 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
94 int alg_nid; 94 int alg_nid, keylen;
95 EVP_CIPHER_CTX ctx; 95 EVP_CIPHER_CTX ctx;
96 unsigned char iv[EVP_MAX_IV_LENGTH]; 96 unsigned char iv[EVP_MAX_IV_LENGTH];
97 PBKDF2PARAM *kdf = NULL;
98 PBE2PARAM *pbe2 = NULL; 97 PBE2PARAM *pbe2 = NULL;
99 ASN1_OCTET_STRING *osalt = NULL;
100 ASN1_OBJECT *obj; 98 ASN1_OBJECT *obj;
101 99
102 alg_nid = EVP_CIPHER_type(cipher); 100 alg_nid = EVP_CIPHER_type(cipher);
@@ -127,7 +125,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
127 EVP_CIPHER_CTX_init(&ctx); 125 EVP_CIPHER_CTX_init(&ctx);
128 126
129 /* Dummy cipherinit to just setup the IV, and PRF */ 127 /* Dummy cipherinit to just setup the IV, and PRF */
130 EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); 128 if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
129 goto err;
131 if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { 130 if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
132 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, 131 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
133 ASN1_R_ERROR_SETTING_CIPHER_PARAMS); 132 ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
@@ -145,55 +144,21 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
145 } 144 }
146 EVP_CIPHER_CTX_cleanup(&ctx); 145 EVP_CIPHER_CTX_cleanup(&ctx);
147 146
148 if(!(kdf = PBKDF2PARAM_new())) goto merr;
149 if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
150
151 if (!saltlen) saltlen = PKCS5_SALT_LEN;
152 if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
153 osalt->length = saltlen;
154 if (salt) memcpy (osalt->data, salt, saltlen);
155 else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
156
157 if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
158 if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
159
160 /* Now include salt in kdf structure */
161 kdf->salt->value.octet_string = osalt;
162 kdf->salt->type = V_ASN1_OCTET_STRING;
163 osalt = NULL;
164
165 /* If its RC2 then we'd better setup the key length */ 147 /* If its RC2 then we'd better setup the key length */
166 148
167 if(alg_nid == NID_rc2_cbc) { 149 if(alg_nid == NID_rc2_cbc)
168 if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr; 150 keylen = EVP_CIPHER_key_length(cipher);
169 if(!ASN1_INTEGER_set (kdf->keylength, 151 else
170 EVP_CIPHER_key_length(cipher))) goto merr; 152 keylen = -1;
171 }
172
173 /* prf can stay NULL if we are using hmacWithSHA1 */
174 if (prf_nid != NID_hmacWithSHA1)
175 {
176 kdf->prf = X509_ALGOR_new();
177 if (!kdf->prf)
178 goto merr;
179 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
180 V_ASN1_NULL, NULL);
181 }
182
183 /* Now setup the PBE2PARAM keyfunc structure */
184 153
185 pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); 154 /* Setup keyfunc */
186 155
187 /* Encode PBKDF2PARAM into parameter of pbe2 */ 156 X509_ALGOR_free(pbe2->keyfunc);
188 157
189 if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; 158 pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
190 159
191 if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), 160 if (!pbe2->keyfunc)
192 &pbe2->keyfunc->parameter->value.sequence)) goto merr; 161 goto merr;
193 pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
194
195 PBKDF2PARAM_free(kdf);
196 kdf = NULL;
197 162
198 /* Now set up top level AlgorithmIdentifier */ 163 /* Now set up top level AlgorithmIdentifier */
199 164
@@ -219,8 +184,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
219 err: 184 err:
220 PBE2PARAM_free(pbe2); 185 PBE2PARAM_free(pbe2);
221 /* Note 'scheme' is freed as part of pbe2 */ 186 /* Note 'scheme' is freed as part of pbe2 */
222 M_ASN1_OCTET_STRING_free(osalt);
223 PBKDF2PARAM_free(kdf);
224 X509_ALGOR_free(kalg); 187 X509_ALGOR_free(kalg);
225 X509_ALGOR_free(ret); 188 X509_ALGOR_free(ret);
226 189
@@ -233,3 +196,85 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
233 { 196 {
234 return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); 197 return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
235 } 198 }
199
200X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
201 int prf_nid, int keylen)
202 {
203 X509_ALGOR *keyfunc = NULL;
204 PBKDF2PARAM *kdf = NULL;
205 ASN1_OCTET_STRING *osalt = NULL;
206
207 if(!(kdf = PBKDF2PARAM_new()))
208 goto merr;
209 if(!(osalt = M_ASN1_OCTET_STRING_new()))
210 goto merr;
211
212 kdf->salt->value.octet_string = osalt;
213 kdf->salt->type = V_ASN1_OCTET_STRING;
214
215 if (!saltlen)
216 saltlen = PKCS5_SALT_LEN;
217 if (!(osalt->data = OPENSSL_malloc (saltlen)))
218 goto merr;
219
220 osalt->length = saltlen;
221
222 if (salt)
223 memcpy (osalt->data, salt, saltlen);
224 else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
225 goto merr;
226
227 if(iter <= 0)
228 iter = PKCS5_DEFAULT_ITER;
229
230 if(!ASN1_INTEGER_set(kdf->iter, iter))
231 goto merr;
232
233 /* If have a key len set it up */
234
235 if(keylen > 0)
236 {
237 if(!(kdf->keylength = M_ASN1_INTEGER_new()))
238 goto merr;
239 if(!ASN1_INTEGER_set (kdf->keylength, keylen))
240 goto merr;
241 }
242
243 /* prf can stay NULL if we are using hmacWithSHA1 */
244 if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
245 {
246 kdf->prf = X509_ALGOR_new();
247 if (!kdf->prf)
248 goto merr;
249 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
250 V_ASN1_NULL, NULL);
251 }
252
253 /* Finally setup the keyfunc structure */
254
255 keyfunc = X509_ALGOR_new();
256 if (!keyfunc)
257 goto merr;
258
259 keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
260
261 /* Encode PBKDF2PARAM into parameter of pbe2 */
262
263 if(!(keyfunc->parameter = ASN1_TYPE_new()))
264 goto merr;
265
266 if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
267 &keyfunc->parameter->value.sequence))
268 goto merr;
269 keyfunc->parameter->type = V_ASN1_SEQUENCE;
270
271 PBKDF2PARAM_free(kdf);
272 return keyfunc;
273
274 merr:
275 ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE);
276 PBKDF2PARAM_free(kdf);
277 X509_ALGOR_free(keyfunc);
278 return NULL;
279 }
280
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
index ee5a687ce8..c61169208a 100644
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -94,8 +94,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
94 l = X509_CRL_get_version(x); 94 l = X509_CRL_get_version(x);
95 BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l); 95 BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
96 i = OBJ_obj2nid(x->sig_alg->algorithm); 96 i = OBJ_obj2nid(x->sig_alg->algorithm);
97 BIO_printf(out, "%8sSignature Algorithm: %s\n", "", 97 X509_signature_print(out, x->sig_alg, NULL);
98 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
99 p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); 98 p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
100 BIO_printf(out,"%8sIssuer: %s\n","",p); 99 BIO_printf(out,"%8sIssuer: %s\n","",p);
101 OPENSSL_free(p); 100 OPENSSL_free(p);
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index e061f2ffad..edbb39a02f 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -72,6 +72,7 @@
72#include <openssl/objects.h> 72#include <openssl/objects.h>
73#include <openssl/x509.h> 73#include <openssl/x509.h>
74#include <openssl/x509v3.h> 74#include <openssl/x509v3.h>
75#include "asn1_locl.h"
75 76
76#ifndef OPENSSL_NO_FP_API 77#ifndef OPENSSL_NO_FP_API
77int X509_print_fp(FILE *fp, X509 *x) 78int X509_print_fp(FILE *fp, X509 *x)
@@ -137,10 +138,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
137 if (BIO_write(bp," Serial Number:",22) <= 0) goto err; 138 if (BIO_write(bp," Serial Number:",22) <= 0) goto err;
138 139
139 bs=X509_get_serialNumber(x); 140 bs=X509_get_serialNumber(x);
140 if (bs->length <= 4) 141 if (bs->length <= (int)sizeof(long))
141 { 142 {
142 l=ASN1_INTEGER_get(bs); 143 l=ASN1_INTEGER_get(bs);
143 if (l < 0) 144 if (bs->type == V_ASN1_NEG_INTEGER)
144 { 145 {
145 l= -l; 146 l= -l;
146 neg="-"; 147 neg="-";
@@ -167,12 +168,16 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
167 168
168 if(!(cflag & X509_FLAG_NO_SIGNAME)) 169 if(!(cflag & X509_FLAG_NO_SIGNAME))
169 { 170 {
171 if(X509_signature_print(bp, x->sig_alg, NULL) <= 0)
172 goto err;
173#if 0
170 if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 174 if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0)
171 goto err; 175 goto err;
172 if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) 176 if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
173 goto err; 177 goto err;
174 if (BIO_puts(bp, "\n") <= 0) 178 if (BIO_puts(bp, "\n") <= 0)
175 goto err; 179 goto err;
180#endif
176 } 181 }
177 182
178 if(!(cflag & X509_FLAG_NO_ISSUER)) 183 if(!(cflag & X509_FLAG_NO_ISSUER))
@@ -255,7 +260,8 @@ int X509_ocspid_print (BIO *bp, X509 *x)
255 goto err; 260 goto err;
256 i2d_X509_NAME(x->cert_info->subject, &dertmp); 261 i2d_X509_NAME(x->cert_info->subject, &dertmp);
257 262
258 EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); 263 if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
264 goto err;
259 for (i=0; i < SHA_DIGEST_LENGTH; i++) 265 for (i=0; i < SHA_DIGEST_LENGTH; i++)
260 { 266 {
261 if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; 267 if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@@ -268,8 +274,10 @@ int X509_ocspid_print (BIO *bp, X509 *x)
268 if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) 274 if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0)
269 goto err; 275 goto err;
270 276
271 EVP_Digest(x->cert_info->key->public_key->data, 277 if (!EVP_Digest(x->cert_info->key->public_key->data,
272 x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); 278 x->cert_info->key->public_key->length,
279 SHA1md, NULL, EVP_sha1(), NULL))
280 goto err;
273 for (i=0; i < SHA_DIGEST_LENGTH; i++) 281 for (i=0; i < SHA_DIGEST_LENGTH; i++)
274 { 282 {
275 if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) 283 if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
@@ -283,23 +291,50 @@ err:
283 return(0); 291 return(0);
284 } 292 }
285 293
286int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) 294int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
287{ 295{
288 unsigned char *s; 296 const unsigned char *s;
289 int i, n; 297 int i, n;
290 if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0;
291 if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
292 298
293 n=sig->length; 299 n=sig->length;
294 s=sig->data; 300 s=sig->data;
295 for (i=0; i<n; i++) 301 for (i=0; i<n; i++)
296 { 302 {
297 if ((i%18) == 0) 303 if ((i%18) == 0)
298 if (BIO_write(bp,"\n ",9) <= 0) return 0; 304 {
305 if (BIO_write(bp,"\n",1) <= 0) return 0;
306 if (BIO_indent(bp, indent, indent) <= 0) return 0;
307 }
299 if (BIO_printf(bp,"%02x%s",s[i], 308 if (BIO_printf(bp,"%02x%s",s[i],
300 ((i+1) == n)?"":":") <= 0) return 0; 309 ((i+1) == n)?"":":") <= 0) return 0;
301 } 310 }
302 if (BIO_write(bp,"\n",1) != 1) return 0; 311 if (BIO_write(bp,"\n",1) != 1) return 0;
312
313 return 1;
314}
315
316int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
317{
318 int sig_nid;
319 if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0;
320 if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
321
322 sig_nid = OBJ_obj2nid(sigalg->algorithm);
323 if (sig_nid != NID_undef)
324 {
325 int pkey_nid, dig_nid;
326 const EVP_PKEY_ASN1_METHOD *ameth;
327 if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
328 {
329 ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
330 if (ameth && ameth->sig_print)
331 return ameth->sig_print(bp, sigalg, sig, 9, 0);
332 }
333 }
334 if (sig)
335 return X509_signature_dump(bp, sig, 9);
336 else if (BIO_puts(bp, "\n") <= 0)
337 return 0;
303 return 1; 338 return 1;
304} 339}
305 340
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
index 453698012d..542a091a66 100644
--- a/src/lib/libcrypto/asn1/tasn_prn.c
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent,
446 return 1; 446 return 1;
447 } 447 }
448 448
449static int asn1_print_boolean_ctx(BIO *out, const int bool, 449static int asn1_print_boolean_ctx(BIO *out, int boolval,
450 const ASN1_PCTX *pctx) 450 const ASN1_PCTX *pctx)
451 { 451 {
452 const char *str; 452 const char *str;
453 switch (bool) 453 switch (boolval)
454 { 454 {
455 case -1: 455 case -1:
456 str = "BOOL ABSENT"; 456 str = "BOOL ABSENT";
@@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
574 { 574 {
575 case V_ASN1_BOOLEAN: 575 case V_ASN1_BOOLEAN:
576 { 576 {
577 int bool = *(int *)fld; 577 int boolval = *(int *)fld;
578 if (bool == -1) 578 if (boolval == -1)
579 bool = it->size; 579 boolval = it->size;
580 ret = asn1_print_boolean_ctx(out, bool, pctx); 580 ret = asn1_print_boolean_ctx(out, boolval, pctx);
581 } 581 }
582 break; 582 break;
583 583
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
index 99e53429b7..274e456c73 100644
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -128,3 +128,17 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
128 } 128 }
129 } 129 }
130 130
131/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
132
133void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
134 {
135 int param_type;
136
137 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
138 param_type = V_ASN1_UNDEF;
139 else
140 param_type = V_ASN1_NULL;
141
142 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
143
144 }
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index 49be08b4da..d7c2318693 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -399,8 +399,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
399 /* If type not in bitmask just copy string across */ 399 /* If type not in bitmask just copy string across */
400 if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) 400 if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
401 { 401 {
402 out->type = in->type; 402 if (!ASN1_STRING_copy(out, in))
403 if (!ASN1_STRING_set(out, in->data, in->length))
404 return 0; 403 return 0;
405 return 1; 404 return 1;
406 } 405 }
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index d42b6a2c54..627ec87f9f 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -171,7 +171,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
171 goto error; 171 goto error;
172 } 172 }
173 173
174 key->pkey = ret; 174 /* Check to see if another thread set key->pkey first */
175 CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
176 if (key->pkey)
177 {
178 EVP_PKEY_free(ret);
179 ret = key->pkey;
180 }
181 else
182 key->pkey = ret;
183 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
175 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); 184 CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
176 185
177 return ret; 186 return ret;