diff options
Diffstat (limited to 'src/lib/libcrypto/asn1')
-rw-r--r-- | src/lib/libcrypto/asn1/a_digest.c | 6 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/a_int.c | 4 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/a_sign.c | 111 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/a_verify.c | 77 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/asn1.h | 8 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/asn1_err.c | 5 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/asn_mime.c | 23 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/n_pkey.c | 38 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/p5_pbev2.c | 143 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/t_crl.c | 3 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/t_x509.c | 55 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/tasn_prn.c | 12 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/x_algor.c | 14 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/x_name.c | 3 | ||||
-rw-r--r-- | src/lib/libcrypto/asn1/x_pubkey.c | 11 |
15 files changed, 353 insertions, 160 deletions
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c index d00d9e22b1..cbdeea6ac0 100644 --- a/src/lib/libcrypto/asn1/a_digest.c +++ b/src/lib/libcrypto/asn1/a_digest.c | |||
@@ -87,7 +87,8 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, | |||
87 | p=str; | 87 | p=str; |
88 | i2d(data,&p); | 88 | i2d(data,&p); |
89 | 89 | ||
90 | EVP_Digest(str, i, md, len, type, NULL); | 90 | if (!EVP_Digest(str, i, md, len, type, NULL)) |
91 | return 0; | ||
91 | OPENSSL_free(str); | 92 | OPENSSL_free(str); |
92 | return(1); | 93 | return(1); |
93 | } | 94 | } |
@@ -104,7 +105,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, | |||
104 | i=ASN1_item_i2d(asn,&str, it); | 105 | i=ASN1_item_i2d(asn,&str, it); |
105 | if (!str) return(0); | 106 | if (!str) return(0); |
106 | 107 | ||
107 | EVP_Digest(str, i, md, len, type, NULL); | 108 | if (!EVP_Digest(str, i, md, len, type, NULL)) |
109 | return 0; | ||
108 | OPENSSL_free(str); | 110 | OPENSSL_free(str); |
109 | return(1); | 111 | return(1); |
110 | } | 112 | } |
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c index 3348b8762c..ad0d2506f6 100644 --- a/src/lib/libcrypto/asn1/a_int.c +++ b/src/lib/libcrypto/asn1/a_int.c | |||
@@ -386,8 +386,8 @@ long ASN1_INTEGER_get(const ASN1_INTEGER *a) | |||
386 | 386 | ||
387 | if (a->length > (int)sizeof(long)) | 387 | if (a->length > (int)sizeof(long)) |
388 | { | 388 | { |
389 | /* hmm... a bit ugly */ | 389 | /* hmm... a bit ugly, return all ones */ |
390 | return(0xffffffffL); | 390 | return -1; |
391 | } | 391 | } |
392 | if (a->data == NULL) | 392 | if (a->data == NULL) |
393 | return 0; | 393 | return 0; |
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c index ff63bfc7be..7b4a193d6b 100644 --- a/src/lib/libcrypto/asn1/a_sign.c +++ b/src/lib/libcrypto/asn1/a_sign.c | |||
@@ -184,9 +184,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
184 | p=buf_in; | 184 | p=buf_in; |
185 | 185 | ||
186 | i2d(data,&p); | 186 | i2d(data,&p); |
187 | EVP_SignInit_ex(&ctx,type, NULL); | 187 | if (!EVP_SignInit_ex(&ctx,type, NULL) |
188 | EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); | 188 | || !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl) |
189 | if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, | 189 | || !EVP_SignFinal(&ctx,(unsigned char *)buf_out, |
190 | (unsigned int *)&outl,pkey)) | 190 | (unsigned int *)&outl,pkey)) |
191 | { | 191 | { |
192 | outl=0; | 192 | outl=0; |
@@ -218,65 +218,100 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
218 | const EVP_MD *type) | 218 | const EVP_MD *type) |
219 | { | 219 | { |
220 | EVP_MD_CTX ctx; | 220 | EVP_MD_CTX ctx; |
221 | EVP_MD_CTX_init(&ctx); | ||
222 | if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) | ||
223 | { | ||
224 | EVP_MD_CTX_cleanup(&ctx); | ||
225 | return 0; | ||
226 | } | ||
227 | return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); | ||
228 | } | ||
229 | |||
230 | |||
231 | int ASN1_item_sign_ctx(const ASN1_ITEM *it, | ||
232 | X509_ALGOR *algor1, X509_ALGOR *algor2, | ||
233 | ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) | ||
234 | { | ||
235 | const EVP_MD *type; | ||
236 | EVP_PKEY *pkey; | ||
221 | unsigned char *buf_in=NULL,*buf_out=NULL; | 237 | unsigned char *buf_in=NULL,*buf_out=NULL; |
222 | int inl=0,outl=0,outll=0; | 238 | size_t inl=0,outl=0,outll=0; |
223 | int signid, paramtype; | 239 | int signid, paramtype; |
240 | int rv; | ||
241 | |||
242 | type = EVP_MD_CTX_md(ctx); | ||
243 | pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); | ||
224 | 244 | ||
225 | if (type == NULL) | 245 | if (!type || !pkey) |
226 | { | 246 | { |
227 | int def_nid; | 247 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); |
228 | if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) | 248 | return 0; |
229 | type = EVP_get_digestbynid(def_nid); | ||
230 | } | 249 | } |
231 | 250 | ||
232 | if (type == NULL) | 251 | if (pkey->ameth->item_sign) |
233 | { | 252 | { |
234 | ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST); | 253 | rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, |
235 | return 0; | 254 | signature); |
255 | if (rv == 1) | ||
256 | outl = signature->length; | ||
257 | /* Return value meanings: | ||
258 | * <=0: error. | ||
259 | * 1: method does everything. | ||
260 | * 2: carry on as normal. | ||
261 | * 3: ASN1 method sets algorithm identifiers: just sign. | ||
262 | */ | ||
263 | if (rv <= 0) | ||
264 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); | ||
265 | if (rv <= 1) | ||
266 | goto err; | ||
236 | } | 267 | } |
268 | else | ||
269 | rv = 2; | ||
237 | 270 | ||
238 | if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) | 271 | if (rv == 2) |
239 | { | 272 | { |
240 | if (!pkey->ameth || | 273 | if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) |
241 | !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), | ||
242 | pkey->ameth->pkey_id)) | ||
243 | { | 274 | { |
244 | ASN1err(ASN1_F_ASN1_ITEM_SIGN, | 275 | if (!pkey->ameth || |
245 | ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); | 276 | !OBJ_find_sigid_by_algs(&signid, |
246 | return 0; | 277 | EVP_MD_nid(type), |
278 | pkey->ameth->pkey_id)) | ||
279 | { | ||
280 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, | ||
281 | ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); | ||
282 | return 0; | ||
283 | } | ||
247 | } | 284 | } |
248 | } | 285 | else |
249 | else | 286 | signid = type->pkey_type; |
250 | signid = type->pkey_type; | ||
251 | 287 | ||
252 | if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) | 288 | if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) |
253 | paramtype = V_ASN1_NULL; | 289 | paramtype = V_ASN1_NULL; |
254 | else | 290 | else |
255 | paramtype = V_ASN1_UNDEF; | 291 | paramtype = V_ASN1_UNDEF; |
256 | 292 | ||
257 | if (algor1) | 293 | if (algor1) |
258 | X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); | 294 | X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); |
259 | if (algor2) | 295 | if (algor2) |
260 | X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); | 296 | X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); |
297 | |||
298 | } | ||
261 | 299 | ||
262 | EVP_MD_CTX_init(&ctx); | ||
263 | inl=ASN1_item_i2d(asn,&buf_in, it); | 300 | inl=ASN1_item_i2d(asn,&buf_in, it); |
264 | outll=outl=EVP_PKEY_size(pkey); | 301 | outll=outl=EVP_PKEY_size(pkey); |
265 | buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); | 302 | buf_out=OPENSSL_malloc((unsigned int)outl); |
266 | if ((buf_in == NULL) || (buf_out == NULL)) | 303 | if ((buf_in == NULL) || (buf_out == NULL)) |
267 | { | 304 | { |
268 | outl=0; | 305 | outl=0; |
269 | ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); | 306 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE); |
270 | goto err; | 307 | goto err; |
271 | } | 308 | } |
272 | 309 | ||
273 | EVP_SignInit_ex(&ctx,type, NULL); | 310 | if (!EVP_DigestSignUpdate(ctx, buf_in, inl) |
274 | EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); | 311 | || !EVP_DigestSignFinal(ctx, buf_out, &outl)) |
275 | if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, | ||
276 | (unsigned int *)&outl,pkey)) | ||
277 | { | 312 | { |
278 | outl=0; | 313 | outl=0; |
279 | ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); | 314 | ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB); |
280 | goto err; | 315 | goto err; |
281 | } | 316 | } |
282 | if (signature->data != NULL) OPENSSL_free(signature->data); | 317 | if (signature->data != NULL) OPENSSL_free(signature->data); |
@@ -289,7 +324,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | |||
289 | signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | 324 | signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); |
290 | signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; | 325 | signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; |
291 | err: | 326 | err: |
292 | EVP_MD_CTX_cleanup(&ctx); | 327 | EVP_MD_CTX_cleanup(ctx); |
293 | if (buf_in != NULL) | 328 | if (buf_in != NULL) |
294 | { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } | 329 | { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } |
295 | if (buf_out != NULL) | 330 | if (buf_out != NULL) |
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index cecdb13c70..432722e409 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c | |||
@@ -101,8 +101,13 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, | |||
101 | p=buf_in; | 101 | p=buf_in; |
102 | 102 | ||
103 | i2d(data,&p); | 103 | i2d(data,&p); |
104 | EVP_VerifyInit_ex(&ctx,type, NULL); | 104 | if (!EVP_VerifyInit_ex(&ctx,type, NULL) |
105 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 105 | || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl)) |
106 | { | ||
107 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | ||
108 | ret=0; | ||
109 | goto err; | ||
110 | } | ||
106 | 111 | ||
107 | OPENSSL_cleanse(buf_in,(unsigned int)inl); | 112 | OPENSSL_cleanse(buf_in,(unsigned int)inl); |
108 | OPENSSL_free(buf_in); | 113 | OPENSSL_free(buf_in); |
@@ -126,11 +131,10 @@ err: | |||
126 | #endif | 131 | #endif |
127 | 132 | ||
128 | 133 | ||
129 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, | 134 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, |
130 | void *asn, EVP_PKEY *pkey) | 135 | ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) |
131 | { | 136 | { |
132 | EVP_MD_CTX ctx; | 137 | EVP_MD_CTX ctx; |
133 | const EVP_MD *type = NULL; | ||
134 | unsigned char *buf_in=NULL; | 138 | unsigned char *buf_in=NULL; |
135 | int ret= -1,inl; | 139 | int ret= -1,inl; |
136 | 140 | ||
@@ -144,25 +148,47 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
144 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); | 148 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
145 | goto err; | 149 | goto err; |
146 | } | 150 | } |
147 | type=EVP_get_digestbynid(mdnid); | 151 | if (mdnid == NID_undef) |
148 | if (type == NULL) | ||
149 | { | 152 | { |
150 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | 153 | if (!pkey->ameth || !pkey->ameth->item_verify) |
151 | goto err; | 154 | { |
155 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); | ||
156 | goto err; | ||
157 | } | ||
158 | ret = pkey->ameth->item_verify(&ctx, it, asn, a, | ||
159 | signature, pkey); | ||
160 | /* Return value of 2 means carry on, anything else means we | ||
161 | * exit straight away: either a fatal error of the underlying | ||
162 | * verification routine handles all verification. | ||
163 | */ | ||
164 | if (ret != 2) | ||
165 | goto err; | ||
166 | ret = -1; | ||
152 | } | 167 | } |
153 | 168 | else | |
154 | /* Check public key OID matches public key type */ | ||
155 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) | ||
156 | { | 169 | { |
157 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); | 170 | const EVP_MD *type; |
158 | goto err; | 171 | type=EVP_get_digestbynid(mdnid); |
159 | } | 172 | if (type == NULL) |
173 | { | ||
174 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | ||
175 | goto err; | ||
176 | } | ||
177 | |||
178 | /* Check public key OID matches public key type */ | ||
179 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) | ||
180 | { | ||
181 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); | ||
182 | goto err; | ||
183 | } | ||
184 | |||
185 | if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) | ||
186 | { | ||
187 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | ||
188 | ret=0; | ||
189 | goto err; | ||
190 | } | ||
160 | 191 | ||
161 | if (!EVP_VerifyInit_ex(&ctx,type, NULL)) | ||
162 | { | ||
163 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | ||
164 | ret=0; | ||
165 | goto err; | ||
166 | } | 192 | } |
167 | 193 | ||
168 | inl = ASN1_item_i2d(asn, &buf_in, it); | 194 | inl = ASN1_item_i2d(asn, &buf_in, it); |
@@ -173,13 +199,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat | |||
173 | goto err; | 199 | goto err; |
174 | } | 200 | } |
175 | 201 | ||
176 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 202 | if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) |
203 | { | ||
204 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | ||
205 | ret=0; | ||
206 | goto err; | ||
207 | } | ||
177 | 208 | ||
178 | OPENSSL_cleanse(buf_in,(unsigned int)inl); | 209 | OPENSSL_cleanse(buf_in,(unsigned int)inl); |
179 | OPENSSL_free(buf_in); | 210 | OPENSSL_free(buf_in); |
180 | 211 | ||
181 | if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, | 212 | if (EVP_DigestVerifyFinal(&ctx,signature->data, |
182 | (unsigned int)signature->length,pkey) <= 0) | 213 | (size_t)signature->length) <= 0) |
183 | { | 214 | { |
184 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); | 215 | ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); |
185 | ret=0; | 216 | ret=0; |
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 59540e4e79..220a0c8c63 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h | |||
@@ -235,7 +235,7 @@ typedef struct asn1_object_st | |||
235 | */ | 235 | */ |
236 | #define ASN1_STRING_FLAG_MSTRING 0x040 | 236 | #define ASN1_STRING_FLAG_MSTRING 0x040 |
237 | /* This is the base type that holds just about everything :-) */ | 237 | /* This is the base type that holds just about everything :-) */ |
238 | typedef struct asn1_string_st | 238 | struct asn1_string_st |
239 | { | 239 | { |
240 | int length; | 240 | int length; |
241 | int type; | 241 | int type; |
@@ -245,7 +245,7 @@ typedef struct asn1_string_st | |||
245 | * input data has a non-zero 'unused bits' value, it will be | 245 | * input data has a non-zero 'unused bits' value, it will be |
246 | * handled correctly */ | 246 | * handled correctly */ |
247 | long flags; | 247 | long flags; |
248 | } ASN1_STRING; | 248 | }; |
249 | 249 | ||
250 | /* ASN1_ENCODING structure: this is used to save the received | 250 | /* ASN1_ENCODING structure: this is used to save the received |
251 | * encoding of an ASN1 type. This is useful to get round | 251 | * encoding of an ASN1 type. This is useful to get round |
@@ -293,7 +293,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE) | |||
293 | * see asn1t.h | 293 | * see asn1t.h |
294 | */ | 294 | */ |
295 | typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; | 295 | typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; |
296 | typedef struct ASN1_ITEM_st ASN1_ITEM; | ||
297 | typedef struct ASN1_TLC_st ASN1_TLC; | 296 | typedef struct ASN1_TLC_st ASN1_TLC; |
298 | /* This is just an opaque pointer */ | 297 | /* This is just an opaque pointer */ |
299 | typedef struct ASN1_VALUE_st ASN1_VALUE; | 298 | typedef struct ASN1_VALUE_st ASN1_VALUE; |
@@ -1194,6 +1193,7 @@ void ERR_load_ASN1_strings(void); | |||
1194 | #define ASN1_F_ASN1_ITEM_I2D_FP 193 | 1193 | #define ASN1_F_ASN1_ITEM_I2D_FP 193 |
1195 | #define ASN1_F_ASN1_ITEM_PACK 198 | 1194 | #define ASN1_F_ASN1_ITEM_PACK 198 |
1196 | #define ASN1_F_ASN1_ITEM_SIGN 195 | 1195 | #define ASN1_F_ASN1_ITEM_SIGN 195 |
1196 | #define ASN1_F_ASN1_ITEM_SIGN_CTX 220 | ||
1197 | #define ASN1_F_ASN1_ITEM_UNPACK 199 | 1197 | #define ASN1_F_ASN1_ITEM_UNPACK 199 |
1198 | #define ASN1_F_ASN1_ITEM_VERIFY 197 | 1198 | #define ASN1_F_ASN1_ITEM_VERIFY 197 |
1199 | #define ASN1_F_ASN1_MBSTRING_NCOPY 122 | 1199 | #define ASN1_F_ASN1_MBSTRING_NCOPY 122 |
@@ -1266,6 +1266,7 @@ void ERR_load_ASN1_strings(void); | |||
1266 | #define ASN1_F_PKCS5_PBE2_SET_IV 167 | 1266 | #define ASN1_F_PKCS5_PBE2_SET_IV 167 |
1267 | #define ASN1_F_PKCS5_PBE_SET 202 | 1267 | #define ASN1_F_PKCS5_PBE_SET 202 |
1268 | #define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 | 1268 | #define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 |
1269 | #define ASN1_F_PKCS5_PBKDF2_SET 219 | ||
1269 | #define ASN1_F_SMIME_READ_ASN1 212 | 1270 | #define ASN1_F_SMIME_READ_ASN1 212 |
1270 | #define ASN1_F_SMIME_TEXT 213 | 1271 | #define ASN1_F_SMIME_TEXT 213 |
1271 | #define ASN1_F_X509_CINF_NEW 168 | 1272 | #define ASN1_F_X509_CINF_NEW 168 |
@@ -1291,6 +1292,7 @@ void ERR_load_ASN1_strings(void); | |||
1291 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 | 1292 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 |
1292 | #define ASN1_R_BUFFER_TOO_SMALL 107 | 1293 | #define ASN1_R_BUFFER_TOO_SMALL 107 |
1293 | #define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 | 1294 | #define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 |
1295 | #define ASN1_R_CONTEXT_NOT_INITIALISED 217 | ||
1294 | #define ASN1_R_DATA_IS_WRONG 109 | 1296 | #define ASN1_R_DATA_IS_WRONG 109 |
1295 | #define ASN1_R_DECODE_ERROR 110 | 1297 | #define ASN1_R_DECODE_ERROR 110 |
1296 | #define ASN1_R_DECODING_ERROR 111 | 1298 | #define ASN1_R_DECODING_ERROR 111 |
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c index 6e04d08f31..1a30bf119b 100644 --- a/src/lib/libcrypto/asn1/asn1_err.c +++ b/src/lib/libcrypto/asn1/asn1_err.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* crypto/asn1/asn1_err.c */ | 1 | /* crypto/asn1/asn1_err.c */ |
2 | /* ==================================================================== | 2 | /* ==================================================================== |
3 | * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
@@ -107,6 +107,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
107 | {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, | 107 | {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, |
108 | {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, | 108 | {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, |
109 | {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, | 109 | {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, |
110 | {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX), "ASN1_item_sign_ctx"}, | ||
110 | {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, | 111 | {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, |
111 | {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, | 112 | {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, |
112 | {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, | 113 | {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, |
@@ -179,6 +180,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= | |||
179 | {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, | 180 | {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, |
180 | {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, | 181 | {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, |
181 | {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, | 182 | {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, |
183 | {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"}, | ||
182 | {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, | 184 | {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, |
183 | {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, | 185 | {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, |
184 | {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, | 186 | {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, |
@@ -207,6 +209,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= | |||
207 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, | 209 | {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, |
208 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, | 210 | {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, |
209 | {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, | 211 | {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, |
212 | {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED),"context not initialised"}, | ||
210 | {ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, | 213 | {ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, |
211 | {ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, | 214 | {ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, |
212 | {ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, | 215 | {ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, |
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c index c1d1b12291..54a704a969 100644 --- a/src/lib/libcrypto/asn1/asn_mime.c +++ b/src/lib/libcrypto/asn1/asn_mime.c | |||
@@ -377,8 +377,12 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, | |||
377 | BIO *tmpbio; | 377 | BIO *tmpbio; |
378 | const ASN1_AUX *aux = it->funcs; | 378 | const ASN1_AUX *aux = it->funcs; |
379 | ASN1_STREAM_ARG sarg; | 379 | ASN1_STREAM_ARG sarg; |
380 | int rv = 1; | ||
380 | 381 | ||
381 | if (!(flags & SMIME_DETACHED)) | 382 | /* If data is not deteched or resigning then the output BIO is |
383 | * already set up to finalise when it is written through. | ||
384 | */ | ||
385 | if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) | ||
382 | { | 386 | { |
383 | SMIME_crlf_copy(data, out, flags); | 387 | SMIME_crlf_copy(data, out, flags); |
384 | return 1; | 388 | return 1; |
@@ -405,7 +409,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, | |||
405 | 409 | ||
406 | /* Finalize structure */ | 410 | /* Finalize structure */ |
407 | if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) | 411 | if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) |
408 | return 0; | 412 | rv = 0; |
409 | 413 | ||
410 | /* Now remove any digests prepended to the BIO */ | 414 | /* Now remove any digests prepended to the BIO */ |
411 | 415 | ||
@@ -416,7 +420,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, | |||
416 | sarg.ndef_bio = tmpbio; | 420 | sarg.ndef_bio = tmpbio; |
417 | } | 421 | } |
418 | 422 | ||
419 | return 1; | 423 | return rv; |
420 | 424 | ||
421 | } | 425 | } |
422 | 426 | ||
@@ -486,9 +490,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) | |||
486 | 490 | ||
487 | if(strcmp(hdr->value, "application/x-pkcs7-signature") && | 491 | if(strcmp(hdr->value, "application/x-pkcs7-signature") && |
488 | strcmp(hdr->value, "application/pkcs7-signature")) { | 492 | strcmp(hdr->value, "application/pkcs7-signature")) { |
489 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | ||
490 | ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); | 493 | ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); |
491 | ERR_add_error_data(2, "type: ", hdr->value); | 494 | ERR_add_error_data(2, "type: ", hdr->value); |
495 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); | ||
492 | sk_BIO_pop_free(parts, BIO_vfree); | 496 | sk_BIO_pop_free(parts, BIO_vfree); |
493 | return NULL; | 497 | return NULL; |
494 | } | 498 | } |
@@ -801,7 +805,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) | |||
801 | if(name) { | 805 | if(name) { |
802 | if(!(tmpname = BUF_strdup(name))) return NULL; | 806 | if(!(tmpname = BUF_strdup(name))) return NULL; |
803 | for(p = tmpname ; *p; p++) { | 807 | for(p = tmpname ; *p; p++) { |
804 | c = *p; | 808 | c = (unsigned char)*p; |
805 | if(isupper(c)) { | 809 | if(isupper(c)) { |
806 | c = tolower(c); | 810 | c = tolower(c); |
807 | *p = c; | 811 | *p = c; |
@@ -811,7 +815,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) | |||
811 | if(value) { | 815 | if(value) { |
812 | if(!(tmpval = BUF_strdup(value))) return NULL; | 816 | if(!(tmpval = BUF_strdup(value))) return NULL; |
813 | for(p = tmpval ; *p; p++) { | 817 | for(p = tmpval ; *p; p++) { |
814 | c = *p; | 818 | c = (unsigned char)*p; |
815 | if(isupper(c)) { | 819 | if(isupper(c)) { |
816 | c = tolower(c); | 820 | c = tolower(c); |
817 | *p = c; | 821 | *p = c; |
@@ -835,7 +839,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) | |||
835 | tmpname = BUF_strdup(name); | 839 | tmpname = BUF_strdup(name); |
836 | if(!tmpname) return 0; | 840 | if(!tmpname) return 0; |
837 | for(p = tmpname ; *p; p++) { | 841 | for(p = tmpname ; *p; p++) { |
838 | c = *p; | 842 | c = (unsigned char)*p; |
839 | if(isupper(c)) { | 843 | if(isupper(c)) { |
840 | c = tolower(c); | 844 | c = tolower(c); |
841 | *p = c; | 845 | *p = c; |
@@ -858,12 +862,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) | |||
858 | static int mime_hdr_cmp(const MIME_HEADER * const *a, | 862 | static int mime_hdr_cmp(const MIME_HEADER * const *a, |
859 | const MIME_HEADER * const *b) | 863 | const MIME_HEADER * const *b) |
860 | { | 864 | { |
865 | if (!(*a)->name || !(*b)->name) | ||
866 | return !!(*a)->name - !!(*b)->name; | ||
867 | |||
861 | return(strcmp((*a)->name, (*b)->name)); | 868 | return(strcmp((*a)->name, (*b)->name)); |
862 | } | 869 | } |
863 | 870 | ||
864 | static int mime_param_cmp(const MIME_PARAM * const *a, | 871 | static int mime_param_cmp(const MIME_PARAM * const *a, |
865 | const MIME_PARAM * const *b) | 872 | const MIME_PARAM * const *b) |
866 | { | 873 | { |
874 | if (!(*a)->param_name || !(*b)->param_name) | ||
875 | return !!(*a)->param_name - !!(*b)->param_name; | ||
867 | return(strcmp((*a)->param_name, (*b)->param_name)); | 876 | return(strcmp((*a)->param_name, (*b)->param_name)); |
868 | } | 877 | } |
869 | 878 | ||
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c index e7d0439062..e251739933 100644 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ b/src/lib/libcrypto/asn1/n_pkey.c | |||
@@ -129,6 +129,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, | |||
129 | unsigned char buf[256],*zz; | 129 | unsigned char buf[256],*zz; |
130 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 130 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
131 | EVP_CIPHER_CTX ctx; | 131 | EVP_CIPHER_CTX ctx; |
132 | EVP_CIPHER_CTX_init(&ctx); | ||
132 | 133 | ||
133 | if (a == NULL) return(0); | 134 | if (a == NULL) return(0); |
134 | 135 | ||
@@ -206,24 +207,28 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, | |||
206 | i = strlen((char *)buf); | 207 | i = strlen((char *)buf); |
207 | /* If the key is used for SGC the algorithm is modified a little. */ | 208 | /* If the key is used for SGC the algorithm is modified a little. */ |
208 | if(sgckey) { | 209 | if(sgckey) { |
209 | EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); | 210 | if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) |
211 | goto err; | ||
210 | memcpy(buf + 16, "SGCKEYSALT", 10); | 212 | memcpy(buf + 16, "SGCKEYSALT", 10); |
211 | i = 26; | 213 | i = 26; |
212 | } | 214 | } |
213 | 215 | ||
214 | EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); | 216 | if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL)) |
217 | goto err; | ||
215 | OPENSSL_cleanse(buf,256); | 218 | OPENSSL_cleanse(buf,256); |
216 | 219 | ||
217 | /* Encrypt private key in place */ | 220 | /* Encrypt private key in place */ |
218 | zz = enckey->enckey->digest->data; | 221 | zz = enckey->enckey->digest->data; |
219 | EVP_CIPHER_CTX_init(&ctx); | 222 | if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL)) |
220 | EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL); | 223 | goto err; |
221 | EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); | 224 | if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen)) |
222 | EVP_EncryptFinal_ex(&ctx,zz + i,&j); | 225 | goto err; |
223 | EVP_CIPHER_CTX_cleanup(&ctx); | 226 | if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j)) |
227 | goto err; | ||
224 | 228 | ||
225 | ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); | 229 | ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); |
226 | err: | 230 | err: |
231 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
227 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); | 232 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); |
228 | NETSCAPE_PKEY_free(pkey); | 233 | NETSCAPE_PKEY_free(pkey); |
229 | return(ret); | 234 | return(ret); |
@@ -288,6 +293,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | |||
288 | const unsigned char *zz; | 293 | const unsigned char *zz; |
289 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 294 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
290 | EVP_CIPHER_CTX ctx; | 295 | EVP_CIPHER_CTX ctx; |
296 | EVP_CIPHER_CTX_init(&ctx); | ||
291 | 297 | ||
292 | i=cb((char *)buf,256,"Enter Private Key password:",0); | 298 | i=cb((char *)buf,256,"Enter Private Key password:",0); |
293 | if (i != 0) | 299 | if (i != 0) |
@@ -298,19 +304,22 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | |||
298 | 304 | ||
299 | i = strlen((char *)buf); | 305 | i = strlen((char *)buf); |
300 | if(sgckey){ | 306 | if(sgckey){ |
301 | EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); | 307 | if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) |
308 | goto err; | ||
302 | memcpy(buf + 16, "SGCKEYSALT", 10); | 309 | memcpy(buf + 16, "SGCKEYSALT", 10); |
303 | i = 26; | 310 | i = 26; |
304 | } | 311 | } |
305 | 312 | ||
306 | EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); | 313 | if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL)) |
314 | goto err; | ||
307 | OPENSSL_cleanse(buf,256); | 315 | OPENSSL_cleanse(buf,256); |
308 | 316 | ||
309 | EVP_CIPHER_CTX_init(&ctx); | 317 | if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL)) |
310 | EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); | 318 | goto err; |
311 | EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); | 319 | if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length)) |
312 | EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j); | 320 | goto err; |
313 | EVP_CIPHER_CTX_cleanup(&ctx); | 321 | if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j)) |
322 | goto err; | ||
314 | os->length=i+j; | 323 | os->length=i+j; |
315 | 324 | ||
316 | zz=os->data; | 325 | zz=os->data; |
@@ -328,6 +337,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | |||
328 | goto err; | 337 | goto err; |
329 | } | 338 | } |
330 | err: | 339 | err: |
340 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
331 | NETSCAPE_PKEY_free(pkey); | 341 | NETSCAPE_PKEY_free(pkey); |
332 | return(ret); | 342 | return(ret); |
333 | } | 343 | } |
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index cb49b6651d..4ea683036b 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c | |||
@@ -91,12 +91,10 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
91 | unsigned char *aiv, int prf_nid) | 91 | unsigned char *aiv, int prf_nid) |
92 | { | 92 | { |
93 | X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; | 93 | X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; |
94 | int alg_nid; | 94 | int alg_nid, keylen; |
95 | EVP_CIPHER_CTX ctx; | 95 | EVP_CIPHER_CTX ctx; |
96 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 96 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
97 | PBKDF2PARAM *kdf = NULL; | ||
98 | PBE2PARAM *pbe2 = NULL; | 97 | PBE2PARAM *pbe2 = NULL; |
99 | ASN1_OCTET_STRING *osalt = NULL; | ||
100 | ASN1_OBJECT *obj; | 98 | ASN1_OBJECT *obj; |
101 | 99 | ||
102 | alg_nid = EVP_CIPHER_type(cipher); | 100 | alg_nid = EVP_CIPHER_type(cipher); |
@@ -127,7 +125,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
127 | EVP_CIPHER_CTX_init(&ctx); | 125 | EVP_CIPHER_CTX_init(&ctx); |
128 | 126 | ||
129 | /* Dummy cipherinit to just setup the IV, and PRF */ | 127 | /* Dummy cipherinit to just setup the IV, and PRF */ |
130 | EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); | 128 | if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) |
129 | goto err; | ||
131 | if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { | 130 | if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { |
132 | ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, | 131 | ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, |
133 | ASN1_R_ERROR_SETTING_CIPHER_PARAMS); | 132 | ASN1_R_ERROR_SETTING_CIPHER_PARAMS); |
@@ -145,55 +144,21 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
145 | } | 144 | } |
146 | EVP_CIPHER_CTX_cleanup(&ctx); | 145 | EVP_CIPHER_CTX_cleanup(&ctx); |
147 | 146 | ||
148 | if(!(kdf = PBKDF2PARAM_new())) goto merr; | ||
149 | if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr; | ||
150 | |||
151 | if (!saltlen) saltlen = PKCS5_SALT_LEN; | ||
152 | if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr; | ||
153 | osalt->length = saltlen; | ||
154 | if (salt) memcpy (osalt->data, salt, saltlen); | ||
155 | else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr; | ||
156 | |||
157 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; | ||
158 | if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; | ||
159 | |||
160 | /* Now include salt in kdf structure */ | ||
161 | kdf->salt->value.octet_string = osalt; | ||
162 | kdf->salt->type = V_ASN1_OCTET_STRING; | ||
163 | osalt = NULL; | ||
164 | |||
165 | /* If its RC2 then we'd better setup the key length */ | 147 | /* If its RC2 then we'd better setup the key length */ |
166 | 148 | ||
167 | if(alg_nid == NID_rc2_cbc) { | 149 | if(alg_nid == NID_rc2_cbc) |
168 | if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr; | 150 | keylen = EVP_CIPHER_key_length(cipher); |
169 | if(!ASN1_INTEGER_set (kdf->keylength, | 151 | else |
170 | EVP_CIPHER_key_length(cipher))) goto merr; | 152 | keylen = -1; |
171 | } | ||
172 | |||
173 | /* prf can stay NULL if we are using hmacWithSHA1 */ | ||
174 | if (prf_nid != NID_hmacWithSHA1) | ||
175 | { | ||
176 | kdf->prf = X509_ALGOR_new(); | ||
177 | if (!kdf->prf) | ||
178 | goto merr; | ||
179 | X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), | ||
180 | V_ASN1_NULL, NULL); | ||
181 | } | ||
182 | |||
183 | /* Now setup the PBE2PARAM keyfunc structure */ | ||
184 | 153 | ||
185 | pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); | 154 | /* Setup keyfunc */ |
186 | 155 | ||
187 | /* Encode PBKDF2PARAM into parameter of pbe2 */ | 156 | X509_ALGOR_free(pbe2->keyfunc); |
188 | 157 | ||
189 | if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; | 158 | pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen); |
190 | 159 | ||
191 | if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), | 160 | if (!pbe2->keyfunc) |
192 | &pbe2->keyfunc->parameter->value.sequence)) goto merr; | 161 | goto merr; |
193 | pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; | ||
194 | |||
195 | PBKDF2PARAM_free(kdf); | ||
196 | kdf = NULL; | ||
197 | 162 | ||
198 | /* Now set up top level AlgorithmIdentifier */ | 163 | /* Now set up top level AlgorithmIdentifier */ |
199 | 164 | ||
@@ -219,8 +184,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, | |||
219 | err: | 184 | err: |
220 | PBE2PARAM_free(pbe2); | 185 | PBE2PARAM_free(pbe2); |
221 | /* Note 'scheme' is freed as part of pbe2 */ | 186 | /* Note 'scheme' is freed as part of pbe2 */ |
222 | M_ASN1_OCTET_STRING_free(osalt); | ||
223 | PBKDF2PARAM_free(kdf); | ||
224 | X509_ALGOR_free(kalg); | 187 | X509_ALGOR_free(kalg); |
225 | X509_ALGOR_free(ret); | 188 | X509_ALGOR_free(ret); |
226 | 189 | ||
@@ -233,3 +196,85 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
233 | { | 196 | { |
234 | return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); | 197 | return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); |
235 | } | 198 | } |
199 | |||
200 | X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, | ||
201 | int prf_nid, int keylen) | ||
202 | { | ||
203 | X509_ALGOR *keyfunc = NULL; | ||
204 | PBKDF2PARAM *kdf = NULL; | ||
205 | ASN1_OCTET_STRING *osalt = NULL; | ||
206 | |||
207 | if(!(kdf = PBKDF2PARAM_new())) | ||
208 | goto merr; | ||
209 | if(!(osalt = M_ASN1_OCTET_STRING_new())) | ||
210 | goto merr; | ||
211 | |||
212 | kdf->salt->value.octet_string = osalt; | ||
213 | kdf->salt->type = V_ASN1_OCTET_STRING; | ||
214 | |||
215 | if (!saltlen) | ||
216 | saltlen = PKCS5_SALT_LEN; | ||
217 | if (!(osalt->data = OPENSSL_malloc (saltlen))) | ||
218 | goto merr; | ||
219 | |||
220 | osalt->length = saltlen; | ||
221 | |||
222 | if (salt) | ||
223 | memcpy (osalt->data, salt, saltlen); | ||
224 | else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) | ||
225 | goto merr; | ||
226 | |||
227 | if(iter <= 0) | ||
228 | iter = PKCS5_DEFAULT_ITER; | ||
229 | |||
230 | if(!ASN1_INTEGER_set(kdf->iter, iter)) | ||
231 | goto merr; | ||
232 | |||
233 | /* If have a key len set it up */ | ||
234 | |||
235 | if(keylen > 0) | ||
236 | { | ||
237 | if(!(kdf->keylength = M_ASN1_INTEGER_new())) | ||
238 | goto merr; | ||
239 | if(!ASN1_INTEGER_set (kdf->keylength, keylen)) | ||
240 | goto merr; | ||
241 | } | ||
242 | |||
243 | /* prf can stay NULL if we are using hmacWithSHA1 */ | ||
244 | if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) | ||
245 | { | ||
246 | kdf->prf = X509_ALGOR_new(); | ||
247 | if (!kdf->prf) | ||
248 | goto merr; | ||
249 | X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), | ||
250 | V_ASN1_NULL, NULL); | ||
251 | } | ||
252 | |||
253 | /* Finally setup the keyfunc structure */ | ||
254 | |||
255 | keyfunc = X509_ALGOR_new(); | ||
256 | if (!keyfunc) | ||
257 | goto merr; | ||
258 | |||
259 | keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); | ||
260 | |||
261 | /* Encode PBKDF2PARAM into parameter of pbe2 */ | ||
262 | |||
263 | if(!(keyfunc->parameter = ASN1_TYPE_new())) | ||
264 | goto merr; | ||
265 | |||
266 | if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), | ||
267 | &keyfunc->parameter->value.sequence)) | ||
268 | goto merr; | ||
269 | keyfunc->parameter->type = V_ASN1_SEQUENCE; | ||
270 | |||
271 | PBKDF2PARAM_free(kdf); | ||
272 | return keyfunc; | ||
273 | |||
274 | merr: | ||
275 | ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE); | ||
276 | PBKDF2PARAM_free(kdf); | ||
277 | X509_ALGOR_free(keyfunc); | ||
278 | return NULL; | ||
279 | } | ||
280 | |||
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c index ee5a687ce8..c61169208a 100644 --- a/src/lib/libcrypto/asn1/t_crl.c +++ b/src/lib/libcrypto/asn1/t_crl.c | |||
@@ -94,8 +94,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) | |||
94 | l = X509_CRL_get_version(x); | 94 | l = X509_CRL_get_version(x); |
95 | BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l); | 95 | BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l); |
96 | i = OBJ_obj2nid(x->sig_alg->algorithm); | 96 | i = OBJ_obj2nid(x->sig_alg->algorithm); |
97 | BIO_printf(out, "%8sSignature Algorithm: %s\n", "", | 97 | X509_signature_print(out, x->sig_alg, NULL); |
98 | (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); | ||
99 | p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); | 98 | p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); |
100 | BIO_printf(out,"%8sIssuer: %s\n","",p); | 99 | BIO_printf(out,"%8sIssuer: %s\n","",p); |
101 | OPENSSL_free(p); | 100 | OPENSSL_free(p); |
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c index e061f2ffad..edbb39a02f 100644 --- a/src/lib/libcrypto/asn1/t_x509.c +++ b/src/lib/libcrypto/asn1/t_x509.c | |||
@@ -72,6 +72,7 @@ | |||
72 | #include <openssl/objects.h> | 72 | #include <openssl/objects.h> |
73 | #include <openssl/x509.h> | 73 | #include <openssl/x509.h> |
74 | #include <openssl/x509v3.h> | 74 | #include <openssl/x509v3.h> |
75 | #include "asn1_locl.h" | ||
75 | 76 | ||
76 | #ifndef OPENSSL_NO_FP_API | 77 | #ifndef OPENSSL_NO_FP_API |
77 | int X509_print_fp(FILE *fp, X509 *x) | 78 | int X509_print_fp(FILE *fp, X509 *x) |
@@ -137,10 +138,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) | |||
137 | if (BIO_write(bp," Serial Number:",22) <= 0) goto err; | 138 | if (BIO_write(bp," Serial Number:",22) <= 0) goto err; |
138 | 139 | ||
139 | bs=X509_get_serialNumber(x); | 140 | bs=X509_get_serialNumber(x); |
140 | if (bs->length <= 4) | 141 | if (bs->length <= (int)sizeof(long)) |
141 | { | 142 | { |
142 | l=ASN1_INTEGER_get(bs); | 143 | l=ASN1_INTEGER_get(bs); |
143 | if (l < 0) | 144 | if (bs->type == V_ASN1_NEG_INTEGER) |
144 | { | 145 | { |
145 | l= -l; | 146 | l= -l; |
146 | neg="-"; | 147 | neg="-"; |
@@ -167,12 +168,16 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) | |||
167 | 168 | ||
168 | if(!(cflag & X509_FLAG_NO_SIGNAME)) | 169 | if(!(cflag & X509_FLAG_NO_SIGNAME)) |
169 | { | 170 | { |
171 | if(X509_signature_print(bp, x->sig_alg, NULL) <= 0) | ||
172 | goto err; | ||
173 | #if 0 | ||
170 | if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) | 174 | if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) |
171 | goto err; | 175 | goto err; |
172 | if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) | 176 | if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) |
173 | goto err; | 177 | goto err; |
174 | if (BIO_puts(bp, "\n") <= 0) | 178 | if (BIO_puts(bp, "\n") <= 0) |
175 | goto err; | 179 | goto err; |
180 | #endif | ||
176 | } | 181 | } |
177 | 182 | ||
178 | if(!(cflag & X509_FLAG_NO_ISSUER)) | 183 | if(!(cflag & X509_FLAG_NO_ISSUER)) |
@@ -255,7 +260,8 @@ int X509_ocspid_print (BIO *bp, X509 *x) | |||
255 | goto err; | 260 | goto err; |
256 | i2d_X509_NAME(x->cert_info->subject, &dertmp); | 261 | i2d_X509_NAME(x->cert_info->subject, &dertmp); |
257 | 262 | ||
258 | EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); | 263 | if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) |
264 | goto err; | ||
259 | for (i=0; i < SHA_DIGEST_LENGTH; i++) | 265 | for (i=0; i < SHA_DIGEST_LENGTH; i++) |
260 | { | 266 | { |
261 | if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; | 267 | if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; |
@@ -268,8 +274,10 @@ int X509_ocspid_print (BIO *bp, X509 *x) | |||
268 | if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) | 274 | if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) |
269 | goto err; | 275 | goto err; |
270 | 276 | ||
271 | EVP_Digest(x->cert_info->key->public_key->data, | 277 | if (!EVP_Digest(x->cert_info->key->public_key->data, |
272 | x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); | 278 | x->cert_info->key->public_key->length, |
279 | SHA1md, NULL, EVP_sha1(), NULL)) | ||
280 | goto err; | ||
273 | for (i=0; i < SHA_DIGEST_LENGTH; i++) | 281 | for (i=0; i < SHA_DIGEST_LENGTH; i++) |
274 | { | 282 | { |
275 | if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) | 283 | if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) |
@@ -283,23 +291,50 @@ err: | |||
283 | return(0); | 291 | return(0); |
284 | } | 292 | } |
285 | 293 | ||
286 | int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) | 294 | int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) |
287 | { | 295 | { |
288 | unsigned char *s; | 296 | const unsigned char *s; |
289 | int i, n; | 297 | int i, n; |
290 | if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0; | ||
291 | if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; | ||
292 | 298 | ||
293 | n=sig->length; | 299 | n=sig->length; |
294 | s=sig->data; | 300 | s=sig->data; |
295 | for (i=0; i<n; i++) | 301 | for (i=0; i<n; i++) |
296 | { | 302 | { |
297 | if ((i%18) == 0) | 303 | if ((i%18) == 0) |
298 | if (BIO_write(bp,"\n ",9) <= 0) return 0; | 304 | { |
305 | if (BIO_write(bp,"\n",1) <= 0) return 0; | ||
306 | if (BIO_indent(bp, indent, indent) <= 0) return 0; | ||
307 | } | ||
299 | if (BIO_printf(bp,"%02x%s",s[i], | 308 | if (BIO_printf(bp,"%02x%s",s[i], |
300 | ((i+1) == n)?"":":") <= 0) return 0; | 309 | ((i+1) == n)?"":":") <= 0) return 0; |
301 | } | 310 | } |
302 | if (BIO_write(bp,"\n",1) != 1) return 0; | 311 | if (BIO_write(bp,"\n",1) != 1) return 0; |
312 | |||
313 | return 1; | ||
314 | } | ||
315 | |||
316 | int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) | ||
317 | { | ||
318 | int sig_nid; | ||
319 | if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0; | ||
320 | if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; | ||
321 | |||
322 | sig_nid = OBJ_obj2nid(sigalg->algorithm); | ||
323 | if (sig_nid != NID_undef) | ||
324 | { | ||
325 | int pkey_nid, dig_nid; | ||
326 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
327 | if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) | ||
328 | { | ||
329 | ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); | ||
330 | if (ameth && ameth->sig_print) | ||
331 | return ameth->sig_print(bp, sigalg, sig, 9, 0); | ||
332 | } | ||
333 | } | ||
334 | if (sig) | ||
335 | return X509_signature_dump(bp, sig, 9); | ||
336 | else if (BIO_puts(bp, "\n") <= 0) | ||
337 | return 0; | ||
303 | return 1; | 338 | return 1; |
304 | } | 339 | } |
305 | 340 | ||
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c index 453698012d..542a091a66 100644 --- a/src/lib/libcrypto/asn1/tasn_prn.c +++ b/src/lib/libcrypto/asn1/tasn_prn.c | |||
@@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent, | |||
446 | return 1; | 446 | return 1; |
447 | } | 447 | } |
448 | 448 | ||
449 | static int asn1_print_boolean_ctx(BIO *out, const int bool, | 449 | static int asn1_print_boolean_ctx(BIO *out, int boolval, |
450 | const ASN1_PCTX *pctx) | 450 | const ASN1_PCTX *pctx) |
451 | { | 451 | { |
452 | const char *str; | 452 | const char *str; |
453 | switch (bool) | 453 | switch (boolval) |
454 | { | 454 | { |
455 | case -1: | 455 | case -1: |
456 | str = "BOOL ABSENT"; | 456 | str = "BOOL ABSENT"; |
@@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, | |||
574 | { | 574 | { |
575 | case V_ASN1_BOOLEAN: | 575 | case V_ASN1_BOOLEAN: |
576 | { | 576 | { |
577 | int bool = *(int *)fld; | 577 | int boolval = *(int *)fld; |
578 | if (bool == -1) | 578 | if (boolval == -1) |
579 | bool = it->size; | 579 | boolval = it->size; |
580 | ret = asn1_print_boolean_ctx(out, bool, pctx); | 580 | ret = asn1_print_boolean_ctx(out, boolval, pctx); |
581 | } | 581 | } |
582 | break; | 582 | break; |
583 | 583 | ||
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c index 99e53429b7..274e456c73 100644 --- a/src/lib/libcrypto/asn1/x_algor.c +++ b/src/lib/libcrypto/asn1/x_algor.c | |||
@@ -128,3 +128,17 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, | |||
128 | } | 128 | } |
129 | } | 129 | } |
130 | 130 | ||
131 | /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ | ||
132 | |||
133 | void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) | ||
134 | { | ||
135 | int param_type; | ||
136 | |||
137 | if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) | ||
138 | param_type = V_ASN1_UNDEF; | ||
139 | else | ||
140 | param_type = V_ASN1_NULL; | ||
141 | |||
142 | X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); | ||
143 | |||
144 | } | ||
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c index 49be08b4da..d7c2318693 100644 --- a/src/lib/libcrypto/asn1/x_name.c +++ b/src/lib/libcrypto/asn1/x_name.c | |||
@@ -399,8 +399,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) | |||
399 | /* If type not in bitmask just copy string across */ | 399 | /* If type not in bitmask just copy string across */ |
400 | if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) | 400 | if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) |
401 | { | 401 | { |
402 | out->type = in->type; | 402 | if (!ASN1_STRING_copy(out, in)) |
403 | if (!ASN1_STRING_set(out, in->data, in->length)) | ||
404 | return 0; | 403 | return 0; |
405 | return 1; | 404 | return 1; |
406 | } | 405 | } |
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c index d42b6a2c54..627ec87f9f 100644 --- a/src/lib/libcrypto/asn1/x_pubkey.c +++ b/src/lib/libcrypto/asn1/x_pubkey.c | |||
@@ -171,7 +171,16 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) | |||
171 | goto error; | 171 | goto error; |
172 | } | 172 | } |
173 | 173 | ||
174 | key->pkey = ret; | 174 | /* Check to see if another thread set key->pkey first */ |
175 | CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); | ||
176 | if (key->pkey) | ||
177 | { | ||
178 | EVP_PKEY_free(ret); | ||
179 | ret = key->pkey; | ||
180 | } | ||
181 | else | ||
182 | key->pkey = ret; | ||
183 | CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); | ||
175 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); | 184 | CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); |
176 | 185 | ||
177 | return ret; | 186 | return ret; |