1 files changed, 48 insertions, 78 deletions
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index cdac3b870d..e3192b9c57 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -58,6 +58,7 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include "cms_lcl.h"
+#include "asn1_locl.h"
 /* CMS SignedData Utilities */
@@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
                if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
                                        X509_get_issuer_name(cert)))
                        goto merr;
-                ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
+                if (!ASN1_STRING_copy(
-                sid->d.issuerAndSerialNumber->serialNumber =
+                        sid->d.issuerAndSerialNumber->serialNumber,
-                                ASN1_STRING_dup(X509_get_serialNumber(cert));
+                                X509_get_serialNumber(cert)))
-                if(!sid->d.issuerAndSerialNumber->serialNumber)
                        goto merr;
                break;
@@ -341,16 +341,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
        if (!cms_set1_SignerIdentifier(si->sid, signer, type))
                goto err;
-        /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
        if (md == NULL)
-                md = EVP_sha1();
+                {
+                int def_nid;
-        /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
+                if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+                        goto err;
+                md = EVP_get_digestbynid(def_nid);
+                if (md == NULL)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+                        goto err;
+                        }
+                }
-        if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
+        if (!md)
                {
-                CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
-                                CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
                goto err;
                }
@@ -379,37 +385,21 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
                        }
                }
-        /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
+        if (pk->ameth && pk->ameth->pkey_ctrl)
-         * hard code algorithm parameters.
-         */
-        switch (pk->type)
                {
+                i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
-                case EVP_PKEY_RSA:
+                                                0, si);
-                X509_ALGOR_set0(si->signatureAlgorithm,
+                if (i == -2)
-                                        OBJ_nid2obj(NID_rsaEncryption),
+                        {
-                                        V_ASN1_NULL, 0);
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER,
-                break;
-                case EVP_PKEY_DSA:
-                X509_ALGOR_set0(si->signatureAlgorithm,
-                                        OBJ_nid2obj(NID_dsaWithSHA1),
-                                        V_ASN1_UNDEF, 0);
-                break;
-                case EVP_PKEY_EC:
-                X509_ALGOR_set0(si->signatureAlgorithm,
-                                        OBJ_nid2obj(NID_ecdsa_with_SHA1),
-                                        V_ASN1_UNDEF, 0);
-                break;
-                default:
-                CMSerr(CMS_F_CMS_ADD1_SIGNER,
                                CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-                goto err;
+                        goto err;
+                        }
+                if (i <= 0)
+                        {
+                        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
+                        goto err;
+                        }
                }
        if (!(flags & CMS_NOATTR))
@@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
                *psig = si->signatureAlgorithm;
        }
-/* In OpenSSL 0.9.8 we have the link between digest types and public
- * key types so we need to fixup the digest type if the public key
- * type is not appropriate.
- */
-static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
-        {
-        if (EVP_MD_CTX_type(mctx) != NID_sha1)
-                return;
-#ifndef OPENSSL_NO_DSA
-        if (pkey->type == EVP_PKEY_DSA)
-                mctx->digest = EVP_dss1();      
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC)
-                mctx->digest = EVP_ecdsa();     
-#endif
-        }
 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                                        CMS_SignerInfo *si, BIO *chain)
        {
@@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                                        ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-                cms_fixup_mctx(&mctx, si->pkey);
                if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
                        {
                        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
@@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
 int CMS_SignerInfo_sign(CMS_SignerInfo *si)
        {
        EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
        unsigned char *abuf = NULL;
        int alen;
-        unsigned int siglen;
+        size_t siglen;
        const EVP_MD *md = NULL;
        md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
@@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
                        goto err;
                }
-        if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
+        if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
                goto err;
-#if 0
        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
                                EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
                {
                CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
                goto err;
                }
-#endif
        alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
                                ASN1_ITEM_rptr(CMS_Attributes_Sign));
        if(!abuf)
                goto err;
-        if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
+        if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
+                goto err;
+        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                goto err;
-        siglen = EVP_PKEY_size(si->pkey);
        OPENSSL_free(abuf);
        abuf = OPENSSL_malloc(siglen);
        if(!abuf)
                goto err;
-        cms_fixup_mctx(&mctx, si->pkey);
+        if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
-        if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
                goto err;
-#if 0
        if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
                                EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
                {
                CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
                goto err;
                }
-#endif
        EVP_MD_CTX_cleanup(&mctx);
        ASN1_STRING_set0(si->signature, abuf, siglen);
@@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 int CMS_SignerInfo_verify(CMS_SignerInfo *si)
        {
        EVP_MD_CTX mctx;
+        EVP_PKEY_CTX *pctx;
        unsigned char *abuf = NULL;
        int alen, r = -1;
        const EVP_MD *md = NULL;
@@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
        if (md == NULL)
                return -1;
        EVP_MD_CTX_init(&mctx);
-        if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
+        if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
                goto err;
        alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
                                ASN1_ITEM_rptr(CMS_Attributes_Verify));
        if(!abuf)
                goto err;
-        r = EVP_VerifyUpdate(&mctx, abuf, alen);
+        r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
        OPENSSL_free(abuf);
        if (r <= 0)
                {
                r = -1;
                goto err;
                }
-        cms_fixup_mctx(&mctx, si->pkey);
+        r = EVP_DigestVerifyFinal(&mctx,
-        r = EVP_VerifyFinal(&mctx,
+                        si->signature->data, si->signature->length);
-                        si->signature->data, si->signature->length, si->pkey);
        if (r <= 0)
                CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
        err:
@@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
                }
        else
                {
-                cms_fixup_mctx(&mctx, si->pkey);
                r = EVP_VerifyFinal(&mctx, si->signature->data,
                                        si->signature->length, si->pkey);
                if (r <= 0)
@@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
                return CMS_add_simple_smimecap(sk, nid, arg);
        return 1;
        }
-#if 0
 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
        {
        if (EVP_get_digestbynid(nid))
                return CMS_add_simple_smimecap(sk, nid, arg);
        return 1;
        }
-#endif
 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
        {
        if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
                || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
                || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
                || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)

diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c index cdac3b870d..e3192b9c57 100644 --- a/src/lib/libcrypto/cms/cms_sd.c +++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -58,6 +58,7 @@
58	#include <openssl/err.h>	58	#include <openssl/err.h>
59	#include <openssl/cms.h>	59	#include <openssl/cms.h>
60	#include "cms_lcl.h"	60	#include "cms_lcl.h"
		61	#include "asn1_locl.h"
61		62
62	/* CMS SignedData Utilities */	63	/* CMS SignedData Utilities */
63		64
@@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier sid, X509 cert, int type)
218	if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,	219	if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
219	X509_get_issuer_name(cert)))	220	X509_get_issuer_name(cert)))
220	goto merr;	221	goto merr;
221	ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);	222	if (!ASN1_STRING_copy(
222	sid->d.issuerAndSerialNumber->serialNumber =	223	sid->d.issuerAndSerialNumber->serialNumber,
223	ASN1_STRING_dup(X509_get_serialNumber(cert));	224	X509_get_serialNumber(cert)))
224	if(!sid->d.issuerAndSerialNumber->serialNumber)
225	goto merr;	225	goto merr;
226	break;	226	break;
227		227
@@ -341,16 +341,22 @@ CMS_SignerInfo CMS_add1_signer(CMS_ContentInfo cms,
341	if (!cms_set1_SignerIdentifier(si->sid, signer, type))	341	if (!cms_set1_SignerIdentifier(si->sid, signer, type))
342	goto err;	342	goto err;
343		343
344	/* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
345	if (md == NULL)	344	if (md == NULL)
346	md = EVP_sha1();	345	{
347		346	int def_nid;
348	/* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */	347	if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
		348	goto err;
		349	md = EVP_get_digestbynid(def_nid);
		350	if (md == NULL)
		351	{
		352	CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
		353	goto err;
		354	}
		355	}
349		356
350	if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))	357	if (!md)
351	{	358	{
352	CMSerr(CMS_F_CMS_ADD1_SIGNER,	359	CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
353	CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
354	goto err;	360	goto err;
355	}	361	}
356		362
@@ -379,37 +385,21 @@ CMS_SignerInfo CMS_add1_signer(CMS_ContentInfo cms,
379	}	385	}
380	}	386	}
381		387
382	/* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,	388	if (pk->ameth && pk->ameth->pkey_ctrl)
383	* hard code algorithm parameters.
384	*/
385
386	switch (pk->type)
387	{	389	{
388		390	i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
389	case EVP_PKEY_RSA:	391	0, si);
390	X509_ALGOR_set0(si->signatureAlgorithm,	392	if (i == -2)
391	OBJ_nid2obj(NID_rsaEncryption),	393	{
392	V_ASN1_NULL, 0);	394	CMSerr(CMS_F_CMS_ADD1_SIGNER,
393	break;
394
395	case EVP_PKEY_DSA:
396	X509_ALGOR_set0(si->signatureAlgorithm,
397	OBJ_nid2obj(NID_dsaWithSHA1),
398	V_ASN1_UNDEF, 0);
399	break;
400
401
402	case EVP_PKEY_EC:
403	X509_ALGOR_set0(si->signatureAlgorithm,
404	OBJ_nid2obj(NID_ecdsa_with_SHA1),
405	V_ASN1_UNDEF, 0);
406	break;
407
408	default:
409	CMSerr(CMS_F_CMS_ADD1_SIGNER,
410	CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);	395	CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
411	goto err;	396	goto err;
412		397	}
		398	if (i <= 0)
		399	{
		400	CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
		401	goto err;
		402	}
413	}	403	}
414		404
415	if (!(flags & CMS_NOATTR))	405	if (!(flags & CMS_NOATTR))
@@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo si, EVP_PKEY pk, X509 *signer,
626	*psig = si->signatureAlgorithm;	616	*psig = si->signatureAlgorithm;
627	}	617	}
628		618
629	/* In OpenSSL 0.9.8 we have the link between digest types and public
630	* key types so we need to fixup the digest type if the public key
631	* type is not appropriate.
632	*/
633
634	static void cms_fixup_mctx(EVP_MD_CTX mctx, EVP_PKEY pkey)
635	{
636	if (EVP_MD_CTX_type(mctx) != NID_sha1)
637	return;
638	#ifndef OPENSSL_NO_DSA
639	if (pkey->type == EVP_PKEY_DSA)
640	mctx->digest = EVP_dss1();
641	#endif
642	#ifndef OPENSSL_NO_ECDSA
643	if (pkey->type == EVP_PKEY_EC)
644	mctx->digest = EVP_ecdsa();
645	#endif
646	}
647
648	static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,	619	static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
649	CMS_SignerInfo si, BIO chain)	620	CMS_SignerInfo si, BIO chain)
650	{	621	{
@@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
693	ERR_R_MALLOC_FAILURE);	664	ERR_R_MALLOC_FAILURE);
694	goto err;	665	goto err;
695	}	666	}
696	cms_fixup_mctx(&mctx, si->pkey);
697	if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))	667	if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
698	{	668	{
699	CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,	669	CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
@@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo cms, BIO chain)
731	int CMS_SignerInfo_sign(CMS_SignerInfo *si)	701	int CMS_SignerInfo_sign(CMS_SignerInfo *si)
732	{	702	{
733	EVP_MD_CTX mctx;	703	EVP_MD_CTX mctx;
		704	EVP_PKEY_CTX *pctx;
734	unsigned char *abuf = NULL;	705	unsigned char *abuf = NULL;
735	int alen;	706	int alen;
736	unsigned int siglen;	707	size_t siglen;
737	const EVP_MD *md = NULL;	708	const EVP_MD *md = NULL;
738		709
739	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);	710	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
@@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
748	goto err;	719	goto err;
749	}	720	}
750		721
751	if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)	722	if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
752	goto err;	723	goto err;
753		724
754	#if 0
755	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,	725	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
756	EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)	726	EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
757	{	727	{
758	CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);	728	CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
759	goto err;	729	goto err;
760	}	730	}
761	#endif
762		731
763	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,	732	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
764	ASN1_ITEM_rptr(CMS_Attributes_Sign));	733	ASN1_ITEM_rptr(CMS_Attributes_Sign));
765	if(!abuf)	734	if(!abuf)
766	goto err;	735	goto err;
767	if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)	736	if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
		737	goto err;
		738	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
768	goto err;	739	goto err;
769	siglen = EVP_PKEY_size(si->pkey);
770	OPENSSL_free(abuf);	740	OPENSSL_free(abuf);
771	abuf = OPENSSL_malloc(siglen);	741	abuf = OPENSSL_malloc(siglen);
772	if(!abuf)	742	if(!abuf)
773	goto err;	743	goto err;
774	cms_fixup_mctx(&mctx, si->pkey);	744	if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
775	if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
776	goto err;	745	goto err;
777	#if 0	746
778	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,	747	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
779	EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)	748	EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
780	{	749	{
781	CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);	750	CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
782	goto err;	751	goto err;
783	}	752	}
784	#endif	753
785	EVP_MD_CTX_cleanup(&mctx);	754	EVP_MD_CTX_cleanup(&mctx);
786		755
787	ASN1_STRING_set0(si->signature, abuf, siglen);	756	ASN1_STRING_set0(si->signature, abuf, siglen);
@@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
799	int CMS_SignerInfo_verify(CMS_SignerInfo *si)	768	int CMS_SignerInfo_verify(CMS_SignerInfo *si)
800	{	769	{
801	EVP_MD_CTX mctx;	770	EVP_MD_CTX mctx;
		771	EVP_PKEY_CTX *pctx;
802	unsigned char *abuf = NULL;	772	unsigned char *abuf = NULL;
803	int alen, r = -1;	773	int alen, r = -1;
804	const EVP_MD *md = NULL;	774	const EVP_MD *md = NULL;
@@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
813	if (md == NULL)	783	if (md == NULL)
814	return -1;	784	return -1;
815	EVP_MD_CTX_init(&mctx);	785	EVP_MD_CTX_init(&mctx);
816	if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)	786	if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
817	goto err;	787	goto err;
818		788
819	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,	789	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
820	ASN1_ITEM_rptr(CMS_Attributes_Verify));	790	ASN1_ITEM_rptr(CMS_Attributes_Verify));
821	if(!abuf)	791	if(!abuf)
822	goto err;	792	goto err;
823	r = EVP_VerifyUpdate(&mctx, abuf, alen);	793	r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
824	OPENSSL_free(abuf);	794	OPENSSL_free(abuf);
825	if (r <= 0)	795	if (r <= 0)
826	{	796	{
827	r = -1;	797	r = -1;
828	goto err;	798	goto err;
829	}	799	}
830	cms_fixup_mctx(&mctx, si->pkey);	800	r = EVP_DigestVerifyFinal(&mctx,
831	r = EVP_VerifyFinal(&mctx,	801	si->signature->data, si->signature->length);
832	si->signature->data, si->signature->length, si->pkey);
833	if (r <= 0)	802	if (r <= 0)
834	CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);	803	CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
835	err:	804	err:
@@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo si, BIO chain)
922	}	891	}
923	else	892	else
924	{	893	{
925	cms_fixup_mctx(&mctx, si->pkey);
926	r = EVP_VerifyFinal(&mctx, si->signature->data,	894	r = EVP_VerifyFinal(&mctx, si->signature->data,
927	si->signature->length, si->pkey);	895	si->signature->length, si->pkey);
928	if (r <= 0)	896	if (r <= 0)
@@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
991	return CMS_add_simple_smimecap(sk, nid, arg);	959	return CMS_add_simple_smimecap(sk, nid, arg);
992	return 1;	960	return 1;
993	}	961	}
994	#if 0	962
995	static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)	963	static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
996	{	964	{
997	if (EVP_get_digestbynid(nid))	965	if (EVP_get_digestbynid(nid))
998	return CMS_add_simple_smimecap(sk, nid, arg);	966	return CMS_add_simple_smimecap(sk, nid, arg);
999	return 1;	967	return 1;
1000	}	968	}
1001	#endif	969
1002	int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)	970	int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
1003	{	971	{
1004	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)	972	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
		973	\|\| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
		974	\|\| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
1005	\|\| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)	975	\|\| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
1006	\|\| !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)	976	\|\| !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
1007	\|\| !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)	977	\|\| !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)