summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms/cms_sd.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/cms/cms_sd.c')
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c67
1 files changed, 30 insertions, 37 deletions
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index 2289c7e8a3..7072ce7dac 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_sd.c,v 1.18 2019/08/11 10:15:30 jsing Exp $ */ 1/* $OpenBSD: cms_sd.c,v 1.19 2019/08/11 10:38:27 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -69,7 +69,7 @@ static CMS_SignedData *
69cms_get0_signed(CMS_ContentInfo *cms) 69cms_get0_signed(CMS_ContentInfo *cms)
70{ 70{
71 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { 71 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
72 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 72 CMSerror(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
73 return NULL; 73 return NULL;
74 } 74 }
75 return cms->d.signedData; 75 return cms->d.signedData;
@@ -81,7 +81,7 @@ cms_signed_data_init(CMS_ContentInfo *cms)
81 if (cms->d.other == NULL) { 81 if (cms->d.other == NULL) {
82 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 82 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
83 if (!cms->d.signedData) { 83 if (!cms->d.signedData) {
84 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); 84 CMSerror(ERR_R_MALLOC_FAILURE);
85 return NULL; 85 return NULL;
86 } 86 }
87 cms->d.signedData->version = 1; 87 cms->d.signedData->version = 1;
@@ -180,8 +180,7 @@ cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
180 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 180 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
181 OBJ_nid2obj(NID_pkcs9_messageDigest), -3, V_ASN1_OCTET_STRING); 181 OBJ_nid2obj(NID_pkcs9_messageDigest), -3, V_ASN1_OCTET_STRING);
182 if (!messageDigest) { 182 if (!messageDigest) {
183 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, 183 CMSerror(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
184 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
185 return 0; 184 return 0;
186 } 185 }
187 186
@@ -192,7 +191,7 @@ cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
192 return 0; 191 return 0;
193 } 192 }
194 193
195 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); 194 CMSerror(CMS_R_NO_MATCHING_DIGEST);
196 195
197 return 0; 196 return 0;
198} 197}
@@ -212,7 +211,7 @@ cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
212 break; 211 break;
213 212
214 default: 213 default:
215 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); 214 CMSerror(CMS_R_UNKNOWN_ID);
216 return 0; 215 return 0;
217 } 216 }
218 217
@@ -260,11 +259,11 @@ cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
260 return 1; 259 return 1;
261 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si); 260 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
262 if (i == -2) { 261 if (i == -2) {
263 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 262 CMSerror(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
264 return 0; 263 return 0;
265 } 264 }
266 if (i <= 0) { 265 if (i <= 0) {
267 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE); 266 CMSerror(CMS_R_CTRL_FAILURE);
268 return 0; 267 return 0;
269 } 268 }
270 269
@@ -281,8 +280,7 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
281 int i, type; 280 int i, type;
282 281
283 if (!X509_check_private_key(signer, pk)) { 282 if (!X509_check_private_key(signer, pk)) {
284 CMSerr(CMS_F_CMS_ADD1_SIGNER, 283 CMSerror(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
285 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
286 return NULL; 284 return NULL;
287 } 285 }
288 sd = cms_signed_data_init(cms); 286 sd = cms_signed_data_init(cms);
@@ -303,7 +301,7 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
303 si->pctx = NULL; 301 si->pctx = NULL;
304 302
305 if (si->mctx == NULL) { 303 if (si->mctx == NULL) {
306 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 304 CMSerror(ERR_R_MALLOC_FAILURE);
307 goto err; 305 goto err;
308 } 306 }
309 307
@@ -326,13 +324,13 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
326 goto err; 324 goto err;
327 md = EVP_get_digestbynid(def_nid); 325 md = EVP_get_digestbynid(def_nid);
328 if (md == NULL) { 326 if (md == NULL) {
329 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); 327 CMSerror(CMS_R_NO_DEFAULT_DIGEST);
330 goto err; 328 goto err;
331 } 329 }
332 } 330 }
333 331
334 if (!md) { 332 if (!md) {
335 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); 333 CMSerror(CMS_R_NO_DIGEST_SET);
336 goto err; 334 goto err;
337 } 335 }
338 336
@@ -418,7 +416,7 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
418 return si; 416 return si;
419 417
420 merr: 418 merr:
421 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 419 CMSerror(ERR_R_MALLOC_FAILURE);
422 err: 420 err:
423 M_ASN1_free_of(si, CMS_SignerInfo); 421 M_ASN1_free_of(si, CMS_SignerInfo);
424 422
@@ -449,7 +447,7 @@ cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
449 if (!t) 447 if (!t)
450 ASN1_TIME_free(tt); 448 ASN1_TIME_free(tt);
451 if (!r) 449 if (!r)
452 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); 450 CMSerror(ERR_R_MALLOC_FAILURE);
453 451
454 return r; 452 return r;
455} 453}
@@ -606,12 +604,12 @@ cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain
606 EVP_PKEY_CTX *pctx = NULL; 604 EVP_PKEY_CTX *pctx = NULL;
607 605
608 if (mctx == NULL) { 606 if (mctx == NULL) {
609 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); 607 CMSerror(ERR_R_MALLOC_FAILURE);
610 return 0; 608 return 0;
611 } 609 }
612 610
613 if (!si->pkey) { 611 if (!si->pkey) {
614 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); 612 CMSerror(CMS_R_NO_PRIVATE_KEY);
615 goto err; 613 goto err;
616 } 614 }
617 615
@@ -654,7 +652,7 @@ cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain
654 siglen = EVP_PKEY_size(si->pkey); 652 siglen = EVP_PKEY_size(si->pkey);
655 sig = OPENSSL_malloc(siglen); 653 sig = OPENSSL_malloc(siglen);
656 if (sig == NULL) { 654 if (sig == NULL) {
657 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); 655 CMSerror(ERR_R_MALLOC_FAILURE);
658 goto err; 656 goto err;
659 } 657 }
660 if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { 658 if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
@@ -668,11 +666,11 @@ cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain
668 666
669 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); 667 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
670 if (sig == NULL) { 668 if (sig == NULL) {
671 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); 669 CMSerror(ERR_R_MALLOC_FAILURE);
672 goto err; 670 goto err;
673 } 671 }
674 if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { 672 if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
675 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); 673 CMSerror(CMS_R_SIGNFINAL_ERROR);
676 OPENSSL_free(sig); 674 OPENSSL_free(sig);
677 goto err; 675 goto err;
678 } 676 }
@@ -736,7 +734,7 @@ CMS_SignerInfo_sign(CMS_SignerInfo *si)
736 734
737 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 735 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
738 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { 736 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
739 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 737 CMSerror(CMS_R_CTRL_ERROR);
740 goto err; 738 goto err;
741 } 739 }
742 740
@@ -757,7 +755,7 @@ CMS_SignerInfo_sign(CMS_SignerInfo *si)
757 755
758 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 756 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
759 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { 757 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
760 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 758 CMSerror(CMS_R_CTRL_ERROR);
761 goto err; 759 goto err;
762 } 760 }
763 761
@@ -783,7 +781,7 @@ CMS_SignerInfo_verify(CMS_SignerInfo *si)
783 const EVP_MD *md = NULL; 781 const EVP_MD *md = NULL;
784 782
785 if (!si->pkey) { 783 if (!si->pkey) {
786 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); 784 CMSerror(CMS_R_NO_PUBLIC_KEY);
787 return -1; 785 return -1;
788 } 786 }
789 787
@@ -791,7 +789,7 @@ CMS_SignerInfo_verify(CMS_SignerInfo *si)
791 if (md == NULL) 789 if (md == NULL)
792 return -1; 790 return -1;
793 if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { 791 if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
794 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE); 792 CMSerror(ERR_R_MALLOC_FAILURE);
795 return -1; 793 return -1;
796 } 794 }
797 mctx = si->mctx; 795 mctx = si->mctx;
@@ -815,7 +813,7 @@ CMS_SignerInfo_verify(CMS_SignerInfo *si)
815 r = EVP_DigestVerifyFinal(mctx, si->signature->data, 813 r = EVP_DigestVerifyFinal(mctx, si->signature->data,
816 si->signature->length); 814 si->signature->length);
817 if (r <= 0) 815 if (r <= 0)
818 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); 816 CMSerror(CMS_R_VERIFICATION_FAILURE);
819 817
820 err: 818 err:
821 EVP_MD_CTX_reset(mctx); 819 EVP_MD_CTX_reset(mctx);
@@ -869,7 +867,7 @@ CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
869 unsigned int mlen; 867 unsigned int mlen;
870 868
871 if (mctx == NULL) { 869 if (mctx == NULL) {
872 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); 870 CMSerror(ERR_R_MALLOC_FAILURE);
873 goto err; 871 goto err;
874 } 872 }
875 /* If we have any signed attributes look for messageDigest value */ 873 /* If we have any signed attributes look for messageDigest value */
@@ -878,8 +876,7 @@ CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
878 OBJ_nid2obj(NID_pkcs9_messageDigest), -3, 876 OBJ_nid2obj(NID_pkcs9_messageDigest), -3,
879 V_ASN1_OCTET_STRING); 877 V_ASN1_OCTET_STRING);
880 if (!os) { 878 if (!os) {
881 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 879 CMSerror(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
882 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
883 goto err; 880 goto err;
884 } 881 }
885 } 882 }
@@ -888,8 +885,7 @@ CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
888 goto err; 885 goto err;
889 886
890 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { 887 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
891 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 888 CMSerror(CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
892 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
893 goto err; 889 goto err;
894 } 890 }
895 891
@@ -897,14 +893,12 @@ CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
897 893
898 if (os) { 894 if (os) {
899 if (mlen != (unsigned int)os->length) { 895 if (mlen != (unsigned int)os->length) {
900 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 896 CMSerror(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
901 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
902 goto err; 897 goto err;
903 } 898 }
904 899
905 if (memcmp(mval, os->data, mlen)) { 900 if (memcmp(mval, os->data, mlen)) {
906 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 901 CMSerror(CMS_R_VERIFICATION_FAILURE);
907 CMS_R_VERIFICATION_FAILURE);
908 r = 0; 902 r = 0;
909 } else 903 } else
910 r = 1; 904 r = 1;
@@ -924,8 +918,7 @@ CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
924 r = EVP_PKEY_verify(pkctx, si->signature->data, 918 r = EVP_PKEY_verify(pkctx, si->signature->data,
925 si->signature->length, mval, mlen); 919 si->signature->length, mval, mlen);
926 if (r <= 0) { 920 if (r <= 0) {
927 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 921 CMSerror(CMS_R_VERIFICATION_FAILURE);
928 CMS_R_VERIFICATION_FAILURE);
929 r = 0; 922 r = 0;
930 } 923 }
931 } 924 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 09:51:02 +0000