summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7/pk7_smime.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs7/pk7_smime.c')
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c60
1 files changed, 37 insertions, 23 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index b41f42ed04..f0d071e282 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -64,12 +64,12 @@
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65 65
66PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 66PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
67 BIO *data, int flags) 67 BIO *data, int flags)
68{ 68{
69 PKCS7 *p7; 69 PKCS7 *p7;
70 PKCS7_SIGNER_INFO *si; 70 PKCS7_SIGNER_INFO *si;
71 BIO *p7bio; 71 BIO *p7bio;
72 STACK *smcap; 72 STACK_OF(X509_ALGOR) *smcap;
73 int i; 73 int i;
74 74
75 if(!X509_check_private_key(signcert, pkey)) { 75 if(!X509_check_private_key(signcert, pkey)) {
@@ -109,25 +109,28 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
109 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, 109 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
110 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); 110 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
111 /* Add SMIMECapabilities */ 111 /* Add SMIMECapabilities */
112 if(!(smcap = sk_new(NULL))) { 112 if(!(flags & PKCS7_NOSMIMECAP))
113 {
114 if(!(smcap = sk_X509_ALGOR_new_null())) {
113 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); 115 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
114 return NULL; 116 return NULL;
115 } 117 }
116#ifndef NO_DES 118#ifndef OPENSSL_NO_DES
117 PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); 119 PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
118#endif 120#endif
119#ifndef NO_RC2 121#ifndef OPENSSL_NO_RC2
120 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); 122 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
121 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); 123 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
122#endif 124#endif
123#ifndef NO_DES 125#ifndef OPENSSL_NO_DES
124 PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); 126 PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
125#endif 127#endif
126#ifndef NO_RC2 128#ifndef OPENSSL_NO_RC2
127 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); 129 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
128#endif 130#endif
129 PKCS7_add_attrib_smimecap (si, smcap); 131 PKCS7_add_attrib_smimecap (si, smcap);
130 sk_pop_free(smcap, X509_ALGOR_free); 132 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
133 }
131 } 134 }
132 135
133 if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); 136 if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
@@ -150,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
150 PKCS7_SIGNER_INFO *si; 153 PKCS7_SIGNER_INFO *si;
151 X509_STORE_CTX cert_ctx; 154 X509_STORE_CTX cert_ctx;
152 char buf[4096]; 155 char buf[4096];
153 int i, j=0; 156 int i, j=0, k, ret = 0;
154 BIO *p7bio; 157 BIO *p7bio;
155 BIO *tmpout; 158 BIO *tmpout;
156 159
@@ -169,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
169 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); 172 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
170 return 0; 173 return 0;
171 } 174 }
175#if 0
176 /* NB: this test commented out because some versions of Netscape
177 * illegally include zero length content when signing data.
178 */
172 179
173 /* Check for data and content: two sets of data */ 180 /* Check for data and content: two sets of data */
174 if(!PKCS7_get_detached(p7) && indata) { 181 if(!PKCS7_get_detached(p7) && indata) {
175 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); 182 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
176 return 0; 183 return 0;
177 } 184 }
185#endif
178 186
179 sinfos = PKCS7_get_signer_info(p7); 187 sinfos = PKCS7_get_signer_info(p7);
180 188
@@ -190,14 +198,23 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
190 198
191 /* Now verify the certificates */ 199 /* Now verify the certificates */
192 200
193 if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) { 201 if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
194 signer = sk_X509_value (signers, i); 202 signer = sk_X509_value (signers, k);
195 if (!(flags & PKCS7_NOCHAIN)) { 203 if (!(flags & PKCS7_NOCHAIN)) {
196 X509_STORE_CTX_init(&cert_ctx, store, signer, 204 if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
197 p7->d.sign->cert); 205 p7->d.sign->cert))
206 {
207 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
208 sk_X509_free(signers);
209 return 0;
210 }
198 X509_STORE_CTX_set_purpose(&cert_ctx, 211 X509_STORE_CTX_set_purpose(&cert_ctx,
199 X509_PURPOSE_SMIME_SIGN); 212 X509_PURPOSE_SMIME_SIGN);
200 } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL); 213 } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
214 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
215 sk_X509_free(signers);
216 return 0;
217 }
201 i = X509_verify_cert(&cert_ctx); 218 i = X509_verify_cert(&cert_ctx);
202 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); 219 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
203 X509_STORE_CTX_cleanup(&cert_ctx); 220 X509_STORE_CTX_cleanup(&cert_ctx);
@@ -250,18 +267,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
250 } 267 }
251 } 268 }
252 269
253 sk_X509_free(signers); 270 ret = 1;
254 if(indata) BIO_pop(p7bio);
255 BIO_free_all(p7bio);
256
257 return 1;
258 271
259 err: 272 err:
260 273
274 if(indata) BIO_pop(p7bio);
275 BIO_free_all(p7bio);
261 sk_X509_free(signers); 276 sk_X509_free(signers);
262 BIO_free(p7bio);
263 277
264 return 0; 278 return ret;
265} 279}
266 280
267STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) 281STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
@@ -282,7 +296,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
282 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); 296 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
283 return NULL; 297 return NULL;
284 } 298 }
285 if(!(signers = sk_X509_new(NULL))) { 299 if(!(signers = sk_X509_new_null())) {
286 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); 300 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
287 return NULL; 301 return NULL;
288 } 302 }
@@ -322,7 +336,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
322 336
323/* Build a complete PKCS#7 enveloped data */ 337/* Build a complete PKCS#7 enveloped data */
324 338
325PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, 339PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
326 int flags) 340 int flags)
327{ 341{
328 PKCS7 *p7; 342 PKCS7 *p7;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-03 23:30:52 +0000