diff options
Diffstat (limited to 'src/lib/libcrypto/pkcs7/pk7_smime.c')
| -rw-r--r-- | src/lib/libcrypto/pkcs7/pk7_smime.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index b41f42ed04..d716f9faeb 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c | |||
| @@ -64,12 +64,12 @@ | |||
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | 66 | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, |
| 67 | BIO *data, int flags) | 67 | BIO *data, int flags) |
| 68 | { | 68 | { |
| 69 | PKCS7 *p7; | 69 | PKCS7 *p7; |
| 70 | PKCS7_SIGNER_INFO *si; | 70 | PKCS7_SIGNER_INFO *si; |
| 71 | BIO *p7bio; | 71 | BIO *p7bio; |
| 72 | STACK *smcap; | 72 | STACK_OF(X509_ALGOR) *smcap; |
| 73 | int i; | 73 | int i; |
| 74 | 74 | ||
| 75 | if(!X509_check_private_key(signcert, pkey)) { | 75 | if(!X509_check_private_key(signcert, pkey)) { |
| @@ -109,7 +109,9 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | |||
| 109 | PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, | 109 | PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, |
| 110 | V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); | 110 | V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); |
| 111 | /* Add SMIMECapabilities */ | 111 | /* Add SMIMECapabilities */ |
| 112 | if(!(smcap = sk_new(NULL))) { | 112 | if(!(flags & PKCS7_NOSMIMECAP)) |
| 113 | { | ||
| 114 | if(!(smcap = sk_X509_ALGOR_new_null())) { | ||
| 113 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); | 115 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); |
| 114 | return NULL; | 116 | return NULL; |
| 115 | } | 117 | } |
| @@ -127,7 +129,8 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | |||
| 127 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); | 129 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); |
| 128 | #endif | 130 | #endif |
| 129 | PKCS7_add_attrib_smimecap (si, smcap); | 131 | PKCS7_add_attrib_smimecap (si, smcap); |
| 130 | sk_pop_free(smcap, X509_ALGOR_free); | 132 | sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); |
| 133 | } | ||
| 131 | } | 134 | } |
| 132 | 135 | ||
| 133 | if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); | 136 | if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); |
| @@ -150,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 150 | PKCS7_SIGNER_INFO *si; | 153 | PKCS7_SIGNER_INFO *si; |
| 151 | X509_STORE_CTX cert_ctx; | 154 | X509_STORE_CTX cert_ctx; |
| 152 | char buf[4096]; | 155 | char buf[4096]; |
| 153 | int i, j=0; | 156 | int i, j=0, k; |
| 154 | BIO *p7bio; | 157 | BIO *p7bio; |
| 155 | BIO *tmpout; | 158 | BIO *tmpout; |
| 156 | 159 | ||
| @@ -169,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 169 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); | 172 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); |
| 170 | return 0; | 173 | return 0; |
| 171 | } | 174 | } |
| 175 | #if 0 | ||
| 176 | /* NB: this test commented out because some versions of Netscape | ||
| 177 | * illegally include zero length content when signing data. | ||
| 178 | */ | ||
| 172 | 179 | ||
| 173 | /* Check for data and content: two sets of data */ | 180 | /* Check for data and content: two sets of data */ |
| 174 | if(!PKCS7_get_detached(p7) && indata) { | 181 | if(!PKCS7_get_detached(p7) && indata) { |
| 175 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); | 182 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); |
| 176 | return 0; | 183 | return 0; |
| 177 | } | 184 | } |
| 185 | #endif | ||
| 178 | 186 | ||
| 179 | sinfos = PKCS7_get_signer_info(p7); | 187 | sinfos = PKCS7_get_signer_info(p7); |
| 180 | 188 | ||
| @@ -190,8 +198,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 190 | 198 | ||
| 191 | /* Now verify the certificates */ | 199 | /* Now verify the certificates */ |
| 192 | 200 | ||
| 193 | if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) { | 201 | if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { |
| 194 | signer = sk_X509_value (signers, i); | 202 | signer = sk_X509_value (signers, k); |
| 195 | if (!(flags & PKCS7_NOCHAIN)) { | 203 | if (!(flags & PKCS7_NOCHAIN)) { |
| 196 | X509_STORE_CTX_init(&cert_ctx, store, signer, | 204 | X509_STORE_CTX_init(&cert_ctx, store, signer, |
| 197 | p7->d.sign->cert); | 205 | p7->d.sign->cert); |
| @@ -282,7 +290,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | |||
| 282 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); | 290 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); |
| 283 | return NULL; | 291 | return NULL; |
| 284 | } | 292 | } |
| 285 | if(!(signers = sk_X509_new(NULL))) { | 293 | if(!(signers = sk_X509_new_null())) { |
| 286 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); | 294 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); |
| 287 | return NULL; | 295 | return NULL; |
| 288 | } | 296 | } |