summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
-rw-r--r--src/lib/libcrypto/pkcs7/bio_ber.c28
-rw-r--r--src/lib/libcrypto/pkcs7/dec.c12
-rw-r--r--src/lib/libcrypto/pkcs7/enc.c86
-rw-r--r--src/lib/libcrypto/pkcs7/example.c16
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_dgst.c10
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_enc.c10
-rw-r--r--src/lib/libcrypto/pkcs7/sign.c34
-rw-r--r--src/lib/libcrypto/pkcs7/verify.c66
8 files changed, 175 insertions, 87 deletions
diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c
index 2f17723e98..42331f7ab0 100644
--- a/src/lib/libcrypto/pkcs7/bio_ber.c
+++ b/src/lib/libcrypto/pkcs7/bio_ber.c
@@ -69,6 +69,7 @@ static int ber_read(BIO *h,char *buf,int size);
69static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2); 69static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
70static int ber_new(BIO *h); 70static int ber_new(BIO *h);
71static int ber_free(BIO *data); 71static int ber_free(BIO *data);
72static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)());
72#define BER_BUF_SIZE (32) 73#define BER_BUF_SIZE (32)
73 74
74/* This is used to hold the state of the BER objects being read. */ 75/* This is used to hold the state of the BER objects being read. */
@@ -92,7 +93,7 @@ typedef struct bio_ber_struct
92 /* most of the following are used when doing non-blocking IO */ 93 /* most of the following are used when doing non-blocking IO */
93 /* reading */ 94 /* reading */
94 long num_left; /* number of bytes still to read/write in block */ 95 long num_left; /* number of bytes still to read/write in block */
95 int depth; /* used with idefinite encoding. */ 96 int depth; /* used with indefinite encoding. */
96 int finished; /* No more read data */ 97 int finished; /* No more read data */
97 98
98 /* writting */ 99 /* writting */
@@ -115,6 +116,7 @@ static BIO_METHOD methods_ber=
115 ber_ctrl, 116 ber_ctrl,
116 ber_new, 117 ber_new,
117 ber_free, 118 ber_free,
119 ber_callback_ctrl,
118 }; 120 };
119 121
120BIO_METHOD *BIO_f_ber(void) 122BIO_METHOD *BIO_f_ber(void)
@@ -126,7 +128,7 @@ static int ber_new(BIO *bi)
126 { 128 {
127 BIO_BER_CTX *ctx; 129 BIO_BER_CTX *ctx;
128 130
129 ctx=(BIO_BER_CTX *)Malloc(sizeof(BIO_BER_CTX)); 131 ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));
130 if (ctx == NULL) return(0); 132 if (ctx == NULL) return(0);
131 133
132 memset((char *)ctx,0,sizeof(BIO_BER_CTX)); 134 memset((char *)ctx,0,sizeof(BIO_BER_CTX));
@@ -144,7 +146,7 @@ static int ber_free(BIO *a)
144 if (a == NULL) return(0); 146 if (a == NULL) return(0);
145 b=(BIO_BER_CTX *)a->ptr; 147 b=(BIO_BER_CTX *)a->ptr;
146 memset(a->ptr,0,sizeof(BIO_BER_CTX)); 148 memset(a->ptr,0,sizeof(BIO_BER_CTX));
147 Free(a->ptr); 149 OPENSSL_free(a->ptr);
148 a->ptr=NULL; 150 a->ptr=NULL;
149 a->init=0; 151 a->init=0;
150 a->flags=0; 152 a->flags=0;
@@ -337,7 +339,7 @@ static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
337 case BIO_CTRL_RESET: 339 case BIO_CTRL_RESET:
338 ctx->ok=1; 340 ctx->ok=1;
339 ctx->finished=0; 341 ctx->finished=0;
340 EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL, 342 EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
341 ctx->cipher.berrypt); 343 ctx->cipher.berrypt);
342 ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 344 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
343 break; 345 break;
@@ -374,7 +376,7 @@ again:
374 { 376 {
375 ctx->finished=1; 377 ctx->finished=1;
376 ctx->buf_off=0; 378 ctx->buf_off=0;
377 ret=EVP_CipherFinal(&(ctx->cipher), 379 ret=EVP_CipherFinal_ex(&(ctx->cipher),
378 (unsigned char *)ctx->buf, 380 (unsigned char *)ctx->buf,
379 &(ctx->buf_len)); 381 &(ctx->buf_len));
380 ctx->ok=(int)ret; 382 ctx->ok=(int)ret;
@@ -409,6 +411,20 @@ again:
409 return(ret); 411 return(ret);
410 } 412 }
411 413
414static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)())
415 {
416 long ret=1;
417
418 if (b->next_bio == NULL) return(0);
419 switch (cmd)
420 {
421 default:
422 ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
423 break;
424 }
425 return(ret);
426 }
427
412/* 428/*
413void BIO_set_cipher_ctx(b,c) 429void BIO_set_cipher_ctx(b,c)
414BIO *b; 430BIO *b;
@@ -442,7 +458,7 @@ void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
442 458
443 b->init=1; 459 b->init=1;
444 ctx=(BIO_ENC_CTX *)b->ptr; 460 ctx=(BIO_ENC_CTX *)b->ptr;
445 EVP_CipherInit(&(ctx->cipher),c,k,i,e); 461 EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
446 462
447 if (b->callback != NULL) 463 if (b->callback != NULL)
448 b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); 464 b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
diff --git a/src/lib/libcrypto/pkcs7/dec.c b/src/lib/libcrypto/pkcs7/dec.c
index b3661f28d3..6752ec568a 100644
--- a/src/lib/libcrypto/pkcs7/dec.c
+++ b/src/lib/libcrypto/pkcs7/dec.c
@@ -57,6 +57,7 @@
57 */ 57 */
58#include <stdio.h> 58#include <stdio.h>
59#include <stdlib.h> 59#include <stdlib.h>
60#include <string.h>
60#include <openssl/bio.h> 61#include <openssl/bio.h>
61#include <openssl/x509.h> 62#include <openssl/x509.h>
62#include <openssl/pem.h> 63#include <openssl/pem.h>
@@ -85,7 +86,7 @@ char *argv[];
85 int i,printit=0; 86 int i,printit=0;
86 STACK_OF(PKCS7_SIGNER_INFO) *sk; 87 STACK_OF(PKCS7_SIGNER_INFO) *sk;
87 88
88 SSLeay_add_all_algorithms(); 89 OpenSSL_add_all_algorithms();
89 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 90 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
90 91
91 data=BIO_new(BIO_s_file()); 92 data=BIO_new(BIO_s_file());
@@ -121,9 +122,10 @@ char *argv[];
121 } 122 }
122 123
123 if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err; 124 if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
124 if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err; 125 if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
125 BIO_reset(in); 126 BIO_reset(in);
126 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; 127 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)
128 goto err;
127 BIO_free(in); 129 BIO_free(in);
128 130
129 if (pp == NULL) 131 if (pp == NULL)
@@ -131,7 +133,7 @@ char *argv[];
131 133
132 134
133 /* Load the PKCS7 object from a file */ 135 /* Load the PKCS7 object from a file */
134 if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err; 136 if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
135 137
136 138
137 139
@@ -148,7 +150,7 @@ char *argv[];
148 /* We need to process the data */ 150 /* We need to process the data */
149 /* We cannot support detached encryption */ 151 /* We cannot support detached encryption */
150 p7bio=PKCS7_dataDecode(p7,pkey,detached,x509); 152 p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
151 153
152 if (p7bio == NULL) 154 if (p7bio == NULL)
153 { 155 {
154 printf("problems decoding\n"); 156 printf("problems decoding\n");
diff --git a/src/lib/libcrypto/pkcs7/enc.c b/src/lib/libcrypto/pkcs7/enc.c
index 625a7c2285..7417f8a4e0 100644
--- a/src/lib/libcrypto/pkcs7/enc.c
+++ b/src/lib/libcrypto/pkcs7/enc.c
@@ -56,61 +56,91 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58#include <stdio.h> 58#include <stdio.h>
59#include "bio.h" 59#include <string.h>
60#include "x509.h" 60#include <openssl/bio.h>
61#include "pem.h" 61#include <openssl/x509.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
62 64
63main(argc,argv) 65int main(argc,argv)
64int argc; 66int argc;
65char *argv[]; 67char *argv[];
66 { 68 {
67 X509 *x509; 69 X509 *x509;
68 EVP_PKEY *pkey;
69 PKCS7 *p7; 70 PKCS7 *p7;
70 PKCS7 *p7_data;
71 PKCS7_SIGNER_INFO *si;
72 BIO *in; 71 BIO *in;
73 BIO *data,*p7bio; 72 BIO *data,*p7bio;
74 char buf[1024*4]; 73 char buf[1024*4];
75 int i,j; 74 int i;
76 int nodetach=0; 75 int nodetach=1;
76 char *keyfile = NULL;
77 const EVP_CIPHER *cipher=NULL;
78 STACK_OF(X509) *recips=NULL;
77 79
78 EVP_add_digest(EVP_sha1()); 80 OpenSSL_add_all_algorithms();
79 EVP_add_cipher(EVP_des_cbc());
80 81
81 data=BIO_new(BIO_s_file()); 82 data=BIO_new(BIO_s_file());
82again: 83 while(argc > 1)
83 if (argc > 1)
84 { 84 {
85 if (strcmp(argv[1],"-nd") == 0) 85 if (strcmp(argv[1],"-nd") == 0)
86 { 86 {
87 nodetach=1; 87 nodetach=1;
88 argv++; argc--; 88 argv++; argc--;
89 goto again;
90 } 89 }
91 if (!BIO_read_filename(data,argv[1])) 90 else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
92 goto err; 91 if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
93 } 92 fprintf(stderr, "Unknown cipher %s\n", argv[2]);
94 else 93 goto err;
95 BIO_set_fp(data,stdin,BIO_NOCLOSE); 94 }
95 argc-=2;
96 argv+=2;
97 } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
98 keyfile = argv[2];
99 argc-=2;
100 argv+=2;
101 if (!(in=BIO_new_file(keyfile,"r"))) goto err;
102 if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))
103 goto err;
104 if(!recips) recips = sk_X509_new_null();
105 sk_X509_push(recips, x509);
106 BIO_free(in);
107 } else break;
108 }
96 109
97 if ((in=BIO_new_file("server.pem","r")) == NULL) goto err; 110 if(!recips) {
98 if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err; 111 fprintf(stderr, "No recipients\n");
112 goto err;
113 }
114
115 if (!BIO_read_filename(data,argv[1])) goto err;
116
117 p7=PKCS7_new();
118#if 0
99 BIO_reset(in); 119 BIO_reset(in);
100 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; 120 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
101 BIO_free(in); 121 BIO_free(in);
102
103 p7=PKCS7_new();
104 PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped); 122 PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
105 123
106 if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; 124 if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
107
108 if (!PKCS7_set_cipher(p7,EVP_des_cbc())) goto err;
109 if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
110
111 /* we may want to add more */ 125 /* we may want to add more */
112 PKCS7_add_certificate(p7,x509); 126 PKCS7_add_certificate(p7,x509);
127#else
128 PKCS7_set_type(p7,NID_pkcs7_enveloped);
129#endif
130 if(!cipher) {
131#ifndef OPENSSL_NO_DES
132 cipher = EVP_des_ede3_cbc();
133#else
134 fprintf(stderr, "No cipher selected\n");
135 goto err;
136#endif
137 }
113 138
139 if (!PKCS7_set_cipher(p7,cipher)) goto err;
140 for(i = 0; i < sk_X509_num(recips); i++) {
141 if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
142 }
143 sk_X509_pop_free(recips, X509_free);
114 144
115 /* Set the content of the signed to 'data' */ 145 /* Set the content of the signed to 'data' */
116 /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */ 146 /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
@@ -129,7 +159,7 @@ again:
129 } 159 }
130 BIO_flush(p7bio); 160 BIO_flush(p7bio);
131 161
132 if (!PKCS7_dataSign(p7,p7bio)) goto err; 162 if (!PKCS7_dataFinal(p7,p7bio)) goto err;
133 BIO_free(p7bio); 163 BIO_free(p7bio);
134 164
135 PEM_write_PKCS7(stdout,p7); 165 PEM_write_PKCS7(stdout,p7);
diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c
index 7354890084..c993947cc3 100644
--- a/src/lib/libcrypto/pkcs7/example.c
+++ b/src/lib/libcrypto/pkcs7/example.c
@@ -1,7 +1,9 @@
1#include <stdio.h> 1#include <stdio.h>
2#include <stdlib.h> 2#include <stdlib.h>
3#include <string.h>
3#include <openssl/pkcs7.h> 4#include <openssl/pkcs7.h>
4#include <openssl/asn1_mac.h> 5#include <openssl/asn1_mac.h>
6#include <openssl/x509.h>
5 7
6int add_signed_time(PKCS7_SIGNER_INFO *si) 8int add_signed_time(PKCS7_SIGNER_INFO *si)
7 { 9 {
@@ -36,7 +38,7 @@ void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
36 signed_string_nid= 38 signed_string_nid=
37 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 39 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
38 os=ASN1_OCTET_STRING_new(); 40 os=ASN1_OCTET_STRING_new();
39 ASN1_OCTET_STRING_set(os,str,strlen(str)); 41 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
40 /* When we add, we do not free */ 42 /* When we add, we do not free */
41 PKCS7_add_signed_attribute(si,signed_string_nid, 43 PKCS7_add_signed_attribute(si,signed_string_nid,
42 V_ASN1_OCTET_STRING,(char *)os); 44 V_ASN1_OCTET_STRING,(char *)os);
@@ -68,7 +70,7 @@ int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
68 return(0); 70 return(0);
69 } 71 }
70 72
71static signed_seq2string_nid= -1; 73static int signed_seq2string_nid= -1;
72/* ########################################### */ 74/* ########################################### */
73int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) 75int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
74 { 76 {
@@ -86,8 +88,8 @@ int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
86 88
87 os1=ASN1_OCTET_STRING_new(); 89 os1=ASN1_OCTET_STRING_new();
88 os2=ASN1_OCTET_STRING_new(); 90 os2=ASN1_OCTET_STRING_new();
89 ASN1_OCTET_STRING_set(os1,str1,strlen(str1)); 91 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
90 ASN1_OCTET_STRING_set(os2,str1,strlen(str1)); 92 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
91 i =i2d_ASN1_OCTET_STRING(os1,NULL); 93 i =i2d_ASN1_OCTET_STRING(os1,NULL);
92 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 94 i+=i2d_ASN1_OCTET_STRING(os2,NULL);
93 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 95 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
@@ -197,7 +199,7 @@ X509_ATTRIBUTE *create_string(char *str)
197 signed_string_nid= 199 signed_string_nid=
198 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 200 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
199 os=ASN1_OCTET_STRING_new(); 201 os=ASN1_OCTET_STRING_new();
200 ASN1_OCTET_STRING_set(os,str,strlen(str)); 202 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
201 /* When we add, we do not free */ 203 /* When we add, we do not free */
202 ret=X509_ATTRIBUTE_create(signed_string_nid, 204 ret=X509_ATTRIBUTE_create(signed_string_nid,
203 V_ASN1_OCTET_STRING,(char *)os); 205 V_ASN1_OCTET_STRING,(char *)os);
@@ -250,8 +252,8 @@ X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
250 252
251 os1=ASN1_OCTET_STRING_new(); 253 os1=ASN1_OCTET_STRING_new();
252 os2=ASN1_OCTET_STRING_new(); 254 os2=ASN1_OCTET_STRING_new();
253 ASN1_OCTET_STRING_set(os1,str1,strlen(str1)); 255 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
254 ASN1_OCTET_STRING_set(os2,str1,strlen(str1)); 256 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
255 i =i2d_ASN1_OCTET_STRING(os1,NULL); 257 i =i2d_ASN1_OCTET_STRING(os1,NULL);
256 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 258 i+=i2d_ASN1_OCTET_STRING(os2,NULL);
257 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 259 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
diff --git a/src/lib/libcrypto/pkcs7/pk7_dgst.c b/src/lib/libcrypto/pkcs7/pk7_dgst.c
index 7769abeb1e..90edfa5001 100644
--- a/src/lib/libcrypto/pkcs7/pk7_dgst.c
+++ b/src/lib/libcrypto/pkcs7/pk7_dgst.c
@@ -58,9 +58,9 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "evp.h" 61#include <openssl/evp.h>
62#include "rand.h" 62#include <openssl/rand.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "x509.h" 64#include <openssl/x509.h>
65#include "pkcs7.h" 65#include <openssl/pkcs7.h>
66 66
diff --git a/src/lib/libcrypto/pkcs7/pk7_enc.c b/src/lib/libcrypto/pkcs7/pk7_enc.c
index a5b6dc463f..acbb189c59 100644
--- a/src/lib/libcrypto/pkcs7/pk7_enc.c
+++ b/src/lib/libcrypto/pkcs7/pk7_enc.c
@@ -58,11 +58,11 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "evp.h" 61#include <openssl/evp.h>
62#include "rand.h" 62#include <openssl/rand.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "x509.h" 64#include <openssl/x509.h>
65#include "pkcs7.h" 65#include <openssl/pkcs7.h>
66 66
67PKCS7_in_bio(PKCS7 *p7,BIO *in); 67PKCS7_in_bio(PKCS7 *p7,BIO *in);
68PKCS7_out_bio(PKCS7 *p7,BIO *out); 68PKCS7_out_bio(PKCS7 *p7,BIO *out);
diff --git a/src/lib/libcrypto/pkcs7/sign.c b/src/lib/libcrypto/pkcs7/sign.c
index ead1cb65ca..8b59885f7e 100644
--- a/src/lib/libcrypto/pkcs7/sign.c
+++ b/src/lib/libcrypto/pkcs7/sign.c
@@ -56,29 +56,38 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58#include <stdio.h> 58#include <stdio.h>
59#include "bio.h" 59#include <string.h>
60#include "x509.h" 60#include <openssl/bio.h>
61#include "pem.h" 61#include <openssl/x509.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
62 64
63main(argc,argv) 65int main(argc,argv)
64int argc; 66int argc;
65char *argv[]; 67char *argv[];
66 { 68 {
67 X509 *x509; 69 X509 *x509;
68 EVP_PKEY *pkey; 70 EVP_PKEY *pkey;
69 PKCS7 *p7; 71 PKCS7 *p7;
70 PKCS7 *p7_data;
71 PKCS7_SIGNER_INFO *si; 72 PKCS7_SIGNER_INFO *si;
72 BIO *in; 73 BIO *in;
73 BIO *data,*p7bio; 74 BIO *data,*p7bio;
74 char buf[1024*4]; 75 char buf[1024*4];
75 int i,j; 76 int i;
76 int nodetach=0; 77 int nodetach=0;
77 78
79#ifndef OPENSSL_NO_MD2
78 EVP_add_digest(EVP_md2()); 80 EVP_add_digest(EVP_md2());
81#endif
82#ifndef OPENSSL_NO_MD5
79 EVP_add_digest(EVP_md5()); 83 EVP_add_digest(EVP_md5());
84#endif
85#ifndef OPENSSL_NO_SHA1
80 EVP_add_digest(EVP_sha1()); 86 EVP_add_digest(EVP_sha1());
87#endif
88#ifndef OPENSSL_NO_MDC2
81 EVP_add_digest(EVP_mdc2()); 89 EVP_add_digest(EVP_mdc2());
90#endif
82 91
83 data=BIO_new(BIO_s_file()); 92 data=BIO_new(BIO_s_file());
84again: 93again:
@@ -97,15 +106,20 @@ again:
97 BIO_set_fp(data,stdin,BIO_NOCLOSE); 106 BIO_set_fp(data,stdin,BIO_NOCLOSE);
98 107
99 if ((in=BIO_new_file("server.pem","r")) == NULL) goto err; 108 if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
100 if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err; 109 if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
101 BIO_reset(in); 110 BIO_reset(in);
102 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; 111 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
103 BIO_free(in); 112 BIO_free(in);
104 113
105 p7=PKCS7_new(); 114 p7=PKCS7_new();
106 PKCS7_set_type(p7,NID_pkcs7_signed); 115 PKCS7_set_type(p7,NID_pkcs7_signed);
107 116
108 if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; 117 si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
118 if (si == NULL) goto err;
119
120 /* If you do this then you get signing time automatically added */
121 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
122 OBJ_nid2obj(NID_pkcs7_data));
109 123
110 /* we may want to add more */ 124 /* we may want to add more */
111 PKCS7_add_certificate(p7,x509); 125 PKCS7_add_certificate(p7,x509);
@@ -125,7 +139,7 @@ again:
125 BIO_write(p7bio,buf,i); 139 BIO_write(p7bio,buf,i);
126 } 140 }
127 141
128 if (!PKCS7_dataSign(p7,p7bio)) goto err; 142 if (!PKCS7_dataFinal(p7,p7bio)) goto err;
129 BIO_free(p7bio); 143 BIO_free(p7bio);
130 144
131 PEM_write_PKCS7(stdout,p7); 145 PEM_write_PKCS7(stdout,p7);
diff --git a/src/lib/libcrypto/pkcs7/verify.c b/src/lib/libcrypto/pkcs7/verify.c
index 0e1c1b26dc..5f7afe8933 100644
--- a/src/lib/libcrypto/pkcs7/verify.c
+++ b/src/lib/libcrypto/pkcs7/verify.c
@@ -56,41 +56,50 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58#include <stdio.h> 58#include <stdio.h>
59#include "asn1.h" 59#include <string.h>
60#include "bio.h" 60#include <openssl/bio.h>
61#include "x509.h" 61#include <openssl/asn1.h>
62#include "pem.h" 62#include <openssl/x509.h>
63#include <openssl/pem.h>
64#include <openssl/err.h>
65#include "example.h"
63 66
64int verify_callback(int ok, X509_STORE_CTX *ctx); 67int verify_callback(int ok, X509_STORE_CTX *ctx);
65 68
66BIO *bio_err=NULL; 69BIO *bio_err=NULL;
70BIO *bio_out=NULL;
67 71
68main(argc,argv) 72int main(argc,argv)
69int argc; 73int argc;
70char *argv[]; 74char *argv[];
71 { 75 {
72 X509 *x509,*x;
73 PKCS7 *p7; 76 PKCS7 *p7;
74 PKCS7_SIGNED *s;
75 PKCS7_SIGNER_INFO *si; 77 PKCS7_SIGNER_INFO *si;
76 PKCS7_ISSUER_AND_SERIAL *ias;
77 X509_STORE_CTX cert_ctx; 78 X509_STORE_CTX cert_ctx;
78 X509_STORE *cert_store=NULL; 79 X509_STORE *cert_store=NULL;
79 X509_LOOKUP *lookup=NULL;
80 BIO *data,*detached=NULL,*p7bio=NULL; 80 BIO *data,*detached=NULL,*p7bio=NULL;
81 char buf[1024*4]; 81 char buf[1024*4];
82 unsigned char *p,*pp; 82 char *pp;
83 int i,j,printit=0; 83 int i,printit=0;
84 STACK *sk; 84 STACK_OF(PKCS7_SIGNER_INFO) *sk;
85 85
86 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 86 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
87 bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
88#ifndef OPENSSL_NO_MD2
87 EVP_add_digest(EVP_md2()); 89 EVP_add_digest(EVP_md2());
90#endif
91#ifndef OPENSSL_NO_MD5
88 EVP_add_digest(EVP_md5()); 92 EVP_add_digest(EVP_md5());
93#endif
94#ifndef OPENSSL_NO_SHA1
89 EVP_add_digest(EVP_sha1()); 95 EVP_add_digest(EVP_sha1());
96#endif
97#ifndef OPENSSL_NO_MDC2
90 EVP_add_digest(EVP_mdc2()); 98 EVP_add_digest(EVP_mdc2());
99#endif
91 100
92 data=BIO_new(BIO_s_file()); 101 data=BIO_new(BIO_s_file());
93again: 102
94 pp=NULL; 103 pp=NULL;
95 while (argc > 1) 104 while (argc > 1)
96 { 105 {
@@ -121,7 +130,7 @@ again:
121 130
122 131
123 /* Load the PKCS7 object from a file */ 132 /* Load the PKCS7 object from a file */
124 if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err; 133 if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
125 134
126 /* This stuff is being setup for certificate verification. 135 /* This stuff is being setup for certificate verification.
127 * When using SSL, it could be replaced with a 136 * When using SSL, it could be replaced with a
@@ -131,10 +140,10 @@ again:
131 X509_STORE_load_locations(cert_store,NULL,"../../certs"); 140 X509_STORE_load_locations(cert_store,NULL,"../../certs");
132 X509_STORE_set_verify_cb_func(cert_store,verify_callback); 141 X509_STORE_set_verify_cb_func(cert_store,verify_callback);
133 142
134 ERR_clear_errors(); 143 ERR_clear_error();
135 144
136 /* We need to process the data */ 145 /* We need to process the data */
137 if (PKCS7_get_detached(p7)) 146 if ((PKCS7_get_detached(p7) || detached))
138 { 147 {
139 if (detached == NULL) 148 if (detached == NULL)
140 { 149 {
@@ -166,12 +175,29 @@ again:
166 } 175 }
167 176
168 /* Ok, first we need to, for each subject entry, see if we can verify */ 177 /* Ok, first we need to, for each subject entry, see if we can verify */
169 for (i=0; i<sk_num(sk); i++) 178 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
170 { 179 {
171 si=(PKCS7_SIGNER_INFO *)sk_value(sk,i); 180 ASN1_UTCTIME *tm;
181 char *str1,*str2;
182
183 si=sk_PKCS7_SIGNER_INFO_value(sk,i);
172 i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); 184 i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
173 if (i <= 0) 185 if (i <= 0)
174 goto err; 186 goto err;
187 printf("signer info\n");
188 if ((tm=get_signed_time(si)) != NULL)
189 {
190 BIO_printf(bio_out,"Signed time:");
191 ASN1_UTCTIME_print(bio_out,tm);
192 ASN1_UTCTIME_free(tm);
193 BIO_printf(bio_out,"\n");
194 }
195 if (get_signed_seq2string(si,&str1,&str2))
196 {
197 BIO_printf(bio_out,"String 1 is %s\n",str1);
198 BIO_printf(bio_out,"String 2 is %s\n",str2);
199 }
200
175 } 201 }
176 202
177 X509_STORE_free(cert_store); 203 X509_STORE_free(cert_store);
@@ -185,9 +211,7 @@ err:
185 } 211 }
186 212
187/* should be X509 * but we can just have them as char *. */ 213/* should be X509 * but we can just have them as char *. */
188int verify_callback(ok, ctx) 214int verify_callback(int ok, X509_STORE_CTX *ctx)
189int ok;
190X509_STORE_CTX *ctx;
191 { 215 {
192 char buf[256]; 216 char buf[256];
193 X509 *err_cert; 217 X509 *err_cert;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 05:08:07 +0000