summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/crypto/pkcs7/pk7_doit.c')
-rw-r--r--src/lib/libssl/src/crypto/pkcs7/pk7_doit.c354
1 files changed, 110 insertions, 244 deletions
diff --git a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
index a03d7ebedf..4ac29ae14d 100644
--- a/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
+++ b/src/lib/libssl/src/crypto/pkcs7/pk7_doit.c
@@ -62,7 +62,6 @@
62#include <openssl/objects.h> 62#include <openssl/objects.h>
63#include <openssl/x509.h> 63#include <openssl/x509.h>
64#include <openssl/x509v3.h> 64#include <openssl/x509v3.h>
65#include <openssl/err.h>
66 65
67static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 66static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
68 void *value); 67 void *value);
@@ -102,54 +101,18 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
102 return NULL; 101 return NULL;
103 } 102 }
104 103
105static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
106 {
107 BIO *btmp;
108 const EVP_MD *md;
109 if ((btmp=BIO_new(BIO_f_md())) == NULL)
110 {
111 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
112 goto err;
113 }
114
115 md=EVP_get_digestbyobj(alg->algorithm);
116 if (md == NULL)
117 {
118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
119 goto err;
120 }
121
122 BIO_set_md(btmp,md);
123 if (*pbio == NULL)
124 *pbio=btmp;
125 else if (!BIO_push(*pbio,btmp))
126 {
127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
128 goto err;
129 }
130 btmp=NULL;
131
132 return 1;
133
134 err:
135 if (btmp)
136 BIO_free(btmp);
137 return 0;
138
139 }
140
141BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 104BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
142 { 105 {
143 int i; 106 int i;
144 BIO *out=NULL,*btmp=NULL; 107 BIO *out=NULL,*btmp=NULL;
145 X509_ALGOR *xa = NULL; 108 X509_ALGOR *xa;
109 const EVP_MD *evp_md;
146 const EVP_CIPHER *evp_cipher=NULL; 110 const EVP_CIPHER *evp_cipher=NULL;
147 STACK_OF(X509_ALGOR) *md_sk=NULL; 111 STACK_OF(X509_ALGOR) *md_sk=NULL;
148 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 112 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
149 X509_ALGOR *xalg=NULL; 113 X509_ALGOR *xalg=NULL;
150 PKCS7_RECIP_INFO *ri=NULL; 114 PKCS7_RECIP_INFO *ri=NULL;
151 EVP_PKEY *pkey; 115 EVP_PKEY *pkey;
152 ASN1_OCTET_STRING *os=NULL;
153 116
154 i=OBJ_obj2nid(p7->type); 117 i=OBJ_obj2nid(p7->type);
155 p7->state=PKCS7_S_HEADER; 118 p7->state=PKCS7_S_HEADER;
@@ -158,7 +121,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
158 { 121 {
159 case NID_pkcs7_signed: 122 case NID_pkcs7_signed:
160 md_sk=p7->d.sign->md_algs; 123 md_sk=p7->d.sign->md_algs;
161 os = PKCS7_get_octet_string(p7->d.sign->contents);
162 break; 124 break;
163 case NID_pkcs7_signedAndEnveloped: 125 case NID_pkcs7_signedAndEnveloped:
164 rsk=p7->d.signed_and_enveloped->recipientinfo; 126 rsk=p7->d.signed_and_enveloped->recipientinfo;
@@ -183,21 +145,37 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
183 goto err; 145 goto err;
184 } 146 }
185 break; 147 break;
186 case NID_pkcs7_digest:
187 xa = p7->d.digest->md;
188 os = PKCS7_get_octet_string(p7->d.digest->contents);
189 break;
190 default: 148 default:
191 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 149 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
192 goto err; 150 goto err;
193 } 151 }
194 152
195 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 153 if (md_sk != NULL)
196 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) 154 {
197 goto err; 155 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
156 {
157 xa=sk_X509_ALGOR_value(md_sk,i);
158 if ((btmp=BIO_new(BIO_f_md())) == NULL)
159 {
160 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
161 goto err;
162 }
198 163
199 if (xa && !PKCS7_bio_add_digest(&out, xa)) 164 evp_md=EVP_get_digestbyobj(xa->algorithm);
200 goto err; 165 if (evp_md == NULL)
166 {
167 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
168 goto err;
169 }
170
171 BIO_set_md(btmp,evp_md);
172 if (out == NULL)
173 out=btmp;
174 else
175 BIO_push(out,btmp);
176 btmp=NULL;
177 }
178 }
201 179
202 if (evp_cipher != NULL) 180 if (evp_cipher != NULL)
203 { 181 {
@@ -216,25 +194,17 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
216 BIO_get_cipher_ctx(btmp, &ctx); 194 BIO_get_cipher_ctx(btmp, &ctx);
217 keylen=EVP_CIPHER_key_length(evp_cipher); 195 keylen=EVP_CIPHER_key_length(evp_cipher);
218 ivlen=EVP_CIPHER_iv_length(evp_cipher); 196 ivlen=EVP_CIPHER_iv_length(evp_cipher);
219 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 197 if (RAND_bytes(key,keylen) <= 0)
220 if (ivlen > 0)
221 if (RAND_pseudo_bytes(iv,ivlen) <= 0)
222 goto err;
223 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
224 goto err;
225 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
226 goto err;
227 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
228 goto err; 198 goto err;
199 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
200 if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
201 EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
229 202
230 if (ivlen > 0) { 203 if (ivlen > 0) {
231 if (xalg->parameter == NULL) { 204 if (xalg->parameter == NULL)
232 xalg->parameter = ASN1_TYPE_new(); 205 xalg->parameter=ASN1_TYPE_new();
233 if (xalg->parameter == NULL)
234 goto err;
235 }
236 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 206 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
237 goto err; 207 goto err;
238 } 208 }
239 209
240 /* Lets do the pub key stuff :-) */ 210 /* Lets do the pub key stuff :-) */
@@ -247,8 +217,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
247 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); 217 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
248 goto err; 218 goto err;
249 } 219 }
250 if ((pkey=X509_get_pubkey(ri->cert)) == NULL) 220 pkey=X509_get_pubkey(ri->cert);
251 goto err;
252 jj=EVP_PKEY_size(pkey); 221 jj=EVP_PKEY_size(pkey);
253 EVP_PKEY_free(pkey); 222 EVP_PKEY_free(pkey);
254 if (max < jj) max=jj; 223 if (max < jj) max=jj;
@@ -261,8 +230,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
261 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 230 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
262 { 231 {
263 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 232 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
264 if ((pkey=X509_get_pubkey(ri->cert)) == NULL) 233 pkey=X509_get_pubkey(ri->cert);
265 goto err;
266 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); 234 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
267 EVP_PKEY_free(pkey); 235 EVP_PKEY_free(pkey);
268 if (jj <= 0) 236 if (jj <= 0)
@@ -293,16 +261,24 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
293 { 261 {
294 if (PKCS7_is_detached(p7)) 262 if (PKCS7_is_detached(p7))
295 bio=BIO_new(BIO_s_null()); 263 bio=BIO_new(BIO_s_null());
296 else if (os && os->length > 0) 264 else
297 bio = BIO_new_mem_buf(os->data, os->length);
298 if(bio == NULL)
299 { 265 {
300 bio=BIO_new(BIO_s_mem()); 266 if (PKCS7_type_is_signed(p7))
301 if (bio == NULL) 267 {
302 goto err; 268 ASN1_OCTET_STRING *os;
303 BIO_set_mem_eof_return(bio,0); 269 os = PKCS7_get_octet_string(
270 p7->d.sign->contents);
271 if (os && os->length > 0)
272 bio = BIO_new_mem_buf(os->data,
273 os->length);
274 }
275 if(bio == NULL)
276 {
277 bio=BIO_new(BIO_s_mem());
278 BIO_set_mem_eof_return(bio,0);
279 }
304 } 280 }
305 } 281 }
306 BIO_push(out,bio); 282 BIO_push(out,bio);
307 bio=NULL; 283 bio=NULL;
308 if (0) 284 if (0)
@@ -317,17 +293,6 @@ err:
317 return(out); 293 return(out);
318 } 294 }
319 295
320static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
321 {
322 int ret;
323 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
324 pcert->cert_info->issuer);
325 if (ret)
326 return ret;
327 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
328 ri->issuer_and_serial->serial);
329 }
330
331/* int */ 296/* int */
332BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 297BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
333 { 298 {
@@ -438,18 +403,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
438 * (if any) 403 * (if any)
439 */ 404 */
440 405
441 if (pcert) { 406 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
442 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { 407 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
443 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 408 if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
444 if (!pkcs7_cmp_ri(ri, pcert)) 409 pcert->cert_info->issuer) &&
445 break; 410 !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
446 ri=NULL; 411 ri->issuer_and_serial->serial)) break;
447 } 412 ri=NULL;
448 if (ri == NULL) { 413 }
449 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 414 if (ri == NULL) {
450 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 415 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
451 goto err; 416 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
452 } 417 goto err;
453 } 418 }
454 419
455 jj=EVP_PKEY_size(pkey); 420 jj=EVP_PKEY_size(pkey);
@@ -460,46 +425,17 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
460 goto err; 425 goto err;
461 } 426 }
462 427
463 /* If we haven't got a certificate try each ri in turn */ 428 jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
464 429 M_ASN1_STRING_length(ri->enc_key), pkey);
465 if (pcert == NULL) 430 if (jj <= 0)
466 {
467 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
468 {
469 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
470 jj=EVP_PKEY_decrypt(tmp,
471 M_ASN1_STRING_data(ri->enc_key),
472 M_ASN1_STRING_length(ri->enc_key),
473 pkey);
474 if (jj > 0)
475 break;
476 ERR_clear_error();
477 ri = NULL;
478 }
479 if (ri == NULL)
480 {
481 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
482 PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
483 goto err;
484 }
485 }
486 else
487 { 431 {
488 jj=EVP_PKEY_decrypt(tmp, 432 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
489 M_ASN1_STRING_data(ri->enc_key), 433 goto err;
490 M_ASN1_STRING_length(ri->enc_key), pkey);
491 if (jj <= 0)
492 {
493 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
494 ERR_R_EVP_LIB);
495 goto err;
496 }
497 } 434 }
498 435
499 evp_ctx=NULL; 436 evp_ctx=NULL;
500 BIO_get_cipher_ctx(etmp,&evp_ctx); 437 BIO_get_cipher_ctx(etmp,&evp_ctx);
501 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) 438 EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
502 goto err;
503 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 439 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
504 goto err; 440 goto err;
505 441
@@ -515,8 +451,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
515 goto err; 451 goto err;
516 } 452 }
517 } 453 }
518 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) 454 EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
519 goto err;
520 455
521 OPENSSL_cleanse(tmp,jj); 456 OPENSSL_cleanse(tmp,jj);
522 457
@@ -550,8 +485,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
550 bio=BIO_new(BIO_s_mem()); 485 bio=BIO_new(BIO_s_mem());
551 BIO_set_mem_eof_return(bio,0); 486 BIO_set_mem_eof_return(bio,0);
552 } 487 }
553 if (bio == NULL)
554 goto err;
555#endif 488#endif
556 } 489 }
557 BIO_push(out,bio); 490 BIO_push(out,bio);
@@ -571,29 +504,6 @@ err:
571 return(out); 504 return(out);
572 } 505 }
573 506
574static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
575 {
576 for (;;)
577 {
578 bio=BIO_find_type(bio,BIO_TYPE_MD);
579 if (bio == NULL)
580 {
581 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
582 return NULL;
583 }
584 BIO_get_md_ctx(bio,pmd);
585 if (*pmd == NULL)
586 {
587 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
588 return NULL;
589 }
590 if (EVP_MD_CTX_type(*pmd) == nid)
591 return bio;
592 bio=BIO_next(bio);
593 }
594 return NULL;
595 }
596
597int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 507int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
598 { 508 {
599 int ret=0; 509 int ret=0;
@@ -618,7 +528,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
618 si_sk=p7->d.signed_and_enveloped->signer_info; 528 si_sk=p7->d.signed_and_enveloped->signer_info;
619 if (!(os=M_ASN1_OCTET_STRING_new())) 529 if (!(os=M_ASN1_OCTET_STRING_new()))
620 { 530 {
621 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 531 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
622 goto err; 532 goto err;
623 } 533 }
624 p7->d.signed_and_enveloped->enc_data->enc_data=os; 534 p7->d.signed_and_enveloped->enc_data->enc_data=os;
@@ -627,7 +537,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
627 /* XXXXXXXXXXXXXXXX */ 537 /* XXXXXXXXXXXXXXXX */
628 if (!(os=M_ASN1_OCTET_STRING_new())) 538 if (!(os=M_ASN1_OCTET_STRING_new()))
629 { 539 {
630 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 540 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
631 goto err; 541 goto err;
632 } 542 }
633 p7->d.enveloped->enc_data->enc_data=os; 543 p7->d.enveloped->enc_data->enc_data=os;
@@ -641,24 +551,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
641 p7->d.sign->contents->d.data = NULL; 551 p7->d.sign->contents->d.data = NULL;
642 } 552 }
643 break; 553 break;
644
645 case NID_pkcs7_digest:
646 os=PKCS7_get_octet_string(p7->d.digest->contents);
647 /* If detached data then the content is excluded */
648 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
649 {
650 M_ASN1_OCTET_STRING_free(os);
651 p7->d.digest->contents->d.data = NULL;
652 }
653 break;
654
655 } 554 }
656 555
657 if (si_sk != NULL) 556 if (si_sk != NULL)
658 { 557 {
659 if ((buf=BUF_MEM_new()) == NULL) 558 if ((buf=BUF_MEM_new()) == NULL)
660 { 559 {
661 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); 560 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
662 goto err; 561 goto err;
663 } 562 }
664 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 563 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
@@ -669,18 +568,32 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
669 j=OBJ_obj2nid(si->digest_alg->algorithm); 568 j=OBJ_obj2nid(si->digest_alg->algorithm);
670 569
671 btmp=bio; 570 btmp=bio;
672 571 for (;;)
673 btmp = PKCS7_find_digest(&mdc, btmp, j); 572 {
674 573 if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD))
675 if (btmp == NULL) 574 == NULL)
676 goto err; 575 {
677 576 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
577 goto err;
578 }
579 BIO_get_md_ctx(btmp,&mdc);
580 if (mdc == NULL)
581 {
582 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
583 goto err;
584 }
585 if (EVP_MD_CTX_type(mdc) == j)
586 break;
587 else
588 btmp=BIO_next(btmp);
589 }
590
678 /* We now have the EVP_MD_CTX, lets do the 591 /* We now have the EVP_MD_CTX, lets do the
679 * signing. */ 592 * signing. */
680 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); 593 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
681 if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) 594 if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
682 { 595 {
683 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); 596 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
684 goto err; 597 goto err;
685 } 598 }
686 599
@@ -702,17 +615,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
702 { 615 {
703 if (!(sign_time=X509_gmtime_adj(NULL,0))) 616 if (!(sign_time=X509_gmtime_adj(NULL,0)))
704 { 617 {
705 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 618 PKCS7err(PKCS7_F_PKCS7_DATASIGN,
706 ERR_R_MALLOC_FAILURE); 619 ERR_R_MALLOC_FAILURE);
707 goto err; 620 goto err;
708 } 621 }
709 if (!PKCS7_add_signed_attribute(si, 622 PKCS7_add_signed_attribute(si,
710 NID_pkcs9_signingTime, 623 NID_pkcs9_signingTime,
711 V_ASN1_UTCTIME,sign_time)) 624 V_ASN1_UTCTIME,sign_time);
712 {
713 M_ASN1_UTCTIME_free(sign_time);
714 goto err;
715 }
716 } 625 }
717 626
718 /* Add digest */ 627 /* Add digest */
@@ -720,25 +629,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
720 EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); 629 EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
721 if (!(digest=M_ASN1_OCTET_STRING_new())) 630 if (!(digest=M_ASN1_OCTET_STRING_new()))
722 { 631 {
723 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 632 PKCS7err(PKCS7_F_PKCS7_DATASIGN,
724 ERR_R_MALLOC_FAILURE); 633 ERR_R_MALLOC_FAILURE);
725 goto err; 634 goto err;
726 } 635 }
727 if (!M_ASN1_OCTET_STRING_set(digest,md_data, 636 if (!M_ASN1_OCTET_STRING_set(digest,md_data,
728 md_len)) 637 md_len))
729 { 638 {
730 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 639 PKCS7err(PKCS7_F_PKCS7_DATASIGN,
731 ERR_R_MALLOC_FAILURE); 640 ERR_R_MALLOC_FAILURE);
732 M_ASN1_OCTET_STRING_free(digest);
733 goto err; 641 goto err;
734 } 642 }
735 if (!PKCS7_add_signed_attribute(si, 643 PKCS7_add_signed_attribute(si,
736 NID_pkcs9_messageDigest, 644 NID_pkcs9_messageDigest,
737 V_ASN1_OCTET_STRING,digest)) 645 V_ASN1_OCTET_STRING,digest);
738 {
739 M_ASN1_OCTET_STRING_free(digest);
740 goto err;
741 }
742 646
743 /* Now sign the attributes */ 647 /* Now sign the attributes */
744 EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); 648 EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
@@ -753,42 +657,28 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
753 if (si->pkey->type == EVP_PKEY_DSA) 657 if (si->pkey->type == EVP_PKEY_DSA)
754 ctx_tmp.digest=EVP_dss1(); 658 ctx_tmp.digest=EVP_dss1();
755#endif 659#endif
756#ifndef OPENSSL_NO_ECDSA
757 if (si->pkey->type == EVP_PKEY_EC)
758 ctx_tmp.digest=EVP_ecdsa();
759#endif
760 660
761 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, 661 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
762 (unsigned int *)&buf->length,si->pkey)) 662 (unsigned int *)&buf->length,si->pkey))
763 { 663 {
764 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB); 664 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
765 goto err; 665 goto err;
766 } 666 }
767 if (!ASN1_STRING_set(si->enc_digest, 667 if (!ASN1_STRING_set(si->enc_digest,
768 (unsigned char *)buf->data,buf->length)) 668 (unsigned char *)buf->data,buf->length))
769 { 669 {
770 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB); 670 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
771 goto err; 671 goto err;
772 } 672 }
773 } 673 }
774 } 674 }
775 else if (i == NID_pkcs7_digest)
776 {
777 unsigned char md_data[EVP_MAX_MD_SIZE];
778 unsigned int md_len;
779 if (!PKCS7_find_digest(&mdc, bio,
780 OBJ_obj2nid(p7->d.digest->md->algorithm)))
781 goto err;
782 EVP_DigestFinal_ex(mdc,md_data,&md_len);
783 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
784 }
785 675
786 if (!PKCS7_is_detached(p7)) 676 if (!PKCS7_is_detached(p7))
787 { 677 {
788 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 678 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
789 if (btmp == NULL) 679 if (btmp == NULL)
790 { 680 {
791 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 681 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
792 goto err; 682 goto err;
793 } 683 }
794 BIO_get_mem_ptr(btmp,&buf_mem); 684 BIO_get_mem_ptr(btmp,&buf_mem);
@@ -969,9 +859,6 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
969#ifndef OPENSSL_NO_DSA 859#ifndef OPENSSL_NO_DSA
970 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); 860 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
971#endif 861#endif
972#ifndef OPENSSL_NO_ECDSA
973 if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
974#endif
975 862
976 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 863 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
977 EVP_PKEY_free(pkey); 864 EVP_PKEY_free(pkey);
@@ -996,13 +883,8 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
996 int i; 883 int i;
997 884
998 i=OBJ_obj2nid(p7->type); 885 i=OBJ_obj2nid(p7->type);
999 if (i != NID_pkcs7_signedAndEnveloped) 886 if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
1000 return NULL;
1001 if (p7->d.signed_and_enveloped == NULL)
1002 return NULL;
1003 rsk=p7->d.signed_and_enveloped->recipientinfo; 887 rsk=p7->d.signed_and_enveloped->recipientinfo;
1004 if (rsk == NULL)
1005 return NULL;
1006 ri=sk_PKCS7_RECIP_INFO_value(rsk,0); 888 ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
1007 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); 889 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
1008 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); 890 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
@@ -1056,8 +938,6 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
1056 if (p7si->auth_attr != NULL) 938 if (p7si->auth_attr != NULL)
1057 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); 939 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
1058 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); 940 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
1059 if (p7si->auth_attr == NULL)
1060 return 0;
1061 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 941 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
1062 { 942 {
1063 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, 943 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
@@ -1076,8 +956,6 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
1076 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, 956 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
1077 X509_ATTRIBUTE_free); 957 X509_ATTRIBUTE_free);
1078 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); 958 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
1079 if (p7si->unauth_attr == NULL)
1080 return 0;
1081 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 959 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
1082 { 960 {
1083 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, 961 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
@@ -1107,16 +985,10 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
1107 985
1108 if (*sk == NULL) 986 if (*sk == NULL)
1109 { 987 {
1110 if (!(*sk = sk_X509_ATTRIBUTE_new_null())) 988 *sk = sk_X509_ATTRIBUTE_new_null();
1111 return 0;
1112new_attrib: 989new_attrib:
1113 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) 990 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
1114 return 0; 991 sk_X509_ATTRIBUTE_push(*sk,attr);
1115 if (!sk_X509_ATTRIBUTE_push(*sk,attr))
1116 {
1117 X509_ATTRIBUTE_free(attr);
1118 return 0;
1119 }
1120 } 992 }
1121 else 993 else
1122 { 994 {
@@ -1129,13 +1001,7 @@ new_attrib:
1129 { 1001 {
1130 X509_ATTRIBUTE_free(attr); 1002 X509_ATTRIBUTE_free(attr);
1131 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1003 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
1132 if (attr == NULL) 1004 sk_X509_ATTRIBUTE_set(*sk,i,attr);
1133 return 0;
1134 if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
1135 {
1136 X509_ATTRIBUTE_free(attr);
1137 return 0;
1138 }
1139 goto end; 1005 goto end;
1140 } 1006 }
1141 } 1007 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 04:29:28 +0000