From 38ce604e3cc97706b876b0525ddff0121115456d Mon Sep 17 00:00:00 2001 From: djm <> Date: Sat, 6 Sep 2008 12:17:54 +0000 Subject: resolve conflicts --- src/lib/libcrypto/pkcs7/pk7_lib.c | 117 +++++++++++++++++++++++++++++++++----- 1 file changed, 103 insertions(+), 14 deletions(-) (limited to 'src/lib/libcrypto/pkcs7/pk7_lib.c') diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index ee1817c7af..f2490941a3 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents=p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: @@ -206,6 +210,12 @@ int PKCS7_set_type(PKCS7 *p7, int type) break; case NID_pkcs7_digest: + p7->type=obj; + if ((p7->d.digest=PKCS7_DIGEST_new()) + == NULL) goto err; + if (!ASN1_INTEGER_set(p7->d.digest->version,0)) + goto err; + break; default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; @@ -215,6 +225,13 @@ err: return(0); } +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) + { + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; + } + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; @@ -254,16 +271,23 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) if (!j) /* we need to add another algorithm */ { if(!(alg=X509_ALGOR_new()) - || !(alg->parameter = ASN1_TYPE_new())) { + || !(alg->parameter = ASN1_TYPE_new())) + { + X509_ALGOR_free(alg); PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); return(0); - } + } alg->algorithm=OBJ_nid2obj(nid); alg->parameter->type = V_ASN1_NULL; - sk_X509_ALGOR_push(md_sk,alg); + if (!sk_X509_ALGOR_push(md_sk,alg)) + { + X509_ALGOR_free(alg); + return 0; + } } - sk_PKCS7_SIGNER_INFO_push(signer_sk,psi); + if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) + return 0; return(1); } @@ -288,8 +312,17 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) if (*sk == NULL) *sk=sk_X509_new_null(); + if (*sk == NULL) + { + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE); + return 0; + } CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - sk_X509_push(*sk,x509); + if (!sk_X509_push(*sk,x509)) + { + X509_free(x509); + return 0; + } return(1); } @@ -314,18 +347,31 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) if (*sk == NULL) *sk=sk_X509_CRL_new_null(); + if (*sk == NULL) + { + PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE); + return 0; + } CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); - sk_X509_CRL_push(*sk,crl); + if (!sk_X509_CRL_push(*sk,crl)) + { + X509_CRL_free(crl); + return 0; + } return(1); } int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { + int nid; char is_dsa; - if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; - else is_dsa = 0; + + if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) + is_dsa = 1; + else + is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ if (!ASN1_INTEGER_set(p7i->version,1)) goto err; @@ -355,16 +401,38 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, goto err; p7i->digest_alg->parameter->type=V_ASN1_NULL; - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); - if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if(is_dsa) p7i->digest_enc_alg->parameter = NULL; - else { + nid = EVP_PKEY_type(pkey->type); + if (nid == EVP_PKEY_RSA) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) goto err; p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; - } + } + else if (nid == EVP_PKEY_DSA) + { +#if 1 + /* use 'dsaEncryption' OID for compatibility with other software + * (PKCS #7 v1.5 does specify how to handle DSA) ... */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); +#else + /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) + * would make more sense. */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); +#endif + p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ + } + else if (nid == EVP_PKEY_EC) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + } + else + return(0); return(1); err: @@ -381,9 +449,28 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, if (!PKCS7_add_signer(p7,si)) goto err; return(si); err: + PKCS7_SIGNER_INFO_free(si); return(NULL); } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) + { + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) + { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); + return 1; + } + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) @@ -407,6 +494,7 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) if (!PKCS7_add_recipient_info(p7,ri)) goto err; return(ri); err: + PKCS7_RECIP_INFO_free(ri); return(NULL); } @@ -429,7 +517,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) return(0); } - sk_PKCS7_RECIP_INFO_push(sk,ri); + if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) + return 0; return(1); } -- cgit v1.2.3-55-g6feb