diff options
author | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
commit | 462f18c7b25fe3e467f837647d07ab0a78aa8d2b (patch) | |
tree | fc8013c0a1bac05a1945846c1697e973f4c35013 /openssl/crypto/pkcs7 | |
parent | 36f711ee12b6dd5184198abed3aa551efb585587 (diff) | |
download | vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.gz vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.bz2 vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.zip |
Merged origin/release (checked in because wanted to merge new stuff)
Diffstat (limited to 'openssl/crypto/pkcs7')
-rw-r--r-- | openssl/crypto/pkcs7/bio_pk7.c | 15 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_asn1.c | 200 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_attr.c | 166 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_dgst.c | 13 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_doit.c | 2268 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_enc.c | 21 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_lib.c | 1114 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_mime.c | 53 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pk7_smime.c | 974 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pkcs7.h | 613 | ||||
-rw-r--r-- | openssl/crypto/pkcs7/pkcs7err.c | 247 |
11 files changed, 2782 insertions, 2902 deletions
diff --git a/openssl/crypto/pkcs7/bio_pk7.c b/openssl/crypto/pkcs7/bio_pk7.c index 0fd31e730..fae1c564c 100644 --- a/openssl/crypto/pkcs7/bio_pk7.c +++ b/openssl/crypto/pkcs7/bio_pk7.c @@ -1,5 +1,6 @@ /* bio_pk7.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,13 +58,13 @@ #include <openssl/bio.h> #if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS) -#include <memory.h> +# include <memory.h> #endif #include <stdio.h> /* Streaming encode support for PKCS#7 */ -BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) - { - return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); - } +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) +{ + return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); +} diff --git a/openssl/crypto/pkcs7/pk7_asn1.c b/openssl/crypto/pkcs7/pk7_asn1.c index b7ec2883c..9c0a43981 100644 --- a/openssl/crypto/pkcs7/pk7_asn1.c +++ b/openssl/crypto/pkcs7/pk7_asn1.c @@ -1,6 +1,7 @@ /* pk7_asn.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2000. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2000. */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -69,179 +70,182 @@ ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); ASN1_ADB(PKCS7) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) + ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); /* PKCS#7 streaming support */ static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { - ASN1_STREAM_ARG *sarg = exarg; - PKCS7 **pp7 = (PKCS7 **)pval; - - switch(operation) - { - - case ASN1_OP_STREAM_PRE: - if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) - return 0; - case ASN1_OP_DETACHED_PRE: - sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); - if (!sarg->ndef_bio) - return 0; - break; - - case ASN1_OP_STREAM_POST: - case ASN1_OP_DETACHED_POST: - if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) - return 0; - break; - - } - return 1; + ASN1_STREAM_ARG *sarg = exarg; + PKCS7 **pp7 = (PKCS7 **)pval; + + switch (operation) { + + case ASN1_OP_STREAM_PRE: + if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) + return 0; + case ASN1_OP_DETACHED_PRE: + sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); + if (!sarg->ndef_bio) + return 0; + break; + + case ASN1_OP_STREAM_POST: + case ASN1_OP_DETACHED_POST: + if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) + return 0; + break; + + } + return 1; } ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = { - ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS7) + ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), + ASN1_ADB_OBJECT(PKCS7) }ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7) IMPLEMENT_ASN1_FUNCTIONS(PKCS7) + IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) + IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { - ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) + ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), + ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), + ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), + ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), + ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) /* Minor tweak to operation: free up EVP_PKEY */ static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { - if(operation == ASN1_OP_FREE_POST) { - PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; - EVP_PKEY_free(si->pkey); - } - return 1; + if (operation == ASN1_OP_FREE_POST) { + PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; + EVP_PKEY_free(si->pkey); + } + return 1; } ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { - ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), - /* NB this should be a SET OF but we use a SEQUENCE OF so the - * original order * is retained when the structure is reencoded. - * Since the attributes are implicitly tagged this will not affect - * the encoding. - */ - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) + ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), + /* NB this should be a SET OF but we use a SEQUENCE OF so the + * original order * is retained when the structure is reencoded. + * Since the attributes are implicitly tagged this will not affect + * the encoding. + */ + ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) } ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) + ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), + ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) } ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) + ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), + ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), + ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) } ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) /* Minor tweak to operation: free up X509 */ static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) + void *exarg) { - if(operation == ASN1_OP_FREE_POST) { - PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; - X509_free(ri->cert); - } - return 1; + if (operation == ASN1_OP_FREE_POST) { + PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; + X509_free(ri->cert); + } + return 1; } ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { - ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), - ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) + ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), + ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), + ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { - ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), - ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), - ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) + ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), + ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), + ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) + ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), + ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), + ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), + ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), + ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), + ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { - ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) + ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) } ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { - ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), - ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), - ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) + ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), + ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), + ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) } ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) /* Specials for authenticated attributes */ -/* When signing attributes we want to reorder them to match the sorted +/* + * When signing attributes we want to reorder them to match the sorted * encoding. */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) -/* When verifying attributes we need to use the received order. So - * we use SEQUENCE OF and tag it to SET OF +/* + * When verifying attributes we need to use the received order. So we use + * SEQUENCE OF and tag it to SET OF */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) diff --git a/openssl/crypto/pkcs7/pk7_attr.c b/openssl/crypto/pkcs7/pk7_attr.c index a97db5121..88922efe2 100644 --- a/openssl/crypto/pkcs7/pk7_attr.c +++ b/openssl/crypto/pkcs7/pk7_attr.c @@ -1,6 +1,7 @@ /* pk7_attr.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2001. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2001. */ /* ==================================================================== * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,100 +67,99 @@ #include <openssl/x509.h> #include <openssl/err.h> -int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap) { - ASN1_STRING *seq; - if(!(seq = ASN1_STRING_new())) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data, - ASN1_ITEM_rptr(X509_ALGORS)); - return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, seq); + ASN1_STRING *seq; + if (!(seq = ASN1_STRING_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } + seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, + ASN1_ITEM_rptr(X509_ALGORS)); + return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq); } STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) - { - ASN1_TYPE *cap; - const unsigned char *p; +{ + ASN1_TYPE *cap; + const unsigned char *p; - cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); - if (!cap || (cap->type != V_ASN1_SEQUENCE)) - return NULL; - p = cap->value.sequence->data; - return (STACK_OF(X509_ALGOR) *) - ASN1_item_d2i(NULL, &p, cap->value.sequence->length, - ASN1_ITEM_rptr(X509_ALGORS)); - } + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); + if (!cap || (cap->type != V_ASN1_SEQUENCE)) + return NULL; + p = cap->value.sequence->data; + return (STACK_OF(X509_ALGOR) *) + ASN1_item_d2i(NULL, &p, cap->value.sequence->length, + ASN1_ITEM_rptr(X509_ALGORS)); +} /* Basic smime-capabilities OID and optional integer arg */ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) { - X509_ALGOR *alg; + X509_ALGOR *alg; - if(!(alg = X509_ALGOR_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = OBJ_nid2obj (nid); - if (arg > 0) { - ASN1_INTEGER *nbit; - if(!(alg->parameter = ASN1_TYPE_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - if(!(nbit = ASN1_INTEGER_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - if(!ASN1_INTEGER_set (nbit, arg)) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - alg->parameter->value.integer = nbit; - alg->parameter->type = V_ASN1_INTEGER; - } - sk_X509_ALGOR_push (sk, alg); - return 1; + if (!(alg = X509_ALGOR_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = OBJ_nid2obj(nid); + if (arg > 0) { + ASN1_INTEGER *nbit; + if (!(alg->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!(nbit = ASN1_INTEGER_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!ASN1_INTEGER_set(nbit, arg)) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } + alg->parameter->value.integer = nbit; + alg->parameter->type = V_ASN1_INTEGER; + } + sk_X509_ALGOR_push(sk, alg); + return 1; } int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) - { - if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) - return 0; - if (!coid) - coid = OBJ_nid2obj(NID_pkcs7_data); - return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, coid); - } +{ + if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) + return 0; + if (!coid) + coid = OBJ_nid2obj(NID_pkcs7_data); + return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, coid); +} int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) - { - if (!t && !(t=X509_gmtime_adj(NULL,0))) - { - PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, - ERR_R_MALLOC_FAILURE); - return 0; - } - return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, - V_ASN1_UTCTIME, t); - } +{ + if (!t && !(t = X509_gmtime_adj(NULL, 0))) { + PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, + ERR_R_MALLOC_FAILURE); + return 0; + } + return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, + V_ASN1_UTCTIME, t); +} int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - const unsigned char *md, int mdlen) - { - ASN1_OCTET_STRING *os; - os = ASN1_OCTET_STRING_new(); - if (!os) - return 0; - if (!ASN1_STRING_set(os, md, mdlen) - || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, os)) - { - ASN1_OCTET_STRING_free(os); - return 0; - } - return 1; - } + const unsigned char *md, int mdlen) +{ + ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); + if (!os) + return 0; + if (!ASN1_STRING_set(os, md, mdlen) + || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, os)) { + ASN1_OCTET_STRING_free(os); + return 0; + } + return 1; +} diff --git a/openssl/crypto/pkcs7/pk7_dgst.c b/openssl/crypto/pkcs7/pk7_dgst.c index 90edfa500..6b57f97ab 100644 --- a/openssl/crypto/pkcs7/pk7_dgst.c +++ b/openssl/crypto/pkcs7/pk7_dgst.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,4 +63,3 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/pkcs7.h> - diff --git a/openssl/crypto/pkcs7/pk7_doit.c b/openssl/crypto/pkcs7/pk7_doit.c index d91aa116a..dd6f6756b 100644 --- a/openssl/crypto/pkcs7/pk7_doit.c +++ b/openssl/crypto/pkcs7/pk7_doit.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,1241 +65,1157 @@ #include <openssl/err.h> static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value); + void *value); static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); -static int PKCS7_type_is_other(PKCS7* p7) - { - int isOther=1; - - int nid=OBJ_obj2nid(p7->type); - - switch( nid ) - { - case NID_pkcs7_data: - case NID_pkcs7_signed: - case NID_pkcs7_enveloped: - case NID_pkcs7_signedAndEnveloped: - case NID_pkcs7_digest: - case NID_pkcs7_encrypted: - isOther=0; - break; - default: - isOther=1; - } - - return isOther; - - } +static int PKCS7_type_is_other(PKCS7 *p7) +{ + int isOther = 1; + + int nid = OBJ_obj2nid(p7->type); + + switch (nid) { + case NID_pkcs7_data: + case NID_pkcs7_signed: + case NID_pkcs7_enveloped: + case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_digest: + case NID_pkcs7_encrypted: + isOther = 0; + break; + default: + isOther = 1; + } + + return isOther; + +} static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) - { - if ( PKCS7_type_is_data(p7)) - return p7->d.data; - if ( PKCS7_type_is_other(p7) && p7->d.other - && (p7->d.other->type == V_ASN1_OCTET_STRING)) - return p7->d.other->value.octet_string; - return NULL; - } +{ + if (PKCS7_type_is_data(p7)) + return p7->d.data; + if (PKCS7_type_is_other(p7) && p7->d.other + && (p7->d.other->type == V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; +} static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) - { - BIO *btmp; - const EVP_MD *md; - if ((btmp=BIO_new(BIO_f_md())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); - goto err; - } - - md=EVP_get_digestbyobj(alg->algorithm); - if (md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } - - BIO_set_md(btmp,md); - if (*pbio == NULL) - *pbio=btmp; - else if (!BIO_push(*pbio,btmp)) - { - PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); - goto err; - } - btmp=NULL; - - return 1; - - err: - if (btmp) - BIO_free(btmp); - return 0; - - } +{ + BIO *btmp; + const EVP_MD *md; + if ((btmp = BIO_new(BIO_f_md())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); + goto err; + } + + md = EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp, md); + if (*pbio == NULL) + *pbio = btmp; + else if (!BIO_push(*pbio, btmp)) { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); + goto err; + } + btmp = NULL; + + return 1; + + err: + if (btmp) + BIO_free(btmp); + return 0; -static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, - unsigned char *key, int keylen) - { - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY *pkey = NULL; - unsigned char *ek = NULL; - int ret = 0; - size_t eklen; +} - pkey = X509_get_pubkey(ri->cert); +static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, + unsigned char *key, int keylen) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *ek = NULL; + int ret = 0; + size_t eklen; - if (!pkey) - return 0; + pkey = X509_get_pubkey(ri->cert); - pctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pctx) - return 0; + if (!pkey) + return 0; - if (EVP_PKEY_encrypt_init(pctx) <= 0) - goto err; + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pctx) + return 0; - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) - { - PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); - goto err; - } + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; - if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) - goto err; + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) { + PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); + goto err; + } - ek = OPENSSL_malloc(eklen); + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) + goto err; - if (ek == NULL) - { - PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); - goto err; - } + ek = OPENSSL_malloc(eklen); - if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) - goto err; + if (ek == NULL) { + PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); + goto err; + } - ASN1_STRING_set0(ri->enc_key, ek, eklen); - ek = NULL; + if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) + goto err; - ret = 1; + ASN1_STRING_set0(ri->enc_key, ek, eklen); + ek = NULL; - err: - if (pkey) - EVP_PKEY_free(pkey); - if (pctx) - EVP_PKEY_CTX_free(pctx); - if (ek) - OPENSSL_free(ek); - return ret; + ret = 1; - } + err: + if (pkey) + EVP_PKEY_free(pkey); + if (pctx) + EVP_PKEY_CTX_free(pctx); + if (ek) + OPENSSL_free(ek); + return ret; +} static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) - { - EVP_PKEY_CTX *pctx = NULL; - unsigned char *ek = NULL; - size_t eklen; - - int ret = -1; - - pctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pctx) - return -1; - - if (EVP_PKEY_decrypt_init(pctx) <= 0) - goto err; - - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); - goto err; - } - - if (EVP_PKEY_decrypt(pctx, NULL, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) - goto err; - - ek = OPENSSL_malloc(eklen); - - if (ek == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) - { - ret = 0; - PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); - goto err; - } - - ret = 1; - - if (*pek) - { - OPENSSL_cleanse(*pek, *peklen); - OPENSSL_free(*pek); - } - - *pek = ek; - *peklen = eklen; - - err: - if (pctx) - EVP_PKEY_CTX_free(pctx); - if (!ret && ek) - OPENSSL_free(ek); - - return ret; - } + PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) +{ + EVP_PKEY_CTX *pctx = NULL; + unsigned char *ek = NULL; + size_t eklen; + + int ret = -1; + + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pctx) + return -1; + + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, + EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) + goto err; + + ek = OPENSSL_malloc(eklen); + + if (ek == NULL) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, ek, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) { + ret = 0; + PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); + goto err; + } + + ret = 1; + + if (*pek) { + OPENSSL_cleanse(*pek, *peklen); + OPENSSL_free(*pek); + } + + *pek = ek; + *peklen = eklen; + + err: + if (pctx) + EVP_PKEY_CTX_free(pctx); + if (!ret && ek) + OPENSSL_free(ek); + + return ret; +} BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) - { - int i; - BIO *out=NULL,*btmp=NULL; - X509_ALGOR *xa = NULL; - const EVP_CIPHER *evp_cipher=NULL; - STACK_OF(X509_ALGOR) *md_sk=NULL; - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; - PKCS7_RECIP_INFO *ri=NULL; - ASN1_OCTET_STRING *os=NULL; - - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - - switch (i) - { - case NID_pkcs7_signed: - md_sk=p7->d.sign->md_algs; - os = PKCS7_get_octet_string(p7->d.sign->contents); - break; - case NID_pkcs7_signedAndEnveloped: - rsk=p7->d.signed_and_enveloped->recipientinfo; - md_sk=p7->d.signed_and_enveloped->md_algs; - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT, - PKCS7_R_CIPHER_NOT_INITIALIZED); - goto err; - } - break; - case NID_pkcs7_enveloped: - rsk=p7->d.enveloped->recipientinfo; - xalg=p7->d.enveloped->enc_data->algorithm; - evp_cipher=p7->d.enveloped->enc_data->cipher; - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT, - PKCS7_R_CIPHER_NOT_INITIALIZED); - goto err; - } - break; - case NID_pkcs7_digest: - xa = p7->d.digest->md; - os = PKCS7_get_octet_string(p7->d.digest->contents); - break; - case NID_pkcs7_data: - break; - default: - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } - - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) - if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) - goto err; - - if (xa && !PKCS7_bio_add_digest(&out, xa)) - goto err; - - if (evp_cipher != NULL) - { - unsigned char key[EVP_MAX_KEY_LENGTH]; - unsigned char iv[EVP_MAX_IV_LENGTH]; - int keylen,ivlen; - EVP_CIPHER_CTX *ctx; - - if ((btmp=BIO_new(BIO_f_cipher())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); - goto err; - } - BIO_get_cipher_ctx(btmp, &ctx); - keylen=EVP_CIPHER_key_length(evp_cipher); - ivlen=EVP_CIPHER_iv_length(evp_cipher); - xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); - if (ivlen > 0) - if (RAND_pseudo_bytes(iv,ivlen) <= 0) - goto err; - if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) - goto err; - if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) - goto err; - if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) - goto err; - - if (ivlen > 0) { - if (xalg->parameter == NULL) { - xalg->parameter = ASN1_TYPE_new(); - if (xalg->parameter == NULL) - goto err; - } - if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) - goto err; - } - - /* Lets do the pub key stuff :-) */ - for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) - { - ri=sk_PKCS7_RECIP_INFO_value(rsk,i); - if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) - goto err; - } - OPENSSL_cleanse(key, keylen); - - if (out == NULL) - out=btmp; - else - BIO_push(out,btmp); - btmp=NULL; - } - - if (bio == NULL) - { - if (PKCS7_is_detached(p7)) - bio=BIO_new(BIO_s_null()); - else if (os && os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - if(bio == NULL) - { - bio=BIO_new(BIO_s_mem()); - if (bio == NULL) - goto err; - BIO_set_mem_eof_return(bio,0); - } - } - if (out) - BIO_push(out,bio); - else - out = bio; - bio=NULL; - if (0) - { -err: - if (out != NULL) - BIO_free_all(out); - if (btmp != NULL) - BIO_free_all(btmp); - out=NULL; - } - return(out); - } +{ + int i; + BIO *out = NULL, *btmp = NULL; + X509_ALGOR *xa = NULL; + const EVP_CIPHER *evp_cipher = NULL; + STACK_OF(X509_ALGOR) *md_sk = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + X509_ALGOR *xalg = NULL; + PKCS7_RECIP_INFO *ri = NULL; + ASN1_OCTET_STRING *os = NULL; + + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + + switch (i) { + case NID_pkcs7_signed: + md_sk = p7->d.sign->md_algs; + os = PKCS7_get_octet_string(p7->d.sign->contents); + break; + case NID_pkcs7_signedAndEnveloped: + rsk = p7->d.signed_and_enveloped->recipientinfo; + md_sk = p7->d.signed_and_enveloped->md_algs; + xalg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; + if (evp_cipher == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED); + goto err; + } + break; + case NID_pkcs7_enveloped: + rsk = p7->d.enveloped->recipientinfo; + xalg = p7->d.enveloped->enc_data->algorithm; + evp_cipher = p7->d.enveloped->enc_data->cipher; + if (evp_cipher == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED); + goto err; + } + break; + case NID_pkcs7_digest: + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; + case NID_pkcs7_data: + break; + default: + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) + if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) + goto err; + + if (xa && !PKCS7_bio_add_digest(&out, xa)) + goto err; + + if (evp_cipher != NULL) { + unsigned char key[EVP_MAX_KEY_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + int keylen, ivlen; + EVP_CIPHER_CTX *ctx; + + if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB); + goto err; + } + BIO_get_cipher_ctx(btmp, &ctx); + keylen = EVP_CIPHER_key_length(evp_cipher); + ivlen = EVP_CIPHER_iv_length(evp_cipher); + xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); + if (ivlen > 0) + if (RAND_pseudo_bytes(iv, ivlen) <= 0) + goto err; + if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0) + goto err; + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) + goto err; + if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) + goto err; + + if (ivlen > 0) { + if (xalg->parameter == NULL) { + xalg->parameter = ASN1_TYPE_new(); + if (xalg->parameter == NULL) + goto err; + } + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) + goto err; + } + + /* Lets do the pub key stuff :-) */ + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); + if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) + goto err; + } + OPENSSL_cleanse(key, keylen); + + if (out == NULL) + out = btmp; + else + BIO_push(out, btmp); + btmp = NULL; + } + + if (bio == NULL) { + if (PKCS7_is_detached(p7)) + bio = BIO_new(BIO_s_null()); + else if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if (bio == NULL) { + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; + BIO_set_mem_eof_return(bio, 0); + } + } + if (out) + BIO_push(out, bio); + else + out = bio; + bio = NULL; + if (0) { + err: + if (out != NULL) + BIO_free_all(out); + if (btmp != NULL) + BIO_free_all(btmp); + out = NULL; + } + return (out); +} static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) - { - int ret; - ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, - pcert->cert_info->issuer); - if (ret) - return ret; - return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, - ri->issuer_and_serial->serial); - } +{ + int ret; + ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, + pcert->cert_info->issuer); + if (ret) + return ret; + return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, + ri->issuer_and_serial->serial); +} /* int */ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - { - int i,j; - BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; - X509_ALGOR *xa; - ASN1_OCTET_STRING *data_body=NULL; - const EVP_MD *evp_md; - const EVP_CIPHER *evp_cipher=NULL; - EVP_CIPHER_CTX *evp_ctx=NULL; - X509_ALGOR *enc_alg=NULL; - STACK_OF(X509_ALGOR) *md_sk=NULL; - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - PKCS7_RECIP_INFO *ri=NULL; - unsigned char *ek = NULL, *tkey = NULL; - int eklen = 0, tkeylen = 0; - - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - - switch (i) - { - case NID_pkcs7_signed: - data_body=PKCS7_get_octet_string(p7->d.sign->contents); - if (!PKCS7_is_detached(p7) && data_body == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_INVALID_SIGNED_DATA_TYPE); - goto err; - } - md_sk=p7->d.sign->md_algs; - break; - case NID_pkcs7_signedAndEnveloped: - rsk=p7->d.signed_and_enveloped->recipientinfo; - md_sk=p7->d.signed_and_enveloped->md_algs; - data_body=p7->d.signed_and_enveloped->enc_data->enc_data; - enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); - goto err; - } - break; - case NID_pkcs7_enveloped: - rsk=p7->d.enveloped->recipientinfo; - enc_alg=p7->d.enveloped->enc_data->algorithm; - data_body=p7->d.enveloped->enc_data->enc_data; - evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); - goto err; - } - break; - default: - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } - - /* We will be checking the signature */ - if (md_sk != NULL) - { - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) - { - xa=sk_X509_ALGOR_value(md_sk,i); - if ((btmp=BIO_new(BIO_f_md())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); - goto err; - } - - j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbynid(j); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } - - BIO_set_md(btmp,evp_md); - if (out == NULL) - out=btmp; - else - BIO_push(out,btmp); - btmp=NULL; - } - } - - if (evp_cipher != NULL) - { +{ + int i, j; + BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; + X509_ALGOR *xa; + ASN1_OCTET_STRING *data_body = NULL; + const EVP_MD *evp_md; + const EVP_CIPHER *evp_cipher = NULL; + EVP_CIPHER_CTX *evp_ctx = NULL; + X509_ALGOR *enc_alg = NULL; + STACK_OF(X509_ALGOR) *md_sk = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + PKCS7_RECIP_INFO *ri = NULL; + unsigned char *ek = NULL, *tkey = NULL; + int eklen = 0, tkeylen = 0; + + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + + switch (i) { + case NID_pkcs7_signed: + data_body = PKCS7_get_octet_string(p7->d.sign->contents); + if (!PKCS7_is_detached(p7) && data_body == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_INVALID_SIGNED_DATA_TYPE); + goto err; + } + md_sk = p7->d.sign->md_algs; + break; + case NID_pkcs7_signedAndEnveloped: + rsk = p7->d.signed_and_enveloped->recipientinfo; + md_sk = p7->d.signed_and_enveloped->md_algs; + data_body = p7->d.signed_and_enveloped->enc_data->enc_data; + enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); + if (evp_cipher == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + goto err; + } + break; + case NID_pkcs7_enveloped: + rsk = p7->d.enveloped->recipientinfo; + enc_alg = p7->d.enveloped->enc_data->algorithm; + data_body = p7->d.enveloped->enc_data->enc_data; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); + if (evp_cipher == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + goto err; + } + break; + default: + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + /* We will be checking the signature */ + if (md_sk != NULL) { + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { + xa = sk_X509_ALGOR_value(md_sk, i); + if ((btmp = BIO_new(BIO_f_md())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); + goto err; + } + + j = OBJ_obj2nid(xa->algorithm); + evp_md = EVP_get_digestbynid(j); + if (evp_md == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp, evp_md); + if (out == NULL) + out = btmp; + else + BIO_push(out, btmp); + btmp = NULL; + } + } + + if (evp_cipher != NULL) { #if 0 - unsigned char key[EVP_MAX_KEY_LENGTH]; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char *p; - int keylen,ivlen; - int max; - X509_OBJECT ret; + unsigned char key[EVP_MAX_KEY_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + unsigned char *p; + int keylen, ivlen; + int max; + X509_OBJECT ret; #endif - if ((etmp=BIO_new(BIO_f_cipher())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); - goto err; - } - - /* It was encrypted, we need to decrypt the secret key - * with the private key */ - - /* Find the recipientInfo which matches the passed certificate - * (if any) - */ - - if (pcert) - { - for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) - { - ri=sk_PKCS7_RECIP_INFO_value(rsk,i); - if (!pkcs7_cmp_ri(ri, pcert)) - break; - ri=NULL; - } - if (ri == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, - PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); - goto err; - } - } - - /* If we haven't got a certificate try each ri in turn */ - if (pcert == NULL) - { - /* Always attempt to decrypt all rinfo even - * after sucess as a defence against MMA timing - * attacks. - */ - for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) - { - ri=sk_PKCS7_RECIP_INFO_value(rsk,i); - - if (pkcs7_decrypt_rinfo(&ek, &eklen, - ri, pkey) < 0) - goto err; - ERR_clear_error(); - } - } - else - { - /* Only exit on fatal errors, not decrypt failure */ - if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) - goto err; - ERR_clear_error(); - } - - evp_ctx=NULL; - BIO_get_cipher_ctx(etmp,&evp_ctx); - if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) - goto err; - if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) - goto err; - /* Generate random key as MMA defence */ - tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); - tkey = OPENSSL_malloc(tkeylen); - if (!tkey) - goto err; - if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) - goto err; - if (ek == NULL) - { - ek = tkey; - eklen = tkeylen; - tkey = NULL; - } - - if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { - /* Some S/MIME clients don't use the same key - * and effective key length. The key length is - * determined by the size of the decrypted RSA key. - */ - if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) - { - /* Use random key as MMA defence */ - OPENSSL_cleanse(ek, eklen); - OPENSSL_free(ek); - ek = tkey; - eklen = tkeylen; - tkey = NULL; - } - } - /* Clear errors so we don't leak information useful in MMA */ - ERR_clear_error(); - if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) - goto err; - - if (ek) - { - OPENSSL_cleanse(ek,eklen); - OPENSSL_free(ek); - ek = NULL; - } - if (tkey) - { - OPENSSL_cleanse(tkey,tkeylen); - OPENSSL_free(tkey); - tkey = NULL; - } - - if (out == NULL) - out=etmp; - else - BIO_push(out,etmp); - etmp=NULL; - } - + if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); + goto err; + } + + /* + * It was encrypted, we need to decrypt the secret key with the + * private key + */ + + /* + * Find the recipientInfo which matches the passed certificate (if + * any) + */ + + if (pcert) { + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); + if (!pkcs7_cmp_ri(ri, pcert)) + break; + ri = NULL; + } + if (ri == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); + goto err; + } + } + + /* If we haven't got a certificate try each ri in turn */ + if (pcert == NULL) { + /* + * Always attempt to decrypt all rinfo even after sucess as a + * defence against MMA timing attacks. + */ + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); + + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + goto err; + ERR_clear_error(); + } + } else { + /* Only exit on fatal errors, not decrypt failure */ + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + goto err; + ERR_clear_error(); + } + + evp_ctx = NULL; + BIO_get_cipher_ctx(etmp, &evp_ctx); + if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0) + goto err; + if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) + goto err; + /* Generate random key as MMA defence */ + tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); + tkey = OPENSSL_malloc(tkeylen); + if (!tkey) + goto err; + if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) + goto err; + if (ek == NULL) { + ek = tkey; + eklen = tkeylen; + tkey = NULL; + } + + if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { + /* + * Some S/MIME clients don't use the same key and effective key + * length. The key length is determined by the size of the + * decrypted RSA key. + */ + if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { + /* Use random key as MMA defence */ + OPENSSL_cleanse(ek, eklen); + OPENSSL_free(ek); + ek = tkey; + eklen = tkeylen; + tkey = NULL; + } + } + /* Clear errors so we don't leak information useful in MMA */ + ERR_clear_error(); + if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) + goto err; + + if (ek) { + OPENSSL_cleanse(ek, eklen); + OPENSSL_free(ek); + ek = NULL; + } + if (tkey) { + OPENSSL_cleanse(tkey, tkeylen); + OPENSSL_free(tkey); + tkey = NULL; + } + + if (out == NULL) + out = etmp; + else + BIO_push(out, etmp); + etmp = NULL; + } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) - { - bio=in_bio; - } - else - { -#if 0 - bio=BIO_new(BIO_s_mem()); - /* We need to set this so that when we have read all - * the data, the encrypt BIO, if present, will read - * EOF and encode the last few bytes */ - BIO_set_mem_eof_return(bio,0); - - if (data_body->length > 0) - BIO_write(bio,(char *)data_body->data,data_body->length); -#else - if (data_body->length > 0) - bio = BIO_new_mem_buf(data_body->data,data_body->length); - else { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); - } - if (bio == NULL) - goto err; -#endif - } - BIO_push(out,bio); - bio=NULL; + if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + bio = in_bio; + } else { +# if 0 + bio = BIO_new(BIO_s_mem()); + /* + * We need to set this so that when we have read all the data, the + * encrypt BIO, if present, will read EOF and encode the last few + * bytes + */ + BIO_set_mem_eof_return(bio, 0); + + if (data_body->length > 0) + BIO_write(bio, (char *)data_body->data, data_body->length); +# else + if (data_body->length > 0) + bio = BIO_new_mem_buf(data_body->data, data_body->length); + else { + bio = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio, 0); + } + if (bio == NULL) + goto err; +# endif + } + BIO_push(out, bio); + bio = NULL; #endif - if (0) - { -err: - if (ek) - { - OPENSSL_cleanse(ek,eklen); - OPENSSL_free(ek); - } - if (tkey) - { - OPENSSL_cleanse(tkey,tkeylen); - OPENSSL_free(tkey); - } - if (out != NULL) BIO_free_all(out); - if (btmp != NULL) BIO_free_all(btmp); - if (etmp != NULL) BIO_free_all(etmp); - if (bio != NULL) BIO_free_all(bio); - out=NULL; - } - return(out); - } + if (0) { + err: + if (ek) { + OPENSSL_cleanse(ek, eklen); + OPENSSL_free(ek); + } + if (tkey) { + OPENSSL_cleanse(tkey, tkeylen); + OPENSSL_free(tkey); + } + if (out != NULL) + BIO_free_all(out); + if (btmp != NULL) + BIO_free_all(btmp); + if (etmp != NULL) + BIO_free_all(etmp); + if (bio != NULL) + BIO_free_all(bio); + out = NULL; + } + return (out); +} static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) - { - for (;;) - { - bio=BIO_find_type(bio,BIO_TYPE_MD); - if (bio == NULL) - { - PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - return NULL; - } - BIO_get_md_ctx(bio,pmd); - if (*pmd == NULL) - { - PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); - return NULL; - } - if (EVP_MD_CTX_type(*pmd) == nid) - return bio; - bio=BIO_next(bio); - } - return NULL; - } +{ + for (;;) { + bio = BIO_find_type(bio, BIO_TYPE_MD); + if (bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, + PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio, pmd); + if (*pmd == NULL) { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR); + return NULL; + } + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio = BIO_next(bio); + } + return NULL; +} static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) - { - unsigned char md_data[EVP_MAX_MD_SIZE]; - unsigned int md_len; - - /* Add signing time if not already present */ - if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) - { - if (!PKCS7_add0_attrib_signing_time(si, NULL)) - { - PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, - ERR_R_MALLOC_FAILURE); - return 0; - } - } - - /* Add digest */ - if (!EVP_DigestFinal_ex(mctx, md_data,&md_len)) - { - PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); - return 0; - } - if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) - { - PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); - return 0; - } - - /* Now sign the attributes */ - if (!PKCS7_SIGNER_INFO_sign(si)) - return 0; - - return 1; - } - - +{ + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + + /* Add signing time if not already present */ + if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { + if (!PKCS7_add0_attrib_signing_time(si, NULL)) { + PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); + return 0; + } + } + + /* Add digest */ + if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) { + PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); + return 0; + } + if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { + PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Now sign the attributes */ + if (!PKCS7_SIGNER_INFO_sign(si)) + return 0; + + return 1; +} + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - { - int ret=0; - int i,j; - BIO *btmp; - PKCS7_SIGNER_INFO *si; - EVP_MD_CTX *mdc,ctx_tmp; - STACK_OF(X509_ATTRIBUTE) *sk; - STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; - ASN1_OCTET_STRING *os=NULL; - - EVP_MD_CTX_init(&ctx_tmp); - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - - switch (i) - { - case NID_pkcs7_data: - os = p7->d.data; - break; - case NID_pkcs7_signedAndEnveloped: - /* XXXXXXXXXXXXXXXX */ - si_sk=p7->d.signed_and_enveloped->signer_info; - os = p7->d.signed_and_enveloped->enc_data->enc_data; - if (!os) - { - os=M_ASN1_OCTET_STRING_new(); - if (!os) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); - goto err; - } - p7->d.signed_and_enveloped->enc_data->enc_data=os; - } - break; - case NID_pkcs7_enveloped: - /* XXXXXXXXXXXXXXXX */ - os = p7->d.enveloped->enc_data->enc_data; - if (!os) - { - os=M_ASN1_OCTET_STRING_new(); - if (!os) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); - goto err; - } - p7->d.enveloped->enc_data->enc_data=os; - } - break; - case NID_pkcs7_signed: - si_sk=p7->d.sign->signer_info; - os=PKCS7_get_octet_string(p7->d.sign->contents); - /* If detached data then the content is excluded */ - if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { - M_ASN1_OCTET_STRING_free(os); - p7->d.sign->contents->d.data = NULL; - } - break; - - case NID_pkcs7_digest: - os=PKCS7_get_octet_string(p7->d.digest->contents); - /* If detached data then the content is excluded */ - if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) - { - M_ASN1_OCTET_STRING_free(os); - p7->d.digest->contents->d.data = NULL; - } - break; - - default: - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } - - if (si_sk != NULL) - { - for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) - { - si=sk_PKCS7_SIGNER_INFO_value(si_sk,i); - if (si->pkey == NULL) - continue; - - j = OBJ_obj2nid(si->digest_alg->algorithm); - - btmp=bio; - - btmp = PKCS7_find_digest(&mdc, btmp, j); - - if (btmp == NULL) - goto err; - - /* We now have the EVP_MD_CTX, lets do the - * signing. */ - if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc)) - goto err; - - sk=si->auth_attr; - - /* If there are attributes, we add the digest - * attribute and only sign the attributes */ - if (sk_X509_ATTRIBUTE_num(sk) > 0) - { - if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) - goto err; - } - else - { - unsigned char *abuf = NULL; - unsigned int abuflen; - abuflen = EVP_PKEY_size(si->pkey); - abuf = OPENSSL_malloc(abuflen); - if (!abuf) - goto err; - - if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, - si->pkey)) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, - ERR_R_EVP_LIB); - goto err; - } - ASN1_STRING_set0(si->enc_digest, abuf, abuflen); - } - } - } - else if (i == NID_pkcs7_digest) - { - unsigned char md_data[EVP_MAX_MD_SIZE]; - unsigned int md_len; - if (!PKCS7_find_digest(&mdc, bio, - OBJ_obj2nid(p7->d.digest->md->algorithm))) - goto err; - if (!EVP_DigestFinal_ex(mdc,md_data,&md_len)) - goto err; - M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); - } - - if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) - { - char *cont; - long contlen; - btmp=BIO_find_type(bio,BIO_TYPE_MEM); - if (btmp == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); - goto err; - } - contlen = BIO_get_mem_data(btmp, &cont); - /* Mark the BIO read only then we can use its copy of the data - * instead of making an extra copy. - */ - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(btmp, 0); - ASN1_STRING_set0(os, (unsigned char *)cont, contlen); - } - ret=1; -err: - EVP_MD_CTX_cleanup(&ctx_tmp); - return(ret); - } +{ + int ret = 0; + int i, j; + BIO *btmp; + PKCS7_SIGNER_INFO *si; + EVP_MD_CTX *mdc, ctx_tmp; + STACK_OF(X509_ATTRIBUTE) *sk; + STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; + ASN1_OCTET_STRING *os = NULL; + + EVP_MD_CTX_init(&ctx_tmp); + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + + switch (i) { + case NID_pkcs7_data: + os = p7->d.data; + break; + case NID_pkcs7_signedAndEnveloped: + /* XXXXXXXXXXXXXXXX */ + si_sk = p7->d.signed_and_enveloped->signer_info; + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (!os) { + os = M_ASN1_OCTET_STRING_new(); + if (!os) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); + goto err; + } + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } + break; + case NID_pkcs7_enveloped: + /* XXXXXXXXXXXXXXXX */ + os = p7->d.enveloped->enc_data->enc_data; + if (!os) { + os = M_ASN1_OCTET_STRING_new(); + if (!os) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); + goto err; + } + p7->d.enveloped->enc_data->enc_data = os; + } + break; + case NID_pkcs7_signed: + si_sk = p7->d.sign->signer_info; + os = PKCS7_get_octet_string(p7->d.sign->contents); + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { + M_ASN1_OCTET_STRING_free(os); + p7->d.sign->contents->d.data = NULL; + } + break; + + case NID_pkcs7_digest: + os = PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { + M_ASN1_OCTET_STRING_free(os); + p7->d.digest->contents->d.data = NULL; + } + break; + + default: + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + if (si_sk != NULL) { + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { + si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); + if (si->pkey == NULL) + continue; + + j = OBJ_obj2nid(si->digest_alg->algorithm); + + btmp = bio; + + btmp = PKCS7_find_digest(&mdc, btmp, j); + + if (btmp == NULL) + goto err; + + /* + * We now have the EVP_MD_CTX, lets do the signing. + */ + if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) + goto err; + + sk = si->auth_attr; + + /* + * If there are attributes, we add the digest attribute and only + * sign the attributes + */ + if (sk_X509_ATTRIBUTE_num(sk) > 0) { + if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) + goto err; + } else { + unsigned char *abuf = NULL; + unsigned int abuflen; + abuflen = EVP_PKEY_size(si->pkey); + abuf = OPENSSL_malloc(abuflen); + if (!abuf) + goto err; + + if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); + goto err; + } + ASN1_STRING_set0(si->enc_digest, abuf, abuflen); + } + } + } else if (i == NID_pkcs7_digest) { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) + goto err; + if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) + goto err; + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } + + if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { + char *cont; + long contlen; + btmp = BIO_find_type(bio, BIO_TYPE_MEM); + if (btmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + goto err; + } + contlen = BIO_get_mem_data(btmp, &cont); + /* + * Mark the BIO read only then we can use its copy of the data + * instead of making an extra copy. + */ + BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(btmp, 0); + ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + } + ret = 1; + err: + EVP_MD_CTX_cleanup(&ctx_tmp); + return (ret); +} int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) - { - EVP_MD_CTX mctx; - EVP_PKEY_CTX *pctx; - unsigned char *abuf = NULL; - int alen; - size_t siglen; - const EVP_MD *md = NULL; - - md = EVP_get_digestbyobj(si->digest_alg->algorithm); - if (md == NULL) - return 0; - - EVP_MD_CTX_init(&mctx); - if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) - goto err; - - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) - { - PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); - goto err; - } - - alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); - if(!abuf) - goto err; - if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) - goto err; - OPENSSL_free(abuf); - abuf = NULL; - if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) - goto err; - abuf = OPENSSL_malloc(siglen); - if(!abuf) - goto err; - if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) - goto err; - - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) - { - PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); - goto err; - } - - EVP_MD_CTX_cleanup(&mctx); - - ASN1_STRING_set0(si->enc_digest, abuf, siglen); - - return 1; - - err: - if (abuf) - OPENSSL_free(abuf); - EVP_MD_CTX_cleanup(&mctx); - return 0; - - } +{ + EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; + unsigned char *abuf = NULL; + int alen; + size_t siglen; + const EVP_MD *md = NULL; + + md = EVP_get_digestbyobj(si->digest_alg->algorithm); + if (md == NULL) + return 0; + + EVP_MD_CTX_init(&mctx); + if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); + goto err; + } + + alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, + ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); + if (!abuf) + goto err; + if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + goto err; + OPENSSL_free(abuf); + abuf = NULL; + if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) + goto err; + abuf = OPENSSL_malloc(siglen); + if (!abuf) + goto err; + if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); + goto err; + } + + EVP_MD_CTX_cleanup(&mctx); + + ASN1_STRING_set0(si->enc_digest, abuf, siglen); + + return 1; + + err: + if (abuf) + OPENSSL_free(abuf); + EVP_MD_CTX_cleanup(&mctx); + return 0; + +} int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, - PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { - PKCS7_ISSUER_AND_SERIAL *ias; - int ret=0,i; - STACK_OF(X509) *cert; - X509 *x509; - - if (PKCS7_type_is_signed(p7)) - { - cert=p7->d.sign->cert; - } - else if (PKCS7_type_is_signedAndEnveloped(p7)) - { - cert=p7->d.signed_and_enveloped->cert; - } - else - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); - goto err; - } - /* XXXXXXXXXXXXXXXXXXXXXXX */ - ias=si->issuer_and_serial; - - x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); - - /* were we able to find the cert in passed to us */ - if (x509 == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); - goto err; - } - - /* Lets verify */ - if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); - goto err; - } - X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); - i=X509_verify_cert(ctx); - if (i <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); - X509_STORE_CTX_cleanup(ctx); - goto err; - } - X509_STORE_CTX_cleanup(ctx); - - return PKCS7_signatureVerify(bio, p7, si, x509); - err: - return ret; - } + PKCS7 *p7, PKCS7_SIGNER_INFO *si) +{ + PKCS7_ISSUER_AND_SERIAL *ias; + int ret = 0, i; + STACK_OF(X509) *cert; + X509 *x509; + + if (PKCS7_type_is_signed(p7)) { + cert = p7->d.sign->cert; + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + cert = p7->d.signed_and_enveloped->cert; + } else { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); + goto err; + } + /* XXXXXXXXXXXXXXXXXXXXXXX */ + ias = si->issuer_and_serial; + + x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial); + + /* were we able to find the cert in passed to us */ + if (x509 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, + PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); + goto err; + } + + /* Lets verify */ + if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); + goto err; + } + X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); + i = X509_verify_cert(ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); + X509_STORE_CTX_cleanup(ctx); + goto err; + } + X509_STORE_CTX_cleanup(ctx); + + return PKCS7_signatureVerify(bio, p7, si, x509); + err: + return ret; +} int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509) - { - ASN1_OCTET_STRING *os; - EVP_MD_CTX mdc_tmp,*mdc; - int ret=0,i; - int md_type; - STACK_OF(X509_ATTRIBUTE) *sk; - BIO *btmp; - EVP_PKEY *pkey; - - EVP_MD_CTX_init(&mdc_tmp); - - if (!PKCS7_type_is_signed(p7) && - !PKCS7_type_is_signedAndEnveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_WRONG_PKCS7_TYPE); - goto err; - } - - md_type=OBJ_obj2nid(si->digest_alg->algorithm); - - btmp=bio; - for (;;) - { - if ((btmp == NULL) || - ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_MD_CTX_type(mdc) == md_type) - break; - /* Workaround for some broken clients that put the signature - * OID instead of the digest OID in digest_alg->algorithm - */ - if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) - break; - btmp=BIO_next(btmp); - } - - /* mdc is the digest ctx that we want, unless there are attributes, - * in which case the digest is the signed attributes */ - if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc)) - goto err; - - sk=si->auth_attr; - if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) - { - unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; - unsigned int md_len; - int alen; - ASN1_OCTET_STRING *message_digest; - - if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len)) - goto err; - message_digest=PKCS7_digest_from_attributes(sk); - if (!message_digest) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - if ((message_digest->length != (int)md_len) || - (memcmp(message_digest->data,md_dat,md_len))) - { -#if 0 + X509 *x509) { -int ii; -for (ii=0; ii<message_digest->length; ii++) - printf("%02X",message_digest->data[ii]); printf(" sent\n"); -for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); -} + ASN1_OCTET_STRING *os; + EVP_MD_CTX mdc_tmp, *mdc; + int ret = 0, i; + int md_type; + STACK_OF(X509_ATTRIBUTE) *sk; + BIO *btmp; + EVP_PKEY *pkey; + + EVP_MD_CTX_init(&mdc_tmp); + + if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); + goto err; + } + + md_type = OBJ_obj2nid(si->digest_alg->algorithm); + + btmp = bio; + for (;;) { + if ((btmp == NULL) || + ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, + PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + goto err; + } + BIO_get_md_ctx(btmp, &mdc); + if (mdc == NULL) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } + if (EVP_MD_CTX_type(mdc) == md_type) + break; + /* + * Workaround for some broken clients that put the signature OID + * instead of the digest OID in digest_alg->algorithm + */ + if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) + break; + btmp = BIO_next(btmp); + } + + /* + * mdc is the digest ctx that we want, unless there are attributes, in + * which case the digest is the signed attributes + */ + if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) + goto err; + + sk = si->auth_attr; + if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { + unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; + unsigned int md_len; + int alen; + ASN1_OCTET_STRING *message_digest; + + if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) + goto err; + message_digest = PKCS7_digest_from_attributes(sk); + if (!message_digest) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, + PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + goto err; + } + if ((message_digest->length != (int)md_len) || + (memcmp(message_digest->data, md_dat, md_len))) { +#if 0 + { + int ii; + for (ii = 0; ii < message_digest->length; ii++) + printf("%02X", message_digest->data[ii]); + printf(" sent\n"); + for (ii = 0; ii < md_len; ii++) + printf("%02X", md_dat[ii]); + printf(" calc\n"); + } #endif - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_DIGEST_FAILURE); - ret= -1; - goto err; - } - - if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL)) - goto err; - - alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); - if (alen <= 0) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB); - ret = -1; - goto err; - } - if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) - goto err; - - OPENSSL_free(abuf); - } - - os=si->enc_digest; - pkey = X509_get_pubkey(x509); - if (!pkey) - { - ret = -1; - goto err; - } - - i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); - EVP_PKEY_free(pkey); - if (i <= 0) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_SIGNATURE_FAILURE); - ret= -1; - goto err; - } - else - ret=1; -err: - EVP_MD_CTX_cleanup(&mdc_tmp); - return(ret); - } + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); + ret = -1; + goto err; + } + + if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) + goto err; + + alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, + ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); + if (alen <= 0) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB); + ret = -1; + goto err; + } + if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) + goto err; + + OPENSSL_free(abuf); + } + + os = si->enc_digest; + pkey = X509_get_pubkey(x509); + if (!pkey) { + ret = -1; + goto err; + } + + i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); + EVP_PKEY_free(pkey); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); + ret = -1; + goto err; + } else + ret = 1; + err: + EVP_MD_CTX_cleanup(&mdc_tmp); + return (ret); +} PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) - { - STACK_OF(PKCS7_RECIP_INFO) *rsk; - PKCS7_RECIP_INFO *ri; - int i; - - i=OBJ_obj2nid(p7->type); - if (i != NID_pkcs7_signedAndEnveloped) - return NULL; - if (p7->d.signed_and_enveloped == NULL) - return NULL; - rsk=p7->d.signed_and_enveloped->recipientinfo; - if (rsk == NULL) - return NULL; - ri=sk_PKCS7_RECIP_INFO_value(rsk,0); - if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); - ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); - return(ri->issuer_and_serial); - } +{ + STACK_OF(PKCS7_RECIP_INFO) *rsk; + PKCS7_RECIP_INFO *ri; + int i; + + i = OBJ_obj2nid(p7->type); + if (i != NID_pkcs7_signedAndEnveloped) + return NULL; + if (p7->d.signed_and_enveloped == NULL) + return NULL; + rsk = p7->d.signed_and_enveloped->recipientinfo; + if (rsk == NULL) + return NULL; + ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); + if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) + return (NULL); + ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); + return (ri->issuer_and_serial); +} ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) - { - return(get_attribute(si->auth_attr,nid)); - } +{ + return (get_attribute(si->auth_attr, nid)); +} ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) - { - return(get_attribute(si->unauth_attr,nid)); - } +{ + return (get_attribute(si->unauth_attr, nid)); +} static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) - { - int i; - X509_ATTRIBUTE *xa; - ASN1_OBJECT *o; - - o=OBJ_nid2obj(nid); - if (!o || !sk) return(NULL); - for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) - { - xa=sk_X509_ATTRIBUTE_value(sk,i); - if (OBJ_cmp(xa->object,o) == 0) - { - if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) - return(sk_ASN1_TYPE_value(xa->value.set,0)); - else - return(NULL); - } - } - return(NULL); - } +{ + int i; + X509_ATTRIBUTE *xa; + ASN1_OBJECT *o; + + o = OBJ_nid2obj(nid); + if (!o || !sk) + return (NULL); + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + xa = sk_X509_ATTRIBUTE_value(sk, i); + if (OBJ_cmp(xa->object, o) == 0) { + if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) + return (sk_ASN1_TYPE_value(xa->value.set, 0)); + else + return (NULL); + } + } + return (NULL); +} ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) { - ASN1_TYPE *astype; - if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; - return astype->value.octet_string; + ASN1_TYPE *astype; + if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) + return NULL; + return astype->value.octet_string; } int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk) - { - int i; - - if (p7si->auth_attr != NULL) - sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); - p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); - if (p7si->auth_attr == NULL) - return 0; - for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) - { - if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) - == NULL) - return(0); - } - return(1); - } - -int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) - { - int i; - - if (p7si->unauth_attr != NULL) - sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, - X509_ATTRIBUTE_free); - p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); - if (p7si->unauth_attr == NULL) - return 0; - for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) - { - if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) - == NULL) - return(0); - } - return(1); - } + STACK_OF(X509_ATTRIBUTE) *sk) +{ + int i; + + if (p7si->auth_attr != NULL) + sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); + p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); + if (p7si->auth_attr == NULL) + return 0; + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value + (sk, i)))) + == NULL) + return (0); + } + return (1); +} + +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk) +{ + int i; + + if (p7si->unauth_attr != NULL) + sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); + p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); + if (p7si->unauth_attr == NULL) + return 0; + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value + (sk, i)))) + == NULL) + return (0); + } + return (1); +} int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) - { - return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); - } + void *value) +{ + return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); +} int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) - { - return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); - } + void *value) +{ + return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); +} static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value) - { - X509_ATTRIBUTE *attr=NULL; - - if (*sk == NULL) - { - *sk = sk_X509_ATTRIBUTE_new_null(); - if (*sk == NULL) - return 0; -new_attrib: - if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) - return 0; - if (!sk_X509_ATTRIBUTE_push(*sk,attr)) - { - X509_ATTRIBUTE_free(attr); - return 0; - } - } - else - { - int i; - - for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) - { - attr=sk_X509_ATTRIBUTE_value(*sk,i); - if (OBJ_obj2nid(attr->object) == nid) - { - X509_ATTRIBUTE_free(attr); - attr=X509_ATTRIBUTE_create(nid,atrtype,value); - if (attr == NULL) - return 0; - if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) - { - X509_ATTRIBUTE_free(attr); - return 0; - } - goto end; - } - } - goto new_attrib; - } -end: - return(1); - } - + void *value) +{ + X509_ATTRIBUTE *attr = NULL; + + if (*sk == NULL) { + *sk = sk_X509_ATTRIBUTE_new_null(); + if (*sk == NULL) + return 0; + new_attrib: + if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) + return 0; + if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { + X509_ATTRIBUTE_free(attr); + return 0; + } + } else { + int i; + + for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { + attr = sk_X509_ATTRIBUTE_value(*sk, i); + if (OBJ_obj2nid(attr->object) == nid) { + X509_ATTRIBUTE_free(attr); + attr = X509_ATTRIBUTE_create(nid, atrtype, value); + if (attr == NULL) + return 0; + if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { + X509_ATTRIBUTE_free(attr); + return 0; + } + goto end; + } + } + goto new_attrib; + } + end: + return (1); +} diff --git a/openssl/crypto/pkcs7/pk7_enc.c b/openssl/crypto/pkcs7/pk7_enc.c index acbb189c5..6983e014c 100644 --- a/openssl/crypto/pkcs7/pk7_enc.c +++ b/openssl/crypto/pkcs7/pk7_enc.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -64,13 +64,12 @@ #include <openssl/x509.h> #include <openssl/pkcs7.h> -PKCS7_in_bio(PKCS7 *p7,BIO *in); -PKCS7_out_bio(PKCS7 *p7,BIO *out); +PKCS7_in_bio(PKCS7 *p7, BIO *in); +PKCS7_out_bio(PKCS7 *p7, BIO *out); -PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key); -PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher); +PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key); +PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher); PKCS7_Init(PKCS7 *p7); PKCS7_Update(PKCS7 *p7); PKCS7_Finish(PKCS7 *p7); - diff --git a/openssl/crypto/pkcs7/pk7_lib.c b/openssl/crypto/pkcs7/pk7_lib.c index d411269b5..c77381275 100644 --- a/openssl/crypto/pkcs7/pk7_lib.c +++ b/openssl/crypto/pkcs7/pk7_lib.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,603 +63,581 @@ #include "asn1_locl.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) - { - int nid; - long ret; - - nid=OBJ_obj2nid(p7->type); - - switch (cmd) - { - case PKCS7_OP_SET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { - ret=p7->detached=(int)larg; - if (ret && PKCS7_type_is_data(p7->d.sign->contents)) - { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.data; - ASN1_OCTET_STRING_free(os); - p7->d.sign->contents->d.data = NULL; - } - } - else - { - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); - ret=0; - } - break; - case PKCS7_OP_GET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { - if(!p7->d.sign || !p7->d.sign->contents->d.ptr) - ret = 1; - else ret = 0; - - p7->detached = ret; - } - else - { - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); - ret=0; - } - - break; - default: - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); - ret=0; - } - return(ret); - } +{ + int nid; + long ret; + + nid = OBJ_obj2nid(p7->type); + + switch (cmd) { + case PKCS7_OP_SET_DETACHED_SIGNATURE: + if (nid == NID_pkcs7_signed) { + ret = p7->detached = (int)larg; + if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { + ASN1_OCTET_STRING *os; + os = p7->d.sign->contents->d.data; + ASN1_OCTET_STRING_free(os); + p7->d.sign->contents->d.data = NULL; + } + } else { + PKCS7err(PKCS7_F_PKCS7_CTRL, + PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret = 0; + } + break; + case PKCS7_OP_GET_DETACHED_SIGNATURE: + if (nid == NID_pkcs7_signed) { + if (!p7->d.sign || !p7->d.sign->contents->d.ptr) + ret = 1; + else + ret = 0; + + p7->detached = ret; + } else { + PKCS7err(PKCS7_F_PKCS7_CTRL, + PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret = 0; + } + + break; + default: + PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION); + ret = 0; + } + return (ret); +} int PKCS7_content_new(PKCS7 *p7, int type) - { - PKCS7 *ret=NULL; - - if ((ret=PKCS7_new()) == NULL) goto err; - if (!PKCS7_set_type(ret,type)) goto err; - if (!PKCS7_set_content(p7,ret)) goto err; - - return(1); -err: - if (ret != NULL) PKCS7_free(ret); - return(0); - } +{ + PKCS7 *ret = NULL; + + if ((ret = PKCS7_new()) == NULL) + goto err; + if (!PKCS7_set_type(ret, type)) + goto err; + if (!PKCS7_set_content(p7, ret)) + goto err; + + return (1); + err: + if (ret != NULL) + PKCS7_free(ret); + return (0); +} int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) - { - int i; - - i=OBJ_obj2nid(p7->type); - switch (i) - { - case NID_pkcs7_signed: - if (p7->d.sign->contents != NULL) - PKCS7_free(p7->d.sign->contents); - p7->d.sign->contents=p7_data; - break; - case NID_pkcs7_digest: - if (p7->d.digest->contents != NULL) - PKCS7_free(p7->d.digest->contents); - p7->d.digest->contents=p7_data; - break; - case NID_pkcs7_data: - case NID_pkcs7_enveloped: - case NID_pkcs7_signedAndEnveloped: - case NID_pkcs7_encrypted: - default: - PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } - return(1); -err: - return(0); - } +{ + int i; + + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signed: + if (p7->d.sign->contents != NULL) + PKCS7_free(p7->d.sign->contents); + p7->d.sign->contents = p7_data; + break; + case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents = p7_data; + break; + case NID_pkcs7_data: + case NID_pkcs7_enveloped: + case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_encrypted: + default: + PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + return (1); + err: + return (0); +} int PKCS7_set_type(PKCS7 *p7, int type) - { - ASN1_OBJECT *obj; - - /*PKCS7_content_free(p7);*/ - obj=OBJ_nid2obj(type); /* will not fail */ - - switch (type) - { - case NID_pkcs7_signed: - p7->type=obj; - if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) - goto err; - if (!ASN1_INTEGER_set(p7->d.sign->version,1)) - { - PKCS7_SIGNED_free(p7->d.sign); - p7->d.sign=NULL; - goto err; - } - break; - case NID_pkcs7_data: - p7->type=obj; - if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) - goto err; - break; - case NID_pkcs7_signedAndEnveloped: - p7->type=obj; - if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) - == NULL) goto err; - ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); - if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) - goto err; - p7->d.signed_and_enveloped->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); - break; - case NID_pkcs7_enveloped: - p7->type=obj; - if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) - == NULL) goto err; - if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) - goto err; - p7->d.enveloped->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); - break; - case NID_pkcs7_encrypted: - p7->type=obj; - if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) - == NULL) goto err; - if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) - goto err; - p7->d.encrypted->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); - break; - - case NID_pkcs7_digest: - p7->type=obj; - if ((p7->d.digest=PKCS7_DIGEST_new()) - == NULL) goto err; - if (!ASN1_INTEGER_set(p7->d.digest->version,0)) - goto err; - break; - default: - PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } - return(1); -err: - return(0); - } +{ + ASN1_OBJECT *obj; + + /* + * PKCS7_content_free(p7); + */ + obj = OBJ_nid2obj(type); /* will not fail */ + + switch (type) { + case NID_pkcs7_signed: + p7->type = obj; + if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) { + PKCS7_SIGNED_free(p7->d.sign); + p7->d.sign = NULL; + goto err; + } + break; + case NID_pkcs7_data: + p7->type = obj; + if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL) + goto err; + break; + case NID_pkcs7_signedAndEnveloped: + p7->type = obj; + if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) + == NULL) + goto err; + ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1); + if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) + goto err; + p7->d.signed_and_enveloped->enc_data->content_type + = OBJ_nid2obj(NID_pkcs7_data); + break; + case NID_pkcs7_enveloped: + p7->type = obj; + if ((p7->d.enveloped = PKCS7_ENVELOPE_new()) + == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) + goto err; + p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); + break; + case NID_pkcs7_encrypted: + p7->type = obj; + if ((p7->d.encrypted = PKCS7_ENCRYPT_new()) + == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) + goto err; + p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); + break; + + case NID_pkcs7_digest: + p7->type = obj; + if ((p7->d.digest = PKCS7_DIGEST_new()) + == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) + goto err; + break; + default: + PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + return (1); + err: + return (0); +} int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) - { - p7->type = OBJ_nid2obj(type); - p7->d.other = other; - return 1; - } +{ + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; +} int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) - { - int i,j,nid; - X509_ALGOR *alg; - STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; - STACK_OF(X509_ALGOR) *md_sk; - - i=OBJ_obj2nid(p7->type); - switch (i) - { - case NID_pkcs7_signed: - signer_sk= p7->d.sign->signer_info; - md_sk= p7->d.sign->md_algs; - break; - case NID_pkcs7_signedAndEnveloped: - signer_sk= p7->d.signed_and_enveloped->signer_info; - md_sk= p7->d.signed_and_enveloped->md_algs; - break; - default: - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } - - nid=OBJ_obj2nid(psi->digest_alg->algorithm); - - /* If the digest is not currently listed, add it */ - j=0; - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) - { - alg=sk_X509_ALGOR_value(md_sk,i); - if (OBJ_obj2nid(alg->algorithm) == nid) - { - j=1; - break; - } - } - if (!j) /* we need to add another algorithm */ - { - if(!(alg=X509_ALGOR_new()) - || !(alg->parameter = ASN1_TYPE_new())) - { - X509_ALGOR_free(alg); - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); - return(0); - } - alg->algorithm=OBJ_nid2obj(nid); - alg->parameter->type = V_ASN1_NULL; - if (!sk_X509_ALGOR_push(md_sk,alg)) - { - X509_ALGOR_free(alg); - return 0; - } - } - - if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) - return 0; - return(1); - } +{ + int i, j, nid; + X509_ALGOR *alg; + STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; + STACK_OF(X509_ALGOR) *md_sk; + + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signed: + signer_sk = p7->d.sign->signer_info; + md_sk = p7->d.sign->md_algs; + break; + case NID_pkcs7_signedAndEnveloped: + signer_sk = p7->d.signed_and_enveloped->signer_info; + md_sk = p7->d.signed_and_enveloped->md_algs; + break; + default: + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } + + nid = OBJ_obj2nid(psi->digest_alg->algorithm); + + /* If the digest is not currently listed, add it */ + j = 0; + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { + alg = sk_X509_ALGOR_value(md_sk, i); + if (OBJ_obj2nid(alg->algorithm) == nid) { + j = 1; + break; + } + } + if (!j) { /* we need to add another algorithm */ + if (!(alg = X509_ALGOR_new()) + || !(alg->parameter = ASN1_TYPE_new())) { + X509_ALGOR_free(alg); + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); + return (0); + } + alg->algorithm = OBJ_nid2obj(nid); + alg->parameter->type = V_ASN1_NULL; + if (!sk_X509_ALGOR_push(md_sk, alg)) { + X509_ALGOR_free(alg); + return 0; + } + } + + if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) + return 0; + return (1); +} int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) - { - int i; - STACK_OF(X509) **sk; - - i=OBJ_obj2nid(p7->type); - switch (i) - { - case NID_pkcs7_signed: - sk= &(p7->d.sign->cert); - break; - case NID_pkcs7_signedAndEnveloped: - sk= &(p7->d.signed_and_enveloped->cert); - break; - default: - PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } - - if (*sk == NULL) - *sk=sk_X509_new_null(); - if (*sk == NULL) - { - PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); - return 0; - } - CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - if (!sk_X509_push(*sk,x509)) - { - X509_free(x509); - return 0; - } - return(1); - } +{ + int i; + STACK_OF(X509) **sk; + + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signed: + sk = &(p7->d.sign->cert); + break; + case NID_pkcs7_signedAndEnveloped: + sk = &(p7->d.signed_and_enveloped->cert); + break; + default: + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } + + if (*sk == NULL) + *sk = sk_X509_new_null(); + if (*sk == NULL) { + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); + return 0; + } + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + if (!sk_X509_push(*sk, x509)) { + X509_free(x509); + return 0; + } + return (1); +} int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) - { - int i; - STACK_OF(X509_CRL) **sk; - - i=OBJ_obj2nid(p7->type); - switch (i) - { - case NID_pkcs7_signed: - sk= &(p7->d.sign->crl); - break; - case NID_pkcs7_signedAndEnveloped: - sk= &(p7->d.signed_and_enveloped->crl); - break; - default: - PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } - - if (*sk == NULL) - *sk=sk_X509_CRL_new_null(); - if (*sk == NULL) - { - PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE); - return 0; - } - - CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); - if (!sk_X509_CRL_push(*sk,crl)) - { - X509_CRL_free(crl); - return 0; - } - return(1); - } +{ + int i; + STACK_OF(X509_CRL) **sk; + + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signed: + sk = &(p7->d.sign->crl); + break; + case NID_pkcs7_signedAndEnveloped: + sk = &(p7->d.signed_and_enveloped->crl); + break; + default: + PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } + + if (*sk == NULL) + *sk = sk_X509_CRL_new_null(); + if (*sk == NULL) { + PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE); + return 0; + } + + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + if (!sk_X509_CRL_push(*sk, crl)) { + X509_CRL_free(crl); + return 0; + } + return (1); +} int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) - { - int ret; - - /* We now need to add another PKCS7_SIGNER_INFO entry */ - if (!ASN1_INTEGER_set(p7i->version,1)) - goto err; - if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509))) - goto err; - - /* because ASN1_INTEGER_set is used to set a 'long' we will do - * things the ugly way. */ - M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) - goto err; - - /* lets keep the pkey around for a while */ - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - p7i->pkey=pkey; - - /* Set the algorithms */ - - X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), - V_ASN1_NULL, NULL); - - if (pkey->ameth && pkey->ameth->pkey_ctrl) - { - ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, - 0, p7i); - if (ret > 0) - return 1; - if (ret != -2) - { - PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, - PKCS7_R_SIGNING_CTRL_FAILURE); - return 0; - } - } - PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, - PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); -err: - return 0; - } + const EVP_MD *dgst) +{ + int ret; + + /* We now need to add another PKCS7_SIGNER_INFO entry */ + if (!ASN1_INTEGER_set(p7i->version, 1)) + goto err; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + goto err; + + /* + * because ASN1_INTEGER_set is used to set a 'long' we will do things the + * ugly way. + */ + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + if (!(p7i->issuer_and_serial->serial = + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + goto err; + + /* lets keep the pkey around for a while */ + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + p7i->pkey = pkey; + + /* Set the algorithms */ + + X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), + V_ASN1_NULL, NULL); + + if (pkey->ameth && pkey->ameth->pkey_ctrl) { + ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i); + if (ret > 0) + return 1; + if (ret != -2) { + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, + PKCS7_R_SIGNING_CTRL_FAILURE); + return 0; + } + } + PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, + PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + err: + return 0; +} PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) - { - PKCS7_SIGNER_INFO *si = NULL; - - if (dgst == NULL) - { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) - goto err; - dgst = EVP_get_digestbynid(def_nid); - if (dgst == NULL) - { - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, - PKCS7_R_NO_DEFAULT_DIGEST); - goto err; - } - } - - if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; - if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; - if (!PKCS7_add_signer(p7,si)) goto err; - return(si); -err: - if (si) - PKCS7_SIGNER_INFO_free(si); - return(NULL); - } + const EVP_MD *dgst) +{ + PKCS7_SIGNER_INFO *si = NULL; + + if (dgst == NULL) { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) + goto err; + dgst = EVP_get_digestbynid(def_nid); + if (dgst == NULL) { + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST); + goto err; + } + } + + if ((si = PKCS7_SIGNER_INFO_new()) == NULL) + goto err; + if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) + goto err; + if (!PKCS7_add_signer(p7, si)) + goto err; + return (si); + err: + if (si) + PKCS7_SIGNER_INFO_free(si); + return (NULL); +} int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) - { - if (PKCS7_type_is_digest(p7)) - { - if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) - { - PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); - return 0; - } - p7->d.digest->md->parameter->type = V_ASN1_NULL; - p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); - return 1; - } - - PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); - return 1; - } +{ + if (PKCS7_type_is_digest(p7)) { + if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE); + return 1; +} STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) - { - if (PKCS7_type_is_signed(p7)) - { - return(p7->d.sign->signer_info); - } - else if (PKCS7_type_is_signedAndEnveloped(p7)) - { - return(p7->d.signed_and_enveloped->signer_info); - } - else - return(NULL); - } +{ + if (PKCS7_type_is_signed(p7)) { + return (p7->d.sign->signer_info); + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + return (p7->d.signed_and_enveloped->signer_info); + } else + return (NULL); +} void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, - X509_ALGOR **pdig, X509_ALGOR **psig) - { - if (pk) - *pk = si->pkey; - if (pdig) - *pdig = si->digest_alg; - if (psig) - *psig = si->digest_enc_alg; - } + X509_ALGOR **pdig, X509_ALGOR **psig) +{ + if (pk) + *pk = si->pkey; + if (pdig) + *pdig = si->digest_alg; + if (psig) + *psig = si->digest_enc_alg; +} void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) - { - if (penc) - *penc = ri->key_enc_algor; - } +{ + if (penc) + *penc = ri->key_enc_algor; +} PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) - { - PKCS7_RECIP_INFO *ri; - - if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; - if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; - if (!PKCS7_add_recipient_info(p7,ri)) goto err; - return ri; -err: - if (ri) - PKCS7_RECIP_INFO_free(ri); - return NULL; - } +{ + PKCS7_RECIP_INFO *ri; + + if ((ri = PKCS7_RECIP_INFO_new()) == NULL) + goto err; + if (!PKCS7_RECIP_INFO_set(ri, x509)) + goto err; + if (!PKCS7_add_recipient_info(p7, ri)) + goto err; + return ri; + err: + if (ri) + PKCS7_RECIP_INFO_free(ri); + return NULL; +} int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) - { - int i; - STACK_OF(PKCS7_RECIP_INFO) *sk; - - i=OBJ_obj2nid(p7->type); - switch (i) - { - case NID_pkcs7_signedAndEnveloped: - sk= p7->d.signed_and_enveloped->recipientinfo; - break; - case NID_pkcs7_enveloped: - sk= p7->d.enveloped->recipientinfo; - break; - default: - PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } - - if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) - return 0; - return(1); - } +{ + int i; + STACK_OF(PKCS7_RECIP_INFO) *sk; + + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signedAndEnveloped: + sk = p7->d.signed_and_enveloped->recipientinfo; + break; + case NID_pkcs7_enveloped: + sk = p7->d.enveloped->recipientinfo; + break; + default: + PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, + PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } + + if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) + return 0; + return (1); +} int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) - { - int ret; - EVP_PKEY *pkey = NULL; - if (!ASN1_INTEGER_set(p7i->version,0)) - return 0; - if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509))) - return 0; - - M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) - return 0; - - pkey = X509_get_pubkey(x509); - - if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) - { - PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, - PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - goto err; - } - - ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, - 0, p7i); - if (ret == -2) - { - PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, - PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - goto err; - } - if (ret <= 0) - { - PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, - PKCS7_R_ENCRYPTION_CTRL_FAILURE); - goto err; - } - - EVP_PKEY_free(pkey); - - CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - p7i->cert=x509; - - return 1; - - err: - if (pkey) - EVP_PKEY_free(pkey); - return 0; - } +{ + int ret; + EVP_PKEY *pkey = NULL; + if (!ASN1_INTEGER_set(p7i->version, 0)) + return 0; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + return 0; + + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + if (!(p7i->issuer_and_serial->serial = + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + return 0; + + pkey = X509_get_pubkey(x509); + + if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { + PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + + ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i); + if (ret == -2) { + PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + if (ret <= 0) { + PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, + PKCS7_R_ENCRYPTION_CTRL_FAILURE); + goto err; + } + + EVP_PKEY_free(pkey); + + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + p7i->cert = x509; + + return 1; + + err: + if (pkey) + EVP_PKEY_free(pkey); + return 0; +} X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { - if (PKCS7_type_is_signed(p7)) - return(X509_find_by_issuer_and_serial(p7->d.sign->cert, - si->issuer_and_serial->issuer, - si->issuer_and_serial->serial)); - else - return(NULL); - } +{ + if (PKCS7_type_is_signed(p7)) + return (X509_find_by_issuer_and_serial(p7->d.sign->cert, + si->issuer_and_serial->issuer, + si-> + issuer_and_serial->serial)); + else + return (NULL); +} int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) - { - int i; - PKCS7_ENC_CONTENT *ec; - - i=OBJ_obj2nid(p7->type); - switch (i) - { - case NID_pkcs7_signedAndEnveloped: - ec=p7->d.signed_and_enveloped->enc_data; - break; - case NID_pkcs7_enveloped: - ec=p7->d.enveloped->enc_data; - break; - default: - PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } - - /* Check cipher OID exists and has data in it*/ - i = EVP_CIPHER_type(cipher); - if(i == NID_undef) { - PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); - return(0); - } - - ec->cipher = cipher; - return 1; - } +{ + int i; + PKCS7_ENC_CONTENT *ec; + + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signedAndEnveloped: + ec = p7->d.signed_and_enveloped->enc_data; + break; + case NID_pkcs7_enveloped: + ec = p7->d.enveloped->enc_data; + break; + default: + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } + + /* Check cipher OID exists and has data in it */ + i = EVP_CIPHER_type(cipher); + if (i == NID_undef) { + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, + PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + return (0); + } + + ec->cipher = cipher; + return 1; +} int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) - { - ASN1_OCTET_STRING *os = NULL; - - switch (OBJ_obj2nid(p7->type)) - { - case NID_pkcs7_data: - os = p7->d.data; - break; - - case NID_pkcs7_signedAndEnveloped: - os = p7->d.signed_and_enveloped->enc_data->enc_data; - if (os == NULL) - { - os=M_ASN1_OCTET_STRING_new(); - p7->d.signed_and_enveloped->enc_data->enc_data=os; - } - break; - - case NID_pkcs7_enveloped: - os = p7->d.enveloped->enc_data->enc_data; - if (os == NULL) - { - os=M_ASN1_OCTET_STRING_new(); - p7->d.enveloped->enc_data->enc_data=os; - } - break; - - case NID_pkcs7_signed: - os=p7->d.sign->contents->d.data; - break; - - default: - os = NULL; - break; - } - - if (os == NULL) - return 0; - - os->flags |= ASN1_STRING_FLAG_NDEF; - *boundary = &os->data; - - return 1; - } +{ + ASN1_OCTET_STRING *os = NULL; + + switch (OBJ_obj2nid(p7->type)) { + case NID_pkcs7_data: + os = p7->d.data; + break; + + case NID_pkcs7_signedAndEnveloped: + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (os == NULL) { + os = M_ASN1_OCTET_STRING_new(); + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } + break; + + case NID_pkcs7_enveloped: + os = p7->d.enveloped->enc_data->enc_data; + if (os == NULL) { + os = M_ASN1_OCTET_STRING_new(); + p7->d.enveloped->enc_data->enc_data = os; + } + break; + + case NID_pkcs7_signed: + os = p7->d.sign->contents->d.data; + break; + + default: + os = NULL; + break; + } + + if (os == NULL) + return 0; + + os->flags |= ASN1_STRING_FLAG_NDEF; + *boundary = &os->data; + + return 1; +} diff --git a/openssl/crypto/pkcs7/pk7_mime.c b/openssl/crypto/pkcs7/pk7_mime.c index 938f79a64..62fb2997e 100644 --- a/openssl/crypto/pkcs7/pk7_mime.c +++ b/openssl/crypto/pkcs7/pk7_mime.c @@ -1,5 +1,6 @@ /* pk7_mime.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,36 +63,34 @@ /* PKCS#7 wrappers round generalised stream and MIME routines */ int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) - { - return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, - ASN1_ITEM_rptr(PKCS7)); - } +{ + return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, + ASN1_ITEM_rptr(PKCS7)); +} int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) - { - return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags, - "PKCS7", - ASN1_ITEM_rptr(PKCS7)); - } +{ + return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags, + "PKCS7", ASN1_ITEM_rptr(PKCS7)); +} int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) - { - STACK_OF(X509_ALGOR) *mdalgs; - int ctype_nid = OBJ_obj2nid(p7->type); - if (ctype_nid == NID_pkcs7_signed) - mdalgs = p7->d.sign->md_algs; - else - mdalgs = NULL; +{ + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); + if (ctype_nid == NID_pkcs7_signed) + mdalgs = p7->d.sign->md_algs; + else + mdalgs = NULL; - flags ^= SMIME_OLDMIME; + flags ^= SMIME_OLDMIME; - - return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, - ctype_nid, NID_undef, mdalgs, - ASN1_ITEM_rptr(PKCS7)); - } + return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, + ctype_nid, NID_undef, mdalgs, + ASN1_ITEM_rptr(PKCS7)); +} PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) - { - return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); - } +{ + return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); +} diff --git a/openssl/crypto/pkcs7/pk7_smime.c b/openssl/crypto/pkcs7/pk7_smime.c index a5104f8d0..dbd4100c8 100644 --- a/openssl/crypto/pkcs7/pk7_smime.c +++ b/openssl/crypto/pkcs7/pk7_smime.c @@ -1,5 +1,6 @@ /* pk7_smime.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,541 +67,520 @@ static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags) + BIO *data, int flags) { - PKCS7 *p7; - int i; - - if(!(p7 = PKCS7_new())) - { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!PKCS7_set_type(p7, NID_pkcs7_signed)) - goto err; - - if (!PKCS7_content_new(p7, NID_pkcs7_data)) - goto err; - - if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) - { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR); - goto err; - } - - if(!(flags & PKCS7_NOCERTS)) - { - for(i = 0; i < sk_X509_num(certs); i++) - { - if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) - goto err; - } - } - - if(flags & PKCS7_DETACHED) - PKCS7_set_detached(p7, 1); - - if (flags & (PKCS7_STREAM|PKCS7_PARTIAL)) - return p7; - - if (PKCS7_final(p7, data, flags)) - return p7; - - err: - PKCS7_free(p7); - return NULL; + PKCS7 *p7; + int i; + + if (!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (!PKCS7_set_type(p7, NID_pkcs7_signed)) + goto err; + + if (!PKCS7_content_new(p7, NID_pkcs7_data)) + goto err; + + if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) { + PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR); + goto err; + } + + if (!(flags & PKCS7_NOCERTS)) { + for (i = 0; i < sk_X509_num(certs); i++) { + if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) + goto err; + } + } + + if (flags & PKCS7_DETACHED) + PKCS7_set_detached(p7, 1); + + if (flags & (PKCS7_STREAM | PKCS7_PARTIAL)) + return p7; + + if (PKCS7_final(p7, data, flags)) + return p7; + + err: + PKCS7_free(p7); + return NULL; } int PKCS7_final(PKCS7 *p7, BIO *data, int flags) - { - BIO *p7bio; - int ret = 0; - if (!(p7bio = PKCS7_dataInit(p7, NULL))) - { - PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE); - return 0; - } - - SMIME_crlf_copy(data, p7bio, flags); +{ + BIO *p7bio; + int ret = 0; + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); + return 0; + } - (void)BIO_flush(p7bio); + SMIME_crlf_copy(data, p7bio, flags); + (void)BIO_flush(p7bio); - if (!PKCS7_dataFinal(p7,p7bio)) - { - PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN); - goto err; - } + if (!PKCS7_dataFinal(p7, p7bio)) { + PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN); + goto err; + } - ret = 1; + ret = 1; - err: - BIO_free_all(p7bio); + err: + BIO_free_all(p7bio); - return ret; + return ret; - } +} /* Check to see if a cipher exists and if so add S/MIME capabilities */ static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) - { - if (EVP_get_cipherbynid(nid)) - return PKCS7_simple_smimecap(sk, nid, arg); - return 1; - } +{ + if (EVP_get_cipherbynid(nid)) + return PKCS7_simple_smimecap(sk, nid, arg); + return 1; +} static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) - { - if (EVP_get_digestbynid(nid)) - return PKCS7_simple_smimecap(sk, nid, arg); - return 1; - } +{ + if (EVP_get_digestbynid(nid)) + return PKCS7_simple_smimecap(sk, nid, arg); + return 1; +} PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, - EVP_PKEY *pkey, const EVP_MD *md, - int flags) - { - PKCS7_SIGNER_INFO *si = NULL; - STACK_OF(X509_ALGOR) *smcap = NULL; - if(!X509_check_private_key(signcert, pkey)) - { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; - } - - if (!(si = PKCS7_add_signature(p7,signcert,pkey, md))) - { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); - return NULL; - } - - if(!(flags & PKCS7_NOCERTS)) - { - if (!PKCS7_add_certificate(p7, signcert)) - goto err; - } - - if(!(flags & PKCS7_NOATTR)) - { - if (!PKCS7_add_attrib_content_type(si, NULL)) - goto err; - /* Add SMIMECapabilities */ - if(!(flags & PKCS7_NOSMIMECAP)) - { - if(!(smcap = sk_X509_ALGOR_new_null())) - { - PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - ERR_R_MALLOC_FAILURE); - goto err; - } - if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) - || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) - || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) - || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) - || !add_cipher_smcap(smcap, NID_des_cbc, -1) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) - || !PKCS7_add_attrib_smimecap (si, smcap)) - goto err; - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - smcap = NULL; - } - if (flags & PKCS7_REUSE_DIGEST) - { - if (!pkcs7_copy_existing_digest(p7, si)) - goto err; - if (!(flags & PKCS7_PARTIAL) && - !PKCS7_SIGNER_INFO_sign(si)) - goto err; - } - } - return si; - err: - if (smcap) - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - return NULL; - } - -/* Search for a digest matching SignerInfo digest type and if found - * copy across. + EVP_PKEY *pkey, const EVP_MD *md, + int flags) +{ + PKCS7_SIGNER_INFO *si = NULL; + STACK_OF(X509_ALGOR) *smcap = NULL; + if (!X509_check_private_key(signcert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + + if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, + PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + return NULL; + } + + if (!(flags & PKCS7_NOCERTS)) { + if (!PKCS7_add_certificate(p7, signcert)) + goto err; + } + + if (!(flags & PKCS7_NOATTR)) { + if (!PKCS7_add_attrib_content_type(si, NULL)) + goto err; + /* Add SMIMECapabilities */ + if (!(flags & PKCS7_NOSMIMECAP)) { + if (!(smcap = sk_X509_ALGOR_new_null())) { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) + || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) + || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) + || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) + || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) + || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) + || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) + || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) + || !add_cipher_smcap(smcap, NID_des_cbc, -1) + || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) + || !PKCS7_add_attrib_smimecap(si, smcap)) + goto err; + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + smcap = NULL; + } + if (flags & PKCS7_REUSE_DIGEST) { + if (!pkcs7_copy_existing_digest(p7, si)) + goto err; + if (!(flags & PKCS7_PARTIAL) && !PKCS7_SIGNER_INFO_sign(si)) + goto err; + } + } + return si; + err: + if (smcap) + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + return NULL; +} + +/* + * Search for a digest matching SignerInfo digest type and if found copy + * across. */ static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { - int i; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *sitmp; - ASN1_OCTET_STRING *osdig = NULL; - sinfos = PKCS7_get_signer_info(p7); - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { - sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); - if (si == sitmp) - break; - if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) - continue; - if (!OBJ_cmp(si->digest_alg->algorithm, - sitmp->digest_alg->algorithm)) - { - osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); - break; - } - - } - - if (osdig) - return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); - - PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, - PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); - return 0; - } +{ + int i; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *sitmp; + ASN1_OCTET_STRING *osdig = NULL; + sinfos = PKCS7_get_signer_info(p7); + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { + sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + if (si == sitmp) + break; + if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) + continue; + if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) { + osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); + break; + } + + } + + if (osdig) + return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); + + PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, + PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); + return 0; +} int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags) + BIO *indata, BIO *out, int flags) { - STACK_OF(X509) *signers; - X509 *signer; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; - char buf[4096]; - int i, j=0, k, ret = 0; - BIO *p7bio; - BIO *tmpin, *tmpout; - - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); - return 0; - } - - if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); - return 0; - } - - /* Check for no data and no content: no data to verify signature */ - if(PKCS7_get_detached(p7) && !indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); - return 0; - } + STACK_OF(X509) *signers; + X509 *signer; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + X509_STORE_CTX cert_ctx; + char buf[4096]; + int i, j = 0, k, ret = 0; + BIO *p7bio; + BIO *tmpin, *tmpout; + + if (!p7) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + /* Check for no data and no content: no data to verify signature */ + if (PKCS7_get_detached(p7) && !indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); + return 0; + } #if 0 - /* NB: this test commented out because some versions of Netscape - * illegally include zero length content when signing data. - */ - - /* Check for data and content: two sets of data */ - if(!PKCS7_get_detached(p7) && indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); - return 0; - } + /* + * NB: this test commented out because some versions of Netscape + * illegally include zero length content when signing data. + */ + + /* Check for data and content: two sets of data */ + if (!PKCS7_get_detached(p7) && indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); + return 0; + } #endif - sinfos = PKCS7_get_signer_info(p7); - - if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); - return 0; - } - - - signers = PKCS7_get0_signers(p7, certs, flags); - - if(!signers) return 0; - - /* Now verify the certificates */ - - if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { - signer = sk_X509_value (signers, k); - if (!(flags & PKCS7_NOCHAIN)) { - if(!X509_STORE_CTX_init(&cert_ctx, store, signer, - p7->d.sign->cert)) - { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; - } - X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); - } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; - } - if (!(flags & PKCS7_NOCRL)) - X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); - i = X509_verify_cert(&cert_ctx); - if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); - X509_STORE_CTX_cleanup(&cert_ctx); - if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(j)); - sk_X509_free(signers); - return 0; - } - /* Check for revocation status here */ - } - - /* Performance optimization: if the content is a memory BIO then - * store its contents in a temporary read only memory BIO. This - * avoids potentially large numbers of slow copies of data which will - * occur when reading from a read write memory BIO when signatures - * are calculated. - */ - - if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) - { - char *ptr; - long len; - len = BIO_get_mem_data(indata, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); - if (tmpin == NULL) - { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); - return 0; - } - } - else - tmpin = indata; - - - if (!(p7bio=PKCS7_dataInit(p7,tmpin))) - goto err; - - if(flags & PKCS7_TEXT) { - if(!(tmpout = BIO_new(BIO_s_mem()))) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); - goto err; - } - BIO_set_mem_eof_return(tmpout, 0); - } else tmpout = out; - - /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,sizeof(buf)); - if (i <= 0) break; - if (tmpout) BIO_write(tmpout, buf, i); - } - - if(flags & PKCS7_TEXT) { - if(!SMIME_text(tmpout, out)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); - BIO_free(tmpout); - goto err; - } - BIO_free(tmpout); - } - - /* Now Verify All Signatures */ - if (!(flags & PKCS7_NOSIGS)) - for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { - si=sk_PKCS7_SIGNER_INFO_value(sinfos,i); - signer = sk_X509_value (signers, i); - j=PKCS7_signatureVerify(p7bio,p7,si, signer); - if (j <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE); - goto err; - } - } - - ret = 1; - - err: - - if (tmpin == indata) - { - if (indata) BIO_pop(p7bio); - } - BIO_free_all(p7bio); - - sk_X509_free(signers); - - return ret; + sinfos = PKCS7_get_signer_info(p7); + + if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA); + return 0; + } + + signers = PKCS7_get0_signers(p7, certs, flags); + + if (!signers) + return 0; + + /* Now verify the certificates */ + + if (!(flags & PKCS7_NOVERIFY)) + for (k = 0; k < sk_X509_num(signers); k++) { + signer = sk_X509_value(signers, k); + if (!(flags & PKCS7_NOCHAIN)) { + if (!X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } + X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); + } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } + if (!(flags & PKCS7_NOCRL)) + X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) + j = X509_STORE_CTX_get_error(&cert_ctx); + X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, + PKCS7_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + sk_X509_free(signers); + return 0; + } + /* Check for revocation status here */ + } + + /* + * Performance optimization: if the content is a memory BIO then store + * its contents in a temporary read only memory BIO. This avoids + * potentially large numbers of slow copies of data which will occur when + * reading from a read write memory BIO when signatures are calculated. + */ + + if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) { + char *ptr; + long len; + len = BIO_get_mem_data(indata, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); + return 0; + } + } else + tmpin = indata; + + if (!(p7bio = PKCS7_dataInit(p7, tmpin))) + goto err; + + if (flags & PKCS7_TEXT) { + if (!(tmpout = BIO_new(BIO_s_mem()))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } + BIO_set_mem_eof_return(tmpout, 0); + } else + tmpout = out; + + /* We now have to 'read' from p7bio to calculate digests etc. */ + for (;;) { + i = BIO_read(p7bio, buf, sizeof(buf)); + if (i <= 0) + break; + if (tmpout) + BIO_write(tmpout, buf, i); + } + + if (flags & PKCS7_TEXT) { + if (!SMIME_text(tmpout, out)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR); + BIO_free(tmpout); + goto err; + } + BIO_free(tmpout); + } + + /* Now Verify All Signatures */ + if (!(flags & PKCS7_NOSIGS)) + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + signer = sk_X509_value(signers, i); + j = PKCS7_signatureVerify(p7bio, p7, si, signer); + if (j <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE); + goto err; + } + } + + ret = 1; + + err: + + if (tmpin == indata) { + if (indata) + BIO_pop(p7bio); + } + BIO_free_all(p7bio); + + sk_X509_free(signers); + + return ret; } -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags) { - STACK_OF(X509) *signers; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; - PKCS7_ISSUER_AND_SERIAL *ias; - X509 *signer; - int i; - - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); - return NULL; - } - - if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); - return NULL; - } - - /* Collect all the signers together */ - - sinfos = PKCS7_get_signer_info(p7); - - if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); - return 0; - } - - if(!(signers = sk_X509_new_null())) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { - si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); - ias = si->issuer_and_serial; - signer = NULL; - /* If any certificates passed they take priority */ - if (certs) signer = X509_find_by_issuer_and_serial (certs, - ias->issuer, ias->serial); - if (!signer && !(flags & PKCS7_NOINTERN) - && p7->d.sign->cert) signer = - X509_find_by_issuer_and_serial (p7->d.sign->cert, - ias->issuer, ias->serial); - if (!signer) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); - sk_X509_free(signers); - return 0; - } - - if (!sk_X509_push(signers, signer)) { - sk_X509_free(signers); - return NULL; - } - } - return signers; + STACK_OF(X509) *signers; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + PKCS7_ISSUER_AND_SERIAL *ias; + X509 *signer; + int i; + + if (!p7) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE); + return NULL; + } + + /* Collect all the signers together */ + + sinfos = PKCS7_get_signer_info(p7); + + if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS); + return 0; + } + + if (!(signers = sk_X509_new_null())) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + ias = si->issuer_and_serial; + signer = NULL; + /* If any certificates passed they take priority */ + if (certs) + signer = X509_find_by_issuer_and_serial(certs, + ias->issuer, ias->serial); + if (!signer && !(flags & PKCS7_NOINTERN) + && p7->d.sign->cert) + signer = + X509_find_by_issuer_and_serial(p7->d.sign->cert, + ias->issuer, ias->serial); + if (!signer) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, + PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + sk_X509_free(signers); + return 0; + } + + if (!sk_X509_push(signers, signer)) { + sk_X509_free(signers); + return NULL; + } + } + return signers; } - /* Build a complete PKCS#7 enveloped data */ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags) + int flags) { - PKCS7 *p7; - BIO *p7bio = NULL; - int i; - X509 *x509; - if(!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) - goto err; - if (!PKCS7_set_cipher(p7, cipher)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); - goto err; - } - - for(i = 0; i < sk_X509_num(certs); i++) { - x509 = sk_X509_value(certs, i); - if(!PKCS7_add_recipient(p7, x509)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT, - PKCS7_R_ERROR_ADDING_RECIPIENT); - goto err; - } - } - - if (flags & PKCS7_STREAM) - return p7; - - if (PKCS7_final(p7, in, flags)) - return p7; - - err: - - BIO_free_all(p7bio); - PKCS7_free(p7); - return NULL; + PKCS7 *p7; + BIO *p7bio = NULL; + int i; + X509 *x509; + if (!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) + goto err; + if (!PKCS7_set_cipher(p7, cipher)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER); + goto err; + } + + for (i = 0; i < sk_X509_num(certs); i++) { + x509 = sk_X509_value(certs, i); + if (!PKCS7_add_recipient(p7, x509)) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT); + goto err; + } + } + + if (flags & PKCS7_STREAM) + return p7; + + if (PKCS7_final(p7, in, flags)) + return p7; + + err: + + BIO_free_all(p7bio); + PKCS7_free(p7); + return NULL; } int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { - BIO *tmpmem; - int ret, i; - char buf[4096]; - - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); - return 0; - } - - if(!PKCS7_type_is_enveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); - return 0; - } - - if(cert && !X509_check_private_key(cert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return 0; - } - - if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); - return 0; - } - - if (flags & PKCS7_TEXT) { - BIO *tmpbuf, *bread; - /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ - if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpmem); - return 0; - } - if(!(bread = BIO_push(tmpbuf, tmpmem))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpbuf); - BIO_free_all(tmpmem); - return 0; - } - ret = SMIME_text(bread, data); - if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) - { - if (!BIO_get_cipher_status(tmpmem)) - ret = 0; - } - BIO_free_all(bread); - return ret; - } else { - for(;;) { - i = BIO_read(tmpmem, buf, sizeof(buf)); - if(i <= 0) - { - ret = 1; - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) - { - if (!BIO_get_cipher_status(tmpmem)) - ret = 0; - } - - break; - } - if (BIO_write(data, buf, i) != i) - { - ret = 0; - break; - } - } - BIO_free_all(tmpmem); - return ret; - } + BIO *tmpmem; + int ret, i; + char buf[4096]; + + if (!p7) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (!PKCS7_type_is_enveloped(p7)) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + if (cert && !X509_check_private_key(cert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return 0; + } + + if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); + return 0; + } + + if (flags & PKCS7_TEXT) { + BIO *tmpbuf, *bread; + /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ + if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + BIO_free_all(tmpmem); + return 0; + } + if (!(bread = BIO_push(tmpbuf, tmpmem))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + BIO_free_all(tmpbuf); + BIO_free_all(tmpmem); + return 0; + } + ret = SMIME_text(bread, data); + if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; + } + BIO_free_all(bread); + return ret; + } else { + for (;;) { + i = BIO_read(tmpmem, buf, sizeof(buf)); + if (i <= 0) { + ret = 1; + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; + } + + break; + } + if (BIO_write(data, buf, i) != i) { + ret = 0; + break; + } + } + BIO_free_all(tmpmem); + return ret; + } } diff --git a/openssl/crypto/pkcs7/pkcs7.h b/openssl/crypto/pkcs7/pkcs7.h index 5d54c4ac2..b51b3863e 100644 --- a/openssl/crypto/pkcs7/pkcs7.h +++ b/openssl/crypto/pkcs7/pkcs7.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,232 +57,216 @@ */ #ifndef HEADER_PKCS7_H -#define HEADER_PKCS7_H +# define HEADER_PKCS7_H -#include <openssl/asn1.h> -#include <openssl/bio.h> -#include <openssl/e_os2.h> +# include <openssl/asn1.h> +# include <openssl/bio.h> +# include <openssl/e_os2.h> -#include <openssl/symhacks.h> -#include <openssl/ossl_typ.h> +# include <openssl/symhacks.h> +# include <openssl/ossl_typ.h> #ifdef __cplusplus extern "C" { #endif -#ifdef OPENSSL_SYS_WIN32 +# ifdef OPENSSL_SYS_WIN32 /* Under Win32 thes are defined in wincrypt.h */ -#undef PKCS7_ISSUER_AND_SERIAL -#undef PKCS7_SIGNER_INFO -#endif - -/* -Encryption_ID DES-CBC -Digest_ID MD5 -Digest_Encryption_ID rsaEncryption -Key_Encryption_ID rsaEncryption +# undef PKCS7_ISSUER_AND_SERIAL +# undef PKCS7_SIGNER_INFO +# endif + +/*- +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption */ -typedef struct pkcs7_issuer_and_serial_st - { - X509_NAME *issuer; - ASN1_INTEGER *serial; - } PKCS7_ISSUER_AND_SERIAL; - -typedef struct pkcs7_signer_info_st - { - ASN1_INTEGER *version; /* version 1 */ - PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; - X509_ALGOR *digest_alg; - STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ - X509_ALGOR *digest_enc_alg; - ASN1_OCTET_STRING *enc_digest; - STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ - - /* The private key to sign with */ - EVP_PKEY *pkey; - } PKCS7_SIGNER_INFO; +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; DECLARE_STACK_OF(PKCS7_SIGNER_INFO) DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) -typedef struct pkcs7_recip_info_st - { - ASN1_INTEGER *version; /* version 0 */ - PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; - X509_ALGOR *key_enc_algor; - ASN1_OCTET_STRING *enc_key; - X509 *cert; /* get the pub-key from this */ - } PKCS7_RECIP_INFO; +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; DECLARE_STACK_OF(PKCS7_RECIP_INFO) DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) -typedef struct pkcs7_signed_st - { - ASN1_INTEGER *version; /* version 1 */ - STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ - STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - - struct pkcs7_st *contents; - } PKCS7_SIGNED; -/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. - * How about merging the two */ - -typedef struct pkcs7_enc_content_st - { - ASN1_OBJECT *content_type; - X509_ALGOR *algorithm; - ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ - const EVP_CIPHER *cipher; - } PKCS7_ENC_CONTENT; - -typedef struct pkcs7_enveloped_st - { - ASN1_INTEGER *version; /* version 0 */ - STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; - PKCS7_ENC_CONTENT *enc_data; - } PKCS7_ENVELOPE; - -typedef struct pkcs7_signedandenveloped_st - { - ASN1_INTEGER *version; /* version 1 */ - STACK_OF(X509_ALGOR) *md_algs; /* md used */ - STACK_OF(X509) *cert; /* [ 0 ] */ - STACK_OF(X509_CRL) *crl; /* [ 1 ] */ - STACK_OF(PKCS7_SIGNER_INFO) *signer_info; - - PKCS7_ENC_CONTENT *enc_data; - STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; - } PKCS7_SIGN_ENVELOPE; - -typedef struct pkcs7_digest_st - { - ASN1_INTEGER *version; /* version 0 */ - X509_ALGOR *md; /* md used */ - struct pkcs7_st *contents; - ASN1_OCTET_STRING *digest; - } PKCS7_DIGEST; - -typedef struct pkcs7_encrypted_st - { - ASN1_INTEGER *version; /* version 0 */ - PKCS7_ENC_CONTENT *enc_data; - } PKCS7_ENCRYPT; - -typedef struct pkcs7_st - { - /* The following is non NULL if it contains ASN1 encoding of - * this structure */ - unsigned char *asn1; - long length; - -#define PKCS7_S_HEADER 0 -#define PKCS7_S_BODY 1 -#define PKCS7_S_TAIL 2 - int state; /* used during processing */ - - int detached; - - ASN1_OBJECT *type; - /* content as defined by the type */ - /* all encryption/message digests are applied to the 'contents', - * leaving out the 'type' field. */ - union { - char *ptr; - - /* NID_pkcs7_data */ - ASN1_OCTET_STRING *data; - - /* NID_pkcs7_signed */ - PKCS7_SIGNED *sign; - - /* NID_pkcs7_enveloped */ - PKCS7_ENVELOPE *enveloped; - - /* NID_pkcs7_signedAndEnveloped */ - PKCS7_SIGN_ENVELOPE *signed_and_enveloped; - - /* NID_pkcs7_digest */ - PKCS7_DIGEST *digest; - - /* NID_pkcs7_encrypted */ - PKCS7_ENCRYPT *encrypted; - - /* Anything else */ - ASN1_TYPE *other; - } d; - } PKCS7; +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* + * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about + * merging the two + */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* + * The following is non NULL if it contains ASN1 encoding of this + * structure + */ + unsigned char *asn1; + long length; +# define PKCS7_S_HEADER 0 +# define PKCS7_S_BODY 1 +# define PKCS7_S_TAIL 2 + int state; /* used during processing */ + int detached; + ASN1_OBJECT *type; + /* content as defined by the type */ + /* + * all encryption/message digests are applied to the 'contents', leaving + * out the 'type' field. + */ + union { + char *ptr; + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; DECLARE_STACK_OF(PKCS7) DECLARE_ASN1_SET_OF(PKCS7) DECLARE_PKCS12_STACK_OF(PKCS7) -#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 -#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 +# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 -#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) -#define PKCS7_get_attributes(si) ((si)->unauth_attr) +# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +# define PKCS7_get_attributes(si) ((si)->unauth_attr) -#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) -#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) -#define PKCS7_type_is_signedAndEnveloped(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) -#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) -#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +# define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -#define PKCS7_set_detached(p,v) \ - PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) -#define PKCS7_get_detached(p) \ - PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) +# define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +# define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) -#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) +# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) /* S/MIME related flags */ -#define PKCS7_TEXT 0x1 -#define PKCS7_NOCERTS 0x2 -#define PKCS7_NOSIGS 0x4 -#define PKCS7_NOCHAIN 0x8 -#define PKCS7_NOINTERN 0x10 -#define PKCS7_NOVERIFY 0x20 -#define PKCS7_DETACHED 0x40 -#define PKCS7_BINARY 0x80 -#define PKCS7_NOATTR 0x100 -#define PKCS7_NOSMIMECAP 0x200 -#define PKCS7_NOOLDMIMETYPE 0x400 -#define PKCS7_CRLFEOL 0x800 -#define PKCS7_STREAM 0x1000 -#define PKCS7_NOCRL 0x2000 -#define PKCS7_PARTIAL 0x4000 -#define PKCS7_REUSE_DIGEST 0x8000 +# define PKCS7_TEXT 0x1 +# define PKCS7_NOCERTS 0x2 +# define PKCS7_NOSIGS 0x4 +# define PKCS7_NOCHAIN 0x8 +# define PKCS7_NOINTERN 0x10 +# define PKCS7_NOVERIFY 0x20 +# define PKCS7_DETACHED 0x40 +# define PKCS7_BINARY 0x80 +# define PKCS7_NOATTR 0x100 +# define PKCS7_NOSMIMECAP 0x200 +# define PKCS7_NOOLDMIMETYPE 0x400 +# define PKCS7_CRLFEOL 0x800 +# define PKCS7_STREAM 0x1000 +# define PKCS7_NOCRL 0x2000 +# define PKCS7_PARTIAL 0x4000 +# define PKCS7_REUSE_DIGEST 0x8000 /* Flags: for compatibility with older code */ -#define SMIME_TEXT PKCS7_TEXT -#define SMIME_NOCERTS PKCS7_NOCERTS -#define SMIME_NOSIGS PKCS7_NOSIGS -#define SMIME_NOCHAIN PKCS7_NOCHAIN -#define SMIME_NOINTERN PKCS7_NOINTERN -#define SMIME_NOVERIFY PKCS7_NOVERIFY -#define SMIME_DETACHED PKCS7_DETACHED -#define SMIME_BINARY PKCS7_BINARY -#define SMIME_NOATTR PKCS7_NOATTR +# define SMIME_TEXT PKCS7_TEXT +# define SMIME_NOCERTS PKCS7_NOCERTS +# define SMIME_NOSIGS PKCS7_NOSIGS +# define SMIME_NOCHAIN PKCS7_NOCHAIN +# define SMIME_NOINTERN PKCS7_NOINTERN +# define SMIME_NOVERIFY PKCS7_NOVERIFY +# define SMIME_DETACHED PKCS7_DETACHED +# define SMIME_BINARY PKCS7_BINARY +# define SMIME_NOATTR PKCS7_NOATTR DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) -int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, - unsigned char *md,unsigned int *len); -#ifndef OPENSSL_NO_FP_API -PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); -int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); -#endif +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +# ifndef OPENSSL_NO_FP_API +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +# endif PKCS7 *PKCS7_dup(PKCS7 *p7); -PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); -int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); @@ -308,31 +292,30 @@ int PKCS7_set_type(PKCS7 *p7, int type); int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst); + const EVP_MD *dgst); int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, - BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *x509); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); - PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, - EVP_PKEY *pkey, const EVP_MD *dgst); + EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, - X509_ALGOR **pdig, X509_ALGOR **psig); + X509_ALGOR **pdig, X509_ALGOR **psig); void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); @@ -341,50 +324,52 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); -int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, - void *data); -int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk); -int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); - + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags); + BIO *data, int flags); PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, - X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, - int flags); + X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags); int PKCS7_final(PKCS7 *p7, BIO *data, int flags); int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags); -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + int flags); PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags); -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, + int flags); int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ALGOR) *cap); + STACK_OF(X509_ALGOR) *cap); STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - const unsigned char *md, int mdlen); + const unsigned char *md, int mdlen); int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); - /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_PKCS7_strings(void); @@ -392,103 +377,103 @@ void ERR_load_PKCS7_strings(void); /* Error codes for the PKCS7 functions. */ /* Function codes. */ -#define PKCS7_F_B64_READ_PKCS7 120 -#define PKCS7_F_B64_WRITE_PKCS7 121 -#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 -#define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 -#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 -#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 -#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 -#define PKCS7_F_PKCS7_ADD_CRL 101 -#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 -#define PKCS7_F_PKCS7_ADD_SIGNATURE 131 -#define PKCS7_F_PKCS7_ADD_SIGNER 103 -#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 -#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 -#define PKCS7_F_PKCS7_CTRL 104 -#define PKCS7_F_PKCS7_DATADECODE 112 -#define PKCS7_F_PKCS7_DATAFINAL 128 -#define PKCS7_F_PKCS7_DATAINIT 105 -#define PKCS7_F_PKCS7_DATASIGN 106 -#define PKCS7_F_PKCS7_DATAVERIFY 107 -#define PKCS7_F_PKCS7_DECRYPT 114 -#define PKCS7_F_PKCS7_DECRYPT_RINFO 133 -#define PKCS7_F_PKCS7_ENCODE_RINFO 132 -#define PKCS7_F_PKCS7_ENCRYPT 115 -#define PKCS7_F_PKCS7_FINAL 134 -#define PKCS7_F_PKCS7_FIND_DIGEST 127 -#define PKCS7_F_PKCS7_GET0_SIGNERS 124 -#define PKCS7_F_PKCS7_RECIP_INFO_SET 130 -#define PKCS7_F_PKCS7_SET_CIPHER 108 -#define PKCS7_F_PKCS7_SET_CONTENT 109 -#define PKCS7_F_PKCS7_SET_DIGEST 126 -#define PKCS7_F_PKCS7_SET_TYPE 110 -#define PKCS7_F_PKCS7_SIGN 116 -#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 -#define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 -#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 -#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 -#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 -#define PKCS7_F_PKCS7_VERIFY 117 -#define PKCS7_F_SMIME_READ_PKCS7 122 -#define PKCS7_F_SMIME_TEXT 123 +# define PKCS7_F_B64_READ_PKCS7 120 +# define PKCS7_F_B64_WRITE_PKCS7 121 +# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 +# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +# define PKCS7_F_PKCS7_ADD_CRL 101 +# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +# define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +# define PKCS7_F_PKCS7_ADD_SIGNER 103 +# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +# define PKCS7_F_PKCS7_CTRL 104 +# define PKCS7_F_PKCS7_DATADECODE 112 +# define PKCS7_F_PKCS7_DATAFINAL 128 +# define PKCS7_F_PKCS7_DATAINIT 105 +# define PKCS7_F_PKCS7_DATASIGN 106 +# define PKCS7_F_PKCS7_DATAVERIFY 107 +# define PKCS7_F_PKCS7_DECRYPT 114 +# define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +# define PKCS7_F_PKCS7_ENCODE_RINFO 132 +# define PKCS7_F_PKCS7_ENCRYPT 115 +# define PKCS7_F_PKCS7_FINAL 134 +# define PKCS7_F_PKCS7_FIND_DIGEST 127 +# define PKCS7_F_PKCS7_GET0_SIGNERS 124 +# define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +# define PKCS7_F_PKCS7_SET_CIPHER 108 +# define PKCS7_F_PKCS7_SET_CONTENT 109 +# define PKCS7_F_PKCS7_SET_DIGEST 126 +# define PKCS7_F_PKCS7_SET_TYPE 110 +# define PKCS7_F_PKCS7_SIGN 116 +# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +# define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +# define PKCS7_F_PKCS7_VERIFY 117 +# define PKCS7_F_SMIME_READ_PKCS7 122 +# define PKCS7_F_SMIME_TEXT 123 /* Reason codes. */ -#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 -#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 -#define PKCS7_R_CIPHER_NOT_INITIALIZED 116 -#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 -#define PKCS7_R_CTRL_ERROR 152 -#define PKCS7_R_DECODE_ERROR 130 -#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 -#define PKCS7_R_DECRYPT_ERROR 119 -#define PKCS7_R_DIGEST_FAILURE 101 -#define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 -#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 -#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 -#define PKCS7_R_ERROR_SETTING_CIPHER 121 -#define PKCS7_R_INVALID_MIME_TYPE 131 -#define PKCS7_R_INVALID_NULL_POINTER 143 -#define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 -#define PKCS7_R_MIME_NO_CONTENT_TYPE 132 -#define PKCS7_R_MIME_PARSE_ERROR 133 -#define PKCS7_R_MIME_SIG_PARSE_ERROR 134 -#define PKCS7_R_MISSING_CERIPEND_INFO 103 -#define PKCS7_R_NO_CONTENT 122 -#define PKCS7_R_NO_CONTENT_TYPE 135 -#define PKCS7_R_NO_DEFAULT_DIGEST 151 -#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 -#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 -#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 -#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 -#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 -#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 -#define PKCS7_R_NO_SIGNERS 142 -#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 -#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 -#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 -#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 -#define PKCS7_R_PKCS7_DATAFINAL 126 -#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 -#define PKCS7_R_PKCS7_DATASIGN 145 -#define PKCS7_R_PKCS7_PARSE_ERROR 139 -#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 -#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 -#define PKCS7_R_SIGNATURE_FAILURE 105 -#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 -#define PKCS7_R_SIGNING_CTRL_FAILURE 147 -#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 -#define PKCS7_R_SIG_INVALID_MIME_TYPE 141 -#define PKCS7_R_SMIME_TEXT_ERROR 129 -#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 -#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 -#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 -#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 -#define PKCS7_R_UNKNOWN_OPERATION 110 -#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 -#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 -#define PKCS7_R_WRONG_CONTENT_TYPE 113 -#define PKCS7_R_WRONG_PKCS7_TYPE 114 +# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +# define PKCS7_R_CTRL_ERROR 152 +# define PKCS7_R_DECODE_ERROR 130 +# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 +# define PKCS7_R_DECRYPT_ERROR 119 +# define PKCS7_R_DIGEST_FAILURE 101 +# define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +# define PKCS7_R_ERROR_SETTING_CIPHER 121 +# define PKCS7_R_INVALID_MIME_TYPE 131 +# define PKCS7_R_INVALID_NULL_POINTER 143 +# define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 +# define PKCS7_R_MIME_NO_CONTENT_TYPE 132 +# define PKCS7_R_MIME_PARSE_ERROR 133 +# define PKCS7_R_MIME_SIG_PARSE_ERROR 134 +# define PKCS7_R_MISSING_CERIPEND_INFO 103 +# define PKCS7_R_NO_CONTENT 122 +# define PKCS7_R_NO_CONTENT_TYPE 135 +# define PKCS7_R_NO_DEFAULT_DIGEST 151 +# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 +# define PKCS7_R_NO_MULTIPART_BOUNDARY 137 +# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 +# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +# define PKCS7_R_NO_SIGNERS 142 +# define PKCS7_R_NO_SIG_CONTENT_TYPE 138 +# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +# define PKCS7_R_PKCS7_DATAFINAL 126 +# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 +# define PKCS7_R_PKCS7_DATASIGN 145 +# define PKCS7_R_PKCS7_PARSE_ERROR 139 +# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 +# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +# define PKCS7_R_SIGNATURE_FAILURE 105 +# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +# define PKCS7_R_SIGNING_CTRL_FAILURE 147 +# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +# define PKCS7_R_SIG_INVALID_MIME_TYPE 141 +# define PKCS7_R_SMIME_TEXT_ERROR 129 +# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +# define PKCS7_R_UNKNOWN_OPERATION 110 +# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +# define PKCS7_R_WRONG_CONTENT_TYPE 113 +# define PKCS7_R_WRONG_PKCS7_TYPE 114 #ifdef __cplusplus } diff --git a/openssl/crypto/pkcs7/pkcs7err.c b/openssl/crypto/pkcs7/pkcs7err.c index f3db08e00..323513fe8 100644 --- a/openssl/crypto/pkcs7/pkcs7err.c +++ b/openssl/crypto/pkcs7/pkcs7err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,8 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -65,124 +66,142 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) -static ERR_STRING_DATA PKCS7_str_functs[]= - { -{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, -{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, -{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, -{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, -{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, -{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"}, -{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, -{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, -{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, -{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, -{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, -{ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, -{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, -{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, -{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, -{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, -{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, -{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, -{0,NULL} - }; +static ERR_STRING_DATA PKCS7_str_functs[] = { + {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, + {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, + {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, + {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), + "PKCS7_add0_attrib_signing_time"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), + "PKCS7_add_attrib_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), + "PKCS7_COPY_EXISTING_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, + {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, + {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, + {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, + {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, + {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, + {0, NULL} +}; -static ERR_STRING_DATA PKCS7_str_reasons[]= - { -{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, -{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, -{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, -{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, -{ERR_REASON(PKCS7_R_CTRL_ERROR) ,"ctrl error"}, -{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, -{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, -{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, -{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, -{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"}, -{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"}, -{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, -{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, -{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, -{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, -{ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),"invalid signed data type"}, -{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, -{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, -{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, -{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, -{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, -{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, -{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) ,"no default digest"}, -{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"}, -{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, -{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, -{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, -{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, -{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, -{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, -{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, -{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, -{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, -{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"}, -{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, -{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, -{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, -{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, -{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, -{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, -{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, -{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, -{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"}, -{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"}, -{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, -{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, -{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, -{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, -{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, -{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, -{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, -{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, -{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, -{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, -{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, -{0,NULL} - }; +static ERR_STRING_DATA PKCS7_str_reasons[] = { + {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), + "certificate verify error"}, + {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), + "cipher has no object identifier"}, + {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, + {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), + "content and data present"}, + {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"}, + {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), + "decrypted key is wrong length"}, + {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"}, + {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"}, + {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"}, + {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "encryption not supported for this key type"}, + {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, + {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, + {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"}, + {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, + {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), + "invalid signed data type"}, + {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, + {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"}, + {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, + {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, + {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"}, + {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"}, + {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), + "no matching digest type found"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), + "no multipart body failure"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), + "no recipient matches certificate"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), + "no recipient matches key"}, + {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, + {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"}, + {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, + {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), + "operation not supported on this type"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), + "pkcs7 add signature error"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, + {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"}, + {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"}, + {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate"}, + {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"}, + {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found"}, + {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"}, + {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "signing not supported for this key type"}, + {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, + {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), + "unable to find certificate"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), + "unable to find message digest"}, + {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"}, + {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"}, + {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"}, + {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type"}, + {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"}, + {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, + {0, NULL} +}; #endif void ERR_load_PKCS7_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) - { - ERR_load_strings(0,PKCS7_str_functs); - ERR_load_strings(0,PKCS7_str_reasons); - } + if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) { + ERR_load_strings(0, PKCS7_str_functs); + ERR_load_strings(0, PKCS7_str_reasons); + } #endif - } +} |