if (!j) /* we need to add another algorithm */
{
if(!(alg=X509_ALGOR_new())
- || !(alg->parameter = ASN1_TYPE_new())) {
+ || !(alg->parameter = ASN1_TYPE_new()))
+ {
+ X509_ALGOR_free(alg);
PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
return(0);
- }
+ }
alg->algorithm=OBJ_nid2obj(nid);
alg->parameter->type = V_ASN1_NULL;
- sk_X509_ALGOR_push(md_sk,alg);
+ if (!sk_X509_ALGOR_push(md_sk,alg))
+ {
+ X509_ALGOR_free(alg);
+ return 0;
+ }
}
- sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
+ if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
+ return 0;
return(1);
}
if (*sk == NULL)
*sk=sk_X509_new_null();
+ if (*sk == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
- sk_X509_push(*sk,x509);
+ if (!sk_X509_push(*sk,x509))
+ {
+ X509_free(x509);
+ return 0;
+ }
return(1);
}
if (*sk == NULL)
*sk=sk_X509_CRL_new_null();
+ if (*sk == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
- sk_X509_CRL_push(*sk,crl);
+ if (!sk_X509_CRL_push(*sk,crl))
+ {
+ X509_CRL_free(crl);
+ return 0;
+ }
return(1);
}
}
PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
- return 0;
err:
- return(0);
+ return 0;
}
PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
const EVP_MD *dgst)
{
- PKCS7_SIGNER_INFO *si;
+ PKCS7_SIGNER_INFO *si = NULL;
+
+ if (dgst == NULL)
+ {
+ int def_nid;
+ if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+ goto err;
+ dgst = EVP_get_digestbynid(def_nid);
+ if (dgst == NULL)
+ {
+ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
+ PKCS7_R_NO_DEFAULT_DIGEST);
+ goto err;
+ }
+ }
if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
*psig = si->digest_enc_alg;
}
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
+ {
+ if (penc)
+ *penc = ri->key_enc_algor;
+ }
+
PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
{
PKCS7_RECIP_INFO *ri;
if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
if (!PKCS7_add_recipient_info(p7,ri)) goto err;
- return(ri);
+ return ri;
err:
- return(NULL);
+ if (ri)
+ PKCS7_RECIP_INFO_free(ri);
+ return NULL;
}
int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
return(0);
}
- sk_PKCS7_RECIP_INFO_push(sk,ri);
+ if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
+ return 0;
return(1);
}
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
+ int ret;
+ EVP_PKEY *pkey = NULL;
if (!ASN1_INTEGER_set(p7i->version,0))
return 0;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
return 0;
- X509_ALGOR_free(p7i->key_enc_algor);
- if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
- return 0;
+ pkey = X509_get_pubkey(x509);
+
+ if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
+ {
+ PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+ PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+
+ ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
+ 0, p7i);
+ if (ret == -2)
+ {
+ PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+ PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+ if (ret <= 0)
+ {
+ PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+ PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+ goto err;
+ }
+
+ EVP_PKEY_free(pkey);
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
p7i->cert=x509;
- return(1);
+ return 1;
+
+ err:
+ if (pkey)
+ EVP_PKEY_free(pkey);
+ return 0;
}
X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
return 1;
}
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
+ {
+ ASN1_OCTET_STRING *os = NULL;
+
+ switch (OBJ_obj2nid(p7->type))
+ {
+ case NID_pkcs7_data:
+ os = p7->d.data;
+ break;
+
+ case NID_pkcs7_signedAndEnveloped:
+ os = p7->d.signed_and_enveloped->enc_data->enc_data;
+ if (os == NULL)
+ {
+ os=M_ASN1_OCTET_STRING_new();
+ p7->d.signed_and_enveloped->enc_data->enc_data=os;
+ }
+ break;
+
+ case NID_pkcs7_enveloped:
+ os = p7->d.enveloped->enc_data->enc_data;
+ if (os == NULL)
+ {
+ os=M_ASN1_OCTET_STRING_new();
+ p7->d.enveloped->enc_data->enc_data=os;
+ }
+ break;
+
+ case NID_pkcs7_signed:
+ os=p7->d.sign->contents->d.data;
+ break;
+
+ default:
+ os = NULL;
+ break;
+ }
+
+ if (os == NULL)
+ return 0;
+
+ os->flags |= ASN1_STRING_FLAG_NDEF;
+ *boundary = &os->data;
+
+ return 1;
+ }
+
+
+
+
+
projects / openssl.git / blobdiff