X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=crypto%2Fpkcs7%2Fpk7_doit.c;h=84dbd4a9a4da35d16f88c4f5e5d9b002caf33770;hb=c62b26fdc6bb176541ec56498090ff6f2ad4a885;hp=7acd11e057d78399fe5ff18740eb83a04b4aa6f9;hpb=26a3a48d65c7464b400ec1de439994d7f0d25fed;p=openssl.git

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 7acd11e057..84dbd4a9a4 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -219,7 +219,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 		}
 
 	if (bio == NULL) {
-		if (p7->detached)
+		if (PKCS7_is_detached(p7))
 			bio=BIO_new(BIO_s_null());
 		else {
 			if (PKCS7_type_is_signed(p7) &&
@@ -419,7 +419,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 		}
 
 #if 1
-	if (p7->detached || (in_bio != NULL))
+	if (PKCS7_is_detached(p7) || (in_bio != NULL))
 		{
 		bio=in_bio;
 		}
@@ -471,8 +471,6 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 	EVP_MD_CTX *mdc,ctx_tmp;
 	STACK_OF(X509_ATTRIBUTE) *sk;
 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-	unsigned char *p,*pp=NULL;
-	int x;
 	ASN1_OCTET_STRING *os=NULL;
 
 	i=OBJ_obj2nid(p7->type);
@@ -528,13 +526,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 				BIO_get_md_ctx(btmp,&mdc);
 				if (mdc == NULL)
 					{
-					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
 					goto err;
 					}
 				if (EVP_MD_CTX_type(mdc) == j)
 					break;
 				else
-					btmp=btmp->next_bio;
+					btmp=BIO_next(btmp);
 				}
 			
 			/* We now have the EVP_MD_CTX, lets do the
@@ -552,8 +550,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			 * attribute and only sign the attributes */
 			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 				{
-				unsigned char md_data[EVP_MAX_MD_SIZE];
-				unsigned int md_len;
+				unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
+				unsigned int md_len, alen;
 				ASN1_OCTET_STRING *digest;
 				ASN1_UTCTIME *sign_time;
 				const EVP_MD *md_tmp;
@@ -573,19 +571,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 					NID_pkcs9_messageDigest,
 					V_ASN1_OCTET_STRING,digest);
 
-				/* Now sign the mess */
+				/* Now sign the attributes */
 				EVP_SignInit(&ctx_tmp,md_tmp);
-				x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
-					   i2d_X509_ATTRIBUTE,
-					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-				pp=(unsigned char *)OPENSSL_malloc(x);
-				p=pp;
-				i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
-				           i2d_X509_ATTRIBUTE,
-					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-				EVP_SignUpdate(&ctx_tmp,pp,x);
-				OPENSSL_free(pp);
-				pp=NULL;
+				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
+							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+				if(!abuf) goto err;
+				EVP_SignUpdate(&ctx_tmp,abuf,alen);
+				OPENSSL_free(abuf);
 				}
 
 			if (si->pkey->type == EVP_PKEY_DSA)
@@ -606,7 +598,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			}
 		}
 
-	if (!p7->detached)
+	if (!PKCS7_is_detached(p7))
 		{
 		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
 		if (btmp == NULL)
@@ -627,9 +619,6 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 			(unsigned char *)buf_mem->data,buf_mem->length);
 #endif
 		}
-	if (pp != NULL) OPENSSL_free(pp);
-	pp=NULL;
-
 	ret=1;
 err:
 	if (buf != NULL) BUF_MEM_free(buf);
@@ -691,7 +680,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 	{
 	ASN1_OCTET_STRING *os;
 	EVP_MD_CTX mdc_tmp,*mdc;
-	unsigned char *pp,*p;
 	int ret=0,i;
 	int md_type;
 	STACK_OF(X509_ATTRIBUTE) *sk;
@@ -721,12 +709,12 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 		if (mdc == NULL)
 			{
 			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							PKCS7_R_INTERNAL_ERROR);
+							ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		if (EVP_MD_CTX_type(mdc) == md_type)
 			break;
-		btmp=btmp->next_bio;	
+		btmp=BIO_next(btmp);
 		}
 
 	/* mdc is the digest ctx that we want, unless there are attributes,
@@ -736,8 +724,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 	sk=si->auth_attr;
 	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 		{
-		unsigned char md_dat[EVP_MAX_MD_SIZE];
-                unsigned int md_len;
+		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+                unsigned int md_len, alen;
 		ASN1_OCTET_STRING *message_digest;
 
 		EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
@@ -766,23 +754,21 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 			}
 
 		EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
-		/* Note: when forming the encoding of the attributes we
-		 * shouldn't reorder them or this will break the signature.
-		 * This is done by using the IS_SEQUENCE flag.
-		 */
-		i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
-		pp=OPENSSL_malloc(i);
-		p=pp;
-		i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
-		EVP_VerifyUpdate(&mdc_tmp,pp,i);
 
-		OPENSSL_free(pp);
+		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+		EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
+
+		OPENSSL_free(abuf);
 		}
 
 	os=si->enc_digest;
 	pkey = X509_get_pubkey(x509);
+	if (!pkey)
+		{
+		ret = -1;
+		goto err;
+		}
 	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
 
 	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
@@ -838,7 +824,7 @@ static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
 		xa=sk_X509_ATTRIBUTE_value(sk,i);
 		if (OBJ_cmp(xa->object,o) == 0)
 			{
-			if (xa->set && sk_ASN1_TYPE_num(xa->value.set))
+			if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
 				return(sk_ASN1_TYPE_value(xa->value.set,0));
 			else
 				return(NULL);
@@ -909,7 +895,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
 
 	if (*sk == NULL)
 		{
-		*sk = sk_X509_ATTRIBUTE_new(NULL);
+		*sk = sk_X509_ATTRIBUTE_new_null();
 new_attrib:
 		attr=X509_ATTRIBUTE_create(nid,atrtype,value);
 		sk_X509_ATTRIBUTE_push(*sk,attr);