#include "crypto/evp.h"
#include "crypto/cms.h"
#include "crypto/ess.h"
-
-DEFINE_STACK_OF(CMS_RevocationInfoChoice)
-DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_ALGOR)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
+#include "crypto/x509.h" /* for X509_add_cert_new() */
/* CMS SignedData Utilities */
goto err;
if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
goto err;
- } else if (EVP_DigestSignInit_with_libctx(si->mctx, &si->pctx,
- EVP_MD_name(md),
- ctx->libctx, ctx->propq,
- pk) <= 0) {
+ } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, EVP_MD_name(md),
+ ctx->libctx, ctx->propq, pk) <= 0) {
goto err;
}
}
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
if (si->signer != NULL) {
- if (signers == NULL) {
- signers = sk_X509_new_null();
- if (signers == NULL)
- return NULL;
- }
- if (!sk_X509_push(signers, si->signer)) {
+ if (!X509_add_cert_new(&signers, si->signer,
+ X509_ADD_FLAG_DEFAULT)) {
sk_X509_free(signers);
return NULL;
}
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_SignFinal_with_libctx(mctx, sig, &siglen, si->pkey,
- ctx->libctx, ctx->propq)) {
+ if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, ctx->libctx,
+ ctx->propq)) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
OPENSSL_free(sig);
goto err;
pctx = si->pctx;
else {
EVP_MD_CTX_reset(mctx);
- if (EVP_DigestSignInit_with_libctx(mctx, &pctx,
- md_name, ctx->libctx, ctx->propq,
- si->pkey) <= 0)
+ if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, ctx->libctx, ctx->propq,
+ si->pkey) <= 0)
goto err;
si->pctx = pctx;
}
unsigned char *abuf = NULL;
int alen, r = -1;
const char *name;
- EVP_MD *md = NULL;
+ const EVP_MD *md;
+ EVP_MD *fetched_md = NULL;
const CMS_CTX *ctx = si->cms_ctx;
if (si->pkey == NULL) {
return -1;
name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
- md = EVP_MD_fetch(ctx->libctx, name, ctx->propq);
- if (md == NULL)
+
+ (void)ERR_set_mark();
+ fetched_md = EVP_MD_fetch(ctx->libctx, name, ctx->propq);
+
+ if (fetched_md != NULL)
+ md = fetched_md;
+ else
+ md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+ if (md == NULL) {
+ (void)ERR_clear_last_mark();
+ CMSerr(0, CMS_R_UNKNOWN_DIGEST_ALGORITHM);
return -1;
+ }
+ (void)ERR_pop_to_mark();
+
if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
mctx = si->mctx;
- if (EVP_DigestVerifyInit_with_libctx(mctx, &si->pctx,
- EVP_MD_name(md), ctx->libctx, NULL,
- si->pkey) <= 0)
+ if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_name(md), ctx->libctx,
+ NULL, si->pkey) <= 0)
goto err;
if (!cms_sd_asn1_ctrl(si, 1))
alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
ASN1_ITEM_rptr(CMS_Attributes_Verify));
- if (!abuf)
+ if (abuf == NULL || alen < 0)
goto err;
r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
OPENSSL_free(abuf);
if (r <= 0)
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
err:
- EVP_MD_free(md);
+ EVP_MD_free(fetched_md);
EVP_MD_CTX_reset(mctx);
return r;
}