if (EVP_PKEY_encrypt_init(pctx) <= 0)
goto err;
- if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
- EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
- ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR);
- goto err;
- }
-
if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
goto err;
if (EVP_PKEY_decrypt_init(pctx) <= 0)
goto err;
- if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
- EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
- ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR);
- goto err;
- }
-
if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
ri->enc_key->data, ri->enc_key->length) <= 0)
goto err;
NULL) <= 0)
goto err;
- /*
- * TODO(3.0): This causes problems when providers are in use, so disabled
- * for now. Can we get rid of this completely? AFAICT this ctrl has never
- * been used since it was first put in. All internal implementations just
- * return 1 and ignore this ctrl and have always done so by the looks of
- * things. To fix this we could convert this ctrl into a param, which would
- * require us to send all the signer info data as a set of params...but that
- * is non-trivial and since this isn't used by anything it may be better
- * just to remove it. The original commit that added it had this
- * justification in CHANGES:
- *
- * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the
- * EVP_PKEY_METHOD before and after signing via the
- * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure
- * before and/or after signing if necessary."
- */
-#if 0
- if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
- EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
- ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR);
- goto err;
- }
-#endif
-
alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
if (!abuf)
if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
goto err;
- /*
- * TODO(3.0): This causes problems when providers are in use, so disabled
- * for now. Can we get rid of this completely? AFAICT this ctrl has never
- * been used since it was first put in. All internal implementations just
- * return 1 and ignore this ctrl and have always done so by the looks of
- * things. To fix this we could convert this ctrl into a param, which would
- * require us to send all the signer info data as a set of params...but that
- * is non-trivial and since this isn't used by anything it may be better
- * just to remove it. The original commit that added it had this
- * justification in CHANGES:
- *
- * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the
- * EVP_PKEY_METHOD before and after signing via the
- * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure
- * before and/or after signing if necessary."
- */
-#if 0
- if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
- EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
- ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CTRL_ERROR);
- goto err;
- }
-#endif
-
EVP_MD_CTX_free(mctx);
ASN1_STRING_set0(si->enc_digest, abuf, siglen);
projects / openssl.git / blobdiff