}
-static int PKCS7_type_is_octet_string(PKCS7* p7)
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
{
- if ( 0==PKCS7_type_is_other(p7) )
- return 0;
-
- return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
+ if ( PKCS7_type_is_data(p7))
+ return p7->d.data;
+ if ( PKCS7_type_is_other(p7) && p7->d.other
+ && (p7->d.other->type == V_ASN1_OCTET_STRING))
+ return p7->d.other->value.octet_string;
+ return NULL;
}
BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
}
OPENSSL_free(tmp);
- memset(key, 0, keylen);
+ OPENSSL_cleanse(key, keylen);
if (out == NULL)
out=btmp;
btmp=NULL;
}
- if (bio == NULL) {
+ if (bio == NULL)
+ {
if (PKCS7_is_detached(p7))
bio=BIO_new(BIO_s_null());
- else {
- if (PKCS7_type_is_signed(p7) ) {
- if ( PKCS7_type_is_data(p7->d.sign->contents)) {
- ASN1_OCTET_STRING *os;
- os=p7->d.sign->contents->d.data;
- if (os->length > 0)
- bio = BIO_new_mem_buf(os->data, os->length);
- }
- else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
- ASN1_OCTET_STRING *os;
- os=p7->d.sign->contents->d.other->value.octet_string;
- if (os->length > 0)
- bio = BIO_new_mem_buf(os->data, os->length);
- }
- }
- if(bio == NULL) {
+ else
+ {
+ ASN1_OCTET_STRING *os;
+ os = PKCS7_get_octet_string(p7->d.sign->contents);
+ if (os && os->length > 0)
+ bio = BIO_new_mem_buf(os->data, os->length);
+ if(bio == NULL)
+ {
bio=BIO_new(BIO_s_mem());
BIO_set_mem_eof_return(bio,0);
+ }
}
- }
}
BIO_push(out,bio);
bio=NULL;
switch (i)
{
case NID_pkcs7_signed:
- data_body=p7->d.sign->contents->d.data;
+ data_body=PKCS7_get_octet_string(p7->d.sign->contents);
md_sk=p7->d.sign->md_algs;
break;
case NID_pkcs7_signedAndEnveloped:
}
EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
- memset(tmp,0,jj);
+ OPENSSL_cleanse(tmp,jj);
if (out == NULL)
out=etmp;
STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
ASN1_OCTET_STRING *os=NULL;
+ EVP_MD_CTX_init(&ctx_tmp);
i=OBJ_obj2nid(p7->type);
p7->state=PKCS7_S_HEADER;
break;
case NID_pkcs7_signed:
si_sk=p7->d.sign->signer_info;
- os=p7->d.sign->contents->d.data;
+ os=PKCS7_get_octet_string(p7->d.sign->contents);
/* If detached data then the content is excluded */
- if(p7->detached) {
+ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
M_ASN1_OCTET_STRING_free(os);
p7->d.sign->contents->d.data = NULL;
}
/* We now have the EVP_MD_CTX, lets do the
* signing. */
- EVP_MD_CTX_init(&ctx_tmp);
EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
- if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+ if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
goto err;
ctx_tmp.digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
- if (si->pkey->type == EVP_PKEY_ECDSA)
+ if (si->pkey->type == EVP_PKEY_EC)
ctx_tmp.digest=EVP_ecdsa();
#endif
}
if (EVP_MD_CTX_type(mdc) == md_type)
break;
+ /* Workaround for some broken clients that put the signature
+ * OID instead of the digest OID in digest_alg->algorithm
+ */
+ if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+ break;
btmp=BIO_next(btmp);
}
if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_ECDSA) mdc_tmp.digest=EVP_ecdsa();
+ if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
#endif
i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);