X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fpkcs7%2Fpk7_lib.c;h=f7b5da1f14bbba75677ab775094d1256179f0e69;hp=7d14ad11734ecfc6489a7e25685263ac8da8dad3;hb=a43cf9fae96175ee91da08aa523c508c3d3e6dde;hpb=7dfb0b774e6592dcbfe47015168a0ac8b44e2a17 diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 7d14ad1173..f7b5da1f14 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -58,14 +58,10 @@ #include #include "cryptlib.h" -#include "objects.h" -#include "x509.h" - -long PKCS7_ctrl(p7,cmd,larg,parg) -PKCS7 *p7; -int cmd; -long larg; -char *parg; +#include +#include + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) { int nid; long ret; @@ -88,7 +84,11 @@ char *parg; case PKCS7_OP_GET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { - ret=p7->detached; + if(!p7->d.sign || !p7->d.sign->contents->d.ptr) + ret = 1; + else ret = 0; + + p7->detached = ret; } else { @@ -98,14 +98,13 @@ char *parg; break; default: - abort(); + PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); + ret=0; } return(ret); } -int PKCS7_content_new(p7,type) -PKCS7 *p7; -int type; +int PKCS7_content_new(PKCS7 *p7, int type) { PKCS7 *ret=NULL; @@ -119,9 +118,7 @@ err: return(0); } -int PKCS7_set_content(p7,p7_data) -PKCS7 *p7; -PKCS7 *p7_data; +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) { int i; @@ -130,7 +127,7 @@ PKCS7 *p7_data; { case NID_pkcs7_signed: if (p7->d.sign->contents != NULL) - PKCS7_content_free(p7->d.sign->contents); + PKCS7_free(p7->d.sign->contents); p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: @@ -147,13 +144,11 @@ err: return(0); } -int PKCS7_set_type(p7,type) -PKCS7 *p7; -int type; +int PKCS7_set_type(PKCS7 *p7, int type) { ASN1_OBJECT *obj; - PKCS7_content_free(p7); + /*PKCS7_content_free(p7);*/ obj=OBJ_nid2obj(type); /* will not fail */ switch (type) @@ -166,19 +161,35 @@ int type; break; case NID_pkcs7_data: p7->type=obj; - if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL) + if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) goto err; break; case NID_pkcs7_signedAndEnveloped: p7->type=obj; if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) - == NULL) - goto err; - ASN1_INTEGER_set(p7->d.sign->version,1); + == NULL) goto err; + ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); + p7->d.signed_and_enveloped->enc_data->content_type + = OBJ_nid2obj(NID_pkcs7_data); break; - case NID_pkcs7_digest: case NID_pkcs7_enveloped: + p7->type=obj; + if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) + == NULL) goto err; + ASN1_INTEGER_set(p7->d.enveloped->version,0); + p7->d.enveloped->enc_data->content_type + = OBJ_nid2obj(NID_pkcs7_data); + break; case NID_pkcs7_encrypted: + p7->type=obj; + if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) + == NULL) goto err; + ASN1_INTEGER_set(p7->d.encrypted->version,0); + p7->d.encrypted->enc_data->content_type + = OBJ_nid2obj(NID_pkcs7_data); + break; + + case NID_pkcs7_digest: default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; @@ -188,14 +199,12 @@ err: return(0); } -int PKCS7_add_signer(p7,psi) -PKCS7 *p7; -PKCS7_SIGNER_INFO *psi; +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; X509_ALGOR *alg; - STACK *signer_sk; - STACK *md_sk; + STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; + STACK_OF(X509_ALGOR) *md_sk; i=OBJ_obj2nid(p7->type); switch (i) @@ -217,9 +226,9 @@ PKCS7_SIGNER_INFO *psi; /* If the digest is not currently listed, add it */ j=0; - for (i=0; ialgorithm) == nid) { j=1; @@ -228,21 +237,24 @@ PKCS7_SIGNER_INFO *psi; } if (!j) /* we need to add another algorithm */ { - alg=X509_ALGOR_new(); + if(!(alg=X509_ALGOR_new()) + || !(alg->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); + return(0); + } alg->algorithm=OBJ_nid2obj(nid); - sk_push(md_sk,(char *)alg); + alg->parameter->type = V_ASN1_NULL; + sk_X509_ALGOR_push(md_sk,alg); } - sk_push(signer_sk,(char *)psi); + sk_PKCS7_SIGNER_INFO_push(signer_sk,psi); return(1); } -int PKCS7_add_certificate(p7,x509) -PKCS7 *p7; -X509 *x509; +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) { int i; - STACK **sk; + STACK_OF(X509) **sk; i=OBJ_obj2nid(p7->type); switch (i) @@ -259,18 +271,16 @@ X509 *x509; } if (*sk == NULL) - *sk=sk_new_null(); + *sk=sk_X509_new_null(); CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - sk_push(*sk,(char *)x509); + sk_X509_push(*sk,x509); return(1); } -int PKCS7_add_crl(p7,crl) -PKCS7 *p7; -X509_CRL *crl; +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) { int i; - STACK **sk; + STACK_OF(X509_CRL) **sk; i=OBJ_obj2nid(p7->type); switch (i) @@ -287,19 +297,19 @@ X509_CRL *crl; } if (*sk == NULL) - *sk=sk_new_null(); + *sk=sk_X509_CRL_new_null(); CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); - sk_push(*sk,(char *)crl); + sk_X509_CRL_push(*sk,crl); return(1); } -int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst) -PKCS7_SIGNER_INFO *p7i; -X509 *x509; -EVP_PKEY *pkey; -EVP_MD *dgst; +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + EVP_MD *dgst) { + char is_dsa; + if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; + else is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ ASN1_INTEGER_set(p7i->version,1); X509_NAME_set(&p7i->issuer_and_serial->issuer, @@ -307,36 +317,43 @@ EVP_MD *dgst; /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ - ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); p7i->issuer_and_serial->serial= - ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); /* lets keep the pkey around for a while */ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); p7i->pkey=pkey; /* Set the algorithms */ - p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst)); + if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); + else + p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); + + if (p7i->digest_alg->parameter != NULL) + ASN1_TYPE_free(p7i->digest_alg->parameter); + if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) + goto err; + p7i->digest_alg->parameter->type=V_ASN1_NULL; + + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); -#if 1 if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) - goto err; - p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; -#endif + if(is_dsa) p7i->digest_enc_alg->parameter = NULL; + else { + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + } return(1); err: return(0); } -PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst) -PKCS7 *p7; -X509 *x509; -EVP_PKEY *pkey; -EVP_MD *dgst; +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, + EVP_MD *dgst) { PKCS7_SIGNER_INFO *si; @@ -348,20 +365,21 @@ err: return(NULL); } -STACK *PKCS7_get_signer_info(p7) -PKCS7 *p7; +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) { return(p7->d.sign->signer_info); } + else if (PKCS7_type_is_signedAndEnveloped(p7)) + { + return(p7->d.signed_and_enveloped->signer_info); + } else return(NULL); } -PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509) -PKCS7 *p7; -X509 *x509; +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) { PKCS7_RECIP_INFO *ri; @@ -373,12 +391,10 @@ err: return(NULL); } -int PKCS7_add_recipient_info(p7,ri) -PKCS7 *p7; -PKCS7_RECIP_INFO *ri; +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) { int i; - STACK *sk; + STACK_OF(PKCS7_RECIP_INFO) *sk; i=OBJ_obj2nid(p7->type); switch (i) @@ -386,26 +402,30 @@ PKCS7_RECIP_INFO *ri; case NID_pkcs7_signedAndEnveloped: sk= p7->d.signed_and_enveloped->recipientinfo; break; + case NID_pkcs7_enveloped: + sk= p7->d.enveloped->recipientinfo; + break; default: PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); return(0); } - sk_push(sk,(char *)ri); + sk_PKCS7_RECIP_INFO_push(sk,ri); return(1); } -int PKCS7_RECIP_INFO_set(p7i,x509) -PKCS7_RECIP_INFO *p7i; -X509 *x509; +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) { ASN1_INTEGER_set(p7i->version,0); X509_NAME_set(&p7i->issuer_and_serial->issuer, X509_get_issuer_name(x509)); - ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); p7i->issuer_and_serial->serial= - ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + + X509_ALGOR_free(p7i->key_enc_algor); + p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor); CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); p7i->cert=x509; @@ -413,9 +433,7 @@ X509 *x509; return(1); } -X509 *PKCS7_cert_from_signer_info(p7,si) -PKCS7 *p7; -PKCS7_SIGNER_INFO *si; +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) { if (PKCS7_type_is_signed(p7)) return(X509_find_by_issuer_and_serial(p7->d.sign->cert, @@ -425,11 +443,10 @@ PKCS7_SIGNER_INFO *si; return(NULL); } -int PKCS7_set_cipher(p7,cipher) -PKCS7 *p7; -EVP_CIPHER *cipher; +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) { int i; + ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; i=OBJ_obj2nid(p7->type); @@ -438,12 +455,23 @@ EVP_CIPHER *cipher; case NID_pkcs7_signedAndEnveloped: ec=p7->d.signed_and_enveloped->enc_data; break; + case NID_pkcs7_enveloped: + ec=p7->d.enveloped->enc_data; + break; default: PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); return(0); } - ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher)); - return(ec->algorithm->algorithm != NULL); + /* Check cipher OID exists and has data in it*/ + i = EVP_CIPHER_type(cipher); + if(i == NID_undef) { + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + return(0); + } + objtmp = OBJ_nid2obj(i); + + ec->cipher = cipher; + return 1; }