pk7_doit.c (55714) | pk7_doit.c (59191) |
---|---|
1/* crypto/pkcs7/pk7_doit.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 47 unchanged lines hidden (view full) --- 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/rand.h> 62#include <openssl/objects.h> 63#include <openssl/x509.h> | 1/* crypto/pkcs7/pk7_doit.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 47 unchanged lines hidden (view full) --- 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/rand.h> 62#include <openssl/objects.h> 63#include <openssl/x509.h> |
64#include <openssl/x509v3.h> |
|
64 65static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 66 void *value); 67static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); 68 69BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 70 { 71 int i,j; --- 83 unchanged lines hidden (view full) --- 155 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 156 { 157 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); 158 goto err; 159 } 160 BIO_get_cipher_ctx(btmp, &ctx); 161 keylen=EVP_CIPHER_key_length(evp_cipher); 162 ivlen=EVP_CIPHER_iv_length(evp_cipher); | 65 66static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 67 void *value); 68static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); 69 70BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 71 { 72 int i,j; --- 83 unchanged lines hidden (view full) --- 156 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 157 { 158 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); 159 goto err; 160 } 161 BIO_get_cipher_ctx(btmp, &ctx); 162 keylen=EVP_CIPHER_key_length(evp_cipher); 163 ivlen=EVP_CIPHER_iv_length(evp_cipher); |
163 RAND_bytes(key,keylen); | 164 if (RAND_bytes(key,keylen) <= 0) 165 goto err; |
164 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); | 166 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); |
165 if (ivlen > 0) RAND_bytes(iv,ivlen); | 167 if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); |
166 EVP_CipherInit(ctx, evp_cipher, key, iv, 1); 167 168 if (ivlen > 0) { 169 if (xalg->parameter == NULL) 170 xalg->parameter=ASN1_TYPE_new(); 171 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 172 goto err; 173 } --- 25 unchanged lines hidden (view full) --- 199 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); 200 EVP_PKEY_free(pkey); 201 if (jj <= 0) 202 { 203 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); 204 Free(tmp); 205 goto err; 206 } | 168 EVP_CipherInit(ctx, evp_cipher, key, iv, 1); 169 170 if (ivlen > 0) { 171 if (xalg->parameter == NULL) 172 xalg->parameter=ASN1_TYPE_new(); 173 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 174 goto err; 175 } --- 25 unchanged lines hidden (view full) --- 201 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); 202 EVP_PKEY_free(pkey); 203 if (jj <= 0) 204 { 205 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); 206 Free(tmp); 207 goto err; 208 } |
207 ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); | 209 M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); |
208 } 209 Free(tmp); 210 memset(key, 0, keylen); 211 212 if (out == NULL) 213 out=btmp; 214 else 215 BIO_push(out,btmp); 216 btmp=NULL; 217 } 218 | 210 } 211 Free(tmp); 212 memset(key, 0, keylen); 213 214 if (out == NULL) 215 out=btmp; 216 else 217 BIO_push(out,btmp); 218 btmp=NULL; 219 } 220 |
219 if (bio == NULL) /* ??????????? */ 220 { | 221 if (bio == NULL) { |
221 if (p7->detached) 222 bio=BIO_new(BIO_s_null()); | 222 if (p7->detached) 223 bio=BIO_new(BIO_s_null()); |
223 else 224 { 225 bio=BIO_new(BIO_s_mem()); 226 /* We need to set this so that when we have read all 227 * the data, the encrypt BIO, if present, will read 228 * EOF and encode the last few bytes */ 229 BIO_set_mem_eof_return(bio,0); 230 | 224 else { |
231 if (PKCS7_type_is_signed(p7) && | 225 if (PKCS7_type_is_signed(p7) && |
232 PKCS7_type_is_data(p7->d.sign->contents)) 233 { | 226 PKCS7_type_is_data(p7->d.sign->contents)) { |
234 ASN1_OCTET_STRING *os; | 227 ASN1_OCTET_STRING *os; |
235 | |
236 os=p7->d.sign->contents->d.data; | 228 os=p7->d.sign->contents->d.data; |
237 if (os->length > 0) 238 BIO_write(bio,(char *)os->data, 239 os->length); 240 } | 229 if (os->length > 0) bio = 230 BIO_new_mem_buf(os->data, os->length); 231 } 232 if(bio == NULL) { 233 bio=BIO_new(BIO_s_mem()); 234 BIO_set_mem_eof_return(bio,0); |
241 } 242 } | 235 } 236 } |
237 } |
|
243 BIO_push(out,bio); 244 bio=NULL; 245 if (0) 246 { 247err: 248 if (out != NULL) 249 BIO_free_all(out); 250 if (btmp != NULL) 251 BIO_free_all(btmp); 252 out=NULL; 253 } 254 return(out); 255 } 256 257/* int */ 258BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 259 { 260 int i,j; 261 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; | 238 BIO_push(out,bio); 239 bio=NULL; 240 if (0) 241 { 242err: 243 if (out != NULL) 244 BIO_free_all(out); 245 if (btmp != NULL) 246 BIO_free_all(btmp); 247 out=NULL; 248 } 249 return(out); 250 } 251 252/* int */ 253BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 254 { 255 int i,j; 256 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; |
262 char *tmp=NULL; | 257 unsigned char *tmp=NULL; |
263 X509_ALGOR *xa; 264 ASN1_OCTET_STRING *data_body=NULL; 265 const EVP_MD *evp_md; 266 const EVP_CIPHER *evp_cipher=NULL; 267 EVP_CIPHER_CTX *evp_ctx=NULL; 268 X509_ALGOR *enc_alg=NULL; 269 STACK_OF(X509_ALGOR) *md_sk=NULL; 270 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 271 X509_ALGOR *xalg=NULL; 272 PKCS7_RECIP_INFO *ri=NULL; | 258 X509_ALGOR *xa; 259 ASN1_OCTET_STRING *data_body=NULL; 260 const EVP_MD *evp_md; 261 const EVP_CIPHER *evp_cipher=NULL; 262 EVP_CIPHER_CTX *evp_ctx=NULL; 263 X509_ALGOR *enc_alg=NULL; 264 STACK_OF(X509_ALGOR) *md_sk=NULL; 265 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 266 X509_ALGOR *xalg=NULL; 267 PKCS7_RECIP_INFO *ri=NULL; |
268#ifndef NO_RC2 269 char is_rc2 = 0; 270#endif |
|
273/* EVP_PKEY *pkey; */ 274#if 0 275 X509_STORE_CTX s_ctx; 276#endif 277 278 i=OBJ_obj2nid(p7->type); 279 p7->state=PKCS7_S_HEADER; 280 --- 28 unchanged lines hidden (view full) --- 309 } 310 xalg=p7->d.enveloped->enc_data->algorithm; 311 break; 312 default: 313 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 314 goto err; 315 } 316 | 271/* EVP_PKEY *pkey; */ 272#if 0 273 X509_STORE_CTX s_ctx; 274#endif 275 276 i=OBJ_obj2nid(p7->type); 277 p7->state=PKCS7_S_HEADER; 278 --- 28 unchanged lines hidden (view full) --- 307 } 308 xalg=p7->d.enveloped->enc_data->algorithm; 309 break; 310 default: 311 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 312 goto err; 313 } 314 |
315 if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc) 316 { 317#ifndef NO_RC2 318 is_rc2 = 1; 319#else 320 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 321 goto err; 322#endif 323 } 324 |
|
317 /* We will be checking the signature */ 318 if (md_sk != NULL) 319 { 320 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 321 { 322 xa=sk_X509_ALGOR_value(md_sk,i); 323 if ((btmp=BIO_new(BIO_f_md())) == NULL) 324 { --- 42 unchanged lines hidden (view full) --- 367 /* Find the recipientInfo which matches the passed certificate 368 * (if any) 369 */ 370 371 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { 372 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 373 if(!X509_NAME_cmp(ri->issuer_and_serial->issuer, 374 pcert->cert_info->issuer) && | 325 /* We will be checking the signature */ 326 if (md_sk != NULL) 327 { 328 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 329 { 330 xa=sk_X509_ALGOR_value(md_sk,i); 331 if ((btmp=BIO_new(BIO_f_md())) == NULL) 332 { --- 42 unchanged lines hidden (view full) --- 375 /* Find the recipientInfo which matches the passed certificate 376 * (if any) 377 */ 378 379 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { 380 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 381 if(!X509_NAME_cmp(ri->issuer_and_serial->issuer, 382 pcert->cert_info->issuer) && |
375 !ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, | 383 !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, |
376 ri->issuer_and_serial->serial)) break; 377 ri=NULL; 378 } 379 if (ri == NULL) { 380 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 381 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 382 return(NULL); 383 } 384 385 jj=EVP_PKEY_size(pkey); | 384 ri->issuer_and_serial->serial)) break; 385 ri=NULL; 386 } 387 if (ri == NULL) { 388 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 389 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 390 return(NULL); 391 } 392 393 jj=EVP_PKEY_size(pkey); |
386 tmp=Malloc(jj+10); | 394 tmp=(unsigned char *)Malloc(jj+10); |
387 if (tmp == NULL) 388 { 389 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE); 390 goto err; 391 } 392 | 395 if (tmp == NULL) 396 { 397 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE); 398 goto err; 399 } 400 |
393 jj=EVP_PKEY_decrypt((unsigned char *)tmp, 394 ASN1_STRING_data(ri->enc_key), 395 ASN1_STRING_length(ri->enc_key), 396 pkey); | 401 jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key), 402 M_ASN1_STRING_length(ri->enc_key), pkey); |
397 if (jj <= 0) 398 { 399 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); 400 goto err; 401 } 402 403 evp_ctx=NULL; 404 BIO_get_cipher_ctx(etmp,&evp_ctx); 405 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0); 406 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 407 return(NULL); 408 | 403 if (jj <= 0) 404 { 405 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); 406 goto err; 407 } 408 409 evp_ctx=NULL; 410 BIO_get_cipher_ctx(etmp,&evp_ctx); 411 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0); 412 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 413 return(NULL); 414 |
409 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) 410 { 411 PKCS7err(PKCS7_F_PKCS7_DATADECODE, | 415 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { 416 /* HACK: some S/MIME clients don't use the same key 417 * and effective key length. The key length is 418 * determined by the size of the decrypted RSA key. 419 * So we hack things to manually set the RC2 key 420 * because we currently can't do this with the EVP 421 * interface. 422 */ 423#ifndef NO_RC2 424 if(is_rc2) RC2_set_key(&(evp_ctx->c.rc2_ks),jj, tmp, 425 EVP_CIPHER_CTX_key_length(evp_ctx)*8); 426 else 427#endif 428 { 429 PKCS7err(PKCS7_F_PKCS7_DATADECODE, |
412 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); | 430 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); |
413 goto err; 414 } 415 EVP_CipherInit(evp_ctx,NULL,(unsigned char *)tmp,NULL,0); | 431 goto err; 432 } 433 } else EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); |
416 417 memset(tmp,0,jj); 418 419 if (out == NULL) 420 out=etmp; 421 else 422 BIO_push(out,etmp); 423 etmp=NULL; 424 } 425 426#if 1 427 if (p7->detached || (in_bio != NULL)) 428 { 429 bio=in_bio; 430 } 431 else 432 { | 434 435 memset(tmp,0,jj); 436 437 if (out == NULL) 438 out=etmp; 439 else 440 BIO_push(out,etmp); 441 etmp=NULL; 442 } 443 444#if 1 445 if (p7->detached || (in_bio != NULL)) 446 { 447 bio=in_bio; 448 } 449 else 450 { |
451#if 0 |
|
433 bio=BIO_new(BIO_s_mem()); 434 /* We need to set this so that when we have read all 435 * the data, the encrypt BIO, if present, will read 436 * EOF and encode the last few bytes */ 437 BIO_set_mem_eof_return(bio,0); 438 439 if (data_body->length > 0) 440 BIO_write(bio,(char *)data_body->data,data_body->length); | 452 bio=BIO_new(BIO_s_mem()); 453 /* We need to set this so that when we have read all 454 * the data, the encrypt BIO, if present, will read 455 * EOF and encode the last few bytes */ 456 BIO_set_mem_eof_return(bio,0); 457 458 if (data_body->length > 0) 459 BIO_write(bio,(char *)data_body->data,data_body->length); |
460#else 461 if (data_body->length > 0) 462 bio = BIO_new_mem_buf(data_body->data,data_body->length); 463 else { 464 bio=BIO_new(BIO_s_mem()); 465 BIO_set_mem_eof_return(bio,0); |
|
441 } | 466 } |
467#endif 468 } |
|
442 BIO_push(out,bio); 443 bio=NULL; 444#endif 445 if (0) 446 { 447err: 448 if (out != NULL) BIO_free_all(out); 449 if (btmp != NULL) BIO_free_all(btmp); --- 24 unchanged lines hidden (view full) --- 474 i=OBJ_obj2nid(p7->type); 475 p7->state=PKCS7_S_HEADER; 476 477 switch (i) 478 { 479 case NID_pkcs7_signedAndEnveloped: 480 /* XXXXXXXXXXXXXXXX */ 481 si_sk=p7->d.signed_and_enveloped->signer_info; | 469 BIO_push(out,bio); 470 bio=NULL; 471#endif 472 if (0) 473 { 474err: 475 if (out != NULL) BIO_free_all(out); 476 if (btmp != NULL) BIO_free_all(btmp); --- 24 unchanged lines hidden (view full) --- 501 i=OBJ_obj2nid(p7->type); 502 p7->state=PKCS7_S_HEADER; 503 504 switch (i) 505 { 506 case NID_pkcs7_signedAndEnveloped: 507 /* XXXXXXXXXXXXXXXX */ 508 si_sk=p7->d.signed_and_enveloped->signer_info; |
482 os=ASN1_OCTET_STRING_new(); | 509 os=M_ASN1_OCTET_STRING_new(); |
483 p7->d.signed_and_enveloped->enc_data->enc_data=os; 484 break; 485 case NID_pkcs7_enveloped: 486 /* XXXXXXXXXXXXXXXX */ | 510 p7->d.signed_and_enveloped->enc_data->enc_data=os; 511 break; 512 case NID_pkcs7_enveloped: 513 /* XXXXXXXXXXXXXXXX */ |
487 os=ASN1_OCTET_STRING_new(); | 514 os=M_ASN1_OCTET_STRING_new(); |
488 p7->d.enveloped->enc_data->enc_data=os; 489 break; 490 case NID_pkcs7_signed: 491 si_sk=p7->d.sign->signer_info; 492 os=p7->d.sign->contents->d.data; 493 /* If detached data then the content is excluded */ 494 if(p7->detached) { | 515 p7->d.enveloped->enc_data->enc_data=os; 516 break; 517 case NID_pkcs7_signed: 518 si_sk=p7->d.sign->signer_info; 519 os=p7->d.sign->contents->d.data; 520 /* If detached data then the content is excluded */ 521 if(p7->detached) { |
495 ASN1_OCTET_STRING_free(os); | 522 M_ASN1_OCTET_STRING_free(os); |
496 p7->d.sign->contents->d.data = NULL; 497 } 498 break; 499 } 500 501 if (si_sk != NULL) 502 { 503 if ((buf=BUF_MEM_new()) == NULL) --- 18 unchanged lines hidden (view full) --- 522 goto err; 523 } 524 BIO_get_md_ctx(btmp,&mdc); 525 if (mdc == NULL) 526 { 527 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR); 528 goto err; 529 } | 523 p7->d.sign->contents->d.data = NULL; 524 } 525 break; 526 } 527 528 if (si_sk != NULL) 529 { 530 if ((buf=BUF_MEM_new()) == NULL) --- 18 unchanged lines hidden (view full) --- 549 goto err; 550 } 551 BIO_get_md_ctx(btmp,&mdc); 552 if (mdc == NULL) 553 { 554 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR); 555 goto err; 556 } |
530 if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == j) | 557 if (EVP_MD_CTX_type(mdc) == j) |
531 break; 532 else 533 btmp=btmp->next_bio; 534 } 535 536 /* We now have the EVP_MD_CTX, lets do the 537 * signing. */ 538 memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp)); --- 17 unchanged lines hidden (view full) --- 556 557 /* Add signing time */ 558 sign_time=X509_gmtime_adj(NULL,0); 559 PKCS7_add_signed_attribute(si, 560 NID_pkcs9_signingTime, 561 V_ASN1_UTCTIME,sign_time); 562 563 /* Add digest */ | 558 break; 559 else 560 btmp=btmp->next_bio; 561 } 562 563 /* We now have the EVP_MD_CTX, lets do the 564 * signing. */ 565 memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp)); --- 17 unchanged lines hidden (view full) --- 583 584 /* Add signing time */ 585 sign_time=X509_gmtime_adj(NULL,0); 586 PKCS7_add_signed_attribute(si, 587 NID_pkcs9_signingTime, 588 V_ASN1_UTCTIME,sign_time); 589 590 /* Add digest */ |
564 md_tmp=EVP_MD_CTX_type(&ctx_tmp); | 591 md_tmp=EVP_MD_CTX_md(&ctx_tmp); |
565 EVP_DigestFinal(&ctx_tmp,md_data,&md_len); | 592 EVP_DigestFinal(&ctx_tmp,md_data,&md_len); |
566 digest=ASN1_OCTET_STRING_new(); 567 ASN1_OCTET_STRING_set(digest,md_data,md_len); | 593 digest=M_ASN1_OCTET_STRING_new(); 594 M_ASN1_OCTET_STRING_set(digest,md_data,md_len); |
568 PKCS7_add_signed_attribute(si, 569 NID_pkcs9_messageDigest, 570 V_ASN1_OCTET_STRING,digest); 571 572 /* Now sign the mess */ 573 EVP_SignInit(&ctx_tmp,md_tmp); 574 x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL, 575 i2d_X509_ATTRIBUTE, --- 30 unchanged lines hidden (view full) --- 606 { 607 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 608 if (btmp == NULL) 609 { 610 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 611 goto err; 612 } 613 BIO_get_mem_ptr(btmp,&buf_mem); | 595 PKCS7_add_signed_attribute(si, 596 NID_pkcs9_messageDigest, 597 V_ASN1_OCTET_STRING,digest); 598 599 /* Now sign the mess */ 600 EVP_SignInit(&ctx_tmp,md_tmp); 601 x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL, 602 i2d_X509_ATTRIBUTE, --- 30 unchanged lines hidden (view full) --- 633 { 634 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 635 if (btmp == NULL) 636 { 637 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 638 goto err; 639 } 640 BIO_get_mem_ptr(btmp,&buf_mem); |
614 ASN1_OCTET_STRING_set(os, | 641 /* Mark the BIO read only then we can use its copy of the data 642 * instead of making an extra copy. 643 */ 644 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); 645 BIO_set_mem_eof_return(btmp, 0); 646 os->data = (unsigned char *)buf_mem->data; 647 os->length = buf_mem->length; 648#if 0 649 M_ASN1_OCTET_STRING_set(os, |
615 (unsigned char *)buf_mem->data,buf_mem->length); | 650 (unsigned char *)buf_mem->data,buf_mem->length); |
651#endif |
|
616 } 617 if (pp != NULL) Free(pp); 618 pp=NULL; 619 620 ret=1; 621err: 622 if (buf != NULL) BUF_MEM_free(buf); 623 return(ret); --- 29 unchanged lines hidden (view full) --- 653 if (x509 == NULL) 654 { 655 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); 656 goto err; 657 } 658 659 /* Lets verify */ 660 X509_STORE_CTX_init(ctx,cert_store,x509,cert); | 652 } 653 if (pp != NULL) Free(pp); 654 pp=NULL; 655 656 ret=1; 657err: 658 if (buf != NULL) BUF_MEM_free(buf); 659 return(ret); --- 29 unchanged lines hidden (view full) --- 689 if (x509 == NULL) 690 { 691 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); 692 goto err; 693 } 694 695 /* Lets verify */ 696 X509_STORE_CTX_init(ctx,cert_store,x509,cert); |
697 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); |
|
661 i=X509_verify_cert(ctx); 662 if (i <= 0) 663 { 664 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); | 698 i=X509_verify_cert(ctx); 699 if (i <= 0) 700 { 701 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); |
702 X509_STORE_CTX_cleanup(ctx); |
|
665 goto err; 666 } 667 X509_STORE_CTX_cleanup(ctx); 668 669 return PKCS7_signatureVerify(bio, p7, si, x509); 670 err: 671 return ret; 672 } --- 31 unchanged lines hidden (view full) --- 704 } 705 BIO_get_md_ctx(btmp,&mdc); 706 if (mdc == NULL) 707 { 708 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 709 PKCS7_R_INTERNAL_ERROR); 710 goto err; 711 } | 703 goto err; 704 } 705 X509_STORE_CTX_cleanup(ctx); 706 707 return PKCS7_signatureVerify(bio, p7, si, x509); 708 err: 709 return ret; 710 } --- 31 unchanged lines hidden (view full) --- 742 } 743 BIO_get_md_ctx(btmp,&mdc); 744 if (mdc == NULL) 745 { 746 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 747 PKCS7_R_INTERNAL_ERROR); 748 goto err; 749 } |
712 if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type) | 750 if (EVP_MD_CTX_type(mdc) == md_type) |
713 break; 714 btmp=btmp->next_bio; 715 } 716 717 /* mdc is the digest ctx that we want, unless there are attributes, 718 * in which case the digest is the signed attributes */ 719 memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp)); 720 --- 202 unchanged lines hidden --- | 751 break; 752 btmp=btmp->next_bio; 753 } 754 755 /* mdc is the digest ctx that we want, unless there are attributes, 756 * in which case the digest is the signed attributes */ 757 memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp)); 758 --- 202 unchanged lines hidden --- |