pk7_lib.c revision 280268
1/* crypto/pkcs7/pk7_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/objects.h> 62#include <openssl/x509.h> 63#include "asn1_locl.h" 64 65long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) 66 { 67 int nid; 68 long ret; 69 70 nid=OBJ_obj2nid(p7->type); 71 72 switch (cmd) 73 { 74 /* NOTE(emilia): does not support detached digested data. */ 75 case PKCS7_OP_SET_DETACHED_SIGNATURE: 76 if (nid == NID_pkcs7_signed) 77 { 78 ret=p7->detached=(int)larg; 79 if (ret && PKCS7_type_is_data(p7->d.sign->contents)) 80 { 81 ASN1_OCTET_STRING *os; 82 os=p7->d.sign->contents->d.data; 83 ASN1_OCTET_STRING_free(os); 84 p7->d.sign->contents->d.data = NULL; 85 } 86 } 87 else 88 { 89 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 90 ret=0; 91 } 92 break; 93 case PKCS7_OP_GET_DETACHED_SIGNATURE: 94 if (nid == NID_pkcs7_signed) 95 { 96 if(!p7->d.sign || !p7->d.sign->contents->d.ptr) 97 ret = 1; 98 else ret = 0; 99 100 p7->detached = ret; 101 } 102 else 103 { 104 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 105 ret=0; 106 } 107 108 break; 109 default: 110 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); 111 ret=0; 112 } 113 return(ret); 114 } 115 116int PKCS7_content_new(PKCS7 *p7, int type) 117 { 118 PKCS7 *ret=NULL; 119 120 if ((ret=PKCS7_new()) == NULL) goto err; 121 if (!PKCS7_set_type(ret,type)) goto err; 122 if (!PKCS7_set_content(p7,ret)) goto err; 123 124 return(1); 125err: 126 if (ret != NULL) PKCS7_free(ret); 127 return(0); 128 } 129 130int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) 131 { 132 int i; 133 134 i=OBJ_obj2nid(p7->type); 135 switch (i) 136 { 137 case NID_pkcs7_signed: 138 if (p7->d.sign->contents != NULL) 139 PKCS7_free(p7->d.sign->contents); 140 p7->d.sign->contents=p7_data; 141 break; 142 case NID_pkcs7_digest: 143 if (p7->d.digest->contents != NULL) 144 PKCS7_free(p7->d.digest->contents); 145 p7->d.digest->contents=p7_data; 146 break; 147 case NID_pkcs7_data: 148 case NID_pkcs7_enveloped: 149 case NID_pkcs7_signedAndEnveloped: 150 case NID_pkcs7_encrypted: 151 default: 152 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 153 goto err; 154 } 155 return(1); 156err: 157 return(0); 158 } 159 160int PKCS7_set_type(PKCS7 *p7, int type) 161 { 162 ASN1_OBJECT *obj; 163 164 /*PKCS7_content_free(p7);*/ 165 obj=OBJ_nid2obj(type); /* will not fail */ 166 167 switch (type) 168 { 169 case NID_pkcs7_signed: 170 p7->type=obj; 171 if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) 172 goto err; 173 if (!ASN1_INTEGER_set(p7->d.sign->version,1)) 174 { 175 PKCS7_SIGNED_free(p7->d.sign); 176 p7->d.sign=NULL; 177 goto err; 178 } 179 break; 180 case NID_pkcs7_data: 181 p7->type=obj; 182 if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) 183 goto err; 184 break; 185 case NID_pkcs7_signedAndEnveloped: 186 p7->type=obj; 187 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) 188 == NULL) goto err; 189 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); 190 if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) 191 goto err; 192 p7->d.signed_and_enveloped->enc_data->content_type 193 = OBJ_nid2obj(NID_pkcs7_data); 194 break; 195 case NID_pkcs7_enveloped: 196 p7->type=obj; 197 if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) 198 == NULL) goto err; 199 if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) 200 goto err; 201 p7->d.enveloped->enc_data->content_type 202 = OBJ_nid2obj(NID_pkcs7_data); 203 break; 204 case NID_pkcs7_encrypted: 205 p7->type=obj; 206 if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) 207 == NULL) goto err; 208 if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) 209 goto err; 210 p7->d.encrypted->enc_data->content_type 211 = OBJ_nid2obj(NID_pkcs7_data); 212 break; 213 214 case NID_pkcs7_digest: 215 p7->type=obj; 216 if ((p7->d.digest=PKCS7_DIGEST_new()) 217 == NULL) goto err; 218 if (!ASN1_INTEGER_set(p7->d.digest->version,0)) 219 goto err; 220 break; 221 default: 222 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 223 goto err; 224 } 225 return(1); 226err: 227 return(0); 228 } 229 230int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) 231 { 232 p7->type = OBJ_nid2obj(type); 233 p7->d.other = other; 234 return 1; 235 } 236 237int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) 238 { 239 int i,j,nid; 240 X509_ALGOR *alg; 241 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; 242 STACK_OF(X509_ALGOR) *md_sk; 243 244 i=OBJ_obj2nid(p7->type); 245 switch (i) 246 { 247 case NID_pkcs7_signed: 248 signer_sk= p7->d.sign->signer_info; 249 md_sk= p7->d.sign->md_algs; 250 break; 251 case NID_pkcs7_signedAndEnveloped: 252 signer_sk= p7->d.signed_and_enveloped->signer_info; 253 md_sk= p7->d.signed_and_enveloped->md_algs; 254 break; 255 default: 256 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); 257 return(0); 258 } 259 260 nid=OBJ_obj2nid(psi->digest_alg->algorithm); 261 262 /* If the digest is not currently listed, add it */ 263 j=0; 264 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 265 { 266 alg=sk_X509_ALGOR_value(md_sk,i); 267 if (OBJ_obj2nid(alg->algorithm) == nid) 268 { 269 j=1; 270 break; 271 } 272 } 273 if (!j) /* we need to add another algorithm */ 274 { 275 if(!(alg=X509_ALGOR_new()) 276 || !(alg->parameter = ASN1_TYPE_new())) 277 { 278 X509_ALGOR_free(alg); 279 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); 280 return(0); 281 } 282 alg->algorithm=OBJ_nid2obj(nid); 283 alg->parameter->type = V_ASN1_NULL; 284 if (!sk_X509_ALGOR_push(md_sk,alg)) 285 { 286 X509_ALGOR_free(alg); 287 return 0; 288 } 289 } 290 291 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) 292 return 0; 293 return(1); 294 } 295 296int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) 297 { 298 int i; 299 STACK_OF(X509) **sk; 300 301 i=OBJ_obj2nid(p7->type); 302 switch (i) 303 { 304 case NID_pkcs7_signed: 305 sk= &(p7->d.sign->cert); 306 break; 307 case NID_pkcs7_signedAndEnveloped: 308 sk= &(p7->d.signed_and_enveloped->cert); 309 break; 310 default: 311 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); 312 return(0); 313 } 314 315 if (*sk == NULL) 316 *sk=sk_X509_new_null(); 317 if (*sk == NULL) 318 { 319 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); 320 return 0; 321 } 322 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 323 if (!sk_X509_push(*sk,x509)) 324 { 325 X509_free(x509); 326 return 0; 327 } 328 return(1); 329 } 330 331int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) 332 { 333 int i; 334 STACK_OF(X509_CRL) **sk; 335 336 i=OBJ_obj2nid(p7->type); 337 switch (i) 338 { 339 case NID_pkcs7_signed: 340 sk= &(p7->d.sign->crl); 341 break; 342 case NID_pkcs7_signedAndEnveloped: 343 sk= &(p7->d.signed_and_enveloped->crl); 344 break; 345 default: 346 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); 347 return(0); 348 } 349 350 if (*sk == NULL) 351 *sk=sk_X509_CRL_new_null(); 352 if (*sk == NULL) 353 { 354 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE); 355 return 0; 356 } 357 358 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); 359 if (!sk_X509_CRL_push(*sk,crl)) 360 { 361 X509_CRL_free(crl); 362 return 0; 363 } 364 return(1); 365 } 366 367int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 368 const EVP_MD *dgst) 369 { 370 int ret; 371 372 /* We now need to add another PKCS7_SIGNER_INFO entry */ 373 if (!ASN1_INTEGER_set(p7i->version,1)) 374 goto err; 375 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 376 X509_get_issuer_name(x509))) 377 goto err; 378 379 /* because ASN1_INTEGER_set is used to set a 'long' we will do 380 * things the ugly way. */ 381 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 382 if (!(p7i->issuer_and_serial->serial= 383 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 384 goto err; 385 386 /* lets keep the pkey around for a while */ 387 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); 388 p7i->pkey=pkey; 389 390 /* Set the algorithms */ 391 392 X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), 393 V_ASN1_NULL, NULL); 394 395 if (pkey->ameth && pkey->ameth->pkey_ctrl) 396 { 397 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 398 0, p7i); 399 if (ret > 0) 400 return 1; 401 if (ret != -2) 402 { 403 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 404 PKCS7_R_SIGNING_CTRL_FAILURE); 405 return 0; 406 } 407 } 408 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 409 PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 410err: 411 return 0; 412 } 413 414PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, 415 const EVP_MD *dgst) 416 { 417 PKCS7_SIGNER_INFO *si = NULL; 418 419 if (dgst == NULL) 420 { 421 int def_nid; 422 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) 423 goto err; 424 dgst = EVP_get_digestbynid(def_nid); 425 if (dgst == NULL) 426 { 427 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, 428 PKCS7_R_NO_DEFAULT_DIGEST); 429 goto err; 430 } 431 } 432 433 if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; 434 if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; 435 if (!PKCS7_add_signer(p7,si)) goto err; 436 return(si); 437err: 438 if (si) 439 PKCS7_SIGNER_INFO_free(si); 440 return(NULL); 441 } 442 443int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) 444 { 445 if (PKCS7_type_is_digest(p7)) 446 { 447 if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) 448 { 449 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); 450 return 0; 451 } 452 p7->d.digest->md->parameter->type = V_ASN1_NULL; 453 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); 454 return 1; 455 } 456 457 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); 458 return 1; 459 } 460 461STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) 462 { 463 if (p7 == NULL || p7->d.ptr == NULL) 464 return NULL; 465 if (PKCS7_type_is_signed(p7)) 466 { 467 return(p7->d.sign->signer_info); 468 } 469 else if (PKCS7_type_is_signedAndEnveloped(p7)) 470 { 471 return(p7->d.signed_and_enveloped->signer_info); 472 } 473 else 474 return(NULL); 475 } 476 477void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, 478 X509_ALGOR **pdig, X509_ALGOR **psig) 479 { 480 if (pk) 481 *pk = si->pkey; 482 if (pdig) 483 *pdig = si->digest_alg; 484 if (psig) 485 *psig = si->digest_enc_alg; 486 } 487 488void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) 489 { 490 if (penc) 491 *penc = ri->key_enc_algor; 492 } 493 494PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) 495 { 496 PKCS7_RECIP_INFO *ri; 497 498 if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; 499 if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; 500 if (!PKCS7_add_recipient_info(p7,ri)) goto err; 501 return ri; 502err: 503 if (ri) 504 PKCS7_RECIP_INFO_free(ri); 505 return NULL; 506 } 507 508int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) 509 { 510 int i; 511 STACK_OF(PKCS7_RECIP_INFO) *sk; 512 513 i=OBJ_obj2nid(p7->type); 514 switch (i) 515 { 516 case NID_pkcs7_signedAndEnveloped: 517 sk= p7->d.signed_and_enveloped->recipientinfo; 518 break; 519 case NID_pkcs7_enveloped: 520 sk= p7->d.enveloped->recipientinfo; 521 break; 522 default: 523 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); 524 return(0); 525 } 526 527 if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) 528 return 0; 529 return(1); 530 } 531 532int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) 533 { 534 int ret; 535 EVP_PKEY *pkey = NULL; 536 if (!ASN1_INTEGER_set(p7i->version,0)) 537 return 0; 538 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 539 X509_get_issuer_name(x509))) 540 return 0; 541 542 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 543 if (!(p7i->issuer_and_serial->serial= 544 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 545 return 0; 546 547 pkey = X509_get_pubkey(x509); 548 549 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) 550 { 551 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 552 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 553 goto err; 554 } 555 556 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 557 0, p7i); 558 if (ret == -2) 559 { 560 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 561 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 562 goto err; 563 } 564 if (ret <= 0) 565 { 566 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 567 PKCS7_R_ENCRYPTION_CTRL_FAILURE); 568 goto err; 569 } 570 571 EVP_PKEY_free(pkey); 572 573 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 574 p7i->cert=x509; 575 576 return 1; 577 578 err: 579 if (pkey) 580 EVP_PKEY_free(pkey); 581 return 0; 582 } 583 584X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) 585 { 586 if (PKCS7_type_is_signed(p7)) 587 return(X509_find_by_issuer_and_serial(p7->d.sign->cert, 588 si->issuer_and_serial->issuer, 589 si->issuer_and_serial->serial)); 590 else 591 return(NULL); 592 } 593 594int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) 595 { 596 int i; 597 PKCS7_ENC_CONTENT *ec; 598 599 i=OBJ_obj2nid(p7->type); 600 switch (i) 601 { 602 case NID_pkcs7_signedAndEnveloped: 603 ec=p7->d.signed_and_enveloped->enc_data; 604 break; 605 case NID_pkcs7_enveloped: 606 ec=p7->d.enveloped->enc_data; 607 break; 608 default: 609 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); 610 return(0); 611 } 612 613 /* Check cipher OID exists and has data in it*/ 614 i = EVP_CIPHER_type(cipher); 615 if(i == NID_undef) { 616 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 617 return(0); 618 } 619 620 ec->cipher = cipher; 621 return 1; 622 } 623 624int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) 625 { 626 ASN1_OCTET_STRING *os = NULL; 627 628 switch (OBJ_obj2nid(p7->type)) 629 { 630 case NID_pkcs7_data: 631 os = p7->d.data; 632 break; 633 634 case NID_pkcs7_signedAndEnveloped: 635 os = p7->d.signed_and_enveloped->enc_data->enc_data; 636 if (os == NULL) 637 { 638 os=M_ASN1_OCTET_STRING_new(); 639 p7->d.signed_and_enveloped->enc_data->enc_data=os; 640 } 641 break; 642 643 case NID_pkcs7_enveloped: 644 os = p7->d.enveloped->enc_data->enc_data; 645 if (os == NULL) 646 { 647 os=M_ASN1_OCTET_STRING_new(); 648 p7->d.enveloped->enc_data->enc_data=os; 649 } 650 break; 651 652 case NID_pkcs7_signed: 653 os=p7->d.sign->contents->d.data; 654 break; 655 656 default: 657 os = NULL; 658 break; 659 } 660 661 if (os == NULL) 662 return 0; 663 664 os->flags |= ASN1_STRING_FLAG_NDEF; 665 *boundary = &os->data; 666 667 return 1; 668 } 669