pk7_lib.c revision 340704
1/* crypto/pkcs7/pk7_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/objects.h> 62#include <openssl/x509.h> 63#include "asn1_locl.h" 64 65long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) 66{ 67 int nid; 68 long ret; 69 70 nid = OBJ_obj2nid(p7->type); 71 72 switch (cmd) { 73 /* NOTE(emilia): does not support detached digested data. */ 74 case PKCS7_OP_SET_DETACHED_SIGNATURE: 75 if (nid == NID_pkcs7_signed) { 76 ret = p7->detached = (int)larg; 77 if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { 78 ASN1_OCTET_STRING *os; 79 os = p7->d.sign->contents->d.data; 80 ASN1_OCTET_STRING_free(os); 81 p7->d.sign->contents->d.data = NULL; 82 } 83 } else { 84 PKCS7err(PKCS7_F_PKCS7_CTRL, 85 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 86 ret = 0; 87 } 88 break; 89 case PKCS7_OP_GET_DETACHED_SIGNATURE: 90 if (nid == NID_pkcs7_signed) { 91 if (!p7->d.sign || !p7->d.sign->contents->d.ptr) 92 ret = 1; 93 else 94 ret = 0; 95 96 p7->detached = ret; 97 } else { 98 PKCS7err(PKCS7_F_PKCS7_CTRL, 99 PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 100 ret = 0; 101 } 102 103 break; 104 default: 105 PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION); 106 ret = 0; 107 } 108 return (ret); 109} 110 111int PKCS7_content_new(PKCS7 *p7, int type) 112{ 113 PKCS7 *ret = NULL; 114 115 if ((ret = PKCS7_new()) == NULL) 116 goto err; 117 if (!PKCS7_set_type(ret, type)) 118 goto err; 119 if (!PKCS7_set_content(p7, ret)) 120 goto err; 121 122 return (1); 123 err: 124 if (ret != NULL) 125 PKCS7_free(ret); 126 return (0); 127} 128 129int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) 130{ 131 int i; 132 133 i = OBJ_obj2nid(p7->type); 134 switch (i) { 135 case NID_pkcs7_signed: 136 if (p7->d.sign->contents != NULL) 137 PKCS7_free(p7->d.sign->contents); 138 p7->d.sign->contents = p7_data; 139 break; 140 case NID_pkcs7_digest: 141 if (p7->d.digest->contents != NULL) 142 PKCS7_free(p7->d.digest->contents); 143 p7->d.digest->contents = p7_data; 144 break; 145 case NID_pkcs7_data: 146 case NID_pkcs7_enveloped: 147 case NID_pkcs7_signedAndEnveloped: 148 case NID_pkcs7_encrypted: 149 default: 150 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 151 goto err; 152 } 153 return (1); 154 err: 155 return (0); 156} 157 158int PKCS7_set_type(PKCS7 *p7, int type) 159{ 160 ASN1_OBJECT *obj; 161 162 /* 163 * PKCS7_content_free(p7); 164 */ 165 obj = OBJ_nid2obj(type); /* will not fail */ 166 167 switch (type) { 168 case NID_pkcs7_signed: 169 p7->type = obj; 170 if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL) 171 goto err; 172 if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) { 173 PKCS7_SIGNED_free(p7->d.sign); 174 p7->d.sign = NULL; 175 goto err; 176 } 177 break; 178 case NID_pkcs7_data: 179 p7->type = obj; 180 if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL) 181 goto err; 182 break; 183 case NID_pkcs7_signedAndEnveloped: 184 p7->type = obj; 185 if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) 186 == NULL) 187 goto err; 188 if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) 189 goto err; 190 p7->d.signed_and_enveloped->enc_data->content_type 191 = OBJ_nid2obj(NID_pkcs7_data); 192 break; 193 case NID_pkcs7_enveloped: 194 p7->type = obj; 195 if ((p7->d.enveloped = PKCS7_ENVELOPE_new()) 196 == NULL) 197 goto err; 198 if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) 199 goto err; 200 p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); 201 break; 202 case NID_pkcs7_encrypted: 203 p7->type = obj; 204 if ((p7->d.encrypted = PKCS7_ENCRYPT_new()) 205 == NULL) 206 goto err; 207 if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) 208 goto err; 209 p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); 210 break; 211 212 case NID_pkcs7_digest: 213 p7->type = obj; 214 if ((p7->d.digest = PKCS7_DIGEST_new()) 215 == NULL) 216 goto err; 217 if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) 218 goto err; 219 break; 220 default: 221 PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 222 goto err; 223 } 224 return (1); 225 err: 226 return (0); 227} 228 229int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) 230{ 231 p7->type = OBJ_nid2obj(type); 232 p7->d.other = other; 233 return 1; 234} 235 236int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) 237{ 238 int i, j, nid; 239 X509_ALGOR *alg; 240 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; 241 STACK_OF(X509_ALGOR) *md_sk; 242 243 i = OBJ_obj2nid(p7->type); 244 switch (i) { 245 case NID_pkcs7_signed: 246 signer_sk = p7->d.sign->signer_info; 247 md_sk = p7->d.sign->md_algs; 248 break; 249 case NID_pkcs7_signedAndEnveloped: 250 signer_sk = p7->d.signed_and_enveloped->signer_info; 251 md_sk = p7->d.signed_and_enveloped->md_algs; 252 break; 253 default: 254 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE); 255 return (0); 256 } 257 258 nid = OBJ_obj2nid(psi->digest_alg->algorithm); 259 260 /* If the digest is not currently listed, add it */ 261 j = 0; 262 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { 263 alg = sk_X509_ALGOR_value(md_sk, i); 264 if (OBJ_obj2nid(alg->algorithm) == nid) { 265 j = 1; 266 break; 267 } 268 } 269 if (!j) { /* we need to add another algorithm */ 270 if (!(alg = X509_ALGOR_new()) 271 || !(alg->parameter = ASN1_TYPE_new())) { 272 X509_ALGOR_free(alg); 273 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); 274 return (0); 275 } 276 alg->algorithm = OBJ_nid2obj(nid); 277 alg->parameter->type = V_ASN1_NULL; 278 if (!sk_X509_ALGOR_push(md_sk, alg)) { 279 X509_ALGOR_free(alg); 280 return 0; 281 } 282 } 283 284 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) 285 return 0; 286 return (1); 287} 288 289int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) 290{ 291 int i; 292 STACK_OF(X509) **sk; 293 294 i = OBJ_obj2nid(p7->type); 295 switch (i) { 296 case NID_pkcs7_signed: 297 sk = &(p7->d.sign->cert); 298 break; 299 case NID_pkcs7_signedAndEnveloped: 300 sk = &(p7->d.signed_and_enveloped->cert); 301 break; 302 default: 303 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE); 304 return (0); 305 } 306 307 if (*sk == NULL) 308 *sk = sk_X509_new_null(); 309 if (*sk == NULL) { 310 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); 311 return 0; 312 } 313 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); 314 if (!sk_X509_push(*sk, x509)) { 315 X509_free(x509); 316 return 0; 317 } 318 return (1); 319} 320 321int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) 322{ 323 int i; 324 STACK_OF(X509_CRL) **sk; 325 326 i = OBJ_obj2nid(p7->type); 327 switch (i) { 328 case NID_pkcs7_signed: 329 sk = &(p7->d.sign->crl); 330 break; 331 case NID_pkcs7_signedAndEnveloped: 332 sk = &(p7->d.signed_and_enveloped->crl); 333 break; 334 default: 335 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE); 336 return (0); 337 } 338 339 if (*sk == NULL) 340 *sk = sk_X509_CRL_new_null(); 341 if (*sk == NULL) { 342 PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE); 343 return 0; 344 } 345 346 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); 347 if (!sk_X509_CRL_push(*sk, crl)) { 348 X509_CRL_free(crl); 349 return 0; 350 } 351 return (1); 352} 353 354int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 355 const EVP_MD *dgst) 356{ 357 int ret; 358 359 /* We now need to add another PKCS7_SIGNER_INFO entry */ 360 if (!ASN1_INTEGER_set(p7i->version, 1)) 361 goto err; 362 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 363 X509_get_issuer_name(x509))) 364 goto err; 365 366 /* 367 * because ASN1_INTEGER_set is used to set a 'long' we will do things the 368 * ugly way. 369 */ 370 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 371 if (!(p7i->issuer_and_serial->serial = 372 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 373 goto err; 374 375 /* lets keep the pkey around for a while */ 376 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); 377 p7i->pkey = pkey; 378 379 /* Set the algorithms */ 380 381 X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), 382 V_ASN1_NULL, NULL); 383 384 if (pkey->ameth && pkey->ameth->pkey_ctrl) { 385 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i); 386 if (ret > 0) 387 return 1; 388 if (ret != -2) { 389 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 390 PKCS7_R_SIGNING_CTRL_FAILURE); 391 return 0; 392 } 393 } 394 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, 395 PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 396 err: 397 return 0; 398} 399 400PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, 401 const EVP_MD *dgst) 402{ 403 PKCS7_SIGNER_INFO *si = NULL; 404 405 if (dgst == NULL) { 406 int def_nid; 407 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) 408 goto err; 409 dgst = EVP_get_digestbynid(def_nid); 410 if (dgst == NULL) { 411 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST); 412 goto err; 413 } 414 } 415 416 if ((si = PKCS7_SIGNER_INFO_new()) == NULL) 417 goto err; 418 if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) 419 goto err; 420 if (!PKCS7_add_signer(p7, si)) 421 goto err; 422 return (si); 423 err: 424 if (si) 425 PKCS7_SIGNER_INFO_free(si); 426 return (NULL); 427} 428 429int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) 430{ 431 if (PKCS7_type_is_digest(p7)) { 432 if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { 433 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); 434 return 0; 435 } 436 p7->d.digest->md->parameter->type = V_ASN1_NULL; 437 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); 438 return 1; 439 } 440 441 PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE); 442 return 1; 443} 444 445STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) 446{ 447 if (p7 == NULL || p7->d.ptr == NULL) 448 return NULL; 449 if (PKCS7_type_is_signed(p7)) { 450 return (p7->d.sign->signer_info); 451 } else if (PKCS7_type_is_signedAndEnveloped(p7)) { 452 return (p7->d.signed_and_enveloped->signer_info); 453 } else 454 return (NULL); 455} 456 457void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, 458 X509_ALGOR **pdig, X509_ALGOR **psig) 459{ 460 if (pk) 461 *pk = si->pkey; 462 if (pdig) 463 *pdig = si->digest_alg; 464 if (psig) 465 *psig = si->digest_enc_alg; 466} 467 468void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) 469{ 470 if (penc) 471 *penc = ri->key_enc_algor; 472} 473 474PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) 475{ 476 PKCS7_RECIP_INFO *ri; 477 478 if ((ri = PKCS7_RECIP_INFO_new()) == NULL) 479 goto err; 480 if (!PKCS7_RECIP_INFO_set(ri, x509)) 481 goto err; 482 if (!PKCS7_add_recipient_info(p7, ri)) 483 goto err; 484 return ri; 485 err: 486 if (ri) 487 PKCS7_RECIP_INFO_free(ri); 488 return NULL; 489} 490 491int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) 492{ 493 int i; 494 STACK_OF(PKCS7_RECIP_INFO) *sk; 495 496 i = OBJ_obj2nid(p7->type); 497 switch (i) { 498 case NID_pkcs7_signedAndEnveloped: 499 sk = p7->d.signed_and_enveloped->recipientinfo; 500 break; 501 case NID_pkcs7_enveloped: 502 sk = p7->d.enveloped->recipientinfo; 503 break; 504 default: 505 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 506 PKCS7_R_WRONG_CONTENT_TYPE); 507 return (0); 508 } 509 510 if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) 511 return 0; 512 return (1); 513} 514 515int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) 516{ 517 int ret; 518 EVP_PKEY *pkey = NULL; 519 if (!ASN1_INTEGER_set(p7i->version, 0)) 520 return 0; 521 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 522 X509_get_issuer_name(x509))) 523 return 0; 524 525 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 526 if (!(p7i->issuer_and_serial->serial = 527 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 528 return 0; 529 530 pkey = X509_get_pubkey(x509); 531 532 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { 533 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 534 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 535 goto err; 536 } 537 538 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i); 539 if (ret == -2) { 540 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 541 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 542 goto err; 543 } 544 if (ret <= 0) { 545 PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, 546 PKCS7_R_ENCRYPTION_CTRL_FAILURE); 547 goto err; 548 } 549 550 EVP_PKEY_free(pkey); 551 552 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); 553 p7i->cert = x509; 554 555 return 1; 556 557 err: 558 if (pkey) 559 EVP_PKEY_free(pkey); 560 return 0; 561} 562 563X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) 564{ 565 if (PKCS7_type_is_signed(p7)) 566 return (X509_find_by_issuer_and_serial(p7->d.sign->cert, 567 si->issuer_and_serial->issuer, 568 si-> 569 issuer_and_serial->serial)); 570 else 571 return (NULL); 572} 573 574int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) 575{ 576 int i; 577 PKCS7_ENC_CONTENT *ec; 578 579 i = OBJ_obj2nid(p7->type); 580 switch (i) { 581 case NID_pkcs7_signedAndEnveloped: 582 ec = p7->d.signed_and_enveloped->enc_data; 583 break; 584 case NID_pkcs7_enveloped: 585 ec = p7->d.enveloped->enc_data; 586 break; 587 default: 588 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE); 589 return (0); 590 } 591 592 /* Check cipher OID exists and has data in it */ 593 i = EVP_CIPHER_type(cipher); 594 if (i == NID_undef) { 595 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, 596 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 597 return (0); 598 } 599 600 ec->cipher = cipher; 601 return 1; 602} 603 604int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) 605{ 606 ASN1_OCTET_STRING *os = NULL; 607 608 switch (OBJ_obj2nid(p7->type)) { 609 case NID_pkcs7_data: 610 os = p7->d.data; 611 break; 612 613 case NID_pkcs7_signedAndEnveloped: 614 os = p7->d.signed_and_enveloped->enc_data->enc_data; 615 if (os == NULL) { 616 os = M_ASN1_OCTET_STRING_new(); 617 p7->d.signed_and_enveloped->enc_data->enc_data = os; 618 } 619 break; 620 621 case NID_pkcs7_enveloped: 622 os = p7->d.enveloped->enc_data->enc_data; 623 if (os == NULL) { 624 os = M_ASN1_OCTET_STRING_new(); 625 p7->d.enveloped->enc_data->enc_data = os; 626 } 627 break; 628 629 case NID_pkcs7_signed: 630 os = p7->d.sign->contents->d.data; 631 break; 632 633 default: 634 os = NULL; 635 break; 636 } 637 638 if (os == NULL) 639 return 0; 640 641 os->flags |= ASN1_STRING_FLAG_NDEF; 642 *boundary = &os->data; 643 644 return 1; 645} 646