diff options
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/bio_pk7.c | 7 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/example.c | 402 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_asn1.c | 77 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_attr.c | 97 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_dgst.c | 14 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_doit.c | 1186 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_enc.c | 23 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_lib.c | 656 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_mime.c | 40 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pk7_smime.c | 444 | ||||
| -rw-r--r-- | lib/libssl/src/crypto/pkcs7/pkcs7err.c | 223 |
11 files changed, 1563 insertions, 1606 deletions
diff --git a/lib/libssl/src/crypto/pkcs7/bio_pk7.c b/lib/libssl/src/crypto/pkcs7/bio_pk7.c index 3d9eba97139..0e4a4f7559d 100644 --- a/lib/libssl/src/crypto/pkcs7/bio_pk7.c +++ b/lib/libssl/src/crypto/pkcs7/bio_pk7.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_pk7.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: bio_pk7.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,7 +59,8 @@ #include <stdio.h> /* Streaming encode support for PKCS#7 */ -BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) +BIO * +BIO_new_PKCS7(BIO *out, PKCS7 *p7) { return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); } diff --git a/lib/libssl/src/crypto/pkcs7/example.c b/lib/libssl/src/crypto/pkcs7/example.c index 611c27b1134..2dc1b655b18 100644 --- a/lib/libssl/src/crypto/pkcs7/example.c +++ b/lib/libssl/src/crypto/pkcs7/example.c @@ -1,4 +1,4 @@ -/* $OpenBSD: example.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: example.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */ #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -6,325 +6,335 @@ #include <openssl/asn1_mac.h> #include <openssl/x509.h> -int add_signed_time(PKCS7_SIGNER_INFO *si) - { +int +add_signed_time(PKCS7_SIGNER_INFO *si) +{ ASN1_UTCTIME *sign_time; /* The last parameter is the amount to add/subtract from the current * time (in seconds) */ - sign_time=X509_gmtime_adj(NULL,0); - PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime, - V_ASN1_UTCTIME,(char *)sign_time); - return(1); - } - -ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si) - { + sign_time = X509_gmtime_adj(NULL, 0); + PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, + V_ASN1_UTCTIME, (char *)sign_time); + return (1); +} + +ASN1_UTCTIME * +get_signed_time(PKCS7_SIGNER_INFO *si) +{ ASN1_TYPE *so; - so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime); + so = PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime); if (so->type == V_ASN1_UTCTIME) - return so->value.utctime; + return so->value.utctime; return NULL; - } - -static int signed_string_nid= -1; +} -void add_signed_string(PKCS7_SIGNER_INFO *si, char *str) - { +static int signed_string_nid = -1; + +void +add_signed_string(PKCS7_SIGNER_INFO *si, char *str) +{ ASN1_OCTET_STRING *os; /* To a an object of OID 1.2.3.4.5, which is an octet string */ if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - os=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); + signed_string_nid = + OBJ_create("1.2.3.4.5","OID_example","Our example OID"); + os = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str)); /* When we add, we do not free */ - PKCS7_add_signed_attribute(si,signed_string_nid, - V_ASN1_OCTET_STRING,(char *)os); - } + PKCS7_add_signed_attribute(si, signed_string_nid, + V_ASN1_OCTET_STRING, (char *)os); +} -int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) - { +int +get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) +{ ASN1_TYPE *so; ASN1_OCTET_STRING *os; int i; if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); + signed_string_nid = + OBJ_create("1.2.3.4.5","OID_example","Our example OID"); /* To retrieve */ - so=PKCS7_get_signed_attribute(si,signed_string_nid); - if (so != NULL) - { - if (so->type == V_ASN1_OCTET_STRING) - { - os=so->value.octet_string; - i=os->length; - if ((i+1) > len) - i=len-1; - memcpy(buf,os->data,i); - return(i); - } + so = PKCS7_get_signed_attribute(si, signed_string_nid); + if (so != NULL) { + if (so->type == V_ASN1_OCTET_STRING) { + os = so->value.octet_string; + i = os->length; + if ((i + 1) > len) + i = len - 1; + memcpy(buf, os->data, i); + return (i); } - return(0); } + return (0); +} -static int signed_seq2string_nid= -1; +static int signed_seq2string_nid = -1; /* ########################################### */ -int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) - { +int +add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) +{ /* To add an object of OID 1.9.999, which is a sequence containing * 2 octet strings */ unsigned char *p; - ASN1_OCTET_STRING *os1,*os2; + ASN1_OCTET_STRING *os1, *os2; ASN1_STRING *seq; unsigned char *data; - int i,total; + int i, total; if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - os1=ASN1_OCTET_STRING_new(); - os2=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); - ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); - i =i2d_ASN1_OCTET_STRING(os1,NULL); - i+=i2d_ASN1_OCTET_STRING(os2,NULL); - total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - - data=malloc(total); - p=data; - ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_OCTET_STRING(os1,&p); - i2d_ASN1_OCTET_STRING(os2,&p); - - seq=ASN1_STRING_new(); - ASN1_STRING_set(seq,data,total); + signed_seq2string_nid = + OBJ_create("1.9.9999","OID_example","Our example OID"); + + os1 = ASN1_OCTET_STRING_new(); + os2 = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1)); + ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1)); + i = i2d_ASN1_OCTET_STRING(os1, NULL); + i += i2d_ASN1_OCTET_STRING(os2, NULL); + total = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + + data = malloc(total); + p = data; + ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + i2d_ASN1_OCTET_STRING(os1, &p); + i2d_ASN1_OCTET_STRING(os2, &p); + + seq = ASN1_STRING_new(); + ASN1_STRING_set(seq, data, total); free(data); ASN1_OCTET_STRING_free(os1); ASN1_OCTET_STRING_free(os2); - PKCS7_add_signed_attribute(si,signed_seq2string_nid, - V_ASN1_SEQUENCE,(char *)seq); - return(1); - } + PKCS7_add_signed_attribute(si, signed_seq2string_nid, + V_ASN1_SEQUENCE, (char *)seq); + return (1); +} /* For this case, I will malloc the return strings */ -int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) - { +int +get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) +{ ASN1_TYPE *so; if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); + signed_seq2string_nid = + OBJ_create("1.9.9999","OID_example","Our example OID"); /* To retrieve */ - so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); - if (so && (so->type == V_ASN1_SEQUENCE)) - { + so = PKCS7_get_signed_attribute(si, signed_seq2string_nid); + if (so && (so->type == V_ASN1_SEQUENCE)) { ASN1_const_CTX c; ASN1_STRING *s; long length; - ASN1_OCTET_STRING *os1,*os2; + ASN1_OCTET_STRING *os1, *os2; - s=so->value.sequence; - c.p=ASN1_STRING_data(s); - c.max=c.p+ASN1_STRING_length(s); - if (!asn1_GetSequence(&c,&length)) goto err; + s = so->value.sequence; + c.p = ASN1_STRING_data(s); + c.max = c.p + ASN1_STRING_length(s); + if (!asn1_GetSequence(&c, &length)) + goto err; /* Length is the length of the seqence */ - c.q=c.p; - if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) + c.q = c.p; + if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) goto err; - c.slen-=(c.p-c.q); + c.slen -= (c.p - c.q); - c.q=c.p; - if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) + c.q = c.p; + if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) goto err; - c.slen-=(c.p-c.q); + c.slen -= (c.p - c.q); - if (!asn1_const_Finish(&c)) goto err; - *str1=malloc(os1->length+1); - *str2=malloc(os2->length+1); - memcpy(*str1,os1->data,os1->length); - memcpy(*str2,os2->data,os2->length); + if (!asn1_const_Finish(&c)) + goto err; + *str1 = malloc(os1->length + 1); + *str2 = malloc(os2->length + 1); + memcpy(*str1, os1->data, os1->length); + memcpy(*str2, os2->data, os2->length); (*str1)[os1->length]='\0'; (*str2)[os2->length]='\0'; ASN1_OCTET_STRING_free(os1); ASN1_OCTET_STRING_free(os2); - return(1); - } -err: - return(0); + return (1); } +err: + return (0); +} /* ####################################### * THE OTHER WAY TO DO THINGS * ####################################### */ -X509_ATTRIBUTE *create_time(void) - { +X509_ATTRIBUTE * +create_time(void) +{ ASN1_UTCTIME *sign_time; X509_ATTRIBUTE *ret; /* The last parameter is the amount to add/subtract from the current * time (in seconds) */ - sign_time=X509_gmtime_adj(NULL,0); - ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime, - V_ASN1_UTCTIME,(char *)sign_time); - return(ret); - } - -ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) - { + sign_time = X509_gmtime_adj(NULL, 0); + ret = X509_ATTRIBUTE_create(NID_pkcs9_signingTime, + V_ASN1_UTCTIME, (char *)sign_time); + return (ret); +} + +ASN1_UTCTIME * +sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) +{ ASN1_TYPE *so; PKCS7_SIGNER_INFO si; - si.auth_attr=sk; - so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime); + si.auth_attr = sk; + so = PKCS7_get_signed_attribute(&si, NID_pkcs9_signingTime); if (so->type == V_ASN1_UTCTIME) - return so->value.utctime; + return so->value.utctime; return NULL; - } - -X509_ATTRIBUTE *create_string(char *str) - { +} + +X509_ATTRIBUTE * +create_string(char *str) +{ ASN1_OCTET_STRING *os; X509_ATTRIBUTE *ret; /* To a an object of OID 1.2.3.4.5, which is an octet string */ if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - os=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); + signed_string_nid = + OBJ_create("1.2.3.4.5","OID_example","Our example OID"); + os = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(os, (unsigned char*)str, strlen(str)); /* When we add, we do not free */ - ret=X509_ATTRIBUTE_create(signed_string_nid, - V_ASN1_OCTET_STRING,(char *)os); - return(ret); - } - -int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) - { + ret = X509_ATTRIBUTE_create(signed_string_nid, + V_ASN1_OCTET_STRING, (char *)os); + return (ret); +} + +int +sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) +{ ASN1_TYPE *so; ASN1_OCTET_STRING *os; int i; PKCS7_SIGNER_INFO si; - si.auth_attr=sk; + si.auth_attr = sk; if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); + signed_string_nid = + OBJ_create("1.2.3.4.5","OID_example","Our example OID"); /* To retrieve */ - so=PKCS7_get_signed_attribute(&si,signed_string_nid); - if (so != NULL) - { - if (so->type == V_ASN1_OCTET_STRING) - { - os=so->value.octet_string; - i=os->length; - if ((i+1) > len) - i=len-1; - memcpy(buf,os->data,i); - return(i); - } + so = PKCS7_get_signed_attribute(&si, signed_string_nid); + if (so != NULL) { + if (so->type == V_ASN1_OCTET_STRING) { + os = so->value.octet_string; + i = os->length; + if ((i + 1) > len) + i = len - 1; + memcpy(buf, os->data, i); + return (i); } - return(0); } + return (0); +} -X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) - { +X509_ATTRIBUTE * +add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) +{ /* To add an object of OID 1.9.999, which is a sequence containing * 2 octet strings */ unsigned char *p; - ASN1_OCTET_STRING *os1,*os2; + ASN1_OCTET_STRING *os1, *os2; ASN1_STRING *seq; X509_ATTRIBUTE *ret; unsigned char *data; - int i,total; + int i, total; if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - os1=ASN1_OCTET_STRING_new(); - os2=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); - ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); - i =i2d_ASN1_OCTET_STRING(os1,NULL); - i+=i2d_ASN1_OCTET_STRING(os2,NULL); - total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - - data=malloc(total); - p=data; - ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_OCTET_STRING(os1,&p); - i2d_ASN1_OCTET_STRING(os2,&p); - - seq=ASN1_STRING_new(); - ASN1_STRING_set(seq,data,total); + signed_seq2string_nid = + OBJ_create("1.9.9999","OID_example","Our example OID"); + + os1 = ASN1_OCTET_STRING_new(); + os2 = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(os1, (unsigned char*)str1, strlen(str1)); + ASN1_OCTET_STRING_set(os2, (unsigned char*)str1, strlen(str1)); + i = i2d_ASN1_OCTET_STRING(os1, NULL); + i += i2d_ASN1_OCTET_STRING(os2, NULL); + total = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + + data = malloc(total); + p = data; + ASN1_put_object(&p, 1,i, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + i2d_ASN1_OCTET_STRING(os1, &p); + i2d_ASN1_OCTET_STRING(os2, &p); + + seq = ASN1_STRING_new(); + ASN1_STRING_set(seq, data, total); free(data); ASN1_OCTET_STRING_free(os1); ASN1_OCTET_STRING_free(os2); - ret=X509_ATTRIBUTE_create(signed_seq2string_nid, - V_ASN1_SEQUENCE,(char *)seq); - return(ret); - } + ret = X509_ATTRIBUTE_create(signed_seq2string_nid, + V_ASN1_SEQUENCE, (char *)seq); + return (ret); +} /* For this case, I will malloc the return strings */ -int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) - { +int +sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) +{ ASN1_TYPE *so; PKCS7_SIGNER_INFO si; if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); + signed_seq2string_nid = + OBJ_create("1.9.9999","OID_example","Our example OID"); - si.auth_attr=sk; + si.auth_attr = sk; /* To retrieve */ - so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); - if (so->type == V_ASN1_SEQUENCE) - { + so = PKCS7_get_signed_attribute(&si, signed_seq2string_nid); + if (so->type == V_ASN1_SEQUENCE) { ASN1_const_CTX c; ASN1_STRING *s; long length; - ASN1_OCTET_STRING *os1,*os2; + ASN1_OCTET_STRING *os1, *os2; - s=so->value.sequence; - c.p=ASN1_STRING_data(s); - c.max=c.p+ASN1_STRING_length(s); - if (!asn1_GetSequence(&c,&length)) goto err; + s = so->value.sequence; + c.p = ASN1_STRING_data(s); + c.max = c.p + ASN1_STRING_length(s); + if (!asn1_GetSequence(&c, &length)) + goto err; /* Length is the length of the seqence */ - c.q=c.p; - if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) + c.q = c.p; + if ((os1 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) goto err; - c.slen-=(c.p-c.q); + c.slen -= (c.p - c.q); - c.q=c.p; - if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) + c.q = c.p; + if ((os2 = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) goto err; - c.slen-=(c.p-c.q); + c.slen -= (c.p - c.q); - if (!asn1_const_Finish(&c)) goto err; - *str1=malloc(os1->length+1); - *str2=malloc(os2->length+1); - memcpy(*str1,os1->data,os1->length); - memcpy(*str2,os2->data,os2->length); + if (!asn1_const_Finish(&c)) + goto err; + *str1 = malloc(os1->length + 1); + *str2 = malloc(os2->length + 1); + memcpy(*str1, os1->data, os1->length); + memcpy(*str2, os2->data, os2->length); (*str1)[os1->length]='\0'; (*str2)[os2->length]='\0'; ASN1_OCTET_STRING_free(os1); ASN1_OCTET_STRING_free(os2); - return(1); - } -err: - return(0); + return (1); } +err: + return (0); +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_asn1.c b/lib/libssl/src/crypto/pkcs7/pk7_asn1.c index e3a5b53d753..8be54475187 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_asn1.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_asn1.c,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_asn1.c,v 1.6 2014/06/29 17:05:36 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -69,40 +69,45 @@ ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); ASN1_ADB(PKCS7) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) + ADB_ENTRY(NID_pkcs7_data, + ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, + ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, + ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_signedAndEnveloped, + ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, + PKCS7_SIGN_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_digest, + ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, + ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); /* PKCS#7 streaming support */ -static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int +pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { ASN1_STREAM_ARG *sarg = exarg; PKCS7 **pp7 = (PKCS7 **)pval; - switch(operation) - { - - case ASN1_OP_STREAM_PRE: + switch (operation) { + case ASN1_OP_STREAM_PRE: if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) return 0; - case ASN1_OP_DETACHED_PRE: + + case ASN1_OP_DETACHED_PRE: sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); if (!sarg->ndef_bio) return 0; break; - case ASN1_OP_STREAM_POST: - case ASN1_OP_DETACHED_POST: + case ASN1_OP_STREAM_POST: + case ASN1_OP_DETACHED_POST: if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) return 0; break; - - } + } return 1; } @@ -127,10 +132,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) /* Minor tweak to operation: free up EVP_PKEY */ -static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int +si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_FREE_POST) { + if (operation == ASN1_OP_FREE_POST) { PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; EVP_PKEY_free(si->pkey); } @@ -139,14 +144,16 @@ static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), + ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, + PKCS7_ISSUER_AND_SERIAL), ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), /* NB this should be a SET OF but we use a SEQUENCE OF so the * original order * is retained when the structure is reencoded. * Since the attributes are implicitly tagged this will not affect * the encoding. */ - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), + ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, + X509_ATTRIBUTE, 0), ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) @@ -170,10 +177,10 @@ ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) /* Minor tweak to operation: free up X509 */ -static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) +static int +ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_FREE_POST) { + if (operation == ASN1_OP_FREE_POST) { PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; X509_free(ri->cert); } @@ -182,7 +189,8 @@ static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), + ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, + PKCS7_ISSUER_AND_SERIAL), ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) @@ -231,17 +239,18 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) * encoding. */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, + X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) -/* When verifying attributes we need to use the received order. So +/* When verifying attributes we need to use the received order. So * we use SEQUENCE OF and tag it to SET OF */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | + ASN1_TFLG_UNIVERSAL, V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) diff --git a/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/lib/libssl/src/crypto/pkcs7/pk7_attr.c index f4c2fadac9b..2f4d5089f5b 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_attr.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_attr.c,v 1.8 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_attr.c,v 1.9 2014/06/29 17:05:36 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,21 +66,24 @@ #include <openssl/x509.h> #include <openssl/err.h> -int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) +int +PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) { ASN1_STRING *seq; - if(!(seq = ASN1_STRING_new())) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + if (!(seq = ASN1_STRING_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, + ERR_R_MALLOC_FAILURE); return 0; } - seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data, - ASN1_ITEM_rptr(X509_ALGORS)); - return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, seq); + seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, + ASN1_ITEM_rptr(X509_ALGORS)); + return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq); } -STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) - { +STACK_OF(X509_ALGOR) * +PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) +{ ASN1_TYPE *cap; const unsigned char *p; @@ -89,33 +92,37 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) return NULL; p = cap->value.sequence->data; return (STACK_OF(X509_ALGOR) *) - ASN1_item_d2i(NULL, &p, cap->value.sequence->length, - ASN1_ITEM_rptr(X509_ALGORS)); - } + ASN1_item_d2i(NULL, &p, cap->value.sequence->length, + ASN1_ITEM_rptr(X509_ALGORS)); +} /* Basic smime-capabilities OID and optional integer arg */ -int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) +int +PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) { X509_ALGOR *alg; - if(!(alg = X509_ALGOR_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + if (!(alg = X509_ALGOR_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); return 0; } ASN1_OBJECT_free(alg->algorithm); alg->algorithm = OBJ_nid2obj (nid); if (arg > 0) { ASN1_INTEGER *nbit; - if(!(alg->parameter = ASN1_TYPE_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + if (!(alg->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, + ERR_R_MALLOC_FAILURE); return 0; } - if(!(nbit = ASN1_INTEGER_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + if (!(nbit = ASN1_INTEGER_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, + ERR_R_MALLOC_FAILURE); return 0; } - if(!ASN1_INTEGER_set (nbit, arg)) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + if (!ASN1_INTEGER_set (nbit, arg)) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, + ERR_R_MALLOC_FAILURE); return 0; } alg->parameter->value.integer = nbit; @@ -125,41 +132,43 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) return 1; } -int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) - { +int +PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) +{ if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) return 0; if (!coid) coid = OBJ_nid2obj(NID_pkcs7_data); return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, coid); - } + V_ASN1_OBJECT, coid); +} -int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) - { - if (!t && !(t=X509_gmtime_adj(NULL,0))) - { +int +PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) +{ + if (!t && !(t = X509_gmtime_adj(NULL, 0))) { PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); return 0; - } - return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, - V_ASN1_UTCTIME, t); } + return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, + V_ASN1_UTCTIME, t); +} -int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - const unsigned char *md, int mdlen) - { +int +PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, const unsigned char *md, + int mdlen) +{ ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); if (!os) return 0; - if (!ASN1_STRING_set(os, md, mdlen) - || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, os)) - { + if (!ASN1_STRING_set(os, md, mdlen) || + !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, os)) { ASN1_OCTET_STRING_free(os); return 0; - } - return 1; } + return 1; +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_dgst.c b/lib/libssl/src/crypto/pkcs7/pk7_dgst.c index 13578443bcc..225dc2fd974 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_dgst.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_dgst.c @@ -1,25 +1,25 @@ -/* $OpenBSD: pk7_dgst.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_dgst.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence diff --git a/lib/libssl/src/crypto/pkcs7/pk7_doit.c b/lib/libssl/src/crypto/pkcs7/pk7_doit.c index 5d85f6e1242..46f9c2b8c6c 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_doit.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_doit.c @@ -1,25 +1,25 @@ -/* $OpenBSD: pk7_doit.c,v 1.22 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.23 2014/06/29 17:05:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -65,82 +65,82 @@ #include <openssl/err.h> static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value); + void *value); static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); -static int PKCS7_type_is_other(PKCS7* p7) - { - int isOther=1; - - int nid=OBJ_obj2nid(p7->type); +static int +PKCS7_type_is_other(PKCS7* p7) +{ + int isOther = 1; + + int nid = OBJ_obj2nid(p7->type); - switch( nid ) - { + switch (nid ) { case NID_pkcs7_data: case NID_pkcs7_signed: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: case NID_pkcs7_digest: case NID_pkcs7_encrypted: - isOther=0; + isOther = 0; break; default: - isOther=1; - } + isOther = 1; + } return isOther; - } +} -static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) - { - if ( PKCS7_type_is_data(p7)) +static ASN1_OCTET_STRING * +PKCS7_get_octet_string(PKCS7 *p7) +{ + if (PKCS7_type_is_data(p7)) return p7->d.data; - if ( PKCS7_type_is_other(p7) && p7->d.other - && (p7->d.other->type == V_ASN1_OCTET_STRING)) + if (PKCS7_type_is_other(p7) && p7->d.other && + (p7->d.other->type == V_ASN1_OCTET_STRING)) return p7->d.other->value.octet_string; return NULL; - } +} -static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) - { +static int +PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) +{ BIO *btmp; const EVP_MD *md; - if ((btmp=BIO_new(BIO_f_md())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + if ((btmp = BIO_new(BIO_f_md())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); goto err; - } + } - md=EVP_get_digestbyobj(alg->algorithm); - if (md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); + md = EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, + PKCS7_R_UNKNOWN_DIGEST_TYPE); goto err; - } + } - BIO_set_md(btmp,md); + BIO_set_md(btmp, md); if (*pbio == NULL) - *pbio=btmp; - else if (!BIO_push(*pbio,btmp)) - { - PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + *pbio = btmp; + else if (!BIO_push(*pbio, btmp)) { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); goto err; - } - btmp=NULL; + } + btmp = NULL; return 1; - err: +err: if (btmp) BIO_free(btmp); return 0; - } +} -static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, - unsigned char *key, int keylen) - { +static int +pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen) +{ EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; unsigned char *ek = NULL; @@ -148,7 +148,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, size_t eklen; pkey = X509_get_pubkey(ri->cert); - if (!pkey) return 0; @@ -160,22 +159,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) - { + EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) { PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); goto err; - } + } if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) goto err; ek = malloc(eklen); - if (ek == NULL) - { + if (ek == NULL) { PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); goto err; - } + } if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) goto err; @@ -185,20 +182,20 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, ret = 1; - err: +err: if (pkey) EVP_PKEY_free(pkey); if (pctx) EVP_PKEY_CTX_free(pctx); free(ek); return ret; - - } +} -static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, - PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) - { +static int +pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, + EVP_PKEY *pkey) +{ EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; size_t eklen; @@ -213,95 +210,88 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) - { + EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) { PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); goto err; - } + } if (EVP_PKEY_decrypt(pctx, NULL, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) + ri->enc_key->data, ri->enc_key->length) <= 0) goto err; ek = malloc(eklen); - - if (ek == NULL) - { + if (ek == NULL) { PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); goto err; - } + } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ri->enc_key->data, ri->enc_key->length) <= 0) - { + ri->enc_key->data, ri->enc_key->length) <= 0) { ret = 0; PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); goto err; - } + } ret = 1; - if (*pek) - { + if (*pek) { OPENSSL_cleanse(*pek, *peklen); free(*pek); - } + } *pek = ek; *peklen = eklen; - err: +err: if (pctx) EVP_PKEY_CTX_free(pctx); if (!ret && ek) free(ek); return ret; - } +} -BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) - { +BIO * +PKCS7_dataInit(PKCS7 *p7, BIO *bio) +{ int i; - BIO *out=NULL,*btmp=NULL; + BIO *out = NULL, *btmp = NULL; X509_ALGOR *xa = NULL; - const EVP_CIPHER *evp_cipher=NULL; - STACK_OF(X509_ALGOR) *md_sk=NULL; - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; - PKCS7_RECIP_INFO *ri=NULL; - ASN1_OCTET_STRING *os=NULL; - - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - - switch (i) - { + const EVP_CIPHER *evp_cipher = NULL; + STACK_OF(X509_ALGOR) *md_sk = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + X509_ALGOR *xalg = NULL; + PKCS7_RECIP_INFO *ri = NULL; + ASN1_OCTET_STRING *os = NULL; + + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + + switch (i) { case NID_pkcs7_signed: - md_sk=p7->d.sign->md_algs; + md_sk = p7->d.sign->md_algs; os = PKCS7_get_octet_string(p7->d.sign->contents); break; case NID_pkcs7_signedAndEnveloped: - rsk=p7->d.signed_and_enveloped->recipientinfo; - md_sk=p7->d.signed_and_enveloped->md_algs; - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; - if (evp_cipher == NULL) - { + rsk = p7->d.signed_and_enveloped->recipientinfo; + md_sk = p7->d.signed_and_enveloped->md_algs; + xalg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; + if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT, - PKCS7_R_CIPHER_NOT_INITIALIZED); + PKCS7_R_CIPHER_NOT_INITIALIZED); goto err; - } + } break; case NID_pkcs7_enveloped: - rsk=p7->d.enveloped->recipientinfo; - xalg=p7->d.enveloped->enc_data->algorithm; - evp_cipher=p7->d.enveloped->enc_data->cipher; - if (evp_cipher == NULL) - { + rsk = p7->d.enveloped->recipientinfo; + xalg = p7->d.enveloped->enc_data->algorithm; + evp_cipher = p7->d.enveloped->enc_data->cipher; + if (evp_cipher == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT, - PKCS7_R_CIPHER_NOT_INITIALIZED); + PKCS7_R_CIPHER_NOT_INITIALIZED); goto err; - } + } break; case NID_pkcs7_digest: xa = p7->d.digest->md; @@ -310,37 +300,37 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) case NID_pkcs7_data: break; default: - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } + PKCS7err(PKCS7_F_PKCS7_DATAINIT, + PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) goto err; if (xa && !PKCS7_bio_add_digest(&out, xa)) - goto err; + goto err; - if (evp_cipher != NULL) - { + if (evp_cipher != NULL) { unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; - int keylen,ivlen; + int keylen, ivlen; EVP_CIPHER_CTX *ctx; - if ((btmp=BIO_new(BIO_f_cipher())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); + if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB); goto err; - } + } BIO_get_cipher_ctx(btmp, &ctx); - keylen=EVP_CIPHER_key_length(evp_cipher); - ivlen=EVP_CIPHER_iv_length(evp_cipher); + keylen = EVP_CIPHER_key_length(evp_cipher); + ivlen = EVP_CIPHER_iv_length(evp_cipher); xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); if (ivlen > 0) - if (RAND_pseudo_bytes(iv,ivlen) <= 0) + if (RAND_pseudo_bytes(iv, ivlen) <= 0) goto err; - if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) + if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, + NULL, 1) <= 0) goto err; if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) goto err; @@ -353,167 +343,162 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) if (xalg->parameter == NULL) goto err; } - if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) goto err; } /* Lets do the pub key stuff :-) */ - for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) - { - ri=sk_PKCS7_RECIP_INFO_value(rsk,i); + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) goto err; - } + } OPENSSL_cleanse(key, keylen); if (out == NULL) - out=btmp; + out = btmp; else - BIO_push(out,btmp); - btmp=NULL; - } + BIO_push(out, btmp); + btmp = NULL; + } - if (bio == NULL) - { + if (bio == NULL) { if (PKCS7_is_detached(p7)) - bio=BIO_new(BIO_s_null()); + bio = BIO_new(BIO_s_null()); else if (os && os->length > 0) bio = BIO_new_mem_buf(os->data, os->length); - if(bio == NULL) - { - bio=BIO_new(BIO_s_mem()); + if (bio == NULL) { + bio = BIO_new(BIO_s_mem()); if (bio == NULL) goto err; - BIO_set_mem_eof_return(bio,0); - } + BIO_set_mem_eof_return(bio, 0); } + } if (out) - BIO_push(out,bio); + BIO_push(out, bio); else out = bio; - bio=NULL; - if (0) - { + bio = NULL; + if (0) { err: if (out != NULL) BIO_free_all(out); if (btmp != NULL) BIO_free_all(btmp); - out=NULL; - } - return(out); + out = NULL; } + return (out); +} -static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) - { +static int +pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) +{ int ret; + ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, - pcert->cert_info->issuer); + pcert->cert_info->issuer); if (ret) return ret; return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, - ri->issuer_and_serial->serial); - } + ri->issuer_and_serial->serial); +} /* int */ -BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - { - int i,j; - BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; +BIO * +PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) +{ + int i, j; + BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; X509_ALGOR *xa; - ASN1_OCTET_STRING *data_body=NULL; + ASN1_OCTET_STRING *data_body = NULL; const EVP_MD *evp_md; - const EVP_CIPHER *evp_cipher=NULL; - EVP_CIPHER_CTX *evp_ctx=NULL; - X509_ALGOR *enc_alg=NULL; - STACK_OF(X509_ALGOR) *md_sk=NULL; - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - PKCS7_RECIP_INFO *ri=NULL; - unsigned char *ek = NULL, *tkey = NULL; - int eklen = 0, tkeylen = 0; - - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - - switch (i) - { + const EVP_CIPHER *evp_cipher = NULL; + EVP_CIPHER_CTX *evp_ctx = NULL; + X509_ALGOR *enc_alg = NULL; + STACK_OF(X509_ALGOR) *md_sk = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + PKCS7_RECIP_INFO *ri = NULL; + unsigned char *ek = NULL, *tkey = NULL; + int eklen = 0, tkeylen = 0; + + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + + switch (i) { case NID_pkcs7_signed: - data_body=PKCS7_get_octet_string(p7->d.sign->contents); - md_sk=p7->d.sign->md_algs; + data_body = PKCS7_get_octet_string(p7->d.sign->contents); + md_sk = p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: - rsk=p7->d.signed_and_enveloped->recipientinfo; - md_sk=p7->d.signed_and_enveloped->md_algs; - data_body=p7->d.signed_and_enveloped->enc_data->enc_data; - enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + rsk = p7->d.signed_and_enveloped->recipientinfo; + md_sk = p7->d.signed_and_enveloped->md_algs; + data_body = p7->d.signed_and_enveloped->enc_data->enc_data; + enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); + if (evp_cipher == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; - } + } break; case NID_pkcs7_enveloped: - rsk=p7->d.enveloped->recipientinfo; - enc_alg=p7->d.enveloped->enc_data->algorithm; - data_body=p7->d.enveloped->enc_data->enc_data; - evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + rsk = p7->d.enveloped->recipientinfo; + enc_alg = p7->d.enveloped->enc_data->algorithm; + data_body = p7->d.enveloped->enc_data->enc_data; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); + if (evp_cipher == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; - } + } break; default: - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } /* We will be checking the signature */ - if (md_sk != NULL) - { - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) - { - xa=sk_X509_ALGOR_value(md_sk,i); - if ((btmp=BIO_new(BIO_f_md())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); + if (md_sk != NULL) { + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { + xa = sk_X509_ALGOR_value(md_sk, i); + if ((btmp = BIO_new(BIO_f_md())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + ERR_R_BIO_LIB); goto err; - } + } - j=OBJ_obj2nid(xa->algorithm); - evp_md=EVP_get_digestbynid(j); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); + j = OBJ_obj2nid(xa->algorithm); + evp_md = EVP_get_digestbynid(j); + if (evp_md == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_UNKNOWN_DIGEST_TYPE); goto err; - } + } - BIO_set_md(btmp,evp_md); + BIO_set_md(btmp, evp_md); if (out == NULL) - out=btmp; + out = btmp; else - BIO_push(out,btmp); - btmp=NULL; - } + BIO_push(out, btmp); + btmp = NULL; } + } - if (evp_cipher != NULL) - { + if (evp_cipher != NULL) { #if 0 unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char *p; - int keylen,ivlen; + int keylen, ivlen; int max; X509_OBJECT ret; #endif - if ((etmp=BIO_new(BIO_f_cipher())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); + if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); goto err; - } + } /* It was encrypted, we need to decrypt the secret key * with the private key */ @@ -521,54 +506,47 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) /* Find the recipientInfo which matches the passed certificate * (if any) */ - - if (pcert) - { - for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) - { - ri=sk_PKCS7_RECIP_INFO_value(rsk,i); + if (pcert) { + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); if (!pkcs7_cmp_ri(ri, pcert)) break; - ri=NULL; - } - if (ri == NULL) - { + ri = NULL; + } + if (ri == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, - PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); + PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); goto err; - } } + } /* If we haven't got a certificate try each ri in turn */ - if (pcert == NULL) - { + if (pcert == NULL) { /* Always attempt to decrypt all rinfo even * after sucess as a defence against MMA timing * attacks. */ - for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) - { - ri=sk_PKCS7_RECIP_INFO_value(rsk,i); - + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); + if (pkcs7_decrypt_rinfo(&ek, &eklen, - ri, pkey) < 0) + ri, pkey) < 0) goto err; ERR_clear_error(); - } } - else - { + } else { /* Only exit on fatal errors, not decrypt failure */ if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) goto err; ERR_clear_error(); - } + } - evp_ctx=NULL; - BIO_get_cipher_ctx(etmp,&evp_ctx); - if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) + evp_ctx = NULL; + BIO_get_cipher_ctx(etmp, &evp_ctx); + if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, + NULL, 0) <= 0) goto err; - if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) + if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) goto err; /* Generate random key as MMA defence */ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); @@ -577,257 +555,245 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) goto err; - if (ek == NULL) - { + if (ek == NULL) { ek = tkey; eklen = tkeylen; tkey = NULL; - } + } if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { /* Some S/MIME clients don't use the same key * and effective key length. The key length is * determined by the size of the decrypted RSA key. */ - if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) - { + if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { /* Use random key as MMA defence */ OPENSSL_cleanse(ek, eklen); free(ek); ek = tkey; eklen = tkeylen; tkey = NULL; - } - } + } + } /* Clear errors so we don't leak information useful in MMA */ ERR_clear_error(); - if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) + if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) goto err; - if (ek) - { - OPENSSL_cleanse(ek,eklen); + if (ek) { + OPENSSL_cleanse(ek, eklen); free(ek); - ek = NULL; - } - if (tkey) - { - OPENSSL_cleanse(tkey,tkeylen); + ek = NULL; + } + if (tkey) { + OPENSSL_cleanse(tkey, tkeylen); free(tkey); - tkey = NULL; - } + tkey = NULL; + } if (out == NULL) - out=etmp; + out = etmp; else - BIO_push(out,etmp); - etmp=NULL; - } + BIO_push(out, etmp); + etmp = NULL; + } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) - { - bio=in_bio; - } - else - { + if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + bio = in_bio; + } else { #if 0 - bio=BIO_new(BIO_s_mem()); + bio = BIO_new(BIO_s_mem()); /* We need to set this so that when we have read all * the data, the encrypt BIO, if present, will read * EOF and encode the last few bytes */ - BIO_set_mem_eof_return(bio,0); + BIO_set_mem_eof_return(bio, 0); if (data_body != NULL && data_body->length > 0) - BIO_write(bio,(char *)data_body->data,data_body->length); + BIO_write(bio, (char *)data_body->data, data_body->length); #else if (data_body != NULL && data_body->length > 0) - bio = BIO_new_mem_buf(data_body->data,data_body->length); + bio = BIO_new_mem_buf(data_body->data, data_body->length); else { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); + bio = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio, 0); } if (bio == NULL) goto err; #endif - } - BIO_push(out,bio); - bio=NULL; + } + BIO_push(out, bio); + bio = NULL; #endif - if (0) - { + if (0) { err: - if (ek) - { - OPENSSL_cleanse(ek,eklen); - free(ek); - } - if (tkey) - { - OPENSSL_cleanse(tkey,tkeylen); - free(tkey); - } - if (out != NULL) BIO_free_all(out); - if (btmp != NULL) BIO_free_all(btmp); - if (etmp != NULL) BIO_free_all(etmp); - if (bio != NULL) BIO_free_all(bio); - out=NULL; + if (ek) { + OPENSSL_cleanse(ek, eklen); + free(ek); + } + if (tkey) { + OPENSSL_cleanse(tkey, tkeylen); + free(tkey); } - return(out); + if (out != NULL) + BIO_free_all(out); + if (btmp != NULL) + BIO_free_all(btmp); + if (etmp != NULL) + BIO_free_all(etmp); + if (bio != NULL) + BIO_free_all(bio); + out = NULL; } + return (out); +} -static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) - { - for (;;) - { - bio=BIO_find_type(bio,BIO_TYPE_MD); - if (bio == NULL) - { - PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - return NULL; - } - BIO_get_md_ctx(bio,pmd); - if (*pmd == NULL) - { - PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); +static BIO * +PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) +{ + for (;;) { + bio = BIO_find_type(bio, BIO_TYPE_MD); + if (bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, + PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); return NULL; - } + } + BIO_get_md_ctx(bio, pmd); + if (*pmd == NULL) { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, + ERR_R_INTERNAL_ERROR); + return NULL; + } if (EVP_MD_CTX_type(*pmd) == nid) return bio; - bio=BIO_next(bio); - } - return NULL; + bio = BIO_next(bio); } + return NULL; +} -static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) - { +static int +do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) +{ unsigned char md_data[EVP_MAX_MD_SIZE]; unsigned int md_len; /* Add signing time if not already present */ - if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) - { - if (!PKCS7_add0_attrib_signing_time(si, NULL)) - { + if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { + if (!PKCS7_add0_attrib_signing_time(si, NULL)) { PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); return 0; - } } + } /* Add digest */ - if (!EVP_DigestFinal_ex(mctx, md_data,&md_len)) - { + if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) { PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); return 0; - } - if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) - { + } + if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); return 0; - } + } /* Now sign the attributes */ if (!PKCS7_SIGNER_INFO_sign(si)) - return 0; + return 0; return 1; - } - - -int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - { - int ret=0; - int i,j; +} + + +int +PKCS7_dataFinal(PKCS7 *p7, BIO *bio) +{ + int ret = 0; + int i, j; BIO *btmp; PKCS7_SIGNER_INFO *si; - EVP_MD_CTX *mdc,ctx_tmp; + EVP_MD_CTX *mdc, ctx_tmp; STACK_OF(X509_ATTRIBUTE) *sk; - STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; - ASN1_OCTET_STRING *os=NULL; + STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; + ASN1_OCTET_STRING *os = NULL; EVP_MD_CTX_init(&ctx_tmp); - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; - switch (i) - { + switch (i) { case NID_pkcs7_data: os = p7->d.data; break; case NID_pkcs7_signedAndEnveloped: /* XXX */ - si_sk=p7->d.signed_and_enveloped->signer_info; + si_sk = p7->d.signed_and_enveloped->signer_info; os = p7->d.signed_and_enveloped->enc_data->enc_data; - if (!os) - { - os=M_ASN1_OCTET_STRING_new(); - if (!os) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + if (!os) { + os = M_ASN1_OCTET_STRING_new(); + if (!os) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); goto err; - } - p7->d.signed_and_enveloped->enc_data->enc_data=os; } + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } break; case NID_pkcs7_enveloped: /* XXX */ os = p7->d.enveloped->enc_data->enc_data; - if (!os) - { - os=M_ASN1_OCTET_STRING_new(); - if (!os) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + if (!os) { + os = M_ASN1_OCTET_STRING_new(); + if (!os) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); goto err; - } - p7->d.enveloped->enc_data->enc_data=os; } + p7->d.enveloped->enc_data->enc_data = os; + } break; case NID_pkcs7_signed: - si_sk=p7->d.sign->signer_info; - os=PKCS7_get_octet_string(p7->d.sign->contents); + si_sk = p7->d.sign->signer_info; + os = PKCS7_get_octet_string(p7->d.sign->contents); if (os == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); - goto err; + goto err; } /* If detached data then the content is excluded */ - if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { + if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); p7->d.sign->contents->d.data = NULL; } break; case NID_pkcs7_digest: - os=PKCS7_get_octet_string(p7->d.digest->contents); + os = PKCS7_get_octet_string(p7->d.digest->contents); if (os == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_DECODE_ERROR); - goto err; + goto err; } /* If detached data then the content is excluded */ - if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) - { + if (PKCS7_type_is_data(p7->d.digest->contents) && + p7->detached) { M_ASN1_OCTET_STRING_free(os); p7->d.digest->contents->d.data = NULL; - } + } break; default: - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } - if (si_sk != NULL) - { - for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) - { - si=sk_PKCS7_SIGNER_INFO_value(si_sk,i); + if (si_sk != NULL) { + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { + si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); if (si->pkey == NULL) continue; j = OBJ_obj2nid(si->digest_alg->algorithm); - btmp=bio; + btmp = bio; btmp = PKCS7_find_digest(&mdc, btmp, j); @@ -836,20 +802,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* We now have the EVP_MD_CTX, lets do the * signing. */ - if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc)) + if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) goto err; - sk=si->auth_attr; + sk = si->auth_attr; /* If there are attributes, we add the digest * attribute and only sign the attributes */ - if (sk_X509_ATTRIBUTE_num(sk) > 0) - { + if (sk_X509_ATTRIBUTE_num(sk) > 0) { if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) goto err; - } - else - { + } else { unsigned char *abuf = NULL; unsigned int abuflen; abuflen = EVP_PKEY_size(si->pkey); @@ -858,38 +821,34 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) goto err; if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, - si->pkey)) - { + si->pkey)) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, - ERR_R_EVP_LIB); + ERR_R_EVP_LIB); goto err; - } - ASN1_STRING_set0(si->enc_digest, abuf, abuflen); } + ASN1_STRING_set0(si->enc_digest, abuf, abuflen); } } - else if (i == NID_pkcs7_digest) - { + } else if (i == NID_pkcs7_digest) { unsigned char md_data[EVP_MAX_MD_SIZE]; unsigned int md_len; if (!PKCS7_find_digest(&mdc, bio, - OBJ_obj2nid(p7->d.digest->md->algorithm))) + OBJ_obj2nid(p7->d.digest->md->algorithm))) goto err; - if (!EVP_DigestFinal_ex(mdc,md_data,&md_len)) + if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) goto err; M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); - } + } - if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) - { + if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { char *cont; long contlen; - btmp=BIO_find_type(bio,BIO_TYPE_MEM); - if (btmp == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + btmp = BIO_find_type(bio, BIO_TYPE_MEM); + if (btmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + PKCS7_R_UNABLE_TO_FIND_MEM_BIO); goto err; - } + } contlen = BIO_get_mem_data(btmp, &cont); /* Mark the BIO read only then we can use its copy of the data * instead of making an extra copy. @@ -897,15 +856,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); BIO_set_mem_eof_return(btmp, 0); ASN1_STRING_set0(os, (unsigned char *)cont, contlen); - } - ret=1; + } + ret = 1; err: EVP_MD_CTX_cleanup(&ctx_tmp); - return(ret); - } + return (ret); +} -int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) - { +int +PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) +{ EVP_MD_CTX mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; @@ -918,38 +878,36 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) return 0; EVP_MD_CTX_init(&mctx); - if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) + if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) - { + EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); goto err; - } + } - alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); - if(!abuf) + alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, + ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); + if (!abuf) goto err; - if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) + if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) goto err; free(abuf); abuf = NULL; if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) goto err; abuf = malloc(siglen); - if(!abuf) + if (!abuf) goto err; if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) - { + EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); goto err; - } + } EVP_MD_CTX_cleanup(&mctx); @@ -957,73 +915,66 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) return 1; - err: +err: free(abuf); EVP_MD_CTX_cleanup(&mctx); return 0; +} - } - -int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, - PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { +int +PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, + PKCS7 *p7, PKCS7_SIGNER_INFO *si) +{ PKCS7_ISSUER_AND_SERIAL *ias; - int ret=0,i; + int ret = 0, i; STACK_OF(X509) *cert; X509 *x509; - if (PKCS7_type_is_signed(p7)) - { - cert=p7->d.sign->cert; - } - else if (PKCS7_type_is_signedAndEnveloped(p7)) - { - cert=p7->d.signed_and_enveloped->cert; - } - else - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); + if (PKCS7_type_is_signed(p7)) { + cert = p7->d.sign->cert; + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + cert = p7->d.signed_and_enveloped->cert; + } else { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); goto err; - } + } /* XXXX */ - ias=si->issuer_and_serial; + ias = si->issuer_and_serial; - x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); + x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial); /* were we able to find the cert in passed to us */ - if (x509 == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); + if (x509 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, + PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); goto err; - } + } /* Lets verify */ - if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); + if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); goto err; - } + } X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); - i=X509_verify_cert(ctx); - if (i <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); + i = X509_verify_cert(ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); X509_STORE_CTX_cleanup(ctx); goto err; - } + } X509_STORE_CTX_cleanup(ctx); return PKCS7_signatureVerify(bio, p7, si, x509); - err: +err: return ret; - } +} -int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509) - { +int +PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) +{ ASN1_OCTET_STRING *os; - EVP_MD_CTX mdc_tmp,*mdc; - int ret=0,i; + EVP_MD_CTX mdc_tmp, *mdc; + int ret = 0, i; int md_type; STACK_OF(X509_ATTRIBUTE) *sk; BIO *btmp; @@ -1031,32 +982,29 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, EVP_MD_CTX_init(&mdc_tmp); - if (!PKCS7_type_is_signed(p7) && - !PKCS7_type_is_signedAndEnveloped(p7)) { + if (!PKCS7_type_is_signed(p7) && + !PKCS7_type_is_signedAndEnveloped(p7)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_WRONG_PKCS7_TYPE); + PKCS7_R_WRONG_PKCS7_TYPE); goto err; } - md_type=OBJ_obj2nid(si->digest_alg->algorithm); + md_type = OBJ_obj2nid(si->digest_alg->algorithm); - btmp=bio; - for (;;) - { + btmp = bio; + for (;;) { if ((btmp == NULL) || - ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) - { + ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { + } + BIO_get_md_ctx(btmp, &mdc); + if (mdc == NULL) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - ERR_R_INTERNAL_ERROR); + ERR_R_INTERNAL_ERROR); goto err; - } + } if (EVP_MD_CTX_type(mdc) == md_type) break; /* Workaround for some broken clients that put the signature @@ -1064,243 +1012,239 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, */ if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) break; - btmp=BIO_next(btmp); - } + btmp = BIO_next(btmp); + } /* mdc is the digest ctx that we want, unless there are attributes, * in which case the digest is the signed attributes */ - if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc)) + if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) goto err; - sk=si->auth_attr; - if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) - { + sk = si->auth_attr; + if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; - unsigned int md_len; + unsigned int md_len; int alen; ASN1_OCTET_STRING *message_digest; - if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len)) + if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) goto err; - message_digest=PKCS7_digest_from_attributes(sk); - if (!message_digest) - { + message_digest = PKCS7_digest_from_attributes(sk); + if (!message_digest) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; - } + } if ((message_digest->length != (int)md_len) || - (memcmp(message_digest->data,md_dat,md_len))) - { + (memcmp(message_digest->data, md_dat, md_len))) { #if 0 -{ -int ii; -for (ii=0; ii<message_digest->length; ii++) - printf("%02X",message_digest->data[ii]); printf(" sent\n"); -for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); -} + { + int ii; + for (ii = 0; ii < message_digest->length; ii++) + printf("%02X",message_digest->data[ii]); printf(" sent\n"); + for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); + } #endif PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_DIGEST_FAILURE); - ret= -1; + PKCS7_R_DIGEST_FAILURE); + ret = -1; goto err; - } + } - if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL)) + if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), + NULL)) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); - if (alen <= 0) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB); + ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); + if (alen <= 0) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB); ret = -1; goto err; - } + } if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) goto err; free(abuf); - } + } - os=si->enc_digest; + os = si->enc_digest; pkey = X509_get_pubkey(x509); - if (!pkey) - { + if (!pkey) { ret = -1; goto err; - } + } - i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); + i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); EVP_PKEY_free(pkey); - if (i <= 0) - { + if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_SIGNATURE_FAILURE); - ret= -1; + PKCS7_R_SIGNATURE_FAILURE); + ret = -1; goto err; - } - else - ret=1; + } else + ret = 1; err: EVP_MD_CTX_cleanup(&mdc_tmp); - return(ret); - } + return (ret); +} -PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) - { +PKCS7_ISSUER_AND_SERIAL * +PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) +{ STACK_OF(PKCS7_RECIP_INFO) *rsk; PKCS7_RECIP_INFO *ri; int i; - i=OBJ_obj2nid(p7->type); + i = OBJ_obj2nid(p7->type); if (i != NID_pkcs7_signedAndEnveloped) return NULL; if (p7->d.signed_and_enveloped == NULL) return NULL; - rsk=p7->d.signed_and_enveloped->recipientinfo; + rsk = p7->d.signed_and_enveloped->recipientinfo; if (rsk == NULL) return NULL; - ri=sk_PKCS7_RECIP_INFO_value(rsk,0); - if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); - ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); - return(ri->issuer_and_serial); - } + ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); + if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) + return (NULL); + ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); + return (ri->issuer_and_serial); +} -ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) - { - return(get_attribute(si->auth_attr,nid)); - } +ASN1_TYPE * +PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return (get_attribute(si->auth_attr, nid)); +} -ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) - { - return(get_attribute(si->unauth_attr,nid)); - } +ASN1_TYPE * +PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return (get_attribute(si->unauth_attr, nid)); +} -static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) - { +static ASN1_TYPE * +get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) +{ int i; X509_ATTRIBUTE *xa; ASN1_OBJECT *o; - o=OBJ_nid2obj(nid); - if (!o || !sk) return(NULL); - for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) - { - xa=sk_X509_ATTRIBUTE_value(sk,i); - if (OBJ_cmp(xa->object,o) == 0) - { + o = OBJ_nid2obj(nid); + if (!o || !sk) + return (NULL); + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + xa = sk_X509_ATTRIBUTE_value(sk, i); + if (OBJ_cmp(xa->object, o) == 0) { if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) - return(sk_ASN1_TYPE_value(xa->value.set,0)); + return (sk_ASN1_TYPE_value(xa->value.set, 0)); else - return(NULL); - } + return (NULL); } - return(NULL); } + return (NULL); +} -ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) +ASN1_OCTET_STRING * +PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) { ASN1_TYPE *astype; - if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; + + if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) + return NULL; return astype->value.octet_string; } -int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk) - { +int +PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk) +{ int i; if (p7si->auth_attr != NULL) - sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); - p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); + sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, + X509_ATTRIBUTE_free); + p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); if (p7si->auth_attr == NULL) return 0; - for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) - { - if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return(0); - } - return(1); + return (0); } + return (1); +} -int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) - { +int +PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) +{ int i; if (p7si->unauth_attr != NULL) sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, - X509_ATTRIBUTE_free); - p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); + X509_ATTRIBUTE_free); + p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); if (p7si->unauth_attr == NULL) return 0; - for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) - { - if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return(0); - } - return(1); + return (0); } + return (1); +} -int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) - { - return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); - } +int +PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value) +{ + return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); +} -int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) - { - return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); - } +int +PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) +{ + return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); +} -static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value) - { - X509_ATTRIBUTE *attr=NULL; +static int +add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value) +{ + X509_ATTRIBUTE *attr = NULL; - if (*sk == NULL) - { + if (*sk == NULL) { *sk = sk_X509_ATTRIBUTE_new_null(); if (*sk == NULL) - return 0; + return 0; new_attrib: - if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) + if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) return 0; - if (!sk_X509_ATTRIBUTE_push(*sk,attr)) - { + if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { X509_ATTRIBUTE_free(attr); return 0; - } } - else - { + } else { int i; - for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) - { - attr=sk_X509_ATTRIBUTE_value(*sk,i); - if (OBJ_obj2nid(attr->object) == nid) - { + for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { + attr = sk_X509_ATTRIBUTE_value(*sk, i); + if (OBJ_obj2nid(attr->object) == nid) { X509_ATTRIBUTE_free(attr); - attr=X509_ATTRIBUTE_create(nid,atrtype,value); + attr = X509_ATTRIBUTE_create(nid, atrtype, + value); if (attr == NULL) return 0; - if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) - { + if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { X509_ATTRIBUTE_free(attr); return 0; - } - goto end; } + goto end; } - goto new_attrib; } -end: - return(1); + goto new_attrib; } - +end: + return (1); +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_enc.c b/lib/libssl/src/crypto/pkcs7/pk7_enc.c index cc63ef75f7e..fac9e5c8b1b 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_enc.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_enc.c @@ -1,25 +1,25 @@ -/* $OpenBSD: pk7_enc.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_enc.c,v 1.4 2014/06/29 17:05:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -64,13 +64,12 @@ #include <openssl/x509.h> #include <openssl/pkcs7.h> -PKCS7_in_bio(PKCS7 *p7,BIO *in); -PKCS7_out_bio(PKCS7 *p7,BIO *out); +PKCS7_in_bio(PKCS7 *p7, BIO *in); +PKCS7_out_bio(PKCS7 *p7, BIO *out); -PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key); -PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher); +PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key); +PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher); PKCS7_Init(PKCS7 *p7); PKCS7_Update(PKCS7 *p7); PKCS7_Finish(PKCS7 *p7); - diff --git a/lib/libssl/src/crypto/pkcs7/pk7_lib.c b/lib/libssl/src/crypto/pkcs7/pk7_lib.c index 5d7d0b18a01..9eed9fc74a8 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_lib.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_lib.c @@ -1,25 +1,25 @@ -/* $OpenBSD: pk7_lib.c,v 1.10 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_lib.c,v 1.11 2014/06/29 17:05:36 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -62,599 +62,597 @@ #include <openssl/x509.h> #include "asn1_locl.h" -long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) - { +long +PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) +{ int nid; long ret; - nid=OBJ_obj2nid(p7->type); + nid = OBJ_obj2nid(p7->type); - switch (cmd) - { + switch (cmd) { case PKCS7_OP_SET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { - ret=p7->detached=(int)larg; - if (ret && PKCS7_type_is_data(p7->d.sign->contents)) - { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.data; - ASN1_OCTET_STRING_free(os); - p7->d.sign->contents->d.data = NULL; - } - } - else - { - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); - ret=0; + if (nid == NID_pkcs7_signed) { + ret = p7->detached = (int)larg; + if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { + ASN1_OCTET_STRING *os; + os = p7->d.sign->contents->d.data; + ASN1_OCTET_STRING_free(os); + p7->d.sign->contents->d.data = NULL; } + } else { + PKCS7err(PKCS7_F_PKCS7_CTRL, + PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret = 0; + } break; case PKCS7_OP_GET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { - if(!p7->d.sign || !p7->d.sign->contents->d.ptr) + if (nid == NID_pkcs7_signed) { + if (!p7->d.sign || !p7->d.sign->contents->d.ptr) ret = 1; - else ret = 0; - + else + ret = 0; + p7->detached = ret; - } - else - { - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); - ret=0; - } - + } else { + PKCS7err(PKCS7_F_PKCS7_CTRL, + PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret = 0; + } + break; default: - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); - ret=0; - } - return(ret); + PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION); + ret = 0; } + return (ret); +} -int PKCS7_content_new(PKCS7 *p7, int type) - { - PKCS7 *ret=NULL; +int +PKCS7_content_new(PKCS7 *p7, int type) +{ + PKCS7 *ret = NULL; - if ((ret=PKCS7_new()) == NULL) goto err; - if (!PKCS7_set_type(ret,type)) goto err; - if (!PKCS7_set_content(p7,ret)) goto err; + if ((ret = PKCS7_new()) == NULL) + goto err; + if (!PKCS7_set_type(ret, type)) + goto err; + if (!PKCS7_set_content(p7, ret)) + goto err; - return(1); + return (1); err: - if (ret != NULL) PKCS7_free(ret); - return(0); - } - -int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) - { + if (ret != NULL) + PKCS7_free(ret); + return (0); +} + +int +PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) +{ int i; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: if (p7->d.sign->contents != NULL) PKCS7_free(p7->d.sign->contents); - p7->d.sign->contents=p7_data; + p7->d.sign->contents = p7_data; break; case NID_pkcs7_digest: if (p7->d.digest->contents != NULL) PKCS7_free(p7->d.digest->contents); - p7->d.digest->contents=p7_data; + p7->d.digest->contents = p7_data; break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: case NID_pkcs7_encrypted: default: - PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, + PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; - } - return(1); -err: - return(0); } + return (1); +err: + return (0); +} -int PKCS7_set_type(PKCS7 *p7, int type) - { +int +PKCS7_set_type(PKCS7 *p7, int type) +{ ASN1_OBJECT *obj; /*PKCS7_content_free(p7);*/ obj=OBJ_nid2obj(type); /* will not fail */ - switch (type) - { + switch (type) { case NID_pkcs7_signed: - p7->type=obj; - if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) + p7->type = obj; + if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL) goto err; - if (!ASN1_INTEGER_set(p7->d.sign->version,1)) - { + if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) { PKCS7_SIGNED_free(p7->d.sign); - p7->d.sign=NULL; + p7->d.sign = NULL; goto err; - } + } break; case NID_pkcs7_data: - p7->type=obj; - if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) + p7->type = obj; + if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL) goto err; break; case NID_pkcs7_signedAndEnveloped: - p7->type=obj; - if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) + p7->type = obj; + if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); - if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) + ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1); + if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) goto err; p7->d.signed_and_enveloped->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); + = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_enveloped: - p7->type=obj; - if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) + p7->type = obj; + if ((p7->d.enveloped = PKCS7_ENVELOPE_new()) == NULL) goto err; - if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) + if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) goto err; p7->d.enveloped->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); + = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_encrypted: - p7->type=obj; - if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) + p7->type = obj; + if ((p7->d.encrypted = PKCS7_ENCRYPT_new()) == NULL) goto err; - if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) + if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) goto err; p7->d.encrypted->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); + = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_digest: - p7->type=obj; - if ((p7->d.digest=PKCS7_DIGEST_new()) + p7->type = obj; + if ((p7->d.digest = PKCS7_DIGEST_new()) == NULL) goto err; - if (!ASN1_INTEGER_set(p7->d.digest->version,0)) + if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) goto err; break; default: - PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + PKCS7err(PKCS7_F_PKCS7_SET_TYPE, + PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; - } - return(1); -err: - return(0); } + return (1); +err: + return (0); +} -int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) - { +int +PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) +{ p7->type = OBJ_nid2obj(type); p7->d.other = other; return 1; - } +} -int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) - { - int i,j,nid; +int +PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) +{ + int i, j, nid; X509_ALGOR *alg; STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; STACK_OF(X509_ALGOR) *md_sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: - signer_sk= p7->d.sign->signer_info; - md_sk= p7->d.sign->md_algs; + signer_sk = p7->d.sign->signer_info; + md_sk = p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: - signer_sk= p7->d.signed_and_enveloped->signer_info; - md_sk= p7->d.signed_and_enveloped->md_algs; + signer_sk = p7->d.signed_and_enveloped->signer_info; + md_sk = p7->d.signed_and_enveloped->md_algs; break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } - nid=OBJ_obj2nid(psi->digest_alg->algorithm); + nid = OBJ_obj2nid(psi->digest_alg->algorithm); /* If the digest is not currently listed, add it */ - j=0; - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) - { - alg=sk_X509_ALGOR_value(md_sk,i); - if (OBJ_obj2nid(alg->algorithm) == nid) - { - j=1; + j = 0; + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { + alg = sk_X509_ALGOR_value(md_sk, i); + if (OBJ_obj2nid(alg->algorithm) == nid) { + j = 1; break; - } } + } if (!j) /* we need to add another algorithm */ - { - if(!(alg=X509_ALGOR_new()) - || !(alg->parameter = ASN1_TYPE_new())) - { + { + if (!(alg = X509_ALGOR_new()) || + !(alg->parameter = ASN1_TYPE_new())) { X509_ALGOR_free(alg); - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); - return(0); - } - alg->algorithm=OBJ_nid2obj(nid); + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, + ERR_R_MALLOC_FAILURE); + return (0); + } + alg->algorithm = OBJ_nid2obj(nid); alg->parameter->type = V_ASN1_NULL; - if (!sk_X509_ALGOR_push(md_sk,alg)) - { + if (!sk_X509_ALGOR_push(md_sk, alg)) { X509_ALGOR_free(alg); return 0; - } } + } - if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) + if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) return 0; - return(1); - } + return (1); +} -int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) - { +int +PKCS7_add_certificate(PKCS7 *p7, X509 *x509) +{ int i; STACK_OF(X509) **sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: - sk= &(p7->d.sign->cert); + sk = &(p7->d.sign->cert); break; case NID_pkcs7_signedAndEnveloped: - sk= &(p7->d.signed_and_enveloped->cert); + sk = &(p7->d.signed_and_enveloped->cert); break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, + PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } if (*sk == NULL) - *sk=sk_X509_new_null(); - if (*sk == NULL) - { + *sk = sk_X509_new_null(); + if (*sk == NULL) { PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); return 0; - } - CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - if (!sk_X509_push(*sk,x509)) - { + } + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + if (!sk_X509_push(*sk, x509)) { X509_free(x509); return 0; - } - return(1); } + return (1); +} -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) - { +int +PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) +{ int i; STACK_OF(X509_CRL) **sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: - sk= &(p7->d.sign->crl); + sk = &(p7->d.sign->crl); break; case NID_pkcs7_signedAndEnveloped: - sk= &(p7->d.signed_and_enveloped->crl); + sk = &(p7->d.signed_and_enveloped->crl); break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } if (*sk == NULL) - *sk=sk_X509_CRL_new_null(); - if (*sk == NULL) - { - PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE); + *sk = sk_X509_CRL_new_null(); + if (*sk == NULL) { + PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE); return 0; - } + } - CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); - if (!sk_X509_CRL_push(*sk,crl)) - { + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + if (!sk_X509_CRL_push(*sk, crl)) { X509_CRL_free(crl); return 0; - } - return(1); } + return (1); +} -int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) - { +int +PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst) +{ int ret; /* We now need to add another PKCS7_SIGNER_INFO entry */ - if (!ASN1_INTEGER_set(p7i->version,1)) + if (!ASN1_INTEGER_set(p7i->version, 1)) goto err; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509))) + X509_get_issuer_name(x509))) goto err; /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + if (!(p7i->issuer_and_serial->serial = + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) goto err; /* lets keep the pkey around for a while */ - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - p7i->pkey=pkey; + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + p7i->pkey = pkey; /* Set the algorithms */ X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), - V_ASN1_NULL, NULL); + V_ASN1_NULL, NULL); - if (pkey->ameth && pkey->ameth->pkey_ctrl) - { + if (pkey->ameth && pkey->ameth->pkey_ctrl) { ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, - 0, p7i); + 0, p7i); if (ret > 0) return 1; - if (ret != -2) - { + if (ret != -2) { PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, - PKCS7_R_SIGNING_CTRL_FAILURE); + PKCS7_R_SIGNING_CTRL_FAILURE); return 0; - } } + } PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET, - PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); err: return 0; - } +} -PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) - { +PKCS7_SIGNER_INFO * +PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) +{ PKCS7_SIGNER_INFO *si = NULL; - if (dgst == NULL) - { + if (dgst == NULL) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) goto err; dgst = EVP_get_digestbynid(def_nid); - if (dgst == NULL) - { + if (dgst == NULL) { PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, - PKCS7_R_NO_DEFAULT_DIGEST); + PKCS7_R_NO_DEFAULT_DIGEST); goto err; - } } + } - if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; - if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; - if (!PKCS7_add_signer(p7,si)) goto err; - return(si); + if ((si = PKCS7_SIGNER_INFO_new()) == NULL) + goto err; + if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) + goto err; + if (!PKCS7_add_signer(p7, si)) + goto err; + return (si); err: if (si) PKCS7_SIGNER_INFO_free(si); - return(NULL); - } - -int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) - { - if (PKCS7_type_is_digest(p7)) - { - if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) - { - PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return (NULL); +} + +int +PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) +{ + if (PKCS7_type_is_digest(p7)) { + if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, + ERR_R_MALLOC_FAILURE); return 0; - } + } p7->d.digest->md->parameter->type = V_ASN1_NULL; p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); return 1; - } - - PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); - return 1; } -STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) - { - if (PKCS7_type_is_signed(p7)) - { - return(p7->d.sign->signer_info); - } - else if (PKCS7_type_is_signedAndEnveloped(p7)) - { - return(p7->d.signed_and_enveloped->signer_info); - } - else - return(NULL); - } + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE); + return 1; +} -void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, - X509_ALGOR **pdig, X509_ALGOR **psig) - { +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) +{ + if (PKCS7_type_is_signed(p7)) { + return (p7->d.sign->signer_info); + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + return (p7->d.signed_and_enveloped->signer_info); + } else + return (NULL); +} + +void +PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig) +{ if (pk) *pk = si->pkey; if (pdig) *pdig = si->digest_alg; if (psig) *psig = si->digest_enc_alg; - } +} -void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) - { +void +PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) +{ if (penc) *penc = ri->key_enc_algor; - } +} -PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) - { +PKCS7_RECIP_INFO * +PKCS7_add_recipient(PKCS7 *p7, X509 *x509) +{ PKCS7_RECIP_INFO *ri; - if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; - if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; - if (!PKCS7_add_recipient_info(p7,ri)) goto err; + if ((ri = PKCS7_RECIP_INFO_new()) == NULL) + goto err; + if (!PKCS7_RECIP_INFO_set(ri, x509)) + goto err; + if (!PKCS7_add_recipient_info(p7, ri)) + goto err; return ri; err: if (ri) PKCS7_RECIP_INFO_free(ri); return NULL; - } +} -int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) - { +int +PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) +{ int i; STACK_OF(PKCS7_RECIP_INFO) *sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signedAndEnveloped: - sk= p7->d.signed_and_enveloped->recipientinfo; + sk = p7->d.signed_and_enveloped->recipientinfo; break; case NID_pkcs7_enveloped: - sk= p7->d.enveloped->recipientinfo; + sk = p7->d.enveloped->recipientinfo; break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, + PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } - if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) + if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) return 0; - return(1); - } + return (1); +} -int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) - { +int +PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) +{ int ret; EVP_PKEY *pkey = NULL; - if (!ASN1_INTEGER_set(p7i->version,0)) + if (!ASN1_INTEGER_set(p7i->version, 0)) return 0; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509))) + X509_get_issuer_name(x509))) return 0; M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - if (!(p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + if (!(p7i->issuer_and_serial->serial = + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) return 0; pkey = X509_get_pubkey(x509); - if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) - { + if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, - PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; - } + } ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, - 0, p7i); - if (ret == -2) - { + 0, p7i); + if (ret == -2) { PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, - PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; - } - if (ret <= 0) - { + } + if (ret <= 0) { PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, - PKCS7_R_ENCRYPTION_CTRL_FAILURE); + PKCS7_R_ENCRYPTION_CTRL_FAILURE); goto err; - } + } EVP_PKEY_free(pkey); - CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - p7i->cert=x509; + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + p7i->cert = x509; return 1; - err: +err: if (pkey) EVP_PKEY_free(pkey); return 0; - } +} -X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { +X509 * +PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) +{ if (PKCS7_type_is_signed(p7)) return(X509_find_by_issuer_and_serial(p7->d.sign->cert, - si->issuer_and_serial->issuer, - si->issuer_and_serial->serial)); + si->issuer_and_serial->issuer, + si->issuer_and_serial->serial)); else - return(NULL); - } + return (NULL); +} -int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) - { +int +PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) +{ int i; PKCS7_ENC_CONTENT *ec; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signedAndEnveloped: - ec=p7->d.signed_and_enveloped->enc_data; + ec = p7->d.signed_and_enveloped->enc_data; break; case NID_pkcs7_enveloped: - ec=p7->d.enveloped->enc_data; + ec = p7->d.enveloped->enc_data; break; default: - PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } /* Check cipher OID exists and has data in it*/ i = EVP_CIPHER_type(cipher); - if(i == NID_undef) { - PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); - return(0); + if (i == NID_undef) { + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, + PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + return (0); } ec->cipher = cipher; return 1; - } +} -int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) - { +int +PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) +{ ASN1_OCTET_STRING *os = NULL; - switch (OBJ_obj2nid(p7->type)) - { - case NID_pkcs7_data: + switch (OBJ_obj2nid(p7->type)) { + case NID_pkcs7_data: os = p7->d.data; break; - case NID_pkcs7_signedAndEnveloped: + case NID_pkcs7_signedAndEnveloped: os = p7->d.signed_and_enveloped->enc_data->enc_data; - if (os == NULL) - { - os=M_ASN1_OCTET_STRING_new(); - p7->d.signed_and_enveloped->enc_data->enc_data=os; - } + if (os == NULL) { + os = M_ASN1_OCTET_STRING_new(); + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } break; - case NID_pkcs7_enveloped: + case NID_pkcs7_enveloped: os = p7->d.enveloped->enc_data->enc_data; - if (os == NULL) - { - os=M_ASN1_OCTET_STRING_new(); - p7->d.enveloped->enc_data->enc_data=os; - } + if (os == NULL) { + os = M_ASN1_OCTET_STRING_new(); + p7->d.enveloped->enc_data->enc_data = os; + } break; - case NID_pkcs7_signed: - os=p7->d.sign->contents->d.data; + case NID_pkcs7_signed: + os = p7->d.sign->contents->d.data; break; - default: + default: os = NULL; break; - } - + } + if (os == NULL) return 0; @@ -662,4 +660,4 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) *boundary = &os->data; return 1; - } +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/lib/libssl/src/crypto/pkcs7/pk7_mime.c index 46d3dfd513a..8f32125f0bd 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_mime.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_mime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_mime.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_mime.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,21 +61,23 @@ /* PKCS#7 wrappers round generalised stream and MIME routines */ -int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) - { +int +i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) +{ return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, - ASN1_ITEM_rptr(PKCS7)); - } + ASN1_ITEM_rptr(PKCS7)); +} -int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) - { +int +PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) +{ return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags, - "PKCS7", - ASN1_ITEM_rptr(PKCS7)); - } + "PKCS7", ASN1_ITEM_rptr(PKCS7)); +} -int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) - { +int +SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) +{ STACK_OF(X509_ALGOR) *mdalgs; int ctype_nid = OBJ_obj2nid(p7->type); if (ctype_nid == NID_pkcs7_signed) @@ -87,11 +89,11 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, - ctype_nid, NID_undef, mdalgs, - ASN1_ITEM_rptr(PKCS7)); - } + ctype_nid, NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7)); +} -PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) - { +PKCS7 * +SMIME_read_PKCS7(BIO *bio, BIO **bcont) +{ return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); - } +} diff --git a/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/lib/libssl/src/crypto/pkcs7/pk7_smime.c index 692967e72e0..5d174f76444 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_smime.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_smime.c,v 1.14 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pk7_smime.c,v 1.15 2014/06/29 17:05:36 jsing Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,17 +65,17 @@ static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags) +PKCS7 * +PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, + int flags) { PKCS7 *p7; int i; - if(!(p7 = PKCS7_new())) - { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + if (!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); return NULL; - } + } if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto err; @@ -83,22 +83,19 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!PKCS7_content_new(p7, NID_pkcs7_data)) goto err; - if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) - { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR); + if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) { + PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR); goto err; - } + } - if(!(flags & PKCS7_NOCERTS)) - { - for(i = 0; i < sk_X509_num(certs); i++) - { + if (!(flags & PKCS7_NOCERTS)) { + for (i = 0; i < sk_X509_num(certs); i++) { if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) goto err; - } } + } - if(flags & PKCS7_DETACHED) + if (flags & PKCS7_DETACHED) PKCS7_set_detached(p7, 1); if (flags & (PKCS7_STREAM|PKCS7_PARTIAL)) @@ -107,164 +104,160 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (PKCS7_final(p7, data, flags)) return p7; - err: +err: PKCS7_free(p7); return NULL; } -int PKCS7_final(PKCS7 *p7, BIO *data, int flags) - { +int +PKCS7_final(PKCS7 *p7, BIO *data, int flags) +{ BIO *p7bio; int ret = 0; - if (!(p7bio = PKCS7_dataInit(p7, NULL))) - { - PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE); + + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); return 0; - } + } SMIME_crlf_copy(data, p7bio, flags); (void)BIO_flush(p7bio); - - if (!PKCS7_dataFinal(p7,p7bio)) - { - PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN); + if (!PKCS7_dataFinal(p7, p7bio)) { + PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN); goto err; - } + } ret = 1; - err: +err: BIO_free_all(p7bio); return ret; - - } +} /* Check to see if a cipher exists and if so add S/MIME capabilities */ -static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) - { +static int +add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) +{ if (EVP_get_cipherbynid(nid)) return PKCS7_simple_smimecap(sk, nid, arg); return 1; - } +} -static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) - { +static int +add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) +{ if (EVP_get_digestbynid(nid)) return PKCS7_simple_smimecap(sk, nid, arg); return 1; - } +} -PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, - EVP_PKEY *pkey, const EVP_MD *md, - int flags) - { +PKCS7_SIGNER_INFO * +PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags) +{ PKCS7_SIGNER_INFO *si = NULL; STACK_OF(X509_ALGOR) *smcap = NULL; - if(!X509_check_private_key(signcert, pkey)) - { + + if (!X509_check_private_key(signcert, pkey)) { PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; - } + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } - if (!(si = PKCS7_add_signature(p7,signcert,pkey, md))) - { + if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); return NULL; - } + } - if(!(flags & PKCS7_NOCERTS)) - { + if (!(flags & PKCS7_NOCERTS)) { if (!PKCS7_add_certificate(p7, signcert)) goto err; - } + } - if(!(flags & PKCS7_NOATTR)) - { + if (!(flags & PKCS7_NOATTR)) { if (!PKCS7_add_attrib_content_type(si, NULL)) goto err; /* Add SMIMECapabilities */ - if(!(flags & PKCS7_NOSMIMECAP)) - { - if(!(smcap = sk_X509_ALGOR_new_null())) - { + if (!(flags & PKCS7_NOSMIMECAP)) { + if (!(smcap = sk_X509_ALGOR_new_null())) { PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } - if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) - || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) - || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) - || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) - || !add_cipher_smcap(smcap, NID_des_cbc, -1) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) - || !PKCS7_add_attrib_smimecap (si, smcap)) + } + if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) || + !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) || + !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) || + !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) || + !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) || + !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) || + !add_cipher_smcap(smcap, NID_rc2_cbc, 128) || + !add_cipher_smcap(smcap, NID_rc2_cbc, 64) || + !add_cipher_smcap(smcap, NID_des_cbc, -1) || + !add_cipher_smcap(smcap, NID_rc2_cbc, 40) || + !PKCS7_add_attrib_smimecap (si, smcap)) goto err; sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); smcap = NULL; - } - if (flags & PKCS7_REUSE_DIGEST) - { + } + if (flags & PKCS7_REUSE_DIGEST) { if (!pkcs7_copy_existing_digest(p7, si)) goto err; if (!(flags & PKCS7_PARTIAL) && - !PKCS7_SIGNER_INFO_sign(si)) + !PKCS7_SIGNER_INFO_sign(si)) goto err; - } } + } return si; - err: + +err: if (smcap) sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); return NULL; - } +} /* Search for a digest matching SignerInfo digest type and if found * copy across. */ -static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { +static int +pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) +{ int i; STACK_OF(PKCS7_SIGNER_INFO) *sinfos; PKCS7_SIGNER_INFO *sitmp; ASN1_OCTET_STRING *osdig = NULL; + sinfos = PKCS7_get_signer_info(p7); - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); if (si == sitmp) break; if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) continue; if (!OBJ_cmp(si->digest_alg->algorithm, - sitmp->digest_alg->algorithm)) - { + sitmp->digest_alg->algorithm)) { osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); break; - } - } + } + if (osdig) return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, - PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); + PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); return 0; - } +} -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags) +int +PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, + BIO *out, int flags) { STACK_OF(X509) *signers; X509 *signer; @@ -272,23 +265,23 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; char buf[4096]; - int i, j=0, k, ret = 0; + int i, j = 0, k, ret = 0; BIO *p7bio; BIO *tmpin, *tmpout; - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); + if (!p7) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER); return 0; } - if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); + if (!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE); return 0; } /* Check for no data and no content: no data to verify signature */ - if(PKCS7_get_detached(p7) && !indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); + if (PKCS7_get_detached(p7) && !indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); return 0; } #if 0 @@ -297,56 +290,58 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, */ /* Check for data and content: two sets of data */ - if(!PKCS7_get_detached(p7) && indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); + if (!PKCS7_get_detached(p7) && indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); return 0; } #endif sinfos = PKCS7_get_signer_info(p7); - if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); + if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA); return 0; } signers = PKCS7_get0_signers(p7, certs, flags); - if(!signers) return 0; + if (!signers) + return 0; /* Now verify the certificates */ - if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { - signer = sk_X509_value (signers, k); - if (!(flags & PKCS7_NOCHAIN)) { - if(!X509_STORE_CTX_init(&cert_ctx, store, signer, - p7->d.sign->cert)) - { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + if (!(flags & PKCS7_NOVERIFY)) + for (k = 0; k < sk_X509_num(signers); k++) { + signer = sk_X509_value (signers, k); + if (!(flags & PKCS7_NOCHAIN)) { + if (!X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } + X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); + } else if (!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); sk_X509_free(signers); return 0; - } - X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); - } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; - } - if (!(flags & PKCS7_NOCRL)) - X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); - i = X509_verify_cert(&cert_ctx); - if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); - X509_STORE_CTX_cleanup(&cert_ctx); - if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); - ERR_asprintf_error_data("Verify error:%s", - X509_verify_cert_error_string(j)); - sk_X509_free(signers); - return 0; + } + if (!(flags & PKCS7_NOCRL)) + X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) + j = X509_STORE_CTX_get_error(&cert_ctx); + X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CERTIFICATE_VERIFY_ERROR); + ERR_asprintf_error_data("Verify error:%s", + X509_verify_cert_error_string(j)); + sk_X509_free(signers); + return 0; + } + /* Check for revocation status here */ } - /* Check for revocation status here */ - } /* Performance optimization: if the content is a memory BIO then * store its contents in a temporary read only memory BIO. This @@ -354,45 +349,43 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, * occur when reading from a read write memory BIO when signatures * are calculated. */ - - if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) - { + if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) { char *ptr; long len; len = BIO_get_mem_data(indata, &ptr); tmpin = BIO_new_mem_buf(ptr, len); - if (tmpin == NULL) - { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + if (tmpin == NULL) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); return 0; - } } - else + } else tmpin = indata; - - if (!(p7bio=PKCS7_dataInit(p7,tmpin))) + + if (!(p7bio = PKCS7_dataInit(p7, tmpin))) goto err; - if(flags & PKCS7_TEXT) { - if(!(tmpout = BIO_new(BIO_s_mem()))) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + if (flags & PKCS7_TEXT) { + if (!(tmpout = BIO_new(BIO_s_mem()))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } BIO_set_mem_eof_return(tmpout, 0); } else tmpout = out; /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,sizeof(buf)); - if (i <= 0) break; - if (tmpout) BIO_write(tmpout, buf, i); + for (;;) { + i = BIO_read(p7bio, buf, sizeof(buf)); + if (i <= 0) + break; + if (tmpout) + BIO_write(tmpout, buf, i); } - if(flags & PKCS7_TEXT) { - if(!SMIME_text(tmpout, out)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); + if (flags & PKCS7_TEXT) { + if (!SMIME_text(tmpout, out)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, + PKCS7_R_SMIME_TEXT_ERROR); BIO_free(tmpout); goto err; } @@ -401,25 +394,24 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, /* Now Verify All Signatures */ if (!(flags & PKCS7_NOSIGS)) - for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { - si=sk_PKCS7_SIGNER_INFO_value(sinfos,i); + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); signer = sk_X509_value (signers, i); - j=PKCS7_signatureVerify(p7bio,p7,si, signer); + j = PKCS7_signatureVerify(p7bio, p7, si, signer); if (j <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE); + PKCS7err(PKCS7_F_PKCS7_VERIFY, + PKCS7_R_SIGNATURE_FAILURE); goto err; } } ret = 1; - err: - - if (tmpin == indata) - { - if (indata) BIO_pop(p7bio); - } +err: + if (tmpin == indata) { + if (indata) + BIO_pop(p7bio); + } BIO_free_all(p7bio); sk_X509_free(signers); @@ -436,83 +428,84 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) X509 *signer; int i; - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); + if (!p7) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, + PKCS7_R_INVALID_NULL_POINTER); return NULL; } - if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); + if (!PKCS7_type_is_signed(p7)) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, + PKCS7_R_WRONG_CONTENT_TYPE); return NULL; } /* Collect all the signers together */ - sinfos = PKCS7_get_signer_info(p7); - - if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); + if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS); return 0; } - if(!(signers = sk_X509_new_null())) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); + if (!(signers = sk_X509_new_null())) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); return NULL; } - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) - { - si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); - ias = si->issuer_and_serial; - signer = NULL; + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + ias = si->issuer_and_serial; + signer = NULL; /* If any certificates passed they take priority */ - if (certs) signer = X509_find_by_issuer_and_serial (certs, - ias->issuer, ias->serial); - if (!signer && !(flags & PKCS7_NOINTERN) - && p7->d.sign->cert) signer = - X509_find_by_issuer_and_serial (p7->d.sign->cert, - ias->issuer, ias->serial); - if (!signer) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + if (certs) signer = X509_find_by_issuer_and_serial (certs, + ias->issuer, ias->serial); + if (!signer && !(flags & PKCS7_NOINTERN) && + p7->d.sign->cert) signer = + X509_find_by_issuer_and_serial (p7->d.sign->cert, + ias->issuer, ias->serial); + if (!signer) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, + PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); sk_X509_free(signers); return 0; - } + } - if (!sk_X509_push(signers, signer)) { - sk_X509_free(signers); - return NULL; - } + if (!sk_X509_push(signers, signer)) { + sk_X509_free(signers); + return NULL; + } } return signers; } - /* Build a complete PKCS#7 enveloped data */ -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags) +PKCS7 * +PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags) { PKCS7 *p7; BIO *p7bio = NULL; int i; X509 *x509; - if(!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); + + if (!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); return NULL; } if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) goto err; if (!PKCS7_set_cipher(p7, cipher)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER); goto err; } - for(i = 0; i < sk_X509_num(certs); i++) { + for (i = 0; i < sk_X509_num(certs); i++) { x509 = sk_X509_value(certs, i); - if(!PKCS7_add_recipient(p7, x509)) { + if (!PKCS7_add_recipient(p7, x509)) { PKCS7err(PKCS7_F_PKCS7_ENCRYPT, - PKCS7_R_ERROR_ADDING_RECIPIENT); + PKCS7_R_ERROR_ADDING_RECIPIENT); goto err; } } @@ -523,37 +516,36 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, if (PKCS7_final(p7, in, flags)) return p7; - err: - +err: BIO_free_all(p7bio); PKCS7_free(p7); return NULL; - } -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) +int +PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; int ret, i; char buf[4096]; - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); + if (!p7) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); return 0; } - if(!PKCS7_type_is_enveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); + if (!PKCS7_type_is_enveloped(p7)) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE); return 0; } - if(cert && !X509_check_private_key(cert, pkey)) { + if (cert && !X509_check_private_key(cert, pkey)) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return 0; } - if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { + if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); return 0; } @@ -561,44 +553,40 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) if (flags & PKCS7_TEXT) { BIO *tmpbuf, *bread; /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ - if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { + if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); BIO_free_all(tmpmem); return 0; } - if(!(bread = BIO_push(tmpbuf, tmpmem))) { + if (!(bread = BIO_push(tmpbuf, tmpmem))) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); BIO_free_all(tmpbuf); BIO_free_all(tmpmem); return 0; } ret = SMIME_text(bread, data); - if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) - { + if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { if (!BIO_get_cipher_status(tmpmem)) ret = 0; - } + } BIO_free_all(bread); return ret; } else { - for(;;) { + for (;;) { i = BIO_read(tmpmem, buf, sizeof(buf)); - if(i <= 0) - { + if (i <= 0) { ret = 1; - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) - { + if (BIO_method_type(tmpmem) == + BIO_TYPE_CIPHER) { if (!BIO_get_cipher_status(tmpmem)) ret = 0; - } - - break; } - if (BIO_write(data, buf, i) != i) - { + break; + } + if (BIO_write(data, buf, i) != i) { ret = 0; break; - } + } } BIO_free_all(tmpmem); return ret; diff --git a/lib/libssl/src/crypto/pkcs7/pkcs7err.c b/lib/libssl/src/crypto/pkcs7/pkcs7err.c index 0f7c66c9750..a194e2dadc5 100644 --- a/lib/libssl/src/crypto/pkcs7/pkcs7err.c +++ b/lib/libssl/src/crypto/pkcs7/pkcs7err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs7err.c,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: pkcs7err.c,v 1.10 2014/06/29 17:05:36 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,120 +68,117 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) -static ERR_STRING_DATA PKCS7_str_functs[]= - { -{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, -{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, -{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, -{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, -{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, -{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, -{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"}, -{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, -{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, -{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, -{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, -{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, -{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, -{ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, -{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, -{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, -{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, -{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, -{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, -{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, -{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, -{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, -{0,NULL} - }; +static ERR_STRING_DATA PKCS7_str_functs[]= { + {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, + {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, + {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, + {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, + {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, + {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, + {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, + {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, + {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, + {0, NULL} +}; -static ERR_STRING_DATA PKCS7_str_reasons[]= - { -{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, -{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, -{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, -{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, -{ERR_REASON(PKCS7_R_CTRL_ERROR) ,"ctrl error"}, -{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, -{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, -{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, -{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, -{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"}, -{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"}, -{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, -{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, -{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, -{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, -{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, -{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, -{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, -{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, -{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, -{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, -{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) ,"no default digest"}, -{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"}, -{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, -{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, -{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, -{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, -{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, -{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, -{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, -{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, -{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, -{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"}, -{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, -{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, -{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, -{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, -{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, -{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, -{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, -{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, -{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"}, -{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"}, -{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, -{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, -{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, -{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, -{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, -{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, -{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, -{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, -{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, -{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, -{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, -{0,NULL} - }; +static ERR_STRING_DATA PKCS7_str_reasons[]= { + {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"}, + {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, + {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), "content and data present"}, + {ERR_REASON(PKCS7_R_CTRL_ERROR) , "ctrl error"}, + {ERR_REASON(PKCS7_R_DECODE_ERROR) , "decode error"}, + {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), "decrypted key is wrong length"}, + {ERR_REASON(PKCS7_R_DECRYPT_ERROR) , "decrypt error"}, + {ERR_REASON(PKCS7_R_DIGEST_FAILURE) , "digest failure"}, + {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"}, + {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "encryption not supported for this key type"}, + {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, + {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, + {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) , "invalid mime type"}, + {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, + {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, + {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) , "mime parse error"}, + {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, + {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, + {ERR_REASON(PKCS7_R_NO_CONTENT) , "no content"}, + {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) , "no content type"}, + {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) , "no default digest"}, + {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), "no matching digest type found"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), "no multipart body failure"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), "no recipient matches certificate"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), "no recipient matches key"}, + {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, + {ERR_REASON(PKCS7_R_NO_SIGNERS) , "no signers"}, + {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) , "no sig content type"}, + {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), "operation not supported on this type"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) , "pkcs7 datafinal"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATASIGN) , "pkcs7 datasign"}, + {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) , "pkcs7 parse error"}, + {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"}, + {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, + {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) , "signature failure"}, + {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, + {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"}, + {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "signing not supported for this key type"}, + {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, + {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) , "smime text error"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), "unable to find certificate"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), "unable to find message digest"}, + {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) , "unknown digest type"}, + {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) , "unknown operation"}, + {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"}, + {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, + {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) , "wrong content type"}, + {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) , "wrong pkcs7 type"}, + {0, NULL} +}; #endif -void ERR_load_PKCS7_strings(void) - { +void +ERR_load_PKCS7_strings(void) +{ #ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) - { - ERR_load_strings(0,PKCS7_str_functs); - ERR_load_strings(0,PKCS7_str_reasons); - } -#endif + if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) { + ERR_load_strings(0, PKCS7_str_functs); + ERR_load_strings(0, PKCS7_str_reasons); } +#endif +} |