*/
#include <openssl/asn1t.h>
-#include <openssl/x509.h>
+#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/bio.h>
{
case NID_pkcs7_data:
+ case NID_pkcs7_enveloped:
case NID_pkcs7_encrypted:
case NID_id_smime_ct_compressedData:
/* Nothing to do */
return 0;
}
BIO_get_md_ctx(chain, &mtmp);
- if (EVP_MD_CTX_type(mtmp) == nid)
- {
- EVP_MD_CTX_copy_ex(mctx, mtmp);
- return 1;
- }
+ if (EVP_MD_CTX_type(mtmp) == nid
+ /* Workaround for broken implementations that use signature
+ * algorithm OID instead of digest.
+ */
+ || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+ return EVP_MD_CTX_copy_ex(mctx, mtmp);
chain = BIO_next(chain);
}
}
STACK_OF(CMS_CertificateChoices) **pcerts;
int i;
pcerts = cms_get0_certificate_choices(cms);
- if (!pcerts)
- return 0;
if (!pcerts)
return 0;
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
if (cch->type == CMS_CERTCHOICE_CERT)
{
if (!X509_cmp(cch->d.certificate, cert))
- return -1;
-
+ {
+ CMSerr(CMS_F_CMS_ADD0_CERT,
+ CMS_R_CERTIFICATE_ALREADY_PRESENT);
+ return 0;
+ }
}
}
cch = CMS_add0_CertificateChoices(cms);
return 1;
}
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+ {
+ int r;
+ r = CMS_add0_crl(cms, crl);
+ if (r > 0)
+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ return r;
+ }
+
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
{
STACK_OF(X509) *certs = NULL;
}
return crls;
}
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
+ {
+ int ret;
+ ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
+ if (ret)
+ return ret;
+ return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
+ }
+
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
+ {
+ X509_check_purpose(cert, -1, -1);
+ if (!cert->skid)
+ return -1;
+ return ASN1_OCTET_STRING_cmp(keyid, cert->skid);
+ }
+
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
+ {
+ CMS_IssuerAndSerialNumber *ias;
+ ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+ if (!ias)
+ goto err;
+ if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
+ goto err;
+ if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
+ goto err;
+ if (*pias)
+ M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+ *pias = ias;
+ return 1;
+ err:
+ if (ias)
+ M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+ CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
+ {
+ ASN1_OCTET_STRING *keyid = NULL;
+ X509_check_purpose(cert, -1, -1);
+ if (!cert->skid)
+ {
+ CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
+ return 0;
+ }
+ keyid = ASN1_STRING_dup(cert->skid);
+ if (!keyid)
+ {
+ CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (*pkeyid)
+ ASN1_OCTET_STRING_free(*pkeyid);
+ *pkeyid = keyid;
+ return 1;
+ }