Make things static that should be. Declare stuff in headers that should be.

[oweals/openssl.git] / crypto / pkcs7 / pk7_lib.c

diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 8b6c153481b122d2f81db5acfcf93faec44ac8cf..21738eebe23065b2eb7dec8a4cc06243c16c1fc5 100644 (file)
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -381,15 +381,28 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                }
        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
                        PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-       return 0;
 err:
-       return(0);
+       return 0;
        }
 
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
             const EVP_MD *dgst)
        {
-       PKCS7_SIGNER_INFO *si;
+       PKCS7_SIGNER_INFO *si = NULL;
+
+       if (dgst == NULL)
+               {
+               int def_nid;
+               if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+                       goto err;
+               dgst = EVP_get_digestbynid(def_nid);
+               if (dgst == NULL)
+                       {
+                       PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
+                                               PKCS7_R_NO_DEFAULT_DIGEST);
+                       goto err;
+                       }
+               }
 
        if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
        if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
@@ -457,9 +470,11 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
        if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
        if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
-       return(ri);
+       return ri;
 err:
-       return(NULL);
+       if (ri)
+               PKCS7_RECIP_INFO_free(ri);
+       return NULL;
        }
 
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
@@ -487,6 +502,8 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
 
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
        {
+       int ret;
+       EVP_PKEY *pkey = NULL;
        if (!ASN1_INTEGER_set(p7i->version,0))
                return 0;
        if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -498,14 +515,41 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
                return 0;
 
-       X509_ALGOR_free(p7i->key_enc_algor);
-       if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
-               return 0;
+       pkey = X509_get_pubkey(x509);
+
+       if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
+               {
+               PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                       PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+               goto err;
+               }
+
+       ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
+                                               0, p7i);
+       if (ret == -2)
+               {
+               PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                       PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+               goto err;
+               }
+       if (ret <= 0)
+               {
+               PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                               PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+               goto err;
+               }
+
+       EVP_PKEY_free(pkey);
 
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
        p7i->cert=x509;
 
-       return(1);
+       return 1;
+
+       err:
+       if (pkey)
+               EVP_PKEY_free(pkey);
+       return 0;
        }
 
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)