X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=crypto%2Fpkcs7%2Fpk7_lib.c;h=45973fe8507cc3d08be0efeebea9446697873ac3;hb=4b42658082a3d6224d25f10de8fdb605d30015a9;hp=d69f536ae801ec368bb4a16920425ad94dafbc99;hpb=f73e07cf420ddad22b6148d8cbe28daf84ccae2d;p=oweals%2Fopenssl.git

diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index d69f536ae8..45973fe850 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -58,14 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "x509.h"
-
-long PKCS7_ctrl(p7,cmd,larg,parg)
-PKCS7 *p7;
-int cmd;
-long larg;
-char *parg;
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 	{
 	int nid;
 	long ret;
@@ -104,9 +100,7 @@ char *parg;
 	return(ret);
 	}
 
-int PKCS7_content_new(p7,type)
-PKCS7 *p7;
-int type;
+int PKCS7_content_new(PKCS7 *p7, int type)
 	{
 	PKCS7 *ret=NULL;
 
@@ -120,9 +114,7 @@ err:
 	return(0);
 	}
 
-int PKCS7_set_content(p7,p7_data)
-PKCS7 *p7;
-PKCS7 *p7_data;
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
 	{
 	int i;
 
@@ -131,7 +123,7 @@ PKCS7 *p7_data;
 		{
 	case NID_pkcs7_signed:
 		if (p7->d.sign->contents != NULL)
-			PKCS7_content_free(p7->d.sign->contents);
+			PKCS7_free(p7->d.sign->contents);
 		p7->d.sign->contents=p7_data;
 		break;
 	case NID_pkcs7_digest:
@@ -148,9 +140,7 @@ err:
 	return(0);
 	}
 
-int PKCS7_set_type(p7,type)
-PKCS7 *p7;
-int type;
+int PKCS7_set_type(PKCS7 *p7, int type)
 	{
 	ASN1_OBJECT *obj;
 
@@ -167,7 +157,7 @@ int type;
 		break;
 	case NID_pkcs7_data:
 		p7->type=obj;
-		if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL)
+		if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
 			goto err;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
@@ -175,9 +165,6 @@ int type;
 		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-/*		p7->d.signed_and_enveloped->enc_data->content_type=
-			OBJ_nid2obj(NID_pkcs7_encrypted);*/
-			
 		break;
 	case NID_pkcs7_enveloped:
 		p7->type=obj;
@@ -185,8 +172,14 @@ int type;
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.enveloped->version,0);
 		break;
-	case NID_pkcs7_digest:
 	case NID_pkcs7_encrypted:
+		p7->type=obj;
+		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.encrypted->version,0);
+		break;
+
+	case NID_pkcs7_digest:
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
 		goto err;
@@ -196,14 +189,12 @@ err:
 	return(0);
 	}
 
-int PKCS7_add_signer(p7,psi)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *psi;
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
 	{
 	int i,j,nid;
 	X509_ALGOR *alg;
-	STACK *signer_sk;
-	STACK *md_sk;
+	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+	STACK_OF(X509_ALGOR) *md_sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -225,9 +216,9 @@ PKCS7_SIGNER_INFO *psi;
 
 	/* If the digest is not currently listed, add it */
 	j=0;
-	for (i=0; i<sk_num(md_sk); i++)
+	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
 		{
-		alg=(X509_ALGOR *)sk_value(md_sk,i);
+		alg=sk_X509_ALGOR_value(md_sk,i);
 		if (OBJ_obj2nid(alg->algorithm) == nid)
 			{
 			j=1;
@@ -236,18 +227,21 @@ PKCS7_SIGNER_INFO *psi;
 		}
 	if (!j) /* we need to add another algorithm */
 		{
-		alg=X509_ALGOR_new();
+		if(!(alg=X509_ALGOR_new())
+			|| !(alg->parameter = ASN1_TYPE_new())) {
+			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
+			return(0);
+		}
 		alg->algorithm=OBJ_nid2obj(nid);
-		sk_push(md_sk,(char *)alg);
+		alg->parameter->type = V_ASN1_NULL;
+		sk_X509_ALGOR_push(md_sk,alg);
 		}
 
-	sk_push(signer_sk,(char *)psi);
+	sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
 	return(1);
 	}
 
-int PKCS7_add_certificate(p7,x509)
-PKCS7 *p7;
-X509 *x509;
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
 	{
 	int i;
 	STACK_OF(X509) **sk;
@@ -273,12 +267,10 @@ X509 *x509;
 	return(1);
 	}
 
-int PKCS7_add_crl(p7,crl)
-PKCS7 *p7;
-X509_CRL *crl;
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 	{
 	int i;
-	STACK **sk;
+	STACK_OF(X509_CRL) **sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -295,19 +287,19 @@ X509_CRL *crl;
 		}
 
 	if (*sk == NULL)
-		*sk=sk_new_null();
+		*sk=sk_X509_CRL_new_null();
 
 	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	sk_push(*sk,(char *)crl);
+	sk_X509_CRL_push(*sk,crl);
 	return(1);
 	}
 
-int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst)
-PKCS7_SIGNER_INFO *p7i;
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+	     EVP_MD *dgst)
 	{
+	char is_dsa;
+	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
+	else is_dsa = 0;
 	/* We now need to add another PKCS7_SIGNER_INFO entry */
 	ASN1_INTEGER_set(p7i->version,1);
 	X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -315,39 +307,43 @@ EVP_MD *dgst;
 
 	/* because ASN1_INTEGER_set is used to set a 'long' we will do
 	 * things the ugly way. */
-	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
 	p7i->issuer_and_serial->serial=
-		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
 
 	/* lets keep the pkey around for a while */
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
 	p7i->pkey=pkey;
 
 	/* Set the algorithms */
-	if (pkey->type == EVP_PKEY_DSA)
-		p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
 	else	
 		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
 
-#if 1
+	if (p7i->digest_alg->parameter != NULL)
+		ASN1_TYPE_free(p7i->digest_alg->parameter);
+	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+		goto err;
+	p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
+	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
+
 	if (p7i->digest_enc_alg->parameter != NULL)
 		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-	if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
-		goto err;
-	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-#endif
+	if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
+	else {
+		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+			goto err;
+		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+	}
 
 	return(1);
 err:
 	return(0);
 	}
 
-PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst)
-PKCS7 *p7;
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+	     EVP_MD *dgst)
 	{
 	PKCS7_SIGNER_INFO *si;
 
@@ -359,8 +355,7 @@ err:
 	return(NULL);
 	}
 
-STACK *PKCS7_get_signer_info(p7)
-PKCS7 *p7;
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
 	{
 	if (PKCS7_type_is_signed(p7))
 		{
@@ -374,9 +369,7 @@ PKCS7 *p7;
 		return(NULL);
 	}
 
-PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509)
-PKCS7 *p7;
-X509 *x509;
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
 	{
 	PKCS7_RECIP_INFO *ri;
 
@@ -388,12 +381,10 @@ err:
 	return(NULL);
 	}
 
-int PKCS7_add_recipient_info(p7,ri)
-PKCS7 *p7;
-PKCS7_RECIP_INFO *ri;
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
 	{
 	int i;
-	STACK *sk;
+	STACK_OF(PKCS7_RECIP_INFO) *sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -409,21 +400,19 @@ PKCS7_RECIP_INFO *ri;
 		return(0);
 		}
 
-	sk_push(sk,(char *)ri);
+	sk_PKCS7_RECIP_INFO_push(sk,ri);
 	return(1);
 	}
 
-int PKCS7_RECIP_INFO_set(p7i,x509)
-PKCS7_RECIP_INFO *p7i;
-X509 *x509;
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
 	{
 	ASN1_INTEGER_set(p7i->version,0);
 	X509_NAME_set(&p7i->issuer_and_serial->issuer,
 		X509_get_issuer_name(x509));
 
-	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
 	p7i->issuer_and_serial->serial=
-		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
 
 	X509_ALGOR_free(p7i->key_enc_algor);
 	p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
@@ -436,9 +425,7 @@ X509 *x509;
 	return(1);
 	}
 
-X509 *PKCS7_cert_from_signer_info(p7,si)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *si;
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
 	{
 	if (PKCS7_type_is_signed(p7))
 		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
@@ -448,11 +435,10 @@ PKCS7_SIGNER_INFO *si;
 		return(NULL);
 	}
 
-int PKCS7_set_cipher(p7,cipher)
-PKCS7 *p7;
-EVP_CIPHER *cipher;
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 	{
 	int i;
+	ASN1_OBJECT *objtmp;
 	PKCS7_ENC_CONTENT *ec;
 
 	i=OBJ_obj2nid(p7->type);
@@ -469,7 +455,15 @@ EVP_CIPHER *cipher;
 		return(0);
 		}
 
-	ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
-	return(ec->algorithm->algorithm != NULL);
+	/* Check cipher OID exists and has data in it*/
+	i = EVP_CIPHER_type(cipher);
+	if(i == NID_undef) {
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+		return(0);
+	}
+	objtmp = OBJ_nid2obj(i);
+
+	ec->cipher = cipher;
+	return 1;
 	}