X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fpkcs7%2Fpk7_doit.c;h=7acd11e057d78399fe5ff18740eb83a04b4aa6f9;hb=62ab514e982757f2f491fcb0ae13ce921ae4fbaf;hp=af66511ebacec7f7e94bbeb3bfe1801ab898514c;hpb=8484721adb154f47de28e64d581b40adca6c5e68;p=oweals%2Fopenssl.git diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index af66511eba..7acd11e057 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -61,6 +61,7 @@ #include #include #include +#include static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); @@ -160,9 +161,10 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) BIO_get_cipher_ctx(btmp, &ctx); keylen=EVP_CIPHER_key_length(evp_cipher); ivlen=EVP_CIPHER_iv_length(evp_cipher); - RAND_bytes(key,keylen); + if (RAND_bytes(key,keylen) <= 0) + goto err; xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); - if (ivlen > 0) RAND_bytes(iv,ivlen); + if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); EVP_CipherInit(ctx, evp_cipher, key, iv, 1); if (ivlen > 0) { @@ -187,7 +189,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) EVP_PKEY_free(pkey); if (max < jj) max=jj; } - if ((tmp=(unsigned char *)Malloc(max)) == NULL) + if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE); goto err; @@ -201,12 +203,12 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) if (jj <= 0) { PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); - Free(tmp); + OPENSSL_free(tmp); goto err; } - ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); + M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); } - Free(tmp); + OPENSSL_free(tmp); memset(key, 0, keylen); if (out == NULL) @@ -226,7 +228,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) os=p7->d.sign->contents->d.data; if (os->length > 0) bio = BIO_new_mem_buf(os->data, os->length); - } else { + } + if(bio == NULL) { bio=BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bio,0); } @@ -251,7 +254,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { int i,j; BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; - char *tmp=NULL; + unsigned char *tmp=NULL; X509_ALGOR *xa; ASN1_OCTET_STRING *data_body=NULL; const EVP_MD *evp_md; @@ -262,10 +265,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; -/* EVP_PKEY *pkey; */ -#if 0 - X509_STORE_CTX s_ctx; -#endif i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -364,7 +363,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) ri=sk_PKCS7_RECIP_INFO_value(rsk,i); if(!X509_NAME_cmp(ri->issuer_and_serial->issuer, pcert->cert_info->issuer) && - !ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, + !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, ri->issuer_and_serial->serial)) break; ri=NULL; } @@ -375,17 +374,15 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } jj=EVP_PKEY_size(pkey); - tmp=Malloc(jj+10); + tmp=(unsigned char *)OPENSSL_malloc(jj+10); if (tmp == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE); goto err; } - jj=EVP_PKEY_decrypt((unsigned char *)tmp, - ASN1_STRING_data(ri->enc_key), - ASN1_STRING_length(ri->enc_key), - pkey); + jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key), + M_ASN1_STRING_length(ri->enc_key), pkey); if (jj <= 0) { PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); @@ -398,13 +395,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) return(NULL); - if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, + if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { + /* Some S/MIME clients don't use the same key + * and effective key length. The key length is + * determined by the size of the decrypted RSA key. + */ + if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); - goto err; - } - EVP_CipherInit(evp_ctx,NULL,(unsigned char *)tmp,NULL,0); + goto err; + } + } + EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0); memset(tmp,0,jj); @@ -453,7 +456,7 @@ err: out=NULL; } if (tmp != NULL) - Free(tmp); + OPENSSL_free(tmp); return(out); } @@ -480,12 +483,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_signedAndEnveloped: /* XXXXXXXXXXXXXXXX */ si_sk=p7->d.signed_and_enveloped->signer_info; - os=ASN1_OCTET_STRING_new(); + os=M_ASN1_OCTET_STRING_new(); p7->d.signed_and_enveloped->enc_data->enc_data=os; break; case NID_pkcs7_enveloped: /* XXXXXXXXXXXXXXXX */ - os=ASN1_OCTET_STRING_new(); + os=M_ASN1_OCTET_STRING_new(); p7->d.enveloped->enc_data->enc_data=os; break; case NID_pkcs7_signed: @@ -493,7 +496,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) os=p7->d.sign->contents->d.data; /* If detached data then the content is excluded */ if(p7->detached) { - ASN1_OCTET_STRING_free(os); + M_ASN1_OCTET_STRING_free(os); p7->d.sign->contents->d.data = NULL; } break; @@ -528,7 +531,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR); goto err; } - if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == j) + if (EVP_MD_CTX_type(mdc) == j) break; else btmp=btmp->next_bio; @@ -562,10 +565,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) V_ASN1_UTCTIME,sign_time); /* Add digest */ - md_tmp=EVP_MD_CTX_type(&ctx_tmp); + md_tmp=EVP_MD_CTX_md(&ctx_tmp); EVP_DigestFinal(&ctx_tmp,md_data,&md_len); - digest=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(digest,md_data,md_len); + digest=M_ASN1_OCTET_STRING_new(); + M_ASN1_OCTET_STRING_set(digest,md_data,md_len); PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING,digest); @@ -575,13 +578,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL, i2d_X509_ATTRIBUTE, V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); - pp=(unsigned char *)Malloc(x); + pp=(unsigned char *)OPENSSL_malloc(x); p=pp; i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p, i2d_X509_ATTRIBUTE, V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); EVP_SignUpdate(&ctx_tmp,pp,x); - Free(pp); + OPENSSL_free(pp); pp=NULL; } @@ -620,11 +623,11 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) os->data = (unsigned char *)buf_mem->data; os->length = buf_mem->length; #if 0 - ASN1_OCTET_STRING_set(os, + M_ASN1_OCTET_STRING_set(os, (unsigned char *)buf_mem->data,buf_mem->length); #endif } - if (pp != NULL) Free(pp); + if (pp != NULL) OPENSSL_free(pp); pp=NULL; ret=1; @@ -668,10 +671,12 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, /* Lets verify */ X509_STORE_CTX_init(ctx,cert_store,x509,cert); + X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); i=X509_verify_cert(ctx); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); + X509_STORE_CTX_cleanup(ctx); goto err; } X509_STORE_CTX_cleanup(ctx); @@ -719,7 +724,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, PKCS7_R_INTERNAL_ERROR); goto err; } - if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type) + if (EVP_MD_CTX_type(mdc) == md_type) break; btmp=btmp->next_bio; } @@ -767,13 +772,13 @@ for (ii=0; iienc_digest;