diff options
author | simon <simon@FreeBSD.org> | 2006-07-29 19:10:21 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2006-07-29 19:10:21 +0000 |
commit | fb3c70eda88d3175627edc6a3316b4508b3d29c5 (patch) | |
tree | 213a0c4d5ba3869f66ecf970819532048fed4a9d /crypto/openssl/crypto/pkcs7 | |
parent | 3c8d7d9993705e30bc69e55cd19d8a298e582292 (diff) | |
download | FreeBSD-src-fb3c70eda88d3175627edc6a3316b4508b3d29c5.zip FreeBSD-src-fb3c70eda88d3175627edc6a3316b4508b3d29c5.tar.gz |
Vendor import of OpenSSL 0.9.8b
Diffstat (limited to 'crypto/openssl/crypto/pkcs7')
-rw-r--r-- | crypto/openssl/crypto/pkcs7/Makefile | 192 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/bio_ber.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/example.c | 8 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pk7_asn1.c | 41 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pk7_attr.c | 3 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pk7_doit.c | 315 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pk7_lib.c | 119 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pk7_mime.c | 77 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pk7_smime.c | 77 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pkcs7.h | 15 | ||||
-rw-r--r-- | crypto/openssl/crypto/pkcs7/pkcs7err.c | 152 |
11 files changed, 634 insertions, 367 deletions
diff --git a/crypto/openssl/crypto/pkcs7/Makefile b/crypto/openssl/crypto/pkcs7/Makefile index 7eda4e8..3f7e88b 100644 --- a/crypto/openssl/crypto/pkcs7/Makefile +++ b/crypto/openssl/crypto/pkcs7/Makefile @@ -1,5 +1,5 @@ # -# SSLeay/crypto/pkcs7/Makefile +# OpenSSL/crypto/pkcs7/Makefile # DIR= pkcs7 @@ -7,11 +7,6 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I$(TOP) -I../../include CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) MAKEFILE= Makefile AR= ar r @@ -72,7 +67,8 @@ links: @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: - @for i in $(EXHEADER) ; \ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ @@ -87,6 +83,7 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: @@ -98,143 +95,92 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -pk7_asn1.o: ../../e_os.h ../../include/openssl/aes.h -pk7_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -pk7_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk7_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -pk7_asn1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_asn1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_asn1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pk7_asn1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_asn1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_asn1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_asn1.o: ../cryptlib.h pk7_asn1.c -pk7_attr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h -pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c +pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pk7_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_attr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_attr.o: pk7_attr.c -pk7_doit.o: ../../e_os.h ../../include/openssl/aes.h -pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pk7_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pk7_attr.o: ../../include/openssl/x509_vfy.h pk7_attr.c +pk7_doit.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_doit.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pk7_doit.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_doit.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pk7_doit.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pk7_doit.o: ../cryptlib.h pk7_doit.c -pk7_lib.o: ../../e_os.h ../../include/openssl/aes.h -pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pk7_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pk7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pk7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_doit.c +pk7_lib.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pk7_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c -pk7_mime.o: ../../e_os.h ../../include/openssl/aes.h -pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h -pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pk7_mime.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -pk7_mime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -pk7_mime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h -pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_lib.o: ../cryptlib.h pk7_lib.c +pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pk7_mime.o: ../../include/openssl/opensslconf.h pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pk7_mime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h -pk7_mime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h -pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pk7_mime.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c -pk7_smime.o: ../../e_os.h ../../include/openssl/aes.h -pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +pk7_mime.o: ../cryptlib.h pk7_mime.c +pk7_smime.o: ../../e_os.h ../../include/openssl/asn1.h +pk7_smime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pk7_smime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h -pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h +pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h +pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pk7_smime.o: ../../include/openssl/objects.h pk7_smime.o: ../../include/openssl/opensslconf.h pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h -pk7_smime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h -pk7_smime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h -pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_smime.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c +pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +pk7_smime.o: ../cryptlib.h pk7_smime.c pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +pkcs7err.o: ../../include/openssl/opensslconf.h pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h diff --git a/crypto/openssl/crypto/pkcs7/bio_ber.c b/crypto/openssl/crypto/pkcs7/bio_ber.c index 895a911..31973fc 100644 --- a/crypto/openssl/crypto/pkcs7/bio_ber.c +++ b/crypto/openssl/crypto/pkcs7/bio_ber.c @@ -204,7 +204,7 @@ int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx) if ((ctx->buf_len < BER_BUF_SIZE) && (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) { - ERR_get_error(); /* clear the error */ + ERR_clear_error(); /* clear the error */ BIO_set_retry_read(b); } return(-1); diff --git a/crypto/openssl/crypto/pkcs7/example.c b/crypto/openssl/crypto/pkcs7/example.c index c993947..2953d04 100644 --- a/crypto/openssl/crypto/pkcs7/example.c +++ b/crypto/openssl/crypto/pkcs7/example.c @@ -123,7 +123,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); if (so && (so->type == V_ASN1_SEQUENCE)) { - ASN1_CTX c; + ASN1_const_CTX c; ASN1_STRING *s; long length; ASN1_OCTET_STRING *os1,*os2; @@ -144,7 +144,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) goto err; c.slen-=(c.p-c.q); - if (!asn1_Finish(&c)) goto err; + if (!asn1_const_Finish(&c)) goto err; *str1=malloc(os1->length+1); *str2=malloc(os2->length+1); memcpy(*str1,os1->data,os1->length); @@ -290,7 +290,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); if (so->type == V_ASN1_SEQUENCE) { - ASN1_CTX c; + ASN1_const_CTX c; ASN1_STRING *s; long length; ASN1_OCTET_STRING *os1,*os2; @@ -311,7 +311,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) goto err; c.slen-=(c.p-c.q); - if (!asn1_Finish(&c)) goto err; + if (!asn1_const_Finish(&c)) goto err; *str1=malloc(os1->length+1); *str2=malloc(os2->length+1); memcpy(*str1,os1->data,os1->length); diff --git a/crypto/openssl/crypto/pkcs7/pk7_asn1.c b/crypto/openssl/crypto/pkcs7/pk7_asn1.c index 46f0fc9..77931fe 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_asn1.c +++ b/crypto/openssl/crypto/pkcs7/pk7_asn1.c @@ -69,30 +69,31 @@ ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); ASN1_ADB(PKCS7) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) + ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), + ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), + ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), + ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), + ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); -ASN1_SEQUENCE(PKCS7) = { +ASN1_NDEF_SEQUENCE(PKCS7) = { ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), ASN1_ADB_OBJECT(PKCS7) -}ASN1_SEQUENCE_END(PKCS7) +}ASN1_NDEF_SEQUENCE_END(PKCS7) IMPLEMENT_ASN1_FUNCTIONS(PKCS7) +IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) -ASN1_SEQUENCE(PKCS7_SIGNED) = { +ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) -} ASN1_SEQUENCE_END(PKCS7_SIGNED) +} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) @@ -130,11 +131,11 @@ ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) -ASN1_SEQUENCE(PKCS7_ENVELOPE) = { +ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) -} ASN1_SEQUENCE_END(PKCS7_ENVELOPE) +} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) @@ -157,15 +158,15 @@ ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) -ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = { +ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) -} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT) +} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) -ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { +ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), @@ -173,23 +174,23 @@ ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) -} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) +} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) -ASN1_SEQUENCE(PKCS7_ENCRYPT) = { +ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) -} ASN1_SEQUENCE_END(PKCS7_ENCRYPT) +} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) -ASN1_SEQUENCE(PKCS7_DIGEST) = { +ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(PKCS7_DIGEST) +} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) diff --git a/crypto/openssl/crypto/pkcs7/pk7_attr.c b/crypto/openssl/crypto/pkcs7/pk7_attr.c index 0391410..735c880 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_attr.c +++ b/crypto/openssl/crypto/pkcs7/pk7_attr.c @@ -96,7 +96,8 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *cap; - unsigned char *p; + const unsigned char *p; + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); if (!cap || (cap->type != V_ASN1_SEQUENCE)) return NULL; diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c index b78e228..a4bbba0 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_doit.c +++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c @@ -62,6 +62,7 @@ #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/x509v3.h> +#include <openssl/err.h> static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); @@ -101,18 +102,54 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) return NULL; } +static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) + { + BIO *btmp; + const EVP_MD *md; + if ((btmp=BIO_new(BIO_f_md())) == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + + md=EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp,md); + if (*pbio == NULL) + *pbio=btmp; + else if (!BIO_push(*pbio,btmp)) + { + PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); + goto err; + } + btmp=NULL; + + return 1; + + err: + if (btmp) + BIO_free(btmp); + return 0; + + } + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { int i; BIO *out=NULL,*btmp=NULL; - X509_ALGOR *xa; - const EVP_MD *evp_md; + X509_ALGOR *xa = NULL; const EVP_CIPHER *evp_cipher=NULL; STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; X509_ALGOR *xalg=NULL; PKCS7_RECIP_INFO *ri=NULL; EVP_PKEY *pkey; + ASN1_OCTET_STRING *os=NULL; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -121,6 +158,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { case NID_pkcs7_signed: md_sk=p7->d.sign->md_algs; + os = PKCS7_get_octet_string(p7->d.sign->contents); break; case NID_pkcs7_signedAndEnveloped: rsk=p7->d.signed_and_enveloped->recipientinfo; @@ -145,37 +183,21 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) goto err; } break; + case NID_pkcs7_digest: + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; default: PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; } - if (md_sk != NULL) - { - for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) - { - xa=sk_X509_ALGOR_value(md_sk,i); - if ((btmp=BIO_new(BIO_f_md())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); - goto err; - } - - evp_md=EVP_get_digestbyobj(xa->algorithm); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } + for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) + if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) + goto err; - BIO_set_md(btmp,evp_md); - if (out == NULL) - out=btmp; - else - BIO_push(out,btmp); - btmp=NULL; - } - } + if (xa && !PKCS7_bio_add_digest(&out, xa)) + goto err; if (evp_cipher != NULL) { @@ -194,11 +216,14 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) BIO_get_cipher_ctx(btmp, &ctx); keylen=EVP_CIPHER_key_length(evp_cipher); ivlen=EVP_CIPHER_iv_length(evp_cipher); - if (RAND_bytes(key,keylen) <= 0) - goto err; xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); - EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1); + if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) + goto err; + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) + goto err; + if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) + goto err; if (ivlen > 0) { if (xalg->parameter == NULL) @@ -239,7 +264,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) OPENSSL_free(tmp); goto err; } - M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); + if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj)) + { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, + ERR_R_MALLOC_FAILURE); + OPENSSL_free(tmp); + goto err; + } } OPENSSL_free(tmp); OPENSSL_cleanse(key, keylen); @@ -255,24 +286,14 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) { if (PKCS7_is_detached(p7)) bio=BIO_new(BIO_s_null()); - else + else if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if(bio == NULL) { - if (PKCS7_type_is_signed(p7)) - { - ASN1_OCTET_STRING *os; - os = PKCS7_get_octet_string( - p7->d.sign->contents); - if (os && os->length > 0) - bio = BIO_new_mem_buf(os->data, - os->length); - } - if(bio == NULL) - { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); - } + bio=BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio,0); } - } + } BIO_push(out,bio); bio=NULL; if (0) @@ -287,6 +308,17 @@ err: return(out); } +static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) + { + int ret; + ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, + pcert->cert_info->issuer); + if (ret) + return ret; + return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, + ri->issuer_and_serial->serial); + } + /* int */ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { @@ -397,18 +429,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) * (if any) */ - for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { - ri=sk_PKCS7_RECIP_INFO_value(rsk,i); - if(!X509_NAME_cmp(ri->issuer_and_serial->issuer, - pcert->cert_info->issuer) && - !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, - ri->issuer_and_serial->serial)) break; - ri=NULL; - } - if (ri == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, - PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); - goto err; + if (pcert) { + for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri=sk_PKCS7_RECIP_INFO_value(rsk,i); + if (!pkcs7_cmp_ri(ri, pcert)) + break; + ri=NULL; + } + if (ri == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); + goto err; + } } jj=EVP_PKEY_size(pkey); @@ -419,17 +451,46 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } - jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key), - M_ASN1_STRING_length(ri->enc_key), pkey); - if (jj <= 0) + /* If we haven't got a certificate try each ri in turn */ + + if (pcert == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); - goto err; + for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) + { + ri=sk_PKCS7_RECIP_INFO_value(rsk,i); + jj=EVP_PKEY_decrypt(tmp, + M_ASN1_STRING_data(ri->enc_key), + M_ASN1_STRING_length(ri->enc_key), + pkey); + if (jj > 0) + break; + ERR_clear_error(); + ri = NULL; + } + if (ri == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + PKCS7_R_NO_RECIPIENT_MATCHES_KEY); + goto err; + } + } + else + { + jj=EVP_PKEY_decrypt(tmp, + M_ASN1_STRING_data(ri->enc_key), + M_ASN1_STRING_length(ri->enc_key), pkey); + if (jj <= 0) + { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, + ERR_R_EVP_LIB); + goto err; + } } evp_ctx=NULL; BIO_get_cipher_ctx(etmp,&evp_ctx); - EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0); + if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) + goto err; if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) goto err; @@ -445,7 +506,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } } - EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); + if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) + goto err; OPENSSL_cleanse(tmp,jj); @@ -498,6 +560,29 @@ err: return(out); } +static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) + { + for (;;) + { + bio=BIO_find_type(bio,BIO_TYPE_MD); + if (bio == NULL) + { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio,pmd); + if (*pmd == NULL) + { + PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); + return NULL; + } + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio=BIO_next(bio); + } + return NULL; + } + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) { int ret=0; @@ -520,12 +605,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_signedAndEnveloped: /* XXXXXXXXXXXXXXXX */ si_sk=p7->d.signed_and_enveloped->signer_info; - os=M_ASN1_OCTET_STRING_new(); + if (!(os=M_ASN1_OCTET_STRING_new())) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } p7->d.signed_and_enveloped->enc_data->enc_data=os; break; case NID_pkcs7_enveloped: /* XXXXXXXXXXXXXXXX */ - os=M_ASN1_OCTET_STRING_new(); + if (!(os=M_ASN1_OCTET_STRING_new())) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); + goto err; + } p7->d.enveloped->enc_data->enc_data=os; break; case NID_pkcs7_signed: @@ -537,13 +630,24 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) p7->d.sign->contents->d.data = NULL; } break; + + case NID_pkcs7_digest: + os=PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) + { + M_ASN1_OCTET_STRING_free(os); + p7->d.digest->contents->d.data = NULL; + } + break; + } if (si_sk != NULL) { if ((buf=BUF_MEM_new()) == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); goto err; } for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) @@ -554,32 +658,18 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) j=OBJ_obj2nid(si->digest_alg->algorithm); btmp=bio; - for (;;) - { - if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) - == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_MD_CTX_type(mdc) == j) - break; - else - btmp=BIO_next(btmp); - } - + + btmp = PKCS7_find_digest(&mdc, btmp, j); + + if (btmp == NULL) + goto err; + /* We now have the EVP_MD_CTX, lets do the * signing. */ EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); goto err; } @@ -599,7 +689,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { - sign_time=X509_gmtime_adj(NULL,0); + if (!(sign_time=X509_gmtime_adj(NULL,0))) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); + goto err; + } PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, V_ASN1_UTCTIME,sign_time); @@ -608,8 +703,19 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* Add digest */ md_tmp=EVP_MD_CTX_md(&ctx_tmp); EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); - digest=M_ASN1_OCTET_STRING_new(); - M_ASN1_OCTET_STRING_set(digest,md_data,md_len); + if (!(digest=M_ASN1_OCTET_STRING_new())) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); + goto err; + } + if (!M_ASN1_OCTET_STRING_set(digest,md_data, + md_len)) + { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, + ERR_R_MALLOC_FAILURE); + goto err; + } PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING,digest); @@ -627,28 +733,42 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) if (si->pkey->type == EVP_PKEY_DSA) ctx_tmp.digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (si->pkey->type == EVP_PKEY_EC) + ctx_tmp.digest=EVP_ecdsa(); +#endif if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, (unsigned int *)&buf->length,si->pkey)) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB); goto err; } if (!ASN1_STRING_set(si->enc_digest, (unsigned char *)buf->data,buf->length)) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB); goto err; } } } + else if (i == NID_pkcs7_digest) + { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) + goto err; + EVP_DigestFinal_ex(mdc,md_data,&md_len); + M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } if (!PKCS7_is_detached(p7)) { btmp=BIO_find_type(bio,BIO_TYPE_MEM); if (btmp == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); goto err; } BIO_get_mem_ptr(btmp,&buf_mem); @@ -829,6 +949,9 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); #ifndef OPENSSL_NO_DSA if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); #endif +#ifndef OPENSSL_NO_ECDSA + if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa(); +#endif i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); EVP_PKEY_free(pkey); diff --git a/crypto/openssl/crypto/pkcs7/pk7_lib.c b/crypto/openssl/crypto/pkcs7/pk7_lib.c index 985b072..58ce679 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_lib.c +++ b/crypto/openssl/crypto/pkcs7/pk7_lib.c @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents=p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: @@ -164,7 +168,12 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.sign->version,1); + if (!ASN1_INTEGER_set(p7->d.sign->version,1)) + { + PKCS7_SIGNED_free(p7->d.sign); + p7->d.sign=NULL; + goto err; + } break; case NID_pkcs7_data: p7->type=obj; @@ -176,6 +185,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); + if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) + goto err; p7->d.signed_and_enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; @@ -183,7 +194,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.enveloped->version,0); + if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) + goto err; p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; @@ -191,12 +203,19 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.encrypted->version,0); + if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) + goto err; p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_digest: + p7->type=obj; + if ((p7->d.digest=PKCS7_DIGEST_new()) + == NULL) goto err; + if (!ASN1_INTEGER_set(p7->d.digest->version,0)) + goto err; + break; default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; @@ -206,6 +225,13 @@ err: return(0); } +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) + { + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; + } + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; @@ -314,19 +340,26 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { + int nid; char is_dsa; - if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; - else is_dsa = 0; + + if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) + is_dsa = 1; + else + is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ - ASN1_INTEGER_set(p7i->version,1); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + if (!ASN1_INTEGER_set(p7i->version,1)) + goto err; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + goto err; /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + if (!(p7i->issuer_and_serial->serial= + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + goto err; /* lets keep the pkey around for a while */ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); @@ -343,16 +376,38 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, goto err; p7i->digest_alg->parameter->type=V_ASN1_NULL; - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); - if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if(is_dsa) p7i->digest_enc_alg->parameter = NULL; - else { + nid = EVP_PKEY_type(pkey->type); + if (nid == EVP_PKEY_RSA) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) goto err; p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; - } + } + else if (nid == EVP_PKEY_DSA) + { +#if 1 + /* use 'dsaEncryption' OID for compatibility with other software + * (PKCS #7 v1.5 does specify how to handle DSA) ... */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); +#else + /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) + * would make more sense. */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); +#endif + p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ + } + else if (nid == EVP_PKEY_EC) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + } + else + return(0); return(1); err: @@ -372,6 +427,24 @@ err: return(NULL); } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) + { + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) + { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); + return 1; + } + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) @@ -423,16 +496,20 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) { - ASN1_INTEGER_set(p7i->version,0); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + if (!ASN1_INTEGER_set(p7i->version,0)) + return 0; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + return 0; M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + if (!(p7i->issuer_and_serial->serial= + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + return 0; X509_ALGOR_free(p7i->key_enc_algor); - p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor); + if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor))) + return 0; CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); p7i->cert=x509; diff --git a/crypto/openssl/crypto/pkcs7/pk7_mime.c b/crypto/openssl/crypto/pkcs7/pk7_mime.c index 5d2a978..134746c 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_mime.c +++ b/crypto/openssl/crypto/pkcs7/pk7_mime.c @@ -1,9 +1,9 @@ /* pk7_mime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -86,6 +86,7 @@ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ DECLARE_STACK_OF(MIME_HEADER) IMPLEMENT_STACK_OF(MIME_HEADER) +static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags); static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); static PKCS7 *B64_read_PKCS7(BIO *bio); static char * strip_ends(char *name); @@ -109,9 +110,6 @@ static void mime_hdr_free(MIME_HEADER *hdr); #define MAX_SMLEN 1024 #define mime_debug(x) /* x */ - -typedef void (*stkfree)(); - /* Base 64 read and write of PKCS#7 structure */ static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) @@ -152,11 +150,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { char bound[33], c; int i; - char *mime_prefix, *mime_eol; + char *mime_prefix, *mime_eol, *msg_type=NULL; if (flags & PKCS7_NOOLDMIMETYPE) mime_prefix = "application/pkcs7-"; else mime_prefix = "application/x-pkcs7-"; + if (flags & PKCS7_CRLFEOL) mime_eol = "\r\n"; else @@ -181,7 +180,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) mime_eol, mime_eol); /* Now write out the first part */ BIO_printf(bio, "------%s%s", bound, mime_eol); - SMIME_crlf_copy(data, bio, flags); + pkcs7_output_data(bio, data, p7, flags); BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); /* Headers for signature */ @@ -195,14 +194,33 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) mime_eol, mime_eol); B64_write_PKCS7(bio, p7); BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, - mime_eol, mime_eol); + mime_eol, mime_eol); return 1; } + + /* Determine smime-type header */ + + if (PKCS7_type_is_enveloped(p7)) + msg_type = "enveloped-data"; + else if (PKCS7_type_is_signed(p7)) + { + /* If we have any signers it is signed-data othewise + * certs-only. + */ + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + sinfos = PKCS7_get_signer_info(p7); + if (sk_PKCS7_SIGNER_INFO_num(sinfos) > 0) + msg_type = "signed-data"; + else + msg_type = "certs-only"; + } /* MIME headers */ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); BIO_printf(bio, "Content-Disposition: attachment;"); BIO_printf(bio, " filename=\"smime.p7m\"%s", mime_eol); BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + if (msg_type) + BIO_printf(bio, " smime-type=%s;", msg_type); BIO_printf(bio, " name=\"smime.p7m\"%s", mime_eol); BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", mime_eol, mime_eol); @@ -211,6 +229,46 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) return 1; } +/* Handle output of PKCS#7 data */ + + +static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags) + { + BIO *tmpbio, *p7bio; + + if (!(flags & PKCS7_STREAM)) + { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + /* Partial sign operation */ + + /* Initialize sign operation */ + p7bio = PKCS7_dataInit(p7, out); + + /* Copy data across, computing digests etc */ + SMIME_crlf_copy(data, p7bio, flags); + + /* Must be detached */ + PKCS7_set_detached(p7, 1); + + /* Finalize signatures */ + PKCS7_dataFinal(p7, p7bio); + + /* Now remove any digests prepended to the BIO */ + + while (p7bio != out) + { + tmpbio = BIO_pop(p7bio); + BIO_free(p7bio); + p7bio = tmpbio; + } + + return 1; + + } + /* SMIME reader: handle multipart/signed and opaque signing. * in multipart case the content is placed in a memory BIO * pointed to by "bcont". In opaque this is set to NULL @@ -330,7 +388,8 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_write(out, linebuf, len); return 1; } - if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + if(flags & PKCS7_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { eol = strip_eol(linebuf, &len); if (len) diff --git a/crypto/openssl/crypto/pkcs7/pk7_smime.c b/crypto/openssl/crypto/pkcs7/pk7_smime.c index 6e5735d..1f4a0a1 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_smime.c +++ b/crypto/openssl/crypto/pkcs7/pk7_smime.c @@ -1,9 +1,9 @@ /* pk7_smime.c */ /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. + * project. */ /* ==================================================================== - * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -88,6 +88,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + PKCS7_free(p7); return NULL; } @@ -97,14 +98,6 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, PKCS7_add_certificate(p7, sk_X509_value(certs, i)); } - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; - } - - - SMIME_crlf_copy(data, p7bio, flags); - if(!(flags & PKCS7_NOATTR)) { PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); @@ -113,6 +106,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, { if(!(smcap = sk_X509_ALGOR_new_null())) { PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + PKCS7_free(p7); return NULL; } #ifndef OPENSSL_NO_DES @@ -133,14 +127,27 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, } } + if (flags & PKCS7_STREAM) + return p7; + + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + PKCS7_free(p7); + return NULL; + } + + SMIME_crlf_copy(data, p7bio, flags); + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); if (!PKCS7_dataFinal(p7,p7bio)) { PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + PKCS7_free(p7); + BIO_free_all(p7bio); return NULL; } - BIO_free_all(p7bio); + BIO_free_all(p7bio); return p7; } @@ -155,7 +162,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, char buf[4096]; int i, j=0, k, ret = 0; BIO *p7bio; - BIO *tmpout; + BIO *tmpin, *tmpout; if(!p7) { PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); @@ -215,6 +222,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, sk_X509_free(signers); return 0; } + if (!(flags & PKCS7_NOCRL)) + X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); i = X509_verify_cert(&cert_ctx); if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); X509_STORE_CTX_cleanup(&cert_ctx); @@ -228,7 +237,30 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, /* Check for revocation status here */ } - p7bio=PKCS7_dataInit(p7,indata); + /* Performance optimization: if the content is a memory BIO then + * store its contents in a temporary read only memory BIO. This + * avoids potentially large numbers of slow copies of data which will + * occur when reading from a read write memory BIO when signatures + * are calculated. + */ + + if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) + { + char *ptr; + long len; + len = BIO_get_mem_data(indata, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) + { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + tmpin = indata; + + + p7bio=PKCS7_dataInit(p7,tmpin); if(flags & PKCS7_TEXT) { if(!(tmpout = BIO_new(BIO_s_mem()))) { @@ -270,9 +302,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ret = 1; err: - - if(indata) BIO_pop(p7bio); + + if (tmpin == indata) + { + if (indata) BIO_pop(p7bio); + } BIO_free_all(p7bio); + sk_X509_free(signers); return ret; @@ -296,10 +332,6 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); return NULL; } - if(!(signers = sk_X509_new_null())) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); - return NULL; - } /* Collect all the signers together */ @@ -310,6 +342,11 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) return 0; } + if(!(signers = sk_X509_new_null())) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); @@ -404,7 +441,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) return 0; } - if(!X509_check_private_key(cert, pkey)) { + if(cert && !X509_check_private_key(cert, pkey)) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return 0; diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/openssl/crypto/pkcs7/pkcs7.h index 15372e1..cc092d2 100644 --- a/crypto/openssl/crypto/pkcs7/pkcs7.h +++ b/crypto/openssl/crypto/pkcs7/pkcs7.h @@ -233,6 +233,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) #define PKCS7_get_detached(p) \ @@ -262,6 +264,8 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_NOSMIMECAP 0x200 #define PKCS7_NOOLDMIMETYPE 0x400 #define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 /* Flags: for compatibility with older code */ @@ -302,10 +306,12 @@ DECLARE_ASN1_FUNCTIONS(PKCS7) DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) +DECLARE_ASN1_NDEF_FUNCTION(PKCS7) long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); @@ -326,6 +332,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); @@ -381,16 +388,20 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 #define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 #define PKCS7_F_PKCS7_CTRL 104 #define PKCS7_F_PKCS7_DATADECODE 112 +#define PKCS7_F_PKCS7_DATAFINAL 128 #define PKCS7_F_PKCS7_DATAINIT 105 #define PKCS7_F_PKCS7_DATASIGN 106 #define PKCS7_F_PKCS7_DATAVERIFY 107 #define PKCS7_F_PKCS7_DECRYPT 114 #define PKCS7_F_PKCS7_ENCRYPT 115 +#define PKCS7_F_PKCS7_FIND_DIGEST 127 #define PKCS7_F_PKCS7_GET0_SIGNERS 124 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 #define PKCS7_F_PKCS7_SET_TYPE 110 #define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 @@ -421,13 +432,15 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 #define PKCS7_R_NO_SIGNATURES_ON_DATA 123 #define PKCS7_R_NO_SIGNERS 142 #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_DATAFINAL 126 #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 -#define PKCS7_R_PKCS7_DATASIGN 126 +#define PKCS7_R_PKCS7_DATASIGN 145 #define PKCS7_R_PKCS7_PARSE_ERROR 139 #define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 diff --git a/crypto/openssl/crypto/pkcs7/pkcs7err.c b/crypto/openssl/crypto/pkcs7/pkcs7err.c index 5e51527a..4cd2934 100644 --- a/crypto/openssl/crypto/pkcs7/pkcs7err.c +++ b/crypto/openssl/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* crypto/pkcs7/pkcs7err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -64,81 +64,91 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) + static ERR_STRING_DATA PKCS7_str_functs[]= { -{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, -{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, -{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"}, -{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"}, -{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"}, -{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"}, -{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"}, +{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, +{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, +{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, +{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, +{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, +{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, +{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, +{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, +{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, +{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, +{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, +{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, +{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, +{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, +{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, {0,NULL} }; static ERR_STRING_DATA PKCS7_str_reasons[]= { -{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, -{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, -{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"}, -{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"}, -{PKCS7_R_DECODE_ERROR ,"decode error"}, -{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"}, -{PKCS7_R_DECRYPT_ERROR ,"decrypt error"}, -{PKCS7_R_DIGEST_FAILURE ,"digest failure"}, -{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"}, -{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, -{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, -{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"}, -{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, -{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, -{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, -{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"}, -{PKCS7_R_NO_CONTENT ,"no content"}, -{PKCS7_R_NO_CONTENT_TYPE ,"no content type"}, -{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"}, -{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"}, -{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"}, -{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"}, -{PKCS7_R_NO_SIGNERS ,"no signers"}, -{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"}, -{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, -{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"}, -{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"}, -{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"}, -{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"}, -{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"}, -{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, -{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, -{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, -{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"}, -{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"}, -{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, -{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, -{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, -{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, -{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"}, -{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, -{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, -{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, -{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"}, +{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, +{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, +{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, +{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, +{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, +{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, +{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, +{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, +{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, +{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, +{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, +{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, +{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, +{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, +{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, +{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, +{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, +{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, +{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, +{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, +{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, +{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, +{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, +{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, +{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, +{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, +{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, +{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, +{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, +{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, +{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, +{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, +{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, +{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, +{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, +{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, +{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, +{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, +{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, +{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, +{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, +{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, {0,NULL} }; @@ -152,8 +162,8 @@ void ERR_load_PKCS7_strings(void) { init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); - ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); + ERR_load_strings(0,PKCS7_str_functs); + ERR_load_strings(0,PKCS7_str_reasons); #endif } |