diff options
Diffstat (limited to 'crypto/cms/cms_sd.c')
| -rw-r--r-- | crypto/cms/cms_sd.c | 152 |
1 files changed, 75 insertions, 77 deletions
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 4758d048386e..e6ba17c973bf 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -42,8 +42,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) return NULL; } cms->d.signedData->version = 1; - cms->d.signedData->encapContentInfo->eContentType = - OBJ_nid2obj(NID_pkcs7_data); + cms->d.signedData->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); cms->d.signedData->encapContentInfo->partial = 1; ASN1_OBJECT_free(cms->contentType); cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); @@ -62,7 +61,6 @@ int CMS_SignedData_init(CMS_ContentInfo *cms) return 0; } - /* Check structures and fixup version numbers (if necessary) */ static void cms_sd_set_version(CMS_SignedData *sd) @@ -111,7 +109,6 @@ static void cms_sd_set_version(CMS_SignedData *sd) if (sd->version < 1) sd->version = 1; - } /* @@ -132,7 +129,8 @@ static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si) /* Add the contentType attribute */ return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, ctype, -1) > 0; + V_ASN1_OBJECT, ctype, -1) + > 0; } /* Copy an existing messageDigest value */ @@ -153,20 +151,19 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) if (CMS_signed_get_attr_count(sitmp) < 0) continue; if (OBJ_cmp(si->digestAlgorithm->algorithm, - sitmp->digestAlgorithm->algorithm)) + sitmp->digestAlgorithm->algorithm)) continue; messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, - OBJ_nid2obj - (NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); if (!messageDigest) { ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); return 0; } if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, - messageDigest, -1)) + V_ASN1_OCTET_STRING, + messageDigest, -1)) return 1; else return 0; @@ -176,7 +173,7 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) } int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type, const CMS_CTX *ctx) + int type, const CMS_CTX *ctx) { switch (type) { case CMS_SIGNERINFO_ISSUER_SERIAL: @@ -200,9 +197,9 @@ int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, } int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno) { if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { if (issuer) @@ -254,7 +251,7 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) /* Add SigningCertificate signed attribute to the signer info. */ static int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, - const ESS_SIGNING_CERT *sc) + const ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -272,14 +269,14 @@ static int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, } OPENSSL_free(pp); ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate, - V_ASN1_SEQUENCE, seq, -1); + V_ASN1_SEQUENCE, seq, -1); ASN1_STRING_free(seq); return ret; } /* Add SigningCertificateV2 signed attribute to the signer info. */ static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, - const ESS_SIGNING_CERT_V2 *sc) + const ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -297,14 +294,14 @@ static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, } OPENSSL_free(pp); ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2, - V_ASN1_SEQUENCE, seq, -1); + V_ASN1_SEQUENCE, seq, -1); ASN1_STRING_free(seq); return ret; } CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags) + X509 *signer, EVP_PKEY *pk, const EVP_MD *md, + unsigned int flags) { CMS_SignedData *sd; CMS_SignerInfo *si = NULL; @@ -357,13 +354,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) { ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, - "pkey nid=%d", EVP_PKEY_get_id(pk)); + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; } md = EVP_get_digestbynid(def_nid); if (md == NULL) { ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, - "default md nid=%d", def_nid); + "default md nid=%d", def_nid); goto err; } } @@ -405,7 +402,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, - "pkey nid=%d", EVP_PKEY_get_id(pk)); + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; } if (!(flags & CMS_NOATTR)) { @@ -435,13 +432,15 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (md == NULL || EVP_MD_is_a(md, SN_sha1)) { if ((sc = OSSL_ESS_signing_cert_new_init(signer, - NULL, 1)) == NULL) + NULL, 1)) + == NULL) goto err; add_sc = ossl_cms_add1_signing_cert(si, sc); ESS_SIGNING_CERT_free(sc); } else { if ((sc2 = OSSL_ESS_signing_cert_v2_new_init(md, signer, - NULL, 1)) == NULL) + NULL, 1)) + == NULL) goto err; add_sc = ossl_cms_add1_signing_cert_v2(si, sc2); ESS_SIGNING_CERT_V2_free(sc2); @@ -454,8 +453,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (!cms_set_si_contentType_attr(cms, si)) goto err; - if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && - !CMS_SignerInfo_sign(si)) + if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && !CMS_SignerInfo_sign(si)) goto err; } } @@ -469,8 +467,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (flags & CMS_KEY_PARAM) { if (flags & CMS_NOATTR) { si->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - si->pkey, - ossl_cms_ctx_get0_propq(ctx)); + si->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (si->pctx == NULL) goto err; if (EVP_PKEY_sign_init(si->pctx) <= 0) @@ -478,14 +476,14 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, - EVP_MD_get0_name(md), - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), - pk, NULL) <= 0) { + EVP_MD_get0_name(md), + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx), + pk, NULL) + <= 0) { si->pctx = NULL; goto err; - } - else { + } else { EVP_MD_CTX_set_flags(si->mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); } } @@ -497,12 +495,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, return si; - merr: +merr: ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: +err: M_ASN1_free_of(si, CMS_SignerInfo); return NULL; - } void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms) @@ -537,11 +534,12 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) goto merr; if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, - tt->type, tt, -1) <= 0) + tt->type, tt, -1) + <= 0) goto merr; r = 1; - merr: +merr: if (t == NULL) ASN1_TIME_free(tt); @@ -549,7 +547,6 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); return r; - } EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) @@ -581,7 +578,7 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) si = sk_CMS_SignerInfo_value(sinfos, i); if (si->signer != NULL) { if (!ossl_x509_add_cert_new(&signers, si->signer, - X509_ADD_FLAG_DEFAULT)) { + X509_ADD_FLAG_DEFAULT)) { sk_X509_free(signers); return NULL; } @@ -602,8 +599,8 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) } int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno) + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) { return ossl_cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); } @@ -614,7 +611,7 @@ int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) } int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, - unsigned int flags) + unsigned int flags) { CMS_SignedData *sd; CMS_SignerInfo *si; @@ -661,8 +658,8 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, } void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, - X509 **signer, X509_ALGOR **pdig, - X509_ALGOR **psig) + X509 **signer, X509_ALGOR **pdig, + X509_ALGOR **psig) { if (pk != NULL) *pk = si->pkey; @@ -680,7 +677,7 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) } static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, - CMS_SignerInfo *si, BIO *chain) + CMS_SignerInfo *si, BIO *chain) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int r = 0; @@ -714,7 +711,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, md, mdlen)) + V_ASN1_OCTET_STRING, md, mdlen)) goto err; /* Copy content type across */ if (!cms_set_si_contentType_attr(cms, si)) @@ -753,8 +750,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, goto err; } if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx))) { + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx))) { ERR_raise(ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -764,11 +761,10 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, r = 1; - err: +err: EVP_MD_CTX_free(mctx); EVP_PKEY_CTX_free(pctx); return r; - } int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) @@ -798,7 +794,8 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) char md_name[OSSL_MAX_NAME_SIZE]; if (OBJ_obj2txt(md_name, sizeof(md_name), - si->digestAlgorithm->algorithm, 0) <= 0) + si->digestAlgorithm->algorithm, 0) + <= 0) return 0; if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { @@ -814,16 +811,17 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) else { EVP_MD_CTX_reset(mctx); if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), si->pkey, - NULL) <= 0) + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx), si->pkey, + NULL) + <= 0) goto err; EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); si->pctx = pctx; } alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, - ASN1_ITEM_rptr(CMS_Attributes_Sign)); + ASN1_ITEM_rptr(CMS_Attributes_Sign)); if (!abuf) goto err; if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) @@ -843,7 +841,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) return 1; - err: +err: OPENSSL_free(abuf); EVP_MD_CTX_reset(mctx); return 0; @@ -895,7 +893,8 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) si->pctx = NULL; } if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, - propq, si->pkey, NULL) <= 0) { + propq, si->pkey, NULL) + <= 0) { si->pctx = NULL; goto err; } @@ -905,7 +904,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) goto err; alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, - ASN1_ITEM_rptr(CMS_Attributes_Verify)); + ASN1_ITEM_rptr(CMS_Attributes_Verify)); if (abuf == NULL || alen < 0) goto err; r = EVP_DigestVerifyUpdate(mctx, abuf, alen); @@ -915,10 +914,10 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) goto err; } r = EVP_DigestVerifyFinal(mctx, - si->signature->data, si->signature->length); + si->signature->data, si->signature->length); if (r <= 0) ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); - err: +err: EVP_MD_free(fetched_md); EVP_MD_CTX_reset(mctx); return r; @@ -943,7 +942,7 @@ BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms) digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); mdbio = ossl_cms_DigestAlgorithm_init_bio(digestAlgorithm, - ossl_cms_get0_cmsctx(cms)); + ossl_cms_get0_cmsctx(cms)); if (mdbio == NULL) goto err; if (chain != NULL) @@ -952,7 +951,7 @@ BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms) chain = mdbio; } return chain; - err: +err: BIO_free_all(chain); return NULL; } @@ -973,8 +972,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) /* If we have any signed attributes look for messageDigest value */ if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); if (os == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); goto err; @@ -1007,8 +1006,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) const CMS_CTX *ctx = si->cms_ctx; pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - si->pkey, - ossl_cms_ctx_get0_propq(ctx)); + si->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (pkctx == NULL) goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) @@ -1022,18 +1021,17 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } si->pctx = NULL; r = EVP_PKEY_verify(pkctx, si->signature->data, - si->signature->length, mval, mlen); + si->signature->length, mval, mlen); if (r <= 0) { ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); r = 0; } } - err: +err: EVP_PKEY_CTX_free(pkctx); EVP_MD_CTX_free(mctx); return r; - } int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) @@ -1045,13 +1043,13 @@ int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) if (smderlen <= 0) return 0; r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, smder, smderlen); + V_ASN1_SEQUENCE, smder, smderlen); OPENSSL_free(smder); return r; } int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize) + int algnid, int keysize) { X509_ALGOR *alg = NULL; ASN1_INTEGER *key = NULL; @@ -1066,7 +1064,7 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, goto err; if (!X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), - key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key)) + key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key)) goto err; key = NULL; if (*algs == NULL) @@ -1075,7 +1073,7 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, goto err; return 1; - err: +err: ASN1_INTEGER_free(key); X509_ALGOR_free(alg); return 0; |