OLD | NEW |
1 /* crypto/cms/cms_sd.c */ | 1 /* crypto/cms/cms_sd.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project. | 3 * project. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
51 * ==================================================================== | 51 * ==================================================================== |
52 */ | 52 */ |
53 | 53 |
54 #include "cryptlib.h" | 54 #include "cryptlib.h" |
55 #include <openssl/asn1t.h> | 55 #include <openssl/asn1t.h> |
56 #include <openssl/pem.h> | 56 #include <openssl/pem.h> |
57 #include <openssl/x509v3.h> | 57 #include <openssl/x509v3.h> |
58 #include <openssl/err.h> | 58 #include <openssl/err.h> |
59 #include <openssl/cms.h> | 59 #include <openssl/cms.h> |
60 #include "cms_lcl.h" | 60 #include "cms_lcl.h" |
| 61 #include "asn1_locl.h" |
61 | 62 |
62 /* CMS SignedData Utilities */ | 63 /* CMS SignedData Utilities */ |
63 | 64 |
64 DECLARE_ASN1_ITEM(CMS_SignedData) | 65 DECLARE_ASN1_ITEM(CMS_SignedData) |
65 | 66 |
66 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) | 67 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) |
67 { | 68 { |
68 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) | 69 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) |
69 { | 70 { |
70 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA
); | 71 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA
); |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
211 switch(type) | 212 switch(type) |
212 { | 213 { |
213 case CMS_SIGNERINFO_ISSUER_SERIAL: | 214 case CMS_SIGNERINFO_ISSUER_SERIAL: |
214 sid->d.issuerAndSerialNumber = | 215 sid->d.issuerAndSerialNumber = |
215 M_ASN1_new_of(CMS_IssuerAndSerialNumber); | 216 M_ASN1_new_of(CMS_IssuerAndSerialNumber); |
216 if (!sid->d.issuerAndSerialNumber) | 217 if (!sid->d.issuerAndSerialNumber) |
217 goto merr; | 218 goto merr; |
218 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, | 219 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, |
219 X509_get_issuer_name(cert))) | 220 X509_get_issuer_name(cert))) |
220 goto merr; | 221 goto merr; |
221 » » ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); | 222 » » if (!ASN1_STRING_copy( |
222 » » sid->d.issuerAndSerialNumber->serialNumber = | 223 » » » sid->d.issuerAndSerialNumber->serialNumber, |
223 » » » » ASN1_STRING_dup(X509_get_serialNumber(cert)); | 224 » » » » X509_get_serialNumber(cert))) |
224 » » if(!sid->d.issuerAndSerialNumber->serialNumber) | |
225 goto merr; | 225 goto merr; |
226 break; | 226 break; |
227 | 227 |
228 case CMS_SIGNERINFO_KEYIDENTIFIER: | 228 case CMS_SIGNERINFO_KEYIDENTIFIER: |
229 if (!cert->skid) | 229 if (!cert->skid) |
230 { | 230 { |
231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, | 231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, |
232 CMS_R_CERTIFICATE_HAS_NO_KEYID); | 232 CMS_R_CERTIFICATE_HAS_NO_KEYID); |
233 return 0; | 233 return 0; |
234 } | 234 } |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
334 } | 334 } |
335 else | 335 else |
336 { | 336 { |
337 type = CMS_SIGNERINFO_ISSUER_SERIAL; | 337 type = CMS_SIGNERINFO_ISSUER_SERIAL; |
338 si->version = 1; | 338 si->version = 1; |
339 } | 339 } |
340 | 340 |
341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) | 341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) |
342 goto err; | 342 goto err; |
343 | 343 |
344 /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */ | |
345 if (md == NULL) | 344 if (md == NULL) |
346 » » md = EVP_sha1(); | 345 » » { |
| 346 » » int def_nid; |
| 347 » » if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) |
| 348 » » » goto err; |
| 349 » » md = EVP_get_digestbynid(def_nid); |
| 350 » » if (md == NULL) |
| 351 » » » { |
| 352 » » » CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); |
| 353 » » » goto err; |
| 354 » » » } |
| 355 » » } |
347 | 356 |
348 » /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ | 357 » if (!md) |
349 | |
350 » if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) | |
351 { | 358 { |
352 » » CMSerr(CMS_F_CMS_ADD1_SIGNER, | 359 » » CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); |
353 » » » » CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
354 goto err; | 360 goto err; |
355 } | 361 } |
356 | 362 |
357 cms_DigestAlgorithm_set(si->digestAlgorithm, md); | 363 cms_DigestAlgorithm_set(si->digestAlgorithm, md); |
358 | 364 |
359 /* See if digest is present in digestAlgorithms */ | 365 /* See if digest is present in digestAlgorithms */ |
360 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) | 366 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) |
361 { | 367 { |
362 ASN1_OBJECT *aoid; | 368 ASN1_OBJECT *aoid; |
363 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); | 369 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); |
364 X509_ALGOR_get0(&aoid, NULL, NULL, alg); | 370 X509_ALGOR_get0(&aoid, NULL, NULL, alg); |
365 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) | 371 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) |
366 break; | 372 break; |
367 } | 373 } |
368 | 374 |
369 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) | 375 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) |
370 { | 376 { |
371 alg = X509_ALGOR_new(); | 377 alg = X509_ALGOR_new(); |
372 if (!alg) | 378 if (!alg) |
373 goto merr; | 379 goto merr; |
374 cms_DigestAlgorithm_set(alg, md); | 380 cms_DigestAlgorithm_set(alg, md); |
375 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) | 381 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) |
376 { | 382 { |
377 X509_ALGOR_free(alg); | 383 X509_ALGOR_free(alg); |
378 goto merr; | 384 goto merr; |
379 } | 385 } |
380 } | 386 } |
381 | 387 |
382 » /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, | 388 » if (pk->ameth && pk->ameth->pkey_ctrl) |
383 » * hard code algorithm parameters. | |
384 » */ | |
385 | |
386 » switch (pk->type) | |
387 { | 389 { |
388 | 390 » » i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN, |
389 » » case EVP_PKEY_RSA: | 391 » » » » » » 0, si); |
390 » » X509_ALGOR_set0(si->signatureAlgorithm, | 392 » » if (i == -2) |
391 » » » » » OBJ_nid2obj(NID_rsaEncryption), | 393 » » » { |
392 » » » » » V_ASN1_NULL, 0); | 394 » » » CMSerr(CMS_F_CMS_ADD1_SIGNER, |
393 » » break; | |
394 | |
395 » » case EVP_PKEY_DSA: | |
396 » » X509_ALGOR_set0(si->signatureAlgorithm, | |
397 » » » » » OBJ_nid2obj(NID_dsaWithSHA1), | |
398 » » » » » V_ASN1_UNDEF, 0); | |
399 » » break; | |
400 | |
401 | |
402 » » case EVP_PKEY_EC: | |
403 » » X509_ALGOR_set0(si->signatureAlgorithm, | |
404 » » » » » OBJ_nid2obj(NID_ecdsa_with_SHA1), | |
405 » » » » » V_ASN1_UNDEF, 0); | |
406 » » break; | |
407 | |
408 » » default: | |
409 » » CMSerr(CMS_F_CMS_ADD1_SIGNER, | |
410 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | 395 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); |
411 » » goto err; | 396 » » » goto err; |
412 | 397 » » » } |
| 398 » » if (i <= 0) |
| 399 » » » { |
| 400 » » » CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE); |
| 401 » » » goto err; |
| 402 » » » } |
413 } | 403 } |
414 | 404 |
415 if (!(flags & CMS_NOATTR)) | 405 if (!(flags & CMS_NOATTR)) |
416 { | 406 { |
417 /* Initialialize signed attributes strutucture so other | 407 /* Initialialize signed attributes strutucture so other |
418 * attributes such as signing time etc are added later | 408 * attributes such as signing time etc are added later |
419 * even if we add none here. | 409 * even if we add none here. |
420 */ | 410 */ |
421 if (!si->signedAttrs) | 411 if (!si->signedAttrs) |
422 { | 412 { |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
619 if (pk) | 609 if (pk) |
620 *pk = si->pkey; | 610 *pk = si->pkey; |
621 if (signer) | 611 if (signer) |
622 *signer = si->signer; | 612 *signer = si->signer; |
623 if (pdig) | 613 if (pdig) |
624 *pdig = si->digestAlgorithm; | 614 *pdig = si->digestAlgorithm; |
625 if (psig) | 615 if (psig) |
626 *psig = si->signatureAlgorithm; | 616 *psig = si->signatureAlgorithm; |
627 } | 617 } |
628 | 618 |
629 /* In OpenSSL 0.9.8 we have the link between digest types and public | |
630 * key types so we need to fixup the digest type if the public key | |
631 * type is not appropriate. | |
632 */ | |
633 | |
634 static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey) | |
635 { | |
636 if (EVP_MD_CTX_type(mctx) != NID_sha1) | |
637 return; | |
638 #ifndef OPENSSL_NO_DSA | |
639 if (pkey->type == EVP_PKEY_DSA) | |
640 mctx->digest = EVP_dss1(); | |
641 #endif | |
642 #ifndef OPENSSL_NO_ECDSA | |
643 if (pkey->type == EVP_PKEY_EC) | |
644 mctx->digest = EVP_ecdsa(); | |
645 #endif | |
646 } | |
647 | |
648 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, | 619 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, |
649 CMS_SignerInfo *si, BIO *chain) | 620 CMS_SignerInfo *si, BIO *chain) |
650 { | 621 { |
651 EVP_MD_CTX mctx; | 622 EVP_MD_CTX mctx; |
652 int r = 0; | 623 int r = 0; |
653 EVP_MD_CTX_init(&mctx); | 624 EVP_MD_CTX_init(&mctx); |
654 | 625 |
655 | 626 |
656 if (!si->pkey) | 627 if (!si->pkey) |
657 { | 628 { |
(...skipping 28 matching lines...) Expand all Loading... |
686 { | 657 { |
687 unsigned char *sig; | 658 unsigned char *sig; |
688 unsigned int siglen; | 659 unsigned int siglen; |
689 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); | 660 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); |
690 if (!sig) | 661 if (!sig) |
691 { | 662 { |
692 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, | 663 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, |
693 ERR_R_MALLOC_FAILURE); | 664 ERR_R_MALLOC_FAILURE); |
694 goto err; | 665 goto err; |
695 } | 666 } |
696 cms_fixup_mctx(&mctx, si->pkey); | |
697 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) | 667 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) |
698 { | 668 { |
699 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, | 669 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, |
700 CMS_R_SIGNFINAL_ERROR); | 670 CMS_R_SIGNFINAL_ERROR); |
701 OPENSSL_free(sig); | 671 OPENSSL_free(sig); |
702 goto err; | 672 goto err; |
703 } | 673 } |
704 ASN1_STRING_set0(si->signature, sig, siglen); | 674 ASN1_STRING_set0(si->signature, sig, siglen); |
705 } | 675 } |
706 | 676 |
(...skipping 17 matching lines...) Expand all Loading... |
724 if (!cms_SignerInfo_content_sign(cms, si, chain)) | 694 if (!cms_SignerInfo_content_sign(cms, si, chain)) |
725 return 0; | 695 return 0; |
726 } | 696 } |
727 cms->d.signedData->encapContentInfo->partial = 0; | 697 cms->d.signedData->encapContentInfo->partial = 0; |
728 return 1; | 698 return 1; |
729 } | 699 } |
730 | 700 |
731 int CMS_SignerInfo_sign(CMS_SignerInfo *si) | 701 int CMS_SignerInfo_sign(CMS_SignerInfo *si) |
732 { | 702 { |
733 EVP_MD_CTX mctx; | 703 EVP_MD_CTX mctx; |
| 704 EVP_PKEY_CTX *pctx; |
734 unsigned char *abuf = NULL; | 705 unsigned char *abuf = NULL; |
735 int alen; | 706 int alen; |
736 » unsigned int siglen; | 707 » size_t siglen; |
737 const EVP_MD *md = NULL; | 708 const EVP_MD *md = NULL; |
738 | 709 |
739 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); | 710 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); |
740 if (md == NULL) | 711 if (md == NULL) |
741 return 0; | 712 return 0; |
742 | 713 |
743 EVP_MD_CTX_init(&mctx); | 714 EVP_MD_CTX_init(&mctx); |
744 | 715 |
745 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) | 716 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) |
746 { | 717 { |
747 if (!cms_add1_signingTime(si, NULL)) | 718 if (!cms_add1_signingTime(si, NULL)) |
748 goto err; | 719 goto err; |
749 } | 720 } |
750 | 721 |
751 » if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) | 722 » if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) |
752 goto err; | 723 goto err; |
753 | 724 |
754 #if 0 | |
755 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, | 725 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, |
756 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) | 726 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) |
757 { | 727 { |
758 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); | 728 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); |
759 goto err; | 729 goto err; |
760 } | 730 } |
761 #endif | |
762 | 731 |
763 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, | 732 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, |
764 ASN1_ITEM_rptr(CMS_Attributes_Sign)); | 733 ASN1_ITEM_rptr(CMS_Attributes_Sign)); |
765 if(!abuf) | 734 if(!abuf) |
766 goto err; | 735 goto err; |
767 » if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) | 736 » if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) |
768 goto err; | 737 goto err; |
769 » siglen = EVP_PKEY_size(si->pkey); | 738 » if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) |
| 739 » » goto err; |
770 OPENSSL_free(abuf); | 740 OPENSSL_free(abuf); |
771 abuf = OPENSSL_malloc(siglen); | 741 abuf = OPENSSL_malloc(siglen); |
772 if(!abuf) | 742 if(!abuf) |
773 goto err; | 743 goto err; |
774 » cms_fixup_mctx(&mctx, si->pkey); | 744 » if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) |
775 » if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0) | |
776 goto err; | 745 goto err; |
777 #if 0 | 746 |
778 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, | 747 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, |
779 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) | 748 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) |
780 { | 749 { |
781 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); | 750 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); |
782 goto err; | 751 goto err; |
783 } | 752 } |
784 #endif | 753 |
785 EVP_MD_CTX_cleanup(&mctx); | 754 EVP_MD_CTX_cleanup(&mctx); |
786 | 755 |
787 ASN1_STRING_set0(si->signature, abuf, siglen); | 756 ASN1_STRING_set0(si->signature, abuf, siglen); |
788 | 757 |
789 return 1; | 758 return 1; |
790 | 759 |
791 err: | 760 err: |
792 if (abuf) | 761 if (abuf) |
793 OPENSSL_free(abuf); | 762 OPENSSL_free(abuf); |
794 EVP_MD_CTX_cleanup(&mctx); | 763 EVP_MD_CTX_cleanup(&mctx); |
795 return 0; | 764 return 0; |
796 | 765 |
797 } | 766 } |
798 | 767 |
799 int CMS_SignerInfo_verify(CMS_SignerInfo *si) | 768 int CMS_SignerInfo_verify(CMS_SignerInfo *si) |
800 { | 769 { |
801 EVP_MD_CTX mctx; | 770 EVP_MD_CTX mctx; |
| 771 EVP_PKEY_CTX *pctx; |
802 unsigned char *abuf = NULL; | 772 unsigned char *abuf = NULL; |
803 int alen, r = -1; | 773 int alen, r = -1; |
804 const EVP_MD *md = NULL; | 774 const EVP_MD *md = NULL; |
805 | 775 |
806 if (!si->pkey) | 776 if (!si->pkey) |
807 { | 777 { |
808 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); | 778 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); |
809 return -1; | 779 return -1; |
810 } | 780 } |
811 | 781 |
812 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); | 782 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); |
813 if (md == NULL) | 783 if (md == NULL) |
814 return -1; | 784 return -1; |
815 EVP_MD_CTX_init(&mctx); | 785 EVP_MD_CTX_init(&mctx); |
816 » if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) | 786 » if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) |
817 goto err; | 787 goto err; |
818 | 788 |
819 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, | 789 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, |
820 ASN1_ITEM_rptr(CMS_Attributes_Verify)); | 790 ASN1_ITEM_rptr(CMS_Attributes_Verify)); |
821 if(!abuf) | 791 if(!abuf) |
822 goto err; | 792 goto err; |
823 » r = EVP_VerifyUpdate(&mctx, abuf, alen); | 793 » r = EVP_DigestVerifyUpdate(&mctx, abuf, alen); |
824 OPENSSL_free(abuf); | 794 OPENSSL_free(abuf); |
825 if (r <= 0) | 795 if (r <= 0) |
826 { | 796 { |
827 r = -1; | 797 r = -1; |
828 goto err; | 798 goto err; |
829 } | 799 } |
830 » cms_fixup_mctx(&mctx, si->pkey); | 800 » r = EVP_DigestVerifyFinal(&mctx, |
831 » r = EVP_VerifyFinal(&mctx, | 801 » » » si->signature->data, si->signature->length); |
832 » » » si->signature->data, si->signature->length, si->pkey); | |
833 if (r <= 0) | 802 if (r <= 0) |
834 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); | 803 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); |
835 err: | 804 err: |
836 EVP_MD_CTX_cleanup(&mctx); | 805 EVP_MD_CTX_cleanup(&mctx); |
837 return r; | 806 return r; |
838 } | 807 } |
839 | 808 |
840 /* Create a chain of digest BIOs from a CMS ContentInfo */ | 809 /* Create a chain of digest BIOs from a CMS ContentInfo */ |
841 | 810 |
842 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) | 811 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
915 { | 884 { |
916 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | 885 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, |
917 CMS_R_VERIFICATION_FAILURE); | 886 CMS_R_VERIFICATION_FAILURE); |
918 r = 0; | 887 r = 0; |
919 } | 888 } |
920 else | 889 else |
921 r = 1; | 890 r = 1; |
922 } | 891 } |
923 else | 892 else |
924 { | 893 { |
925 cms_fixup_mctx(&mctx, si->pkey); | |
926 r = EVP_VerifyFinal(&mctx, si->signature->data, | 894 r = EVP_VerifyFinal(&mctx, si->signature->data, |
927 si->signature->length, si->pkey); | 895 si->signature->length, si->pkey); |
928 if (r <= 0) | 896 if (r <= 0) |
929 { | 897 { |
930 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | 898 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, |
931 CMS_R_VERIFICATION_FAILURE); | 899 CMS_R_VERIFICATION_FAILURE); |
932 r = 0; | 900 r = 0; |
933 } | 901 } |
934 } | 902 } |
935 | 903 |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
984 } | 952 } |
985 | 953 |
986 /* Check to see if a cipher exists and if so add S/MIME capabilities */ | 954 /* Check to see if a cipher exists and if so add S/MIME capabilities */ |
987 | 955 |
988 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) | 956 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) |
989 { | 957 { |
990 if (EVP_get_cipherbynid(nid)) | 958 if (EVP_get_cipherbynid(nid)) |
991 return CMS_add_simple_smimecap(sk, nid, arg); | 959 return CMS_add_simple_smimecap(sk, nid, arg); |
992 return 1; | 960 return 1; |
993 } | 961 } |
994 #if 0 | 962 |
995 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) | 963 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) |
996 { | 964 { |
997 if (EVP_get_digestbynid(nid)) | 965 if (EVP_get_digestbynid(nid)) |
998 return CMS_add_simple_smimecap(sk, nid, arg); | 966 return CMS_add_simple_smimecap(sk, nid, arg); |
999 return 1; | 967 return 1; |
1000 } | 968 } |
1001 #endif | 969 |
1002 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) | 970 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) |
1003 { | 971 { |
1004 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) | 972 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) |
| 973 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) |
| 974 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) |
1005 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) | 975 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) |
1006 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) | 976 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) |
1007 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) | 977 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) |
1008 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) | 978 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) |
1009 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) | 979 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) |
1010 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) | 980 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) |
1011 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) | 981 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) |
1012 return 0; | 982 return 0; |
1013 return 1; | 983 return 1; |
1014 } | 984 } |
OLD | NEW |