| OLD | NEW |
|---|
| 1 /* crypto/cms/cms_sd.c */ | 1 /* crypto/cms/cms_sd.c */ |
| 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 * project. | 3 * project. |
| 4 */ | 4 */ |
| 5 /* ==================================================================== | 5 /* ==================================================================== |
| 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 * ==================================================================== | 51 * ==================================================================== |
| 52 */ | 52 */ |
| 53 | 53 |
| 54 #include "cryptlib.h" | 54 #include "cryptlib.h" |
| 55 #include <openssl/asn1t.h> | 55 #include <openssl/asn1t.h> |
| 56 #include <openssl/pem.h> | 56 #include <openssl/pem.h> |
| 57 #include <openssl/x509v3.h> | 57 #include <openssl/x509v3.h> |
| 58 #include <openssl/err.h> | 58 #include <openssl/err.h> |
| 59 #include <openssl/cms.h> | 59 #include <openssl/cms.h> |
| 60 #include "cms_lcl.h" | 60 #include "cms_lcl.h" |
| 61 #include "asn1_locl.h" |
| 61 | 62 |
| 62 /* CMS SignedData Utilities */ | 63 /* CMS SignedData Utilities */ |
| 63 | 64 |
| 64 DECLARE_ASN1_ITEM(CMS_SignedData) | 65 DECLARE_ASN1_ITEM(CMS_SignedData) |
| 65 | 66 |
| 66 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) | 67 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) |
| 67 { | 68 { |
| 68 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) | 69 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) |
| 69 { | 70 { |
| 70 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA
); | 71 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA
); |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 211 switch(type) | 212 switch(type) |
| 212 { | 213 { |
| 213 case CMS_SIGNERINFO_ISSUER_SERIAL: | 214 case CMS_SIGNERINFO_ISSUER_SERIAL: |
| 214 sid->d.issuerAndSerialNumber = | 215 sid->d.issuerAndSerialNumber = |
| 215 M_ASN1_new_of(CMS_IssuerAndSerialNumber); | 216 M_ASN1_new_of(CMS_IssuerAndSerialNumber); |
| 216 if (!sid->d.issuerAndSerialNumber) | 217 if (!sid->d.issuerAndSerialNumber) |
| 217 goto merr; | 218 goto merr; |
| 218 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, | 219 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, |
| 219 X509_get_issuer_name(cert))) | 220 X509_get_issuer_name(cert))) |
| 220 goto merr; | 221 goto merr; |
| 221 » » ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); | 222 » » if (!ASN1_STRING_copy( |
| 222 » » sid->d.issuerAndSerialNumber->serialNumber = | 223 » » » sid->d.issuerAndSerialNumber->serialNumber, |
| 223 » » » » ASN1_STRING_dup(X509_get_serialNumber(cert)); | 224 » » » » X509_get_serialNumber(cert))) |
| 224 » » if(!sid->d.issuerAndSerialNumber->serialNumber) | |
| 225 goto merr; | 225 goto merr; |
| 226 break; | 226 break; |
| 227 | 227 |
| 228 case CMS_SIGNERINFO_KEYIDENTIFIER: | 228 case CMS_SIGNERINFO_KEYIDENTIFIER: |
| 229 if (!cert->skid) | 229 if (!cert->skid) |
| 230 { | 230 { |
| 231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, | 231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, |
| 232 CMS_R_CERTIFICATE_HAS_NO_KEYID); | 232 CMS_R_CERTIFICATE_HAS_NO_KEYID); |
| 233 return 0; | 233 return 0; |
| 234 } | 234 } |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 } | 334 } |
| 335 else | 335 else |
| 336 { | 336 { |
| 337 type = CMS_SIGNERINFO_ISSUER_SERIAL; | 337 type = CMS_SIGNERINFO_ISSUER_SERIAL; |
| 338 si->version = 1; | 338 si->version = 1; |
| 339 } | 339 } |
| 340 | 340 |
| 341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) | 341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) |
| 342 goto err; | 342 goto err; |
| 343 | 343 |
| 344 /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */ | |
| 345 if (md == NULL) | 344 if (md == NULL) |
| 346 » » md = EVP_sha1(); | 345 » » { |
| 346 » » int def_nid; |
| 347 » » if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) |
| 348 » » » goto err; |
| 349 » » md = EVP_get_digestbynid(def_nid); |
| 350 » » if (md == NULL) |
| 351 » » » { |
| 352 » » » CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); |
| 353 » » » goto err; |
| 354 » » » } |
| 355 » » } |
| 347 | 356 |
| 348 » /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ | 357 » if (!md) |
| 349 | |
| 350 » if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) | |
| 351 { | 358 { |
| 352 » » CMSerr(CMS_F_CMS_ADD1_SIGNER, | 359 » » CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); |
| 353 » » » » CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
| 354 goto err; | 360 goto err; |
| 355 } | 361 } |
| 356 | 362 |
| 357 cms_DigestAlgorithm_set(si->digestAlgorithm, md); | 363 cms_DigestAlgorithm_set(si->digestAlgorithm, md); |
| 358 | 364 |
| 359 /* See if digest is present in digestAlgorithms */ | 365 /* See if digest is present in digestAlgorithms */ |
| 360 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) | 366 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) |
| 361 { | 367 { |
| 362 ASN1_OBJECT *aoid; | 368 ASN1_OBJECT *aoid; |
| 363 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); | 369 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); |
| 364 X509_ALGOR_get0(&aoid, NULL, NULL, alg); | 370 X509_ALGOR_get0(&aoid, NULL, NULL, alg); |
| 365 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) | 371 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) |
| 366 break; | 372 break; |
| 367 } | 373 } |
| 368 | 374 |
| 369 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) | 375 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) |
| 370 { | 376 { |
| 371 alg = X509_ALGOR_new(); | 377 alg = X509_ALGOR_new(); |
| 372 if (!alg) | 378 if (!alg) |
| 373 goto merr; | 379 goto merr; |
| 374 cms_DigestAlgorithm_set(alg, md); | 380 cms_DigestAlgorithm_set(alg, md); |
| 375 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) | 381 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) |
| 376 { | 382 { |
| 377 X509_ALGOR_free(alg); | 383 X509_ALGOR_free(alg); |
| 378 goto merr; | 384 goto merr; |
| 379 } | 385 } |
| 380 } | 386 } |
| 381 | 387 |
| 382 » /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, | 388 » if (pk->ameth && pk->ameth->pkey_ctrl) |
| 383 » * hard code algorithm parameters. | |
| 384 » */ | |
| 385 | |
| 386 » switch (pk->type) | |
| 387 { | 389 { |
| 388 | 390 » » i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN, |
| 389 » » case EVP_PKEY_RSA: | 391 » » » » » » 0, si); |
| 390 » » X509_ALGOR_set0(si->signatureAlgorithm, | 392 » » if (i == -2) |
| 391 » » » » » OBJ_nid2obj(NID_rsaEncryption), | 393 » » » { |
| 392 » » » » » V_ASN1_NULL, 0); | 394 » » » CMSerr(CMS_F_CMS_ADD1_SIGNER, |
| 393 » » break; | |
| 394 | |
| 395 » » case EVP_PKEY_DSA: | |
| 396 » » X509_ALGOR_set0(si->signatureAlgorithm, | |
| 397 » » » » » OBJ_nid2obj(NID_dsaWithSHA1), | |
| 398 » » » » » V_ASN1_UNDEF, 0); | |
| 399 » » break; | |
| 400 | |
| 401 | |
| 402 » » case EVP_PKEY_EC: | |
| 403 » » X509_ALGOR_set0(si->signatureAlgorithm, | |
| 404 » » » » » OBJ_nid2obj(NID_ecdsa_with_SHA1), | |
| 405 » » » » » V_ASN1_UNDEF, 0); | |
| 406 » » break; | |
| 407 | |
| 408 » » default: | |
| 409 » » CMSerr(CMS_F_CMS_ADD1_SIGNER, | |
| 410 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | 395 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); |
| 411 » » goto err; | 396 » » » goto err; |
| 412 | 397 » » » } |
| 398 » » if (i <= 0) |
| 399 » » » { |
| 400 » » » CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE); |
| 401 » » » goto err; |
| 402 » » » } |
| 413 } | 403 } |
| 414 | 404 |
| 415 if (!(flags & CMS_NOATTR)) | 405 if (!(flags & CMS_NOATTR)) |
| 416 { | 406 { |
| 417 /* Initialialize signed attributes strutucture so other | 407 /* Initialialize signed attributes strutucture so other |
| 418 * attributes such as signing time etc are added later | 408 * attributes such as signing time etc are added later |
| 419 * even if we add none here. | 409 * even if we add none here. |
| 420 */ | 410 */ |
| 421 if (!si->signedAttrs) | 411 if (!si->signedAttrs) |
| 422 { | 412 { |
| (...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 619 if (pk) | 609 if (pk) |
| 620 *pk = si->pkey; | 610 *pk = si->pkey; |
| 621 if (signer) | 611 if (signer) |
| 622 *signer = si->signer; | 612 *signer = si->signer; |
| 623 if (pdig) | 613 if (pdig) |
| 624 *pdig = si->digestAlgorithm; | 614 *pdig = si->digestAlgorithm; |
| 625 if (psig) | 615 if (psig) |
| 626 *psig = si->signatureAlgorithm; | 616 *psig = si->signatureAlgorithm; |
| 627 } | 617 } |
| 628 | 618 |
| 629 /* In OpenSSL 0.9.8 we have the link between digest types and public | |
| 630 * key types so we need to fixup the digest type if the public key | |
| 631 * type is not appropriate. | |
| 632 */ | |
| 633 | |
| 634 static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey) | |
| 635 { | |
| 636 if (EVP_MD_CTX_type(mctx) != NID_sha1) | |
| 637 return; | |
| 638 #ifndef OPENSSL_NO_DSA | |
| 639 if (pkey->type == EVP_PKEY_DSA) | |
| 640 mctx->digest = EVP_dss1(); | |
| 641 #endif | |
| 642 #ifndef OPENSSL_NO_ECDSA | |
| 643 if (pkey->type == EVP_PKEY_EC) | |
| 644 mctx->digest = EVP_ecdsa(); | |
| 645 #endif | |
| 646 } | |
| 647 | |
| 648 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, | 619 static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, |
| 649 CMS_SignerInfo *si, BIO *chain) | 620 CMS_SignerInfo *si, BIO *chain) |
| 650 { | 621 { |
| 651 EVP_MD_CTX mctx; | 622 EVP_MD_CTX mctx; |
| 652 int r = 0; | 623 int r = 0; |
| 653 EVP_MD_CTX_init(&mctx); | 624 EVP_MD_CTX_init(&mctx); |
| 654 | 625 |
| 655 | 626 |
| 656 if (!si->pkey) | 627 if (!si->pkey) |
| 657 { | 628 { |
| (...skipping 28 matching lines...) Expand all Loading... |
| 686 { | 657 { |
| 687 unsigned char *sig; | 658 unsigned char *sig; |
| 688 unsigned int siglen; | 659 unsigned int siglen; |
| 689 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); | 660 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); |
| 690 if (!sig) | 661 if (!sig) |
| 691 { | 662 { |
| 692 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, | 663 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, |
| 693 ERR_R_MALLOC_FAILURE); | 664 ERR_R_MALLOC_FAILURE); |
| 694 goto err; | 665 goto err; |
| 695 } | 666 } |
| 696 cms_fixup_mctx(&mctx, si->pkey); | |
| 697 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) | 667 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) |
| 698 { | 668 { |
| 699 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, | 669 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, |
| 700 CMS_R_SIGNFINAL_ERROR); | 670 CMS_R_SIGNFINAL_ERROR); |
| 701 OPENSSL_free(sig); | 671 OPENSSL_free(sig); |
| 702 goto err; | 672 goto err; |
| 703 } | 673 } |
| 704 ASN1_STRING_set0(si->signature, sig, siglen); | 674 ASN1_STRING_set0(si->signature, sig, siglen); |
| 705 } | 675 } |
| 706 | 676 |
| (...skipping 17 matching lines...) Expand all Loading... |
| 724 if (!cms_SignerInfo_content_sign(cms, si, chain)) | 694 if (!cms_SignerInfo_content_sign(cms, si, chain)) |
| 725 return 0; | 695 return 0; |
| 726 } | 696 } |
| 727 cms->d.signedData->encapContentInfo->partial = 0; | 697 cms->d.signedData->encapContentInfo->partial = 0; |
| 728 return 1; | 698 return 1; |
| 729 } | 699 } |
| 730 | 700 |
| 731 int CMS_SignerInfo_sign(CMS_SignerInfo *si) | 701 int CMS_SignerInfo_sign(CMS_SignerInfo *si) |
| 732 { | 702 { |
| 733 EVP_MD_CTX mctx; | 703 EVP_MD_CTX mctx; |
| 704 EVP_PKEY_CTX *pctx; |
| 734 unsigned char *abuf = NULL; | 705 unsigned char *abuf = NULL; |
| 735 int alen; | 706 int alen; |
| 736 » unsigned int siglen; | 707 » size_t siglen; |
| 737 const EVP_MD *md = NULL; | 708 const EVP_MD *md = NULL; |
| 738 | 709 |
| 739 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); | 710 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); |
| 740 if (md == NULL) | 711 if (md == NULL) |
| 741 return 0; | 712 return 0; |
| 742 | 713 |
| 743 EVP_MD_CTX_init(&mctx); | 714 EVP_MD_CTX_init(&mctx); |
| 744 | 715 |
| 745 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) | 716 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) |
| 746 { | 717 { |
| 747 if (!cms_add1_signingTime(si, NULL)) | 718 if (!cms_add1_signingTime(si, NULL)) |
| 748 goto err; | 719 goto err; |
| 749 } | 720 } |
| 750 | 721 |
| 751 » if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) | 722 » if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) |
| 752 goto err; | 723 goto err; |
| 753 | 724 |
| 754 #if 0 | |
| 755 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, | 725 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, |
| 756 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) | 726 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) |
| 757 { | 727 { |
| 758 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); | 728 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); |
| 759 goto err; | 729 goto err; |
| 760 } | 730 } |
| 761 #endif | |
| 762 | 731 |
| 763 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, | 732 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, |
| 764 ASN1_ITEM_rptr(CMS_Attributes_Sign)); | 733 ASN1_ITEM_rptr(CMS_Attributes_Sign)); |
| 765 if(!abuf) | 734 if(!abuf) |
| 766 goto err; | 735 goto err; |
| 767 » if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) | 736 » if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) |
| 768 goto err; | 737 goto err; |
| 769 » siglen = EVP_PKEY_size(si->pkey); | 738 » if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) |
| 739 » » goto err; |
| 770 OPENSSL_free(abuf); | 740 OPENSSL_free(abuf); |
| 771 abuf = OPENSSL_malloc(siglen); | 741 abuf = OPENSSL_malloc(siglen); |
| 772 if(!abuf) | 742 if(!abuf) |
| 773 goto err; | 743 goto err; |
| 774 » cms_fixup_mctx(&mctx, si->pkey); | 744 » if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) |
| 775 » if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0) | |
| 776 goto err; | 745 goto err; |
| 777 #if 0 | 746 |
| 778 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, | 747 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, |
| 779 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) | 748 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) |
| 780 { | 749 { |
| 781 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); | 750 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); |
| 782 goto err; | 751 goto err; |
| 783 } | 752 } |
| 784 #endif | 753 |
| 785 EVP_MD_CTX_cleanup(&mctx); | 754 EVP_MD_CTX_cleanup(&mctx); |
| 786 | 755 |
| 787 ASN1_STRING_set0(si->signature, abuf, siglen); | 756 ASN1_STRING_set0(si->signature, abuf, siglen); |
| 788 | 757 |
| 789 return 1; | 758 return 1; |
| 790 | 759 |
| 791 err: | 760 err: |
| 792 if (abuf) | 761 if (abuf) |
| 793 OPENSSL_free(abuf); | 762 OPENSSL_free(abuf); |
| 794 EVP_MD_CTX_cleanup(&mctx); | 763 EVP_MD_CTX_cleanup(&mctx); |
| 795 return 0; | 764 return 0; |
| 796 | 765 |
| 797 } | 766 } |
| 798 | 767 |
| 799 int CMS_SignerInfo_verify(CMS_SignerInfo *si) | 768 int CMS_SignerInfo_verify(CMS_SignerInfo *si) |
| 800 { | 769 { |
| 801 EVP_MD_CTX mctx; | 770 EVP_MD_CTX mctx; |
| 771 EVP_PKEY_CTX *pctx; |
| 802 unsigned char *abuf = NULL; | 772 unsigned char *abuf = NULL; |
| 803 int alen, r = -1; | 773 int alen, r = -1; |
| 804 const EVP_MD *md = NULL; | 774 const EVP_MD *md = NULL; |
| 805 | 775 |
| 806 if (!si->pkey) | 776 if (!si->pkey) |
| 807 { | 777 { |
| 808 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); | 778 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); |
| 809 return -1; | 779 return -1; |
| 810 } | 780 } |
| 811 | 781 |
| 812 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); | 782 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); |
| 813 if (md == NULL) | 783 if (md == NULL) |
| 814 return -1; | 784 return -1; |
| 815 EVP_MD_CTX_init(&mctx); | 785 EVP_MD_CTX_init(&mctx); |
| 816 » if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) | 786 » if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) |
| 817 goto err; | 787 goto err; |
| 818 | 788 |
| 819 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, | 789 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, |
| 820 ASN1_ITEM_rptr(CMS_Attributes_Verify)); | 790 ASN1_ITEM_rptr(CMS_Attributes_Verify)); |
| 821 if(!abuf) | 791 if(!abuf) |
| 822 goto err; | 792 goto err; |
| 823 » r = EVP_VerifyUpdate(&mctx, abuf, alen); | 793 » r = EVP_DigestVerifyUpdate(&mctx, abuf, alen); |
| 824 OPENSSL_free(abuf); | 794 OPENSSL_free(abuf); |
| 825 if (r <= 0) | 795 if (r <= 0) |
| 826 { | 796 { |
| 827 r = -1; | 797 r = -1; |
| 828 goto err; | 798 goto err; |
| 829 } | 799 } |
| 830 » cms_fixup_mctx(&mctx, si->pkey); | 800 » r = EVP_DigestVerifyFinal(&mctx, |
| 831 » r = EVP_VerifyFinal(&mctx, | 801 » » » si->signature->data, si->signature->length); |
| 832 » » » si->signature->data, si->signature->length, si->pkey); | |
| 833 if (r <= 0) | 802 if (r <= 0) |
| 834 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); | 803 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); |
| 835 err: | 804 err: |
| 836 EVP_MD_CTX_cleanup(&mctx); | 805 EVP_MD_CTX_cleanup(&mctx); |
| 837 return r; | 806 return r; |
| 838 } | 807 } |
| 839 | 808 |
| 840 /* Create a chain of digest BIOs from a CMS ContentInfo */ | 809 /* Create a chain of digest BIOs from a CMS ContentInfo */ |
| 841 | 810 |
| 842 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) | 811 BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 915 { | 884 { |
| 916 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | 885 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, |
| 917 CMS_R_VERIFICATION_FAILURE); | 886 CMS_R_VERIFICATION_FAILURE); |
| 918 r = 0; | 887 r = 0; |
| 919 } | 888 } |
| 920 else | 889 else |
| 921 r = 1; | 890 r = 1; |
| 922 } | 891 } |
| 923 else | 892 else |
| 924 { | 893 { |
| 925 cms_fixup_mctx(&mctx, si->pkey); | |
| 926 r = EVP_VerifyFinal(&mctx, si->signature->data, | 894 r = EVP_VerifyFinal(&mctx, si->signature->data, |
| 927 si->signature->length, si->pkey); | 895 si->signature->length, si->pkey); |
| 928 if (r <= 0) | 896 if (r <= 0) |
| 929 { | 897 { |
| 930 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | 898 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, |
| 931 CMS_R_VERIFICATION_FAILURE); | 899 CMS_R_VERIFICATION_FAILURE); |
| 932 r = 0; | 900 r = 0; |
| 933 } | 901 } |
| 934 } | 902 } |
| 935 | 903 |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 984 } | 952 } |
| 985 | 953 |
| 986 /* Check to see if a cipher exists and if so add S/MIME capabilities */ | 954 /* Check to see if a cipher exists and if so add S/MIME capabilities */ |
| 987 | 955 |
| 988 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) | 956 static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) |
| 989 { | 957 { |
| 990 if (EVP_get_cipherbynid(nid)) | 958 if (EVP_get_cipherbynid(nid)) |
| 991 return CMS_add_simple_smimecap(sk, nid, arg); | 959 return CMS_add_simple_smimecap(sk, nid, arg); |
| 992 return 1; | 960 return 1; |
| 993 } | 961 } |
| 994 #if 0 | 962 |
| 995 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) | 963 static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) |
| 996 { | 964 { |
| 997 if (EVP_get_digestbynid(nid)) | 965 if (EVP_get_digestbynid(nid)) |
| 998 return CMS_add_simple_smimecap(sk, nid, arg); | 966 return CMS_add_simple_smimecap(sk, nid, arg); |
| 999 return 1; | 967 return 1; |
| 1000 } | 968 } |
| 1001 #endif | 969 |
| 1002 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) | 970 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) |
| 1003 { | 971 { |
| 1004 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) | 972 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) |
| 973 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) |
| 974 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) |
| 1005 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) | 975 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) |
| 1006 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) | 976 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) |
| 1007 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) | 977 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) |
| 1008 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) | 978 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) |
| 1009 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) | 979 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) |
| 1010 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) | 980 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) |
| 1011 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) | 981 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) |
| 1012 return 0; | 982 return 0; |
| 1013 return 1; | 983 return 1; |
| 1014 } | 984 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/