diff options
| author | jp161948 <none@none> | 2006-06-07 08:35:00 -0700 |
|---|---|---|
| committer | jp161948 <none@none> | 2006-06-07 08:35:00 -0700 |
| commit | 9dc0df1bac950d6e491f9a7c7e4888f2b301cb15 (patch) | |
| tree | 2ed1d4361a92a097c6017adc4ee6c6c5f541bfeb /usr/src/common/openssl/crypto/pkcs7/pk7_lib.c | |
| parent | f136dc05547d5c8bf0829a1439b3e4caadef85a0 (diff) | |
| download | illumos-gate-9dc0df1bac950d6e491f9a7c7e4888f2b301cb15.tar.gz | |
PSARC/2006/019 OpenSSL upgrade to 0.9.8a
6352999 upgrade OpenSSL to 0.9.8a
--HG--
rename : usr/src/common/openssl/crypto/asn1/f.c => deleted_files/usr/src/common/openssl/crypto/asn1/f.c
rename : usr/src/common/openssl/crypto/asn1/x_cinf.c => deleted_files/usr/src/common/openssl/crypto/asn1/x_cinf.c
rename : usr/src/common/openssl/crypto/ec/ecp_recp.c => deleted_files/usr/src/common/openssl/crypto/ec/ecp_recp.c
rename : usr/src/common/openssl/crypto/engine/hw.ec => deleted_files/usr/src/common/openssl/crypto/engine/hw.ec
rename : usr/src/common/openssl/crypto/engine/hw_4758_cca.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_4758_cca.c
rename : usr/src/common/openssl/crypto/engine/hw_4758_cca_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_4758_cca_err.c
rename : usr/src/common/openssl/crypto/engine/hw_4758_cca_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_4758_cca_err.h
rename : usr/src/common/openssl/crypto/engine/hw_aep.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_aep.c
rename : usr/src/common/openssl/crypto/engine/hw_aep_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_aep_err.c
rename : usr/src/common/openssl/crypto/engine/hw_aep_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_aep_err.h
rename : usr/src/common/openssl/crypto/engine/hw_atalla.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_atalla.c
rename : usr/src/common/openssl/crypto/engine/hw_atalla_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_atalla_err.c
rename : usr/src/common/openssl/crypto/engine/hw_atalla_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_atalla_err.h
rename : usr/src/common/openssl/crypto/engine/hw_cryptodev.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_cryptodev.c
rename : usr/src/common/openssl/crypto/engine/hw_cswift.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_cswift.c
rename : usr/src/common/openssl/crypto/engine/hw_cswift_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_cswift_err.c
rename : usr/src/common/openssl/crypto/engine/hw_cswift_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_cswift_err.h
rename : usr/src/common/openssl/crypto/engine/hw_ncipher.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_ncipher.c
rename : usr/src/common/openssl/crypto/engine/hw_ncipher_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_ncipher_err.c
rename : usr/src/common/openssl/crypto/engine/hw_ncipher_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_ncipher_err.h
rename : usr/src/common/openssl/crypto/engine/hw_nuron.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_nuron.c
rename : usr/src/common/openssl/crypto/engine/hw_nuron_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_nuron_err.c
rename : usr/src/common/openssl/crypto/engine/hw_nuron_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_nuron_err.h
rename : usr/src/common/openssl/crypto/engine/hw_sureware.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_sureware.c
rename : usr/src/common/openssl/crypto/engine/hw_sureware_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_sureware_err.c
rename : usr/src/common/openssl/crypto/engine/hw_sureware_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_sureware_err.h
rename : usr/src/common/openssl/crypto/engine/hw_ubsec.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_ubsec.c
rename : usr/src/common/openssl/crypto/engine/hw_ubsec_err.c => deleted_files/usr/src/common/openssl/crypto/engine/hw_ubsec_err.c
rename : usr/src/common/openssl/crypto/engine/hw_ubsec_err.h => deleted_files/usr/src/common/openssl/crypto/engine/hw_ubsec_err.h
rename : usr/src/common/openssl/crypto/engine/vendor_defns/aep.h => deleted_files/usr/src/common/openssl/crypto/engine/vendor_defns/aep.h
rename : usr/src/common/openssl/crypto/engine/vendor_defns/atalla.h => deleted_files/usr/src/common/openssl/crypto/engine/vendor_defns/atalla.h
rename : usr/src/common/openssl/crypto/engine/vendor_defns/cswift.h => deleted_files/usr/src/common/openssl/crypto/engine/vendor_defns/cswift.h
rename : usr/src/common/openssl/crypto/engine/vendor_defns/hw_4758_cca.h => deleted_files/usr/src/common/openssl/crypto/engine/vendor_defns/hw_4758_cca.h
rename : usr/src/common/openssl/crypto/engine/vendor_defns/hw_ubsec.h => deleted_files/usr/src/common/openssl/crypto/engine/vendor_defns/hw_ubsec.h
rename : usr/src/common/openssl/crypto/engine/vendor_defns/hwcryptohook.h => deleted_files/usr/src/common/openssl/crypto/engine/vendor_defns/hwcryptohook.h
rename : usr/src/common/openssl/crypto/engine/vendor_defns/sureware.h => deleted_files/usr/src/common/openssl/crypto/engine/vendor_defns/sureware.h
Diffstat (limited to 'usr/src/common/openssl/crypto/pkcs7/pk7_lib.c')
| -rw-r--r-- | usr/src/common/openssl/crypto/pkcs7/pk7_lib.c | 119 |
1 files changed, 98 insertions, 21 deletions
diff --git a/usr/src/common/openssl/crypto/pkcs7/pk7_lib.c b/usr/src/common/openssl/crypto/pkcs7/pk7_lib.c index 985b07245c..58ce6791c9 100644 --- a/usr/src/common/openssl/crypto/pkcs7/pk7_lib.c +++ b/usr/src/common/openssl/crypto/pkcs7/pk7_lib.c @@ -138,6 +138,10 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) p7->d.sign->contents=p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents=p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: @@ -164,7 +168,12 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.sign->version,1); + if (!ASN1_INTEGER_set(p7->d.sign->version,1)) + { + PKCS7_SIGNED_free(p7->d.sign); + p7->d.sign=NULL; + goto err; + } break; case NID_pkcs7_data: p7->type=obj; @@ -176,6 +185,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); + if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) + goto err; p7->d.signed_and_enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; @@ -183,7 +194,8 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.enveloped->version,0); + if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) + goto err; p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; @@ -191,12 +203,19 @@ int PKCS7_set_type(PKCS7 *p7, int type) p7->type=obj; if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.encrypted->version,0); + if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) + goto err; p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_digest: + p7->type=obj; + if ((p7->d.digest=PKCS7_DIGEST_new()) + == NULL) goto err; + if (!ASN1_INTEGER_set(p7->d.digest->version,0)) + goto err; + break; default: PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; @@ -206,6 +225,13 @@ err: return(0); } +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) + { + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; + } + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) { int i,j,nid; @@ -314,19 +340,26 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { + int nid; char is_dsa; - if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; - else is_dsa = 0; + + if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) + is_dsa = 1; + else + is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ - ASN1_INTEGER_set(p7i->version,1); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + if (!ASN1_INTEGER_set(p7i->version,1)) + goto err; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + goto err; /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + if (!(p7i->issuer_and_serial->serial= + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + goto err; /* lets keep the pkey around for a while */ CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); @@ -343,16 +376,38 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, goto err; p7i->digest_alg->parameter->type=V_ASN1_NULL; - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); - if (p7i->digest_enc_alg->parameter != NULL) ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if(is_dsa) p7i->digest_enc_alg->parameter = NULL; - else { + nid = EVP_PKEY_type(pkey->type); + if (nid == EVP_PKEY_RSA) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) goto err; p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; - } + } + else if (nid == EVP_PKEY_DSA) + { +#if 1 + /* use 'dsaEncryption' OID for compatibility with other software + * (PKCS #7 v1.5 does specify how to handle DSA) ... */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); +#else + /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) + * would make more sense. */ + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); +#endif + p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ + } + else if (nid == EVP_PKEY_EC) + { + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) + goto err; + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + } + else + return(0); return(1); err: @@ -372,6 +427,24 @@ err: return(NULL); } +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) + { + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) + { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); + return 0; + } + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; + } + + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); + return 1; + } + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { if (PKCS7_type_is_signed(p7)) @@ -423,16 +496,20 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) { - ASN1_INTEGER_set(p7i->version,0); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + if (!ASN1_INTEGER_set(p7i->version,0)) + return 0; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + return 0; M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + if (!(p7i->issuer_and_serial->serial= + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + return 0; X509_ALGOR_free(p7i->key_enc_algor); - p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor); + if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor))) + return 0; CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); p7i->cert=x509; |