mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
|
@ -11,7 +11,7 @@
|
|||
#include <openssl/pem.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
|
||||
ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
|
||||
|
|
138
trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c
vendored
138
trunk/3rdparty/openssl-1.1-fit/crypto/cms/cms_att.c
vendored
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -12,7 +12,57 @@
|
|||
#include <openssl/x509v3.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
#include "internal/nelem.h"
|
||||
|
||||
/*-
|
||||
* Attribute flags.
|
||||
* CMS attribute restrictions are discussed in
|
||||
* - RFC 5652 Section 11.
|
||||
* ESS attribute restrictions are discussed in
|
||||
* - RFC 2634 Section 1.3.4 AND
|
||||
* - RFC 5035 Section 5.4
|
||||
*/
|
||||
/* This is a signed attribute */
|
||||
#define CMS_ATTR_F_SIGNED 0x01
|
||||
/* This is an unsigned attribute */
|
||||
#define CMS_ATTR_F_UNSIGNED 0x02
|
||||
/* Must be present if there are any other attributes of the same type */
|
||||
#define CMS_ATTR_F_REQUIRED_COND 0x10
|
||||
/* There can only be one instance of this attribute */
|
||||
#define CMS_ATTR_F_ONLY_ONE 0x20
|
||||
/* The Attribute's value must have exactly one entry */
|
||||
#define CMS_ATTR_F_ONE_ATTR_VALUE 0x40
|
||||
|
||||
/* Attributes rules for different attributes */
|
||||
static const struct {
|
||||
int nid; /* The attribute id */
|
||||
int flags;
|
||||
} cms_attribute_properties[] = {
|
||||
/* See RFC Section 11 */
|
||||
{ NID_pkcs9_contentType, CMS_ATTR_F_SIGNED
|
||||
| CMS_ATTR_F_ONLY_ONE
|
||||
| CMS_ATTR_F_ONE_ATTR_VALUE
|
||||
| CMS_ATTR_F_REQUIRED_COND },
|
||||
{ NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED
|
||||
| CMS_ATTR_F_ONLY_ONE
|
||||
| CMS_ATTR_F_ONE_ATTR_VALUE
|
||||
| CMS_ATTR_F_REQUIRED_COND },
|
||||
{ NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED
|
||||
| CMS_ATTR_F_ONLY_ONE
|
||||
| CMS_ATTR_F_ONE_ATTR_VALUE },
|
||||
{ NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED },
|
||||
/* ESS */
|
||||
{ NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED
|
||||
| CMS_ATTR_F_ONLY_ONE
|
||||
| CMS_ATTR_F_ONE_ATTR_VALUE },
|
||||
{ NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED
|
||||
| CMS_ATTR_F_ONLY_ONE
|
||||
| CMS_ATTR_F_ONE_ATTR_VALUE },
|
||||
{ NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED
|
||||
| CMS_ATTR_F_ONLY_ONE
|
||||
| CMS_ATTR_F_ONE_ATTR_VALUE }
|
||||
};
|
||||
|
||||
/* CMS SignedData Attribute utilities */
|
||||
|
||||
|
@ -149,4 +199,86 @@ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
|
|||
return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
|
||||
}
|
||||
|
||||
/* Specific attribute cases */
|
||||
/*
|
||||
* Retrieve an attribute by nid from a stack of attributes starting at index
|
||||
* *lastpos + 1.
|
||||
* Returns the attribute or NULL if there is no attribute.
|
||||
* If an attribute was found *lastpos returns the index of the found attribute.
|
||||
*/
|
||||
static X509_ATTRIBUTE *cms_attrib_get(int nid,
|
||||
const STACK_OF(X509_ATTRIBUTE) *attrs,
|
||||
int *lastpos)
|
||||
{
|
||||
X509_ATTRIBUTE *at;
|
||||
int loc;
|
||||
|
||||
loc = X509at_get_attr_by_NID(attrs, nid, *lastpos);
|
||||
if (loc < 0)
|
||||
return NULL;
|
||||
|
||||
at = X509at_get_attr(attrs, loc);
|
||||
*lastpos = loc;
|
||||
return at;
|
||||
}
|
||||
|
||||
static int cms_check_attribute(int nid, int flags, int type,
|
||||
const STACK_OF(X509_ATTRIBUTE) *attrs,
|
||||
int have_attrs)
|
||||
{
|
||||
int lastpos = -1;
|
||||
X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos);
|
||||
|
||||
if (at != NULL) {
|
||||
int count = X509_ATTRIBUTE_count(at);
|
||||
|
||||
/* Is this attribute allowed? */
|
||||
if (((flags & type) == 0)
|
||||
/* check if multiple attributes of the same type are allowed */
|
||||
|| (((flags & CMS_ATTR_F_ONLY_ONE) != 0)
|
||||
&& cms_attrib_get(nid, attrs, &lastpos) != NULL)
|
||||
/* Check if attribute should have exactly one value in its set */
|
||||
|| (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0)
|
||||
&& count != 1)
|
||||
/* There should be at least one value */
|
||||
|| count == 0)
|
||||
return 0;
|
||||
} else {
|
||||
/* fail if a required attribute is missing */
|
||||
if (have_attrs
|
||||
&& ((flags & CMS_ATTR_F_REQUIRED_COND) != 0)
|
||||
&& (flags & type) != 0)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check that the signerinfo attributes obey the attribute rules which includes
|
||||
* the following checks
|
||||
* - If any signed attributes exist then there must be a Content Type
|
||||
* and Message Digest attribute in the signed attributes.
|
||||
* - The countersignature attribute is an optional unsigned attribute only.
|
||||
* - Content Type, Message Digest, and Signing time attributes are signed
|
||||
* attributes. Only one instance of each is allowed, with each of these
|
||||
* attributes containing a single attribute value in its set.
|
||||
*/
|
||||
int CMS_si_check_attributes(const CMS_SignerInfo *si)
|
||||
{
|
||||
int i;
|
||||
int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0);
|
||||
int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0);
|
||||
|
||||
for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) {
|
||||
int nid = cms_attribute_properties[i].nid;
|
||||
int flags = cms_attribute_properties[i].flags;
|
||||
|
||||
if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED,
|
||||
si->signedAttrs, have_signed_attrs)
|
||||
|| !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED,
|
||||
si->unsignedAttrs, have_unsigned_attrs)) {
|
||||
CMSerr(CMS_F_CMS_SI_CHECK_ATTRIBUTES, CMS_R_ATTRIBUTE_ERROR);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
#include <openssl/cms.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/comp.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
#ifdef ZLIB
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
#include <openssl/x509v3.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
/* CMS DigestedData Utilities */
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
/* CMS EncryptedData Utilities */
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -14,9 +14,9 @@
|
|||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include <openssl/aes.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "internal/asn1_int.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "cms_local.h"
|
||||
#include "crypto/asn1.h"
|
||||
#include "crypto/evp.h"
|
||||
|
||||
/* CMS EnvelopedData Utilities */
|
||||
|
||||
|
@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
|||
unsigned char *ek = NULL;
|
||||
size_t eklen;
|
||||
int ret = 0;
|
||||
size_t fixlen = 0;
|
||||
CMS_EncryptedContentInfo *ec;
|
||||
ec = cms->d.envelopedData->encryptedContentInfo;
|
||||
|
||||
|
@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (cms->d.envelopedData->encryptedContentInfo->havenocert
|
||||
&& !cms->d.envelopedData->encryptedContentInfo->debug) {
|
||||
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
|
||||
const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm);
|
||||
|
||||
if (ciph == NULL) {
|
||||
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
fixlen = EVP_CIPHER_key_length(ciph);
|
||||
}
|
||||
|
||||
ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||
if (ktri->pctx == NULL)
|
||||
return 0;
|
||||
|
@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
|
|||
|
||||
if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
|
||||
ktri->encryptedKey->data,
|
||||
ktri->encryptedKey->length) <= 0) {
|
||||
ktri->encryptedKey->length) <= 0
|
||||
|| eklen == 0
|
||||
|| (fixlen != 0 && eklen != fixlen)) {
|
||||
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -146,6 +146,8 @@ static const ERR_STRING_DATA CMS_str_functs[] = {
|
|||
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0),
|
||||
"CMS_SignerInfo_verify_content"},
|
||||
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"},
|
||||
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SI_CHECK_ATTRIBUTES, 0),
|
||||
"CMS_si_check_attributes"},
|
||||
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"},
|
||||
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"},
|
||||
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"},
|
||||
|
@ -155,6 +157,7 @@ static const ERR_STRING_DATA CMS_str_functs[] = {
|
|||
|
||||
static const ERR_STRING_DATA CMS_str_reasons[] = {
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
|
||||
"certificate already present"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
#include <openssl/x509v3.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
|
||||
{
|
||||
|
|
|
@ -14,8 +14,8 @@
|
|||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include <openssl/aes.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "internal/asn1_int.h"
|
||||
#include "cms_local.h"
|
||||
#include "crypto/asn1.h"
|
||||
|
||||
/* Key Agreement Recipient Info (KARI) routines */
|
||||
|
||||
|
@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
|
|||
if (!pk)
|
||||
return 1;
|
||||
pctx = EVP_PKEY_CTX_new(pk, NULL);
|
||||
if (!pctx || !EVP_PKEY_derive_init(pctx))
|
||||
if (!pctx || EVP_PKEY_derive_init(pctx) <= 0)
|
||||
goto err;
|
||||
kari->pctx = pctx;
|
||||
return 1;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -14,7 +14,7 @@
|
|||
#include <openssl/bio.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
|
||||
IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
|
||||
|
@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
|
|||
|
||||
default:
|
||||
CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
|
||||
return NULL;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (cmsbio)
|
||||
return BIO_push(cmsbio, cont);
|
||||
|
||||
err:
|
||||
if (!icont)
|
||||
BIO_free(cont);
|
||||
return NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#ifndef HEADER_CMS_LCL_H
|
||||
# define HEADER_CMS_LCL_H
|
||||
#ifndef OSSL_CRYPTO_CMS_LOCAL_H
|
||||
# define OSSL_CRYPTO_CMS_LOCAL_H
|
||||
|
||||
# include <openssl/x509.h>
|
||||
|
||||
|
@ -125,6 +125,8 @@ struct CMS_EncryptedContentInfo_st {
|
|||
size_t keylen;
|
||||
/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
|
||||
int debug;
|
||||
/* Set to 1 if we have no cert and need extra safety measures for MMA */
|
||||
int havenocert;
|
||||
};
|
||||
|
||||
struct CMS_RecipientInfo_st {
|
||||
|
@ -317,8 +319,6 @@ struct CMS_OtherKeyAttribute_st {
|
|||
|
||||
/* ESS structures */
|
||||
|
||||
# ifdef HEADER_X509V3_H
|
||||
|
||||
struct CMS_ReceiptRequest_st {
|
||||
ASN1_OCTET_STRING *signedContentIdentifier;
|
||||
CMS_ReceiptsFrom *receiptsFrom;
|
||||
|
@ -332,7 +332,6 @@ struct CMS_ReceiptsFrom_st {
|
|||
STACK_OF(GENERAL_NAMES) *receiptList;
|
||||
} d;
|
||||
};
|
||||
# endif
|
||||
|
||||
struct CMS_Receipt_st {
|
||||
int32_t version;
|
||||
|
@ -416,6 +415,8 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
|
|||
/* PWRI routines */
|
||||
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
|
||||
int en_de);
|
||||
/* SignerInfo routines */
|
||||
int CMS_si_check_attributes(const CMS_SignerInfo *si);
|
||||
|
||||
DECLARE_ASN1_ITEM(CMS_CertificateChoices)
|
||||
DECLARE_ASN1_ITEM(CMS_DigestedData)
|
|
@ -15,8 +15,8 @@
|
|||
#include <openssl/cms.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/aes.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "internal/asn1_int.h"
|
||||
#include "cms_local.h"
|
||||
#include "crypto/asn1.h"
|
||||
|
||||
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
|
||||
unsigned char *pass, ossl_ssize_t passlen)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -14,9 +14,9 @@
|
|||
#include <openssl/x509v3.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "internal/asn1_int.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "cms_local.h"
|
||||
#include "crypto/asn1.h"
|
||||
#include "crypto/evp.h"
|
||||
|
||||
/* CMS SignedData Utilities */
|
||||
|
||||
|
@ -109,6 +109,27 @@ static void cms_sd_set_version(CMS_SignedData *sd)
|
|||
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC 5652 Section 11.1 Content Type
|
||||
* The content-type attribute within signed-data MUST
|
||||
* 1) be present if there are signed attributes
|
||||
* 2) match the content type in the signed-data,
|
||||
* 3) be a signed attribute.
|
||||
* 4) not have more than one copy of the attribute.
|
||||
*
|
||||
* Note that since the CMS_SignerInfo_sign() always adds the "signing time"
|
||||
* attribute, the content type attribute MUST be added also.
|
||||
* Assumptions: This assumes that the attribute does not already exist.
|
||||
*/
|
||||
static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si)
|
||||
{
|
||||
ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType;
|
||||
|
||||
/* Add the contentType attribute */
|
||||
return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
|
||||
V_ASN1_OBJECT, ctype, -1) > 0;
|
||||
}
|
||||
|
||||
/* Copy an existing messageDigest value */
|
||||
|
||||
static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
|
||||
|
@ -328,6 +349,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
|
|||
if (flags & CMS_REUSE_DIGEST) {
|
||||
if (!cms_copy_messageDigest(cms, si))
|
||||
goto err;
|
||||
if (!cms_set_si_contentType_attr(cms, si))
|
||||
goto err;
|
||||
if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
|
||||
!CMS_SignerInfo_sign(si))
|
||||
goto err;
|
||||
|
@ -558,8 +581,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
|
|||
*/
|
||||
|
||||
if (CMS_signed_get_attr_count(si) >= 0) {
|
||||
ASN1_OBJECT *ctype =
|
||||
cms->d.signedData->encapContentInfo->eContentType;
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
unsigned int mdlen;
|
||||
if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
|
||||
|
@ -568,9 +589,9 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
|
|||
V_ASN1_OCTET_STRING, md, mdlen))
|
||||
goto err;
|
||||
/* Copy content type across */
|
||||
if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
|
||||
V_ASN1_OBJECT, ctype, -1) <= 0)
|
||||
if (!cms_set_si_contentType_attr(cms, si))
|
||||
goto err;
|
||||
|
||||
if (!CMS_SignerInfo_sign(si))
|
||||
goto err;
|
||||
} else if (si->pctx) {
|
||||
|
@ -650,6 +671,9 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (!CMS_si_check_attributes(si))
|
||||
goto err;
|
||||
|
||||
if (si->pctx)
|
||||
pctx = si->pctx;
|
||||
else {
|
||||
|
@ -696,7 +720,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
|
|||
OPENSSL_free(abuf);
|
||||
EVP_MD_CTX_reset(mctx);
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
int CMS_SignerInfo_verify(CMS_SignerInfo *si)
|
||||
|
@ -711,6 +734,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (!CMS_si_check_attributes(si))
|
||||
return -1;
|
||||
|
||||
md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
|
||||
if (md == NULL)
|
||||
return -1;
|
||||
|
@ -871,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
|
|||
ASN1_INTEGER *key = NULL;
|
||||
if (keysize > 0) {
|
||||
key = ASN1_INTEGER_new();
|
||||
if (key == NULL || !ASN1_INTEGER_set(key, keysize))
|
||||
if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
|
||||
ASN1_INTEGER_free(key);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
alg = X509_ALGOR_new();
|
||||
if (alg == NULL) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -13,8 +13,8 @@
|
|||
#include <openssl/x509v3.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/cms.h>
|
||||
#include "cms_lcl.h"
|
||||
#include "internal/asn1_int.h"
|
||||
#include "cms_local.h"
|
||||
#include "crypto/asn1.h"
|
||||
|
||||
static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
|
||||
{
|
||||
|
@ -341,7 +341,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
|
|||
char *ptr;
|
||||
long len;
|
||||
len = BIO_get_mem_data(dcont, &ptr);
|
||||
tmpin = BIO_new_mem_buf(ptr, len);
|
||||
tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len);
|
||||
if (tmpin == NULL) {
|
||||
CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
|
||||
goto err2;
|
||||
|
@ -743,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
|
|||
cms->d.envelopedData->encryptedContentInfo->debug = 1;
|
||||
else
|
||||
cms->d.envelopedData->encryptedContentInfo->debug = 0;
|
||||
if (!cert)
|
||||
cms->d.envelopedData->encryptedContentInfo->havenocert = 1;
|
||||
else
|
||||
cms->d.envelopedData->encryptedContentInfo->havenocert = 0;
|
||||
if (!pk && !cert && !dcont && !out)
|
||||
return 1;
|
||||
if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue