diff options
author | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:56:39 +0000 |
---|---|---|
committer | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:56:39 +0000 |
commit | 58964a492275ca9a59a0cd9c8155cb2491b4b909 (patch) | |
tree | c7b16876a5789463bbbb468ef4829c8129b3d718 /crypto/pkcs7/pk7_doit.c | |
parent | d02b48c63a58ea4367a0e905979f140b7d090f86 (diff) | |
download | openssl-58964a492275ca9a59a0cd9c8155cb2491b4b909.tar.gz |
Import of old SSLeay release: SSLeay 0.9.0b
Diffstat (limited to 'crypto/pkcs7/pk7_doit.c')
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 135 |
1 files changed, 108 insertions, 27 deletions
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 32a2a45226..b5689b3fe4 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* crypto/pkcs7/pk7_doit.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "rand.h" #include "objects.h" #include "x509.h" @@ -69,6 +70,11 @@ BIO *bio; BIO *out=NULL,*btmp; X509_ALGOR *xa; EVP_MD *evp_md; + EVP_CIPHER *evp_cipher=NULL; + STACK *md_sk=NULL,*rsk=NULL; + X509_ALGOR *xalg=NULL; + PKCS7_RECIP_INFO *ri=NULL; + EVP_PKEY *pkey; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -76,9 +82,29 @@ BIO *bio; switch (i) { case NID_pkcs7_signed: - for (i=0; i<sk_num(p7->d.sign->md_algs); i++) + md_sk=p7->d.sign->md_algs; + break; + case NID_pkcs7_signedAndEnveloped: + rsk=p7->d.signed_and_enveloped->recipientinfo; + md_sk=p7->d.signed_and_enveloped->md_algs; + evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm))); + if (evp_cipher == NULL) + { + PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + goto err; + } + xalg=p7->d.signed_and_enveloped->enc_data->algorithm; + break; + default: + PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + if (md_sk != NULL) + { + for (i=0; i<sk_num(md_sk); i++) { - xa=(X509_ALGOR *)sk_value(p7->d.sign->md_algs,i); + xa=(X509_ALGOR *)sk_value(md_sk,i); if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err; j=OBJ_obj2nid(xa->algorithm); @@ -95,12 +121,61 @@ BIO *bio; else BIO_push(out,btmp); } - break; - default: - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; } - if (bio == NULL) + + if (evp_cipher != NULL) + { + unsigned char key[EVP_MAX_KEY_LENGTH]; + unsigned char iv[EVP_MAX_IV_LENGTH]; + int keylen,ivlen; + int jj,max; + unsigned char *tmp; + + if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err; + keylen=EVP_CIPHER_key_length(evp_cipher); + ivlen=EVP_CIPHER_iv_length(evp_cipher); + + if (ivlen > 0) + { + ASN1_OCTET_STRING *os; + + RAND_bytes(iv,ivlen); + os=ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(os,iv,ivlen); + /* ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING, + (char *)os); + */ } + RAND_bytes(key,keylen); + + /* Lets do the pub key stuff :-) */ + max=0; + for (i=0; i<sk_num(rsk); i++) + { + ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); + if (ri->cert == NULL) abort(); + pkey=X509_get_pubkey(ri->cert); + jj=EVP_PKEY_size(pkey); + if (max < jj) max=jj; + } + if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort(); + for (i=0; i<sk_num(rsk); i++) + { + ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); + pkey=X509_get_pubkey(ri->cert); + jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); + if (jj <= 0) abort(); + ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); + } + + BIO_set_cipher(btmp,evp_cipher,key,iv,1); + + if (out == NULL) + out=btmp; + else + BIO_push(out,btmp); + } + + if (bio == NULL) /* ??????????? */ { if (p7->detached) bio=BIO_new(BIO_s_null()); @@ -114,7 +189,8 @@ BIO *bio; os=p7->d.sign->contents->d.data; if (os->length > 0) - BIO_write(bio,os->data,os->length); + BIO_write(bio,(char *)os->data, + os->length); } } } @@ -135,22 +211,35 @@ BIO *bio; BUF_MEM *buf=NULL; PKCS7_SIGNER_INFO *si; EVP_MD_CTX *mdc,ctx_tmp; - STACK *sk; + STACK *sk,*si_sk=NULL; unsigned char *p,*pp=NULL; int x; + ASN1_OCTET_STRING *os=NULL; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; switch (i) { + case NID_pkcs7_signedAndEnveloped: + /* XXXXXXXXXXXXXXXX */ + si_sk=p7->d.signed_and_enveloped->signer_info; + os=ASN1_OCTET_STRING_new(); + p7->d.signed_and_enveloped->enc_data->enc_data=os; + break; case NID_pkcs7_signed: + si_sk=p7->d.sign->signer_info; + os=p7->d.sign->contents->d.data; + break; + } + if (si_sk != NULL) + { if ((buf=BUF_MEM_new()) == NULL) goto err; - for (i=0; i<sk_num(p7->d.sign->signer_info); i++) + for (i=0; i<sk_num(si_sk); i++) { si=(PKCS7_SIGNER_INFO *) - sk_value(p7->d.sign->signer_info,i); + sk_value(si_sk,i); if (si->pkey == NULL) continue; j=OBJ_obj2nid(si->digest_enc_alg->algorithm); @@ -161,13 +250,13 @@ BIO *bio; if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; } BIO_get_md_ctx(btmp,&mdc); if (mdc == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_INTERNAL_ERROR); + PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR); goto err; } if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j) @@ -195,40 +284,31 @@ BIO *bio; Free(pp); } - if (!EVP_SignFinal(&ctx_tmp,buf->data, + if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, (unsigned int *)&buf->length,si->pkey)) goto err; if (!ASN1_STRING_set(si->enc_digest, (unsigned char *)buf->data,buf->length)) goto err; - } if (p7->detached) - PKCS7_content_free(p7->d.sign->contents); + ASN1_OCTET_STRING_set(os,(unsigned char *)"",0); else { btmp=BIO_find_type(bio,BIO_TYPE_MEM); if (btmp == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); goto err; } BIO_get_mem_ptr(btmp,&buf_mem); - ASN1_OCTET_STRING_set(p7->d.sign->contents->d.data, + ASN1_OCTET_STRING_set(os, (unsigned char *)buf_mem->data,buf_mem->length); } if (pp != NULL) Free(pp); pp=NULL; - break; - default: - PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; } - if (p7->detached) - { - - } ret=1; err: if (buf != NULL) BUF_MEM_free(buf); @@ -253,6 +333,7 @@ PKCS7_SIGNER_INFO *si; X509 *x509; if (!PKCS7_type_is_signed(p7)) abort(); + /* XXXXXXXXXXXXXXXXXXXXXXX */ ias=si->issuer_and_serial; s=p7->d.sign; |