for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
cch = sk_CMS_CertificateChoices_value(certs, j);
- if (cch->type != 0)
+ if (cch->type != CMS_CERTCHOICE_CERT)
continue;
x = cch->d.certificate;
if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
X509_STORE *store,
- STACK_OF(X509) *certs,
+ STACK_OF(X509) *untrusted,
STACK_OF(X509_CRL) *crls,
STACK_OF(X509) **chain,
const CMS_CTX *cms_ctx)
goto err;
}
CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
- if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
+ if (!X509_STORE_CTX_init(ctx, store, signer, untrusted)) {
ERR_raise(ERR_LIB_CMS, CMS_R_STORE_INIT_ERROR);
goto err;
}
}
+/* This strongly overlaps with PKCS7_verify() */
int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
{
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
- if (signer)
+ if (signer != NULL)
scount++;
}
return 0;
}
+/* This strongly overlaps with CMS_verify(), partly with PKCS7_dataVerify() */
int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
BIO *indata, BIO *out, int flags)
{
}
/* Check for no data and no content: no data to verify signature */
- if (PKCS7_get_detached(p7) && !indata) {
+ if (PKCS7_get_detached(p7) && indata == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
return 0;
}
* tools like osslsigncode need it. In Authenticode the verification
* process is different, but the existing PKCs7 verification works.
*/
- if (!PKCS7_get_detached(p7) && indata) {
+ if (!PKCS7_get_detached(p7) && indata != NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CONTENT_AND_DATA_PRESENT);
return 0;
}
err:
X509_STORE_CTX_free(cert_ctx);
OPENSSL_free(buf);
- if (indata)
+ if (indata != NULL)
BIO_pop(p7bio);
BIO_free_all(p7bio);
sk_X509_free(signers);
ias = si->issuer_and_serial;
signer = NULL;
/* If any certificates passed they take priority */
- if (certs)
+ if (certs != NULL)
signer = X509_find_by_issuer_and_serial(certs,
ias->issuer, ias->serial);
- if (!signer && !(flags & PKCS7_NOINTERN)
+ if (signer == NULL && !(flags & PKCS7_NOINTERN)
&& p7->d.sign->cert)
signer =
X509_find_by_issuer_and_serial(p7->d.sign->cert,
ias->issuer, ias->serial);
- if (!signer) {
+ if (signer == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
sk_X509_free(signers);
return 0;
typedef struct pkcs7_signed_st {
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
- STACK_OF(X509) *cert; /* [ 0 ] */
- STACK_OF(X509_CRL) *crl; /* [ 1 ] */
+ STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */
+ STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
typedef struct pkcs7_signedandenveloped_st {
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
- STACK_OF(X509) *cert; /* [ 0 ] */
- STACK_OF(X509_CRL) *crl; /* [ 1 ] */
+ STACK_OF(X509) *cert; /* [ 0 ] */ /* name should be 'certificates' */
+ STACK_OF(X509_CRL) *crl; /* [ 1 ] */ /* name should be 'crls' */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
PKCS7_ENC_CONTENT *enc_data;
STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
/* NID_pkcs7_data */
ASN1_OCTET_STRING *data;
/* NID_pkcs7_signed */
- PKCS7_SIGNED *sign;
+ PKCS7_SIGNED *sign; /* field name 'signed' would clash with C keyword */
/* NID_pkcs7_enveloped */
PKCS7_ENVELOPE *enveloped;
/* NID_pkcs7_signedAndEnveloped */
const EVP_MD *dgst);
int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
int PKCS7_content_new(PKCS7 *p7, int nid);
int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);