1 /* $OpenBSD: pk7_lib.c,v 1.25 2022/11/26 16:08:54 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/err.h> 62 #include <openssl/objects.h> 63 #include <openssl/x509.h> 64 65 #include "asn1_local.h" 66 #include "evp_local.h" 67 #include "x509_local.h" 68 69 long 70 PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) 71 { 72 int nid; 73 long ret; 74 75 nid = OBJ_obj2nid(p7->type); 76 77 switch (cmd) { 78 case PKCS7_OP_SET_DETACHED_SIGNATURE: 79 if (nid == NID_pkcs7_signed) { 80 ret = p7->detached = (int)larg; 81 if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { 82 ASN1_OCTET_STRING *os; 83 os = p7->d.sign->contents->d.data; 84 ASN1_OCTET_STRING_free(os); 85 p7->d.sign->contents->d.data = NULL; 86 } 87 } else { 88 PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 89 ret = 0; 90 } 91 break; 92 case PKCS7_OP_GET_DETACHED_SIGNATURE: 93 if (nid == NID_pkcs7_signed) { 94 if (!p7->d.sign || !p7->d.sign->contents->d.ptr) 95 ret = 1; 96 else 97 ret = 0; 98 99 p7->detached = ret; 100 } else { 101 PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); 102 ret = 0; 103 } 104 105 break; 106 default: 107 PKCS7error(PKCS7_R_UNKNOWN_OPERATION); 108 ret = 0; 109 } 110 return (ret); 111 } 112 LCRYPTO_ALIAS(PKCS7_ctrl) 113 114 int 115 PKCS7_content_new(PKCS7 *p7, int type) 116 { 117 PKCS7 *ret = NULL; 118 119 if ((ret = PKCS7_new()) == NULL) 120 goto err; 121 if (!PKCS7_set_type(ret, type)) 122 goto err; 123 if (!PKCS7_set_content(p7, ret)) 124 goto err; 125 126 return (1); 127 err: 128 if (ret != NULL) 129 PKCS7_free(ret); 130 return (0); 131 } 132 LCRYPTO_ALIAS(PKCS7_content_new) 133 134 int 135 PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) 136 { 137 int i; 138 139 i = OBJ_obj2nid(p7->type); 140 switch (i) { 141 case NID_pkcs7_signed: 142 if (p7->d.sign->contents != NULL) 143 PKCS7_free(p7->d.sign->contents); 144 p7->d.sign->contents = p7_data; 145 break; 146 case NID_pkcs7_digest: 147 if (p7->d.digest->contents != NULL) 148 PKCS7_free(p7->d.digest->contents); 149 p7->d.digest->contents = p7_data; 150 break; 151 case NID_pkcs7_data: 152 case NID_pkcs7_enveloped: 153 case NID_pkcs7_signedAndEnveloped: 154 case NID_pkcs7_encrypted: 155 default: 156 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 157 goto err; 158 } 159 return (1); 160 err: 161 return (0); 162 } 163 LCRYPTO_ALIAS(PKCS7_set_content) 164 165 int 166 PKCS7_set_type(PKCS7 *p7, int type) 167 { 168 ASN1_OBJECT *obj; 169 170 /*PKCS7_content_free(p7);*/ 171 obj=OBJ_nid2obj(type); /* will not fail */ 172 173 switch (type) { 174 case NID_pkcs7_signed: 175 p7->type = obj; 176 if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL) 177 goto err; 178 if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) { 179 PKCS7_SIGNED_free(p7->d.sign); 180 p7->d.sign = NULL; 181 goto err; 182 } 183 break; 184 case NID_pkcs7_data: 185 p7->type = obj; 186 if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) 187 goto err; 188 break; 189 case NID_pkcs7_signedAndEnveloped: 190 p7->type = obj; 191 if ((p7->d.signed_and_enveloped = 192 PKCS7_SIGN_ENVELOPE_new()) == NULL) 193 goto err; 194 if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) 195 goto err; 196 p7->d.signed_and_enveloped->enc_data->content_type = 197 OBJ_nid2obj(NID_pkcs7_data); 198 break; 199 case NID_pkcs7_enveloped: 200 p7->type = obj; 201 if ((p7->d.enveloped = PKCS7_ENVELOPE_new()) == NULL) 202 goto err; 203 if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) 204 goto err; 205 p7->d.enveloped->enc_data->content_type = 206 OBJ_nid2obj(NID_pkcs7_data); 207 break; 208 case NID_pkcs7_encrypted: 209 p7->type = obj; 210 if ((p7->d.encrypted = PKCS7_ENCRYPT_new()) == NULL) 211 goto err; 212 if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) 213 goto err; 214 p7->d.encrypted->enc_data->content_type = 215 OBJ_nid2obj(NID_pkcs7_data); 216 break; 217 218 case NID_pkcs7_digest: 219 p7->type = obj; 220 if ((p7->d.digest = PKCS7_DIGEST_new()) == NULL) 221 goto err; 222 if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) 223 goto err; 224 break; 225 default: 226 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 227 goto err; 228 } 229 return (1); 230 err: 231 return (0); 232 } 233 LCRYPTO_ALIAS(PKCS7_set_type) 234 235 int 236 PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) 237 { 238 p7->type = OBJ_nid2obj(type); 239 p7->d.other = other; 240 return 1; 241 } 242 LCRYPTO_ALIAS(PKCS7_set0_type_other) 243 244 int 245 PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) 246 { 247 int i, j, nid; 248 X509_ALGOR *alg; 249 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; 250 STACK_OF(X509_ALGOR) *md_sk; 251 252 i = OBJ_obj2nid(p7->type); 253 switch (i) { 254 case NID_pkcs7_signed: 255 signer_sk = p7->d.sign->signer_info; 256 md_sk = p7->d.sign->md_algs; 257 break; 258 case NID_pkcs7_signedAndEnveloped: 259 signer_sk = p7->d.signed_and_enveloped->signer_info; 260 md_sk = p7->d.signed_and_enveloped->md_algs; 261 break; 262 default: 263 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); 264 return (0); 265 } 266 267 nid = OBJ_obj2nid(psi->digest_alg->algorithm); 268 269 /* If the digest is not currently listed, add it */ 270 j = 0; 271 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { 272 alg = sk_X509_ALGOR_value(md_sk, i); 273 if (OBJ_obj2nid(alg->algorithm) == nid) { 274 j = 1; 275 break; 276 } 277 } 278 if (!j) /* we need to add another algorithm */ 279 { 280 if (!(alg = X509_ALGOR_new()) || 281 !(alg->parameter = ASN1_TYPE_new())) { 282 X509_ALGOR_free(alg); 283 PKCS7error(ERR_R_MALLOC_FAILURE); 284 return (0); 285 } 286 alg->algorithm = OBJ_nid2obj(nid); 287 alg->parameter->type = V_ASN1_NULL; 288 if (!sk_X509_ALGOR_push(md_sk, alg)) { 289 X509_ALGOR_free(alg); 290 return 0; 291 } 292 } 293 294 if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) 295 return 0; 296 return (1); 297 } 298 LCRYPTO_ALIAS(PKCS7_add_signer) 299 300 int 301 PKCS7_add_certificate(PKCS7 *p7, X509 *x509) 302 { 303 int i; 304 STACK_OF(X509) **sk; 305 306 i = OBJ_obj2nid(p7->type); 307 switch (i) { 308 case NID_pkcs7_signed: 309 sk = &(p7->d.sign->cert); 310 break; 311 case NID_pkcs7_signedAndEnveloped: 312 sk = &(p7->d.signed_and_enveloped->cert); 313 break; 314 default: 315 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); 316 return (0); 317 } 318 319 if (*sk == NULL) 320 *sk = sk_X509_new_null(); 321 if (*sk == NULL) { 322 PKCS7error(ERR_R_MALLOC_FAILURE); 323 return 0; 324 } 325 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); 326 if (!sk_X509_push(*sk, x509)) { 327 X509_free(x509); 328 return 0; 329 } 330 return (1); 331 } 332 LCRYPTO_ALIAS(PKCS7_add_certificate) 333 334 int 335 PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) 336 { 337 int i; 338 STACK_OF(X509_CRL) **sk; 339 340 i = OBJ_obj2nid(p7->type); 341 switch (i) { 342 case NID_pkcs7_signed: 343 sk = &(p7->d.sign->crl); 344 break; 345 case NID_pkcs7_signedAndEnveloped: 346 sk = &(p7->d.signed_and_enveloped->crl); 347 break; 348 default: 349 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); 350 return (0); 351 } 352 353 if (*sk == NULL) 354 *sk = sk_X509_CRL_new_null(); 355 if (*sk == NULL) { 356 PKCS7error(ERR_R_MALLOC_FAILURE); 357 return 0; 358 } 359 360 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); 361 if (!sk_X509_CRL_push(*sk, crl)) { 362 X509_CRL_free(crl); 363 return 0; 364 } 365 return (1); 366 } 367 LCRYPTO_ALIAS(PKCS7_add_crl) 368 369 int 370 PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, 371 const EVP_MD *dgst) 372 { 373 int ret; 374 375 /* We now need to add another PKCS7_SIGNER_INFO entry */ 376 if (!ASN1_INTEGER_set(p7i->version, 1)) 377 goto err; 378 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 379 X509_get_issuer_name(x509))) 380 goto err; 381 382 /* because ASN1_INTEGER_set is used to set a 'long' we will do 383 * things the ugly way. */ 384 ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 385 if (!(p7i->issuer_and_serial->serial = 386 ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 387 goto err; 388 389 /* lets keep the pkey around for a while */ 390 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); 391 p7i->pkey = pkey; 392 393 /* Set the algorithms */ 394 395 X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), 396 V_ASN1_NULL, NULL); 397 398 if (pkey->ameth && pkey->ameth->pkey_ctrl) { 399 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 400 0, p7i); 401 if (ret > 0) 402 return 1; 403 if (ret != -2) { 404 PKCS7error(PKCS7_R_SIGNING_CTRL_FAILURE); 405 return 0; 406 } 407 } 408 PKCS7error(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 409 err: 410 return 0; 411 } 412 LCRYPTO_ALIAS(PKCS7_SIGNER_INFO_set) 413 414 PKCS7_SIGNER_INFO * 415 PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) 416 { 417 PKCS7_SIGNER_INFO *si = NULL; 418 419 if (dgst == NULL) { 420 int def_nid; 421 if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) 422 goto err; 423 dgst = EVP_get_digestbynid(def_nid); 424 if (dgst == NULL) { 425 PKCS7error(PKCS7_R_NO_DEFAULT_DIGEST); 426 goto err; 427 } 428 } 429 430 if ((si = PKCS7_SIGNER_INFO_new()) == NULL) 431 goto err; 432 if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) 433 goto err; 434 if (!PKCS7_add_signer(p7, si)) 435 goto err; 436 return (si); 437 err: 438 if (si) 439 PKCS7_SIGNER_INFO_free(si); 440 return (NULL); 441 } 442 LCRYPTO_ALIAS(PKCS7_add_signature) 443 444 int 445 PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) 446 { 447 if (PKCS7_type_is_digest(p7)) { 448 if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { 449 PKCS7error(ERR_R_MALLOC_FAILURE); 450 return 0; 451 } 452 p7->d.digest->md->parameter->type = V_ASN1_NULL; 453 p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); 454 return 1; 455 } 456 457 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); 458 return 1; 459 } 460 LCRYPTO_ALIAS(PKCS7_set_digest) 461 462 STACK_OF(PKCS7_SIGNER_INFO) * 463 PKCS7_get_signer_info(PKCS7 *p7) 464 { 465 if (p7 == NULL || p7->d.ptr == NULL) 466 return (NULL); 467 if (PKCS7_type_is_signed(p7)) { 468 return (p7->d.sign->signer_info); 469 } else if (PKCS7_type_is_signedAndEnveloped(p7)) { 470 return (p7->d.signed_and_enveloped->signer_info); 471 } else 472 return (NULL); 473 } 474 LCRYPTO_ALIAS(PKCS7_get_signer_info) 475 476 void 477 PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, 478 X509_ALGOR **pdig, X509_ALGOR **psig) 479 { 480 if (pk) 481 *pk = si->pkey; 482 if (pdig) 483 *pdig = si->digest_alg; 484 if (psig) 485 *psig = si->digest_enc_alg; 486 } 487 LCRYPTO_ALIAS(PKCS7_SIGNER_INFO_get0_algs) 488 489 void 490 PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) 491 { 492 if (penc) 493 *penc = ri->key_enc_algor; 494 } 495 LCRYPTO_ALIAS(PKCS7_RECIP_INFO_get0_alg) 496 497 PKCS7_RECIP_INFO * 498 PKCS7_add_recipient(PKCS7 *p7, X509 *x509) 499 { 500 PKCS7_RECIP_INFO *ri; 501 502 if ((ri = PKCS7_RECIP_INFO_new()) == NULL) 503 goto err; 504 if (!PKCS7_RECIP_INFO_set(ri, x509)) 505 goto err; 506 if (!PKCS7_add_recipient_info(p7, ri)) 507 goto err; 508 return ri; 509 err: 510 if (ri) 511 PKCS7_RECIP_INFO_free(ri); 512 return NULL; 513 } 514 LCRYPTO_ALIAS(PKCS7_add_recipient) 515 516 int 517 PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) 518 { 519 int i; 520 STACK_OF(PKCS7_RECIP_INFO) *sk; 521 522 i = OBJ_obj2nid(p7->type); 523 switch (i) { 524 case NID_pkcs7_signedAndEnveloped: 525 sk = p7->d.signed_and_enveloped->recipientinfo; 526 break; 527 case NID_pkcs7_enveloped: 528 sk = p7->d.enveloped->recipientinfo; 529 break; 530 default: 531 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); 532 return (0); 533 } 534 535 if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) 536 return 0; 537 return (1); 538 } 539 LCRYPTO_ALIAS(PKCS7_add_recipient_info) 540 541 int 542 PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) 543 { 544 int ret; 545 EVP_PKEY *pkey = NULL; 546 if (!ASN1_INTEGER_set(p7i->version, 0)) 547 return 0; 548 if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, 549 X509_get_issuer_name(x509))) 550 return 0; 551 552 ASN1_INTEGER_free(p7i->issuer_and_serial->serial); 553 if (!(p7i->issuer_and_serial->serial = 554 ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) 555 return 0; 556 557 pkey = X509_get_pubkey(x509); 558 559 if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { 560 PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 561 goto err; 562 } 563 564 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 565 0, p7i); 566 if (ret == -2) { 567 PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 568 goto err; 569 } 570 if (ret <= 0) { 571 PKCS7error(PKCS7_R_ENCRYPTION_CTRL_FAILURE); 572 goto err; 573 } 574 575 EVP_PKEY_free(pkey); 576 577 CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); 578 p7i->cert = x509; 579 580 return 1; 581 582 err: 583 EVP_PKEY_free(pkey); 584 return 0; 585 } 586 LCRYPTO_ALIAS(PKCS7_RECIP_INFO_set) 587 588 X509 * 589 PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) 590 { 591 if (PKCS7_type_is_signed(p7)) 592 return(X509_find_by_issuer_and_serial(p7->d.sign->cert, 593 si->issuer_and_serial->issuer, 594 si->issuer_and_serial->serial)); 595 else 596 return (NULL); 597 } 598 LCRYPTO_ALIAS(PKCS7_cert_from_signer_info) 599 600 int 601 PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) 602 { 603 int i; 604 PKCS7_ENC_CONTENT *ec; 605 606 i = OBJ_obj2nid(p7->type); 607 switch (i) { 608 case NID_pkcs7_signedAndEnveloped: 609 ec = p7->d.signed_and_enveloped->enc_data; 610 break; 611 case NID_pkcs7_enveloped: 612 ec = p7->d.enveloped->enc_data; 613 break; 614 default: 615 PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); 616 return (0); 617 } 618 619 /* Check cipher OID exists and has data in it*/ 620 i = EVP_CIPHER_type(cipher); 621 if (i == NID_undef) { 622 PKCS7error(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 623 return (0); 624 } 625 626 ec->cipher = cipher; 627 return 1; 628 } 629 LCRYPTO_ALIAS(PKCS7_set_cipher) 630 631 int 632 PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) 633 { 634 ASN1_OCTET_STRING *os = NULL; 635 636 switch (OBJ_obj2nid(p7->type)) { 637 case NID_pkcs7_data: 638 os = p7->d.data; 639 break; 640 641 case NID_pkcs7_signedAndEnveloped: 642 os = p7->d.signed_and_enveloped->enc_data->enc_data; 643 if (os == NULL) { 644 os = ASN1_OCTET_STRING_new(); 645 p7->d.signed_and_enveloped->enc_data->enc_data = os; 646 } 647 break; 648 649 case NID_pkcs7_enveloped: 650 os = p7->d.enveloped->enc_data->enc_data; 651 if (os == NULL) { 652 os = ASN1_OCTET_STRING_new(); 653 p7->d.enveloped->enc_data->enc_data = os; 654 } 655 break; 656 657 case NID_pkcs7_signed: 658 os = p7->d.sign->contents->d.data; 659 break; 660 661 default: 662 os = NULL; 663 break; 664 } 665 666 if (os == NULL) 667 return 0; 668 669 os->flags |= ASN1_STRING_FLAG_NDEF; 670 *boundary = &os->data; 671 672 return 1; 673 } 674 LCRYPTO_ALIAS(PKCS7_stream) 675