1 | /* |
2 | * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <openssl/asn1t.h> |
11 | #include <openssl/x509v3.h> |
12 | #include <openssl/err.h> |
13 | #include <openssl/pem.h> |
14 | #include <openssl/bio.h> |
15 | #include <openssl/asn1.h> |
16 | #include <openssl/cms.h> |
17 | #include "cms_local.h" |
18 | |
19 | IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) |
20 | IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) |
21 | |
22 | const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms) |
23 | { |
24 | return cms->contentType; |
25 | } |
26 | |
27 | CMS_ContentInfo *cms_Data_create(void) |
28 | { |
29 | CMS_ContentInfo *cms; |
30 | cms = CMS_ContentInfo_new(); |
31 | if (cms != NULL) { |
32 | cms->contentType = OBJ_nid2obj(NID_pkcs7_data); |
33 | /* Never detached */ |
34 | CMS_set_detached(cms, 0); |
35 | } |
36 | return cms; |
37 | } |
38 | |
39 | BIO *cms_content_bio(CMS_ContentInfo *cms) |
40 | { |
41 | ASN1_OCTET_STRING **pos = CMS_get0_content(cms); |
42 | |
43 | if (pos == NULL) |
44 | return NULL; |
45 | /* If content detached data goes nowhere: create NULL BIO */ |
46 | if (*pos == NULL) |
47 | return BIO_new(BIO_s_null()); |
48 | /* |
49 | * If content not detached and created return memory BIO |
50 | */ |
51 | if (*pos == NULL || ((*pos)->flags == ASN1_STRING_FLAG_CONT)) |
52 | return BIO_new(BIO_s_mem()); |
53 | /* Else content was read in: return read only BIO for it */ |
54 | return BIO_new_mem_buf((*pos)->data, (*pos)->length); |
55 | } |
56 | |
57 | BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) |
58 | { |
59 | BIO *cmsbio, *cont; |
60 | if (icont) |
61 | cont = icont; |
62 | else |
63 | cont = cms_content_bio(cms); |
64 | if (!cont) { |
65 | CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT); |
66 | return NULL; |
67 | } |
68 | switch (OBJ_obj2nid(cms->contentType)) { |
69 | |
70 | case NID_pkcs7_data: |
71 | return cont; |
72 | |
73 | case NID_pkcs7_signed: |
74 | cmsbio = cms_SignedData_init_bio(cms); |
75 | break; |
76 | |
77 | case NID_pkcs7_digest: |
78 | cmsbio = cms_DigestedData_init_bio(cms); |
79 | break; |
80 | #ifdef ZLIB |
81 | case NID_id_smime_ct_compressedData: |
82 | cmsbio = cms_CompressedData_init_bio(cms); |
83 | break; |
84 | #endif |
85 | |
86 | case NID_pkcs7_encrypted: |
87 | cmsbio = cms_EncryptedData_init_bio(cms); |
88 | break; |
89 | |
90 | case NID_pkcs7_enveloped: |
91 | cmsbio = cms_EnvelopedData_init_bio(cms); |
92 | break; |
93 | |
94 | default: |
95 | CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); |
96 | return NULL; |
97 | } |
98 | |
99 | if (cmsbio) |
100 | return BIO_push(cmsbio, cont); |
101 | |
102 | if (!icont) |
103 | BIO_free(cont); |
104 | return NULL; |
105 | |
106 | } |
107 | |
108 | /* unfortunately cannot constify SMIME_write_ASN1() due to this function */ |
109 | int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) |
110 | { |
111 | ASN1_OCTET_STRING **pos = CMS_get0_content(cms); |
112 | |
113 | if (pos == NULL) |
114 | return 0; |
115 | /* If embedded content find memory BIO and set content */ |
116 | if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) { |
117 | BIO *mbio; |
118 | unsigned char *cont; |
119 | long contlen; |
120 | mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); |
121 | if (!mbio) { |
122 | CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND); |
123 | return 0; |
124 | } |
125 | contlen = BIO_get_mem_data(mbio, &cont); |
126 | /* Set bio as read only so its content can't be clobbered */ |
127 | BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); |
128 | BIO_set_mem_eof_return(mbio, 0); |
129 | ASN1_STRING_set0(*pos, cont, contlen); |
130 | (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; |
131 | } |
132 | |
133 | switch (OBJ_obj2nid(cms->contentType)) { |
134 | |
135 | case NID_pkcs7_data: |
136 | case NID_pkcs7_enveloped: |
137 | case NID_pkcs7_encrypted: |
138 | case NID_id_smime_ct_compressedData: |
139 | /* Nothing to do */ |
140 | return 1; |
141 | |
142 | case NID_pkcs7_signed: |
143 | return cms_SignedData_final(cms, cmsbio); |
144 | |
145 | case NID_pkcs7_digest: |
146 | return cms_DigestedData_do_final(cms, cmsbio, 0); |
147 | |
148 | default: |
149 | CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE); |
150 | return 0; |
151 | } |
152 | } |
153 | |
154 | /* |
155 | * Return an OCTET STRING pointer to content. This allows it to be accessed |
156 | * or set later. |
157 | */ |
158 | |
159 | ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) |
160 | { |
161 | switch (OBJ_obj2nid(cms->contentType)) { |
162 | |
163 | case NID_pkcs7_data: |
164 | return &cms->d.data; |
165 | |
166 | case NID_pkcs7_signed: |
167 | return &cms->d.signedData->encapContentInfo->eContent; |
168 | |
169 | case NID_pkcs7_enveloped: |
170 | return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; |
171 | |
172 | case NID_pkcs7_digest: |
173 | return &cms->d.digestedData->encapContentInfo->eContent; |
174 | |
175 | case NID_pkcs7_encrypted: |
176 | return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; |
177 | |
178 | case NID_id_smime_ct_authData: |
179 | return &cms->d.authenticatedData->encapContentInfo->eContent; |
180 | |
181 | case NID_id_smime_ct_compressedData: |
182 | return &cms->d.compressedData->encapContentInfo->eContent; |
183 | |
184 | default: |
185 | if (cms->d.other->type == V_ASN1_OCTET_STRING) |
186 | return &cms->d.other->value.octet_string; |
187 | CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); |
188 | return NULL; |
189 | |
190 | } |
191 | } |
192 | |
193 | /* |
194 | * Return an ASN1_OBJECT pointer to content type. This allows it to be |
195 | * accessed or set later. |
196 | */ |
197 | |
198 | static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) |
199 | { |
200 | switch (OBJ_obj2nid(cms->contentType)) { |
201 | |
202 | case NID_pkcs7_signed: |
203 | return &cms->d.signedData->encapContentInfo->eContentType; |
204 | |
205 | case NID_pkcs7_enveloped: |
206 | return &cms->d.envelopedData->encryptedContentInfo->contentType; |
207 | |
208 | case NID_pkcs7_digest: |
209 | return &cms->d.digestedData->encapContentInfo->eContentType; |
210 | |
211 | case NID_pkcs7_encrypted: |
212 | return &cms->d.encryptedData->encryptedContentInfo->contentType; |
213 | |
214 | case NID_id_smime_ct_authData: |
215 | return &cms->d.authenticatedData->encapContentInfo->eContentType; |
216 | |
217 | case NID_id_smime_ct_compressedData: |
218 | return &cms->d.compressedData->encapContentInfo->eContentType; |
219 | |
220 | default: |
221 | CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE); |
222 | return NULL; |
223 | |
224 | } |
225 | } |
226 | |
227 | const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) |
228 | { |
229 | ASN1_OBJECT **petype; |
230 | petype = cms_get0_econtent_type(cms); |
231 | if (petype) |
232 | return *petype; |
233 | return NULL; |
234 | } |
235 | |
236 | int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) |
237 | { |
238 | ASN1_OBJECT **petype, *etype; |
239 | |
240 | petype = cms_get0_econtent_type(cms); |
241 | if (petype == NULL) |
242 | return 0; |
243 | if (oid == NULL) |
244 | return 1; |
245 | etype = OBJ_dup(oid); |
246 | if (etype == NULL) |
247 | return 0; |
248 | ASN1_OBJECT_free(*petype); |
249 | *petype = etype; |
250 | return 1; |
251 | } |
252 | |
253 | int CMS_is_detached(CMS_ContentInfo *cms) |
254 | { |
255 | ASN1_OCTET_STRING **pos; |
256 | |
257 | pos = CMS_get0_content(cms); |
258 | if (pos == NULL) |
259 | return -1; |
260 | if (*pos != NULL) |
261 | return 0; |
262 | return 1; |
263 | } |
264 | |
265 | int CMS_set_detached(CMS_ContentInfo *cms, int detached) |
266 | { |
267 | ASN1_OCTET_STRING **pos; |
268 | |
269 | pos = CMS_get0_content(cms); |
270 | if (pos == NULL) |
271 | return 0; |
272 | if (detached) { |
273 | ASN1_OCTET_STRING_free(*pos); |
274 | *pos = NULL; |
275 | return 1; |
276 | } |
277 | if (*pos == NULL) |
278 | *pos = ASN1_OCTET_STRING_new(); |
279 | if (*pos != NULL) { |
280 | /* |
281 | * NB: special flag to show content is created and not read in. |
282 | */ |
283 | (*pos)->flags |= ASN1_STRING_FLAG_CONT; |
284 | return 1; |
285 | } |
286 | CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); |
287 | return 0; |
288 | } |
289 | |
290 | /* Create a digest BIO from an X509_ALGOR structure */ |
291 | |
292 | BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) |
293 | { |
294 | BIO *mdbio = NULL; |
295 | const ASN1_OBJECT *digestoid; |
296 | const EVP_MD *digest; |
297 | X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); |
298 | digest = EVP_get_digestbyobj(digestoid); |
299 | if (!digest) { |
300 | CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, |
301 | CMS_R_UNKNOWN_DIGEST_ALGORITHM); |
302 | goto err; |
303 | } |
304 | mdbio = BIO_new(BIO_f_md()); |
305 | if (mdbio == NULL || !BIO_set_md(mdbio, digest)) { |
306 | CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR); |
307 | goto err; |
308 | } |
309 | return mdbio; |
310 | err: |
311 | BIO_free(mdbio); |
312 | return NULL; |
313 | } |
314 | |
315 | /* Locate a message digest content from a BIO chain based on SignerInfo */ |
316 | |
317 | int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, |
318 | X509_ALGOR *mdalg) |
319 | { |
320 | int nid; |
321 | const ASN1_OBJECT *mdoid; |
322 | X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); |
323 | nid = OBJ_obj2nid(mdoid); |
324 | /* Look for digest type to match signature */ |
325 | for (;;) { |
326 | EVP_MD_CTX *mtmp; |
327 | chain = BIO_find_type(chain, BIO_TYPE_MD); |
328 | if (chain == NULL) { |
329 | CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, |
330 | CMS_R_NO_MATCHING_DIGEST); |
331 | return 0; |
332 | } |
333 | BIO_get_md_ctx(chain, &mtmp); |
334 | if (EVP_MD_CTX_type(mtmp) == nid |
335 | /* |
336 | * Workaround for broken implementations that use signature |
337 | * algorithm OID instead of digest. |
338 | */ |
339 | || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) |
340 | return EVP_MD_CTX_copy_ex(mctx, mtmp); |
341 | chain = BIO_next(chain); |
342 | } |
343 | } |
344 | |
345 | static STACK_OF(CMS_CertificateChoices) |
346 | **cms_get0_certificate_choices(CMS_ContentInfo *cms) |
347 | { |
348 | switch (OBJ_obj2nid(cms->contentType)) { |
349 | |
350 | case NID_pkcs7_signed: |
351 | return &cms->d.signedData->certificates; |
352 | |
353 | case NID_pkcs7_enveloped: |
354 | if (cms->d.envelopedData->originatorInfo == NULL) |
355 | return NULL; |
356 | return &cms->d.envelopedData->originatorInfo->certificates; |
357 | |
358 | default: |
359 | CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, |
360 | CMS_R_UNSUPPORTED_CONTENT_TYPE); |
361 | return NULL; |
362 | |
363 | } |
364 | } |
365 | |
366 | CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) |
367 | { |
368 | STACK_OF(CMS_CertificateChoices) **pcerts; |
369 | CMS_CertificateChoices *cch; |
370 | |
371 | pcerts = cms_get0_certificate_choices(cms); |
372 | if (pcerts == NULL) |
373 | return NULL; |
374 | if (*pcerts == NULL) |
375 | *pcerts = sk_CMS_CertificateChoices_new_null(); |
376 | if (*pcerts == NULL) |
377 | return NULL; |
378 | cch = M_ASN1_new_of(CMS_CertificateChoices); |
379 | if (!cch) |
380 | return NULL; |
381 | if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) { |
382 | M_ASN1_free_of(cch, CMS_CertificateChoices); |
383 | return NULL; |
384 | } |
385 | return cch; |
386 | } |
387 | |
388 | int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) |
389 | { |
390 | CMS_CertificateChoices *cch; |
391 | STACK_OF(CMS_CertificateChoices) **pcerts; |
392 | int i; |
393 | |
394 | pcerts = cms_get0_certificate_choices(cms); |
395 | if (pcerts == NULL) |
396 | return 0; |
397 | for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { |
398 | cch = sk_CMS_CertificateChoices_value(*pcerts, i); |
399 | if (cch->type == CMS_CERTCHOICE_CERT) { |
400 | if (!X509_cmp(cch->d.certificate, cert)) { |
401 | CMSerr(CMS_F_CMS_ADD0_CERT, |
402 | CMS_R_CERTIFICATE_ALREADY_PRESENT); |
403 | return 0; |
404 | } |
405 | } |
406 | } |
407 | cch = CMS_add0_CertificateChoices(cms); |
408 | if (!cch) |
409 | return 0; |
410 | cch->type = CMS_CERTCHOICE_CERT; |
411 | cch->d.certificate = cert; |
412 | return 1; |
413 | } |
414 | |
415 | int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) |
416 | { |
417 | int r; |
418 | r = CMS_add0_cert(cms, cert); |
419 | if (r > 0) |
420 | X509_up_ref(cert); |
421 | return r; |
422 | } |
423 | |
424 | static STACK_OF(CMS_RevocationInfoChoice) |
425 | **cms_get0_revocation_choices(CMS_ContentInfo *cms) |
426 | { |
427 | switch (OBJ_obj2nid(cms->contentType)) { |
428 | |
429 | case NID_pkcs7_signed: |
430 | return &cms->d.signedData->crls; |
431 | |
432 | case NID_pkcs7_enveloped: |
433 | if (cms->d.envelopedData->originatorInfo == NULL) |
434 | return NULL; |
435 | return &cms->d.envelopedData->originatorInfo->crls; |
436 | |
437 | default: |
438 | CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, |
439 | CMS_R_UNSUPPORTED_CONTENT_TYPE); |
440 | return NULL; |
441 | |
442 | } |
443 | } |
444 | |
445 | CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) |
446 | { |
447 | STACK_OF(CMS_RevocationInfoChoice) **pcrls; |
448 | CMS_RevocationInfoChoice *rch; |
449 | |
450 | pcrls = cms_get0_revocation_choices(cms); |
451 | if (pcrls == NULL) |
452 | return NULL; |
453 | if (*pcrls == NULL) |
454 | *pcrls = sk_CMS_RevocationInfoChoice_new_null(); |
455 | if (*pcrls == NULL) |
456 | return NULL; |
457 | rch = M_ASN1_new_of(CMS_RevocationInfoChoice); |
458 | if (rch == NULL) |
459 | return NULL; |
460 | if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) { |
461 | M_ASN1_free_of(rch, CMS_RevocationInfoChoice); |
462 | return NULL; |
463 | } |
464 | return rch; |
465 | } |
466 | |
467 | int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) |
468 | { |
469 | CMS_RevocationInfoChoice *rch; |
470 | rch = CMS_add0_RevocationInfoChoice(cms); |
471 | if (!rch) |
472 | return 0; |
473 | rch->type = CMS_REVCHOICE_CRL; |
474 | rch->d.crl = crl; |
475 | return 1; |
476 | } |
477 | |
478 | int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) |
479 | { |
480 | int r; |
481 | r = CMS_add0_crl(cms, crl); |
482 | if (r > 0) |
483 | X509_CRL_up_ref(crl); |
484 | return r; |
485 | } |
486 | |
487 | STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) |
488 | { |
489 | STACK_OF(X509) *certs = NULL; |
490 | CMS_CertificateChoices *cch; |
491 | STACK_OF(CMS_CertificateChoices) **pcerts; |
492 | int i; |
493 | |
494 | pcerts = cms_get0_certificate_choices(cms); |
495 | if (pcerts == NULL) |
496 | return NULL; |
497 | for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { |
498 | cch = sk_CMS_CertificateChoices_value(*pcerts, i); |
499 | if (cch->type == 0) { |
500 | if (!certs) { |
501 | certs = sk_X509_new_null(); |
502 | if (!certs) |
503 | return NULL; |
504 | } |
505 | if (!sk_X509_push(certs, cch->d.certificate)) { |
506 | sk_X509_pop_free(certs, X509_free); |
507 | return NULL; |
508 | } |
509 | X509_up_ref(cch->d.certificate); |
510 | } |
511 | } |
512 | return certs; |
513 | |
514 | } |
515 | |
516 | STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) |
517 | { |
518 | STACK_OF(X509_CRL) *crls = NULL; |
519 | STACK_OF(CMS_RevocationInfoChoice) **pcrls; |
520 | CMS_RevocationInfoChoice *rch; |
521 | int i; |
522 | |
523 | pcrls = cms_get0_revocation_choices(cms); |
524 | if (pcrls == NULL) |
525 | return NULL; |
526 | for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) { |
527 | rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); |
528 | if (rch->type == 0) { |
529 | if (!crls) { |
530 | crls = sk_X509_CRL_new_null(); |
531 | if (!crls) |
532 | return NULL; |
533 | } |
534 | if (!sk_X509_CRL_push(crls, rch->d.crl)) { |
535 | sk_X509_CRL_pop_free(crls, X509_CRL_free); |
536 | return NULL; |
537 | } |
538 | X509_CRL_up_ref(rch->d.crl); |
539 | } |
540 | } |
541 | return crls; |
542 | } |
543 | |
544 | int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) |
545 | { |
546 | int ret; |
547 | ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert)); |
548 | if (ret) |
549 | return ret; |
550 | return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert)); |
551 | } |
552 | |
553 | int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) |
554 | { |
555 | const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert); |
556 | |
557 | if (cert_keyid == NULL) |
558 | return -1; |
559 | return ASN1_OCTET_STRING_cmp(keyid, cert_keyid); |
560 | } |
561 | |
562 | int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) |
563 | { |
564 | CMS_IssuerAndSerialNumber *ias; |
565 | ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber); |
566 | if (!ias) |
567 | goto err; |
568 | if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert))) |
569 | goto err; |
570 | if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert))) |
571 | goto err; |
572 | M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); |
573 | *pias = ias; |
574 | return 1; |
575 | err: |
576 | M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); |
577 | CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE); |
578 | return 0; |
579 | } |
580 | |
581 | int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) |
582 | { |
583 | ASN1_OCTET_STRING *keyid = NULL; |
584 | const ASN1_OCTET_STRING *cert_keyid; |
585 | cert_keyid = X509_get0_subject_key_id(cert); |
586 | if (cert_keyid == NULL) { |
587 | CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID); |
588 | return 0; |
589 | } |
590 | keyid = ASN1_STRING_dup(cert_keyid); |
591 | if (!keyid) { |
592 | CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE); |
593 | return 0; |
594 | } |
595 | ASN1_OCTET_STRING_free(*pkeyid); |
596 | *pkeyid = keyid; |
597 | return 1; |
598 | } |
599 | |