Bug Summary

File:out/../deps/openssl/openssl/crypto/cms/cms_ess.c
Warning:line 219, column 24
Access to field 'digestAlgorithm' results in a dereference of a null pointer (loaded from variable 'si')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name cms_ess.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/cms/cms_ess.c
1/*
2 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include "internal/cryptlib.h"
11#include <openssl/asn1t.h>
12#include <openssl/pem.h>
13#include <openssl/rand.h>
14#include <openssl/x509v3.h>
15#include <openssl/err.h>
16#include <openssl/cms.h>
17#include <openssl/ess.h>
18#include "crypto/ess.h"
19#include "crypto/x509.h"
20#include "cms_local.h"
21
22IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)CMS_ReceiptRequest *d2i_CMS_ReceiptRequest(CMS_ReceiptRequest
**a, const unsigned char **in, long len) { return (CMS_ReceiptRequest
*)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (CMS_ReceiptRequest_it
())); } int i2d_CMS_ReceiptRequest(const CMS_ReceiptRequest *
a, unsigned char **out) { return ASN1_item_i2d((const ASN1_VALUE
*)a, out, (CMS_ReceiptRequest_it())); } CMS_ReceiptRequest *
CMS_ReceiptRequest_new(void) { return (CMS_ReceiptRequest *)ASN1_item_new
((CMS_ReceiptRequest_it())); } void CMS_ReceiptRequest_free(CMS_ReceiptRequest
*a) { ASN1_item_free((ASN1_VALUE *)a, (CMS_ReceiptRequest_it
())); }
23
24/* ESS services */
25
26int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
27{
28 ASN1_STRING *str;
29 CMS_ReceiptRequest *rr;
30 ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_receiptRequest212);
31
32 if (prr != NULL((void*)0))
33 *prr = NULL((void*)0);
34 str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE16);
35 if (str == NULL((void*)0))
36 return 0;
37
38 rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest)(CMS_ReceiptRequest_it()));
39 if (rr == NULL((void*)0))
40 return -1;
41 if (prr != NULL((void*)0))
42 *prr = rr;
43 else
44 CMS_ReceiptRequest_free(rr);
45 return 1;
46}
47
48/*
49 * Returns 0 if attribute is not found, 1 if found,
50 * or -1 on attribute parsing failure.
51 */
52static int ossl_cms_signerinfo_get_signing_cert(const CMS_SignerInfo *si,
53 ESS_SIGNING_CERT **psc)
54{
55 ASN1_STRING *str;
56 ESS_SIGNING_CERT *sc;
57 ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificate223);
58
59 if (psc != NULL((void*)0))
60 *psc = NULL((void*)0);
61 str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE16);
62 if (str == NULL((void*)0))
63 return 0;
64
65 sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT)(ESS_SIGNING_CERT_it()));
66 if (sc == NULL((void*)0))
67 return -1;
68 if (psc != NULL((void*)0))
69 *psc = sc;
70 else
71 ESS_SIGNING_CERT_free(sc);
72 return 1;
73}
74
75/*
76 * Returns 0 if attribute is not found, 1 if found,
77 * or -1 on attribute parsing failure.
78 */
79static int ossl_cms_signerinfo_get_signing_cert_v2(const CMS_SignerInfo *si,
80 ESS_SIGNING_CERT_V2 **psc)
81{
82 ASN1_STRING *str;
83 ESS_SIGNING_CERT_V2 *sc;
84 ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificateV21086);
85
86 if (psc != NULL((void*)0))
87 *psc = NULL((void*)0);
88 str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE16);
89 if (str == NULL((void*)0))
90 return 0;
91
92 sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT_V2)(ESS_SIGNING_CERT_V2_it()));
93 if (sc == NULL((void*)0))
94 return -1;
95 if (psc != NULL((void*)0))
96 *psc = sc;
97 else
98 ESS_SIGNING_CERT_V2_free(sc);
99 return 1;
100}
101
102int ossl_cms_check_signing_certs(const CMS_SignerInfo *si,
103 const STACK_OF(X509)struct stack_st_X509 *chain)
104{
105 ESS_SIGNING_CERT *ss = NULL((void*)0);
106 ESS_SIGNING_CERT_V2 *ssv2 = NULL((void*)0);
107 int ret = ossl_cms_signerinfo_get_signing_cert(si, &ss) >= 0
108 && ossl_cms_signerinfo_get_signing_cert_v2(si, &ssv2) >= 0
109 && OSSL_ESS_check_signing_certs(ss, ssv2, chain, 1) > 0;
110
111 ESS_SIGNING_CERT_free(ss);
112 ESS_SIGNING_CERT_V2_free(ssv2);
113 return ret;
114}
115
116CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
117 unsigned char *id, int idlen, int allorfirst,
118 STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *receiptList, STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *receiptsTo,
119 OSSL_LIB_CTX *libctx)
120{
121 CMS_ReceiptRequest *rr;
122
123 rr = CMS_ReceiptRequest_new();
124 if (rr == NULL((void*)0))
125 goto merr;
126 if (id)
127 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
128 else {
129 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL((void*)0), 32))
130 goto merr;
131 if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32,
132 0) <= 0)
133 goto err;
134 }
135
136 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free)OPENSSL_sk_pop_free(ossl_check_GENERAL_NAMES_sk_type(rr->receiptsTo
),ossl_check_GENERAL_NAMES_freefunc_type(GENERAL_NAMES_free));
137 rr->receiptsTo = receiptsTo;
138
139 if (receiptList != NULL((void*)0)) {
140 rr->receiptsFrom->type = 1;
141 rr->receiptsFrom->d.receiptList = receiptList;
142 } else {
143 rr->receiptsFrom->type = 0;
144 rr->receiptsFrom->d.allOrFirstTier = allorfirst;
145 }
146
147 return rr;
148
149 merr:
150 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,150,__func__), ERR_set_error)((46),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
151
152 err:
153 CMS_ReceiptRequest_free(rr);
154 return NULL((void*)0);
155
156}
157
158CMS_ReceiptRequest *CMS_ReceiptRequest_create0(
159 unsigned char *id, int idlen, int allorfirst,
160 STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *receiptList, STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *receiptsTo)
161{
162 return CMS_ReceiptRequest_create0_ex(id, idlen, allorfirst, receiptList,
163 receiptsTo, NULL((void*)0));
164}
165
166int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
167{
168 unsigned char *rrder = NULL((void*)0);
169 int rrderlen, r = 0;
170
171 rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
172 if (rrderlen < 0)
173 goto merr;
174
175 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest212,
176 V_ASN1_SEQUENCE16, rrder, rrderlen))
177 goto merr;
178
179 r = 1;
180
181 merr:
182 if (!r)
183 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,183,__func__), ERR_set_error)((46),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
184
185 OPENSSL_free(rrder)CRYPTO_free(rrder, "../deps/openssl/openssl/crypto/cms/cms_ess.c"
, 185);
186
187 return r;
188
189}
190
191void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
192 ASN1_STRING **pcid,
193 int *pallorfirst,
194 STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES **plist,
195 STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES **prto)
196{
197 if (pcid != NULL((void*)0))
198 *pcid = rr->signedContentIdentifier;
199 if (rr->receiptsFrom->type == 0) {
200 if (pallorfirst != NULL((void*)0))
201 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
202 if (plist != NULL((void*)0))
203 *plist = NULL((void*)0);
204 } else {
205 if (pallorfirst != NULL((void*)0))
206 *pallorfirst = -1;
207 if (plist != NULL((void*)0))
208 *plist = rr->receiptsFrom->d.receiptList;
209 }
210 if (prto != NULL((void*)0))
211 *prto = rr->receiptsTo;
212}
213
214/* Digest a SignerInfo structure for msgSigDigest attribute processing */
215
216static int cms_msgSigDigest(CMS_SignerInfo *si,
217 unsigned char *dig, unsigned int *diglen)
218{
219 const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm)EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm
->algorithm)));
22
Access to field 'digestAlgorithm' results in a dereference of a null pointer (loaded from variable 'si')
220
221 if (md == NULL((void*)0))
222 return 0;
223 if (!ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(CMS_Attributes_Verify)(CMS_Attributes_Verify_it()), md,
224 si->signedAttrs, dig, diglen,
225 ossl_cms_ctx_get0_libctx(si->cms_ctx),
226 ossl_cms_ctx_get0_propq(si->cms_ctx)))
227 return 0;
228 return 1;
229}
230
231/* Add a msgSigDigest attribute to a SignerInfo */
232
233int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
234{
235 unsigned char dig[EVP_MAX_MD_SIZE64];
236 unsigned int diglen;
237
238 if (!cms_msgSigDigest(src, dig, &diglen)) {
239 ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,239,__func__), ERR_set_error)((46),(172),((void*)0));
240 return 0;
241 }
242 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest216,
243 V_ASN1_OCTET_STRING4, dig, diglen)) {
244 ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,244,__func__), ERR_set_error)((46),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
245 return 0;
246 }
247 return 1;
248}
249
250/* Verify signed receipt after it has already passed normal CMS verify */
251
252int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
253{
254 int r = 0, i;
255 CMS_ReceiptRequest *rr = NULL((void*)0);
256 CMS_Receipt *rct = NULL((void*)0);
257 STACK_OF(CMS_SignerInfo)struct stack_st_CMS_SignerInfo *sis, *osis;
258 CMS_SignerInfo *si, *osi = NULL((void*)0);
1
'osi' initialized to a null pointer value
259 ASN1_OCTET_STRING *msig, **pcont;
260 ASN1_OBJECT *octype;
261 unsigned char dig[EVP_MAX_MD_SIZE64];
262 unsigned int diglen;
263
264 /* Get SignerInfos, also checks SignedData content type */
265 osis = CMS_get0_SignerInfos(req_cms);
266 sis = CMS_get0_SignerInfos(cms);
267 if (!osis || !sis)
2
Assuming 'osis' is non-null
3
Assuming 'sis' is non-null
4
Taking false branch
268 goto err;
269
270 if (sk_CMS_SignerInfo_num(sis)OPENSSL_sk_num(ossl_check_const_CMS_SignerInfo_sk_type(sis)) != 1) {
5
Assuming the condition is false
6
Taking false branch
271 ERR_raise(ERR_LIB_CMS, CMS_R_NEED_ONE_SIGNER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,271,__func__), ERR_set_error)((46),(164),((void*)0));
272 goto err;
273 }
274
275 /* Check receipt content type */
276 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt204) {
7
Assuming the condition is false
8
Taking false branch
277 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_A_SIGNED_RECEIPT)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,277,__func__), ERR_set_error)((46),(165),((void*)0));
278 goto err;
279 }
280
281 /* Extract and decode receipt content */
282 pcont = CMS_get0_content(cms);
283 if (pcont == NULL((void*)0) || *pcont == NULL((void*)0)) {
9
Assuming 'pcont' is not equal to NULL
10
Assuming the condition is false
11
Taking false branch
284 ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,284,__func__), ERR_set_error)((46),(127),((void*)0));
285 goto err;
286 }
287
288 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt)(CMS_Receipt_it()));
289
290 if (!rct) {
12
Assuming 'rct' is non-null
13
Taking false branch
291 ERR_raise(ERR_LIB_CMS, CMS_R_RECEIPT_DECODE_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,291,__func__), ERR_set_error)((46),(169),((void*)0));
292 goto err;
293 }
294
295 /* Locate original request */
296
297 for (i = 0; i < sk_CMS_SignerInfo_num(osis)OPENSSL_sk_num(ossl_check_const_CMS_SignerInfo_sk_type(osis)); i++) {
14
Assuming the condition is false
15
Loop condition is false. Execution continues on line 303
298 osi = sk_CMS_SignerInfo_value(osis, i)((CMS_SignerInfo *)OPENSSL_sk_value(ossl_check_const_CMS_SignerInfo_sk_type
(osis), (i)));
299 if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
300 break;
301 }
302
303 if (i == sk_CMS_SignerInfo_num(osis)OPENSSL_sk_num(ossl_check_const_CMS_SignerInfo_sk_type(osis))) {
16
Assuming the condition is false
17
Taking false branch
304 ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_SIGNATURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,304,__func__), ERR_set_error)((46),(166),((void*)0));
305 goto err;
306 }
307
308 si = sk_CMS_SignerInfo_value(sis, 0)((CMS_SignerInfo *)OPENSSL_sk_value(ossl_check_const_CMS_SignerInfo_sk_type
(sis), (0)));
309
310 /* Get msgSigDigest value and compare */
311
312 msig = CMS_signed_get0_data_by_OBJ(si,
313 OBJ_nid2obj
314 (NID_id_smime_aa_msgSigDigest216), -3,
315 V_ASN1_OCTET_STRING4);
316
317 if (!msig) {
18
Assuming 'msig' is non-null
19
Taking false branch
318 ERR_raise(ERR_LIB_CMS, CMS_R_NO_MSGSIGDIGEST)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,318,__func__), ERR_set_error)((46),(167),((void*)0));
319 goto err;
320 }
321
322 if (!cms_msgSigDigest(osi, dig, &diglen)) {
20
Passing null pointer value via 1st parameter 'si'
21
Calling 'cms_msgSigDigest'
323 ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,323,__func__), ERR_set_error)((46),(172),((void*)0));
324 goto err;
325 }
326
327 if (diglen != (unsigned int)msig->length) {
328 ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_WRONG_LENGTH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,328,__func__), ERR_set_error)((46),(163),((void*)0));
329 goto err;
330 }
331
332 if (memcmp(dig, msig->data, diglen)) {
333 ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,333,__func__), ERR_set_error)((46),(162),((void*)0));
334 goto err;
335 }
336
337 /* Compare content types */
338
339 octype = CMS_signed_get0_data_by_OBJ(osi,
340 OBJ_nid2obj(NID_pkcs9_contentType50),
341 -3, V_ASN1_OBJECT6);
342 if (!octype) {
343 ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,343,__func__), ERR_set_error)((46),(173),((void*)0));
344 goto err;
345 }
346
347 /* Compare details in receipt request */
348
349 if (OBJ_cmp(octype, rct->contentType)) {
350 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_MISMATCH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,350,__func__), ERR_set_error)((46),(171),((void*)0));
351 goto err;
352 }
353
354 /* Get original receipt request details */
355
356 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
357 ERR_raise(ERR_LIB_CMS, CMS_R_NO_RECEIPT_REQUEST)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,357,__func__), ERR_set_error)((46),(168),((void*)0));
358 goto err;
359 }
360
361 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
362 rct->signedContentIdentifier)) {
363 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENTIDENTIFIER_MISMATCH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,363,__func__), ERR_set_error)((46),(170),((void*)0));
364 goto err;
365 }
366
367 r = 1;
368
369 err:
370 CMS_ReceiptRequest_free(rr);
371 M_ASN1_free_of(rct, CMS_Receipt)ASN1_item_free(((void*) (1 ? rct : (CMS_Receipt*)0)), (CMS_Receipt_it
()));
372 return r;
373
374}
375
376/*
377 * Encode a Receipt into an OCTET STRING read for including into content of a
378 * SignedData ContentInfo.
379 */
380
381ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si)
382{
383 CMS_Receipt rct;
384 CMS_ReceiptRequest *rr = NULL((void*)0);
385 ASN1_OBJECT *ctype;
386 ASN1_OCTET_STRING *os = NULL((void*)0);
387
388 /* Get original receipt request */
389
390 /* Get original receipt request details */
391
392 if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
393 ERR_raise(ERR_LIB_CMS, CMS_R_NO_RECEIPT_REQUEST)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,393,__func__), ERR_set_error)((46),(168),((void*)0));
394 goto err;
395 }
396
397 /* Get original content type */
398
399 ctype = CMS_signed_get0_data_by_OBJ(si,
400 OBJ_nid2obj(NID_pkcs9_contentType50),
401 -3, V_ASN1_OBJECT6);
402 if (!ctype) {
403 ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_ess.c"
,403,__func__), ERR_set_error)((46),(173),((void*)0));
404 goto err;
405 }
406
407 rct.version = 1;
408 rct.contentType = ctype;
409 rct.signedContentIdentifier = rr->signedContentIdentifier;
410 rct.originatorSignatureValue = si->signature;
411
412 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt)(CMS_Receipt_it()), NULL((void*)0));
413
414 err:
415 CMS_ReceiptRequest_free(rr);
416 return os;
417}