Revision a520723f29aac6598ff0d69e34f5e9b88213e511 authored by Matt Caswell on 14 October 2016, 12:07:00 UTC, committed by Matt Caswell on 28 October 2016, 08:43:41 UTC
The previous commit inspired a review of all the length checks for the extension adding code. This adds more robust checks and adds checks where some were missing previously. The real solution for this is to use WPACKET which is currently in master - but that cannot be applied to release branches. Reviewed-by: Rich Salz <rsalz@openssl.org>
1 parent 83a1d4b
CMS_verify_receipt.pod
=pod
=head1 NAME
CMS_verify_receipt - verify a CMS signed receipt
=head1 SYNOPSIS
#include <openssl/cms.h>
int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
=head1 DESCRIPTION
CMS_verify_receipt() verifies a CMS signed receipt. B<rcms> is the signed
receipt to verify. B<ocms> is the original SignedData structure containing the
receipt request. B<certs> is a set of certificates in which to search for the
signing certificate. B<store> is a trusted certificate store (used for chain
verification).
B<flags> is an optional set of flags, which can be used to modify the verify
operation.
=head1 NOTES
This functions behaves in a similar way to CMS_verify() except the flag values
B<CMS_DETACHED>, B<CMS_BINARY>, B<CMS_TEXT> and B<CMS_STREAM> are not
supported since they do not make sense in the context of signed receipts.
=head1 RETURN VALUES
CMS_verify_receipt() returns 1 for a successful verification and zero if an
error occurred.
The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
=head1 SEE ALSO
L<ERR_get_error(3)|ERR_get_error(3)>,
L<CMS_sign_receipt(3)|CMS_sign_receipt(3)>,
L<CMS_verify(3)|CMS_verify(3)>,
=head1 HISTORY
CMS_verify_receipt() was added to OpenSSL 0.9.8
=cut
Computing file changes ...
