import openssl-0.9.7-beta1

author: markus <> 2002-09-05 12:51:50 +0000
committer: markus <> 2002-09-05 12:51:50 +0000
commit: 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch)
tree: bf939e82d7fd73cc8a01cf6959002209972091bc /src/lib/libcrypto/pkcs7
parent: 027351f729b9e837200dae6e1520cda6577ab930 (diff)
download: openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz
openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2
openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip
7 files changed, 1314 insertions, 585 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index 3b9c0fe3f2..5ff5a88b5c 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -1,9 +1,59 @@
 /* pk7_attr.c */
-/* S/MIME code.
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) 
+ * project 2001.
- * All Rights Reserved. 
+ */
- * Redistribution of this code without the authors permission is expressly
+/* ====================================================================
- * prohibited.
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
 */
 #include <stdio.h>
@@ -12,22 +62,24 @@
 #include <openssl/asn1.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
+#include <openssl/x509.h>
 #include <openssl/err.h>
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 {
        ASN1_STRING *seq;
        unsigned char *p, *pp;
        int len;
-        len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+        len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
-                                                V_ASN1_UNIVERSAL, IS_SEQUENCE);
+                                       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
-        if(!(pp=(unsigned char *)Malloc(len))) {
+                                       IS_SEQUENCE);
+        if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                return 0;
        }
        p=pp;
-        i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+        i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
-                                                V_ASN1_UNIVERSAL, IS_SEQUENCE);
+                                   V_ASN1_UNIVERSAL, IS_SEQUENCE);
        if(!(seq = ASN1_STRING_new())) {
                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                return 0;
@@ -36,27 +88,29 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
                PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
                return 0;
        }
-        Free (pp);
+        OPENSSL_free (pp);
        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
                                                        V_ASN1_SEQUENCE, seq);
 }
-STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
 {
        ASN1_TYPE *cap;
        unsigned char *p;
        cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
        if (!cap) return NULL;
        p = cap->value.sequence->data;
-        return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length, 
+        return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
-                (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
+                                          cap->value.sequence->length,
-                                                         V_ASN1_UNIVERSAL);
+                                          d2i_X509_ALGOR, X509_ALGOR_free,
+                                          V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 }
 /* Basic smime-capabilities OID and optional integer arg */
-int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
 {
        X509_ALGOR *alg;
        if(!(alg = X509_ALGOR_new())) {
                PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
                return 0;
@@ -80,6 +134,6 @@ int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
                alg->parameter->value.integer = nbit;
                alg->parameter->type = V_ASN1_INTEGER;
        }
-        sk_push (sk, (char *)alg);
+        sk_X509_ALGOR_push (sk, alg);
        return 1;
 }
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index b5689b3fe4..4a4ff340ce 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -58,20 +58,56 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
+#include <openssl/rand.h>
-#include "objects.h"
+#include <openssl/objects.h>
-#include "x509.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
-BIO *PKCS7_dataInit(p7,bio)
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-PKCS7 *p7;
+                         void *value);
-BIO *bio;
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+static int PKCS7_type_is_other(PKCS7* p7)
+        {
+        int isOther=1;
+        
+        int nid=OBJ_obj2nid(p7->type);
+        switch( nid )
+                {
+        case NID_pkcs7_data:
+        case NID_pkcs7_signed:
+        case NID_pkcs7_enveloped:
+        case NID_pkcs7_signedAndEnveloped:
+        case NID_pkcs7_digest:
+        case NID_pkcs7_encrypted:
+                isOther=0;
+                break;
+        default:
+                isOther=1;
+                }
+        return isOther;
+        }
+static int PKCS7_type_is_octet_string(PKCS7* p7)
+        {
+        if ( 0==PKCS7_type_is_other(p7) )
+                return 0;
+        return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
+        }
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        {
        int i,j;
-        BIO *out=NULL,*btmp;
+        BIO *out=NULL,*btmp=NULL;
        X509_ALGOR *xa;
-        EVP_MD *evp_md;
+        const EVP_MD *evp_md;
-        EVP_CIPHER *evp_cipher=NULL;
+        const EVP_CIPHER *evp_cipher=NULL;
-        STACK *md_sk=NULL,*rsk=NULL;
+        STACK_OF(X509_ALGOR) *md_sk=NULL;
+        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
        X509_ALGOR *xalg=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
        EVP_PKEY *pkey;
@@ -87,13 +123,25 @@ BIO *bio;
        case NID_pkcs7_signedAndEnveloped:
                rsk=p7->d.signed_and_enveloped->recipientinfo;
                md_sk=p7->d.signed_and_enveloped->md_algs;
-                evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm)));
+                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+                evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
                if (evp_cipher == NULL)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+                                                PKCS7_R_CIPHER_NOT_INITIALIZED);
+                        goto err;
+                        }
+                break;
+        case NID_pkcs7_enveloped:
+                rsk=p7->d.enveloped->recipientinfo;
+                xalg=p7->d.enveloped->enc_data->algorithm;
+                evp_cipher=p7->d.enveloped->enc_data->cipher;
+                if (evp_cipher == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+                                                PKCS7_R_CIPHER_NOT_INITIALIZED);
                        goto err;
                        }
-                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -102,10 +150,14 @@ BIO *bio;
        if (md_sk != NULL)
                {
-                for (i=0; i<sk_num(md_sk); i++)
+                for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
                        {
-                        xa=(X509_ALGOR *)sk_value(md_sk,i);
+                        xa=sk_X509_ALGOR_value(md_sk,i);
-                        if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err;
+                        if ((btmp=BIO_new(BIO_f_md())) == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+                                goto err;
+                                }
                        j=OBJ_obj2nid(xa->algorithm);
                        evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
@@ -120,6 +172,7 @@ BIO *bio;
                                out=btmp;
                        else
                                BIO_push(out,btmp);
+                        btmp=NULL;
                        }
                }
@@ -130,79 +183,323 @@ BIO *bio;
                int keylen,ivlen;
                int jj,max;
                unsigned char *tmp;
+                EVP_CIPHER_CTX *ctx;
-                if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err;
+                if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+                        goto err;
+                        }
+                BIO_get_cipher_ctx(btmp, &ctx);
                keylen=EVP_CIPHER_key_length(evp_cipher);
                ivlen=EVP_CIPHER_iv_length(evp_cipher);
+                if (RAND_bytes(key,keylen) <= 0)
-                if (ivlen > 0)
+                        goto err;
-                        {
+                xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
-                        ASN1_OCTET_STRING *os;
+                if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
+                EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
-                        RAND_bytes(iv,ivlen);
-                        os=ASN1_OCTET_STRING_new();
+                if (ivlen > 0) {
-                        ASN1_OCTET_STRING_set(os,iv,ivlen);
+                        if (xalg->parameter == NULL) 
-                /*      ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
+                                                xalg->parameter=ASN1_TYPE_new();
-                                (char *)os);
+                        if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-                */      }
+                                                                       goto err;
-                RAND_bytes(key,keylen);
+                }
                /* Lets do the pub key stuff :-) */
                max=0;
-                for (i=0; i<sk_num(rsk); i++)
+                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                        {
-                        ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if (ri->cert == NULL) abort();
+                        if (ri->cert == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
+                                goto err;
+                                }
                        pkey=X509_get_pubkey(ri->cert);
                        jj=EVP_PKEY_size(pkey);
+                        EVP_PKEY_free(pkey);
                        if (max < jj) max=jj;
                        }
-                if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort();
+                if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
-                for (i=0; i<sk_num(rsk); i++)
                        {
-                        ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+                        PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+                        {
+                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
                        pkey=X509_get_pubkey(ri->cert);
                        jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
-                        if (jj <= 0) abort();
+                        EVP_PKEY_free(pkey);
-                        ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+                        if (jj <= 0)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
+                                OPENSSL_free(tmp);
+                                goto err;
+                                }
+                        M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
                        }
+                OPENSSL_free(tmp);
-                BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+                memset(key, 0, keylen);
                if (out == NULL)
                        out=btmp;
                else
                        BIO_push(out,btmp);
+                btmp=NULL;
                }
-        if (bio == NULL) /* ??????????? */
+        if (bio == NULL) {
-                {
+                if (PKCS7_is_detached(p7))
-                if (p7->detached)
                        bio=BIO_new(BIO_s_null());
-                else
+                else {
+                        if (PKCS7_type_is_signed(p7) ) { 
+                                if ( PKCS7_type_is_data(p7->d.sign->contents)) {
+                                        ASN1_OCTET_STRING *os;
+                                        os=p7->d.sign->contents->d.data;
+                                        if (os->length > 0)
+                                                bio = BIO_new_mem_buf(os->data, os->length);
+                                }
+                                else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
+                                        ASN1_OCTET_STRING *os;
+                                        os=p7->d.sign->contents->d.other->value.octet_string;
+                                        if (os->length > 0)
+                                                bio = BIO_new_mem_buf(os->data, os->length);
+                                }
+                        }
+                        if(bio == NULL) {
+                                bio=BIO_new(BIO_s_mem());
+                                BIO_set_mem_eof_return(bio,0);
+                        }
+                }
+        }
+        BIO_push(out,bio);
+        bio=NULL;
+        if (0)
+                {
+err:
+                if (out != NULL)
+                        BIO_free_all(out);
+                if (btmp != NULL)
+                        BIO_free_all(btmp);
+                out=NULL;
+                }
+        return(out);
+        }
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+        {
+        int i,j;
+        BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
+        unsigned char *tmp=NULL;
+        X509_ALGOR *xa;
+        ASN1_OCTET_STRING *data_body=NULL;
+        const EVP_MD *evp_md;
+        const EVP_CIPHER *evp_cipher=NULL;
+        EVP_CIPHER_CTX *evp_ctx=NULL;
+        X509_ALGOR *enc_alg=NULL;
+        STACK_OF(X509_ALGOR) *md_sk=NULL;
+        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+        X509_ALGOR *xalg=NULL;
+        PKCS7_RECIP_INFO *ri=NULL;
+        i=OBJ_obj2nid(p7->type);
+        p7->state=PKCS7_S_HEADER;
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                data_body=p7->d.sign->contents->d.data;
+                md_sk=p7->d.sign->md_algs;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                rsk=p7->d.signed_and_enveloped->recipientinfo;
+                md_sk=p7->d.signed_and_enveloped->md_algs;
+                data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
+                enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
+                evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+                if (evp_cipher == NULL)
                        {
-                        bio=BIO_new(BIO_s_mem());
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-                        if (PKCS7_type_is_signed(p7) &&
+                        goto err;
-                                PKCS7_type_is_data(p7->d.sign->contents))
+                        }
+                xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+                break;
+        case NID_pkcs7_enveloped:
+                rsk=p7->d.enveloped->recipientinfo;
+                enc_alg=p7->d.enveloped->enc_data->algorithm;
+                data_body=p7->d.enveloped->enc_data->enc_data;
+                evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
+                if (evp_cipher == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+                        goto err;
+                        }
+                xalg=p7->d.enveloped->enc_data->algorithm;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        /* We will be checking the signature */
+        if (md_sk != NULL)
+                {
+                for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+                        {
+                        xa=sk_X509_ALGOR_value(md_sk,i);
+                        if ((btmp=BIO_new(BIO_f_md())) == NULL)
                                {
-                                ASN1_OCTET_STRING *os;
+                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+                                goto err;
+                                }
-                                os=p7->d.sign->contents->d.data;
+                        j=OBJ_obj2nid(xa->algorithm);
-                                if (os->length > 0)
+                        evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
-                                        BIO_write(bio,(char *)os->data,
+                        if (evp_md == NULL)
-                                                os->length);
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                                goto err;
                                }
+                        BIO_set_md(btmp,evp_md);
+                        if (out == NULL)
+                                out=btmp;
+                        else
+                                BIO_push(out,btmp);
+                        btmp=NULL;
                        }
                }
+        if (evp_cipher != NULL)
+                {
+#if 0
+                unsigned char key[EVP_MAX_KEY_LENGTH];
+                unsigned char iv[EVP_MAX_IV_LENGTH];
+                unsigned char *p;
+                int keylen,ivlen;
+                int max;
+                X509_OBJECT ret;
+#endif
+                int jj;
+                if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+                        goto err;
+                        }
+                /* It was encrypted, we need to decrypt the secret key
+                 * with the private key */
+                /* Find the recipientInfo which matches the passed certificate
+                 * (if any)
+                 */
+                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                        if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                                        pcert->cert_info->issuer) &&
+                             !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+                                        ri->issuer_and_serial->serial)) break;
+                        ri=NULL;
+                }
+                if (ri == NULL) {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                                 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                        goto err;
+                }
+                jj=EVP_PKEY_size(pkey);
+                tmp=(unsigned char *)OPENSSL_malloc(jj+10);
+                if (tmp == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
+                        M_ASN1_STRING_length(ri->enc_key), pkey);
+                if (jj <= 0)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
+                        goto err;
+                        }
+                evp_ctx=NULL;
+                BIO_get_cipher_ctx(etmp,&evp_ctx);
+                EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
+                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+                        goto err;
+                if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+                        /* Some S/MIME clients don't use the same key
+                         * and effective key length. The key length is
+                         * determined by the size of the decrypted RSA key.
+                         */
+                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                                        PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+                                goto err;
+                                }
+                } 
+                EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
+                memset(tmp,0,jj);
+                if (out == NULL)
+                        out=etmp;
+                else
+                        BIO_push(out,etmp);
+                etmp=NULL;
+                }
+#if 1
+        if (PKCS7_is_detached(p7) || (in_bio != NULL))
+                {
+                bio=in_bio;
+                }
+        else 
+                {
+#if 0
+                bio=BIO_new(BIO_s_mem());
+                /* We need to set this so that when we have read all
+                 * the data, the encrypt BIO, if present, will read
+                 * EOF and encode the last few bytes */
+                BIO_set_mem_eof_return(bio,0);
+                if (data_body->length > 0)
+                        BIO_write(bio,(char *)data_body->data,data_body->length);
+#else
+                if (data_body->length > 0)
+                      bio = BIO_new_mem_buf(data_body->data,data_body->length);
+                else {
+                        bio=BIO_new(BIO_s_mem());
+                        BIO_set_mem_eof_return(bio,0);
+                }
+#endif
+                }
        BIO_push(out,bio);
-        return(out);
+        bio=NULL;
+#endif
+        if (0)
+                {
 err:
-        return(NULL);
+                if (out != NULL) BIO_free_all(out);
+                if (btmp != NULL) BIO_free_all(btmp);
+                if (etmp != NULL) BIO_free_all(etmp);
+                if (bio != NULL) BIO_free_all(bio);
+                out=NULL;
+                }
+        if (tmp != NULL)
+                OPENSSL_free(tmp);
+        return(out);
        }
-int PKCS7_dataSign(p7,bio)
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
-PKCS7 *p7;
-BIO *bio;
        {
        int ret=0;
        int i,j;
@@ -211,11 +508,11 @@ BIO *bio;
        BUF_MEM *buf=NULL;
        PKCS7_SIGNER_INFO *si;
        EVP_MD_CTX *mdc,ctx_tmp;
-        STACK *sk,*si_sk=NULL;
+        STACK_OF(X509_ATTRIBUTE) *sk;
-        unsigned char *p,*pp=NULL;
+        STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-        int x;
        ASN1_OCTET_STRING *os=NULL;
+        EVP_MD_CTX_init(&ctx_tmp);
        i=OBJ_obj2nid(p7->type);
        p7->state=PKCS7_S_HEADER;
@@ -224,25 +521,38 @@ BIO *bio;
        case NID_pkcs7_signedAndEnveloped:
                /* XXXXXXXXXXXXXXXX */
                si_sk=p7->d.signed_and_enveloped->signer_info;
-                os=ASN1_OCTET_STRING_new();
+                os=M_ASN1_OCTET_STRING_new();
                p7->d.signed_and_enveloped->enc_data->enc_data=os;
                break;
+        case NID_pkcs7_enveloped:
+                /* XXXXXXXXXXXXXXXX */
+                os=M_ASN1_OCTET_STRING_new();
+                p7->d.enveloped->enc_data->enc_data=os;
+                break;
        case NID_pkcs7_signed:
                si_sk=p7->d.sign->signer_info;
                os=p7->d.sign->contents->d.data;
+                /* If detached data then the content is excluded */
+                if(p7->detached) {
+                        M_ASN1_OCTET_STRING_free(os);
+                        p7->d.sign->contents->d.data = NULL;
+                }
                break;
                }
        if (si_sk != NULL)
                {
-                if ((buf=BUF_MEM_new()) == NULL) goto err;
+                if ((buf=BUF_MEM_new()) == NULL)
-                for (i=0; i<sk_num(si_sk); i++)
                        {
-                        si=(PKCS7_SIGNER_INFO *)
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
-                                sk_value(si_sk,i);
+                        goto err;
-                        if (si->pkey == NULL)
+                        }
-                                continue;
+                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
-                        j=OBJ_obj2nid(si->digest_enc_alg->algorithm);
+                        {
+                        si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
+                        if (si->pkey == NULL) continue;
+                        j=OBJ_obj2nid(si->digest_alg->algorithm);
                        btmp=bio;
                        for (;;)
@@ -256,88 +566,137 @@ BIO *bio;
                                BIO_get_md_ctx(btmp,&mdc);
                                if (mdc == NULL)
                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
                                        goto err;
                                        }
-                                if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j)
+                                if (EVP_MD_CTX_type(mdc) == j)
                                        break;
                                else
-                                        btmp=btmp->next_bio;
+                                        btmp=BIO_next(btmp);
                                }
                        
                        /* We now have the EVP_MD_CTX, lets do the
                         * signing. */
-                        memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
+                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
                        if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
                                goto err;
+                                }
                        sk=si->auth_attr;
-                        if ((sk != NULL) && (sk_num(sk) != 0))
+                        /* If there are attributes, we add the digest
+                         * attribute and only sign the attributes */
+                        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
                                {
-                                x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
+                                unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
-                                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+                                unsigned int md_len, alen;
-                                pp=(unsigned char *)Malloc(i);
+                                ASN1_OCTET_STRING *digest;
-                                p=pp;
+                                ASN1_UTCTIME *sign_time;
-                                i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
+                                const EVP_MD *md_tmp;
-                                        V_ASN1_SET,V_ASN1_UNIVERSAL);
-                                EVP_SignUpdate(&ctx_tmp,pp,x);
+                                /* Add signing time if not already present */
-                                Free(pp);
+                                if (!PKCS7_get_signed_attribute(si,
+                                                        NID_pkcs9_signingTime))
+                                        {
+                                        sign_time=X509_gmtime_adj(NULL,0);
+                                        PKCS7_add_signed_attribute(si,
+                                                NID_pkcs9_signingTime,
+                                                V_ASN1_UTCTIME,sign_time);
+                                        }
+                                /* Add digest */
+                                md_tmp=EVP_MD_CTX_md(&ctx_tmp);
+                                EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
+                                digest=M_ASN1_OCTET_STRING_new();
+                                M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
+                                PKCS7_add_signed_attribute(si,
+                                        NID_pkcs9_messageDigest,
+                                        V_ASN1_OCTET_STRING,digest);
+                                /* Now sign the attributes */
+                                EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
+                                alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
+                                                        ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+                                if(!abuf) goto err;
+                                EVP_SignUpdate(&ctx_tmp,abuf,alen);
+                                OPENSSL_free(abuf);
                                }
+#ifndef OPENSSL_NO_DSA
+                        if (si->pkey->type == EVP_PKEY_DSA)
+                                ctx_tmp.digest=EVP_dss1();
+#endif
                        if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
                                (unsigned int *)&buf->length,si->pkey))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
                                goto err;
+                                }
                        if (!ASN1_STRING_set(si->enc_digest,
                                (unsigned char *)buf->data,buf->length))
-                                goto err;
-                        }
-                if (p7->detached)
-                        ASN1_OCTET_STRING_set(os,(unsigned char *)"",0);
-                else
-                        {
-                        btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-                        if (btmp == NULL)
                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
                                goto err;
                                }
-                        BIO_get_mem_ptr(btmp,&buf_mem);
-                        ASN1_OCTET_STRING_set(os,
-                                (unsigned char *)buf_mem->data,buf_mem->length);
                        }
-                if (pp != NULL) Free(pp);
-                pp=NULL;
                }
+        if (!PKCS7_is_detached(p7))
+                {
+                btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+                if (btmp == NULL)
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                        goto err;
+                        }
+                BIO_get_mem_ptr(btmp,&buf_mem);
+                /* Mark the BIO read only then we can use its copy of the data
+                 * instead of making an extra copy.
+                 */
+                BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+                BIO_set_mem_eof_return(btmp, 0);
+                os->data = (unsigned char *)buf_mem->data;
+                os->length = buf_mem->length;
+#if 0
+                M_ASN1_OCTET_STRING_set(os,
+                        (unsigned char *)buf_mem->data,buf_mem->length);
+#endif
+                }
        ret=1;
 err:
+        EVP_MD_CTX_cleanup(&ctx_tmp);
        if (buf != NULL) BUF_MEM_free(buf);
        return(ret);
        }
-int PKCS7_dataVerify(cert_store,ctx,bio,p7,si)
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
-X509_STORE *cert_store;
+             PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-X509_STORE_CTX *ctx;
-BIO *bio;
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *si;
        {
-        PKCS7_SIGNED *s;
-        ASN1_OCTET_STRING *os;
-        EVP_MD_CTX mdc_tmp,*mdc;
-        unsigned char *pp,*p;
        PKCS7_ISSUER_AND_SERIAL *ias;
-        int ret=0,md_type,i;
+        int ret=0,i;
-        STACK *sk;
+        STACK_OF(X509) *cert;
-        BIO *btmp;
        X509 *x509;
-        if (!PKCS7_type_is_signed(p7)) abort();
+        if (PKCS7_type_is_signed(p7))
+                {
+                cert=p7->d.sign->cert;
+                }
+        else if (PKCS7_type_is_signedAndEnveloped(p7))
+                {
+                cert=p7->d.signed_and_enveloped->cert;
+                }
+        else
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
+                goto err;
+                }
        /* XXXXXXXXXXXXXXXXXXXXXXX */
        ias=si->issuer_and_serial;
-        s=p7->d.sign;
-        x509=X509_find_by_issuer_and_serial(s->cert,ias->issuer,ias->serial);
+        x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
        /* were we able to find the cert in passed to us */
        if (x509 == NULL)
@@ -347,12 +706,46 @@ PKCS7_SIGNER_INFO *si;
                }
        /* Lets verify */
-        X509_STORE_CTX_init(ctx,cert_store,x509,s->cert);
+        if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+                goto err;
+                }
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
        i=X509_verify_cert(ctx);
-        if (i <= 0) goto err;
+        if (i <= 0) 
+                {
+                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+                X509_STORE_CTX_cleanup(ctx);
+                goto err;
+                }
        X509_STORE_CTX_cleanup(ctx);
-        /* So we like 'x509', lets check the signature. */
+        return PKCS7_signatureVerify(bio, p7, si, x509);
+        err:
+        return ret;
+        }
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                                                                X509 *x509)
+        {
+        ASN1_OCTET_STRING *os;
+        EVP_MD_CTX mdc_tmp,*mdc;
+        int ret=0,i;
+        int md_type;
+        STACK_OF(X509_ATTRIBUTE) *sk;
+        BIO *btmp;
+        EVP_PKEY *pkey;
+        EVP_MD_CTX_init(&mdc_tmp);
+        if (!PKCS7_type_is_signed(p7) && 
+                                !PKCS7_type_is_signedAndEnveloped(p7)) {
+                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                PKCS7_R_WRONG_PKCS7_TYPE);
+                goto err;
+        }
        md_type=OBJ_obj2nid(si->digest_alg->algorithm);
        btmp=bio;
@@ -361,48 +754,226 @@ PKCS7_SIGNER_INFO *si;
                if ((btmp == NULL) ||
                        ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                        PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
                        goto err;
                        }
                BIO_get_md_ctx(btmp,&mdc);
                if (mdc == NULL)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR);
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                        ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
-                if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type)
+                if (EVP_MD_CTX_type(mdc) == md_type)
                        break;
-                btmp=btmp->next_bio;    
+                btmp=BIO_next(btmp);
                }
-        /* mdc is the digest ctx that we want */
+        /* mdc is the digest ctx that we want, unless there are attributes,
-        memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
+         * in which case the digest is the signed attributes */
+        EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
        sk=si->auth_attr;
-        if ((sk != NULL) && (sk_num(sk) != 0))
+        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
                {
-                i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
+                unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+                unsigned int md_len, alen;
-                pp=(unsigned char *)malloc(i);
+                ASN1_OCTET_STRING *message_digest;
-                p=pp;
-                i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
+                EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
-                        V_ASN1_SET,V_ASN1_UNIVERSAL);
+                message_digest=PKCS7_digest_from_attributes(sk);
-                EVP_VerifyUpdate(&mdc_tmp,pp,i);
+                if (!message_digest)
-                free(pp);
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                        PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                        goto err;
+                        }
+                if ((message_digest->length != (int)md_len) ||
+                        (memcmp(message_digest->data,md_dat,md_len)))
+                        {
+#if 0
+{
+int ii;
+for (ii=0; ii<message_digest->length; ii++)
+        printf("%02X",message_digest->data[ii]); printf(" sent\n");
+for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
+}
+#endif
+                        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                        PKCS7_R_DIGEST_FAILURE);
+                        ret= -1;
+                        goto err;
+                        }
+                EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
+                alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                                                ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+                EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
+                OPENSSL_free(abuf);
                }
        os=si->enc_digest;
-        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length,
+        pkey = X509_get_pubkey(x509);
-                X509_get_pubkey(x509));
+        if (!pkey)
+                {
+                ret = -1;
+                goto err;
+                }
+#ifndef OPENSSL_NO_DSA
+        if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
+#endif
+        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
+        EVP_PKEY_free(pkey);
        if (i <= 0)
                {
-                PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE);
+                PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                                                PKCS7_R_SIGNATURE_FAILURE);
                ret= -1;
                goto err;
                }
        else
                ret=1;
 err:
+        EVP_MD_CTX_cleanup(&mdc_tmp);
        return(ret);
        }
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+        {
+        STACK_OF(PKCS7_RECIP_INFO) *rsk;
+        PKCS7_RECIP_INFO *ri;
+        int i;
+        i=OBJ_obj2nid(p7->type);
+        if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
+        rsk=p7->d.signed_and_enveloped->recipientinfo;
+        ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
+        if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
+        ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
+        return(ri->issuer_and_serial);
+        }
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+        {
+        return(get_attribute(si->auth_attr,nid));
+        }
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+        {
+        return(get_attribute(si->unauth_attr,nid));
+        }
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+        {
+        int i;
+        X509_ATTRIBUTE *xa;
+        ASN1_OBJECT *o;
+        o=OBJ_nid2obj(nid);
+        if (!o || !sk) return(NULL);
+        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                {
+                xa=sk_X509_ATTRIBUTE_value(sk,i);
+                if (OBJ_cmp(xa->object,o) == 0)
+                        {
+                        if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
+                                return(sk_ASN1_TYPE_value(xa->value.set,0));
+                        else
+                                return(NULL);
+                        }
+                }
+        return(NULL);
+        }
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+        ASN1_TYPE *astype;
+        if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+        return astype->value.octet_string;
+}
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk)
+        {
+        int i;
+        if (p7si->auth_attr != NULL)
+                sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
+        p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
+        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                {
+                if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
+                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+                    == NULL)
+                        return(0);
+                }
+        return(1);
+        }
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
+        {
+        int i;
+        if (p7si->unauth_attr != NULL)
+                sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
+                                           X509_ATTRIBUTE_free);
+        p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
+        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+                {
+                if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
+                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+                    == NULL)
+                        return(0);
+                }
+        return(1);
+        }
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+             void *value)
+        {
+        return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
+        }
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+             void *value)
+        {
+        return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
+        }
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value)
+        {
+        X509_ATTRIBUTE *attr=NULL;
+        if (*sk == NULL)
+                {
+                *sk = sk_X509_ATTRIBUTE_new_null();
+new_attrib:
+                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+                sk_X509_ATTRIBUTE_push(*sk,attr);
+                }
+        else
+                {
+                int i;
+                for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
+                        {
+                        attr=sk_X509_ATTRIBUTE_value(*sk,i);
+                        if (OBJ_obj2nid(attr->object) == nid)
+                                {
+                                X509_ATTRIBUTE_free(attr);
+                                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
+                                sk_X509_ATTRIBUTE_set(*sk,i,attr);
+                                goto end;
+                                }
+                        }
+                goto new_attrib;
+                }
+end:
+        return(1);
+        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index 7d14ad1173..c00ed6833a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -58,14 +58,10 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
+#include <openssl/objects.h>
-#include "x509.h"
+#include <openssl/x509.h>
-long PKCS7_ctrl(p7,cmd,larg,parg)
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
-PKCS7 *p7;
-int cmd;
-long larg;
-char *parg;
        {
        int nid;
        long ret;
@@ -88,7 +84,11 @@ char *parg;
        case PKCS7_OP_GET_DETACHED_SIGNATURE:
                if (nid == NID_pkcs7_signed)
                        {
-                        ret=p7->detached;
+                        if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
+                                ret = 1;
+                        else ret = 0;
+                                
+                        p7->detached = ret;
                        }
                else
                        {
@@ -98,14 +98,13 @@ char *parg;
                        
                break;
        default:
-                abort();
+                PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
+                ret=0;
                }
        return(ret);
        }
-int PKCS7_content_new(p7,type)
+int PKCS7_content_new(PKCS7 *p7, int type)
-PKCS7 *p7;
-int type;
        {
        PKCS7 *ret=NULL;
@@ -119,9 +118,7 @@ err:
        return(0);
        }
-int PKCS7_set_content(p7,p7_data)
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
-PKCS7 *p7;
-PKCS7 *p7_data;
        {
        int i;
@@ -130,7 +127,7 @@ PKCS7 *p7_data;
                {
        case NID_pkcs7_signed:
                if (p7->d.sign->contents != NULL)
-                        PKCS7_content_free(p7->d.sign->contents);
+                        PKCS7_free(p7->d.sign->contents);
                p7->d.sign->contents=p7_data;
                break;
        case NID_pkcs7_digest:
@@ -147,13 +144,11 @@ err:
        return(0);
        }
-int PKCS7_set_type(p7,type)
+int PKCS7_set_type(PKCS7 *p7, int type)
-PKCS7 *p7;
-int type;
        {
        ASN1_OBJECT *obj;
-        PKCS7_content_free(p7);
+        /*PKCS7_content_free(p7);*/
        obj=OBJ_nid2obj(type); /* will not fail */
        switch (type)
@@ -166,19 +161,35 @@ int type;
                break;
        case NID_pkcs7_data:
                p7->type=obj;
-                if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL)
+                if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
                        goto err;
                break;
        case NID_pkcs7_signedAndEnveloped:
                p7->type=obj;
                if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
-                        == NULL)
+                        == NULL) goto err;
-                        goto err;
+                ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-                ASN1_INTEGER_set(p7->d.sign->version,1);
+                p7->d.signed_and_enveloped->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
                break;
-        case NID_pkcs7_digest:
        case NID_pkcs7_enveloped:
+                p7->type=obj;
+                if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
+                        == NULL) goto err;
+                ASN1_INTEGER_set(p7->d.enveloped->version,0);
+                p7->d.enveloped->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
        case NID_pkcs7_encrypted:
+                p7->type=obj;
+                if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+                        == NULL) goto err;
+                ASN1_INTEGER_set(p7->d.encrypted->version,0);
+                p7->d.encrypted->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
+        case NID_pkcs7_digest:
        default:
                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                goto err;
@@ -188,14 +199,12 @@ err:
        return(0);
        }
-int PKCS7_add_signer(p7,psi)
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *psi;
        {
        int i,j,nid;
        X509_ALGOR *alg;
-        STACK *signer_sk;
+        STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
-        STACK *md_sk;
+        STACK_OF(X509_ALGOR) *md_sk;
        i=OBJ_obj2nid(p7->type);
        switch (i)
@@ -217,9 +226,9 @@ PKCS7_SIGNER_INFO *psi;
        /* If the digest is not currently listed, add it */
        j=0;
-        for (i=0; i<sk_num(md_sk); i++)
+        for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
                {
-                alg=(X509_ALGOR *)sk_value(md_sk,i);
+                alg=sk_X509_ALGOR_value(md_sk,i);
                if (OBJ_obj2nid(alg->algorithm) == nid)
                        {
                        j=1;
@@ -228,21 +237,24 @@ PKCS7_SIGNER_INFO *psi;
                }
        if (!j) /* we need to add another algorithm */
                {
-                alg=X509_ALGOR_new();
+                if(!(alg=X509_ALGOR_new())
+                        || !(alg->parameter = ASN1_TYPE_new())) {
+                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                }
                alg->algorithm=OBJ_nid2obj(nid);
-                sk_push(md_sk,(char *)alg);
+                alg->parameter->type = V_ASN1_NULL;
+                sk_X509_ALGOR_push(md_sk,alg);
                }
-        sk_push(signer_sk,(char *)psi);
+        sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
        return(1);
        }
-int PKCS7_add_certificate(p7,x509)
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
-PKCS7 *p7;
-X509 *x509;
        {
        int i;
-        STACK **sk;
+        STACK_OF(X509) **sk;
        i=OBJ_obj2nid(p7->type);
        switch (i)
@@ -259,18 +271,16 @@ X509 *x509;
                }
        if (*sk == NULL)
-                *sk=sk_new_null();
+                *sk=sk_X509_new_null();
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-        sk_push(*sk,(char *)x509);
+        sk_X509_push(*sk,x509);
        return(1);
        }
-int PKCS7_add_crl(p7,crl)
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
-PKCS7 *p7;
-X509_CRL *crl;
        {
        int i;
-        STACK **sk;
+        STACK_OF(X509_CRL) **sk;
        i=OBJ_obj2nid(p7->type);
        switch (i)
@@ -287,19 +297,19 @@ X509_CRL *crl;
                }
        if (*sk == NULL)
-                *sk=sk_new_null();
+                *sk=sk_X509_CRL_new_null();
        CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-        sk_push(*sk,(char *)crl);
+        sk_X509_CRL_push(*sk,crl);
        return(1);
        }
-int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst)
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-PKCS7_SIGNER_INFO *p7i;
+             const EVP_MD *dgst)
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
        {
+        char is_dsa;
+        if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
+        else is_dsa = 0;
        /* We now need to add another PKCS7_SIGNER_INFO entry */
        ASN1_INTEGER_set(p7i->version,1);
        X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -307,36 +317,43 @@ EVP_MD *dgst;
        /* because ASN1_INTEGER_set is used to set a 'long' we will do
         * things the ugly way. */
-        ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
        p7i->issuer_and_serial->serial=
-                ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
        /* lets keep the pkey around for a while */
        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
        p7i->pkey=pkey;
        /* Set the algorithms */
-        p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+        if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
-        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
+        else    
+                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+        if (p7i->digest_alg->parameter != NULL)
+                ASN1_TYPE_free(p7i->digest_alg->parameter);
+        if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+                goto err;
+        p7i->digest_alg->parameter->type=V_ASN1_NULL;
+        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
-#if 1
        if (p7i->digest_enc_alg->parameter != NULL)
                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-        if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
+        if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
-                goto err;
+        else {
-        p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-#endif
+                        goto err;
+                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+        }
        return(1);
 err:
        return(0);
        }
-PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst)
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
-PKCS7 *p7;
+             const EVP_MD *dgst)
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
        {
        PKCS7_SIGNER_INFO *si;
@@ -348,20 +365,21 @@ err:
        return(NULL);
        }
-STACK *PKCS7_get_signer_info(p7)
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
-PKCS7 *p7;
        {
        if (PKCS7_type_is_signed(p7))
                {
                return(p7->d.sign->signer_info);
                }
+        else if (PKCS7_type_is_signedAndEnveloped(p7))
+                {
+                return(p7->d.signed_and_enveloped->signer_info);
+                }
        else
                return(NULL);
        }
-PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509)
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
-PKCS7 *p7;
-X509 *x509;
        {
        PKCS7_RECIP_INFO *ri;
@@ -373,12 +391,10 @@ err:
        return(NULL);
        }
-int PKCS7_add_recipient_info(p7,ri)
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
-PKCS7 *p7;
-PKCS7_RECIP_INFO *ri;
        {
        int i;
-        STACK *sk;
+        STACK_OF(PKCS7_RECIP_INFO) *sk;
        i=OBJ_obj2nid(p7->type);
        switch (i)
@@ -386,26 +402,30 @@ PKCS7_RECIP_INFO *ri;
        case NID_pkcs7_signedAndEnveloped:
                sk=     p7->d.signed_and_enveloped->recipientinfo;
                break;
+        case NID_pkcs7_enveloped:
+                sk=     p7->d.enveloped->recipientinfo;
+                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
                return(0);
                }
-        sk_push(sk,(char *)ri);
+        sk_PKCS7_RECIP_INFO_push(sk,ri);
        return(1);
        }
-int PKCS7_RECIP_INFO_set(p7i,x509)
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
-PKCS7_RECIP_INFO *p7i;
-X509 *x509;
        {
        ASN1_INTEGER_set(p7i->version,0);
        X509_NAME_set(&p7i->issuer_and_serial->issuer,
                X509_get_issuer_name(x509));
-        ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
        p7i->issuer_and_serial->serial=
-                ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+        X509_ALGOR_free(p7i->key_enc_algor);
+        p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
        p7i->cert=x509;
@@ -413,9 +433,7 @@ X509 *x509;
        return(1);
        }
-X509 *PKCS7_cert_from_signer_info(p7,si)
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *si;
        {
        if (PKCS7_type_is_signed(p7))
                return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
@@ -425,11 +443,10 @@ PKCS7_SIGNER_INFO *si;
                return(NULL);
        }
-int PKCS7_set_cipher(p7,cipher)
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
-PKCS7 *p7;
-EVP_CIPHER *cipher;
        {
        int i;
+        ASN1_OBJECT *objtmp;
        PKCS7_ENC_CONTENT *ec;
        i=OBJ_obj2nid(p7->type);
@@ -438,12 +455,23 @@ EVP_CIPHER *cipher;
        case NID_pkcs7_signedAndEnveloped:
                ec=p7->d.signed_and_enveloped->enc_data;
                break;
+        case NID_pkcs7_enveloped:
+                ec=p7->d.enveloped->enc_data;
+                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
                return(0);
                }
-        ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
+        /* Check cipher OID exists and has data in it*/
-        return(ec->algorithm->algorithm != NULL);
+        i = EVP_CIPHER_type(cipher);
+        if(i == NID_undef) {
+                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                return(0);
+        }
+        objtmp = OBJ_nid2obj(i);
+        ec->cipher = cipher;
+        return 1;
        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index 734643be28..086d394270 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -70,16 +70,21 @@
 */
 typedef struct {
-char *name;                             /* Name of line e.g. "content-type" */
-char *value;                            /* Value of line e.g. "text/plain" */
-STACK /* MIME_PARAM */ *params;         /* Zero or more parameters */
-} MIME_HEADER;
-typedef struct {
 char *param_name;                       /* Param name e.g. "micalg" */
 char *param_value;                      /* Param value e.g. "sha1" */
 } MIME_PARAM;
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+typedef struct {
+char *name;                             /* Name of line e.g. "content-type" */
+char *value;                            /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params;           /* Zero or more parameters */
+} MIME_HEADER;
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
 static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
 static PKCS7 *B64_read_PKCS7(BIO *bio);
@@ -88,14 +93,16 @@ static char * strip_start(char *name);
 static char * strip_end(char *name);
 static MIME_HEADER *mime_hdr_new(char *name, char *value);
 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK *mime_parse_hdr(BIO *bio);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
-static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
+                        const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b);
 static void mime_param_free(MIME_PARAM *param);
 static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK **ret);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
 static int iscrlf(char c);
-static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
 static void mime_hdr_free(MIME_HEADER *hdr);
@@ -158,12 +165,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
                }
                bound[32] = 0;
                BIO_printf(bio, "MIME-Version: 1.0\n");
-                BIO_printf(bio, "Content-Type: multipart/signed ; ");
+                BIO_printf(bio, "Content-Type: multipart/signed;");
-                BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
+                BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
-                BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
+                BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
                BIO_printf(bio, "This is an S/MIME signed message\n\n");
                /* Now write out the first part */
-                BIO_printf(bio, "------%s\r\n", bound);
+                BIO_printf(bio, "------%s\n", bound);
                if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
                while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
                                                BIO_write(bio, linebuf, i);
@@ -196,8 +203,8 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
 {
        BIO *p7in;
-        STACK *headers = NULL;
+        STACK_OF(MIME_HEADER) *headers = NULL;
-        STACK *parts = NULL;
+        STACK_OF(BIO) *parts = NULL;
        MIME_HEADER *hdr;
        MIME_PARAM *prm;
        PKCS7 *p7;
@@ -211,7 +218,7 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
        }
        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
                return NULL;
        }
@@ -222,24 +229,24 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
                /* Split into two parts */
                prm = mime_param_find(hdr, "boundary");
                if(!prm || !prm->param_value) {
-                        sk_pop_free(headers, mime_hdr_free);
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
                        return NULL;
                }
                ret = multi_split(bio, prm->param_value, &parts);
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-                if(!ret || (sk_num(parts) != 2) ) {
+                if(!ret || (sk_BIO_num(parts) != 2) ) {
                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                        return NULL;
                }
                /* Parse the signature piece */
-                p7in = (BIO *)sk_value(parts, 1);
+                p7in = sk_BIO_value(parts, 1);
                if (!(headers = mime_parse_hdr(p7in))) {
                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                        return NULL;
                }
@@ -247,32 +254,32 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
                if(!(hdr = mime_hdr_find(headers, "content-type")) ||
                                                                 !hdr->value) {
-                        sk_pop_free(headers, mime_hdr_free);
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
                        return NULL;
                }
                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
                        strcmp(hdr->value, "application/pkcs7-signature")) {
-                        sk_pop_free(headers, mime_hdr_free);
+                        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
                        ERR_add_error_data(2, "type: ", hdr->value);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                        return NULL;
                }
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                /* Read in PKCS#7 */
                if(!(p7 = B64_read_PKCS7(p7in))) {
                        PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
-                        sk_pop_free(parts, (stkfree)BIO_free);
+                        sk_BIO_pop_free(parts, BIO_vfree);
                        return NULL;
                }
                if(bcont) {
-                        *bcont = (BIO *)sk_value(parts, 0);
+                        *bcont = sk_BIO_value(parts, 0);
                        BIO_free(p7in);
-                        sk_free(parts);
+                        sk_BIO_free(parts);
-                } else sk_pop_free(parts, (stkfree)BIO_free);
+                } else sk_BIO_pop_free(parts, BIO_vfree);
                return p7;
        }
                
@@ -282,11 +289,11 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
            strcmp (hdr->value, "application/pkcs7-mime")) {
                PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
                ERR_add_error_data(2, "type: ", hdr->value);
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                return NULL;
        }
-        sk_pop_free(headers, mime_hdr_free);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
        
        if(!(p7 = B64_read_PKCS7(bio))) {
                PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
@@ -325,24 +332,25 @@ int SMIME_text(BIO *in, BIO *out)
 {
        char iobuf[4096];
        int len;
-        STACK *headers;
+        STACK_OF(MIME_HEADER) *headers;
        MIME_HEADER *hdr;
        if (!(headers = mime_parse_hdr(in))) {
                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
                return 0;
        }
        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                return 0;
        }
        if (strcmp (hdr->value, "text/plain")) {
                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
                ERR_add_error_data(2, "type: ", hdr->value);
-                sk_pop_free(headers, mime_hdr_free);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                return 0;
        }
-        sk_pop_free(headers, mime_hdr_free);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
        while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
                                                BIO_write(out, iobuf, len);
        return 1;
@@ -352,18 +360,19 @@ int SMIME_text(BIO *in, BIO *out)
 * canonical parts in a STACK of bios
 */
-static int multi_split(BIO *bio, char *bound, STACK **ret)
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
 {
        char linebuf[MAX_SMLEN];
        int len, blen;
        BIO *bpart = NULL;
-        STACK *parts;
+        STACK_OF(BIO) *parts;
        char state, part, first;
        blen = strlen(bound);
        part = 0;
        state = 0;
        first = 1;
-        parts = sk_new(NULL);
+        parts = sk_BIO_new_null();
        *ret = parts;
        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
                state = mime_bound_check(linebuf, len, bound, blen);
@@ -371,12 +380,12 @@ static int multi_split(BIO *bio, char *bound, STACK **ret)
                        first = 1;
                        part++;
                } else if(state == 2) {
-                        sk_push(parts, (char *)bpart);
+                        sk_BIO_push(parts, bpart);
                        return 1;
                } else if(part) {
                        if(first) {
                                first = 0;
-                                if(bpart) sk_push(parts, (char *)bpart);
+                                if(bpart) sk_BIO_push(parts, bpart);
                                bpart = BIO_new(BIO_s_mem());
                                
                        } else BIO_write(bpart, "\r\n", 2);
@@ -405,15 +414,16 @@ static int iscrlf(char c)
 #define MIME_COMMENT    6
-static STACK *mime_parse_hdr(BIO *bio)
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 {
        char *p, *q, c;
        char *ntmp;
        char linebuf[MAX_SMLEN];
        MIME_HEADER *mhdr = NULL;
-        STACK *headers;
+        STACK_OF(MIME_HEADER) *headers;
        int len, state, save_state = 0;
-        headers = sk_new(mime_hdr_cmp);
+        headers = sk_MIME_HEADER_new(mime_hdr_cmp);
        while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
        /* If whitespace at line start then continuation line */
        if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
@@ -441,7 +451,7 @@ static STACK *mime_parse_hdr(BIO *bio)
                                mime_debug("Found End Value\n");
                                *p = 0;
                                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                                sk_push(headers, (char *)mhdr);
+                                sk_MIME_HEADER_push(headers, mhdr);
                                ntmp = NULL;
                                q = p + 1;
                                state = MIME_NAME;
@@ -493,7 +503,7 @@ static STACK *mime_parse_hdr(BIO *bio)
        if(state == MIME_TYPE) {
                mhdr = mime_hdr_new(ntmp, strip_ends(q));
-                sk_push(headers, (char *)mhdr);
+                sk_MIME_HEADER_push(headers, mhdr);
        } else if(state == MIME_VALUE)
                         mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
        if(p == linebuf) break; /* Blank line means end of headers */
@@ -569,11 +579,11 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
                        }
                }
        } else tmpval = NULL;
-        mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
+        mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
        if(!mhdr) return NULL;
        mhdr->name = tmpname;
        mhdr->value = tmpval;
-        if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
+        if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
        return mhdr;
 }
                
@@ -598,34 +608,36 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
                if(!tmpval) return 0;
        } else tmpval = NULL;
        /* Parameter values are case sensitive so leave as is */
-        mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
+        mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
        if(!mparam) return 0;
        mparam->param_name = tmpname;
        mparam->param_value = tmpval;
-        sk_push(mhdr->params, (char *)mparam);
+        sk_MIME_PARAM_push(mhdr->params, mparam);
        return 1;
 }
-static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                        const MIME_HEADER * const *b)
 {
        return(strcmp((*a)->name, (*b)->name));
 }
-static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                        const MIME_PARAM * const *b)
 {
        return(strcmp((*a)->param_name, (*b)->param_name));
 }
 /* Find a header with a given name (if possible) */
-static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
 {
        MIME_HEADER htmp;
        int idx;
        htmp.name = name;
-        idx = sk_find(hdrs, (char *)&htmp);
+        idx = sk_MIME_HEADER_find(hdrs, &htmp);
        if(idx < 0) return NULL;
-        return (MIME_HEADER *)sk_value(hdrs, idx);
+        return sk_MIME_HEADER_value(hdrs, idx);
 }
 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
@@ -633,24 +645,24 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
        MIME_PARAM param;
        int idx;
        param.param_name = name;
-        idx = sk_find(hdr->params, (char *)&param);
+        idx = sk_MIME_PARAM_find(hdr->params, &param);
        if(idx < 0) return NULL;
-        return (MIME_PARAM *)sk_value(hdr->params, idx);
+        return sk_MIME_PARAM_value(hdr->params, idx);
 }
 static void mime_hdr_free(MIME_HEADER *hdr)
 {
-        if(hdr->name) Free(hdr->name);
+        if(hdr->name) OPENSSL_free(hdr->name);
-        if(hdr->value) Free(hdr->value);
+        if(hdr->value) OPENSSL_free(hdr->value);
-        if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
+        if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-        Free(hdr);
+        OPENSSL_free(hdr);
 }
 static void mime_param_free(MIME_PARAM *param)
 {
-        if(param->param_name) Free(param->param_name);
+        if(param->param_name) OPENSSL_free(param->param_name);
-        if(param->param_value) Free(param->param_value);
+        if(param->param_value) OPENSSL_free(param->param_value);
-        Free(param);
+        OPENSSL_free(param);
 }
 /* Check for a multipart boundary. Returns:
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index b41f42ed04..f0d071e282 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -64,12 +64,12 @@
 #include <openssl/x509v3.h>
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-                                                        BIO *data, int flags)
+                  BIO *data, int flags)
 {
        PKCS7 *p7;
        PKCS7_SIGNER_INFO *si;
        BIO *p7bio;
-        STACK *smcap;
+        STACK_OF(X509_ALGOR) *smcap;
        int i;
        if(!X509_check_private_key(signcert, pkey)) {
@@ -109,25 +109,28 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
                /* Add SMIMECapabilities */
-                if(!(smcap = sk_new(NULL))) {
+                if(!(flags & PKCS7_NOSMIMECAP))
+                {
+                if(!(smcap = sk_X509_ALGOR_new_null())) {
                        PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
                        return NULL;
                }
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
                PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
                PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
 #endif
                PKCS7_add_attrib_smimecap (si, smcap);
-                sk_pop_free(smcap, X509_ALGOR_free);
+                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+                }
        }
        if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
@@ -150,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
        PKCS7_SIGNER_INFO *si;
        X509_STORE_CTX cert_ctx;
        char buf[4096];
-        int i, j=0;
+        int i, j=0, k, ret = 0;
        BIO *p7bio;
        BIO *tmpout;
@@ -169,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
                return 0;
        }
+#if 0
+        /* NB: this test commented out because some versions of Netscape
+         * illegally include zero length content when signing data.
+         */
        /* Check for data and content: two sets of data */
        if(!PKCS7_get_detached(p7) && indata) {
                                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
                return 0;
        }
+#endif
        sinfos = PKCS7_get_signer_info(p7);
@@ -190,14 +198,23 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
        /* Now verify the certificates */
-        if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
+        if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
-                signer = sk_X509_value (signers, i);
+                signer = sk_X509_value (signers, k);
                if (!(flags & PKCS7_NOCHAIN)) {
-                        X509_STORE_CTX_init(&cert_ctx, store, signer,
+                        if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
-                                                        p7->d.sign->cert);
+                                                        p7->d.sign->cert))
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+                                sk_X509_free(signers);
+                                return 0;
+                                }
                        X509_STORE_CTX_set_purpose(&cert_ctx,
                                                X509_PURPOSE_SMIME_SIGN);
-                } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+                } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
+                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+                        sk_X509_free(signers);
+                        return 0;
+                }
                i = X509_verify_cert(&cert_ctx);
                if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
                X509_STORE_CTX_cleanup(&cert_ctx);
@@ -250,18 +267,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                }
        }
-        sk_X509_free(signers);
+        ret = 1;
-        if(indata) BIO_pop(p7bio);
-        BIO_free_all(p7bio);
-        return 1;
        err:
+        if(indata) BIO_pop(p7bio);
+        BIO_free_all(p7bio);
        sk_X509_free(signers);
-        BIO_free(p7bio);
-        return 0;
+        return ret;
 }
 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
@@ -282,7 +296,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
                return NULL;
        }
-        if(!(signers = sk_X509_new(NULL))) {
+        if(!(signers = sk_X509_new_null())) {
                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
@@ -322,7 +336,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
 /* Build a complete PKCS#7 enveloped data */
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                                                                int flags)
 {
        PKCS7 *p7;
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
index ee12f670a8..5819700a85 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -59,12 +59,22 @@
 #ifndef HEADER_PKCS7_H
 #define HEADER_PKCS7_H
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+#include <openssl/e_os2.h>
+#include <openssl/symhacks.h>
+#include <openssl/ossl_typ.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-#include "bio.h"
+#ifdef OPENSSL_SYS_WIN32
-#include "x509.h"
+/* Under Win32 thes are defined in wincrypt.h */
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
 /*
 Encryption_ID           DES-CBC
@@ -84,15 +94,18 @@ typedef struct pkcs7_signer_info_st
        ASN1_INTEGER                    *version;       /* version 1 */
        PKCS7_ISSUER_AND_SERIAL         *issuer_and_serial;
        X509_ALGOR                      *digest_alg;
-        STACK /* X509_ATTRIBUTE */      *auth_attr;     /* [ 0 ] */
+        STACK_OF(X509_ATTRIBUTE)        *auth_attr;     /* [ 0 ] */
        X509_ALGOR                      *digest_enc_alg;
        ASN1_OCTET_STRING               *enc_digest;
-        STACK /* X509_ATTRIBUTE */      *unauth_attr;   /* [ 1 ] */
+        STACK_OF(X509_ATTRIBUTE)        *unauth_attr;   /* [ 1 ] */
        /* The private key to sign with */
        EVP_PKEY                        *pkey;
        } PKCS7_SIGNER_INFO;
+DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
 typedef struct pkcs7_recip_info_st
        {
        ASN1_INTEGER                    *version;       /* version 0 */
@@ -102,13 +115,16 @@ typedef struct pkcs7_recip_info_st
        X509                            *cert; /* get the pub-key from this */
        } PKCS7_RECIP_INFO;
+DECLARE_STACK_OF(PKCS7_RECIP_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
 typedef struct pkcs7_signed_st
        {
        ASN1_INTEGER                    *version;       /* version 1 */
-        STACK /* X509_ALGOR's */        *md_algs;       /* md used */
+        STACK_OF(X509_ALGOR)            *md_algs;       /* md used */
-        STACK /* X509 */                *cert;          /* [ 0 ] */
+        STACK_OF(X509)                  *cert;          /* [ 0 ] */
-        STACK /* X509_CRL */            *crl;           /* [ 1 ] */
+        STACK_OF(X509_CRL)              *crl;           /* [ 1 ] */
-        STACK /* PKCS7_SIGNER_INFO */   *signer_info;
+        STACK_OF(PKCS7_SIGNER_INFO)     *signer_info;
        struct pkcs7_st                 *contents;
        } PKCS7_SIGNED;
@@ -120,25 +136,26 @@ typedef struct pkcs7_enc_content_st
        ASN1_OBJECT                     *content_type;
        X509_ALGOR                      *algorithm;
        ASN1_OCTET_STRING               *enc_data;      /* [ 0 ] */
+        const EVP_CIPHER                *cipher;
        } PKCS7_ENC_CONTENT;
 typedef struct pkcs7_enveloped_st
        {
        ASN1_INTEGER                    *version;       /* version 0 */
-        STACK /* PKCS7_RECIP_INFO */    *recipientinfo;
+        STACK_OF(PKCS7_RECIP_INFO)      *recipientinfo;
        PKCS7_ENC_CONTENT               *enc_data;
        } PKCS7_ENVELOPE;
-        
 typedef struct pkcs7_signedandenveloped_st
        {
        ASN1_INTEGER                    *version;       /* version 1 */
-        STACK /* X509_ALGOR's */        *md_algs;       /* md used */
+        STACK_OF(X509_ALGOR)            *md_algs;       /* md used */
-        STACK /* X509 */                *cert;          /* [ 0 ] */
+        STACK_OF(X509)                  *cert;          /* [ 0 ] */
-        STACK /* X509_CRL */            *crl;           /* [ 1 ] */
+        STACK_OF(X509_CRL)              *crl;           /* [ 1 ] */
-        STACK /* PKCS7_SIGNER_INFO */   *signer_info;
+        STACK_OF(PKCS7_SIGNER_INFO)     *signer_info;
        PKCS7_ENC_CONTENT               *enc_data;
-        STACK /* PKCS7_RECIP_INFO */    *recipientinfo;
+        STACK_OF(PKCS7_RECIP_INFO)      *recipientinfo;
        } PKCS7_SIGN_ENVELOPE;
 typedef struct pkcs7_digest_st
@@ -193,13 +210,27 @@ typedef struct pkcs7_st
                /* NID_pkcs7_encrypted */
                PKCS7_ENCRYPT *encrypted;
+                /* Anything else */
+                ASN1_TYPE *other;
                } d;
        } PKCS7;
+DECLARE_STACK_OF(PKCS7)
+DECLARE_ASN1_SET_OF(PKCS7)
+DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_OP_SET_DETACHED_SIGNATURE 1
 #define PKCS7_OP_GET_DETACHED_SIGNATURE 2
+#define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
+#define PKCS7_get_attributes(si)        ((si)->unauth_attr)
 #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
+#define PKCS7_type_is_signedAndEnveloped(a) \
+                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
 #define PKCS7_set_detached(p,v) \
@@ -207,101 +238,67 @@ typedef struct pkcs7_st
 #define PKCS7_get_detached(p) \
                PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
-#ifdef SSLEAY_MACROS
+#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+#ifdef SSLEAY_MACROS
+#ifndef PKCS7_ISSUER_AND_SERIAL_digest
 #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
        ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
                        (char *)data,md,len)
 #endif
+#endif
+/* S/MIME related flags */
-#ifndef NOPROTO
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
+#define PKCS7_TEXT              0x1
-void                    PKCS7_ISSUER_AND_SERIAL_free(
+#define PKCS7_NOCERTS           0x2
-                                PKCS7_ISSUER_AND_SERIAL *a);
+#define PKCS7_NOSIGS            0x4
-int                     i2d_PKCS7_ISSUER_AND_SERIAL(
+#define PKCS7_NOCHAIN           0x8
-                                PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp);
+#define PKCS7_NOINTERN          0x10
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
+#define PKCS7_NOVERIFY          0x20
-                                PKCS7_ISSUER_AND_SERIAL **a,
+#define PKCS7_DETACHED          0x40
-                                unsigned char **pp, long length);
+#define PKCS7_BINARY            0x80
+#define PKCS7_NOATTR            0x100
+#define PKCS7_NOSMIMECAP        0x200
+/* Flags: for compatibility with older code */
+#define SMIME_TEXT      PKCS7_TEXT
+#define SMIME_NOCERTS   PKCS7_NOCERTS
+#define SMIME_NOSIGS    PKCS7_NOSIGS
+#define SMIME_NOCHAIN   PKCS7_NOCHAIN
+#define SMIME_NOINTERN  PKCS7_NOINTERN
+#define SMIME_NOVERIFY  PKCS7_NOVERIFY
+#define SMIME_DETACHED  PKCS7_DETACHED
+#define SMIME_BINARY    PKCS7_BINARY
+#define SMIME_NOATTR    PKCS7_NOATTR
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
 #ifndef SSLEAY_MACROS
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
        unsigned char *md,unsigned int *len);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 #endif
 PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
 #endif
-PKCS7_SIGNER_INFO       *PKCS7_SIGNER_INFO_new(void);
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-void                    PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-int                     i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a,
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
-                                unsigned char **pp);
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-PKCS7_SIGNER_INFO       *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-                                unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
-PKCS7_RECIP_INFO        *PKCS7_RECIP_INFO_new(void);
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-void                    PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a);
+DECLARE_ASN1_FUNCTIONS(PKCS7)
-int                     i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a,
-                                unsigned char **pp);
-PKCS7_RECIP_INFO        *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
-                                unsigned char **pp,long length);
-PKCS7_SIGNED            *PKCS7_SIGNED_new(void);
-void                    PKCS7_SIGNED_free(PKCS7_SIGNED *a);
-int                     i2d_PKCS7_SIGNED(PKCS7_SIGNED *a,
-                                unsigned char **pp);
-PKCS7_SIGNED            *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a,
-                                unsigned char **pp,long length);
-PKCS7_ENC_CONTENT       *PKCS7_ENC_CONTENT_new(void);
-void                    PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a);
-int                     i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a,
-                                unsigned char **pp);
-PKCS7_ENC_CONTENT       *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
-                                unsigned char **pp,long length);
-PKCS7_ENVELOPE          *PKCS7_ENVELOPE_new(void);
-void                    PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a);
-int                     i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a,
-                                unsigned char **pp);
-PKCS7_ENVELOPE          *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a,
-                                unsigned char **pp,long length);
-PKCS7_SIGN_ENVELOPE     *PKCS7_SIGN_ENVELOPE_new(void);
-void                    PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a);
-int                     i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a,
-                                unsigned char **pp);
-PKCS7_SIGN_ENVELOPE     *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
-                                unsigned char **pp,long length);
-PKCS7_DIGEST            *PKCS7_DIGEST_new(void);
-void                    PKCS7_DIGEST_free(PKCS7_DIGEST *a);
-int                     i2d_PKCS7_DIGEST(PKCS7_DIGEST *a,
-                                unsigned char **pp);
-PKCS7_DIGEST            *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a,
-                                unsigned char **pp,long length);
-PKCS7_ENCRYPT           *PKCS7_ENCRYPT_new(void);
-void                    PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a);
-int                     i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a,
-                                unsigned char **pp);
-PKCS7_ENCRYPT           *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a,
-                                unsigned char **pp,long length);
-PKCS7                   *PKCS7_new(void);
-void                    PKCS7_free(PKCS7 *a);
-void                    PKCS7_content_free(PKCS7 *a);
-int                     i2d_PKCS7(PKCS7 *a,
-                                unsigned char **pp);
-PKCS7                   *d2i_PKCS7(PKCS7 **a,
-                                unsigned char **pp,long length);
-void ERR_load_PKCS7_strings(void);
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
@@ -309,141 +306,144 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
 int PKCS7_set_type(PKCS7 *p7, int type);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-        EVP_MD *dgst);
+        const EVP_MD *dgst);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
 int PKCS7_content_new(PKCS7 *p7, int nid);
-int PKCS7_dataSign(PKCS7 *p7, BIO *bio);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
        BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                                                                X509 *x509);
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
-/*int PKCS7_DataFinal(PKCS7 *p7, BIO *bio); */
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
-        EVP_PKEY *pkey, EVP_MD *dgst);
+        EVP_PKEY *pkey, const EVP_MD *dgst);
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-STACK *PKCS7_get_signer_info(PKCS7 *p7);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
-int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
-#else
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
+        void *data);
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new();
+int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-void                    PKCS7_ISSUER_AND_SERIAL_free();
+        void *value);
-int                     i2d_PKCS7_ISSUER_AND_SERIAL();
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL();
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-#ifndef SSLEAY_MACROS
+                                STACK_OF(X509_ATTRIBUTE) *sk);
-int                     PKCS7_ISSUER_AND_SERIAL_digest();
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
-#ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp();
-int i2d_PKCS7_fp();
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-#endif
+                                                        BIO *data, int flags);
-PKCS7 *PKCS7_dup();
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-PKCS7 *d2i_PKCS7_bio();
+                                        BIO *indata, BIO *out, int flags);
-int i2d_PKCS7_bio();
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-#endif
+                                                                int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-PKCS7_SIGNER_INFO       *PKCS7_SIGNER_INFO_new();
-void                    PKCS7_SIGNER_INFO_free();
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
-int                     i2d_PKCS7_SIGNER_INFO();
+                              STACK_OF(X509_ALGOR) *cap);
-PKCS7_SIGNER_INFO       *d2i_PKCS7_SIGNER_INFO();
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
-PKCS7_RECIP_INFO        *PKCS7_RECIP_INFO_new();
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
-void                    PKCS7_RECIP_INFO_free();
-int                     i2d_PKCS7_RECIP_INFO();
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
-PKCS7_RECIP_INFO        *d2i_PKCS7_RECIP_INFO();
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-PKCS7_SIGNED            *PKCS7_SIGNED_new();
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-void                    PKCS7_SIGNED_free();
+int SMIME_text(BIO *in, BIO *out);
-int                     i2d_PKCS7_SIGNED();
-PKCS7_SIGNED            *d2i_PKCS7_SIGNED();
-PKCS7_ENC_CONTENT       *PKCS7_ENC_CONTENT_new();
-void                    PKCS7_ENC_CONTENT_free();
-int                     i2d_PKCS7_ENC_CONTENT();
-PKCS7_ENC_CONTENT       *d2i_PKCS7_ENC_CONTENT();
-PKCS7_ENVELOPE          *PKCS7_ENVELOPE_new();
-void                    PKCS7_ENVELOPE_free();
-int                     i2d_PKCS7_ENVELOPE();
-PKCS7_ENVELOPE          *d2i_PKCS7_ENVELOPE();
-PKCS7_SIGN_ENVELOPE     *PKCS7_SIGN_ENVELOPE_new();
-void                    PKCS7_SIGN_ENVELOPE_free();
-int                     i2d_PKCS7_SIGN_ENVELOPE();
-PKCS7_SIGN_ENVELOPE     *d2i_PKCS7_SIGN_ENVELOPE();
-PKCS7_DIGEST            *PKCS7_DIGEST_new();
-void                    PKCS7_DIGEST_free();
-int                     i2d_PKCS7_DIGEST();
-PKCS7_DIGEST            *d2i_PKCS7_DIGEST();
-PKCS7_ENCRYPT           *PKCS7_ENCRYPT_new();
-void                    PKCS7_ENCRYPT_free();
-int                     i2d_PKCS7_ENCRYPT();
-PKCS7_ENCRYPT           *d2i_PKCS7_ENCRYPT();
-PKCS7                   *PKCS7_new();
-void                    PKCS7_free();
-void                    PKCS7_content_free();
-int                     i2d_PKCS7();
-PKCS7                   *d2i_PKCS7();
-void ERR_load_PKCS7_strings();
-long PKCS7_ctrl();
-int PKCS7_set_type();
-int PKCS7_set_content();
-int PKCS7_SIGNER_INFO_set();
-int PKCS7_add_signer();
-int PKCS7_add_certificate();
-int PKCS7_add_crl();
-int PKCS7_content_new();
-int PKCS7_dataSign();
-int PKCS7_dataVerify();
-BIO *PKCS7_dataInit();
-PKCS7_SIGNER_INFO *PKCS7_add_signature();
-X509 *PKCS7_cert_from_signer_info();
-STACK *PKCS7_get_signer_info();
-PKCS7_RECIP_INFO *PKCS7_add_recipient();
-int PKCS7_add_recipient_info();
-int PKCS7_RECIP_INFO_set();
-int PKCS7_set_cipher();
-#endif
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS7_strings(void);
 /* Error codes for the PKCS7 functions. */
 /* Function codes. */
+#define PKCS7_F_B64_READ_PKCS7                           120
+#define PKCS7_F_B64_WRITE_PKCS7                          121
+#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
 #define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
 #define PKCS7_F_PKCS7_ADD_CRL                            101
 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
 #define PKCS7_F_PKCS7_ADD_SIGNER                         103
 #define PKCS7_F_PKCS7_CTRL                               104
+#define PKCS7_F_PKCS7_DATADECODE                         112
 #define PKCS7_F_PKCS7_DATAINIT                           105
 #define PKCS7_F_PKCS7_DATASIGN                           106
 #define PKCS7_F_PKCS7_DATAVERIFY                         107
+#define PKCS7_F_PKCS7_DECRYPT                            114
+#define PKCS7_F_PKCS7_ENCRYPT                            115
+#define PKCS7_F_PKCS7_GET0_SIGNERS                       124
 #define PKCS7_F_PKCS7_SET_CIPHER                         108
 #define PKCS7_F_PKCS7_SET_CONTENT                        109
 #define PKCS7_F_PKCS7_SET_TYPE                           110
+#define PKCS7_F_PKCS7_SIGN                               116
+#define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
+#define PKCS7_F_PKCS7_VERIFY                             117
+#define PKCS7_F_SMIME_READ_PKCS7                         122
+#define PKCS7_F_SMIME_TEXT                               123
 /* Reason codes. */
-#define PKCS7_R_INTERNAL_ERROR                           100
+#define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     101
+#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
-#define PKCS7_R_SIGNATURE_FAILURE                        102
+#define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               103
+#define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   104
+#define PKCS7_R_DECODE_ERROR                             130
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            105
+#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH            100
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE                      106
+#define PKCS7_R_DECRYPT_ERROR                            119
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  107
+#define PKCS7_R_DIGEST_FAILURE                           101
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 108
+#define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
-#define PKCS7_R_WRONG_CONTENT_TYPE                       109
+#define PKCS7_R_ERROR_SETTING_CIPHER                     121
- 
+#define PKCS7_R_INVALID_MIME_TYPE                        131
+#define PKCS7_R_INVALID_NULL_POINTER                     143
+#define PKCS7_R_MIME_NO_CONTENT_TYPE                     132
+#define PKCS7_R_MIME_PARSE_ERROR                         133
+#define PKCS7_R_MIME_SIG_PARSE_ERROR                     134
+#define PKCS7_R_MISSING_CERIPEND_INFO                    103
+#define PKCS7_R_NO_CONTENT                               122
+#define PKCS7_R_NO_CONTENT_TYPE                          135
+#define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
+#define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
+#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
+#define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
+#define PKCS7_R_NO_SIGNERS                               142
+#define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
+#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
+#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+#define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
+#define PKCS7_R_PKCS7_DATASIGN                           126
+#define PKCS7_R_PKCS7_PARSE_ERROR                        139
+#define PKCS7_R_PKCS7_SIG_PARSE_ERROR                    140
+#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
+#define PKCS7_R_SIGNATURE_FAILURE                        105
+#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+#define PKCS7_R_SIG_INVALID_MIME_TYPE                    141
+#define PKCS7_R_SMIME_TEXT_ERROR                         129
+#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
+#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
+#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
+#define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
+#define PKCS7_R_UNKNOWN_OPERATION                        110
+#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
+#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
+#define PKCS7_R_WRONG_CONTENT_TYPE                       113
+#define PKCS7_R_WRONG_PKCS7_TYPE                         114
 #ifdef  __cplusplus
 }
 #endif
 #endif
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
index f851057422..5e51527a40 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -1,107 +1,157 @@
-/* lib/pkcs7/pkcs7_err.c */
+/* crypto/pkcs7/pkcs7err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* ====================================================================
- * All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
- * 1. Redistributions of source code must retain the copyright
+ *
- *    notice, this list of conditions and the following disclaimer.
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
 * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
+ *    notice, this list of conditions and the following disclaimer in
- *    documentation and/or other materials provided with the distribution.
+ *    the documentation and/or other materials provided with the
- * 3. All advertising materials mentioning features or use of this software
+ *    distribution.
- *    must display the following acknowledgement:
+ *
- *    "This product includes cryptographic software written by
+ * 3. All advertising materials mentioning features or use of this
- *     Eric Young (eay@cryptsoft.com)"
+ *    software must display the following acknowledgment:
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    "This product includes software developed by the OpenSSL Project
- *    being used are not cryptographic related :-).
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *
- *    the apps directory (application code) you must include an acknowledgement:
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *    endorse or promote products derived from this software without
- * 
+ *    prior written permission. For written permission, please contact
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ *    openssl-core@OpenSSL.org.
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * 5. Products derived from this software may not be called "OpenSSL"
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ *    nor may "OpenSSL" appear in their names without prior written
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ *    permission of the OpenSSL Project.
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ *
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * 6. Redistributions of any form whatsoever must retain the following
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ *    acknowledgment:
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ *    "This product includes software developed by the OpenSSL Project
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- * SUCH DAMAGE.
+ *
- * 
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * The licence and distribution terms for any publically available version or
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * copied and put under another distribution licence
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * [including the GNU Public Licence.]
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
 */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
 #include <stdio.h>
-#include "err.h"
+#include <openssl/err.h>
-#include "pkcs7.h"
+#include <openssl/pkcs7.h>
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA PKCS7_str_functs[]=
        {
+{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0),  "B64_READ_PKCS7"},
+{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0),       "PKCS7_add_attrib_smimecap"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),   "PKCS7_add_certificate"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),   "PKCS7_add_crl"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),        "PKCS7_add_recipient_info"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),        "PKCS7_add_signer"},
 {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),      "PKCS7_ctrl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0),        "PKCS7_dataDecode"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),  "PKCS7_dataInit"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),  "PKCS7_dataSign"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),  "PKCS7_DATASIGN"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),        "PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0),   "PKCS7_decrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0),   "PKCS7_encrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0),      "PKCS7_get0_signers"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),        "PKCS7_set_cipher"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),       "PKCS7_set_content"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),  "PKCS7_set_type"},
-{0,NULL},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0),      "PKCS7_sign"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0),   "PKCS7_signatureVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0),   "PKCS7_simple_smimecap"},
+{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0),    "PKCS7_verify"},
+{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0),        "SMIME_read_PKCS7"},
+{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0),      "SMIME_text"},
+{0,NULL}
        };
 static ERR_STRING_DATA PKCS7_str_reasons[]=
        {
-{PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
+{PKCS7_R_CERTIFICATE_VERIFY_ERROR        ,"certificate verify error"},
+{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
+{PKCS7_R_CIPHER_NOT_INITIALIZED          ,"cipher not initialized"},
+{PKCS7_R_CONTENT_AND_DATA_PRESENT        ,"content and data present"},
+{PKCS7_R_DECODE_ERROR                    ,"decode error"},
+{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH   ,"decrypted key is wrong length"},
+{PKCS7_R_DECRYPT_ERROR                   ,"decrypt error"},
+{PKCS7_R_DIGEST_FAILURE                  ,"digest failure"},
+{PKCS7_R_ERROR_ADDING_RECIPIENT          ,"error adding recipient"},
+{PKCS7_R_ERROR_SETTING_CIPHER            ,"error setting cipher"},
+{PKCS7_R_INVALID_MIME_TYPE               ,"invalid mime type"},
+{PKCS7_R_INVALID_NULL_POINTER            ,"invalid null pointer"},
+{PKCS7_R_MIME_NO_CONTENT_TYPE            ,"mime no content type"},
+{PKCS7_R_MIME_PARSE_ERROR                ,"mime parse error"},
+{PKCS7_R_MIME_SIG_PARSE_ERROR            ,"mime sig parse error"},
+{PKCS7_R_MISSING_CERIPEND_INFO           ,"missing ceripend info"},
+{PKCS7_R_NO_CONTENT                      ,"no content"},
+{PKCS7_R_NO_CONTENT_TYPE                 ,"no content type"},
+{PKCS7_R_NO_MULTIPART_BODY_FAILURE       ,"no multipart body failure"},
+{PKCS7_R_NO_MULTIPART_BOUNDARY           ,"no multipart boundary"},
+{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
+{PKCS7_R_NO_SIGNATURES_ON_DATA           ,"no signatures on data"},
+{PKCS7_R_NO_SIGNERS                      ,"no signers"},
+{PKCS7_R_NO_SIG_CONTENT_TYPE             ,"no sig content type"},
 {PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
+{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR       ,"pkcs7 add signature error"},
+{PKCS7_R_PKCS7_DATAFINAL_ERROR           ,"pkcs7 datafinal error"},
+{PKCS7_R_PKCS7_DATASIGN                  ,"pkcs7 datasign"},
+{PKCS7_R_PKCS7_PARSE_ERROR               ,"pkcs7 parse error"},
+{PKCS7_R_PKCS7_SIG_PARSE_ERROR           ,"pkcs7 sig parse error"},
+{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
 {PKCS7_R_SIGNATURE_FAILURE               ,"signature failure"},
+{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND    ,"signer certificate not found"},
+{PKCS7_R_SIG_INVALID_MIME_TYPE           ,"sig invalid mime type"},
+{PKCS7_R_SMIME_TEXT_ERROR                ,"smime text error"},
 {PKCS7_R_UNABLE_TO_FIND_CERTIFICATE      ,"unable to find certificate"},
 {PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
 {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
 {PKCS7_R_UNKNOWN_DIGEST_TYPE             ,"unknown digest type"},
+{PKCS7_R_UNKNOWN_OPERATION               ,"unknown operation"},
 {PKCS7_R_UNSUPPORTED_CIPHER_TYPE         ,"unsupported cipher type"},
 {PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
 {PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
-{0,NULL},
+{PKCS7_R_WRONG_PKCS7_TYPE                ,"wrong pkcs7 type"},
+{0,NULL}
        };
 #endif
-void ERR_load_PKCS7_strings()
+void ERR_load_PKCS7_strings(void)
        {
        static int init=1;
-        if (init);
+        if (init)
-                {;
+                {
                init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
                ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
 #endif
author	markus <>	2002-09-05 12:51:50 +0000
committer	markus <>	2002-09-05 12:51:50 +0000
commit	15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch)
tree	bf939e82d7fd73cc8a01cf6959002209972091bc /src/lib/libcrypto/pkcs7
parent	027351f729b9e837200dae6e1520cda6577ab930 (diff)
download	openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2 openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip