summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7
diff options
context:
space:
mode:
authorbeck <>1999-09-29 04:37:45 +0000
committerbeck <>1999-09-29 04:37:45 +0000
commitde8f24ea083384bb66b32ec105dc4743c5663cdf (patch)
tree1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libcrypto/pkcs7
parentcb929d29896bcb87c2a97417fbd03e50078fc178 (diff)
downloadopenbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip
OpenSSL 0.9.4 merge
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
-rw-r--r--src/lib/libcrypto/pkcs7/Makefile.ssl97
-rw-r--r--src/lib/libcrypto/pkcs7/bio_ber.c450
-rw-r--r--src/lib/libcrypto/pkcs7/dec.c246
-rw-r--r--src/lib/libcrypto/pkcs7/des.pem15
-rw-r--r--src/lib/libcrypto/pkcs7/enc.c79
-rw-r--r--src/lib/libcrypto/pkcs7/es1.pem66
-rw-r--r--src/lib/libcrypto/pkcs7/example.c327
-rw-r--r--src/lib/libcrypto/pkcs7/example.h57
-rw-r--r--src/lib/libcrypto/pkcs7/info.pem57
-rw-r--r--src/lib/libcrypto/pkcs7/infokey.pem9
-rw-r--r--src/lib/libcrypto/pkcs7/mf.p718
-rw-r--r--src/lib/libcrypto/pkcs7/p7.tst33
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_dgst.c10
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c718
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_enc.c10
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_lib.c156
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7.err26
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7.h196
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7err.c129
-rw-r--r--src/lib/libcrypto/pkcs7/sign.c21
-rw-r--r--src/lib/libcrypto/pkcs7/verify.c55
21 files changed, 2259 insertions, 516 deletions
diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl
index a88359b320..436442a7a1 100644
--- a/src/lib/libcrypto/pkcs7/Makefile.ssl
+++ b/src/lib/libcrypto/pkcs7/Makefile.ssl
@@ -7,16 +7,16 @@ TOP= ../..
7CC= cc 7CC= cc
8INCLUDES= -I.. -I../../include 8INCLUDES= -I.. -I../../include
9CFLAG=-g 9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
10INSTALLTOP=/usr/local/ssl 12INSTALLTOP=/usr/local/ssl
11MAKE= make -f Makefile.ssl 13MAKE= make -f Makefile.ssl
12MAKEDEPEND= makedepend -f Makefile.ssl 14MAKEDEPEND= $(TOP)/util/domd $(TOP)
13MAKEFILE= Makefile.ssl 15MAKEFILE= Makefile.ssl
14AR= ar r 16AR= ar r
15 17
16CFLAGS= $(INCLUDES) $(CFLAG) 18CFLAGS= $(INCLUDES) $(CFLAG)
17 19
18ERR=pkcs7
19ERRC=pkcs7err
20GENERAL=Makefile README 20GENERAL=Makefile README
21TEST= 21TEST=
22APPS= 22APPS=
@@ -39,26 +39,39 @@ test:
39 39
40all: lib 40all: lib
41 41
42testapps: enc dec sign verify
43
44enc: enc.o lib
45 $(CC) $(CFLAGS) -o enc enc.o $(LIB)
46
47dec: dec.o lib
48 $(CC) $(CFLAGS) -o dec dec.o $(LIB)
49
50sign: sign.o lib
51 $(CC) $(CFLAGS) -o sign sign.o $(LIB)
52
53verify: verify.o example.o lib
54 $(CC) $(CFLAGS) -o verify verify.o example.o $(LIB)
55
42lib: $(LIBOBJ) 56lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 57 $(AR) $(LIB) $(LIBOBJ)
44 sh $(TOP)/util/ranlib.sh $(LIB) 58 $(RANLIB) $(LIB)
45 @touch lib 59 @touch lib
46 60
47files: 61files:
48 perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO 62 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
49 63
50links: 64links:
51 /bin/rm -f Makefile 65 @$(TOP)/util/point.sh Makefile.ssl Makefile
52 $(TOP)/util/point.sh Makefile.ssl Makefile ; 66 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
53 $(TOP)/util/mklink.sh ../../include $(EXHEADER) 67 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
54 $(TOP)/util/mklink.sh ../../test $(TEST) 68 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
55 $(TOP)/util/mklink.sh ../../apps $(APPS)
56 69
57install: 70install:
58 @for i in $(EXHEADER) ; \ 71 @for i in $(EXHEADER) ; \
59 do \ 72 do \
60 (cp $$i $(INSTALLTOP)/include/$$i; \ 73 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
61 chmod 644 $(INSTALLTOP)/include/$$i ); \ 74 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
62 done; 75 done;
63 76
64tags: 77tags:
@@ -70,17 +83,63 @@ lint:
70 lint -DLINT $(INCLUDES) $(SRC)>fluff 83 lint -DLINT $(INCLUDES) $(SRC)>fluff
71 84
72depend: 85depend:
73 $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) 86 $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
74 87
75dclean: 88dclean:
76 perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new 89 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
77 mv -f Makefile.new $(MAKEFILE) 90 mv -f Makefile.new $(MAKEFILE)
78 91
79clean: 92clean:
80 /bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff 93 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
81
82errors:
83 perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
84 perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
85 94
86# DO NOT DELETE THIS LINE -- make depend depends on it. 95# DO NOT DELETE THIS LINE -- make depend depends on it.
96
97pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
98pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
99pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
100pk7_doit.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
101pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
102pk7_doit.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
103pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
104pk7_doit.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
105pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
106pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
107pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
108pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
109pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
110pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
111pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
112pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
113pk7_doit.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
114pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
115pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
116pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
117pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
118pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
119pk7_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
120pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
121pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
122pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
123pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
124pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
125pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
126pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
127pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
128pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
129pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
130pk7_lib.o: ../cryptlib.h
131pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
132pkcs7err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
133pkcs7err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
134pkcs7err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
135pkcs7err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
136pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
137pkcs7err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
138pkcs7err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
139pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
140pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
141pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
142pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
143pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
144pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
145pkcs7err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c
new file mode 100644
index 0000000000..2f17723e98
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/bio_ber.c
@@ -0,0 +1,450 @@
1/* crypto/evp/bio_ber.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <errno.h>
61#include "cryptlib.h"
62#include <openssl/buffer.h>
63#include <openssl/evp.h>
64
65static int ber_write(BIO *h,char *buf,int num);
66static int ber_read(BIO *h,char *buf,int size);
67/*static int ber_puts(BIO *h,char *str); */
68/*static int ber_gets(BIO *h,char *str,int size); */
69static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
70static int ber_new(BIO *h);
71static int ber_free(BIO *data);
72#define BER_BUF_SIZE (32)
73
74/* This is used to hold the state of the BER objects being read. */
75typedef struct ber_struct
76 {
77 int tag;
78 int class;
79 long length;
80 int inf;
81 int num_left;
82 int depth;
83 } BER_CTX;
84
85typedef struct bio_ber_struct
86 {
87 int tag;
88 int class;
89 long length;
90 int inf;
91
92 /* most of the following are used when doing non-blocking IO */
93 /* reading */
94 long num_left; /* number of bytes still to read/write in block */
95 int depth; /* used with idefinite encoding. */
96 int finished; /* No more read data */
97
98 /* writting */
99 char *w_addr;
100 int w_offset;
101 int w_left;
102
103 int buf_len;
104 int buf_off;
105 unsigned char buf[BER_BUF_SIZE];
106 } BIO_BER_CTX;
107
108static BIO_METHOD methods_ber=
109 {
110 BIO_TYPE_CIPHER,"cipher",
111 ber_write,
112 ber_read,
113 NULL, /* ber_puts, */
114 NULL, /* ber_gets, */
115 ber_ctrl,
116 ber_new,
117 ber_free,
118 };
119
120BIO_METHOD *BIO_f_ber(void)
121 {
122 return(&methods_ber);
123 }
124
125static int ber_new(BIO *bi)
126 {
127 BIO_BER_CTX *ctx;
128
129 ctx=(BIO_BER_CTX *)Malloc(sizeof(BIO_BER_CTX));
130 if (ctx == NULL) return(0);
131
132 memset((char *)ctx,0,sizeof(BIO_BER_CTX));
133
134 bi->init=0;
135 bi->ptr=(char *)ctx;
136 bi->flags=0;
137 return(1);
138 }
139
140static int ber_free(BIO *a)
141 {
142 BIO_BER_CTX *b;
143
144 if (a == NULL) return(0);
145 b=(BIO_BER_CTX *)a->ptr;
146 memset(a->ptr,0,sizeof(BIO_BER_CTX));
147 Free(a->ptr);
148 a->ptr=NULL;
149 a->init=0;
150 a->flags=0;
151 return(1);
152 }
153
154int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
155 {
156 char buf[64];
157 int i,j,n;
158 int ret;
159 unsigned char *p;
160 unsigned long length
161 int tag;
162 int class;
163 long max;
164
165 BIO_clear_retry_flags(b);
166
167 /* Pack the buffer down if there is a hole at the front */
168 if (ctx->buf_off != 0)
169 {
170 p=ctx->buf;
171 j=ctx->buf_off;
172 n=ctx->buf_len-j;
173 for (i=0; i<n; i++)
174 {
175 p[0]=p[j];
176 p++;
177 }
178 ctx->buf_len-j;
179 ctx->buf_off=0;
180 }
181
182 /* If there is more room, read some more data */
183 i=BER_BUF_SIZE-ctx->buf_len;
184 if (i)
185 {
186 i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);
187 if (i <= 0)
188 {
189 BIO_copy_next_retry(b);
190 return(i);
191 }
192 else
193 ctx->buf_len+=i;
194 }
195
196 max=ctx->buf_len;
197 p=ctx->buf;
198 ret=ASN1_get_object(&p,&length,&tag,&class,max);
199
200 if (ret & 0x80)
201 {
202 if ((ctx->buf_len < BER_BUF_SIZE) &&
203 (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
204 {
205 ERR_get_error(); /* clear the error */
206 BIO_set_retry_read(b);
207 }
208 return(-1);
209 }
210
211 /* We have no error, we have a header, so make use of it */
212
213 if ((ctx->tag >= 0) && (ctx->tag != tag))
214 {
215 BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);
216 sprintf(buf,"tag=%d, got %d",ctx->tag,tag);
217 ERR_add_error_data(1,buf);
218 return(-1);
219 }
220 if (ret & 0x01)
221 if (ret & V_ASN1_CONSTRUCTED)
222 }
223
224static int ber_read(BIO *b, char *out, int outl)
225 {
226 int ret=0,i,n;
227 BIO_BER_CTX *ctx;
228
229 BIO_clear_retry_flags(b);
230
231 if (out == NULL) return(0);
232 ctx=(BIO_BER_CTX *)b->ptr;
233
234 if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
235
236 if (ctx->finished) return(0);
237
238again:
239 /* First see if we are half way through reading a block */
240 if (ctx->num_left > 0)
241 {
242 if (ctx->num_left < outl)
243 n=ctx->num_left;
244 else
245 n=outl;
246 i=BIO_read(b->next_bio,out,n);
247 if (i <= 0)
248 {
249 BIO_copy_next_retry(b);
250 return(i);
251 }
252 ctx->num_left-=i;
253 outl-=i;
254 ret+=i;
255 if (ctx->num_left <= 0)
256 {
257 ctx->depth--;
258 if (ctx->depth <= 0)
259 ctx->finished=1;
260 }
261 if (outl <= 0)
262 return(ret);
263 else
264 goto again;
265 }
266 else /* we need to read another BER header */
267 {
268 }
269 }
270
271static int ber_write(BIO *b, char *in, int inl)
272 {
273 int ret=0,n,i;
274 BIO_ENC_CTX *ctx;
275
276 ctx=(BIO_ENC_CTX *)b->ptr;
277 ret=inl;
278
279 BIO_clear_retry_flags(b);
280 n=ctx->buf_len-ctx->buf_off;
281 while (n > 0)
282 {
283 i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
284 if (i <= 0)
285 {
286 BIO_copy_next_retry(b);
287 return(i);
288 }
289 ctx->buf_off+=i;
290 n-=i;
291 }
292 /* at this point all pending data has been written */
293
294 if ((in == NULL) || (inl <= 0)) return(0);
295
296 ctx->buf_off=0;
297 while (inl > 0)
298 {
299 n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
300 EVP_CipherUpdate(&(ctx->cipher),
301 (unsigned char *)ctx->buf,&ctx->buf_len,
302 (unsigned char *)in,n);
303 inl-=n;
304 in+=n;
305
306 ctx->buf_off=0;
307 n=ctx->buf_len;
308 while (n > 0)
309 {
310 i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
311 if (i <= 0)
312 {
313 BIO_copy_next_retry(b);
314 return(i);
315 }
316 n-=i;
317 ctx->buf_off+=i;
318 }
319 ctx->buf_len=0;
320 ctx->buf_off=0;
321 }
322 BIO_copy_next_retry(b);
323 return(ret);
324 }
325
326static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
327 {
328 BIO *dbio;
329 BIO_ENC_CTX *ctx,*dctx;
330 long ret=1;
331 int i;
332
333 ctx=(BIO_ENC_CTX *)b->ptr;
334
335 switch (cmd)
336 {
337 case BIO_CTRL_RESET:
338 ctx->ok=1;
339 ctx->finished=0;
340 EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
341 ctx->cipher.berrypt);
342 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
343 break;
344 case BIO_CTRL_EOF: /* More to read */
345 if (ctx->cont <= 0)
346 ret=1;
347 else
348 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
349 break;
350 case BIO_CTRL_WPENDING:
351 ret=ctx->buf_len-ctx->buf_off;
352 if (ret <= 0)
353 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
354 break;
355 case BIO_CTRL_PENDING: /* More to read in buffer */
356 ret=ctx->buf_len-ctx->buf_off;
357 if (ret <= 0)
358 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
359 break;
360 case BIO_CTRL_FLUSH:
361 /* do a final write */
362again:
363 while (ctx->buf_len != ctx->buf_off)
364 {
365 i=ber_write(b,NULL,0);
366 if (i < 0)
367 {
368 ret=i;
369 break;
370 }
371 }
372
373 if (!ctx->finished)
374 {
375 ctx->finished=1;
376 ctx->buf_off=0;
377 ret=EVP_CipherFinal(&(ctx->cipher),
378 (unsigned char *)ctx->buf,
379 &(ctx->buf_len));
380 ctx->ok=(int)ret;
381 if (ret <= 0) break;
382
383 /* push out the bytes */
384 goto again;
385 }
386
387 /* Finally flush the underlying BIO */
388 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
389 break;
390 case BIO_C_GET_CIPHER_STATUS:
391 ret=(long)ctx->ok;
392 break;
393 case BIO_C_DO_STATE_MACHINE:
394 BIO_clear_retry_flags(b);
395 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
396 BIO_copy_next_retry(b);
397 break;
398
399 case BIO_CTRL_DUP:
400 dbio=(BIO *)ptr;
401 dctx=(BIO_ENC_CTX *)dbio->ptr;
402 memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
403 dbio->init=1;
404 break;
405 default:
406 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
407 break;
408 }
409 return(ret);
410 }
411
412/*
413void BIO_set_cipher_ctx(b,c)
414BIO *b;
415EVP_CIPHER_ctx *c;
416 {
417 if (b == NULL) return;
418
419 if ((b->callback != NULL) &&
420 (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
421 return;
422
423 b->init=1;
424 ctx=(BIO_ENC_CTX *)b->ptr;
425 memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
426
427 if (b->callback != NULL)
428 b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
429 }
430*/
431
432void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
433 int e)
434 {
435 BIO_ENC_CTX *ctx;
436
437 if (b == NULL) return;
438
439 if ((b->callback != NULL) &&
440 (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
441 return;
442
443 b->init=1;
444 ctx=(BIO_ENC_CTX *)b->ptr;
445 EVP_CipherInit(&(ctx->cipher),c,k,i,e);
446
447 if (b->callback != NULL)
448 b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
449 }
450
diff --git a/src/lib/libcrypto/pkcs7/dec.c b/src/lib/libcrypto/pkcs7/dec.c
new file mode 100644
index 0000000000..b3661f28d3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/dec.c
@@ -0,0 +1,246 @@
1/* crypto/pkcs7/verify.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58#include <stdio.h>
59#include <stdlib.h>
60#include <openssl/bio.h>
61#include <openssl/x509.h>
62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include <openssl/asn1.h>
65
66int verify_callback(int ok, X509_STORE_CTX *ctx);
67
68BIO *bio_err=NULL;
69
70int main(argc,argv)
71int argc;
72char *argv[];
73 {
74 char *keyfile=NULL;
75 BIO *in;
76 EVP_PKEY *pkey;
77 X509 *x509;
78 PKCS7 *p7;
79 PKCS7_SIGNER_INFO *si;
80 X509_STORE_CTX cert_ctx;
81 X509_STORE *cert_store=NULL;
82 BIO *data,*detached=NULL,*p7bio=NULL;
83 char buf[1024*4];
84 unsigned char *pp;
85 int i,printit=0;
86 STACK_OF(PKCS7_SIGNER_INFO) *sk;
87
88 SSLeay_add_all_algorithms();
89 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
90
91 data=BIO_new(BIO_s_file());
92 pp=NULL;
93 while (argc > 1)
94 {
95 argc--;
96 argv++;
97 if (strcmp(argv[0],"-p") == 0)
98 {
99 printit=1;
100 }
101 else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
102 keyfile = argv[1];
103 argc-=1;
104 argv+=1;
105 } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
106 {
107 detached=BIO_new(BIO_s_file());
108 if (!BIO_read_filename(detached,argv[1]))
109 goto err;
110 argc-=1;
111 argv+=1;
112 }
113 else break;
114 }
115
116 if (!BIO_read_filename(data,argv[0])) goto err;
117
118 if(!keyfile) {
119 fprintf(stderr, "No private key file specified\n");
120 goto err;
121 }
122
123 if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
124 if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
125 BIO_reset(in);
126 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
127 BIO_free(in);
128
129 if (pp == NULL)
130 BIO_set_fp(data,stdin,BIO_NOCLOSE);
131
132
133 /* Load the PKCS7 object from a file */
134 if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
135
136
137
138 /* This stuff is being setup for certificate verification.
139 * When using SSL, it could be replaced with a
140 * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
141 cert_store=X509_STORE_new();
142 X509_STORE_set_default_paths(cert_store);
143 X509_STORE_load_locations(cert_store,NULL,"../../certs");
144 X509_STORE_set_verify_cb_func(cert_store,verify_callback);
145
146 ERR_clear_error();
147
148 /* We need to process the data */
149 /* We cannot support detached encryption */
150 p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
151
152 if (p7bio == NULL)
153 {
154 printf("problems decoding\n");
155 goto err;
156 }
157
158 /* We now have to 'read' from p7bio to calculate digests etc. */
159 for (;;)
160 {
161 i=BIO_read(p7bio,buf,sizeof(buf));
162 /* print it? */
163 if (i <= 0) break;
164 fwrite(buf,1, i, stdout);
165 }
166
167 /* We can now verify signatures */
168 sk=PKCS7_get_signer_info(p7);
169 if (sk == NULL)
170 {
171 fprintf(stderr, "there are no signatures on this data\n");
172 }
173 else
174 {
175 /* Ok, first we need to, for each subject entry,
176 * see if we can verify */
177 ERR_clear_error();
178 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
179 {
180 si=sk_PKCS7_SIGNER_INFO_value(sk,i);
181 i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
182 if (i <= 0)
183 goto err;
184 else
185 fprintf(stderr,"Signature verified\n");
186 }
187 }
188 X509_STORE_free(cert_store);
189
190 exit(0);
191err:
192 ERR_load_crypto_strings();
193 ERR_print_errors_fp(stderr);
194 exit(1);
195 }
196
197/* should be X509 * but we can just have them as char *. */
198int verify_callback(int ok, X509_STORE_CTX *ctx)
199 {
200 char buf[256];
201 X509 *err_cert;
202 int err,depth;
203
204 err_cert=X509_STORE_CTX_get_current_cert(ctx);
205 err= X509_STORE_CTX_get_error(ctx);
206 depth= X509_STORE_CTX_get_error_depth(ctx);
207
208 X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
209 BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
210 if (!ok)
211 {
212 BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
213 X509_verify_cert_error_string(err));
214 if (depth < 6)
215 {
216 ok=1;
217 X509_STORE_CTX_set_error(ctx,X509_V_OK);
218 }
219 else
220 {
221 ok=0;
222 X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
223 }
224 }
225 switch (ctx->error)
226 {
227 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
228 X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
229 BIO_printf(bio_err,"issuer= %s\n",buf);
230 break;
231 case X509_V_ERR_CERT_NOT_YET_VALID:
232 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
233 BIO_printf(bio_err,"notBefore=");
234 ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
235 BIO_printf(bio_err,"\n");
236 break;
237 case X509_V_ERR_CERT_HAS_EXPIRED:
238 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
239 BIO_printf(bio_err,"notAfter=");
240 ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
241 BIO_printf(bio_err,"\n");
242 break;
243 }
244 BIO_printf(bio_err,"verify return:%d\n",ok);
245 return(ok);
246 }
diff --git a/src/lib/libcrypto/pkcs7/des.pem b/src/lib/libcrypto/pkcs7/des.pem
new file mode 100644
index 0000000000..62d1657e3e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/des.pem
@@ -0,0 +1,15 @@
1
2MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
3A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
4dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
5ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
6/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
7AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
8QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
9UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
10CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
11WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
12oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
13lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
145PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
15
diff --git a/src/lib/libcrypto/pkcs7/enc.c b/src/lib/libcrypto/pkcs7/enc.c
index 625a7c2285..43bfd10a23 100644
--- a/src/lib/libcrypto/pkcs7/enc.c
+++ b/src/lib/libcrypto/pkcs7/enc.c
@@ -56,61 +56,82 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58#include <stdio.h> 58#include <stdio.h>
59#include "bio.h" 59#include <openssl/bio.h>
60#include "x509.h" 60#include <openssl/x509.h>
61#include "pem.h" 61#include <openssl/pem.h>
62#include <openssl/err.h>
62 63
63main(argc,argv) 64int main(argc,argv)
64int argc; 65int argc;
65char *argv[]; 66char *argv[];
66 { 67 {
67 X509 *x509; 68 X509 *x509;
68 EVP_PKEY *pkey;
69 PKCS7 *p7; 69 PKCS7 *p7;
70 PKCS7 *p7_data;
71 PKCS7_SIGNER_INFO *si;
72 BIO *in; 70 BIO *in;
73 BIO *data,*p7bio; 71 BIO *data,*p7bio;
74 char buf[1024*4]; 72 char buf[1024*4];
75 int i,j; 73 int i;
76 int nodetach=0; 74 int nodetach=1;
75 char *keyfile = NULL;
76 const EVP_CIPHER *cipher=NULL;
77 STACK_OF(X509) *recips=NULL;
77 78
78 EVP_add_digest(EVP_sha1()); 79 SSLeay_add_all_algorithms();
79 EVP_add_cipher(EVP_des_cbc());
80 80
81 data=BIO_new(BIO_s_file()); 81 data=BIO_new(BIO_s_file());
82again: 82 while(argc > 1)
83 if (argc > 1)
84 { 83 {
85 if (strcmp(argv[1],"-nd") == 0) 84 if (strcmp(argv[1],"-nd") == 0)
86 { 85 {
87 nodetach=1; 86 nodetach=1;
88 argv++; argc--; 87 argv++; argc--;
89 goto again;
90 } 88 }
91 if (!BIO_read_filename(data,argv[1])) 89 else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
92 goto err; 90 if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
93 } 91 fprintf(stderr, "Unknown cipher %s\n", argv[2]);
94 else 92 goto err;
95 BIO_set_fp(data,stdin,BIO_NOCLOSE); 93 }
94 argc-=2;
95 argv+=2;
96 } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
97 keyfile = argv[2];
98 argc-=2;
99 argv+=2;
100 if (!(in=BIO_new_file(keyfile,"r"))) goto err;
101 if (!(x509=PEM_read_bio_X509(in,NULL,NULL))) goto err;
102 if(!recips) recips = sk_X509_new_null();
103 sk_X509_push(recips, x509);
104 BIO_free(in);
105 } else break;
106 }
96 107
97 if ((in=BIO_new_file("server.pem","r")) == NULL) goto err; 108 if(!recips) {
98 if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err; 109 fprintf(stderr, "No recipients\n");
110 goto err;
111 }
112
113 if (!BIO_read_filename(data,argv[1])) goto err;
114
115 p7=PKCS7_new();
116#if 0
99 BIO_reset(in); 117 BIO_reset(in);
100 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; 118 if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
101 BIO_free(in); 119 BIO_free(in);
102
103 p7=PKCS7_new();
104 PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped); 120 PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
105 121
106 if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; 122 if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
107
108 if (!PKCS7_set_cipher(p7,EVP_des_cbc())) goto err;
109 if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
110
111 /* we may want to add more */ 123 /* we may want to add more */
112 PKCS7_add_certificate(p7,x509); 124 PKCS7_add_certificate(p7,x509);
113 125#else
126 PKCS7_set_type(p7,NID_pkcs7_enveloped);
127#endif
128 if(!cipher) cipher = EVP_des_ede3_cbc();
129
130 if (!PKCS7_set_cipher(p7,cipher)) goto err;
131 for(i = 0; i < sk_X509_num(recips); i++) {
132 if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
133 }
134 sk_X509_pop_free(recips, X509_free);
114 135
115 /* Set the content of the signed to 'data' */ 136 /* Set the content of the signed to 'data' */
116 /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */ 137 /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
@@ -129,7 +150,7 @@ again:
129 } 150 }
130 BIO_flush(p7bio); 151 BIO_flush(p7bio);
131 152
132 if (!PKCS7_dataSign(p7,p7bio)) goto err; 153 if (!PKCS7_dataFinal(p7,p7bio)) goto err;
133 BIO_free(p7bio); 154 BIO_free(p7bio);
134 155
135 PEM_write_PKCS7(stdout,p7); 156 PEM_write_PKCS7(stdout,p7);
diff --git a/src/lib/libcrypto/pkcs7/es1.pem b/src/lib/libcrypto/pkcs7/es1.pem
new file mode 100644
index 0000000000..47112a238f
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/es1.pem
@@ -0,0 +1,66 @@
1-----BEGIN PKCS7-----
2MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
3A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
4dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
5ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo
6KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw
7AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
8QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
9UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
10CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4
11ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
12oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F
13XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+
14II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT
15pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0
16lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs
178ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5
18otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx
19go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi
20XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t
21KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw
22Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL
23r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu
24l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/
25mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk
26l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+
27HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY
28gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo
29TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL
305JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME
31SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/
32y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4
339JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP
34nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB
35Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs
36LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T
37tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE
38SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR
398Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/
40wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI
41uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw
42RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM
43Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU
44o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o
45WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy
46Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk
47YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ
48CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3
49DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714
50ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5
51kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX
521wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s
53xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb
54IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7
557AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv
56qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG
57X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a
58DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe
59UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1
60gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x
61PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT
625F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha
63y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC
64lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf
65lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==
66-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c
new file mode 100644
index 0000000000..7354890084
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/example.c
@@ -0,0 +1,327 @@
1#include <stdio.h>
2#include <stdlib.h>
3#include <openssl/pkcs7.h>
4#include <openssl/asn1_mac.h>
5
6int add_signed_time(PKCS7_SIGNER_INFO *si)
7 {
8 ASN1_UTCTIME *sign_time;
9
10 /* The last parameter is the amount to add/subtract from the current
11 * time (in seconds) */
12 sign_time=X509_gmtime_adj(NULL,0);
13 PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
14 V_ASN1_UTCTIME,(char *)sign_time);
15 return(1);
16 }
17
18ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
19 {
20 ASN1_TYPE *so;
21
22 so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
23 if (so->type == V_ASN1_UTCTIME)
24 return so->value.utctime;
25 return NULL;
26 }
27
28static int signed_string_nid= -1;
29
30void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
31 {
32 ASN1_OCTET_STRING *os;
33
34 /* To a an object of OID 1.2.3.4.5, which is an octet string */
35 if (signed_string_nid == -1)
36 signed_string_nid=
37 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
38 os=ASN1_OCTET_STRING_new();
39 ASN1_OCTET_STRING_set(os,str,strlen(str));
40 /* When we add, we do not free */
41 PKCS7_add_signed_attribute(si,signed_string_nid,
42 V_ASN1_OCTET_STRING,(char *)os);
43 }
44
45int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
46 {
47 ASN1_TYPE *so;
48 ASN1_OCTET_STRING *os;
49 int i;
50
51 if (signed_string_nid == -1)
52 signed_string_nid=
53 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
54 /* To retrieve */
55 so=PKCS7_get_signed_attribute(si,signed_string_nid);
56 if (so != NULL)
57 {
58 if (so->type == V_ASN1_OCTET_STRING)
59 {
60 os=so->value.octet_string;
61 i=os->length;
62 if ((i+1) > len)
63 i=len-1;
64 memcpy(buf,os->data,i);
65 return(i);
66 }
67 }
68 return(0);
69 }
70
71static signed_seq2string_nid= -1;
72/* ########################################### */
73int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
74 {
75 /* To add an object of OID 1.9.999, which is a sequence containing
76 * 2 octet strings */
77 unsigned char *p;
78 ASN1_OCTET_STRING *os1,*os2;
79 ASN1_STRING *seq;
80 unsigned char *data;
81 int i,total;
82
83 if (signed_seq2string_nid == -1)
84 signed_seq2string_nid=
85 OBJ_create("1.9.9999","OID_example","Our example OID");
86
87 os1=ASN1_OCTET_STRING_new();
88 os2=ASN1_OCTET_STRING_new();
89 ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
90 ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
91 i =i2d_ASN1_OCTET_STRING(os1,NULL);
92 i+=i2d_ASN1_OCTET_STRING(os2,NULL);
93 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
94
95 data=malloc(total);
96 p=data;
97 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
98 i2d_ASN1_OCTET_STRING(os1,&p);
99 i2d_ASN1_OCTET_STRING(os2,&p);
100
101 seq=ASN1_STRING_new();
102 ASN1_STRING_set(seq,data,total);
103 free(data);
104 ASN1_OCTET_STRING_free(os1);
105 ASN1_OCTET_STRING_free(os2);
106
107 PKCS7_add_signed_attribute(si,signed_seq2string_nid,
108 V_ASN1_SEQUENCE,(char *)seq);
109 return(1);
110 }
111
112/* For this case, I will malloc the return strings */
113int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
114 {
115 ASN1_TYPE *so;
116
117 if (signed_seq2string_nid == -1)
118 signed_seq2string_nid=
119 OBJ_create("1.9.9999","OID_example","Our example OID");
120 /* To retrieve */
121 so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
122 if (so && (so->type == V_ASN1_SEQUENCE))
123 {
124 ASN1_CTX c;
125 ASN1_STRING *s;
126 long length;
127 ASN1_OCTET_STRING *os1,*os2;
128
129 s=so->value.sequence;
130 c.p=ASN1_STRING_data(s);
131 c.max=c.p+ASN1_STRING_length(s);
132 if (!asn1_GetSequence(&c,&length)) goto err;
133 /* Length is the length of the seqence */
134
135 c.q=c.p;
136 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
137 goto err;
138 c.slen-=(c.p-c.q);
139
140 c.q=c.p;
141 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
142 goto err;
143 c.slen-=(c.p-c.q);
144
145 if (!asn1_Finish(&c)) goto err;
146 *str1=malloc(os1->length+1);
147 *str2=malloc(os2->length+1);
148 memcpy(*str1,os1->data,os1->length);
149 memcpy(*str2,os2->data,os2->length);
150 (*str1)[os1->length]='\0';
151 (*str2)[os2->length]='\0';
152 ASN1_OCTET_STRING_free(os1);
153 ASN1_OCTET_STRING_free(os2);
154 return(1);
155 }
156err:
157 return(0);
158 }
159
160
161/* #######################################
162 * THE OTHER WAY TO DO THINGS
163 * #######################################
164 */
165X509_ATTRIBUTE *create_time(void)
166 {
167 ASN1_UTCTIME *sign_time;
168 X509_ATTRIBUTE *ret;
169
170 /* The last parameter is the amount to add/subtract from the current
171 * time (in seconds) */
172 sign_time=X509_gmtime_adj(NULL,0);
173 ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
174 V_ASN1_UTCTIME,(char *)sign_time);
175 return(ret);
176 }
177
178ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
179 {
180 ASN1_TYPE *so;
181 PKCS7_SIGNER_INFO si;
182
183 si.auth_attr=sk;
184 so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
185 if (so->type == V_ASN1_UTCTIME)
186 return so->value.utctime;
187 return NULL;
188 }
189
190X509_ATTRIBUTE *create_string(char *str)
191 {
192 ASN1_OCTET_STRING *os;
193 X509_ATTRIBUTE *ret;
194
195 /* To a an object of OID 1.2.3.4.5, which is an octet string */
196 if (signed_string_nid == -1)
197 signed_string_nid=
198 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
199 os=ASN1_OCTET_STRING_new();
200 ASN1_OCTET_STRING_set(os,str,strlen(str));
201 /* When we add, we do not free */
202 ret=X509_ATTRIBUTE_create(signed_string_nid,
203 V_ASN1_OCTET_STRING,(char *)os);
204 return(ret);
205 }
206
207int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
208 {
209 ASN1_TYPE *so;
210 ASN1_OCTET_STRING *os;
211 int i;
212 PKCS7_SIGNER_INFO si;
213
214 si.auth_attr=sk;
215
216 if (signed_string_nid == -1)
217 signed_string_nid=
218 OBJ_create("1.2.3.4.5","OID_example","Our example OID");
219 /* To retrieve */
220 so=PKCS7_get_signed_attribute(&si,signed_string_nid);
221 if (so != NULL)
222 {
223 if (so->type == V_ASN1_OCTET_STRING)
224 {
225 os=so->value.octet_string;
226 i=os->length;
227 if ((i+1) > len)
228 i=len-1;
229 memcpy(buf,os->data,i);
230 return(i);
231 }
232 }
233 return(0);
234 }
235
236X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
237 {
238 /* To add an object of OID 1.9.999, which is a sequence containing
239 * 2 octet strings */
240 unsigned char *p;
241 ASN1_OCTET_STRING *os1,*os2;
242 ASN1_STRING *seq;
243 X509_ATTRIBUTE *ret;
244 unsigned char *data;
245 int i,total;
246
247 if (signed_seq2string_nid == -1)
248 signed_seq2string_nid=
249 OBJ_create("1.9.9999","OID_example","Our example OID");
250
251 os1=ASN1_OCTET_STRING_new();
252 os2=ASN1_OCTET_STRING_new();
253 ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
254 ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
255 i =i2d_ASN1_OCTET_STRING(os1,NULL);
256 i+=i2d_ASN1_OCTET_STRING(os2,NULL);
257 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
258
259 data=malloc(total);
260 p=data;
261 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
262 i2d_ASN1_OCTET_STRING(os1,&p);
263 i2d_ASN1_OCTET_STRING(os2,&p);
264
265 seq=ASN1_STRING_new();
266 ASN1_STRING_set(seq,data,total);
267 free(data);
268 ASN1_OCTET_STRING_free(os1);
269 ASN1_OCTET_STRING_free(os2);
270
271 ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
272 V_ASN1_SEQUENCE,(char *)seq);
273 return(ret);
274 }
275
276/* For this case, I will malloc the return strings */
277int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
278 {
279 ASN1_TYPE *so;
280 PKCS7_SIGNER_INFO si;
281
282 if (signed_seq2string_nid == -1)
283 signed_seq2string_nid=
284 OBJ_create("1.9.9999","OID_example","Our example OID");
285
286 si.auth_attr=sk;
287 /* To retrieve */
288 so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
289 if (so->type == V_ASN1_SEQUENCE)
290 {
291 ASN1_CTX c;
292 ASN1_STRING *s;
293 long length;
294 ASN1_OCTET_STRING *os1,*os2;
295
296 s=so->value.sequence;
297 c.p=ASN1_STRING_data(s);
298 c.max=c.p+ASN1_STRING_length(s);
299 if (!asn1_GetSequence(&c,&length)) goto err;
300 /* Length is the length of the seqence */
301
302 c.q=c.p;
303 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
304 goto err;
305 c.slen-=(c.p-c.q);
306
307 c.q=c.p;
308 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
309 goto err;
310 c.slen-=(c.p-c.q);
311
312 if (!asn1_Finish(&c)) goto err;
313 *str1=malloc(os1->length+1);
314 *str2=malloc(os2->length+1);
315 memcpy(*str1,os1->data,os1->length);
316 memcpy(*str2,os2->data,os2->length);
317 (*str1)[os1->length]='\0';
318 (*str2)[os2->length]='\0';
319 ASN1_OCTET_STRING_free(os1);
320 ASN1_OCTET_STRING_free(os2);
321 return(1);
322 }
323err:
324 return(0);
325 }
326
327
diff --git a/src/lib/libcrypto/pkcs7/example.h b/src/lib/libcrypto/pkcs7/example.h
new file mode 100644
index 0000000000..96167de188
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/example.h
@@ -0,0 +1,57 @@
1/* ====================================================================
2 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55int add_signed_time(PKCS7_SIGNER_INFO *si);
56ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
57int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
diff --git a/src/lib/libcrypto/pkcs7/info.pem b/src/lib/libcrypto/pkcs7/info.pem
new file mode 100644
index 0000000000..989baf8709
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/info.pem
@@ -0,0 +1,57 @@
1issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
2subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
3serial :047D
4
5Certificate:
6 Data:
7 Version: 3 (0x2)
8 Serial Number: 1149 (0x47d)
9 Signature Algorithm: md5withRSAEncryption
10 Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
11 Validity
12 Not Before: May 13 05:40:58 1998 GMT
13 Not After : May 12 05:40:58 2000 GMT
14 Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
15 Subject Public Key Info:
16 Public Key Algorithm: rsaEncryption
17 Modulus:
18 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
19 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
20 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
21 fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
22 e7:e7:0c:4d:0b
23 Exponent: 65537 (0x10001)
24 X509v3 extensions:
25 Netscape Comment:
26 Generated with SSLeay
27 Signature Algorithm: md5withRSAEncryption
28 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
29 f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
30 d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
31 50:74:ad:92:cb:4e:90:e5:fa:7d
32
33-----BEGIN CERTIFICATE-----
34MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
35MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
36ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
37IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
38NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
39UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
40dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
41aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
429w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
43lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
44hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
45UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
464A3ZItobUHStkstOkOX6fQ==
47-----END CERTIFICATE-----
48
49-----BEGIN RSA PRIVATE KEY-----
50MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
51mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
52fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
53zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
54p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
55bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
56IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
57-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/infokey.pem b/src/lib/libcrypto/pkcs7/infokey.pem
new file mode 100644
index 0000000000..1e2acc954d
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/infokey.pem
@@ -0,0 +1,9 @@
1-----BEGIN RSA PRIVATE KEY-----
2MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
3mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
4fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
5zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
6p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
7bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
8IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
9-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/mf.p7 b/src/lib/libcrypto/pkcs7/mf.p7
deleted file mode 100644
index 524335b4b3..0000000000
--- a/src/lib/libcrypto/pkcs7/mf.p7
+++ /dev/null
@@ -1,18 +0,0 @@
1-----BEGIN PKCS7-----
2MIAGCSqGSIb3DQEHAqCAMIIC2QIBATEMMAoGCCqGSIb3DQIFMIAGCSqGSIb3DQEH
3AQAAoIIB7TCCAekwggFSAgEAMA0GCSqGSIb3DQEBBAUAMFsxCzAJBgNVBAYTAkFV
4MRMwEQYDVQQIEwpRdWVlbnNsYW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0
5ZDEbMBkGA1UEAxMSVGVzdCBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0NloX
6DTk4MDYwOTEzNTc0NlowYzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xh
7bmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYDVQQDExpTZXJ2ZXIg
8dGVzdCBjZXJ0ICg1MTIgYml0KTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCfs8OE
9J5X/EjFSDxXvRhHErYDmNlsP3YDXYY3g/HJFCTT+VWZFQ0xol2r+qKCl3194/+7X
10ZLg/BMtv/yr+/rntAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAeEzEdgr2nChPcALL
11vY8gl/GIlpoAjPmKD+pLeGZI9s+SEX5u1q8nCrJ6ZzkfrRnqgI5Anmev9+qPZfdU
12bz5zdVSf4sUL9nX9ChXjK9NCJA3UzQHSFqhZErGUwGNkAHYHp2+zAdY6Ho6rmMzt
13g0CDu/sKR4qzm6REsQGS8kgpjz4xgcUwgcICAQEwYDBbMQswCQYDVQQGEwJBVTET
14MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
15GzAZBgNVBAMTElRlc3QgQ0EgKDEwMjQgYml0KQIBADAKBggqhkiG9w0CBTANBgkq
16hkiG9w0BAQQFAARALnrxJiOX9XZf2D+3vL8SKMQmMq55LltomwOLGUru/q1uVXzi
17ARg7FSCegOpA1nunsTURMUGgrPXKK4XmL4IseQAAAAA=
18-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/p7.tst b/src/lib/libcrypto/pkcs7/p7.tst
deleted file mode 100644
index 6d14dce163..0000000000
--- a/src/lib/libcrypto/pkcs7/p7.tst
+++ /dev/null
@@ -1,33 +0,0 @@
1-----BEGIN PKCS7-----
2MIAGCSqGSIb3DQEHAqCAMIIFsQIBATELMAkGBSsOAwIaBQAwgAYJKoZIhvcNAQcB
3AACgggQdMIICJTCCAc+gAwIBAgIBIjANBgkqhkiG9w0BAQQFADCBgjELMAkGA1UE
4BhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRow
5GAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEUMBIGA1UECxMLZGV2ZWxvcG1lbnQx
6GTAXBgNVBAMTEENyeXB0U29mdCBEZXYgQ0EwHhcNOTcwNjEzMTgxMDE3WhcNOTgw
7NjEzMTgxMDE3WjCBiDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
8ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEU
9MBIGA1UECxMLSUlTIHRlc3RpbmcxDjAMBgNVBAMTBXRlc3QxMQ8wDQYJKoZIhvcN
10AQkBFgAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxtWiv59VH42+rotrmFAyDxTc
11J2osFt5uy/zEllx3vvjtwewqQxGUOwf6cjqFOTrnpEdVvwywpEhIQ5364bJqIwID
12AQABoygwJjAkBglghkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0G
13CSqGSIb3DQEBBAUAA0EAMnYkNV2AdpeHPy/qlcdZx6MDGIJgrLhklhcn6Or6KiAP
14t9+nv9XdOGHyMyQr9ufsweuQfAgJ9yjKPZR2/adTjTCCAfAwggGaAgEAMA0GCSqG
15SIb3DQEBBAUAMIGCMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDER
16MA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRQw
17EgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UEAxMQQ3J5cHRTb2Z0IERldiBDQTAe
18Fw05NzAzMjIxMzM0MDRaFw05ODAzMjIxMzM0MDRaMIGCMQswCQYDVQQGEwJBVTET
19MBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoT
20EUNyeXB0U29mdCBQdHkgTHRkMRQwEgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UE
21AxMQQ3J5cHRTb2Z0IERldiBDQTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDgDgKq
22IBuUMAJi4c8juAqEZ8f8FcuDWT+HcScvNztRJy9K8DnbGpiSrzzix4El6N4A7vbl
23crwn/0CZmQJguZpfAgMBAAEwDQYJKoZIhvcNAQEEBQADQQA0UUvxlXXe6wKkVukn
24ZoCyXbjlNsqt2rwbvfZEam6fQP3S7uq+o1Pnj+KDgE33WxWbQAA9h8fY1LWN7X3a
25yTm/MYIBbTCCAWkCAQEwgYgwgYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVl
26bnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0
27eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQg
28RGV2IENBAgEiMAkGBSsOAwIaBQCgfTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
29MCMGCSqGSIb3DQEJBDEWBBSUVhbGkNE+KGqpOK13+FkfOkaoizAcBgkqhkiG9w0B
30CQUxDxcNOTcwNzAxMDE0MzM0WjAeBgkqhkiG9w0BCQ8xETAPMA0GCCqGSIb3DQMC
31AgEoMA0GCSqGSIb3DQEBAQUABECa9Jpo4w/fZOc3Vy78wZFAVF8kvpn7il99Ldsr
32AQ4JiBmcfiSwEBBY6WuKT+/SYtFwZl1oXkTwB5AVCFIC/IFNAAAAAA==
33-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/pk7_dgst.c b/src/lib/libcrypto/pkcs7/pk7_dgst.c
index 7769abeb1e..90edfa5001 100644
--- a/src/lib/libcrypto/pkcs7/pk7_dgst.c
+++ b/src/lib/libcrypto/pkcs7/pk7_dgst.c
@@ -58,9 +58,9 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "evp.h" 61#include <openssl/evp.h>
62#include "rand.h" 62#include <openssl/rand.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "x509.h" 64#include <openssl/x509.h>
65#include "pkcs7.h" 65#include <openssl/pkcs7.h>
66 66
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index b5689b3fe4..dee81b547a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -58,20 +58,23 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "rand.h" 61#include <openssl/rand.h>
62#include "objects.h" 62#include <openssl/objects.h>
63#include "x509.h" 63#include <openssl/x509.h>
64 64
65BIO *PKCS7_dataInit(p7,bio) 65static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
66PKCS7 *p7; 66 void *value);
67BIO *bio; 67static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
68
69BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
68 { 70 {
69 int i,j; 71 int i,j;
70 BIO *out=NULL,*btmp; 72 BIO *out=NULL,*btmp=NULL;
71 X509_ALGOR *xa; 73 X509_ALGOR *xa;
72 EVP_MD *evp_md; 74 const EVP_MD *evp_md;
73 EVP_CIPHER *evp_cipher=NULL; 75 const EVP_CIPHER *evp_cipher=NULL;
74 STACK *md_sk=NULL,*rsk=NULL; 76 STACK_OF(X509_ALGOR) *md_sk=NULL;
77 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
75 X509_ALGOR *xalg=NULL; 78 X509_ALGOR *xalg=NULL;
76 PKCS7_RECIP_INFO *ri=NULL; 79 PKCS7_RECIP_INFO *ri=NULL;
77 EVP_PKEY *pkey; 80 EVP_PKEY *pkey;
@@ -87,13 +90,25 @@ BIO *bio;
87 case NID_pkcs7_signedAndEnveloped: 90 case NID_pkcs7_signedAndEnveloped:
88 rsk=p7->d.signed_and_enveloped->recipientinfo; 91 rsk=p7->d.signed_and_enveloped->recipientinfo;
89 md_sk=p7->d.signed_and_enveloped->md_algs; 92 md_sk=p7->d.signed_and_enveloped->md_algs;
90 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm))); 93 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
94 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
91 if (evp_cipher == NULL) 95 if (evp_cipher == NULL)
92 { 96 {
93 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 97 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
98 PKCS7_R_CIPHER_NOT_INITIALIZED);
99 goto err;
100 }
101 break;
102 case NID_pkcs7_enveloped:
103 rsk=p7->d.enveloped->recipientinfo;
104 xalg=p7->d.enveloped->enc_data->algorithm;
105 evp_cipher=p7->d.enveloped->enc_data->cipher;
106 if (evp_cipher == NULL)
107 {
108 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
109 PKCS7_R_CIPHER_NOT_INITIALIZED);
94 goto err; 110 goto err;
95 } 111 }
96 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
97 break; 112 break;
98 default: 113 default:
99 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 114 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -102,10 +117,14 @@ BIO *bio;
102 117
103 if (md_sk != NULL) 118 if (md_sk != NULL)
104 { 119 {
105 for (i=0; i<sk_num(md_sk); i++) 120 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
106 { 121 {
107 xa=(X509_ALGOR *)sk_value(md_sk,i); 122 xa=sk_X509_ALGOR_value(md_sk,i);
108 if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err; 123 if ((btmp=BIO_new(BIO_f_md())) == NULL)
124 {
125 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
126 goto err;
127 }
109 128
110 j=OBJ_obj2nid(xa->algorithm); 129 j=OBJ_obj2nid(xa->algorithm);
111 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); 130 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
@@ -120,6 +139,7 @@ BIO *bio;
120 out=btmp; 139 out=btmp;
121 else 140 else
122 BIO_push(out,btmp); 141 BIO_push(out,btmp);
142 btmp=NULL;
123 } 143 }
124 } 144 }
125 145
@@ -130,49 +150,70 @@ BIO *bio;
130 int keylen,ivlen; 150 int keylen,ivlen;
131 int jj,max; 151 int jj,max;
132 unsigned char *tmp; 152 unsigned char *tmp;
153 EVP_CIPHER_CTX *ctx;
133 154
134 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err; 155 if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
156 {
157 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
158 goto err;
159 }
160 BIO_get_cipher_ctx(btmp, &ctx);
135 keylen=EVP_CIPHER_key_length(evp_cipher); 161 keylen=EVP_CIPHER_key_length(evp_cipher);
136 ivlen=EVP_CIPHER_iv_length(evp_cipher); 162 ivlen=EVP_CIPHER_iv_length(evp_cipher);
137
138 if (ivlen > 0)
139 {
140 ASN1_OCTET_STRING *os;
141
142 RAND_bytes(iv,ivlen);
143 os=ASN1_OCTET_STRING_new();
144 ASN1_OCTET_STRING_set(os,iv,ivlen);
145 /* ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
146 (char *)os);
147 */ }
148 RAND_bytes(key,keylen); 163 RAND_bytes(key,keylen);
164 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
165 if (ivlen > 0) RAND_bytes(iv,ivlen);
166 EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
167
168 if (ivlen > 0) {
169 if (xalg->parameter == NULL)
170 xalg->parameter=ASN1_TYPE_new();
171 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
172 goto err;
173 }
149 174
150 /* Lets do the pub key stuff :-) */ 175 /* Lets do the pub key stuff :-) */
151 max=0; 176 max=0;
152 for (i=0; i<sk_num(rsk); i++) 177 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
153 { 178 {
154 ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); 179 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
155 if (ri->cert == NULL) abort(); 180 if (ri->cert == NULL)
181 {
182 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
183 goto err;
184 }
156 pkey=X509_get_pubkey(ri->cert); 185 pkey=X509_get_pubkey(ri->cert);
157 jj=EVP_PKEY_size(pkey); 186 jj=EVP_PKEY_size(pkey);
187 EVP_PKEY_free(pkey);
158 if (max < jj) max=jj; 188 if (max < jj) max=jj;
159 } 189 }
160 if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort(); 190 if ((tmp=(unsigned char *)Malloc(max)) == NULL)
161 for (i=0; i<sk_num(rsk); i++)
162 { 191 {
163 ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); 192 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
193 goto err;
194 }
195 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
196 {
197 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
164 pkey=X509_get_pubkey(ri->cert); 198 pkey=X509_get_pubkey(ri->cert);
165 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); 199 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
166 if (jj <= 0) abort(); 200 EVP_PKEY_free(pkey);
201 if (jj <= 0)
202 {
203 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
204 Free(tmp);
205 goto err;
206 }
167 ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); 207 ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
168 } 208 }
169 209 Free(tmp);
170 BIO_set_cipher(btmp,evp_cipher,key,iv,1); 210 memset(key, 0, keylen);
171 211
172 if (out == NULL) 212 if (out == NULL)
173 out=btmp; 213 out=btmp;
174 else 214 else
175 BIO_push(out,btmp); 215 BIO_push(out,btmp);
216 btmp=NULL;
176 } 217 }
177 218
178 if (bio == NULL) /* ??????????? */ 219 if (bio == NULL) /* ??????????? */
@@ -182,6 +223,11 @@ BIO *bio;
182 else 223 else
183 { 224 {
184 bio=BIO_new(BIO_s_mem()); 225 bio=BIO_new(BIO_s_mem());
226 /* We need to set this so that when we have read all
227 * the data, the encrypt BIO, if present, will read
228 * EOF and encode the last few bytes */
229 BIO_set_mem_eof_return(bio,0);
230
185 if (PKCS7_type_is_signed(p7) && 231 if (PKCS7_type_is_signed(p7) &&
186 PKCS7_type_is_data(p7->d.sign->contents)) 232 PKCS7_type_is_data(p7->d.sign->contents))
187 { 233 {
@@ -195,14 +241,222 @@ BIO *bio;
195 } 241 }
196 } 242 }
197 BIO_push(out,bio); 243 BIO_push(out,bio);
244 bio=NULL;
245 if (0)
246 {
247err:
248 if (out != NULL)
249 BIO_free_all(out);
250 if (btmp != NULL)
251 BIO_free_all(btmp);
252 out=NULL;
253 }
198 return(out); 254 return(out);
255 }
256
257/* int */
258BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
259 {
260 int i,j;
261 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
262 char *tmp=NULL;
263 X509_ALGOR *xa;
264 ASN1_OCTET_STRING *data_body=NULL;
265 const EVP_MD *evp_md;
266 const EVP_CIPHER *evp_cipher=NULL;
267 EVP_CIPHER_CTX *evp_ctx=NULL;
268 X509_ALGOR *enc_alg=NULL;
269 STACK_OF(X509_ALGOR) *md_sk=NULL;
270 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
271 X509_ALGOR *xalg=NULL;
272 PKCS7_RECIP_INFO *ri=NULL;
273/* EVP_PKEY *pkey; */
274#if 0
275 X509_STORE_CTX s_ctx;
276#endif
277
278 i=OBJ_obj2nid(p7->type);
279 p7->state=PKCS7_S_HEADER;
280
281 switch (i)
282 {
283 case NID_pkcs7_signed:
284 data_body=p7->d.sign->contents->d.data;
285 md_sk=p7->d.sign->md_algs;
286 break;
287 case NID_pkcs7_signedAndEnveloped:
288 rsk=p7->d.signed_and_enveloped->recipientinfo;
289 md_sk=p7->d.signed_and_enveloped->md_algs;
290 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
291 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
292 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
293 if (evp_cipher == NULL)
294 {
295 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
296 goto err;
297 }
298 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
299 break;
300 case NID_pkcs7_enveloped:
301 rsk=p7->d.enveloped->recipientinfo;
302 enc_alg=p7->d.enveloped->enc_data->algorithm;
303 data_body=p7->d.enveloped->enc_data->enc_data;
304 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
305 if (evp_cipher == NULL)
306 {
307 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
308 goto err;
309 }
310 xalg=p7->d.enveloped->enc_data->algorithm;
311 break;
312 default:
313 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
314 goto err;
315 }
316
317 /* We will be checking the signature */
318 if (md_sk != NULL)
319 {
320 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
321 {
322 xa=sk_X509_ALGOR_value(md_sk,i);
323 if ((btmp=BIO_new(BIO_f_md())) == NULL)
324 {
325 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
326 goto err;
327 }
328
329 j=OBJ_obj2nid(xa->algorithm);
330 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
331 if (evp_md == NULL)
332 {
333 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
334 goto err;
335 }
336
337 BIO_set_md(btmp,evp_md);
338 if (out == NULL)
339 out=btmp;
340 else
341 BIO_push(out,btmp);
342 btmp=NULL;
343 }
344 }
345
346 if (evp_cipher != NULL)
347 {
348#if 0
349 unsigned char key[EVP_MAX_KEY_LENGTH];
350 unsigned char iv[EVP_MAX_IV_LENGTH];
351 unsigned char *p;
352 int keylen,ivlen;
353 int max;
354 X509_OBJECT ret;
355#endif
356 int jj;
357
358 if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
359 {
360 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
361 goto err;
362 }
363
364 /* It was encrypted, we need to decrypt the secret key
365 * with the private key */
366
367 /* Find the recipientInfo which matches the passed certificate
368 * (if any)
369 */
370
371 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
372 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
373 if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
374 pcert->cert_info->issuer) &&
375 !ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
376 ri->issuer_and_serial->serial)) break;
377 ri=NULL;
378 }
379 if (ri == NULL) {
380 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
381 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
382 return(NULL);
383 }
384
385 jj=EVP_PKEY_size(pkey);
386 tmp=Malloc(jj+10);
387 if (tmp == NULL)
388 {
389 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
390 goto err;
391 }
392
393 jj=EVP_PKEY_decrypt((unsigned char *)tmp,
394 ASN1_STRING_data(ri->enc_key),
395 ASN1_STRING_length(ri->enc_key),
396 pkey);
397 if (jj <= 0)
398 {
399 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
400 goto err;
401 }
402
403 evp_ctx=NULL;
404 BIO_get_cipher_ctx(etmp,&evp_ctx);
405 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
406 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
407 return(NULL);
408
409 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx))
410 {
411 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
412 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
413 goto err;
414 }
415 EVP_CipherInit(evp_ctx,NULL,(unsigned char *)tmp,NULL,0);
416
417 memset(tmp,0,jj);
418
419 if (out == NULL)
420 out=etmp;
421 else
422 BIO_push(out,etmp);
423 etmp=NULL;
424 }
425
426#if 1
427 if (p7->detached || (in_bio != NULL))
428 {
429 bio=in_bio;
430 }
431 else
432 {
433 bio=BIO_new(BIO_s_mem());
434 /* We need to set this so that when we have read all
435 * the data, the encrypt BIO, if present, will read
436 * EOF and encode the last few bytes */
437 BIO_set_mem_eof_return(bio,0);
438
439 if (data_body->length > 0)
440 BIO_write(bio,(char *)data_body->data,data_body->length);
441 }
442 BIO_push(out,bio);
443 bio=NULL;
444#endif
445 if (0)
446 {
199err: 447err:
200 return(NULL); 448 if (out != NULL) BIO_free_all(out);
449 if (btmp != NULL) BIO_free_all(btmp);
450 if (etmp != NULL) BIO_free_all(etmp);
451 if (bio != NULL) BIO_free_all(bio);
452 out=NULL;
453 }
454 if (tmp != NULL)
455 Free(tmp);
456 return(out);
201 } 457 }
202 458
203int PKCS7_dataSign(p7,bio) 459int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
204PKCS7 *p7;
205BIO *bio;
206 { 460 {
207 int ret=0; 461 int ret=0;
208 int i,j; 462 int i,j;
@@ -211,7 +465,8 @@ BIO *bio;
211 BUF_MEM *buf=NULL; 465 BUF_MEM *buf=NULL;
212 PKCS7_SIGNER_INFO *si; 466 PKCS7_SIGNER_INFO *si;
213 EVP_MD_CTX *mdc,ctx_tmp; 467 EVP_MD_CTX *mdc,ctx_tmp;
214 STACK *sk,*si_sk=NULL; 468 STACK_OF(X509_ATTRIBUTE) *sk;
469 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
215 unsigned char *p,*pp=NULL; 470 unsigned char *p,*pp=NULL;
216 int x; 471 int x;
217 ASN1_OCTET_STRING *os=NULL; 472 ASN1_OCTET_STRING *os=NULL;
@@ -227,22 +482,35 @@ BIO *bio;
227 os=ASN1_OCTET_STRING_new(); 482 os=ASN1_OCTET_STRING_new();
228 p7->d.signed_and_enveloped->enc_data->enc_data=os; 483 p7->d.signed_and_enveloped->enc_data->enc_data=os;
229 break; 484 break;
485 case NID_pkcs7_enveloped:
486 /* XXXXXXXXXXXXXXXX */
487 os=ASN1_OCTET_STRING_new();
488 p7->d.enveloped->enc_data->enc_data=os;
489 break;
230 case NID_pkcs7_signed: 490 case NID_pkcs7_signed:
231 si_sk=p7->d.sign->signer_info; 491 si_sk=p7->d.sign->signer_info;
232 os=p7->d.sign->contents->d.data; 492 os=p7->d.sign->contents->d.data;
493 /* If detached data then the content is excluded */
494 if(p7->detached) {
495 ASN1_OCTET_STRING_free(os);
496 p7->d.sign->contents->d.data = NULL;
497 }
233 break; 498 break;
234 } 499 }
235 500
236 if (si_sk != NULL) 501 if (si_sk != NULL)
237 { 502 {
238 if ((buf=BUF_MEM_new()) == NULL) goto err; 503 if ((buf=BUF_MEM_new()) == NULL)
239 for (i=0; i<sk_num(si_sk); i++) 504 {
505 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
506 goto err;
507 }
508 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
240 { 509 {
241 si=(PKCS7_SIGNER_INFO *) 510 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
242 sk_value(si_sk,i); 511 if (si->pkey == NULL) continue;
243 if (si->pkey == NULL) 512
244 continue; 513 j=OBJ_obj2nid(si->digest_alg->algorithm);
245 j=OBJ_obj2nid(si->digest_enc_alg->algorithm);
246 514
247 btmp=bio; 515 btmp=bio;
248 for (;;) 516 for (;;)
@@ -259,7 +527,7 @@ BIO *bio;
259 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR); 527 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
260 goto err; 528 goto err;
261 } 529 }
262 if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j) 530 if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == j)
263 break; 531 break;
264 else 532 else
265 btmp=btmp->next_bio; 533 btmp=btmp->next_bio;
@@ -269,75 +537,117 @@ BIO *bio;
269 * signing. */ 537 * signing. */
270 memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp)); 538 memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
271 if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) 539 if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
540 {
541 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
272 goto err; 542 goto err;
543 }
273 544
274 sk=si->auth_attr; 545 sk=si->auth_attr;
275 if ((sk != NULL) && (sk_num(sk) != 0)) 546
547 /* If there are attributes, we add the digest
548 * attribute and only sign the attributes */
549 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
276 { 550 {
277 x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, 551 unsigned char md_data[EVP_MAX_MD_SIZE];
278 V_ASN1_SET,V_ASN1_UNIVERSAL); 552 unsigned int md_len;
279 pp=(unsigned char *)Malloc(i); 553 ASN1_OCTET_STRING *digest;
554 ASN1_UTCTIME *sign_time;
555 const EVP_MD *md_tmp;
556
557 /* Add signing time */
558 sign_time=X509_gmtime_adj(NULL,0);
559 PKCS7_add_signed_attribute(si,
560 NID_pkcs9_signingTime,
561 V_ASN1_UTCTIME,sign_time);
562
563 /* Add digest */
564 md_tmp=EVP_MD_CTX_type(&ctx_tmp);
565 EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
566 digest=ASN1_OCTET_STRING_new();
567 ASN1_OCTET_STRING_set(digest,md_data,md_len);
568 PKCS7_add_signed_attribute(si,
569 NID_pkcs9_messageDigest,
570 V_ASN1_OCTET_STRING,digest);
571
572 /* Now sign the mess */
573 EVP_SignInit(&ctx_tmp,md_tmp);
574 x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
575 i2d_X509_ATTRIBUTE,
576 V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
577 pp=(unsigned char *)Malloc(x);
280 p=pp; 578 p=pp;
281 i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, 579 i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
282 V_ASN1_SET,V_ASN1_UNIVERSAL); 580 i2d_X509_ATTRIBUTE,
581 V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
283 EVP_SignUpdate(&ctx_tmp,pp,x); 582 EVP_SignUpdate(&ctx_tmp,pp,x);
284 Free(pp); 583 Free(pp);
584 pp=NULL;
285 } 585 }
286 586
587 if (si->pkey->type == EVP_PKEY_DSA)
588 ctx_tmp.digest=EVP_dss1();
589
287 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, 590 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
288 (unsigned int *)&buf->length,si->pkey)) 591 (unsigned int *)&buf->length,si->pkey))
592 {
593 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
289 goto err; 594 goto err;
595 }
290 if (!ASN1_STRING_set(si->enc_digest, 596 if (!ASN1_STRING_set(si->enc_digest,
291 (unsigned char *)buf->data,buf->length)) 597 (unsigned char *)buf->data,buf->length))
292 goto err;
293 }
294 if (p7->detached)
295 ASN1_OCTET_STRING_set(os,(unsigned char *)"",0);
296 else
297 {
298 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
299 if (btmp == NULL)
300 { 598 {
301 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 599 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
302 goto err; 600 goto err;
303 } 601 }
304 BIO_get_mem_ptr(btmp,&buf_mem);
305 ASN1_OCTET_STRING_set(os,
306 (unsigned char *)buf_mem->data,buf_mem->length);
307 } 602 }
308 if (pp != NULL) Free(pp);
309 pp=NULL;
310 } 603 }
311 604
605 if (!p7->detached)
606 {
607 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
608 if (btmp == NULL)
609 {
610 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
611 goto err;
612 }
613 BIO_get_mem_ptr(btmp,&buf_mem);
614 ASN1_OCTET_STRING_set(os,
615 (unsigned char *)buf_mem->data,buf_mem->length);
616 }
617 if (pp != NULL) Free(pp);
618 pp=NULL;
619
312 ret=1; 620 ret=1;
313err: 621err:
314 if (buf != NULL) BUF_MEM_free(buf); 622 if (buf != NULL) BUF_MEM_free(buf);
315 return(ret); 623 return(ret);
316 } 624 }
317 625
318int PKCS7_dataVerify(cert_store,ctx,bio,p7,si) 626int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
319X509_STORE *cert_store; 627 PKCS7 *p7, PKCS7_SIGNER_INFO *si)
320X509_STORE_CTX *ctx;
321BIO *bio;
322PKCS7 *p7;
323PKCS7_SIGNER_INFO *si;
324 { 628 {
325 PKCS7_SIGNED *s;
326 ASN1_OCTET_STRING *os;
327 EVP_MD_CTX mdc_tmp,*mdc;
328 unsigned char *pp,*p;
329 PKCS7_ISSUER_AND_SERIAL *ias; 629 PKCS7_ISSUER_AND_SERIAL *ias;
330 int ret=0,md_type,i; 630 int ret=0,i;
331 STACK *sk; 631 STACK_OF(X509) *cert;
332 BIO *btmp;
333 X509 *x509; 632 X509 *x509;
334 633
335 if (!PKCS7_type_is_signed(p7)) abort(); 634 if (PKCS7_type_is_signed(p7))
635 {
636 cert=p7->d.sign->cert;
637 }
638 else if (PKCS7_type_is_signedAndEnveloped(p7))
639 {
640 cert=p7->d.signed_and_enveloped->cert;
641 }
642 else
643 {
644 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
645 goto err;
646 }
336 /* XXXXXXXXXXXXXXXXXXXXXXX */ 647 /* XXXXXXXXXXXXXXXXXXXXXXX */
337 ias=si->issuer_and_serial; 648 ias=si->issuer_and_serial;
338 s=p7->d.sign;
339 649
340 x509=X509_find_by_issuer_and_serial(s->cert,ias->issuer,ias->serial); 650 x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
341 651
342 /* were we able to find the cert in passed to us */ 652 /* were we able to find the cert in passed to us */
343 if (x509 == NULL) 653 if (x509 == NULL)
@@ -347,12 +657,39 @@ PKCS7_SIGNER_INFO *si;
347 } 657 }
348 658
349 /* Lets verify */ 659 /* Lets verify */
350 X509_STORE_CTX_init(ctx,cert_store,x509,s->cert); 660 X509_STORE_CTX_init(ctx,cert_store,x509,cert);
351 i=X509_verify_cert(ctx); 661 i=X509_verify_cert(ctx);
352 if (i <= 0) goto err; 662 if (i <= 0)
663 {
664 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
665 goto err;
666 }
353 X509_STORE_CTX_cleanup(ctx); 667 X509_STORE_CTX_cleanup(ctx);
354 668
355 /* So we like 'x509', lets check the signature. */ 669 return PKCS7_signatureVerify(bio, p7, si, x509);
670 err:
671 return ret;
672 }
673
674int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
675 X509 *x509)
676 {
677 ASN1_OCTET_STRING *os;
678 EVP_MD_CTX mdc_tmp,*mdc;
679 unsigned char *pp,*p;
680 int ret=0,i;
681 int md_type;
682 STACK_OF(X509_ATTRIBUTE) *sk;
683 BIO *btmp;
684 EVP_PKEY *pkey;
685
686 if (!PKCS7_type_is_signed(p7) &&
687 !PKCS7_type_is_signedAndEnveloped(p7)) {
688 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
689 PKCS7_R_WRONG_PKCS7_TYPE);
690 goto err;
691 }
692
356 md_type=OBJ_obj2nid(si->digest_alg->algorithm); 693 md_type=OBJ_obj2nid(si->digest_alg->algorithm);
357 694
358 btmp=bio; 695 btmp=bio;
@@ -361,13 +698,15 @@ PKCS7_SIGNER_INFO *si;
361 if ((btmp == NULL) || 698 if ((btmp == NULL) ||
362 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) 699 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
363 { 700 {
364 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 701 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
702 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
365 goto err; 703 goto err;
366 } 704 }
367 BIO_get_md_ctx(btmp,&mdc); 705 BIO_get_md_ctx(btmp,&mdc);
368 if (mdc == NULL) 706 if (mdc == NULL)
369 { 707 {
370 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR); 708 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
709 PKCS7_R_INTERNAL_ERROR);
371 goto err; 710 goto err;
372 } 711 }
373 if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type) 712 if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type)
@@ -375,28 +714,68 @@ PKCS7_SIGNER_INFO *si;
375 btmp=btmp->next_bio; 714 btmp=btmp->next_bio;
376 } 715 }
377 716
378 /* mdc is the digest ctx that we want */ 717 /* mdc is the digest ctx that we want, unless there are attributes,
718 * in which case the digest is the signed attributes */
379 memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp)); 719 memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
380 720
381 sk=si->auth_attr; 721 sk=si->auth_attr;
382 if ((sk != NULL) && (sk_num(sk) != 0)) 722 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
383 { 723 {
384 i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, 724 unsigned char md_dat[EVP_MAX_MD_SIZE];
385 V_ASN1_SET,V_ASN1_UNIVERSAL); 725 unsigned int md_len;
386 pp=(unsigned char *)malloc(i); 726 ASN1_OCTET_STRING *message_digest;
727
728 EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
729 message_digest=PKCS7_digest_from_attributes(sk);
730 if (!message_digest)
731 {
732 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
733 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
734 goto err;
735 }
736 if ((message_digest->length != (int)md_len) ||
737 (memcmp(message_digest->data,md_dat,md_len)))
738 {
739#if 0
740{
741int ii;
742for (ii=0; ii<message_digest->length; ii++)
743 printf("%02X",message_digest->data[ii]); printf(" sent\n");
744for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
745}
746#endif
747 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
748 PKCS7_R_DIGEST_FAILURE);
749 ret= -1;
750 goto err;
751 }
752
753 EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
754 /* Note: when forming the encoding of the attributes we
755 * shouldn't reorder them or this will break the signature.
756 * This is done by using the IS_SEQUENCE flag.
757 */
758 i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
759 V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
760 pp=Malloc(i);
387 p=pp; 761 p=pp;
388 i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, 762 i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
389 V_ASN1_SET,V_ASN1_UNIVERSAL); 763 V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
390 EVP_VerifyUpdate(&mdc_tmp,pp,i); 764 EVP_VerifyUpdate(&mdc_tmp,pp,i);
391 free(pp); 765
766 Free(pp);
392 } 767 }
393 768
394 os=si->enc_digest; 769 os=si->enc_digest;
395 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, 770 pkey = X509_get_pubkey(x509);
396 X509_get_pubkey(x509)); 771 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
772
773 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
774 EVP_PKEY_free(pkey);
397 if (i <= 0) 775 if (i <= 0)
398 { 776 {
399 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE); 777 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
778 PKCS7_R_SIGNATURE_FAILURE);
400 ret= -1; 779 ret= -1;
401 goto err; 780 goto err;
402 } 781 }
@@ -406,3 +785,138 @@ err:
406 return(ret); 785 return(ret);
407 } 786 }
408 787
788PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
789 {
790 STACK_OF(PKCS7_RECIP_INFO) *rsk;
791 PKCS7_RECIP_INFO *ri;
792 int i;
793
794 i=OBJ_obj2nid(p7->type);
795 if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
796 rsk=p7->d.signed_and_enveloped->recipientinfo;
797 ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
798 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
799 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
800 return(ri->issuer_and_serial);
801 }
802
803ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
804 {
805 return(get_attribute(si->auth_attr,nid));
806 }
807
808ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
809 {
810 return(get_attribute(si->unauth_attr,nid));
811 }
812
813static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
814 {
815 int i;
816 X509_ATTRIBUTE *xa;
817 ASN1_OBJECT *o;
818
819 o=OBJ_nid2obj(nid);
820 if (!o || !sk) return(NULL);
821 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
822 {
823 xa=sk_X509_ATTRIBUTE_value(sk,i);
824 if (OBJ_cmp(xa->object,o) == 0)
825 {
826 if (xa->set && sk_ASN1_TYPE_num(xa->value.set))
827 return(sk_ASN1_TYPE_value(xa->value.set,0));
828 else
829 return(NULL);
830 }
831 }
832 return(NULL);
833 }
834
835ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
836{
837 ASN1_TYPE *astype;
838 if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
839 return astype->value.octet_string;
840}
841
842int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
843 STACK_OF(X509_ATTRIBUTE) *sk)
844 {
845 int i;
846
847 if (p7si->auth_attr != NULL)
848 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
849 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
850 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
851 {
852 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
853 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
854 == NULL)
855 return(0);
856 }
857 return(1);
858 }
859
860int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
861 {
862 int i;
863
864 if (p7si->unauth_attr != NULL)
865 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
866 X509_ATTRIBUTE_free);
867 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
868 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
869 {
870 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
871 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
872 == NULL)
873 return(0);
874 }
875 return(1);
876 }
877
878int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
879 void *value)
880 {
881 return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
882 }
883
884int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
885 void *value)
886 {
887 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
888 }
889
890static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
891 void *value)
892 {
893 X509_ATTRIBUTE *attr=NULL;
894
895 if (*sk == NULL)
896 {
897 *sk = sk_X509_ATTRIBUTE_new(NULL);
898new_attrib:
899 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
900 sk_X509_ATTRIBUTE_push(*sk,attr);
901 }
902 else
903 {
904 int i;
905
906 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
907 {
908 attr=sk_X509_ATTRIBUTE_value(*sk,i);
909 if (OBJ_obj2nid(attr->object) == nid)
910 {
911 X509_ATTRIBUTE_free(attr);
912 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
913 sk_X509_ATTRIBUTE_set(*sk,i,attr);
914 goto end;
915 }
916 }
917 goto new_attrib;
918 }
919end:
920 return(1);
921 }
922
diff --git a/src/lib/libcrypto/pkcs7/pk7_enc.c b/src/lib/libcrypto/pkcs7/pk7_enc.c
index a5b6dc463f..acbb189c59 100644
--- a/src/lib/libcrypto/pkcs7/pk7_enc.c
+++ b/src/lib/libcrypto/pkcs7/pk7_enc.c
@@ -58,11 +58,11 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "evp.h" 61#include <openssl/evp.h>
62#include "rand.h" 62#include <openssl/rand.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "x509.h" 64#include <openssl/x509.h>
65#include "pkcs7.h" 65#include <openssl/pkcs7.h>
66 66
67PKCS7_in_bio(PKCS7 *p7,BIO *in); 67PKCS7_in_bio(PKCS7 *p7,BIO *in);
68PKCS7_out_bio(PKCS7 *p7,BIO *out); 68PKCS7_out_bio(PKCS7 *p7,BIO *out);
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index 7d14ad1173..8b863d0558 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -58,14 +58,10 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "objects.h" 61#include <openssl/objects.h>
62#include "x509.h" 62#include <openssl/x509.h>
63 63
64long PKCS7_ctrl(p7,cmd,larg,parg) 64long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
65PKCS7 *p7;
66int cmd;
67long larg;
68char *parg;
69 { 65 {
70 int nid; 66 int nid;
71 long ret; 67 long ret;
@@ -98,14 +94,13 @@ char *parg;
98 94
99 break; 95 break;
100 default: 96 default:
101 abort(); 97 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
98 ret=0;
102 } 99 }
103 return(ret); 100 return(ret);
104 } 101 }
105 102
106int PKCS7_content_new(p7,type) 103int PKCS7_content_new(PKCS7 *p7, int type)
107PKCS7 *p7;
108int type;
109 { 104 {
110 PKCS7 *ret=NULL; 105 PKCS7 *ret=NULL;
111 106
@@ -119,9 +114,7 @@ err:
119 return(0); 114 return(0);
120 } 115 }
121 116
122int PKCS7_set_content(p7,p7_data) 117int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
123PKCS7 *p7;
124PKCS7 *p7_data;
125 { 118 {
126 int i; 119 int i;
127 120
@@ -147,9 +140,7 @@ err:
147 return(0); 140 return(0);
148 } 141 }
149 142
150int PKCS7_set_type(p7,type) 143int PKCS7_set_type(PKCS7 *p7, int type)
151PKCS7 *p7;
152int type;
153 { 144 {
154 ASN1_OBJECT *obj; 145 ASN1_OBJECT *obj;
155 146
@@ -172,12 +163,19 @@ int type;
172 case NID_pkcs7_signedAndEnveloped: 163 case NID_pkcs7_signedAndEnveloped:
173 p7->type=obj; 164 p7->type=obj;
174 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) 165 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
175 == NULL) 166 == NULL) goto err;
176 goto err; 167 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
177 ASN1_INTEGER_set(p7->d.sign->version,1); 168/* p7->d.signed_and_enveloped->enc_data->content_type=
169 OBJ_nid2obj(NID_pkcs7_encrypted);*/
170
178 break; 171 break;
179 case NID_pkcs7_digest:
180 case NID_pkcs7_enveloped: 172 case NID_pkcs7_enveloped:
173 p7->type=obj;
174 if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
175 == NULL) goto err;
176 ASN1_INTEGER_set(p7->d.enveloped->version,0);
177 break;
178 case NID_pkcs7_digest:
181 case NID_pkcs7_encrypted: 179 case NID_pkcs7_encrypted:
182 default: 180 default:
183 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 181 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -188,14 +186,12 @@ err:
188 return(0); 186 return(0);
189 } 187 }
190 188
191int PKCS7_add_signer(p7,psi) 189int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
192PKCS7 *p7;
193PKCS7_SIGNER_INFO *psi;
194 { 190 {
195 int i,j,nid; 191 int i,j,nid;
196 X509_ALGOR *alg; 192 X509_ALGOR *alg;
197 STACK *signer_sk; 193 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
198 STACK *md_sk; 194 STACK_OF(X509_ALGOR) *md_sk;
199 195
200 i=OBJ_obj2nid(p7->type); 196 i=OBJ_obj2nid(p7->type);
201 switch (i) 197 switch (i)
@@ -217,9 +213,9 @@ PKCS7_SIGNER_INFO *psi;
217 213
218 /* If the digest is not currently listed, add it */ 214 /* If the digest is not currently listed, add it */
219 j=0; 215 j=0;
220 for (i=0; i<sk_num(md_sk); i++) 216 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
221 { 217 {
222 alg=(X509_ALGOR *)sk_value(md_sk,i); 218 alg=sk_X509_ALGOR_value(md_sk,i);
223 if (OBJ_obj2nid(alg->algorithm) == nid) 219 if (OBJ_obj2nid(alg->algorithm) == nid)
224 { 220 {
225 j=1; 221 j=1;
@@ -230,19 +226,17 @@ PKCS7_SIGNER_INFO *psi;
230 { 226 {
231 alg=X509_ALGOR_new(); 227 alg=X509_ALGOR_new();
232 alg->algorithm=OBJ_nid2obj(nid); 228 alg->algorithm=OBJ_nid2obj(nid);
233 sk_push(md_sk,(char *)alg); 229 sk_X509_ALGOR_push(md_sk,alg);
234 } 230 }
235 231
236 sk_push(signer_sk,(char *)psi); 232 sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
237 return(1); 233 return(1);
238 } 234 }
239 235
240int PKCS7_add_certificate(p7,x509) 236int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
241PKCS7 *p7;
242X509 *x509;
243 { 237 {
244 int i; 238 int i;
245 STACK **sk; 239 STACK_OF(X509) **sk;
246 240
247 i=OBJ_obj2nid(p7->type); 241 i=OBJ_obj2nid(p7->type);
248 switch (i) 242 switch (i)
@@ -259,18 +253,16 @@ X509 *x509;
259 } 253 }
260 254
261 if (*sk == NULL) 255 if (*sk == NULL)
262 *sk=sk_new_null(); 256 *sk=sk_X509_new_null();
263 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 257 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
264 sk_push(*sk,(char *)x509); 258 sk_X509_push(*sk,x509);
265 return(1); 259 return(1);
266 } 260 }
267 261
268int PKCS7_add_crl(p7,crl) 262int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
269PKCS7 *p7;
270X509_CRL *crl;
271 { 263 {
272 int i; 264 int i;
273 STACK **sk; 265 STACK_OF(X509_CRL) **sk;
274 266
275 i=OBJ_obj2nid(p7->type); 267 i=OBJ_obj2nid(p7->type);
276 switch (i) 268 switch (i)
@@ -287,18 +279,15 @@ X509_CRL *crl;
287 } 279 }
288 280
289 if (*sk == NULL) 281 if (*sk == NULL)
290 *sk=sk_new_null(); 282 *sk=sk_X509_CRL_new_null();
291 283
292 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); 284 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
293 sk_push(*sk,(char *)crl); 285 sk_X509_CRL_push(*sk,crl);
294 return(1); 286 return(1);
295 } 287 }
296 288
297int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst) 289int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
298PKCS7_SIGNER_INFO *p7i; 290 EVP_MD *dgst)
299X509 *x509;
300EVP_PKEY *pkey;
301EVP_MD *dgst;
302 { 291 {
303 /* We now need to add another PKCS7_SIGNER_INFO entry */ 292 /* We now need to add another PKCS7_SIGNER_INFO entry */
304 ASN1_INTEGER_set(p7i->version,1); 293 ASN1_INTEGER_set(p7i->version,1);
@@ -316,27 +305,32 @@ EVP_MD *dgst;
316 p7i->pkey=pkey; 305 p7i->pkey=pkey;
317 306
318 /* Set the algorithms */ 307 /* Set the algorithms */
319 p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); 308 if (pkey->type == EVP_PKEY_DSA)
320 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst)); 309 p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
310 else
311 p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
312
313 if (p7i->digest_alg->parameter != NULL)
314 ASN1_TYPE_free(p7i->digest_alg->parameter);
315 if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
316 goto err;
317 p7i->digest_alg->parameter->type=V_ASN1_NULL;
318
319 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
321 320
322#if 1
323 if (p7i->digest_enc_alg->parameter != NULL) 321 if (p7i->digest_enc_alg->parameter != NULL)
324 ASN1_TYPE_free(p7i->digest_enc_alg->parameter); 322 ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
325 if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) 323 if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
326 goto err; 324 goto err;
327 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; 325 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
328#endif
329 326
330 return(1); 327 return(1);
331err: 328err:
332 return(0); 329 return(0);
333 } 330 }
334 331
335PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst) 332PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
336PKCS7 *p7; 333 EVP_MD *dgst)
337X509 *x509;
338EVP_PKEY *pkey;
339EVP_MD *dgst;
340 { 334 {
341 PKCS7_SIGNER_INFO *si; 335 PKCS7_SIGNER_INFO *si;
342 336
@@ -348,20 +342,21 @@ err:
348 return(NULL); 342 return(NULL);
349 } 343 }
350 344
351STACK *PKCS7_get_signer_info(p7) 345STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
352PKCS7 *p7;
353 { 346 {
354 if (PKCS7_type_is_signed(p7)) 347 if (PKCS7_type_is_signed(p7))
355 { 348 {
356 return(p7->d.sign->signer_info); 349 return(p7->d.sign->signer_info);
357 } 350 }
351 else if (PKCS7_type_is_signedAndEnveloped(p7))
352 {
353 return(p7->d.signed_and_enveloped->signer_info);
354 }
358 else 355 else
359 return(NULL); 356 return(NULL);
360 } 357 }
361 358
362PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509) 359PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
363PKCS7 *p7;
364X509 *x509;
365 { 360 {
366 PKCS7_RECIP_INFO *ri; 361 PKCS7_RECIP_INFO *ri;
367 362
@@ -373,12 +368,10 @@ err:
373 return(NULL); 368 return(NULL);
374 } 369 }
375 370
376int PKCS7_add_recipient_info(p7,ri) 371int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
377PKCS7 *p7;
378PKCS7_RECIP_INFO *ri;
379 { 372 {
380 int i; 373 int i;
381 STACK *sk; 374 STACK_OF(PKCS7_RECIP_INFO) *sk;
382 375
383 i=OBJ_obj2nid(p7->type); 376 i=OBJ_obj2nid(p7->type);
384 switch (i) 377 switch (i)
@@ -386,18 +379,19 @@ PKCS7_RECIP_INFO *ri;
386 case NID_pkcs7_signedAndEnveloped: 379 case NID_pkcs7_signedAndEnveloped:
387 sk= p7->d.signed_and_enveloped->recipientinfo; 380 sk= p7->d.signed_and_enveloped->recipientinfo;
388 break; 381 break;
382 case NID_pkcs7_enveloped:
383 sk= p7->d.enveloped->recipientinfo;
384 break;
389 default: 385 default:
390 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); 386 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
391 return(0); 387 return(0);
392 } 388 }
393 389
394 sk_push(sk,(char *)ri); 390 sk_PKCS7_RECIP_INFO_push(sk,ri);
395 return(1); 391 return(1);
396 } 392 }
397 393
398int PKCS7_RECIP_INFO_set(p7i,x509) 394int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
399PKCS7_RECIP_INFO *p7i;
400X509 *x509;
401 { 395 {
402 ASN1_INTEGER_set(p7i->version,0); 396 ASN1_INTEGER_set(p7i->version,0);
403 X509_NAME_set(&p7i->issuer_and_serial->issuer, 397 X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -407,15 +401,18 @@ X509 *x509;
407 p7i->issuer_and_serial->serial= 401 p7i->issuer_and_serial->serial=
408 ASN1_INTEGER_dup(X509_get_serialNumber(x509)); 402 ASN1_INTEGER_dup(X509_get_serialNumber(x509));
409 403
404 X509_ALGOR_free(p7i->key_enc_algor);
405 p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
406 (char *(*)())d2i_X509_ALGOR,
407 (char *)x509->cert_info->key->algor);
408
410 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); 409 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
411 p7i->cert=x509; 410 p7i->cert=x509;
412 411
413 return(1); 412 return(1);
414 } 413 }
415 414
416X509 *PKCS7_cert_from_signer_info(p7,si) 415X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
417PKCS7 *p7;
418PKCS7_SIGNER_INFO *si;
419 { 416 {
420 if (PKCS7_type_is_signed(p7)) 417 if (PKCS7_type_is_signed(p7))
421 return(X509_find_by_issuer_and_serial(p7->d.sign->cert, 418 return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
@@ -425,9 +422,7 @@ PKCS7_SIGNER_INFO *si;
425 return(NULL); 422 return(NULL);
426 } 423 }
427 424
428int PKCS7_set_cipher(p7,cipher) 425int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
429PKCS7 *p7;
430EVP_CIPHER *cipher;
431 { 426 {
432 int i; 427 int i;
433 PKCS7_ENC_CONTENT *ec; 428 PKCS7_ENC_CONTENT *ec;
@@ -438,12 +433,17 @@ EVP_CIPHER *cipher;
438 case NID_pkcs7_signedAndEnveloped: 433 case NID_pkcs7_signedAndEnveloped:
439 ec=p7->d.signed_and_enveloped->enc_data; 434 ec=p7->d.signed_and_enveloped->enc_data;
440 break; 435 break;
436 case NID_pkcs7_enveloped:
437 ec=p7->d.enveloped->enc_data;
438 break;
441 default: 439 default:
442 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); 440 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
443 return(0); 441 return(0);
444 } 442 }
445 443
446 ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher)); 444 /* Setup cipher OID */
447 return(ec->algorithm->algorithm != NULL); 445
446 ec->cipher = cipher;
447 return 1;
448 } 448 }
449 449
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.err b/src/lib/libcrypto/pkcs7/pkcs7.err
deleted file mode 100644
index 91413aae43..0000000000
--- a/src/lib/libcrypto/pkcs7/pkcs7.err
+++ /dev/null
@@ -1,26 +0,0 @@
1/* Error codes for the PKCS7 functions. */
2
3/* Function codes. */
4#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
5#define PKCS7_F_PKCS7_ADD_CRL 101
6#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
7#define PKCS7_F_PKCS7_ADD_SIGNER 103
8#define PKCS7_F_PKCS7_CTRL 104
9#define PKCS7_F_PKCS7_DATAINIT 105
10#define PKCS7_F_PKCS7_DATASIGN 106
11#define PKCS7_F_PKCS7_DATAVERIFY 107
12#define PKCS7_F_PKCS7_SET_CIPHER 108
13#define PKCS7_F_PKCS7_SET_CONTENT 109
14#define PKCS7_F_PKCS7_SET_TYPE 110
15
16/* Reason codes. */
17#define PKCS7_R_INTERNAL_ERROR 100
18#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 101
19#define PKCS7_R_SIGNATURE_FAILURE 102
20#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 103
21#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 104
22#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 105
23#define PKCS7_R_UNKNOWN_DIGEST_TYPE 106
24#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 107
25#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 108
26#define PKCS7_R_WRONG_CONTENT_TYPE 109
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
index ee12f670a8..c42bd6d391 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -63,8 +63,17 @@
63extern "C" { 63extern "C" {
64#endif 64#endif
65 65
66#include "bio.h" 66#include <openssl/bio.h>
67#include "x509.h" 67#include <openssl/x509.h>
68
69#ifdef VMS
70#include <openssl/vms_idhacks.h>
71#endif
72
73#ifdef WIN32
74/* Under Win32 this is defined in wincrypt.h */
75#undef PKCS7_ISSUER_AND_SERIAL
76#endif
68 77
69/* 78/*
70Encryption_ID DES-CBC 79Encryption_ID DES-CBC
@@ -84,15 +93,18 @@ typedef struct pkcs7_signer_info_st
84 ASN1_INTEGER *version; /* version 1 */ 93 ASN1_INTEGER *version; /* version 1 */
85 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; 94 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
86 X509_ALGOR *digest_alg; 95 X509_ALGOR *digest_alg;
87 STACK /* X509_ATTRIBUTE */ *auth_attr; /* [ 0 ] */ 96 STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
88 X509_ALGOR *digest_enc_alg; 97 X509_ALGOR *digest_enc_alg;
89 ASN1_OCTET_STRING *enc_digest; 98 ASN1_OCTET_STRING *enc_digest;
90 STACK /* X509_ATTRIBUTE */ *unauth_attr; /* [ 1 ] */ 99 STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
91 100
92 /* The private key to sign with */ 101 /* The private key to sign with */
93 EVP_PKEY *pkey; 102 EVP_PKEY *pkey;
94 } PKCS7_SIGNER_INFO; 103 } PKCS7_SIGNER_INFO;
95 104
105DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
106DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
107
96typedef struct pkcs7_recip_info_st 108typedef struct pkcs7_recip_info_st
97 { 109 {
98 ASN1_INTEGER *version; /* version 0 */ 110 ASN1_INTEGER *version; /* version 0 */
@@ -102,13 +114,16 @@ typedef struct pkcs7_recip_info_st
102 X509 *cert; /* get the pub-key from this */ 114 X509 *cert; /* get the pub-key from this */
103 } PKCS7_RECIP_INFO; 115 } PKCS7_RECIP_INFO;
104 116
117DECLARE_STACK_OF(PKCS7_RECIP_INFO)
118DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
119
105typedef struct pkcs7_signed_st 120typedef struct pkcs7_signed_st
106 { 121 {
107 ASN1_INTEGER *version; /* version 1 */ 122 ASN1_INTEGER *version; /* version 1 */
108 STACK /* X509_ALGOR's */ *md_algs; /* md used */ 123 STACK_OF(X509_ALGOR) *md_algs; /* md used */
109 STACK /* X509 */ *cert; /* [ 0 ] */ 124 STACK_OF(X509) *cert; /* [ 0 ] */
110 STACK /* X509_CRL */ *crl; /* [ 1 ] */ 125 STACK_OF(X509_CRL) *crl; /* [ 1 ] */
111 STACK /* PKCS7_SIGNER_INFO */ *signer_info; 126 STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
112 127
113 struct pkcs7_st *contents; 128 struct pkcs7_st *contents;
114 } PKCS7_SIGNED; 129 } PKCS7_SIGNED;
@@ -120,25 +135,26 @@ typedef struct pkcs7_enc_content_st
120 ASN1_OBJECT *content_type; 135 ASN1_OBJECT *content_type;
121 X509_ALGOR *algorithm; 136 X509_ALGOR *algorithm;
122 ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ 137 ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
138 const EVP_CIPHER *cipher;
123 } PKCS7_ENC_CONTENT; 139 } PKCS7_ENC_CONTENT;
124 140
125typedef struct pkcs7_enveloped_st 141typedef struct pkcs7_enveloped_st
126 { 142 {
127 ASN1_INTEGER *version; /* version 0 */ 143 ASN1_INTEGER *version; /* version 0 */
128 STACK /* PKCS7_RECIP_INFO */ *recipientinfo; 144 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
129 PKCS7_ENC_CONTENT *enc_data; 145 PKCS7_ENC_CONTENT *enc_data;
130 } PKCS7_ENVELOPE; 146 } PKCS7_ENVELOPE;
131 147
132typedef struct pkcs7_signedandenveloped_st 148typedef struct pkcs7_signedandenveloped_st
133 { 149 {
134 ASN1_INTEGER *version; /* version 1 */ 150 ASN1_INTEGER *version; /* version 1 */
135 STACK /* X509_ALGOR's */ *md_algs; /* md used */ 151 STACK_OF(X509_ALGOR) *md_algs; /* md used */
136 STACK /* X509 */ *cert; /* [ 0 ] */ 152 STACK_OF(X509) *cert; /* [ 0 ] */
137 STACK /* X509_CRL */ *crl; /* [ 1 ] */ 153 STACK_OF(X509_CRL) *crl; /* [ 1 ] */
138 STACK /* PKCS7_SIGNER_INFO */ *signer_info; 154 STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
139 155
140 PKCS7_ENC_CONTENT *enc_data; 156 PKCS7_ENC_CONTENT *enc_data;
141 STACK /* PKCS7_RECIP_INFO */ *recipientinfo; 157 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
142 } PKCS7_SIGN_ENVELOPE; 158 } PKCS7_SIGN_ENVELOPE;
143 159
144typedef struct pkcs7_digest_st 160typedef struct pkcs7_digest_st
@@ -199,7 +215,12 @@ typedef struct pkcs7_st
199#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 215#define PKCS7_OP_SET_DETACHED_SIGNATURE 1
200#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 216#define PKCS7_OP_GET_DETACHED_SIGNATURE 2
201 217
218#define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
219#define PKCS7_get_attributes(si) ((si)->unauth_attr)
220
202#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) 221#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
222#define PKCS7_type_is_signedAndEnveloped(a) \
223 (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
203#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) 224#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
204 225
205#define PKCS7_set_detached(p,v) \ 226#define PKCS7_set_detached(p,v) \
@@ -208,14 +229,14 @@ typedef struct pkcs7_st
208 PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) 229 PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
209 230
210#ifdef SSLEAY_MACROS 231#ifdef SSLEAY_MACROS
211 232#ifndef PKCS7_ISSUER_AND_SERIAL_digest
212#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ 233#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
213 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ 234 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
214 (char *)data,md,len) 235 (char *)data,md,len)
215#endif 236#endif
237#endif
216 238
217 239
218#ifndef NOPROTO
219PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void ); 240PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
220void PKCS7_ISSUER_AND_SERIAL_free( 241void PKCS7_ISSUER_AND_SERIAL_free(
221 PKCS7_ISSUER_AND_SERIAL *a); 242 PKCS7_ISSUER_AND_SERIAL *a);
@@ -229,11 +250,11 @@ PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
229int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type, 250int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
230 unsigned char *md,unsigned int *len); 251 unsigned char *md,unsigned int *len);
231#ifndef NO_FP_API 252#ifndef NO_FP_API
232PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7); 253PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
233int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); 254int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
234#endif 255#endif
235PKCS7 *PKCS7_dup(PKCS7 *p7); 256PKCS7 *PKCS7_dup(PKCS7 *p7);
236PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7); 257PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
237int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); 258int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
238#endif 259#endif
239 260
@@ -314,107 +335,45 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
314int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); 335int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
315int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); 336int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
316int PKCS7_content_new(PKCS7 *p7, int nid); 337int PKCS7_content_new(PKCS7 *p7, int nid);
317int PKCS7_dataSign(PKCS7 *p7, BIO *bio);
318int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, 338int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
319 BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 339 BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
340int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
341 X509 *x509);
320 342
321BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); 343BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
322/*int PKCS7_DataFinal(PKCS7 *p7, BIO *bio); */ 344int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
345BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
346
323 347
324PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, 348PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
325 EVP_PKEY *pkey, EVP_MD *dgst); 349 EVP_PKEY *pkey, EVP_MD *dgst);
326X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); 350X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
327STACK *PKCS7_get_signer_info(PKCS7 *p7); 351STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
328 352
329PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); 353PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
330int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); 354int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
331int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); 355int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
332int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher); 356int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
333
334 357
358PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
359ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
360int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
361 void *data);
362int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
363 void *value);
364ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
365ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
366int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
367 STACK_OF(X509_ATTRIBUTE) *sk);
368int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
335 369
336#else
337 370
338PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new();
339void PKCS7_ISSUER_AND_SERIAL_free();
340int i2d_PKCS7_ISSUER_AND_SERIAL();
341PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL();
342
343#ifndef SSLEAY_MACROS
344int PKCS7_ISSUER_AND_SERIAL_digest();
345#ifndef NO_FP_API
346PKCS7 *d2i_PKCS7_fp();
347int i2d_PKCS7_fp();
348#endif
349PKCS7 *PKCS7_dup();
350PKCS7 *d2i_PKCS7_bio();
351int i2d_PKCS7_bio();
352
353#endif
354
355PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new();
356void PKCS7_SIGNER_INFO_free();
357int i2d_PKCS7_SIGNER_INFO();
358PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO();
359PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new();
360void PKCS7_RECIP_INFO_free();
361int i2d_PKCS7_RECIP_INFO();
362PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO();
363PKCS7_SIGNED *PKCS7_SIGNED_new();
364void PKCS7_SIGNED_free();
365int i2d_PKCS7_SIGNED();
366PKCS7_SIGNED *d2i_PKCS7_SIGNED();
367PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new();
368void PKCS7_ENC_CONTENT_free();
369int i2d_PKCS7_ENC_CONTENT();
370PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT();
371PKCS7_ENVELOPE *PKCS7_ENVELOPE_new();
372void PKCS7_ENVELOPE_free();
373int i2d_PKCS7_ENVELOPE();
374PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE();
375PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new();
376void PKCS7_SIGN_ENVELOPE_free();
377int i2d_PKCS7_SIGN_ENVELOPE();
378PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE();
379PKCS7_DIGEST *PKCS7_DIGEST_new();
380void PKCS7_DIGEST_free();
381int i2d_PKCS7_DIGEST();
382PKCS7_DIGEST *d2i_PKCS7_DIGEST();
383PKCS7_ENCRYPT *PKCS7_ENCRYPT_new();
384void PKCS7_ENCRYPT_free();
385int i2d_PKCS7_ENCRYPT();
386PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT();
387PKCS7 *PKCS7_new();
388void PKCS7_free();
389void PKCS7_content_free();
390int i2d_PKCS7();
391PKCS7 *d2i_PKCS7();
392
393void ERR_load_PKCS7_strings();
394
395long PKCS7_ctrl();
396int PKCS7_set_type();
397int PKCS7_set_content();
398int PKCS7_SIGNER_INFO_set();
399int PKCS7_add_signer();
400int PKCS7_add_certificate();
401int PKCS7_add_crl();
402int PKCS7_content_new();
403int PKCS7_dataSign();
404int PKCS7_dataVerify();
405BIO *PKCS7_dataInit();
406PKCS7_SIGNER_INFO *PKCS7_add_signature();
407X509 *PKCS7_cert_from_signer_info();
408STACK *PKCS7_get_signer_info();
409
410PKCS7_RECIP_INFO *PKCS7_add_recipient();
411int PKCS7_add_recipient_info();
412int PKCS7_RECIP_INFO_set();
413int PKCS7_set_cipher();
414
415#endif
416 371
417/* BEGIN ERROR CODES */ 372/* BEGIN ERROR CODES */
373/* The following lines are auto generated by the script mkerr.pl. Any changes
374 * made after this point may be overwritten when the script is next run.
375 */
376
418/* Error codes for the PKCS7 functions. */ 377/* Error codes for the PKCS7 functions. */
419 378
420/* Function codes. */ 379/* Function codes. */
@@ -423,25 +382,34 @@ int PKCS7_set_cipher();
423#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 382#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
424#define PKCS7_F_PKCS7_ADD_SIGNER 103 383#define PKCS7_F_PKCS7_ADD_SIGNER 103
425#define PKCS7_F_PKCS7_CTRL 104 384#define PKCS7_F_PKCS7_CTRL 104
385#define PKCS7_F_PKCS7_DATADECODE 112
426#define PKCS7_F_PKCS7_DATAINIT 105 386#define PKCS7_F_PKCS7_DATAINIT 105
427#define PKCS7_F_PKCS7_DATASIGN 106 387#define PKCS7_F_PKCS7_DATASIGN 106
428#define PKCS7_F_PKCS7_DATAVERIFY 107 388#define PKCS7_F_PKCS7_DATAVERIFY 107
429#define PKCS7_F_PKCS7_SET_CIPHER 108 389#define PKCS7_F_PKCS7_SET_CIPHER 108
430#define PKCS7_F_PKCS7_SET_CONTENT 109 390#define PKCS7_F_PKCS7_SET_CONTENT 109
431#define PKCS7_F_PKCS7_SET_TYPE 110 391#define PKCS7_F_PKCS7_SET_TYPE 110
392#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
432 393
433/* Reason codes. */ 394/* Reason codes. */
434#define PKCS7_R_INTERNAL_ERROR 100 395#define PKCS7_R_CIPHER_NOT_INITIALIZED 116
435#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 101 396#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
436#define PKCS7_R_SIGNATURE_FAILURE 102 397#define PKCS7_R_DIGEST_FAILURE 101
437#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 103 398#define PKCS7_R_INTERNAL_ERROR 102
438#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 104 399#define PKCS7_R_MISSING_CERIPEND_INFO 103
439#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 105 400#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
440#define PKCS7_R_UNKNOWN_DIGEST_TYPE 106 401#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
441#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 107 402#define PKCS7_R_SIGNATURE_FAILURE 105
442#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 108 403#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
443#define PKCS7_R_WRONG_CONTENT_TYPE 109 404#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
444 405#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
406#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109
407#define PKCS7_R_UNKNOWN_OPERATION 110
408#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111
409#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112
410#define PKCS7_R_WRONG_CONTENT_TYPE 113
411#define PKCS7_R_WRONG_PKCS7_TYPE 114
412
445#ifdef __cplusplus 413#ifdef __cplusplus
446} 414}
447#endif 415#endif
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
index f851057422..82be3c2ca1 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -1,63 +1,65 @@
1/* lib/pkcs7/pkcs7_err.c */ 1/* crypto/pkcs7/pkcs7err.c */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* ====================================================================
3 * All rights reserved. 3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
25 * are met: 7 * are met:
26 * 1. Redistributions of source code must retain the copyright 8 *
27 * notice, this list of conditions and the following disclaimer. 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
28 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in
30 * documentation and/or other materials provided with the distribution. 14 * the documentation and/or other materials provided with the
31 * 3. All advertising materials mentioning features or use of this software 15 * distribution.
32 * must display the following acknowledgement: 16 *
33 * "This product includes cryptographic software written by 17 * 3. All advertising materials mentioning features or use of this
34 * Eric Young (eay@cryptsoft.com)" 18 * software must display the following acknowledgment:
35 * The word 'cryptographic' can be left out if the rouines from the library 19 * "This product includes software developed by the OpenSSL Project
36 * being used are not cryptographic related :-). 20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
37 * 4. If you include any Windows specific code (or a derivative thereof) from 21 *
38 * the apps directory (application code) you must include an acknowledgement: 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 23 * endorse or promote products derived from this software without
40 * 24 * prior written permission. For written permission, please contact
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 25 * openssl-core@OpenSSL.org.
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 *
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * 5. Products derived from this software may not be called "OpenSSL"
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 * nor may "OpenSSL" appear in their names without prior written
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * permission of the OpenSSL Project.
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 *
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * 6. Redistributions of any form whatsoever must retain the following
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * acknowledgment:
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * "This product includes software developed by the OpenSSL Project
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
51 * SUCH DAMAGE. 35 *
52 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
53 * The licence and distribution terms for any publically available version or 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
55 * copied and put under another distribution licence 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
56 * [including the GNU Public Licence.] 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
57 */ 54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file.
58 */
59
58#include <stdio.h> 60#include <stdio.h>
59#include "err.h" 61#include <openssl/err.h>
60#include "pkcs7.h" 62#include <openssl/pkcs7.h>
61 63
62/* BEGIN ERROR CODES */ 64/* BEGIN ERROR CODES */
63#ifndef NO_ERR 65#ifndef NO_ERR
@@ -68,38 +70,47 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
68{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, 70{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"},
69{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, 71{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"},
70{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, 72{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"},
73{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"},
71{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, 74{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"},
72{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_dataSign"}, 75{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"},
73{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, 76{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"},
74{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, 77{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"},
75{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, 78{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"},
76{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, 79{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"},
77{0,NULL}, 80{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"},
81{0,NULL}
78 }; 82 };
79 83
80static ERR_STRING_DATA PKCS7_str_reasons[]= 84static ERR_STRING_DATA PKCS7_str_reasons[]=
81 { 85 {
86{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"},
87{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"},
88{PKCS7_R_DIGEST_FAILURE ,"digest failure"},
82{PKCS7_R_INTERNAL_ERROR ,"internal error"}, 89{PKCS7_R_INTERNAL_ERROR ,"internal error"},
90{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"},
91{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
83{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, 92{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
84{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, 93{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"},
85{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, 94{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"},
86{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, 95{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"},
87{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, 96{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"},
88{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, 97{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"},
98{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"},
89{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, 99{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"},
90{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, 100{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"},
91{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, 101{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"},
92{0,NULL}, 102{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"},
103{0,NULL}
93 }; 104 };
94 105
95#endif 106#endif
96 107
97void ERR_load_PKCS7_strings() 108void ERR_load_PKCS7_strings(void)
98 { 109 {
99 static int init=1; 110 static int init=1;
100 111
101 if (init); 112 if (init)
102 {; 113 {
103 init=0; 114 init=0;
104#ifndef NO_ERR 115#ifndef NO_ERR
105 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); 116 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
diff --git a/src/lib/libcrypto/pkcs7/sign.c b/src/lib/libcrypto/pkcs7/sign.c
index ead1cb65ca..d5f1154006 100644
--- a/src/lib/libcrypto/pkcs7/sign.c
+++ b/src/lib/libcrypto/pkcs7/sign.c
@@ -56,23 +56,23 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58#include <stdio.h> 58#include <stdio.h>
59#include "bio.h" 59#include <openssl/bio.h>
60#include "x509.h" 60#include <openssl/x509.h>
61#include "pem.h" 61#include <openssl/pem.h>
62#include <openssl/err.h>
62 63
63main(argc,argv) 64int main(argc,argv)
64int argc; 65int argc;
65char *argv[]; 66char *argv[];
66 { 67 {
67 X509 *x509; 68 X509 *x509;
68 EVP_PKEY *pkey; 69 EVP_PKEY *pkey;
69 PKCS7 *p7; 70 PKCS7 *p7;
70 PKCS7 *p7_data;
71 PKCS7_SIGNER_INFO *si; 71 PKCS7_SIGNER_INFO *si;
72 BIO *in; 72 BIO *in;
73 BIO *data,*p7bio; 73 BIO *data,*p7bio;
74 char buf[1024*4]; 74 char buf[1024*4];
75 int i,j; 75 int i;
76 int nodetach=0; 76 int nodetach=0;
77 77
78 EVP_add_digest(EVP_md2()); 78 EVP_add_digest(EVP_md2());
@@ -105,7 +105,12 @@ again:
105 p7=PKCS7_new(); 105 p7=PKCS7_new();
106 PKCS7_set_type(p7,NID_pkcs7_signed); 106 PKCS7_set_type(p7,NID_pkcs7_signed);
107 107
108 if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; 108 si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
109 if (si == NULL) goto err;
110
111 /* If you do this then you get signing time automatically added */
112 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
113 OBJ_nid2obj(NID_pkcs7_data));
109 114
110 /* we may want to add more */ 115 /* we may want to add more */
111 PKCS7_add_certificate(p7,x509); 116 PKCS7_add_certificate(p7,x509);
@@ -125,7 +130,7 @@ again:
125 BIO_write(p7bio,buf,i); 130 BIO_write(p7bio,buf,i);
126 } 131 }
127 132
128 if (!PKCS7_dataSign(p7,p7bio)) goto err; 133 if (!PKCS7_dataFinal(p7,p7bio)) goto err;
129 BIO_free(p7bio); 134 BIO_free(p7bio);
130 135
131 PEM_write_PKCS7(stdout,p7); 136 PEM_write_PKCS7(stdout,p7);
diff --git a/src/lib/libcrypto/pkcs7/verify.c b/src/lib/libcrypto/pkcs7/verify.c
index 0e1c1b26dc..32d9783e45 100644
--- a/src/lib/libcrypto/pkcs7/verify.c
+++ b/src/lib/libcrypto/pkcs7/verify.c
@@ -56,41 +56,41 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58#include <stdio.h> 58#include <stdio.h>
59#include "asn1.h" 59#include <openssl/bio.h>
60#include "bio.h" 60#include <openssl/asn1.h>
61#include "x509.h" 61#include <openssl/x509.h>
62#include "pem.h" 62#include <openssl/pem.h>
63#include <openssl/err.h>
64#include "example.h"
63 65
64int verify_callback(int ok, X509_STORE_CTX *ctx); 66int verify_callback(int ok, X509_STORE_CTX *ctx);
65 67
66BIO *bio_err=NULL; 68BIO *bio_err=NULL;
69BIO *bio_out=NULL;
67 70
68main(argc,argv) 71int main(argc,argv)
69int argc; 72int argc;
70char *argv[]; 73char *argv[];
71 { 74 {
72 X509 *x509,*x;
73 PKCS7 *p7; 75 PKCS7 *p7;
74 PKCS7_SIGNED *s;
75 PKCS7_SIGNER_INFO *si; 76 PKCS7_SIGNER_INFO *si;
76 PKCS7_ISSUER_AND_SERIAL *ias;
77 X509_STORE_CTX cert_ctx; 77 X509_STORE_CTX cert_ctx;
78 X509_STORE *cert_store=NULL; 78 X509_STORE *cert_store=NULL;
79 X509_LOOKUP *lookup=NULL;
80 BIO *data,*detached=NULL,*p7bio=NULL; 79 BIO *data,*detached=NULL,*p7bio=NULL;
81 char buf[1024*4]; 80 char buf[1024*4];
82 unsigned char *p,*pp; 81 char *pp;
83 int i,j,printit=0; 82 int i,printit=0;
84 STACK *sk; 83 STACK_OF(PKCS7_SIGNER_INFO) *sk;
85 84
86 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 85 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
86 bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
87 EVP_add_digest(EVP_md2()); 87 EVP_add_digest(EVP_md2());
88 EVP_add_digest(EVP_md5()); 88 EVP_add_digest(EVP_md5());
89 EVP_add_digest(EVP_sha1()); 89 EVP_add_digest(EVP_sha1());
90 EVP_add_digest(EVP_mdc2()); 90 EVP_add_digest(EVP_mdc2());
91 91
92 data=BIO_new(BIO_s_file()); 92 data=BIO_new(BIO_s_file());
93again: 93
94 pp=NULL; 94 pp=NULL;
95 while (argc > 1) 95 while (argc > 1)
96 { 96 {
@@ -131,10 +131,10 @@ again:
131 X509_STORE_load_locations(cert_store,NULL,"../../certs"); 131 X509_STORE_load_locations(cert_store,NULL,"../../certs");
132 X509_STORE_set_verify_cb_func(cert_store,verify_callback); 132 X509_STORE_set_verify_cb_func(cert_store,verify_callback);
133 133
134 ERR_clear_errors(); 134 ERR_clear_error();
135 135
136 /* We need to process the data */ 136 /* We need to process the data */
137 if (PKCS7_get_detached(p7)) 137 if ((PKCS7_get_detached(p7) || detached))
138 { 138 {
139 if (detached == NULL) 139 if (detached == NULL)
140 { 140 {
@@ -166,12 +166,29 @@ again:
166 } 166 }
167 167
168 /* Ok, first we need to, for each subject entry, see if we can verify */ 168 /* Ok, first we need to, for each subject entry, see if we can verify */
169 for (i=0; i<sk_num(sk); i++) 169 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
170 { 170 {
171 si=(PKCS7_SIGNER_INFO *)sk_value(sk,i); 171 ASN1_UTCTIME *tm;
172 char *str1,*str2;
173
174 si=sk_PKCS7_SIGNER_INFO_value(sk,i);
172 i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); 175 i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
173 if (i <= 0) 176 if (i <= 0)
174 goto err; 177 goto err;
178 printf("signer info\n");
179 if ((tm=get_signed_time(si)) != NULL)
180 {
181 BIO_printf(bio_out,"Signed time:");
182 ASN1_UTCTIME_print(bio_out,tm);
183 ASN1_UTCTIME_free(tm);
184 BIO_printf(bio_out,"\n");
185 }
186 if (get_signed_seq2string(si,&str1,&str2))
187 {
188 BIO_printf(bio_out,"String 1 is %s\n",str1);
189 BIO_printf(bio_out,"String 2 is %s\n",str2);
190 }
191
175 } 192 }
176 193
177 X509_STORE_free(cert_store); 194 X509_STORE_free(cert_store);
@@ -185,9 +202,7 @@ err:
185 } 202 }
186 203
187/* should be X509 * but we can just have them as char *. */ 204/* should be X509 * but we can just have them as char *. */
188int verify_callback(ok, ctx) 205int verify_callback(int ok, X509_STORE_CTX *ctx)
189int ok;
190X509_STORE_CTX *ctx;
191 { 206 {
192 char buf[256]; 207 char buf[256];
193 X509 *err_cert; 208 X509 *err_cert;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-02 07:29:10 +0000