1 files changed, 0 insertions, 797 deletions
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
deleted file mode 100644
index 4a799eb897..0000000000
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ /dev/null
@@ -1,797 +0,0 @@
-/* crypto/cms/cms_smime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
-        {
-        unsigned char buf[4096];
-        int r = 0, i;
-        BIO *tmpout = NULL;
-        if (out == NULL)
-                tmpout = BIO_new(BIO_s_null());
-        else if (flags & CMS_TEXT)
-                {
-                tmpout = BIO_new(BIO_s_mem());
-                BIO_set_mem_eof_return(tmpout, 0);
-                }
-        else
-                tmpout = out;
-        if(!tmpout)
-                {
-                CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* Read all content through chain to process digest, decrypt etc */
-        for (;;)
-        {
-                i=BIO_read(in,buf,sizeof(buf));
-                if (i <= 0)
-                        {
-                        if (BIO_method_type(in) == BIO_TYPE_CIPHER)
-                                {
-                                if (!BIO_get_cipher_status(in))
-                                        goto err;
-                                }
-                        if (i < 0)
-                                goto err;
-                        break;
-                        }
-                                
-                if (tmpout && (BIO_write(tmpout, buf, i) != i))
-                        goto err;
-        }
-        if(flags & CMS_TEXT)
-                {
-                if(!SMIME_text(tmpout, out))
-                        {
-                        CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
-                        goto err;
-                        }
-                }
-        r = 1;
-        err:
-        if (tmpout && (tmpout != out))
-                BIO_free(tmpout);
-        return r;
-        }
-static int check_content(CMS_ContentInfo *cms)
-        {
-        ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
-        if (!pos || !*pos)
-                {
-                CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
-                return 0;
-                }
-        return 1;
-        }
-static void do_free_upto(BIO *f, BIO *upto)
-        {
-        if (upto)
-                {
-                BIO *tbio;
-                do 
-                        {
-                        tbio = BIO_pop(f);
-                        BIO_free(f);
-                        f = tbio;
-                        }
-                while (f != upto);
-                }
-        else
-                BIO_free_all(f);
-        }
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
-        {
-        BIO *cont;
-        int r;
-        if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
-                {
-                CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
-                return 0;
-                }
-        cont = CMS_dataInit(cms, NULL);
-        if (!cont)
-                return 0;
-        r = cms_copy_content(out, cont, flags);
-        BIO_free_all(cont);
-        return r;
-        }
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
-        {
-        CMS_ContentInfo *cms;
-        cms = cms_Data_create();
-        if (!cms)
-                return NULL;
-        if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
-                return cms;
-        CMS_ContentInfo_free(cms);
-        return NULL;
-        }
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-                                                        unsigned int flags)
-        {
-        BIO *cont;
-        int r;
-        if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
-                {
-                CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
-                return 0;
-                }
-        if (!dcont && !check_content(cms))
-                return 0;
-        cont = CMS_dataInit(cms, dcont);
-        if (!cont)
-                return 0;
-        r = cms_copy_content(out, cont, flags);
-        if (r)
-                r = cms_DigestedData_do_final(cms, cont, 1);
-        do_free_upto(cont, dcont);
-        return r;
-        }
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-                                        unsigned int flags)
-        {
-        CMS_ContentInfo *cms;
-        if (!md)
-                md = EVP_sha1();
-        cms = cms_DigestedData_create(md);
-        if (!cms)
-                return NULL;
-        if(!(flags & CMS_DETACHED))
-                CMS_set_detached(cms, 0);
-        if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
-                return cms;
-        CMS_ContentInfo_free(cms);
-        return NULL;
-        }
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-                                const unsigned char *key, size_t keylen,
-                                BIO *dcont, BIO *out, unsigned int flags)
-        {
-        BIO *cont;
-        int r;
-        if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
-                {
-                CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
-                                        CMS_R_TYPE_NOT_ENCRYPTED_DATA);
-                return 0;
-                }
-        if (!dcont && !check_content(cms))
-                return 0;
-        if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
-                return 0;
-        cont = CMS_dataInit(cms, dcont);
-        if (!cont)
-                return 0;
-        r = cms_copy_content(out, cont, flags);
-        do_free_upto(cont, dcont);
-        return r;
-        }
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-                                        const unsigned char *key, size_t keylen,
-                                        unsigned int flags)
-        {
-        CMS_ContentInfo *cms;
-        if (!cipher)
-                {
-                CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
-                return NULL;
-                }
-        cms = CMS_ContentInfo_new();
-        if (!cms)
-                return NULL;
-        if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
-                return NULL;
-        if(!(flags & CMS_DETACHED))
-                CMS_set_detached(cms, 0);
-        if ((flags & (CMS_STREAM|CMS_PARTIAL))
-                || CMS_final(cms, in, NULL, flags))
-                return cms;
-        CMS_ContentInfo_free(cms);
-        return NULL;
-        }
-static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
-                                        X509_STORE *store,
-                                        STACK_OF(X509) *certs,
-                                        STACK_OF(X509_CRL) *crls,
-                                        unsigned int flags)
-        {
-        X509_STORE_CTX ctx;
-        X509 *signer;
-        int i, j, r = 0;
-        CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
-        if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
-                {
-                CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
-                                                CMS_R_STORE_INIT_ERROR);
-                goto err;
-                }
-        X509_STORE_CTX_set_default(&ctx, "smime_sign");
-        if (crls)
-                X509_STORE_CTX_set0_crls(&ctx, crls);
-        i = X509_verify_cert(&ctx);
-        if (i <= 0)
-                {
-                j = X509_STORE_CTX_get_error(&ctx);
-                CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
-                                                CMS_R_CERTIFICATE_VERIFY_ERROR);
-                ERR_add_error_data(2, "Verify error:",
-                                         X509_verify_cert_error_string(j));
-                goto err;
-                }
-        r = 1;
-        err:
-        X509_STORE_CTX_cleanup(&ctx);
-        return r;
-        }
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-                 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
-        {
-        CMS_SignerInfo *si;
-        STACK_OF(CMS_SignerInfo) *sinfos;
-        STACK_OF(X509) *cms_certs = NULL;
-        STACK_OF(X509_CRL) *crls = NULL;
-        X509 *signer;
-        int i, scount = 0, ret = 0;
-        BIO *cmsbio = NULL, *tmpin = NULL;
-        if (!dcont && !check_content(cms))
-                return 0;
-        /* Attempt to find all signer certificates */
-        sinfos = CMS_get0_SignerInfos(cms);
-        if (sk_CMS_SignerInfo_num(sinfos) <= 0)
-                {
-                CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
-                goto err;
-                }
-        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-                {
-                si = sk_CMS_SignerInfo_value(sinfos, i);
-                CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
-                if (signer)
-                        scount++;
-                }
-        if (scount != sk_CMS_SignerInfo_num(sinfos))
-                scount += CMS_set1_signers_certs(cms, certs, flags);
-        if (scount != sk_CMS_SignerInfo_num(sinfos))
-                {
-                CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
-                goto err;
-                }
-        /* Attempt to verify all signers certs */
-        if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
-                {
-                cms_certs = CMS_get1_certs(cms);
-                if (!(flags & CMS_NOCRL))
-                        crls = CMS_get1_crls(cms);
-                for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-                        {
-                        si = sk_CMS_SignerInfo_value(sinfos, i);
-                        if (!cms_signerinfo_verify_cert(si, store,
-                                                        cms_certs, crls, flags))
-                                goto err;
-                        }
-                }
-        /* Attempt to verify all SignerInfo signed attribute signatures */
-        if (!(flags & CMS_NO_ATTR_VERIFY))
-                {
-                for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-                        {
-                        si = sk_CMS_SignerInfo_value(sinfos, i);
-                        if (CMS_signed_get_attr_count(si) < 0)
-                                continue;
-                        if (CMS_SignerInfo_verify(si) <= 0)
-                                goto err;
-                        }
-                }
-        /* Performance optimization: if the content is a memory BIO then
-         * store its contents in a temporary read only memory BIO. This
-         * avoids potentially large numbers of slow copies of data which will
-         * occur when reading from a read write memory BIO when signatures
-         * are calculated.
-         */
-        if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
-                {
-                char *ptr;
-                long len;
-                len = BIO_get_mem_data(dcont, &ptr);
-                tmpin = BIO_new_mem_buf(ptr, len);
-                if (tmpin == NULL)
-                        {
-                        CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                }
-        else
-                tmpin = dcont;
-                
-        cmsbio=CMS_dataInit(cms, tmpin);
-        if (!cmsbio)
-                goto err;
-        if (!cms_copy_content(out, cmsbio, flags))
-                goto err;
-        if (!(flags & CMS_NO_CONTENT_VERIFY))
-                {
-                for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-                        {
-                        si = sk_CMS_SignerInfo_value(sinfos, i);
-                        if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
-                                {
-                                CMSerr(CMS_F_CMS_VERIFY,
-                                        CMS_R_CONTENT_VERIFY_ERROR);
-                                goto err;
-                                }
-                        }
-                }
-        ret = 1;
-        err:
-        
-        if (dcont && (tmpin == dcont))
-                do_free_upto(cmsbio, dcont);
-        else
-                BIO_free_all(cmsbio);
-        if (cms_certs)
-                sk_X509_pop_free(cms_certs, X509_free);
-        if (crls)
-                sk_X509_CRL_pop_free(crls, X509_CRL_free);
-        return ret;
-        }
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-                        STACK_OF(X509) *certs,
-                        X509_STORE *store, unsigned int flags)
-        {
-        int r;
-        flags &= ~(CMS_DETACHED|CMS_TEXT);
-        r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
-        if (r <= 0)
-                return r;
-        return cms_Receipt_verify(rcms, ocms);
-        }
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-                                                BIO *data, unsigned int flags)
-        {
-        CMS_ContentInfo *cms;
-        int i;
-        cms = CMS_ContentInfo_new();
-        if (!cms || !CMS_SignedData_init(cms))
-                goto merr;
-        if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
-                {
-                CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
-                goto err;
-                }
-        for (i = 0; i < sk_X509_num(certs); i++)
-                {
-                X509 *x = sk_X509_value(certs, i);
-                if (!CMS_add1_cert(cms, x))
-                        goto merr;
-                }
-        if(!(flags & CMS_DETACHED))
-                CMS_set_detached(cms, 0);
-        if ((flags & (CMS_STREAM|CMS_PARTIAL))
-                || CMS_final(cms, data, NULL, flags))
-                return cms;
-        else
-                goto err;
-        merr:
-        CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
-        err:
-        if (cms)
-                CMS_ContentInfo_free(cms);
-        return NULL;
-        }
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-                                        X509 *signcert, EVP_PKEY *pkey,
-                                        STACK_OF(X509) *certs,
-                                        unsigned int flags)
-        {
-        CMS_SignerInfo *rct_si;
-        CMS_ContentInfo *cms = NULL;
-        ASN1_OCTET_STRING **pos, *os;
-        BIO *rct_cont = NULL;
-        int r = 0;
-        flags &= ~(CMS_STREAM|CMS_TEXT);
-        /* Not really detached but avoids content being allocated */
-        flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
-        if (!pkey || !signcert)
-                {
-                CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
-                return NULL;
-                }
-        /* Initialize signed data */
-        cms = CMS_sign(NULL, NULL, certs, NULL, flags);
-        if (!cms)
-                goto err;
-        /* Set inner content type to signed receipt */
-        if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
-                goto err;
-        rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
-        if (!rct_si)
-                {
-                CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
-                goto err;
-                }
-        os = cms_encode_Receipt(si);
-        if (!os)
-                goto err;
-        /* Set content to digest */
-        rct_cont = BIO_new_mem_buf(os->data, os->length);
-        if (!rct_cont)
-                goto err;
-        /* Add msgSigDigest attribute */
-        if (!cms_msgSigDigest_add1(rct_si, si))
-                goto err;
-        /* Finalize structure */
-        if (!CMS_final(cms, rct_cont, NULL, flags))
-                goto err;
-        /* Set embedded content */
-        pos = CMS_get0_content(cms);
-        *pos = os;
-        r = 1;
-        err:
-        if (rct_cont)
-                BIO_free(rct_cont);
-        if (r)
-                return cms;
-        CMS_ContentInfo_free(cms);
-        return NULL;
-        }
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
-                                const EVP_CIPHER *cipher, unsigned int flags)
-        {
-        CMS_ContentInfo *cms;
-        int i;
-        X509 *recip;
-        cms = CMS_EnvelopedData_create(cipher);
-        if (!cms)
-                goto merr;
-        for (i = 0; i < sk_X509_num(certs); i++)
-                {
-                recip = sk_X509_value(certs, i);
-                if (!CMS_add1_recipient_cert(cms, recip, flags))
-                        {
-                        CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
-                        goto err;
-                        }
-                }
-        if(!(flags & CMS_DETACHED))
-                CMS_set_detached(cms, 0);
-        if ((flags & (CMS_STREAM|CMS_PARTIAL))
-                || CMS_final(cms, data, NULL, flags))
-                return cms;
-        else
-                goto err;
-        merr:
-        CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
-        err:
-        if (cms)
-                CMS_ContentInfo_free(cms);
-        return NULL;
-        }
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
-        {
-        STACK_OF(CMS_RecipientInfo) *ris;
-        CMS_RecipientInfo *ri;
-        int i, r;
-        ris = CMS_get0_RecipientInfos(cms);
-        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-                {
-                ri = sk_CMS_RecipientInfo_value(ris, i);
-                if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
-                                continue;
-                /* If we have a cert try matching RecipientInfo
-                 * otherwise try them all.
-                 */
-                if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
-                        {
-                        CMS_RecipientInfo_set0_pkey(ri, pk);
-                        r = CMS_RecipientInfo_decrypt(cms, ri);
-                        CMS_RecipientInfo_set0_pkey(ri, NULL);
-                        if (r > 0)
-                                return 1;
-                        if (cert)
-                                {
-                                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
-                                                CMS_R_DECRYPT_ERROR);
-                                return 0;
-                                }
-                        ERR_clear_error();
-                        }
-                }
-        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
-        return 0;
-        }
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
-                                unsigned char *key, size_t keylen,
-                                unsigned char *id, size_t idlen)
-        {
-        STACK_OF(CMS_RecipientInfo) *ris;
-        CMS_RecipientInfo *ri;
-        int i, r;
-        ris = CMS_get0_RecipientInfos(cms);
-        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-                {
-                ri = sk_CMS_RecipientInfo_value(ris, i);
-                if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
-                                continue;
-                /* If we have an id try matching RecipientInfo
-                 * otherwise try them all.
-                 */
-                if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
-                        {
-                        CMS_RecipientInfo_set0_key(ri, key, keylen);
-                        r = CMS_RecipientInfo_decrypt(cms, ri);
-                        CMS_RecipientInfo_set0_key(ri, NULL, 0);
-                        if (r > 0)
-                                return 1;
-                        if (id)
-                                {
-                                CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
-                                                CMS_R_DECRYPT_ERROR);
-                                return 0;
-                                }
-                        ERR_clear_error();
-                        }
-                }
-        CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
-        return 0;
-        }
-        
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
-                                BIO *dcont, BIO *out,
-                                unsigned int flags)
-        {
-        int r;
-        BIO *cont;
-        if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
-                {
-                CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
-                return 0;
-                }
-        if (!dcont && !check_content(cms))
-                return 0;
-        if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
-                return 0;
-        cont = CMS_dataInit(cms, dcont);
-        if (!cont)
-                return 0;
-        r = cms_copy_content(out, cont, flags);
-        do_free_upto(cont, dcont);
-        return r;
-        }
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
-        {
-        BIO *cmsbio;
-        int ret = 0;
-        if (!(cmsbio = CMS_dataInit(cms, dcont)))
-                {
-                CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        SMIME_crlf_copy(data, cmsbio, flags);
-        (void)BIO_flush(cmsbio);
-        if (!CMS_dataFinal(cms, cmsbio))
-                {
-                CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
-                goto err;
-                }
-        ret = 1;
-        err:
-        do_free_upto(cmsbio, dcont);
-        return ret;
-        }
-#ifdef ZLIB
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-                                                        unsigned int flags)
-        {
-        BIO *cont;
-        int r;
-        if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
-                {
-                CMSerr(CMS_F_CMS_UNCOMPRESS,
-                                        CMS_R_TYPE_NOT_COMPRESSED_DATA);
-                return 0;
-                }
-        if (!dcont && !check_content(cms))
-                return 0;
-        cont = CMS_dataInit(cms, dcont);
-        if (!cont)
-                return 0;
-        r = cms_copy_content(out, cont, flags);
-        do_free_upto(cont, dcont);
-        return r;
-        }
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
-        {
-        CMS_ContentInfo *cms;
-        if (comp_nid <= 0)
-                comp_nid = NID_zlib_compression;
-        cms = cms_CompressedData_create(comp_nid);
-        if (!cms)
-                return NULL;
-        if(!(flags & CMS_DETACHED))
-                CMS_set_detached(cms, 0);
-        if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
-                return cms;
-        CMS_ContentInfo_free(cms);
-        return NULL;
-        }
-#else
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-                                                        unsigned int flags)
-        {
-        CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-        return 0;
-        }
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
-        {
-        CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-        return NULL;
-        }
-#endif

diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c deleted file mode 100644 index 4a799eb897..0000000000 --- a/src/lib/libcrypto/cms/cms_smime.c +++ /dev/null
@@ -1,797 +0,0 @@
1	/* crypto/cms/cms_smime.c */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*/
53
54	#include "cryptlib.h"
55	#include <openssl/asn1t.h>
56	#include <openssl/x509.h>
57	#include <openssl/x509v3.h>
58	#include <openssl/err.h>
59	#include <openssl/cms.h>
60	#include "cms_lcl.h"
61
62	static int cms_copy_content(BIO out, BIO in, unsigned int flags)
63	{
64	unsigned char buf[4096];
65	int r = 0, i;
66	BIO *tmpout = NULL;
67
68	if (out == NULL)
69	tmpout = BIO_new(BIO_s_null());
70	else if (flags & CMS_TEXT)
71	{
72	tmpout = BIO_new(BIO_s_mem());
73	BIO_set_mem_eof_return(tmpout, 0);
74	}
75	else
76	tmpout = out;
77
78	if(!tmpout)
79	{
80	CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
81	goto err;
82	}
83
84	/* Read all content through chain to process digest, decrypt etc */
85	for (;;)
86	{
87	i=BIO_read(in,buf,sizeof(buf));
88	if (i <= 0)
89	{
90	if (BIO_method_type(in) == BIO_TYPE_CIPHER)
91	{
92	if (!BIO_get_cipher_status(in))
93	goto err;
94	}
95	if (i < 0)
96	goto err;
97	break;
98	}
99
100	if (tmpout && (BIO_write(tmpout, buf, i) != i))
101	goto err;
102	}
103
104	if(flags & CMS_TEXT)
105	{
106	if(!SMIME_text(tmpout, out))
107	{
108	CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
109	goto err;
110	}
111	}
112
113	r = 1;
114
115	err:
116	if (tmpout && (tmpout != out))
117	BIO_free(tmpout);
118	return r;
119
120	}
121
122	static int check_content(CMS_ContentInfo *cms)
123	{
124	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
125	if (!pos \|\| !*pos)
126	{
127	CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
128	return 0;
129	}
130	return 1;
131	}
132
133	static void do_free_upto(BIO f, BIO upto)
134	{
135	if (upto)
136	{
137	BIO *tbio;
138	do
139	{
140	tbio = BIO_pop(f);
141	BIO_free(f);
142	f = tbio;
143	}
144	while (f != upto);
145	}
146	else
147	BIO_free_all(f);
148	}
149
150	int CMS_data(CMS_ContentInfo cms, BIO out, unsigned int flags)
151	{
152	BIO *cont;
153	int r;
154	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
155	{
156	CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
157	return 0;
158	}
159	cont = CMS_dataInit(cms, NULL);
160	if (!cont)
161	return 0;
162	r = cms_copy_content(out, cont, flags);
163	BIO_free_all(cont);
164	return r;
165	}
166
167	CMS_ContentInfo CMS_data_create(BIO in, unsigned int flags)
168	{
169	CMS_ContentInfo *cms;
170	cms = cms_Data_create();
171	if (!cms)
172	return NULL;
173
174	if ((flags & CMS_STREAM) \|\| CMS_final(cms, in, NULL, flags))
175	return cms;
176
177	CMS_ContentInfo_free(cms);
178
179	return NULL;
180	}
181
182	int CMS_digest_verify(CMS_ContentInfo cms, BIO dcont, BIO *out,
183	unsigned int flags)
184	{
185	BIO *cont;
186	int r;
187	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
188	{
189	CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
190	return 0;
191	}
192
193	if (!dcont && !check_content(cms))
194	return 0;
195
196	cont = CMS_dataInit(cms, dcont);
197	if (!cont)
198	return 0;
199	r = cms_copy_content(out, cont, flags);
200	if (r)
201	r = cms_DigestedData_do_final(cms, cont, 1);
202	do_free_upto(cont, dcont);
203	return r;
204	}
205
206	CMS_ContentInfo CMS_digest_create(BIO in, const EVP_MD *md,
207	unsigned int flags)
208	{
209	CMS_ContentInfo *cms;
210	if (!md)
211	md = EVP_sha1();
212	cms = cms_DigestedData_create(md);
213	if (!cms)
214	return NULL;
215
216	if(!(flags & CMS_DETACHED))
217	CMS_set_detached(cms, 0);
218
219	if ((flags & CMS_STREAM) \|\| CMS_final(cms, in, NULL, flags))
220	return cms;
221
222	CMS_ContentInfo_free(cms);
223	return NULL;
224	}
225
226	int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
227	const unsigned char *key, size_t keylen,
228	BIO dcont, BIO out, unsigned int flags)
229	{
230	BIO *cont;
231	int r;
232	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
233	{
234	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
235	CMS_R_TYPE_NOT_ENCRYPTED_DATA);
236	return 0;
237	}
238
239	if (!dcont && !check_content(cms))
240	return 0;
241
242	if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
243	return 0;
244	cont = CMS_dataInit(cms, dcont);
245	if (!cont)
246	return 0;
247	r = cms_copy_content(out, cont, flags);
248	do_free_upto(cont, dcont);
249	return r;
250	}
251
252	CMS_ContentInfo CMS_EncryptedData_encrypt(BIO in, const EVP_CIPHER *cipher,
253	const unsigned char *key, size_t keylen,
254	unsigned int flags)
255	{
256	CMS_ContentInfo *cms;
257	if (!cipher)
258	{
259	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
260	return NULL;
261	}
262	cms = CMS_ContentInfo_new();
263	if (!cms)
264	return NULL;
265	if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
266	return NULL;
267
268	if(!(flags & CMS_DETACHED))
269	CMS_set_detached(cms, 0);
270
271	if ((flags & (CMS_STREAM\|CMS_PARTIAL))
272	\|\| CMS_final(cms, in, NULL, flags))
273	return cms;
274
275	CMS_ContentInfo_free(cms);
276	return NULL;
277	}
278
279	static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
280	X509_STORE *store,
281	STACK_OF(X509) *certs,
282	STACK_OF(X509_CRL) *crls,
283	unsigned int flags)
284	{
285	X509_STORE_CTX ctx;
286	X509 *signer;
287	int i, j, r = 0;
288	CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
289	if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
290	{
291	CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
292	CMS_R_STORE_INIT_ERROR);
293	goto err;
294	}
295	X509_STORE_CTX_set_default(&ctx, "smime_sign");
296	if (crls)
297	X509_STORE_CTX_set0_crls(&ctx, crls);
298
299	i = X509_verify_cert(&ctx);
300	if (i <= 0)
301	{
302	j = X509_STORE_CTX_get_error(&ctx);
303	CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
304	CMS_R_CERTIFICATE_VERIFY_ERROR);
305	ERR_add_error_data(2, "Verify error:",
306	X509_verify_cert_error_string(j));
307	goto err;
308	}
309	r = 1;
310	err:
311	X509_STORE_CTX_cleanup(&ctx);
312	return r;
313
314	}
315
316	int CMS_verify(CMS_ContentInfo cms, STACK_OF(X509) certs,
317	X509_STORE store, BIO dcont, BIO *out, unsigned int flags)
318	{
319	CMS_SignerInfo *si;
320	STACK_OF(CMS_SignerInfo) *sinfos;
321	STACK_OF(X509) *cms_certs = NULL;
322	STACK_OF(X509_CRL) *crls = NULL;
323	X509 *signer;
324	int i, scount = 0, ret = 0;
325	BIO cmsbio = NULL, tmpin = NULL;
326
327	if (!dcont && !check_content(cms))
328	return 0;
329
330	/* Attempt to find all signer certificates */
331
332	sinfos = CMS_get0_SignerInfos(cms);
333
334	if (sk_CMS_SignerInfo_num(sinfos) <= 0)
335	{
336	CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
337	goto err;
338	}
339
340	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
341	{
342	si = sk_CMS_SignerInfo_value(sinfos, i);
343	CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
344	if (signer)
345	scount++;
346	}
347
348	if (scount != sk_CMS_SignerInfo_num(sinfos))
349	scount += CMS_set1_signers_certs(cms, certs, flags);
350
351	if (scount != sk_CMS_SignerInfo_num(sinfos))
352	{
353	CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
354	goto err;
355	}
356
357	/* Attempt to verify all signers certs */
358
359	if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
360	{
361	cms_certs = CMS_get1_certs(cms);
362	if (!(flags & CMS_NOCRL))
363	crls = CMS_get1_crls(cms);
364	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
365	{
366	si = sk_CMS_SignerInfo_value(sinfos, i);
367	if (!cms_signerinfo_verify_cert(si, store,
368	cms_certs, crls, flags))
369	goto err;
370	}
371	}
372
373	/* Attempt to verify all SignerInfo signed attribute signatures */
374
375	if (!(flags & CMS_NO_ATTR_VERIFY))
376	{
377	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
378	{
379	si = sk_CMS_SignerInfo_value(sinfos, i);
380	if (CMS_signed_get_attr_count(si) < 0)
381	continue;
382	if (CMS_SignerInfo_verify(si) <= 0)
383	goto err;
384	}
385	}
386
387	/* Performance optimization: if the content is a memory BIO then
388	* store its contents in a temporary read only memory BIO. This
389	* avoids potentially large numbers of slow copies of data which will
390	* occur when reading from a read write memory BIO when signatures
391	* are calculated.
392	*/
393
394	if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
395	{
396	char *ptr;
397	long len;
398	len = BIO_get_mem_data(dcont, &ptr);
399	tmpin = BIO_new_mem_buf(ptr, len);
400	if (tmpin == NULL)
401	{
402	CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
403	return 0;
404	}
405	}
406	else
407	tmpin = dcont;
408
409
410	cmsbio=CMS_dataInit(cms, tmpin);
411	if (!cmsbio)
412	goto err;
413
414	if (!cms_copy_content(out, cmsbio, flags))
415	goto err;
416
417	if (!(flags & CMS_NO_CONTENT_VERIFY))
418	{
419	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
420	{
421	si = sk_CMS_SignerInfo_value(sinfos, i);
422	if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
423	{
424	CMSerr(CMS_F_CMS_VERIFY,
425	CMS_R_CONTENT_VERIFY_ERROR);
426	goto err;
427	}
428	}
429	}
430
431	ret = 1;
432
433	err:
434
435	if (dcont && (tmpin == dcont))
436	do_free_upto(cmsbio, dcont);
437	else
438	BIO_free_all(cmsbio);
439
440	if (cms_certs)
441	sk_X509_pop_free(cms_certs, X509_free);
442	if (crls)
443	sk_X509_CRL_pop_free(crls, X509_CRL_free);
444
445	return ret;
446	}
447
448	int CMS_verify_receipt(CMS_ContentInfo rcms, CMS_ContentInfo ocms,
449	STACK_OF(X509) *certs,
450	X509_STORE *store, unsigned int flags)
451	{
452	int r;
453	flags &= ~(CMS_DETACHED\|CMS_TEXT);
454	r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
455	if (r <= 0)
456	return r;
457	return cms_Receipt_verify(rcms, ocms);
458	}
459
460	CMS_ContentInfo CMS_sign(X509 signcert, EVP_PKEY pkey, STACK_OF(X509) certs,
461	BIO *data, unsigned int flags)
462	{
463	CMS_ContentInfo *cms;
464	int i;
465
466	cms = CMS_ContentInfo_new();
467	if (!cms \|\| !CMS_SignedData_init(cms))
468	goto merr;
469
470	if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
471	{
472	CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
473	goto err;
474	}
475
476	for (i = 0; i < sk_X509_num(certs); i++)
477	{
478	X509 *x = sk_X509_value(certs, i);
479	if (!CMS_add1_cert(cms, x))
480	goto merr;
481	}
482
483	if(!(flags & CMS_DETACHED))
484	CMS_set_detached(cms, 0);
485
486	if ((flags & (CMS_STREAM\|CMS_PARTIAL))
487	\|\| CMS_final(cms, data, NULL, flags))
488	return cms;
489	else
490	goto err;
491
492	merr:
493	CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
494
495	err:
496	if (cms)
497	CMS_ContentInfo_free(cms);
498	return NULL;
499	}
500
501	CMS_ContentInfo CMS_sign_receipt(CMS_SignerInfo si,
502	X509 signcert, EVP_PKEY pkey,
503	STACK_OF(X509) *certs,
504	unsigned int flags)
505	{
506	CMS_SignerInfo *rct_si;
507	CMS_ContentInfo *cms = NULL;
508	ASN1_OCTET_STRING *pos, os;
509	BIO *rct_cont = NULL;
510	int r = 0;
511
512	flags &= ~(CMS_STREAM\|CMS_TEXT);
513	/* Not really detached but avoids content being allocated */
514	flags \|= CMS_PARTIAL\|CMS_BINARY\|CMS_DETACHED;
515	if (!pkey \|\| !signcert)
516	{
517	CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
518	return NULL;
519	}
520
521	/* Initialize signed data */
522
523	cms = CMS_sign(NULL, NULL, certs, NULL, flags);
524	if (!cms)
525	goto err;
526
527	/* Set inner content type to signed receipt */
528	if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
529	goto err;
530
531	rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
532	if (!rct_si)
533	{
534	CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
535	goto err;
536	}
537
538	os = cms_encode_Receipt(si);
539
540	if (!os)
541	goto err;
542
543	/* Set content to digest */
544	rct_cont = BIO_new_mem_buf(os->data, os->length);
545	if (!rct_cont)
546	goto err;
547
548	/* Add msgSigDigest attribute */
549
550	if (!cms_msgSigDigest_add1(rct_si, si))
551	goto err;
552
553	/* Finalize structure */
554	if (!CMS_final(cms, rct_cont, NULL, flags))
555	goto err;
556
557	/* Set embedded content */
558	pos = CMS_get0_content(cms);
559	*pos = os;
560
561	r = 1;
562
563	err:
564	if (rct_cont)
565	BIO_free(rct_cont);
566	if (r)
567	return cms;
568	CMS_ContentInfo_free(cms);
569	return NULL;
570
571	}
572
573	CMS_ContentInfo CMS_encrypt(STACK_OF(X509) certs, BIO *data,
574	const EVP_CIPHER *cipher, unsigned int flags)
575	{
576	CMS_ContentInfo *cms;
577	int i;
578	X509 *recip;
579	cms = CMS_EnvelopedData_create(cipher);
580	if (!cms)
581	goto merr;
582	for (i = 0; i < sk_X509_num(certs); i++)
583	{
584	recip = sk_X509_value(certs, i);
585	if (!CMS_add1_recipient_cert(cms, recip, flags))
586	{
587	CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
588	goto err;
589	}
590	}
591
592	if(!(flags & CMS_DETACHED))
593	CMS_set_detached(cms, 0);
594
595	if ((flags & (CMS_STREAM\|CMS_PARTIAL))
596	\|\| CMS_final(cms, data, NULL, flags))
597	return cms;
598	else
599	goto err;
600
601	merr:
602	CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
603	err:
604	if (cms)
605	CMS_ContentInfo_free(cms);
606	return NULL;
607	}
608
609	int CMS_decrypt_set1_pkey(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert)
610	{
611	STACK_OF(CMS_RecipientInfo) *ris;
612	CMS_RecipientInfo *ri;
613	int i, r;
614	ris = CMS_get0_RecipientInfos(cms);
615	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
616	{
617	ri = sk_CMS_RecipientInfo_value(ris, i);
618	if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
619	continue;
620	/* If we have a cert try matching RecipientInfo
621	* otherwise try them all.
622	*/
623	if (!cert \|\| (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
624	{
625	CMS_RecipientInfo_set0_pkey(ri, pk);
626	r = CMS_RecipientInfo_decrypt(cms, ri);
627	CMS_RecipientInfo_set0_pkey(ri, NULL);
628	if (r > 0)
629	return 1;
630	if (cert)
631	{
632	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
633	CMS_R_DECRYPT_ERROR);
634	return 0;
635	}
636	ERR_clear_error();
637	}
638	}
639
640	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
641	return 0;
642
643	}
644
645	int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
646	unsigned char *key, size_t keylen,
647	unsigned char *id, size_t idlen)
648	{
649	STACK_OF(CMS_RecipientInfo) *ris;
650	CMS_RecipientInfo *ri;
651	int i, r;
652	ris = CMS_get0_RecipientInfos(cms);
653	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
654	{
655	ri = sk_CMS_RecipientInfo_value(ris, i);
656	if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
657	continue;
658
659	/* If we have an id try matching RecipientInfo
660	* otherwise try them all.
661	*/
662	if (!id \|\| (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
663	{
664	CMS_RecipientInfo_set0_key(ri, key, keylen);
665	r = CMS_RecipientInfo_decrypt(cms, ri);
666	CMS_RecipientInfo_set0_key(ri, NULL, 0);
667	if (r > 0)
668	return 1;
669	if (id)
670	{
671	CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
672	CMS_R_DECRYPT_ERROR);
673	return 0;
674	}
675	ERR_clear_error();
676	}
677	}
678
679	CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
680	return 0;
681
682	}
683
684	int CMS_decrypt(CMS_ContentInfo cms, EVP_PKEY pk, X509 *cert,
685	BIO dcont, BIO out,
686	unsigned int flags)
687	{
688	int r;
689	BIO *cont;
690	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
691	{
692	CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
693	return 0;
694	}
695	if (!dcont && !check_content(cms))
696	return 0;
697	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
698	return 0;
699
700	cont = CMS_dataInit(cms, dcont);
701	if (!cont)
702	return 0;
703	r = cms_copy_content(out, cont, flags);
704	do_free_upto(cont, dcont);
705	return r;
706	}
707
708	int CMS_final(CMS_ContentInfo cms, BIO data, BIO *dcont, unsigned int flags)
709	{
710	BIO *cmsbio;
711	int ret = 0;
712	if (!(cmsbio = CMS_dataInit(cms, dcont)))
713	{
714	CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
715	return 0;
716	}
717
718	SMIME_crlf_copy(data, cmsbio, flags);
719
720	(void)BIO_flush(cmsbio);
721
722
723	if (!CMS_dataFinal(cms, cmsbio))
724	{
725	CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
726	goto err;
727	}
728
729	ret = 1;
730
731	err:
732	do_free_upto(cmsbio, dcont);
733
734	return ret;
735
736	}
737
738	#ifdef ZLIB
739
740	int CMS_uncompress(CMS_ContentInfo cms, BIO dcont, BIO *out,
741	unsigned int flags)
742	{
743	BIO *cont;
744	int r;
745	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
746	{
747	CMSerr(CMS_F_CMS_UNCOMPRESS,
748	CMS_R_TYPE_NOT_COMPRESSED_DATA);
749	return 0;
750	}
751
752	if (!dcont && !check_content(cms))
753	return 0;
754
755	cont = CMS_dataInit(cms, dcont);
756	if (!cont)
757	return 0;
758	r = cms_copy_content(out, cont, flags);
759	do_free_upto(cont, dcont);
760	return r;
761	}
762
763	CMS_ContentInfo CMS_compress(BIO in, int comp_nid, unsigned int flags)
764	{
765	CMS_ContentInfo *cms;
766	if (comp_nid <= 0)
767	comp_nid = NID_zlib_compression;
768	cms = cms_CompressedData_create(comp_nid);
769	if (!cms)
770	return NULL;
771
772	if(!(flags & CMS_DETACHED))
773	CMS_set_detached(cms, 0);
774
775	if ((flags & CMS_STREAM) \|\| CMS_final(cms, in, NULL, flags))
776	return cms;
777
778	CMS_ContentInfo_free(cms);
779	return NULL;
780	}
781
782	#else
783
784	int CMS_uncompress(CMS_ContentInfo cms, BIO dcont, BIO *out,
785	unsigned int flags)
786	{
787	CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
788	return 0;
789	}
790
791	CMS_ContentInfo CMS_compress(BIO in, int comp_nid, unsigned int flags)
792	{
793	CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
794	return NULL;
795	}
796
797	#endif