1 files changed, 484 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
new file mode 100644
index 0000000000..985b07245c
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -0,0 +1,484 @@
+/* crypto/pkcs7/pk7_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+        {
+        int nid;
+        long ret;
+        nid=OBJ_obj2nid(p7->type);
+        switch (cmd)
+                {
+        case PKCS7_OP_SET_DETACHED_SIGNATURE:
+                if (nid == NID_pkcs7_signed)
+                        {
+                        ret=p7->detached=(int)larg;
+                        if (ret && PKCS7_type_is_data(p7->d.sign->contents))
+                                        {
+                                        ASN1_OCTET_STRING *os;
+                                        os=p7->d.sign->contents->d.data;
+                                        ASN1_OCTET_STRING_free(os);
+                                        p7->d.sign->contents->d.data = NULL;
+                                        }
+                        }
+                else
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        ret=0;
+                        }
+                break;
+        case PKCS7_OP_GET_DETACHED_SIGNATURE:
+                if (nid == NID_pkcs7_signed)
+                        {
+                        if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
+                                ret = 1;
+                        else ret = 0;
+                                
+                        p7->detached = ret;
+                        }
+                else
+                        {
+                        PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+                        ret=0;
+                        }
+                        
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
+                ret=0;
+                }
+        return(ret);
+        }
+int PKCS7_content_new(PKCS7 *p7, int type)
+        {
+        PKCS7 *ret=NULL;
+        if ((ret=PKCS7_new()) == NULL) goto err;
+        if (!PKCS7_set_type(ret,type)) goto err;
+        if (!PKCS7_set_content(p7,ret)) goto err;
+        return(1);
+err:
+        if (ret != NULL) PKCS7_free(ret);
+        return(0);
+        }
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+        {
+        int i;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                if (p7->d.sign->contents != NULL)
+                        PKCS7_free(p7->d.sign->contents);
+                p7->d.sign->contents=p7_data;
+                break;
+        case NID_pkcs7_digest:
+        case NID_pkcs7_data:
+        case NID_pkcs7_enveloped:
+        case NID_pkcs7_signedAndEnveloped:
+        case NID_pkcs7_encrypted:
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+int PKCS7_set_type(PKCS7 *p7, int type)
+        {
+        ASN1_OBJECT *obj;
+        /*PKCS7_content_free(p7);*/
+        obj=OBJ_nid2obj(type); /* will not fail */
+        switch (type)
+                {
+        case NID_pkcs7_signed:
+                p7->type=obj;
+                if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
+                        goto err;
+                ASN1_INTEGER_set(p7->d.sign->version,1);
+                break;
+        case NID_pkcs7_data:
+                p7->type=obj;
+                if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
+                        goto err;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                p7->type=obj;
+                if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
+                        == NULL) goto err;
+                ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+                p7->d.signed_and_enveloped->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
+        case NID_pkcs7_enveloped:
+                p7->type=obj;
+                if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
+                        == NULL) goto err;
+                ASN1_INTEGER_set(p7->d.enveloped->version,0);
+                p7->d.enveloped->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
+        case NID_pkcs7_encrypted:
+                p7->type=obj;
+                if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+                        == NULL) goto err;
+                ASN1_INTEGER_set(p7->d.encrypted->version,0);
+                p7->d.encrypted->enc_data->content_type
+                                                = OBJ_nid2obj(NID_pkcs7_data);
+                break;
+        case NID_pkcs7_digest:
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+                goto err;
+                }
+        return(1);
+err:
+        return(0);
+        }
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+        {
+        int i,j,nid;
+        X509_ALGOR *alg;
+        STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+        STACK_OF(X509_ALGOR) *md_sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                signer_sk=      p7->d.sign->signer_info;
+                md_sk=          p7->d.sign->md_algs;
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                signer_sk=      p7->d.signed_and_enveloped->signer_info;
+                md_sk=          p7->d.signed_and_enveloped->md_algs;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        nid=OBJ_obj2nid(psi->digest_alg->algorithm);
+        /* If the digest is not currently listed, add it */
+        j=0;
+        for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+                {
+                alg=sk_X509_ALGOR_value(md_sk,i);
+                if (OBJ_obj2nid(alg->algorithm) == nid)
+                        {
+                        j=1;
+                        break;
+                        }
+                }
+        if (!j) /* we need to add another algorithm */
+                {
+                if(!(alg=X509_ALGOR_new())
+                        || !(alg->parameter = ASN1_TYPE_new())) {
+                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
+                        return(0);
+                }
+                alg->algorithm=OBJ_nid2obj(nid);
+                alg->parameter->type = V_ASN1_NULL;
+                sk_X509_ALGOR_push(md_sk,alg);
+                }
+        sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
+        return(1);
+        }
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+        {
+        int i;
+        STACK_OF(X509) **sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                sk= &(p7->d.sign->cert);
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                sk= &(p7->d.signed_and_enveloped->cert);
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        if (*sk == NULL)
+                *sk=sk_X509_new_null();
+        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+        sk_X509_push(*sk,x509);
+        return(1);
+        }
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+        {
+        int i;
+        STACK_OF(X509_CRL) **sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signed:
+                sk= &(p7->d.sign->crl);
+                break;
+        case NID_pkcs7_signedAndEnveloped:
+                sk= &(p7->d.signed_and_enveloped->crl);
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        if (*sk == NULL)
+                *sk=sk_X509_CRL_new_null();
+        CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
+        sk_X509_CRL_push(*sk,crl);
+        return(1);
+        }
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+             const EVP_MD *dgst)
+        {
+        char is_dsa;
+        if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
+        else is_dsa = 0;
+        /* We now need to add another PKCS7_SIGNER_INFO entry */
+        ASN1_INTEGER_set(p7i->version,1);
+        X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                X509_get_issuer_name(x509));
+        /* because ASN1_INTEGER_set is used to set a 'long' we will do
+         * things the ugly way. */
+        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        p7i->issuer_and_serial->serial=
+                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+        /* lets keep the pkey around for a while */
+        CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
+        p7i->pkey=pkey;
+        /* Set the algorithms */
+        if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+        else    
+                p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
+        if (p7i->digest_alg->parameter != NULL)
+                ASN1_TYPE_free(p7i->digest_alg->parameter);
+        if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+                goto err;
+        p7i->digest_alg->parameter->type=V_ASN1_NULL;
+        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
+        if (p7i->digest_enc_alg->parameter != NULL)
+                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
+        if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
+        else {
+                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+                        goto err;
+                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+        }
+        return(1);
+err:
+        return(0);
+        }
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+             const EVP_MD *dgst)
+        {
+        PKCS7_SIGNER_INFO *si;
+        if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
+        if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
+        if (!PKCS7_add_signer(p7,si)) goto err;
+        return(si);
+err:
+        return(NULL);
+        }
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+        {
+        if (PKCS7_type_is_signed(p7))
+                {
+                return(p7->d.sign->signer_info);
+                }
+        else if (PKCS7_type_is_signedAndEnveloped(p7))
+                {
+                return(p7->d.signed_and_enveloped->signer_info);
+                }
+        else
+                return(NULL);
+        }
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+        {
+        PKCS7_RECIP_INFO *ri;
+        if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
+        if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
+        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
+        return(ri);
+err:
+        return(NULL);
+        }
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+        {
+        int i;
+        STACK_OF(PKCS7_RECIP_INFO) *sk;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                sk=     p7->d.signed_and_enveloped->recipientinfo;
+                break;
+        case NID_pkcs7_enveloped:
+                sk=     p7->d.enveloped->recipientinfo;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        sk_PKCS7_RECIP_INFO_push(sk,ri);
+        return(1);
+        }
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+        {
+        ASN1_INTEGER_set(p7i->version,0);
+        X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                X509_get_issuer_name(x509));
+        M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+        p7i->issuer_and_serial->serial=
+                M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+        X509_ALGOR_free(p7i->key_enc_algor);
+        p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
+        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+        p7i->cert=x509;
+        return(1);
+        }
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+        {
+        if (PKCS7_type_is_signed(p7))
+                return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                        si->issuer_and_serial->issuer,
+                        si->issuer_and_serial->serial));
+        else
+                return(NULL);
+        }
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+        {
+        int i;
+        ASN1_OBJECT *objtmp;
+        PKCS7_ENC_CONTENT *ec;
+        i=OBJ_obj2nid(p7->type);
+        switch (i)
+                {
+        case NID_pkcs7_signedAndEnveloped:
+                ec=p7->d.signed_and_enveloped->enc_data;
+                break;
+        case NID_pkcs7_enveloped:
+                ec=p7->d.enveloped->enc_data;
+                break;
+        default:
+                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
+                return(0);
+                }
+        /* Check cipher OID exists and has data in it*/
+        i = EVP_CIPHER_type(cipher);
+        if(i == NID_undef) {
+                PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                return(0);
+        }
+        objtmp = OBJ_nid2obj(i);
+        ec->cipher = cipher;
+        return 1;
+        }

diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c new file mode 100644 index 0000000000..985b07245c --- /dev/null +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -0,0 +1,484 @@
	1	/* crypto/pkcs7/pk7_lib.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "cryptlib.h"
	61	#include <openssl/objects.h>
	62	#include <openssl/x509.h>
	63
	64	long PKCS7_ctrl(PKCS7 p7, int cmd, long larg, char parg)
	65	{
	66	int nid;
	67	long ret;
	68
	69	nid=OBJ_obj2nid(p7->type);
	70
	71	switch (cmd)
	72	{
	73	case PKCS7_OP_SET_DETACHED_SIGNATURE:
	74	if (nid == NID_pkcs7_signed)
	75	{
	76	ret=p7->detached=(int)larg;
	77	if (ret && PKCS7_type_is_data(p7->d.sign->contents))
	78	{
	79	ASN1_OCTET_STRING *os;
	80	os=p7->d.sign->contents->d.data;
	81	ASN1_OCTET_STRING_free(os);
	82	p7->d.sign->contents->d.data = NULL;
	83	}
	84	}
	85	else
	86	{
	87	PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
	88	ret=0;
	89	}
	90	break;
	91	case PKCS7_OP_GET_DETACHED_SIGNATURE:
	92	if (nid == NID_pkcs7_signed)
	93	{
	94	if(!p7->d.sign \|\| !p7->d.sign->contents->d.ptr)
	95	ret = 1;
	96	else ret = 0;
	97
	98	p7->detached = ret;
	99	}
	100	else
	101	{
	102	PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
	103	ret=0;
	104	}
	105
	106	break;
	107	default:
	108	PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
	109	ret=0;
	110	}
	111	return(ret);
	112	}
	113
	114	int PKCS7_content_new(PKCS7 *p7, int type)
	115	{
	116	PKCS7 *ret=NULL;
	117
	118	if ((ret=PKCS7_new()) == NULL) goto err;
	119	if (!PKCS7_set_type(ret,type)) goto err;
	120	if (!PKCS7_set_content(p7,ret)) goto err;
	121
	122	return(1);
	123	err:
	124	if (ret != NULL) PKCS7_free(ret);
	125	return(0);
	126	}
	127
	128	int PKCS7_set_content(PKCS7 p7, PKCS7 p7_data)
	129	{
	130	int i;
	131
	132	i=OBJ_obj2nid(p7->type);
	133	switch (i)
	134	{
	135	case NID_pkcs7_signed:
	136	if (p7->d.sign->contents != NULL)
	137	PKCS7_free(p7->d.sign->contents);
	138	p7->d.sign->contents=p7_data;
	139	break;
	140	case NID_pkcs7_digest:
	141	case NID_pkcs7_data:
	142	case NID_pkcs7_enveloped:
	143	case NID_pkcs7_signedAndEnveloped:
	144	case NID_pkcs7_encrypted:
	145	default:
	146	PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
	147	goto err;
	148	}
	149	return(1);
	150	err:
	151	return(0);
	152	}
	153
	154	int PKCS7_set_type(PKCS7 *p7, int type)
	155	{
	156	ASN1_OBJECT *obj;
	157
	158	/PKCS7_content_free(p7);/
	159	obj=OBJ_nid2obj(type); /* will not fail */
	160
	161	switch (type)
	162	{
	163	case NID_pkcs7_signed:
	164	p7->type=obj;
	165	if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
	166	goto err;
	167	ASN1_INTEGER_set(p7->d.sign->version,1);
	168	break;
	169	case NID_pkcs7_data:
	170	p7->type=obj;
	171	if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
	172	goto err;
	173	break;
	174	case NID_pkcs7_signedAndEnveloped:
	175	p7->type=obj;
	176	if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
	177	== NULL) goto err;
	178	ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
	179	p7->d.signed_and_enveloped->enc_data->content_type
	180	= OBJ_nid2obj(NID_pkcs7_data);
	181	break;
	182	case NID_pkcs7_enveloped:
	183	p7->type=obj;
	184	if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
	185	== NULL) goto err;
	186	ASN1_INTEGER_set(p7->d.enveloped->version,0);
	187	p7->d.enveloped->enc_data->content_type
	188	= OBJ_nid2obj(NID_pkcs7_data);
	189	break;
	190	case NID_pkcs7_encrypted:
	191	p7->type=obj;
	192	if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
	193	== NULL) goto err;
	194	ASN1_INTEGER_set(p7->d.encrypted->version,0);
	195	p7->d.encrypted->enc_data->content_type
	196	= OBJ_nid2obj(NID_pkcs7_data);
	197	break;
	198
	199	case NID_pkcs7_digest:
	200	default:
	201	PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
	202	goto err;
	203	}
	204	return(1);
	205	err:
	206	return(0);
	207	}
	208
	209	int PKCS7_add_signer(PKCS7 p7, PKCS7_SIGNER_INFO psi)
	210	{
	211	int i,j,nid;
	212	X509_ALGOR *alg;
	213	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
	214	STACK_OF(X509_ALGOR) *md_sk;
	215
	216	i=OBJ_obj2nid(p7->type);
	217	switch (i)
	218	{
	219	case NID_pkcs7_signed:
	220	signer_sk= p7->d.sign->signer_info;
	221	md_sk= p7->d.sign->md_algs;
	222	break;
	223	case NID_pkcs7_signedAndEnveloped:
	224	signer_sk= p7->d.signed_and_enveloped->signer_info;
	225	md_sk= p7->d.signed_and_enveloped->md_algs;
	226	break;
	227	default:
	228	PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
	229	return(0);
	230	}
	231
	232	nid=OBJ_obj2nid(psi->digest_alg->algorithm);
	233
	234	/* If the digest is not currently listed, add it */
	235	j=0;
	236	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
	237	{
	238	alg=sk_X509_ALGOR_value(md_sk,i);
	239	if (OBJ_obj2nid(alg->algorithm) == nid)
	240	{
	241	j=1;
	242	break;
	243	}
	244	}
	245	if (!j) /* we need to add another algorithm */
	246	{
	247	if(!(alg=X509_ALGOR_new())
	248	\|\| !(alg->parameter = ASN1_TYPE_new())) {
	249	PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
	250	return(0);
	251	}
	252	alg->algorithm=OBJ_nid2obj(nid);
	253	alg->parameter->type = V_ASN1_NULL;
	254	sk_X509_ALGOR_push(md_sk,alg);
	255	}
	256
	257	sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
	258	return(1);
	259	}
	260
	261	int PKCS7_add_certificate(PKCS7 p7, X509 x509)
	262	{
	263	int i;
	264	STACK_OF(X509) **sk;
	265
	266	i=OBJ_obj2nid(p7->type);
	267	switch (i)
	268	{
	269	case NID_pkcs7_signed:
	270	sk= &(p7->d.sign->cert);
	271	break;
	272	case NID_pkcs7_signedAndEnveloped:
	273	sk= &(p7->d.signed_and_enveloped->cert);
	274	break;
	275	default:
	276	PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
	277	return(0);
	278	}
	279
	280	if (*sk == NULL)
	281	*sk=sk_X509_new_null();
	282	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
	283	sk_X509_push(*sk,x509);
	284	return(1);
	285	}
	286
	287	int PKCS7_add_crl(PKCS7 p7, X509_CRL crl)
	288	{
	289	int i;
	290	STACK_OF(X509_CRL) **sk;
	291
	292	i=OBJ_obj2nid(p7->type);
	293	switch (i)
	294	{
	295	case NID_pkcs7_signed:
	296	sk= &(p7->d.sign->crl);
	297	break;
	298	case NID_pkcs7_signedAndEnveloped:
	299	sk= &(p7->d.signed_and_enveloped->crl);
	300	break;
	301	default:
	302	PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
	303	return(0);
	304	}
	305
	306	if (*sk == NULL)
	307	*sk=sk_X509_CRL_new_null();
	308
	309	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
	310	sk_X509_CRL_push(*sk,crl);
	311	return(1);
	312	}
	313
	314	int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO p7i, X509 x509, EVP_PKEY *pkey,
	315	const EVP_MD *dgst)
	316	{
	317	char is_dsa;
	318	if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
	319	else is_dsa = 0;
	320	/* We now need to add another PKCS7_SIGNER_INFO entry */
	321	ASN1_INTEGER_set(p7i->version,1);
	322	X509_NAME_set(&p7i->issuer_and_serial->issuer,
	323	X509_get_issuer_name(x509));
	324
	325	/* because ASN1_INTEGER_set is used to set a 'long' we will do
	326	* things the ugly way. */
	327	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	328	p7i->issuer_and_serial->serial=
	329	M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
	330
	331	/* lets keep the pkey around for a while */
	332	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
	333	p7i->pkey=pkey;
	334
	335	/* Set the algorithms */
	336	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
	337	else
	338	p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
	339
	340	if (p7i->digest_alg->parameter != NULL)
	341	ASN1_TYPE_free(p7i->digest_alg->parameter);
	342	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
	343	goto err;
	344	p7i->digest_alg->parameter->type=V_ASN1_NULL;
	345
	346	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
	347
	348	if (p7i->digest_enc_alg->parameter != NULL)
	349	ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
	350	if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
	351	else {
	352	if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
	353	goto err;
	354	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
	355	}
	356
	357	return(1);
	358	err:
	359	return(0);
	360	}
	361
	362	PKCS7_SIGNER_INFO PKCS7_add_signature(PKCS7 p7, X509 x509, EVP_PKEY pkey,
	363	const EVP_MD *dgst)
	364	{
	365	PKCS7_SIGNER_INFO *si;
	366
	367	if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
	368	if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
	369	if (!PKCS7_add_signer(p7,si)) goto err;
	370	return(si);
	371	err:
	372	return(NULL);
	373	}
	374
	375	STACK_OF(PKCS7_SIGNER_INFO) PKCS7_get_signer_info(PKCS7 p7)
	376	{
	377	if (PKCS7_type_is_signed(p7))
	378	{
	379	return(p7->d.sign->signer_info);
	380	}
	381	else if (PKCS7_type_is_signedAndEnveloped(p7))
	382	{
	383	return(p7->d.signed_and_enveloped->signer_info);
	384	}
	385	else
	386	return(NULL);
	387	}
	388
	389	PKCS7_RECIP_INFO PKCS7_add_recipient(PKCS7 p7, X509 *x509)
	390	{
	391	PKCS7_RECIP_INFO *ri;
	392
	393	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
	394	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
	395	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
	396	return(ri);
	397	err:
	398	return(NULL);
	399	}
	400
	401	int PKCS7_add_recipient_info(PKCS7 p7, PKCS7_RECIP_INFO ri)
	402	{
	403	int i;
	404	STACK_OF(PKCS7_RECIP_INFO) *sk;
	405
	406	i=OBJ_obj2nid(p7->type);
	407	switch (i)
	408	{
	409	case NID_pkcs7_signedAndEnveloped:
	410	sk= p7->d.signed_and_enveloped->recipientinfo;
	411	break;
	412	case NID_pkcs7_enveloped:
	413	sk= p7->d.enveloped->recipientinfo;
	414	break;
	415	default:
	416	PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
	417	return(0);
	418	}
	419
	420	sk_PKCS7_RECIP_INFO_push(sk,ri);
	421	return(1);
	422	}
	423
	424	int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO p7i, X509 x509)
	425	{
	426	ASN1_INTEGER_set(p7i->version,0);
	427	X509_NAME_set(&p7i->issuer_and_serial->issuer,
	428	X509_get_issuer_name(x509));
	429
	430	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
	431	p7i->issuer_and_serial->serial=
	432	M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
	433
	434	X509_ALGOR_free(p7i->key_enc_algor);
	435	p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
	436
	437	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
	438	p7i->cert=x509;
	439
	440	return(1);
	441	}
	442
	443	X509 PKCS7_cert_from_signer_info(PKCS7 p7, PKCS7_SIGNER_INFO *si)
	444	{
	445	if (PKCS7_type_is_signed(p7))
	446	return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
	447	si->issuer_and_serial->issuer,
	448	si->issuer_and_serial->serial));
	449	else
	450	return(NULL);
	451	}
	452
	453	int PKCS7_set_cipher(PKCS7 p7, const EVP_CIPHER cipher)
	454	{
	455	int i;
	456	ASN1_OBJECT *objtmp;
	457	PKCS7_ENC_CONTENT *ec;
	458
	459	i=OBJ_obj2nid(p7->type);
	460	switch (i)
	461	{
	462	case NID_pkcs7_signedAndEnveloped:
	463	ec=p7->d.signed_and_enveloped->enc_data;
	464	break;
	465	case NID_pkcs7_enveloped:
	466	ec=p7->d.enveloped->enc_data;
	467	break;
	468	default:
	469	PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
	470	return(0);
	471	}
	472
	473	/* Check cipher OID exists and has data in it*/
	474	i = EVP_CIPHER_type(cipher);
	475	if(i == NID_undef) {
	476	PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
	477	return(0);
	478	}
	479	objtmp = OBJ_nid2obj(i);
	480
	481	ec->cipher = cipher;
	482	return 1;
	483	}
	484