1 files changed, 0 insertions, 469 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
deleted file mode 100644
index 99a0d63f38..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ /dev/null
@@ -1,469 +0,0 @@
-/* pk7_smime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Simple PKCS#7 processing functions */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-                  BIO *data, int flags)
-{
-        PKCS7 *p7;
-        PKCS7_SIGNER_INFO *si;
-        BIO *p7bio;
-        STACK_OF(X509_ALGOR) *smcap;
-        int i;
-        if(!X509_check_private_key(signcert, pkey)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return NULL;
-        }
-        if(!(p7 = PKCS7_new())) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        PKCS7_set_type(p7, NID_pkcs7_signed);
-        PKCS7_content_new(p7, NID_pkcs7_data);
-        if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
-                return NULL;
-        }
-        if(!(flags & PKCS7_NOCERTS)) {
-                PKCS7_add_certificate(p7, signcert);
-                if(certs) for(i = 0; i < sk_X509_num(certs); i++)
-                        PKCS7_add_certificate(p7, sk_X509_value(certs, i));
-        }
-        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        SMIME_crlf_copy(data, p7bio, flags);
-        if(!(flags & PKCS7_NOATTR)) {
-                PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
-                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
-                /* Add SMIMECapabilities */
-                if(!(flags & PKCS7_NOSMIMECAP))
-                {
-                if(!(smcap = sk_X509_ALGOR_new_null())) {
-                        PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                        return NULL;
-                }
-#ifndef OPENSSL_NO_DES
-                PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
-#endif
-#ifndef OPENSSL_NO_RC2
-                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
-                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
-#endif
-#ifndef OPENSSL_NO_DES
-                PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
-#endif
-#ifndef OPENSSL_NO_RC2
-                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
-#endif
-                PKCS7_add_attrib_smimecap (si, smcap);
-                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-                }
-        }
-        if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
-        if (!PKCS7_dataFinal(p7,p7bio)) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
-                return NULL;
-        }
-        BIO_free_all(p7bio);
-        return p7;
-}
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-                                        BIO *indata, BIO *out, int flags)
-{
-        STACK_OF(X509) *signers;
-        X509 *signer;
-        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-        PKCS7_SIGNER_INFO *si;
-        X509_STORE_CTX cert_ctx;
-        char buf[4096];
-        int i, j=0, k, ret = 0;
-        BIO *p7bio;
-        BIO *tmpin, *tmpout;
-        if(!p7) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
-                return 0;
-        }
-        if(!PKCS7_type_is_signed(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
-                return 0;
-        }
-        /* Check for no data and no content: no data to verify signature */
-        if(PKCS7_get_detached(p7) && !indata) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
-                return 0;
-        }
-#if 0
-        /* NB: this test commented out because some versions of Netscape
-         * illegally include zero length content when signing data.
-         */
-        /* Check for data and content: two sets of data */
-        if(!PKCS7_get_detached(p7) && indata) {
-                                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
-                return 0;
-        }
-#endif
-        sinfos = PKCS7_get_signer_info(p7);
-        if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
-                PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
-                return 0;
-        }
-        signers = PKCS7_get0_signers(p7, certs, flags);
-        if(!signers) return 0;
-        /* Now verify the certificates */
-        if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
-                signer = sk_X509_value (signers, k);
-                if (!(flags & PKCS7_NOCHAIN)) {
-                        if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
-                                                        p7->d.sign->cert))
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-                                sk_X509_free(signers);
-                                return 0;
-                                }
-                        X509_STORE_CTX_set_purpose(&cert_ctx,
-                                                X509_PURPOSE_SMIME_SIGN);
-                } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-                        sk_X509_free(signers);
-                        return 0;
-                }
-                i = X509_verify_cert(&cert_ctx);
-                if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
-                X509_STORE_CTX_cleanup(&cert_ctx);
-                if (i <= 0) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
-                        ERR_add_error_data(2, "Verify error:",
-                                         X509_verify_cert_error_string(j));
-                        sk_X509_free(signers);
-                        return 0;
-                }
-                /* Check for revocation status here */
-        }
-        /* Performance optimization: if the content is a memory BIO then
-         * store its contents in a temporary read only memory BIO. This
-         * avoids potentially large numbers of slow copies of data which will
-         * occur when reading from a read write memory BIO when signatures
-         * are calculated.
-         */
-        if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
-                {
-                char *ptr;
-                long len;
-                len = BIO_get_mem_data(indata, &ptr);
-                tmpin = BIO_new_mem_buf(ptr, len);
-                if (tmpin == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                }
-        else
-                tmpin = indata;
-                
-        p7bio=PKCS7_dataInit(p7,tmpin);
-        if(flags & PKCS7_TEXT) {
-                if(!(tmpout = BIO_new(BIO_s_mem()))) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-        } else tmpout = out;
-        /* We now have to 'read' from p7bio to calculate digests etc. */
-        for (;;)
-        {
-                i=BIO_read(p7bio,buf,sizeof(buf));
-                if (i <= 0) break;
-                if (tmpout) BIO_write(tmpout, buf, i);
-        }
-        if(flags & PKCS7_TEXT) {
-                if(!SMIME_text(tmpout, out)) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
-                        BIO_free(tmpout);
-                        goto err;
-                }
-                BIO_free(tmpout);
-        }
-        /* Now Verify All Signatures */
-        if (!(flags & PKCS7_NOSIGS))
-            for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-                {
-                si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
-                signer = sk_X509_value (signers, i);
-                j=PKCS7_signatureVerify(p7bio,p7,si, signer);
-                if (j <= 0) {
-                        PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
-                        goto err;
-                }
-        }
-        ret = 1;
-        err:
-        
-        if (tmpin == indata)
-                {
-                if (indata) BIO_pop(p7bio);
-                }
-        BIO_free_all(p7bio);
-        sk_X509_free(signers);
-        return ret;
-}
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
-{
-        STACK_OF(X509) *signers;
-        STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-        PKCS7_SIGNER_INFO *si;
-        PKCS7_ISSUER_AND_SERIAL *ias;
-        X509 *signer;
-        int i;
-        if(!p7) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
-                return NULL;
-        }
-        if(!PKCS7_type_is_signed(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
-                return NULL;
-        }
-        /* Collect all the signers together */
-        sinfos = PKCS7_get_signer_info(p7);
-        if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
-                return 0;
-        }
-        if(!(signers = sk_X509_new_null())) {
-                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-        {
-            si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
-            ias = si->issuer_and_serial;
-            signer = NULL;
-                /* If any certificates passed they take priority */
-            if (certs) signer = X509_find_by_issuer_and_serial (certs,
-                                                ias->issuer, ias->serial);
-            if (!signer && !(flags & PKCS7_NOINTERN)
-                        && p7->d.sign->cert) signer =
-                              X509_find_by_issuer_and_serial (p7->d.sign->cert,
-                                                ias->issuer, ias->serial);
-            if (!signer) {
-                        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
-                        sk_X509_free(signers);
-                        return 0;
-            }
-            sk_X509_push(signers, signer);
-        }
-        return signers;
-}
-/* Build a complete PKCS#7 enveloped data */
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-                                                                int flags)
-{
-        PKCS7 *p7;
-        BIO *p7bio = NULL;
-        int i;
-        X509 *x509;
-        if(!(p7 = PKCS7_new())) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        PKCS7_set_type(p7, NID_pkcs7_enveloped);
-        if(!PKCS7_set_cipher(p7, cipher)) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
-                goto err;
-        }
-        for(i = 0; i < sk_X509_num(certs); i++) {
-                x509 = sk_X509_value(certs, i);
-                if(!PKCS7_add_recipient(p7, x509)) {
-                        PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
-                                        PKCS7_R_ERROR_ADDING_RECIPIENT);
-                        goto err;
-                }
-        }
-        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        SMIME_crlf_copy(in, p7bio, flags);
-        BIO_flush(p7bio);
-        if (!PKCS7_dataFinal(p7,p7bio)) {
-                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
-                goto err;
-        }
-        BIO_free_all(p7bio);
-        return p7;
-        err:
-        BIO_free(p7bio);
-        PKCS7_free(p7);
-        return NULL;
-}
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
-{
-        BIO *tmpmem;
-        int ret, i;
-        char buf[4096];
-        if(!p7) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
-                return 0;
-        }
-        if(!PKCS7_type_is_enveloped(p7)) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
-                return 0;
-        }
-        if(!X509_check_private_key(cert, pkey)) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT,
-                                PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return 0;
-        }
-        if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
-                PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
-                return 0;
-        }
-        if (flags & PKCS7_TEXT) {
-                BIO *tmpbuf, *bread;
-                /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
-                if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
-                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                if(!(bread = BIO_push(tmpbuf, tmpmem))) {
-                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-                ret = SMIME_text(bread, data);
-                BIO_free_all(bread);
-                return ret;
-        } else {
-                for(;;) {
-                        i = BIO_read(tmpmem, buf, sizeof(buf));
-                        if(i <= 0) break;
-                        BIO_write(data, buf, i);
-                }
-                BIO_free_all(tmpmem);
-                return 1;
-        }
-}

diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c deleted file mode 100644 index 99a0d63f38..0000000000 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ /dev/null
@@ -1,469 +0,0 @@
1	/* pk7_smime.c */
2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3	* project 1999.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	/* Simple PKCS#7 processing functions */
60
61	#include <stdio.h>
62	#include "cryptlib.h"
63	#include <openssl/x509.h>
64	#include <openssl/x509v3.h>
65
66	PKCS7 PKCS7_sign(X509 signcert, EVP_PKEY pkey, STACK_OF(X509) certs,
67	BIO *data, int flags)
68	{
69	PKCS7 *p7;
70	PKCS7_SIGNER_INFO *si;
71	BIO *p7bio;
72	STACK_OF(X509_ALGOR) *smcap;
73	int i;
74
75	if(!X509_check_private_key(signcert, pkey)) {
76	PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
77	return NULL;
78	}
79
80	if(!(p7 = PKCS7_new())) {
81	PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
82	return NULL;
83	}
84
85	PKCS7_set_type(p7, NID_pkcs7_signed);
86
87	PKCS7_content_new(p7, NID_pkcs7_data);
88
89	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
90	PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
91	return NULL;
92	}
93
94	if(!(flags & PKCS7_NOCERTS)) {
95	PKCS7_add_certificate(p7, signcert);
96	if(certs) for(i = 0; i < sk_X509_num(certs); i++)
97	PKCS7_add_certificate(p7, sk_X509_value(certs, i));
98	}
99
100	if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
101	PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
102	return NULL;
103	}
104
105
106	SMIME_crlf_copy(data, p7bio, flags);
107
108	if(!(flags & PKCS7_NOATTR)) {
109	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
110	V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
111	/* Add SMIMECapabilities */
112	if(!(flags & PKCS7_NOSMIMECAP))
113	{
114	if(!(smcap = sk_X509_ALGOR_new_null())) {
115	PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
116	return NULL;
117	}
118	#ifndef OPENSSL_NO_DES
119	PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
120	#endif
121	#ifndef OPENSSL_NO_RC2
122	PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
123	PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
124	#endif
125	#ifndef OPENSSL_NO_DES
126	PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
127	#endif
128	#ifndef OPENSSL_NO_RC2
129	PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
130	#endif
131	PKCS7_add_attrib_smimecap (si, smcap);
132	sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
133	}
134	}
135
136	if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
137
138	if (!PKCS7_dataFinal(p7,p7bio)) {
139	PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
140	return NULL;
141	}
142
143	BIO_free_all(p7bio);
144	return p7;
145	}
146
147	int PKCS7_verify(PKCS7 p7, STACK_OF(X509) certs, X509_STORE *store,
148	BIO indata, BIO out, int flags)
149	{
150	STACK_OF(X509) *signers;
151	X509 *signer;
152	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
153	PKCS7_SIGNER_INFO *si;
154	X509_STORE_CTX cert_ctx;
155	char buf[4096];
156	int i, j=0, k, ret = 0;
157	BIO *p7bio;
158	BIO tmpin, tmpout;
159
160	if(!p7) {
161	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
162	return 0;
163	}
164
165	if(!PKCS7_type_is_signed(p7)) {
166	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
167	return 0;
168	}
169
170	/* Check for no data and no content: no data to verify signature */
171	if(PKCS7_get_detached(p7) && !indata) {
172	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
173	return 0;
174	}
175	#if 0
176	/* NB: this test commented out because some versions of Netscape
177	* illegally include zero length content when signing data.
178	*/
179
180	/* Check for data and content: two sets of data */
181	if(!PKCS7_get_detached(p7) && indata) {
182	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
183	return 0;
184	}
185	#endif
186
187	sinfos = PKCS7_get_signer_info(p7);
188
189	if(!sinfos \|\| !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
190	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
191	return 0;
192	}
193
194
195	signers = PKCS7_get0_signers(p7, certs, flags);
196
197	if(!signers) return 0;
198
199	/* Now verify the certificates */
200
201	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
202	signer = sk_X509_value (signers, k);
203	if (!(flags & PKCS7_NOCHAIN)) {
204	if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
205	p7->d.sign->cert))
206	{
207	PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
208	sk_X509_free(signers);
209	return 0;
210	}
211	X509_STORE_CTX_set_purpose(&cert_ctx,
212	X509_PURPOSE_SMIME_SIGN);
213	} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
214	PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
215	sk_X509_free(signers);
216	return 0;
217	}
218	i = X509_verify_cert(&cert_ctx);
219	if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
220	X509_STORE_CTX_cleanup(&cert_ctx);
221	if (i <= 0) {
222	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
223	ERR_add_error_data(2, "Verify error:",
224	X509_verify_cert_error_string(j));
225	sk_X509_free(signers);
226	return 0;
227	}
228	/* Check for revocation status here */
229	}
230
231	/* Performance optimization: if the content is a memory BIO then
232	* store its contents in a temporary read only memory BIO. This
233	* avoids potentially large numbers of slow copies of data which will
234	* occur when reading from a read write memory BIO when signatures
235	* are calculated.
236	*/
237
238	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
239	{
240	char *ptr;
241	long len;
242	len = BIO_get_mem_data(indata, &ptr);
243	tmpin = BIO_new_mem_buf(ptr, len);
244	if (tmpin == NULL)
245	{
246	PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
247	return 0;
248	}
249	}
250	else
251	tmpin = indata;
252
253
254	p7bio=PKCS7_dataInit(p7,tmpin);
255
256	if(flags & PKCS7_TEXT) {
257	if(!(tmpout = BIO_new(BIO_s_mem()))) {
258	PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
259	goto err;
260	}
261	} else tmpout = out;
262
263	/* We now have to 'read' from p7bio to calculate digests etc. */
264	for (;;)
265	{
266	i=BIO_read(p7bio,buf,sizeof(buf));
267	if (i <= 0) break;
268	if (tmpout) BIO_write(tmpout, buf, i);
269	}
270
271	if(flags & PKCS7_TEXT) {
272	if(!SMIME_text(tmpout, out)) {
273	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
274	BIO_free(tmpout);
275	goto err;
276	}
277	BIO_free(tmpout);
278	}
279
280	/* Now Verify All Signatures */
281	if (!(flags & PKCS7_NOSIGS))
282	for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
283	{
284	si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
285	signer = sk_X509_value (signers, i);
286	j=PKCS7_signatureVerify(p7bio,p7,si, signer);
287	if (j <= 0) {
288	PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
289	goto err;
290	}
291	}
292
293	ret = 1;
294
295	err:
296
297	if (tmpin == indata)
298	{
299	if (indata) BIO_pop(p7bio);
300	}
301	BIO_free_all(p7bio);
302
303	sk_X509_free(signers);
304
305	return ret;
306	}
307
308	STACK_OF(X509) PKCS7_get0_signers(PKCS7 p7, STACK_OF(X509) *certs, int flags)
309	{
310	STACK_OF(X509) *signers;
311	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
312	PKCS7_SIGNER_INFO *si;
313	PKCS7_ISSUER_AND_SERIAL *ias;
314	X509 *signer;
315	int i;
316
317	if(!p7) {
318	PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
319	return NULL;
320	}
321
322	if(!PKCS7_type_is_signed(p7)) {
323	PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
324	return NULL;
325	}
326
327	/* Collect all the signers together */
328
329	sinfos = PKCS7_get_signer_info(p7);
330
331	if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
332	PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
333	return 0;
334	}
335
336	if(!(signers = sk_X509_new_null())) {
337	PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
338	return NULL;
339	}
340
341	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
342	{
343	si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
344	ias = si->issuer_and_serial;
345	signer = NULL;
346	/* If any certificates passed they take priority */
347	if (certs) signer = X509_find_by_issuer_and_serial (certs,
348	ias->issuer, ias->serial);
349	if (!signer && !(flags & PKCS7_NOINTERN)
350	&& p7->d.sign->cert) signer =
351	X509_find_by_issuer_and_serial (p7->d.sign->cert,
352	ias->issuer, ias->serial);
353	if (!signer) {
354	PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
355	sk_X509_free(signers);
356	return 0;
357	}
358
359	sk_X509_push(signers, signer);
360	}
361	return signers;
362	}
363
364
365	/* Build a complete PKCS#7 enveloped data */
366
367	PKCS7 PKCS7_encrypt(STACK_OF(X509) certs, BIO in, const EVP_CIPHER cipher,
368	int flags)
369	{
370	PKCS7 *p7;
371	BIO *p7bio = NULL;
372	int i;
373	X509 *x509;
374	if(!(p7 = PKCS7_new())) {
375	PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
376	return NULL;
377	}
378
379	PKCS7_set_type(p7, NID_pkcs7_enveloped);
380	if(!PKCS7_set_cipher(p7, cipher)) {
381	PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
382	goto err;
383	}
384
385	for(i = 0; i < sk_X509_num(certs); i++) {
386	x509 = sk_X509_value(certs, i);
387	if(!PKCS7_add_recipient(p7, x509)) {
388	PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
389	PKCS7_R_ERROR_ADDING_RECIPIENT);
390	goto err;
391	}
392	}
393
394	if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
395	PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
396	goto err;
397	}
398
399	SMIME_crlf_copy(in, p7bio, flags);
400
401	BIO_flush(p7bio);
402
403	if (!PKCS7_dataFinal(p7,p7bio)) {
404	PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
405	goto err;
406	}
407	BIO_free_all(p7bio);
408
409	return p7;
410
411	err:
412
413	BIO_free(p7bio);
414	PKCS7_free(p7);
415	return NULL;
416
417	}
418
419	int PKCS7_decrypt(PKCS7 p7, EVP_PKEY pkey, X509 cert, BIO data, int flags)
420	{
421	BIO *tmpmem;
422	int ret, i;
423	char buf[4096];
424
425	if(!p7) {
426	PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
427	return 0;
428	}
429
430	if(!PKCS7_type_is_enveloped(p7)) {
431	PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
432	return 0;
433	}
434
435	if(!X509_check_private_key(cert, pkey)) {
436	PKCS7err(PKCS7_F_PKCS7_DECRYPT,
437	PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
438	return 0;
439	}
440
441	if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
442	PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
443	return 0;
444	}
445
446	if (flags & PKCS7_TEXT) {
447	BIO tmpbuf, bread;
448	/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
449	if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
450	PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
451	return 0;
452	}
453	if(!(bread = BIO_push(tmpbuf, tmpmem))) {
454	PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
455	return 0;
456	}
457	ret = SMIME_text(bread, data);
458	BIO_free_all(bread);
459	return ret;
460	} else {
461	for(;;) {
462	i = BIO_read(tmpmem, buf, sizeof(buf));
463	if(i <= 0) break;
464	BIO_write(data, buf, i);
465	}
466	BIO_free_all(tmpmem);
467	return 1;
468	}
469	}