summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_attr.c85
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_doit.c960
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_lib.c469
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c673
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c427
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7.h498
-rw-r--r--src/lib/libcrypto/pkcs7/pkcs7err.c161
7 files changed, 0 insertions, 3273 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
deleted file mode 100644
index 3b9c0fe3f2..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ /dev/null
@@ -1,85 +0,0 @@
1/* pk7_attr.c */
2/* S/MIME code.
3 * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com)
4 * All Rights Reserved.
5 * Redistribution of this code without the authors permission is expressly
6 * prohibited.
7 */
8
9#include <stdio.h>
10#include <stdlib.h>
11#include <openssl/bio.h>
12#include <openssl/asn1.h>
13#include <openssl/pem.h>
14#include <openssl/pkcs7.h>
15#include <openssl/err.h>
16
17int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
18{
19 ASN1_STRING *seq;
20 unsigned char *p, *pp;
21 int len;
22 len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
23 V_ASN1_UNIVERSAL, IS_SEQUENCE);
24 if(!(pp=(unsigned char *)Malloc(len))) {
25 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
26 return 0;
27 }
28 p=pp;
29 i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
30 V_ASN1_UNIVERSAL, IS_SEQUENCE);
31 if(!(seq = ASN1_STRING_new())) {
32 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
33 return 0;
34 }
35 if(!ASN1_STRING_set (seq, pp, len)) {
36 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
37 return 0;
38 }
39 Free (pp);
40 return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
41 V_ASN1_SEQUENCE, seq);
42}
43
44STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
45{
46 ASN1_TYPE *cap;
47 unsigned char *p;
48 cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
49 if (!cap) return NULL;
50 p = cap->value.sequence->data;
51 return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length,
52 (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
53 V_ASN1_UNIVERSAL);
54}
55
56/* Basic smime-capabilities OID and optional integer arg */
57int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
58{
59 X509_ALGOR *alg;
60 if(!(alg = X509_ALGOR_new())) {
61 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
62 return 0;
63 }
64 ASN1_OBJECT_free(alg->algorithm);
65 alg->algorithm = OBJ_nid2obj (nid);
66 if (arg > 0) {
67 ASN1_INTEGER *nbit;
68 if(!(alg->parameter = ASN1_TYPE_new())) {
69 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
70 return 0;
71 }
72 if(!(nbit = ASN1_INTEGER_new())) {
73 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
74 return 0;
75 }
76 if(!ASN1_INTEGER_set (nbit, arg)) {
77 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
78 return 0;
79 }
80 alg->parameter->value.integer = nbit;
81 alg->parameter->type = V_ASN1_INTEGER;
82 }
83 sk_push (sk, (char *)alg);
84 return 1;
85}
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
deleted file mode 100644
index 4ab24a86f5..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ /dev/null
@@ -1,960 +0,0 @@
1/* crypto/pkcs7/pk7_doit.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/rand.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
67 void *value);
68static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
69
70BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
71 {
72 int i,j;
73 BIO *out=NULL,*btmp=NULL;
74 X509_ALGOR *xa;
75 const EVP_MD *evp_md;
76 const EVP_CIPHER *evp_cipher=NULL;
77 STACK_OF(X509_ALGOR) *md_sk=NULL;
78 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
79 X509_ALGOR *xalg=NULL;
80 PKCS7_RECIP_INFO *ri=NULL;
81 EVP_PKEY *pkey;
82
83 i=OBJ_obj2nid(p7->type);
84 p7->state=PKCS7_S_HEADER;
85
86 switch (i)
87 {
88 case NID_pkcs7_signed:
89 md_sk=p7->d.sign->md_algs;
90 break;
91 case NID_pkcs7_signedAndEnveloped:
92 rsk=p7->d.signed_and_enveloped->recipientinfo;
93 md_sk=p7->d.signed_and_enveloped->md_algs;
94 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
95 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
96 if (evp_cipher == NULL)
97 {
98 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
99 PKCS7_R_CIPHER_NOT_INITIALIZED);
100 goto err;
101 }
102 break;
103 case NID_pkcs7_enveloped:
104 rsk=p7->d.enveloped->recipientinfo;
105 xalg=p7->d.enveloped->enc_data->algorithm;
106 evp_cipher=p7->d.enveloped->enc_data->cipher;
107 if (evp_cipher == NULL)
108 {
109 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
110 PKCS7_R_CIPHER_NOT_INITIALIZED);
111 goto err;
112 }
113 break;
114 default:
115 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
116 goto err;
117 }
118
119 if (md_sk != NULL)
120 {
121 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
122 {
123 xa=sk_X509_ALGOR_value(md_sk,i);
124 if ((btmp=BIO_new(BIO_f_md())) == NULL)
125 {
126 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
127 goto err;
128 }
129
130 j=OBJ_obj2nid(xa->algorithm);
131 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
132 if (evp_md == NULL)
133 {
134 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
135 goto err;
136 }
137
138 BIO_set_md(btmp,evp_md);
139 if (out == NULL)
140 out=btmp;
141 else
142 BIO_push(out,btmp);
143 btmp=NULL;
144 }
145 }
146
147 if (evp_cipher != NULL)
148 {
149 unsigned char key[EVP_MAX_KEY_LENGTH];
150 unsigned char iv[EVP_MAX_IV_LENGTH];
151 int keylen,ivlen;
152 int jj,max;
153 unsigned char *tmp;
154 EVP_CIPHER_CTX *ctx;
155
156 if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
157 {
158 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
159 goto err;
160 }
161 BIO_get_cipher_ctx(btmp, &ctx);
162 keylen=EVP_CIPHER_key_length(evp_cipher);
163 ivlen=EVP_CIPHER_iv_length(evp_cipher);
164 if (RAND_bytes(key,keylen) <= 0)
165 goto err;
166 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
167 if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
168 EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
169
170 if (ivlen > 0) {
171 if (xalg->parameter == NULL)
172 xalg->parameter=ASN1_TYPE_new();
173 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
174 goto err;
175 }
176
177 /* Lets do the pub key stuff :-) */
178 max=0;
179 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
180 {
181 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
182 if (ri->cert == NULL)
183 {
184 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
185 goto err;
186 }
187 pkey=X509_get_pubkey(ri->cert);
188 jj=EVP_PKEY_size(pkey);
189 EVP_PKEY_free(pkey);
190 if (max < jj) max=jj;
191 }
192 if ((tmp=(unsigned char *)Malloc(max)) == NULL)
193 {
194 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
195 goto err;
196 }
197 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
198 {
199 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
200 pkey=X509_get_pubkey(ri->cert);
201 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
202 EVP_PKEY_free(pkey);
203 if (jj <= 0)
204 {
205 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
206 Free(tmp);
207 goto err;
208 }
209 M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
210 }
211 Free(tmp);
212 memset(key, 0, keylen);
213
214 if (out == NULL)
215 out=btmp;
216 else
217 BIO_push(out,btmp);
218 btmp=NULL;
219 }
220
221 if (bio == NULL) {
222 if (p7->detached)
223 bio=BIO_new(BIO_s_null());
224 else {
225 if (PKCS7_type_is_signed(p7) &&
226 PKCS7_type_is_data(p7->d.sign->contents)) {
227 ASN1_OCTET_STRING *os;
228 os=p7->d.sign->contents->d.data;
229 if (os->length > 0) bio =
230 BIO_new_mem_buf(os->data, os->length);
231 }
232 if(bio == NULL) {
233 bio=BIO_new(BIO_s_mem());
234 BIO_set_mem_eof_return(bio,0);
235 }
236 }
237 }
238 BIO_push(out,bio);
239 bio=NULL;
240 if (0)
241 {
242err:
243 if (out != NULL)
244 BIO_free_all(out);
245 if (btmp != NULL)
246 BIO_free_all(btmp);
247 out=NULL;
248 }
249 return(out);
250 }
251
252/* int */
253BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
254 {
255 int i,j;
256 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
257 unsigned char *tmp=NULL;
258 X509_ALGOR *xa;
259 ASN1_OCTET_STRING *data_body=NULL;
260 const EVP_MD *evp_md;
261 const EVP_CIPHER *evp_cipher=NULL;
262 EVP_CIPHER_CTX *evp_ctx=NULL;
263 X509_ALGOR *enc_alg=NULL;
264 STACK_OF(X509_ALGOR) *md_sk=NULL;
265 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
266 X509_ALGOR *xalg=NULL;
267 PKCS7_RECIP_INFO *ri=NULL;
268#ifndef NO_RC2
269 char is_rc2 = 0;
270#endif
271/* EVP_PKEY *pkey; */
272#if 0
273 X509_STORE_CTX s_ctx;
274#endif
275
276 i=OBJ_obj2nid(p7->type);
277 p7->state=PKCS7_S_HEADER;
278
279 switch (i)
280 {
281 case NID_pkcs7_signed:
282 data_body=p7->d.sign->contents->d.data;
283 md_sk=p7->d.sign->md_algs;
284 break;
285 case NID_pkcs7_signedAndEnveloped:
286 rsk=p7->d.signed_and_enveloped->recipientinfo;
287 md_sk=p7->d.signed_and_enveloped->md_algs;
288 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
289 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
290 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
291 if (evp_cipher == NULL)
292 {
293 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
294 goto err;
295 }
296 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
297 break;
298 case NID_pkcs7_enveloped:
299 rsk=p7->d.enveloped->recipientinfo;
300 enc_alg=p7->d.enveloped->enc_data->algorithm;
301 data_body=p7->d.enveloped->enc_data->enc_data;
302 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
303 if (evp_cipher == NULL)
304 {
305 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
306 goto err;
307 }
308 xalg=p7->d.enveloped->enc_data->algorithm;
309 break;
310 default:
311 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
312 goto err;
313 }
314
315 if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc)
316 {
317#ifndef NO_RC2
318 is_rc2 = 1;
319#else
320 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
321 goto err;
322#endif
323 }
324
325 /* We will be checking the signature */
326 if (md_sk != NULL)
327 {
328 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
329 {
330 xa=sk_X509_ALGOR_value(md_sk,i);
331 if ((btmp=BIO_new(BIO_f_md())) == NULL)
332 {
333 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
334 goto err;
335 }
336
337 j=OBJ_obj2nid(xa->algorithm);
338 evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
339 if (evp_md == NULL)
340 {
341 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
342 goto err;
343 }
344
345 BIO_set_md(btmp,evp_md);
346 if (out == NULL)
347 out=btmp;
348 else
349 BIO_push(out,btmp);
350 btmp=NULL;
351 }
352 }
353
354 if (evp_cipher != NULL)
355 {
356#if 0
357 unsigned char key[EVP_MAX_KEY_LENGTH];
358 unsigned char iv[EVP_MAX_IV_LENGTH];
359 unsigned char *p;
360 int keylen,ivlen;
361 int max;
362 X509_OBJECT ret;
363#endif
364 int jj;
365
366 if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
367 {
368 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
369 goto err;
370 }
371
372 /* It was encrypted, we need to decrypt the secret key
373 * with the private key */
374
375 /* Find the recipientInfo which matches the passed certificate
376 * (if any)
377 */
378
379 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
380 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
381 if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
382 pcert->cert_info->issuer) &&
383 !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
384 ri->issuer_and_serial->serial)) break;
385 ri=NULL;
386 }
387 if (ri == NULL) {
388 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
389 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
390 return(NULL);
391 }
392
393 jj=EVP_PKEY_size(pkey);
394 tmp=(unsigned char *)Malloc(jj+10);
395 if (tmp == NULL)
396 {
397 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
398 goto err;
399 }
400
401 jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
402 M_ASN1_STRING_length(ri->enc_key), pkey);
403 if (jj <= 0)
404 {
405 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
406 goto err;
407 }
408
409 evp_ctx=NULL;
410 BIO_get_cipher_ctx(etmp,&evp_ctx);
411 EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
412 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
413 return(NULL);
414
415 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
416 /* HACK: some S/MIME clients don't use the same key
417 * and effective key length. The key length is
418 * determined by the size of the decrypted RSA key.
419 * So we hack things to manually set the RC2 key
420 * because we currently can't do this with the EVP
421 * interface.
422 */
423#ifndef NO_RC2
424 if(is_rc2) RC2_set_key(&(evp_ctx->c.rc2_ks),jj, tmp,
425 EVP_CIPHER_CTX_key_length(evp_ctx)*8);
426 else
427#endif
428 {
429 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
430 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
431 goto err;
432 }
433 } else EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
434
435 memset(tmp,0,jj);
436
437 if (out == NULL)
438 out=etmp;
439 else
440 BIO_push(out,etmp);
441 etmp=NULL;
442 }
443
444#if 1
445 if (p7->detached || (in_bio != NULL))
446 {
447 bio=in_bio;
448 }
449 else
450 {
451#if 0
452 bio=BIO_new(BIO_s_mem());
453 /* We need to set this so that when we have read all
454 * the data, the encrypt BIO, if present, will read
455 * EOF and encode the last few bytes */
456 BIO_set_mem_eof_return(bio,0);
457
458 if (data_body->length > 0)
459 BIO_write(bio,(char *)data_body->data,data_body->length);
460#else
461 if (data_body->length > 0)
462 bio = BIO_new_mem_buf(data_body->data,data_body->length);
463 else {
464 bio=BIO_new(BIO_s_mem());
465 BIO_set_mem_eof_return(bio,0);
466 }
467#endif
468 }
469 BIO_push(out,bio);
470 bio=NULL;
471#endif
472 if (0)
473 {
474err:
475 if (out != NULL) BIO_free_all(out);
476 if (btmp != NULL) BIO_free_all(btmp);
477 if (etmp != NULL) BIO_free_all(etmp);
478 if (bio != NULL) BIO_free_all(bio);
479 out=NULL;
480 }
481 if (tmp != NULL)
482 Free(tmp);
483 return(out);
484 }
485
486int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
487 {
488 int ret=0;
489 int i,j;
490 BIO *btmp;
491 BUF_MEM *buf_mem=NULL;
492 BUF_MEM *buf=NULL;
493 PKCS7_SIGNER_INFO *si;
494 EVP_MD_CTX *mdc,ctx_tmp;
495 STACK_OF(X509_ATTRIBUTE) *sk;
496 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
497 unsigned char *p,*pp=NULL;
498 int x;
499 ASN1_OCTET_STRING *os=NULL;
500
501 i=OBJ_obj2nid(p7->type);
502 p7->state=PKCS7_S_HEADER;
503
504 switch (i)
505 {
506 case NID_pkcs7_signedAndEnveloped:
507 /* XXXXXXXXXXXXXXXX */
508 si_sk=p7->d.signed_and_enveloped->signer_info;
509 os=M_ASN1_OCTET_STRING_new();
510 p7->d.signed_and_enveloped->enc_data->enc_data=os;
511 break;
512 case NID_pkcs7_enveloped:
513 /* XXXXXXXXXXXXXXXX */
514 os=M_ASN1_OCTET_STRING_new();
515 p7->d.enveloped->enc_data->enc_data=os;
516 break;
517 case NID_pkcs7_signed:
518 si_sk=p7->d.sign->signer_info;
519 os=p7->d.sign->contents->d.data;
520 /* If detached data then the content is excluded */
521 if(p7->detached) {
522 M_ASN1_OCTET_STRING_free(os);
523 p7->d.sign->contents->d.data = NULL;
524 }
525 break;
526 }
527
528 if (si_sk != NULL)
529 {
530 if ((buf=BUF_MEM_new()) == NULL)
531 {
532 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
533 goto err;
534 }
535 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
536 {
537 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
538 if (si->pkey == NULL) continue;
539
540 j=OBJ_obj2nid(si->digest_alg->algorithm);
541
542 btmp=bio;
543 for (;;)
544 {
545 if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD))
546 == NULL)
547 {
548 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
549 goto err;
550 }
551 BIO_get_md_ctx(btmp,&mdc);
552 if (mdc == NULL)
553 {
554 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
555 goto err;
556 }
557 if (EVP_MD_CTX_type(mdc) == j)
558 break;
559 else
560 btmp=btmp->next_bio;
561 }
562
563 /* We now have the EVP_MD_CTX, lets do the
564 * signing. */
565 memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
566 if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
567 {
568 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
569 goto err;
570 }
571
572 sk=si->auth_attr;
573
574 /* If there are attributes, we add the digest
575 * attribute and only sign the attributes */
576 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
577 {
578 unsigned char md_data[EVP_MAX_MD_SIZE];
579 unsigned int md_len;
580 ASN1_OCTET_STRING *digest;
581 ASN1_UTCTIME *sign_time;
582 const EVP_MD *md_tmp;
583
584 /* Add signing time */
585 sign_time=X509_gmtime_adj(NULL,0);
586 PKCS7_add_signed_attribute(si,
587 NID_pkcs9_signingTime,
588 V_ASN1_UTCTIME,sign_time);
589
590 /* Add digest */
591 md_tmp=EVP_MD_CTX_md(&ctx_tmp);
592 EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
593 digest=M_ASN1_OCTET_STRING_new();
594 M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
595 PKCS7_add_signed_attribute(si,
596 NID_pkcs9_messageDigest,
597 V_ASN1_OCTET_STRING,digest);
598
599 /* Now sign the mess */
600 EVP_SignInit(&ctx_tmp,md_tmp);
601 x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
602 i2d_X509_ATTRIBUTE,
603 V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
604 pp=(unsigned char *)Malloc(x);
605 p=pp;
606 i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
607 i2d_X509_ATTRIBUTE,
608 V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
609 EVP_SignUpdate(&ctx_tmp,pp,x);
610 Free(pp);
611 pp=NULL;
612 }
613
614 if (si->pkey->type == EVP_PKEY_DSA)
615 ctx_tmp.digest=EVP_dss1();
616
617 if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
618 (unsigned int *)&buf->length,si->pkey))
619 {
620 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
621 goto err;
622 }
623 if (!ASN1_STRING_set(si->enc_digest,
624 (unsigned char *)buf->data,buf->length))
625 {
626 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
627 goto err;
628 }
629 }
630 }
631
632 if (!p7->detached)
633 {
634 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
635 if (btmp == NULL)
636 {
637 PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
638 goto err;
639 }
640 BIO_get_mem_ptr(btmp,&buf_mem);
641 /* Mark the BIO read only then we can use its copy of the data
642 * instead of making an extra copy.
643 */
644 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
645 BIO_set_mem_eof_return(btmp, 0);
646 os->data = (unsigned char *)buf_mem->data;
647 os->length = buf_mem->length;
648#if 0
649 M_ASN1_OCTET_STRING_set(os,
650 (unsigned char *)buf_mem->data,buf_mem->length);
651#endif
652 }
653 if (pp != NULL) Free(pp);
654 pp=NULL;
655
656 ret=1;
657err:
658 if (buf != NULL) BUF_MEM_free(buf);
659 return(ret);
660 }
661
662int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
663 PKCS7 *p7, PKCS7_SIGNER_INFO *si)
664 {
665 PKCS7_ISSUER_AND_SERIAL *ias;
666 int ret=0,i;
667 STACK_OF(X509) *cert;
668 X509 *x509;
669
670 if (PKCS7_type_is_signed(p7))
671 {
672 cert=p7->d.sign->cert;
673 }
674 else if (PKCS7_type_is_signedAndEnveloped(p7))
675 {
676 cert=p7->d.signed_and_enveloped->cert;
677 }
678 else
679 {
680 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
681 goto err;
682 }
683 /* XXXXXXXXXXXXXXXXXXXXXXX */
684 ias=si->issuer_and_serial;
685
686 x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
687
688 /* were we able to find the cert in passed to us */
689 if (x509 == NULL)
690 {
691 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
692 goto err;
693 }
694
695 /* Lets verify */
696 X509_STORE_CTX_init(ctx,cert_store,x509,cert);
697 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
698 i=X509_verify_cert(ctx);
699 if (i <= 0)
700 {
701 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
702 X509_STORE_CTX_cleanup(ctx);
703 goto err;
704 }
705 X509_STORE_CTX_cleanup(ctx);
706
707 return PKCS7_signatureVerify(bio, p7, si, x509);
708 err:
709 return ret;
710 }
711
712int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
713 X509 *x509)
714 {
715 ASN1_OCTET_STRING *os;
716 EVP_MD_CTX mdc_tmp,*mdc;
717 unsigned char *pp,*p;
718 int ret=0,i;
719 int md_type;
720 STACK_OF(X509_ATTRIBUTE) *sk;
721 BIO *btmp;
722 EVP_PKEY *pkey;
723
724 if (!PKCS7_type_is_signed(p7) &&
725 !PKCS7_type_is_signedAndEnveloped(p7)) {
726 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
727 PKCS7_R_WRONG_PKCS7_TYPE);
728 goto err;
729 }
730
731 md_type=OBJ_obj2nid(si->digest_alg->algorithm);
732
733 btmp=bio;
734 for (;;)
735 {
736 if ((btmp == NULL) ||
737 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
738 {
739 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
740 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
741 goto err;
742 }
743 BIO_get_md_ctx(btmp,&mdc);
744 if (mdc == NULL)
745 {
746 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
747 PKCS7_R_INTERNAL_ERROR);
748 goto err;
749 }
750 if (EVP_MD_CTX_type(mdc) == md_type)
751 break;
752 btmp=btmp->next_bio;
753 }
754
755 /* mdc is the digest ctx that we want, unless there are attributes,
756 * in which case the digest is the signed attributes */
757 memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
758
759 sk=si->auth_attr;
760 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
761 {
762 unsigned char md_dat[EVP_MAX_MD_SIZE];
763 unsigned int md_len;
764 ASN1_OCTET_STRING *message_digest;
765
766 EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
767 message_digest=PKCS7_digest_from_attributes(sk);
768 if (!message_digest)
769 {
770 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
771 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
772 goto err;
773 }
774 if ((message_digest->length != (int)md_len) ||
775 (memcmp(message_digest->data,md_dat,md_len)))
776 {
777#if 0
778{
779int ii;
780for (ii=0; ii<message_digest->length; ii++)
781 printf("%02X",message_digest->data[ii]); printf(" sent\n");
782for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
783}
784#endif
785 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
786 PKCS7_R_DIGEST_FAILURE);
787 ret= -1;
788 goto err;
789 }
790
791 EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
792 /* Note: when forming the encoding of the attributes we
793 * shouldn't reorder them or this will break the signature.
794 * This is done by using the IS_SEQUENCE flag.
795 */
796 i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
797 V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
798 pp=Malloc(i);
799 p=pp;
800 i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
801 V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
802 EVP_VerifyUpdate(&mdc_tmp,pp,i);
803
804 Free(pp);
805 }
806
807 os=si->enc_digest;
808 pkey = X509_get_pubkey(x509);
809 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
810
811 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
812 EVP_PKEY_free(pkey);
813 if (i <= 0)
814 {
815 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
816 PKCS7_R_SIGNATURE_FAILURE);
817 ret= -1;
818 goto err;
819 }
820 else
821 ret=1;
822err:
823 return(ret);
824 }
825
826PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
827 {
828 STACK_OF(PKCS7_RECIP_INFO) *rsk;
829 PKCS7_RECIP_INFO *ri;
830 int i;
831
832 i=OBJ_obj2nid(p7->type);
833 if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
834 rsk=p7->d.signed_and_enveloped->recipientinfo;
835 ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
836 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
837 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
838 return(ri->issuer_and_serial);
839 }
840
841ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
842 {
843 return(get_attribute(si->auth_attr,nid));
844 }
845
846ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
847 {
848 return(get_attribute(si->unauth_attr,nid));
849 }
850
851static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
852 {
853 int i;
854 X509_ATTRIBUTE *xa;
855 ASN1_OBJECT *o;
856
857 o=OBJ_nid2obj(nid);
858 if (!o || !sk) return(NULL);
859 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
860 {
861 xa=sk_X509_ATTRIBUTE_value(sk,i);
862 if (OBJ_cmp(xa->object,o) == 0)
863 {
864 if (xa->set && sk_ASN1_TYPE_num(xa->value.set))
865 return(sk_ASN1_TYPE_value(xa->value.set,0));
866 else
867 return(NULL);
868 }
869 }
870 return(NULL);
871 }
872
873ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
874{
875 ASN1_TYPE *astype;
876 if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
877 return astype->value.octet_string;
878}
879
880int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
881 STACK_OF(X509_ATTRIBUTE) *sk)
882 {
883 int i;
884
885 if (p7si->auth_attr != NULL)
886 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
887 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
888 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
889 {
890 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
891 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
892 == NULL)
893 return(0);
894 }
895 return(1);
896 }
897
898int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
899 {
900 int i;
901
902 if (p7si->unauth_attr != NULL)
903 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
904 X509_ATTRIBUTE_free);
905 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
906 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
907 {
908 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
909 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
910 == NULL)
911 return(0);
912 }
913 return(1);
914 }
915
916int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
917 void *value)
918 {
919 return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
920 }
921
922int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
923 void *value)
924 {
925 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
926 }
927
928static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
929 void *value)
930 {
931 X509_ATTRIBUTE *attr=NULL;
932
933 if (*sk == NULL)
934 {
935 *sk = sk_X509_ATTRIBUTE_new(NULL);
936new_attrib:
937 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
938 sk_X509_ATTRIBUTE_push(*sk,attr);
939 }
940 else
941 {
942 int i;
943
944 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
945 {
946 attr=sk_X509_ATTRIBUTE_value(*sk,i);
947 if (OBJ_obj2nid(attr->object) == nid)
948 {
949 X509_ATTRIBUTE_free(attr);
950 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
951 sk_X509_ATTRIBUTE_set(*sk,i,attr);
952 goto end;
953 }
954 }
955 goto new_attrib;
956 }
957end:
958 return(1);
959 }
960
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
deleted file mode 100644
index 45973fe850..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ /dev/null
@@ -1,469 +0,0 @@
1/* crypto/pkcs7/pk7_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/objects.h>
62#include <openssl/x509.h>
63
64long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
65 {
66 int nid;
67 long ret;
68
69 nid=OBJ_obj2nid(p7->type);
70
71 switch (cmd)
72 {
73 case PKCS7_OP_SET_DETACHED_SIGNATURE:
74 if (nid == NID_pkcs7_signed)
75 {
76 ret=p7->detached=(int)larg;
77 }
78 else
79 {
80 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
81 ret=0;
82 }
83 break;
84 case PKCS7_OP_GET_DETACHED_SIGNATURE:
85 if (nid == NID_pkcs7_signed)
86 {
87 ret=p7->detached;
88 }
89 else
90 {
91 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
92 ret=0;
93 }
94
95 break;
96 default:
97 PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
98 ret=0;
99 }
100 return(ret);
101 }
102
103int PKCS7_content_new(PKCS7 *p7, int type)
104 {
105 PKCS7 *ret=NULL;
106
107 if ((ret=PKCS7_new()) == NULL) goto err;
108 if (!PKCS7_set_type(ret,type)) goto err;
109 if (!PKCS7_set_content(p7,ret)) goto err;
110
111 return(1);
112err:
113 if (ret != NULL) PKCS7_free(ret);
114 return(0);
115 }
116
117int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
118 {
119 int i;
120
121 i=OBJ_obj2nid(p7->type);
122 switch (i)
123 {
124 case NID_pkcs7_signed:
125 if (p7->d.sign->contents != NULL)
126 PKCS7_free(p7->d.sign->contents);
127 p7->d.sign->contents=p7_data;
128 break;
129 case NID_pkcs7_digest:
130 case NID_pkcs7_data:
131 case NID_pkcs7_enveloped:
132 case NID_pkcs7_signedAndEnveloped:
133 case NID_pkcs7_encrypted:
134 default:
135 PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
136 goto err;
137 }
138 return(1);
139err:
140 return(0);
141 }
142
143int PKCS7_set_type(PKCS7 *p7, int type)
144 {
145 ASN1_OBJECT *obj;
146
147 PKCS7_content_free(p7);
148 obj=OBJ_nid2obj(type); /* will not fail */
149
150 switch (type)
151 {
152 case NID_pkcs7_signed:
153 p7->type=obj;
154 if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
155 goto err;
156 ASN1_INTEGER_set(p7->d.sign->version,1);
157 break;
158 case NID_pkcs7_data:
159 p7->type=obj;
160 if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
161 goto err;
162 break;
163 case NID_pkcs7_signedAndEnveloped:
164 p7->type=obj;
165 if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
166 == NULL) goto err;
167 ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
168 break;
169 case NID_pkcs7_enveloped:
170 p7->type=obj;
171 if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
172 == NULL) goto err;
173 ASN1_INTEGER_set(p7->d.enveloped->version,0);
174 break;
175 case NID_pkcs7_encrypted:
176 p7->type=obj;
177 if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
178 == NULL) goto err;
179 ASN1_INTEGER_set(p7->d.encrypted->version,0);
180 break;
181
182 case NID_pkcs7_digest:
183 default:
184 PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
185 goto err;
186 }
187 return(1);
188err:
189 return(0);
190 }
191
192int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
193 {
194 int i,j,nid;
195 X509_ALGOR *alg;
196 STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
197 STACK_OF(X509_ALGOR) *md_sk;
198
199 i=OBJ_obj2nid(p7->type);
200 switch (i)
201 {
202 case NID_pkcs7_signed:
203 signer_sk= p7->d.sign->signer_info;
204 md_sk= p7->d.sign->md_algs;
205 break;
206 case NID_pkcs7_signedAndEnveloped:
207 signer_sk= p7->d.signed_and_enveloped->signer_info;
208 md_sk= p7->d.signed_and_enveloped->md_algs;
209 break;
210 default:
211 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
212 return(0);
213 }
214
215 nid=OBJ_obj2nid(psi->digest_alg->algorithm);
216
217 /* If the digest is not currently listed, add it */
218 j=0;
219 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
220 {
221 alg=sk_X509_ALGOR_value(md_sk,i);
222 if (OBJ_obj2nid(alg->algorithm) == nid)
223 {
224 j=1;
225 break;
226 }
227 }
228 if (!j) /* we need to add another algorithm */
229 {
230 if(!(alg=X509_ALGOR_new())
231 || !(alg->parameter = ASN1_TYPE_new())) {
232 PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
233 return(0);
234 }
235 alg->algorithm=OBJ_nid2obj(nid);
236 alg->parameter->type = V_ASN1_NULL;
237 sk_X509_ALGOR_push(md_sk,alg);
238 }
239
240 sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
241 return(1);
242 }
243
244int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
245 {
246 int i;
247 STACK_OF(X509) **sk;
248
249 i=OBJ_obj2nid(p7->type);
250 switch (i)
251 {
252 case NID_pkcs7_signed:
253 sk= &(p7->d.sign->cert);
254 break;
255 case NID_pkcs7_signedAndEnveloped:
256 sk= &(p7->d.signed_and_enveloped->cert);
257 break;
258 default:
259 PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
260 return(0);
261 }
262
263 if (*sk == NULL)
264 *sk=sk_X509_new_null();
265 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
266 sk_X509_push(*sk,x509);
267 return(1);
268 }
269
270int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
271 {
272 int i;
273 STACK_OF(X509_CRL) **sk;
274
275 i=OBJ_obj2nid(p7->type);
276 switch (i)
277 {
278 case NID_pkcs7_signed:
279 sk= &(p7->d.sign->crl);
280 break;
281 case NID_pkcs7_signedAndEnveloped:
282 sk= &(p7->d.signed_and_enveloped->crl);
283 break;
284 default:
285 PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
286 return(0);
287 }
288
289 if (*sk == NULL)
290 *sk=sk_X509_CRL_new_null();
291
292 CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
293 sk_X509_CRL_push(*sk,crl);
294 return(1);
295 }
296
297int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
298 EVP_MD *dgst)
299 {
300 char is_dsa;
301 if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
302 else is_dsa = 0;
303 /* We now need to add another PKCS7_SIGNER_INFO entry */
304 ASN1_INTEGER_set(p7i->version,1);
305 X509_NAME_set(&p7i->issuer_and_serial->issuer,
306 X509_get_issuer_name(x509));
307
308 /* because ASN1_INTEGER_set is used to set a 'long' we will do
309 * things the ugly way. */
310 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
311 p7i->issuer_and_serial->serial=
312 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
313
314 /* lets keep the pkey around for a while */
315 CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
316 p7i->pkey=pkey;
317
318 /* Set the algorithms */
319 if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
320 else
321 p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
322
323 if (p7i->digest_alg->parameter != NULL)
324 ASN1_TYPE_free(p7i->digest_alg->parameter);
325 if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
326 goto err;
327 p7i->digest_alg->parameter->type=V_ASN1_NULL;
328
329 p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
330
331 if (p7i->digest_enc_alg->parameter != NULL)
332 ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
333 if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
334 else {
335 if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
336 goto err;
337 p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
338 }
339
340 return(1);
341err:
342 return(0);
343 }
344
345PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
346 EVP_MD *dgst)
347 {
348 PKCS7_SIGNER_INFO *si;
349
350 if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
351 if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
352 if (!PKCS7_add_signer(p7,si)) goto err;
353 return(si);
354err:
355 return(NULL);
356 }
357
358STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
359 {
360 if (PKCS7_type_is_signed(p7))
361 {
362 return(p7->d.sign->signer_info);
363 }
364 else if (PKCS7_type_is_signedAndEnveloped(p7))
365 {
366 return(p7->d.signed_and_enveloped->signer_info);
367 }
368 else
369 return(NULL);
370 }
371
372PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
373 {
374 PKCS7_RECIP_INFO *ri;
375
376 if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
377 if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
378 if (!PKCS7_add_recipient_info(p7,ri)) goto err;
379 return(ri);
380err:
381 return(NULL);
382 }
383
384int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
385 {
386 int i;
387 STACK_OF(PKCS7_RECIP_INFO) *sk;
388
389 i=OBJ_obj2nid(p7->type);
390 switch (i)
391 {
392 case NID_pkcs7_signedAndEnveloped:
393 sk= p7->d.signed_and_enveloped->recipientinfo;
394 break;
395 case NID_pkcs7_enveloped:
396 sk= p7->d.enveloped->recipientinfo;
397 break;
398 default:
399 PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
400 return(0);
401 }
402
403 sk_PKCS7_RECIP_INFO_push(sk,ri);
404 return(1);
405 }
406
407int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
408 {
409 ASN1_INTEGER_set(p7i->version,0);
410 X509_NAME_set(&p7i->issuer_and_serial->issuer,
411 X509_get_issuer_name(x509));
412
413 M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
414 p7i->issuer_and_serial->serial=
415 M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
416
417 X509_ALGOR_free(p7i->key_enc_algor);
418 p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
419 (char *(*)())d2i_X509_ALGOR,
420 (char *)x509->cert_info->key->algor);
421
422 CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
423 p7i->cert=x509;
424
425 return(1);
426 }
427
428X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
429 {
430 if (PKCS7_type_is_signed(p7))
431 return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
432 si->issuer_and_serial->issuer,
433 si->issuer_and_serial->serial));
434 else
435 return(NULL);
436 }
437
438int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
439 {
440 int i;
441 ASN1_OBJECT *objtmp;
442 PKCS7_ENC_CONTENT *ec;
443
444 i=OBJ_obj2nid(p7->type);
445 switch (i)
446 {
447 case NID_pkcs7_signedAndEnveloped:
448 ec=p7->d.signed_and_enveloped->enc_data;
449 break;
450 case NID_pkcs7_enveloped:
451 ec=p7->d.enveloped->enc_data;
452 break;
453 default:
454 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
455 return(0);
456 }
457
458 /* Check cipher OID exists and has data in it*/
459 i = EVP_CIPHER_type(cipher);
460 if(i == NID_undef) {
461 PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
462 return(0);
463 }
464 objtmp = OBJ_nid2obj(i);
465
466 ec->cipher = cipher;
467 return 1;
468 }
469
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
deleted file mode 100644
index 734643be28..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ /dev/null
@@ -1,673 +0,0 @@
1/* pk7_mime.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include "cryptlib.h"
62#include <openssl/rand.h>
63#include <openssl/x509.h>
64
65/* MIME and related routines */
66
67/* MIME format structures
68 * Note that all are translated to lower case apart from
69 * parameter values. Quotes are stripped off
70 */
71
72typedef struct {
73char *name; /* Name of line e.g. "content-type" */
74char *value; /* Value of line e.g. "text/plain" */
75STACK /* MIME_PARAM */ *params; /* Zero or more parameters */
76} MIME_HEADER;
77
78typedef struct {
79char *param_name; /* Param name e.g. "micalg" */
80char *param_value; /* Param value e.g. "sha1" */
81} MIME_PARAM;
82
83
84static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
85static PKCS7 *B64_read_PKCS7(BIO *bio);
86static char * strip_ends(char *name);
87static char * strip_start(char *name);
88static char * strip_end(char *name);
89static MIME_HEADER *mime_hdr_new(char *name, char *value);
90static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
91static STACK *mime_parse_hdr(BIO *bio);
92static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
93static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
94static void mime_param_free(MIME_PARAM *param);
95static int mime_bound_check(char *line, int linelen, char *bound, int blen);
96static int multi_split(BIO *bio, char *bound, STACK **ret);
97static int iscrlf(char c);
98static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
99static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
100static void mime_hdr_free(MIME_HEADER *hdr);
101
102#define MAX_SMLEN 1024
103#define mime_debug(x) /* x */
104
105
106typedef void (*stkfree)();
107
108/* Base 64 read and write of PKCS#7 structure */
109
110static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
111{
112 BIO *b64;
113 if(!(b64 = BIO_new(BIO_f_base64()))) {
114 PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
115 return 0;
116 }
117 bio = BIO_push(b64, bio);
118 i2d_PKCS7_bio(bio, p7);
119 BIO_flush(bio);
120 bio = BIO_pop(bio);
121 BIO_free(b64);
122 return 1;
123}
124
125static PKCS7 *B64_read_PKCS7(BIO *bio)
126{
127 BIO *b64;
128 PKCS7 *p7;
129 if(!(b64 = BIO_new(BIO_f_base64()))) {
130 PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
131 return 0;
132 }
133 bio = BIO_push(b64, bio);
134 if(!(p7 = d2i_PKCS7_bio(bio, NULL)))
135 PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
136 BIO_flush(bio);
137 bio = BIO_pop(bio);
138 BIO_free(b64);
139 return p7;
140}
141
142/* SMIME sender */
143
144int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
145{
146 char linebuf[MAX_SMLEN];
147 char bound[33], c;
148 int i;
149 if((flags & PKCS7_DETACHED) && data) {
150 /* We want multipart/signed */
151 /* Generate a random boundary */
152 RAND_pseudo_bytes((unsigned char *)bound, 32);
153 for(i = 0; i < 32; i++) {
154 c = bound[i] & 0xf;
155 if(c < 10) c += '0';
156 else c += 'A' - 10;
157 bound[i] = c;
158 }
159 bound[32] = 0;
160 BIO_printf(bio, "MIME-Version: 1.0\n");
161 BIO_printf(bio, "Content-Type: multipart/signed ; ");
162 BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
163 BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
164 BIO_printf(bio, "This is an S/MIME signed message\n\n");
165 /* Now write out the first part */
166 BIO_printf(bio, "------%s\r\n", bound);
167 if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
168 while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
169 BIO_write(bio, linebuf, i);
170 BIO_printf(bio, "\n------%s\n", bound);
171
172 /* Headers for signature */
173
174 BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
175 BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
176 BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
177 B64_write_PKCS7(bio, p7);
178 BIO_printf(bio,"\n------%s--\n\n", bound);
179 return 1;
180 }
181 /* MIME headers */
182 BIO_printf(bio, "MIME-Version: 1.0\n");
183 BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
184 BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
185 BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
186 B64_write_PKCS7(bio, p7);
187 BIO_printf(bio, "\n");
188 return 1;
189}
190
191/* SMIME reader: handle multipart/signed and opaque signing.
192 * in multipart case the content is placed in a memory BIO
193 * pointed to by "bcont". In opaque this is set to NULL
194 */
195
196PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
197{
198 BIO *p7in;
199 STACK *headers = NULL;
200 STACK *parts = NULL;
201 MIME_HEADER *hdr;
202 MIME_PARAM *prm;
203 PKCS7 *p7;
204 int ret;
205
206 if(bcont) *bcont = NULL;
207
208 if (!(headers = mime_parse_hdr(bio))) {
209 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
210 return NULL;
211 }
212
213 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
214 sk_pop_free(headers, mime_hdr_free);
215 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
216 return NULL;
217 }
218
219 /* Handle multipart/signed */
220
221 if(!strcmp(hdr->value, "multipart/signed")) {
222 /* Split into two parts */
223 prm = mime_param_find(hdr, "boundary");
224 if(!prm || !prm->param_value) {
225 sk_pop_free(headers, mime_hdr_free);
226 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
227 return NULL;
228 }
229 ret = multi_split(bio, prm->param_value, &parts);
230 sk_pop_free(headers, mime_hdr_free);
231 if(!ret || (sk_num(parts) != 2) ) {
232 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
233 sk_pop_free(parts, (stkfree)BIO_free);
234 return NULL;
235 }
236
237 /* Parse the signature piece */
238 p7in = (BIO *)sk_value(parts, 1);
239
240 if (!(headers = mime_parse_hdr(p7in))) {
241 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
242 sk_pop_free(parts, (stkfree)BIO_free);
243 return NULL;
244 }
245
246 /* Get content type */
247
248 if(!(hdr = mime_hdr_find(headers, "content-type")) ||
249 !hdr->value) {
250 sk_pop_free(headers, mime_hdr_free);
251 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
252 return NULL;
253 }
254
255 if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
256 strcmp(hdr->value, "application/pkcs7-signature")) {
257 sk_pop_free(headers, mime_hdr_free);
258 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
259 ERR_add_error_data(2, "type: ", hdr->value);
260 sk_pop_free(parts, (stkfree)BIO_free);
261 return NULL;
262 }
263 sk_pop_free(headers, mime_hdr_free);
264 /* Read in PKCS#7 */
265 if(!(p7 = B64_read_PKCS7(p7in))) {
266 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
267 sk_pop_free(parts, (stkfree)BIO_free);
268 return NULL;
269 }
270
271 if(bcont) {
272 *bcont = (BIO *)sk_value(parts, 0);
273 BIO_free(p7in);
274 sk_free(parts);
275 } else sk_pop_free(parts, (stkfree)BIO_free);
276 return p7;
277 }
278
279 /* OK, if not multipart/signed try opaque signature */
280
281 if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
282 strcmp (hdr->value, "application/pkcs7-mime")) {
283 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
284 ERR_add_error_data(2, "type: ", hdr->value);
285 sk_pop_free(headers, mime_hdr_free);
286 return NULL;
287 }
288
289 sk_pop_free(headers, mime_hdr_free);
290
291 if(!(p7 = B64_read_PKCS7(bio))) {
292 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
293 return NULL;
294 }
295 return p7;
296
297}
298
299/* Copy text from one BIO to another making the output CRLF at EOL */
300int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
301{
302 char eol;
303 int len;
304 char linebuf[MAX_SMLEN];
305 if(flags & PKCS7_BINARY) {
306 while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
307 BIO_write(out, linebuf, len);
308 return 1;
309 }
310 if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
311 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
312 eol = 0;
313 while(iscrlf(linebuf[len - 1])) {
314 len--;
315 eol = 1;
316 }
317 BIO_write(out, linebuf, len);
318 if(eol) BIO_write(out, "\r\n", 2);
319 }
320 return 1;
321}
322
323/* Strip off headers if they are text/plain */
324int SMIME_text(BIO *in, BIO *out)
325{
326 char iobuf[4096];
327 int len;
328 STACK *headers;
329 MIME_HEADER *hdr;
330 if (!(headers = mime_parse_hdr(in))) {
331 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
332 return 0;
333 }
334 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
335 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
336 sk_pop_free(headers, mime_hdr_free);
337 return 0;
338 }
339 if (strcmp (hdr->value, "text/plain")) {
340 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
341 ERR_add_error_data(2, "type: ", hdr->value);
342 sk_pop_free(headers, mime_hdr_free);
343 return 0;
344 }
345 sk_pop_free(headers, mime_hdr_free);
346 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
347 BIO_write(out, iobuf, len);
348 return 1;
349}
350
351/* Split a multipart/XXX message body into component parts: result is
352 * canonical parts in a STACK of bios
353 */
354
355static int multi_split(BIO *bio, char *bound, STACK **ret)
356{
357 char linebuf[MAX_SMLEN];
358 int len, blen;
359 BIO *bpart = NULL;
360 STACK *parts;
361 char state, part, first;
362 blen = strlen(bound);
363 part = 0;
364 state = 0;
365 first = 1;
366 parts = sk_new(NULL);
367 *ret = parts;
368 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
369 state = mime_bound_check(linebuf, len, bound, blen);
370 if(state == 1) {
371 first = 1;
372 part++;
373 } else if(state == 2) {
374 sk_push(parts, (char *)bpart);
375 return 1;
376 } else if(part) {
377 if(first) {
378 first = 0;
379 if(bpart) sk_push(parts, (char *)bpart);
380 bpart = BIO_new(BIO_s_mem());
381
382 } else BIO_write(bpart, "\r\n", 2);
383 /* Strip CR+LF from linebuf */
384 while(iscrlf(linebuf[len - 1])) len--;
385 BIO_write(bpart, linebuf, len);
386 }
387 }
388 return 0;
389}
390
391static int iscrlf(char c)
392{
393 if(c == '\r' || c == '\n') return 1;
394 return 0;
395}
396
397/* This is the big one: parse MIME header lines up to message body */
398
399#define MIME_INVALID 0
400#define MIME_START 1
401#define MIME_TYPE 2
402#define MIME_NAME 3
403#define MIME_VALUE 4
404#define MIME_QUOTE 5
405#define MIME_COMMENT 6
406
407
408static STACK *mime_parse_hdr(BIO *bio)
409{
410 char *p, *q, c;
411 char *ntmp;
412 char linebuf[MAX_SMLEN];
413 MIME_HEADER *mhdr = NULL;
414 STACK *headers;
415 int len, state, save_state = 0;
416 headers = sk_new(mime_hdr_cmp);
417 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
418 /* If whitespace at line start then continuation line */
419 if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
420 else state = MIME_START;
421 ntmp = NULL;
422 /* Go through all characters */
423 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
424
425 /* State machine to handle MIME headers
426 * if this looks horrible that's because it *is*
427 */
428
429 switch(state) {
430 case MIME_START:
431 if(c == ':') {
432 state = MIME_TYPE;
433 *p = 0;
434 ntmp = strip_ends(q);
435 q = p + 1;
436 }
437 break;
438
439 case MIME_TYPE:
440 if(c == ';') {
441 mime_debug("Found End Value\n");
442 *p = 0;
443 mhdr = mime_hdr_new(ntmp, strip_ends(q));
444 sk_push(headers, (char *)mhdr);
445 ntmp = NULL;
446 q = p + 1;
447 state = MIME_NAME;
448 } else if(c == '(') {
449 save_state = state;
450 state = MIME_COMMENT;
451 }
452 break;
453
454 case MIME_COMMENT:
455 if(c == ')') {
456 state = save_state;
457 }
458 break;
459
460 case MIME_NAME:
461 if(c == '=') {
462 state = MIME_VALUE;
463 *p = 0;
464 ntmp = strip_ends(q);
465 q = p + 1;
466 }
467 break ;
468
469 case MIME_VALUE:
470 if(c == ';') {
471 state = MIME_NAME;
472 *p = 0;
473 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
474 ntmp = NULL;
475 q = p + 1;
476 } else if (c == '"') {
477 mime_debug("Found Quote\n");
478 state = MIME_QUOTE;
479 } else if(c == '(') {
480 save_state = state;
481 state = MIME_COMMENT;
482 }
483 break;
484
485 case MIME_QUOTE:
486 if(c == '"') {
487 mime_debug("Found Match Quote\n");
488 state = MIME_VALUE;
489 }
490 break;
491 }
492 }
493
494 if(state == MIME_TYPE) {
495 mhdr = mime_hdr_new(ntmp, strip_ends(q));
496 sk_push(headers, (char *)mhdr);
497 } else if(state == MIME_VALUE)
498 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
499 if(p == linebuf) break; /* Blank line means end of headers */
500}
501
502return headers;
503
504}
505
506static char *strip_ends(char *name)
507{
508 return strip_end(strip_start(name));
509}
510
511/* Strip a parameter of whitespace from start of param */
512static char *strip_start(char *name)
513{
514 char *p, c;
515 /* Look for first non white space or quote */
516 for(p = name; (c = *p) ;p++) {
517 if(c == '"') {
518 /* Next char is start of string if non null */
519 if(p[1]) return p + 1;
520 /* Else null string */
521 return NULL;
522 }
523 if(!isspace((unsigned char)c)) return p;
524 }
525 return NULL;
526}
527
528/* As above but strip from end of string : maybe should handle brackets? */
529static char *strip_end(char *name)
530{
531 char *p, c;
532 if(!name) return NULL;
533 /* Look for first non white space or quote */
534 for(p = name + strlen(name) - 1; p >= name ;p--) {
535 c = *p;
536 if(c == '"') {
537 if(p - 1 == name) return NULL;
538 *p = 0;
539 return name;
540 }
541 if(isspace((unsigned char)c)) *p = 0;
542 else return name;
543 }
544 return NULL;
545}
546
547static MIME_HEADER *mime_hdr_new(char *name, char *value)
548{
549 MIME_HEADER *mhdr;
550 char *tmpname, *tmpval, *p;
551 int c;
552 if(name) {
553 if(!(tmpname = BUF_strdup(name))) return NULL;
554 for(p = tmpname ; *p; p++) {
555 c = *p;
556 if(isupper(c)) {
557 c = tolower(c);
558 *p = c;
559 }
560 }
561 } else tmpname = NULL;
562 if(value) {
563 if(!(tmpval = BUF_strdup(value))) return NULL;
564 for(p = tmpval ; *p; p++) {
565 c = *p;
566 if(isupper(c)) {
567 c = tolower(c);
568 *p = c;
569 }
570 }
571 } else tmpval = NULL;
572 mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
573 if(!mhdr) return NULL;
574 mhdr->name = tmpname;
575 mhdr->value = tmpval;
576 if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
577 return mhdr;
578}
579
580static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
581{
582 char *tmpname, *tmpval, *p;
583 int c;
584 MIME_PARAM *mparam;
585 if(name) {
586 tmpname = BUF_strdup(name);
587 if(!tmpname) return 0;
588 for(p = tmpname ; *p; p++) {
589 c = *p;
590 if(isupper(c)) {
591 c = tolower(c);
592 *p = c;
593 }
594 }
595 } else tmpname = NULL;
596 if(value) {
597 tmpval = BUF_strdup(value);
598 if(!tmpval) return 0;
599 } else tmpval = NULL;
600 /* Parameter values are case sensitive so leave as is */
601 mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
602 if(!mparam) return 0;
603 mparam->param_name = tmpname;
604 mparam->param_value = tmpval;
605 sk_push(mhdr->params, (char *)mparam);
606 return 1;
607}
608
609static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
610{
611 return(strcmp((*a)->name, (*b)->name));
612}
613
614static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
615{
616 return(strcmp((*a)->param_name, (*b)->param_name));
617}
618
619/* Find a header with a given name (if possible) */
620
621static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
622{
623 MIME_HEADER htmp;
624 int idx;
625 htmp.name = name;
626 idx = sk_find(hdrs, (char *)&htmp);
627 if(idx < 0) return NULL;
628 return (MIME_HEADER *)sk_value(hdrs, idx);
629}
630
631static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
632{
633 MIME_PARAM param;
634 int idx;
635 param.param_name = name;
636 idx = sk_find(hdr->params, (char *)&param);
637 if(idx < 0) return NULL;
638 return (MIME_PARAM *)sk_value(hdr->params, idx);
639}
640
641static void mime_hdr_free(MIME_HEADER *hdr)
642{
643 if(hdr->name) Free(hdr->name);
644 if(hdr->value) Free(hdr->value);
645 if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
646 Free(hdr);
647}
648
649static void mime_param_free(MIME_PARAM *param)
650{
651 if(param->param_name) Free(param->param_name);
652 if(param->param_value) Free(param->param_value);
653 Free(param);
654}
655
656/* Check for a multipart boundary. Returns:
657 * 0 : no boundary
658 * 1 : part boundary
659 * 2 : final boundary
660 */
661static int mime_bound_check(char *line, int linelen, char *bound, int blen)
662{
663 if(linelen == -1) linelen = strlen(line);
664 if(blen == -1) blen = strlen(bound);
665 /* Quickly eliminate if line length too short */
666 if(blen + 2 > linelen) return 0;
667 /* Check for part boundary */
668 if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
669 if(!strncmp(line + blen + 2, "--", 2)) return 2;
670 else return 1;
671 }
672 return 0;
673}
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
deleted file mode 100644
index b41f42ed04..0000000000
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ /dev/null
@@ -1,427 +0,0 @@
1/* pk7_smime.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/* Simple PKCS#7 processing functions */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
67 BIO *data, int flags)
68{
69 PKCS7 *p7;
70 PKCS7_SIGNER_INFO *si;
71 BIO *p7bio;
72 STACK *smcap;
73 int i;
74
75 if(!X509_check_private_key(signcert, pkey)) {
76 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
77 return NULL;
78 }
79
80 if(!(p7 = PKCS7_new())) {
81 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
82 return NULL;
83 }
84
85 PKCS7_set_type(p7, NID_pkcs7_signed);
86
87 PKCS7_content_new(p7, NID_pkcs7_data);
88
89 if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
90 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
91 return NULL;
92 }
93
94 if(!(flags & PKCS7_NOCERTS)) {
95 PKCS7_add_certificate(p7, signcert);
96 if(certs) for(i = 0; i < sk_X509_num(certs); i++)
97 PKCS7_add_certificate(p7, sk_X509_value(certs, i));
98 }
99
100 if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
101 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
102 return NULL;
103 }
104
105
106 SMIME_crlf_copy(data, p7bio, flags);
107
108 if(!(flags & PKCS7_NOATTR)) {
109 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
110 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
111 /* Add SMIMECapabilities */
112 if(!(smcap = sk_new(NULL))) {
113 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116#ifndef NO_DES
117 PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
118#endif
119#ifndef NO_RC2
120 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
121 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
122#endif
123#ifndef NO_DES
124 PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
125#endif
126#ifndef NO_RC2
127 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
128#endif
129 PKCS7_add_attrib_smimecap (si, smcap);
130 sk_pop_free(smcap, X509_ALGOR_free);
131 }
132
133 if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
134
135 if (!PKCS7_dataFinal(p7,p7bio)) {
136 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
137 return NULL;
138 }
139
140 BIO_free_all(p7bio);
141 return p7;
142}
143
144int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
145 BIO *indata, BIO *out, int flags)
146{
147 STACK_OF(X509) *signers;
148 X509 *signer;
149 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
150 PKCS7_SIGNER_INFO *si;
151 X509_STORE_CTX cert_ctx;
152 char buf[4096];
153 int i, j=0;
154 BIO *p7bio;
155 BIO *tmpout;
156
157 if(!p7) {
158 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
159 return 0;
160 }
161
162 if(!PKCS7_type_is_signed(p7)) {
163 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
164 return 0;
165 }
166
167 /* Check for no data and no content: no data to verify signature */
168 if(PKCS7_get_detached(p7) && !indata) {
169 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
170 return 0;
171 }
172
173 /* Check for data and content: two sets of data */
174 if(!PKCS7_get_detached(p7) && indata) {
175 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
176 return 0;
177 }
178
179 sinfos = PKCS7_get_signer_info(p7);
180
181 if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
182 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
183 return 0;
184 }
185
186
187 signers = PKCS7_get0_signers(p7, certs, flags);
188
189 if(!signers) return 0;
190
191 /* Now verify the certificates */
192
193 if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
194 signer = sk_X509_value (signers, i);
195 if (!(flags & PKCS7_NOCHAIN)) {
196 X509_STORE_CTX_init(&cert_ctx, store, signer,
197 p7->d.sign->cert);
198 X509_STORE_CTX_set_purpose(&cert_ctx,
199 X509_PURPOSE_SMIME_SIGN);
200 } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
201 i = X509_verify_cert(&cert_ctx);
202 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
203 X509_STORE_CTX_cleanup(&cert_ctx);
204 if (i <= 0) {
205 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
206 ERR_add_error_data(2, "Verify error:",
207 X509_verify_cert_error_string(j));
208 sk_X509_free(signers);
209 return 0;
210 }
211 /* Check for revocation status here */
212 }
213
214 p7bio=PKCS7_dataInit(p7,indata);
215
216 if(flags & PKCS7_TEXT) {
217 if(!(tmpout = BIO_new(BIO_s_mem()))) {
218 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
219 goto err;
220 }
221 } else tmpout = out;
222
223 /* We now have to 'read' from p7bio to calculate digests etc. */
224 for (;;)
225 {
226 i=BIO_read(p7bio,buf,sizeof(buf));
227 if (i <= 0) break;
228 if (tmpout) BIO_write(tmpout, buf, i);
229 }
230
231 if(flags & PKCS7_TEXT) {
232 if(!SMIME_text(tmpout, out)) {
233 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
234 BIO_free(tmpout);
235 goto err;
236 }
237 BIO_free(tmpout);
238 }
239
240 /* Now Verify All Signatures */
241 if (!(flags & PKCS7_NOSIGS))
242 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
243 {
244 si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
245 signer = sk_X509_value (signers, i);
246 j=PKCS7_signatureVerify(p7bio,p7,si, signer);
247 if (j <= 0) {
248 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
249 goto err;
250 }
251 }
252
253 sk_X509_free(signers);
254 if(indata) BIO_pop(p7bio);
255 BIO_free_all(p7bio);
256
257 return 1;
258
259 err:
260
261 sk_X509_free(signers);
262 BIO_free(p7bio);
263
264 return 0;
265}
266
267STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
268{
269 STACK_OF(X509) *signers;
270 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
271 PKCS7_SIGNER_INFO *si;
272 PKCS7_ISSUER_AND_SERIAL *ias;
273 X509 *signer;
274 int i;
275
276 if(!p7) {
277 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
278 return NULL;
279 }
280
281 if(!PKCS7_type_is_signed(p7)) {
282 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
283 return NULL;
284 }
285 if(!(signers = sk_X509_new(NULL))) {
286 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
287 return NULL;
288 }
289
290 /* Collect all the signers together */
291
292 sinfos = PKCS7_get_signer_info(p7);
293
294 if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
295 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
296 return 0;
297 }
298
299 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
300 {
301 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
302 ias = si->issuer_and_serial;
303 signer = NULL;
304 /* If any certificates passed they take priority */
305 if (certs) signer = X509_find_by_issuer_and_serial (certs,
306 ias->issuer, ias->serial);
307 if (!signer && !(flags & PKCS7_NOINTERN)
308 && p7->d.sign->cert) signer =
309 X509_find_by_issuer_and_serial (p7->d.sign->cert,
310 ias->issuer, ias->serial);
311 if (!signer) {
312 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
313 sk_X509_free(signers);
314 return 0;
315 }
316
317 sk_X509_push(signers, signer);
318 }
319 return signers;
320}
321
322
323/* Build a complete PKCS#7 enveloped data */
324
325PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
326 int flags)
327{
328 PKCS7 *p7;
329 BIO *p7bio = NULL;
330 int i;
331 X509 *x509;
332 if(!(p7 = PKCS7_new())) {
333 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
334 return NULL;
335 }
336
337 PKCS7_set_type(p7, NID_pkcs7_enveloped);
338 if(!PKCS7_set_cipher(p7, cipher)) {
339 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
340 goto err;
341 }
342
343 for(i = 0; i < sk_X509_num(certs); i++) {
344 x509 = sk_X509_value(certs, i);
345 if(!PKCS7_add_recipient(p7, x509)) {
346 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
347 PKCS7_R_ERROR_ADDING_RECIPIENT);
348 goto err;
349 }
350 }
351
352 if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
353 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
354 goto err;
355 }
356
357 SMIME_crlf_copy(in, p7bio, flags);
358
359 BIO_flush(p7bio);
360
361 if (!PKCS7_dataFinal(p7,p7bio)) {
362 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
363 goto err;
364 }
365 BIO_free_all(p7bio);
366
367 return p7;
368
369 err:
370
371 BIO_free(p7bio);
372 PKCS7_free(p7);
373 return NULL;
374
375}
376
377int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
378{
379 BIO *tmpmem;
380 int ret, i;
381 char buf[4096];
382
383 if(!p7) {
384 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
385 return 0;
386 }
387
388 if(!PKCS7_type_is_enveloped(p7)) {
389 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
390 return 0;
391 }
392
393 if(!X509_check_private_key(cert, pkey)) {
394 PKCS7err(PKCS7_F_PKCS7_DECRYPT,
395 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
396 return 0;
397 }
398
399 if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
400 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
401 return 0;
402 }
403
404 if (flags & PKCS7_TEXT) {
405 BIO *tmpbuf, *bread;
406 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
407 if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
408 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
409 return 0;
410 }
411 if(!(bread = BIO_push(tmpbuf, tmpmem))) {
412 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
413 return 0;
414 }
415 ret = SMIME_text(bread, data);
416 BIO_free_all(bread);
417 return ret;
418 } else {
419 for(;;) {
420 i = BIO_read(tmpmem, buf, sizeof(buf));
421 if(i <= 0) break;
422 BIO_write(data, buf, i);
423 }
424 BIO_free_all(tmpmem);
425 return 1;
426 }
427}
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
deleted file mode 100644
index 3ec725d226..0000000000
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ /dev/null
@@ -1,498 +0,0 @@
1/* crypto/pkcs7/pkcs7.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_PKCS7_H
60#define HEADER_PKCS7_H
61
62#ifdef __cplusplus
63extern "C" {
64#endif
65
66#include <openssl/bio.h>
67#include <openssl/x509.h>
68
69#ifdef VMS
70#include <openssl/vms_idhacks.h>
71#endif
72
73#ifdef WIN32
74/* Under Win32 thes are defined in wincrypt.h */
75#undef PKCS7_ISSUER_AND_SERIAL
76#undef PKCS7_SIGNER_INFO
77#endif
78
79/*
80Encryption_ID DES-CBC
81Digest_ID MD5
82Digest_Encryption_ID rsaEncryption
83Key_Encryption_ID rsaEncryption
84*/
85
86typedef struct pkcs7_issuer_and_serial_st
87 {
88 X509_NAME *issuer;
89 ASN1_INTEGER *serial;
90 } PKCS7_ISSUER_AND_SERIAL;
91
92typedef struct pkcs7_signer_info_st
93 {
94 ASN1_INTEGER *version; /* version 1 */
95 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
96 X509_ALGOR *digest_alg;
97 STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
98 X509_ALGOR *digest_enc_alg;
99 ASN1_OCTET_STRING *enc_digest;
100 STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
101
102 /* The private key to sign with */
103 EVP_PKEY *pkey;
104 } PKCS7_SIGNER_INFO;
105
106DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
107DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
108
109typedef struct pkcs7_recip_info_st
110 {
111 ASN1_INTEGER *version; /* version 0 */
112 PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
113 X509_ALGOR *key_enc_algor;
114 ASN1_OCTET_STRING *enc_key;
115 X509 *cert; /* get the pub-key from this */
116 } PKCS7_RECIP_INFO;
117
118DECLARE_STACK_OF(PKCS7_RECIP_INFO)
119DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
120
121typedef struct pkcs7_signed_st
122 {
123 ASN1_INTEGER *version; /* version 1 */
124 STACK_OF(X509_ALGOR) *md_algs; /* md used */
125 STACK_OF(X509) *cert; /* [ 0 ] */
126 STACK_OF(X509_CRL) *crl; /* [ 1 ] */
127 STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
128
129 struct pkcs7_st *contents;
130 } PKCS7_SIGNED;
131/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
132 * How about merging the two */
133
134typedef struct pkcs7_enc_content_st
135 {
136 ASN1_OBJECT *content_type;
137 X509_ALGOR *algorithm;
138 ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
139 const EVP_CIPHER *cipher;
140 } PKCS7_ENC_CONTENT;
141
142typedef struct pkcs7_enveloped_st
143 {
144 ASN1_INTEGER *version; /* version 0 */
145 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
146 PKCS7_ENC_CONTENT *enc_data;
147 } PKCS7_ENVELOPE;
148
149typedef struct pkcs7_signedandenveloped_st
150 {
151 ASN1_INTEGER *version; /* version 1 */
152 STACK_OF(X509_ALGOR) *md_algs; /* md used */
153 STACK_OF(X509) *cert; /* [ 0 ] */
154 STACK_OF(X509_CRL) *crl; /* [ 1 ] */
155 STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
156
157 PKCS7_ENC_CONTENT *enc_data;
158 STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
159 } PKCS7_SIGN_ENVELOPE;
160
161typedef struct pkcs7_digest_st
162 {
163 ASN1_INTEGER *version; /* version 0 */
164 X509_ALGOR *md; /* md used */
165 struct pkcs7_st *contents;
166 ASN1_OCTET_STRING *digest;
167 } PKCS7_DIGEST;
168
169typedef struct pkcs7_encrypted_st
170 {
171 ASN1_INTEGER *version; /* version 0 */
172 PKCS7_ENC_CONTENT *enc_data;
173 } PKCS7_ENCRYPT;
174
175typedef struct pkcs7_st
176 {
177 /* The following is non NULL if it contains ASN1 encoding of
178 * this structure */
179 unsigned char *asn1;
180 long length;
181
182#define PKCS7_S_HEADER 0
183#define PKCS7_S_BODY 1
184#define PKCS7_S_TAIL 2
185 int state; /* used during processing */
186
187 int detached;
188
189 ASN1_OBJECT *type;
190 /* content as defined by the type */
191 /* all encryption/message digests are applied to the 'contents',
192 * leaving out the 'type' field. */
193 union {
194 char *ptr;
195
196 /* NID_pkcs7_data */
197 ASN1_OCTET_STRING *data;
198
199 /* NID_pkcs7_signed */
200 PKCS7_SIGNED *sign;
201
202 /* NID_pkcs7_enveloped */
203 PKCS7_ENVELOPE *enveloped;
204
205 /* NID_pkcs7_signedAndEnveloped */
206 PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
207
208 /* NID_pkcs7_digest */
209 PKCS7_DIGEST *digest;
210
211 /* NID_pkcs7_encrypted */
212 PKCS7_ENCRYPT *encrypted;
213 } d;
214 } PKCS7;
215
216#define PKCS7_OP_SET_DETACHED_SIGNATURE 1
217#define PKCS7_OP_GET_DETACHED_SIGNATURE 2
218
219#define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
220#define PKCS7_get_attributes(si) ((si)->unauth_attr)
221
222#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
223#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
224#define PKCS7_type_is_signedAndEnveloped(a) \
225 (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
226#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
227
228#define PKCS7_set_detached(p,v) \
229 PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
230#define PKCS7_get_detached(p) \
231 PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
232
233#ifdef SSLEAY_MACROS
234#ifndef PKCS7_ISSUER_AND_SERIAL_digest
235#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
236 ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
237 (char *)data,md,len)
238#endif
239#endif
240
241/* S/MIME related flags */
242
243#define PKCS7_TEXT 0x1
244#define PKCS7_NOCERTS 0x2
245#define PKCS7_NOSIGS 0x4
246#define PKCS7_NOCHAIN 0x8
247#define PKCS7_NOINTERN 0x10
248#define PKCS7_NOVERIFY 0x20
249#define PKCS7_DETACHED 0x40
250#define PKCS7_BINARY 0x80
251#define PKCS7_NOATTR 0x100
252
253/* Flags: for compatibility with older code */
254
255#define SMIME_TEXT PKCS7_TEXT
256#define SMIME_NOCERTS PKCS7_NOCERTS
257#define SMIME_NOSIGS PKCS7_NOSIGS
258#define SMIME_NOCHAIN PKCS7_NOCHAIN
259#define SMIME_NOINTERN PKCS7_NOINTERN
260#define SMIME_NOVERIFY PKCS7_NOVERIFY
261#define SMIME_DETACHED PKCS7_DETACHED
262#define SMIME_BINARY PKCS7_BINARY
263#define SMIME_NOATTR PKCS7_NOATTR
264
265PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
266void PKCS7_ISSUER_AND_SERIAL_free(
267 PKCS7_ISSUER_AND_SERIAL *a);
268int i2d_PKCS7_ISSUER_AND_SERIAL(
269 PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp);
270PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
271 PKCS7_ISSUER_AND_SERIAL **a,
272 unsigned char **pp, long length);
273
274#ifndef SSLEAY_MACROS
275int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
276 unsigned char *md,unsigned int *len);
277#ifndef NO_FP_API
278PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
279int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
280#endif
281PKCS7 *PKCS7_dup(PKCS7 *p7);
282PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
283int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
284#endif
285
286PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void);
287void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
288int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a,
289 unsigned char **pp);
290PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
291 unsigned char **pp,long length);
292
293PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void);
294void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a);
295int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a,
296 unsigned char **pp);
297PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
298 unsigned char **pp,long length);
299
300PKCS7_SIGNED *PKCS7_SIGNED_new(void);
301void PKCS7_SIGNED_free(PKCS7_SIGNED *a);
302int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a,
303 unsigned char **pp);
304PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a,
305 unsigned char **pp,long length);
306
307PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void);
308void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a);
309int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a,
310 unsigned char **pp);
311PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
312 unsigned char **pp,long length);
313
314PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void);
315void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a);
316int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a,
317 unsigned char **pp);
318PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a,
319 unsigned char **pp,long length);
320
321PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void);
322void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a);
323int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a,
324 unsigned char **pp);
325PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
326 unsigned char **pp,long length);
327
328PKCS7_DIGEST *PKCS7_DIGEST_new(void);
329void PKCS7_DIGEST_free(PKCS7_DIGEST *a);
330int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a,
331 unsigned char **pp);
332PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a,
333 unsigned char **pp,long length);
334
335PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void);
336void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a);
337int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a,
338 unsigned char **pp);
339PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a,
340 unsigned char **pp,long length);
341
342PKCS7 *PKCS7_new(void);
343void PKCS7_free(PKCS7 *a);
344void PKCS7_content_free(PKCS7 *a);
345int i2d_PKCS7(PKCS7 *a,
346 unsigned char **pp);
347PKCS7 *d2i_PKCS7(PKCS7 **a,
348 unsigned char **pp,long length);
349
350void ERR_load_PKCS7_strings(void);
351
352
353long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
354
355int PKCS7_set_type(PKCS7 *p7, int type);
356int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
357int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
358 EVP_MD *dgst);
359int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
360int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
361int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
362int PKCS7_content_new(PKCS7 *p7, int nid);
363int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
364 BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
365int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
366 X509 *x509);
367
368BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
369int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
370BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
371
372
373PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
374 EVP_PKEY *pkey, EVP_MD *dgst);
375X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
376STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
377
378PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
379int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
380int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
381int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
382
383PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
384ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
385int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
386 void *data);
387int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
388 void *value);
389ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
390ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
391int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
392 STACK_OF(X509_ATTRIBUTE) *sk);
393int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
394
395
396PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
397 BIO *data, int flags);
398int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
399 BIO *indata, BIO *out, int flags);
400STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
401PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
402 int flags);
403int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
404
405int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap);
406STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
407int PKCS7_simple_smimecap(STACK *sk, int nid, int arg);
408
409int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
410PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
411int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
412int SMIME_text(BIO *in, BIO *out);
413
414/* BEGIN ERROR CODES */
415/* The following lines are auto generated by the script mkerr.pl. Any changes
416 * made after this point may be overwritten when the script is next run.
417 */
418
419/* Error codes for the PKCS7 functions. */
420
421/* Function codes. */
422#define PKCS7_F_B64_READ_PKCS7 120
423#define PKCS7_F_B64_WRITE_PKCS7 121
424#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
425#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
426#define PKCS7_F_PKCS7_ADD_CRL 101
427#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
428#define PKCS7_F_PKCS7_ADD_SIGNER 103
429#define PKCS7_F_PKCS7_CTRL 104
430#define PKCS7_F_PKCS7_DATADECODE 112
431#define PKCS7_F_PKCS7_DATAINIT 105
432#define PKCS7_F_PKCS7_DATASIGN 106
433#define PKCS7_F_PKCS7_DATAVERIFY 107
434#define PKCS7_F_PKCS7_DECRYPT 114
435#define PKCS7_F_PKCS7_ENCRYPT 115
436#define PKCS7_F_PKCS7_GET0_SIGNERS 124
437#define PKCS7_F_PKCS7_SET_CIPHER 108
438#define PKCS7_F_PKCS7_SET_CONTENT 109
439#define PKCS7_F_PKCS7_SET_TYPE 110
440#define PKCS7_F_PKCS7_SIGN 116
441#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
442#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
443#define PKCS7_F_PKCS7_VERIFY 117
444#define PKCS7_F_SMIME_READ_PKCS7 122
445#define PKCS7_F_SMIME_TEXT 123
446
447/* Reason codes. */
448#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117
449#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144
450#define PKCS7_R_CIPHER_NOT_INITIALIZED 116
451#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
452#define PKCS7_R_DECODE_ERROR 130
453#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
454#define PKCS7_R_DECRYPT_ERROR 119
455#define PKCS7_R_DIGEST_FAILURE 101
456#define PKCS7_R_ERROR_ADDING_RECIPIENT 120
457#define PKCS7_R_ERROR_SETTING_CIPHER 121
458#define PKCS7_R_INTERNAL_ERROR 102
459#define PKCS7_R_INVALID_MIME_TYPE 131
460#define PKCS7_R_INVALID_NULL_POINTER 143
461#define PKCS7_R_MIME_NO_CONTENT_TYPE 132
462#define PKCS7_R_MIME_PARSE_ERROR 133
463#define PKCS7_R_MIME_SIG_PARSE_ERROR 134
464#define PKCS7_R_MISSING_CERIPEND_INFO 103
465#define PKCS7_R_NO_CONTENT 122
466#define PKCS7_R_NO_CONTENT_TYPE 135
467#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
468#define PKCS7_R_NO_MULTIPART_BOUNDARY 137
469#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
470#define PKCS7_R_NO_SIGNATURES_ON_DATA 123
471#define PKCS7_R_NO_SIGNERS 142
472#define PKCS7_R_NO_SIG_CONTENT_TYPE 138
473#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
474#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
475#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
476#define PKCS7_R_PKCS7_DATASIGN 126
477#define PKCS7_R_PKCS7_PARSE_ERROR 139
478#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140
479#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
480#define PKCS7_R_SIGNATURE_FAILURE 105
481#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128
482#define PKCS7_R_SIG_INVALID_MIME_TYPE 141
483#define PKCS7_R_SMIME_TEXT_ERROR 129
484#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
485#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
486#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
487#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109
488#define PKCS7_R_UNKNOWN_OPERATION 110
489#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111
490#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112
491#define PKCS7_R_WRONG_CONTENT_TYPE 113
492#define PKCS7_R_WRONG_PKCS7_TYPE 114
493
494#ifdef __cplusplus
495}
496#endif
497#endif
498
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
deleted file mode 100644
index 8ded8913db..0000000000
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ /dev/null
@@ -1,161 +0,0 @@
1/* crypto/pkcs7/pkcs7err.c */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/pkcs7.h>
64
65/* BEGIN ERROR CODES */
66#ifndef NO_ERR
67static ERR_STRING_DATA PKCS7_str_functs[]=
68 {
69{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"},
70{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"},
71{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"},
72{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"},
73{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"},
74{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"},
75{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"},
76{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"},
77{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"},
78{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"},
79{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"},
80{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"},
81{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"},
82{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"},
83{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"},
84{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"},
85{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"},
86{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"},
87{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"},
88{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"},
89{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"},
90{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"},
91{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"},
92{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"},
93{0,NULL}
94 };
95
96static ERR_STRING_DATA PKCS7_str_reasons[]=
97 {
98{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"},
99{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
100{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"},
101{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"},
102{PKCS7_R_DECODE_ERROR ,"decode error"},
103{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"},
104{PKCS7_R_DECRYPT_ERROR ,"decrypt error"},
105{PKCS7_R_DIGEST_FAILURE ,"digest failure"},
106{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"},
107{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"},
108{PKCS7_R_INTERNAL_ERROR ,"internal error"},
109{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"},
110{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"},
111{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"},
112{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"},
113{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"},
114{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"},
115{PKCS7_R_NO_CONTENT ,"no content"},
116{PKCS7_R_NO_CONTENT_TYPE ,"no content type"},
117{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"},
118{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"},
119{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
120{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"},
121{PKCS7_R_NO_SIGNERS ,"no signers"},
122{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"},
123{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
124{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"},
125{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"},
126{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"},
127{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"},
128{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"},
129{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
130{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"},
131{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"},
132{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"},
133{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"},
134{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"},
135{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"},
136{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"},
137{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"},
138{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"},
139{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"},
140{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"},
141{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"},
142{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"},
143{0,NULL}
144 };
145
146#endif
147
148void ERR_load_PKCS7_strings(void)
149 {
150 static int init=1;
151
152 if (init)
153 {
154 init=0;
155#ifndef NO_ERR
156 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
157 ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
158#endif
159
160 }
161 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-24 22:12:53 +0000