1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/pkcs7/pk7_lib.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,589 @@
1.4 +/* crypto/pkcs7/pk7_lib.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +
1.62 +#include <stdio.h>
1.63 +#include "cryptlib.h"
1.64 +#include <openssl/objects.h>
1.65 +#include <openssl/x509.h>
1.66 +
1.67 +EXPORT_C long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
1.68 + {
1.69 + int nid;
1.70 + long ret;
1.71 +
1.72 + nid=OBJ_obj2nid(p7->type);
1.73 +
1.74 + switch (cmd)
1.75 + {
1.76 + case PKCS7_OP_SET_DETACHED_SIGNATURE:
1.77 + if (nid == NID_pkcs7_signed)
1.78 + {
1.79 + ret=p7->detached=(int)larg;
1.80 + if (ret && PKCS7_type_is_data(p7->d.sign->contents))
1.81 + {
1.82 + ASN1_OCTET_STRING *os;
1.83 + os=p7->d.sign->contents->d.data;
1.84 + ASN1_OCTET_STRING_free(os);
1.85 + p7->d.sign->contents->d.data = NULL;
1.86 + }
1.87 + }
1.88 + else
1.89 + {
1.90 + PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
1.91 + ret=0;
1.92 + }
1.93 + break;
1.94 + case PKCS7_OP_GET_DETACHED_SIGNATURE:
1.95 + if (nid == NID_pkcs7_signed)
1.96 + {
1.97 + if(!p7->d.sign || !p7->d.sign->contents->d.ptr)
1.98 + ret = 1;
1.99 + else ret = 0;
1.100 +
1.101 + p7->detached = ret;
1.102 + }
1.103 + else
1.104 + {
1.105 + PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
1.106 + ret=0;
1.107 + }
1.108 +
1.109 + break;
1.110 + default:
1.111 + PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
1.112 + ret=0;
1.113 + }
1.114 + return(ret);
1.115 + }
1.116 +
1.117 +EXPORT_C int PKCS7_content_new(PKCS7 *p7, int type)
1.118 + {
1.119 + PKCS7 *ret=NULL;
1.120 +
1.121 + if ((ret=PKCS7_new()) == NULL) goto err;
1.122 + if (!PKCS7_set_type(ret,type)) goto err;
1.123 + if (!PKCS7_set_content(p7,ret)) goto err;
1.124 +
1.125 + return(1);
1.126 +err:
1.127 + if (ret != NULL) PKCS7_free(ret);
1.128 + return(0);
1.129 + }
1.130 +
1.131 +EXPORT_C int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
1.132 + {
1.133 + int i;
1.134 +
1.135 + i=OBJ_obj2nid(p7->type);
1.136 + switch (i)
1.137 + {
1.138 + case NID_pkcs7_signed:
1.139 + if (p7->d.sign->contents != NULL)
1.140 + PKCS7_free(p7->d.sign->contents);
1.141 + p7->d.sign->contents=p7_data;
1.142 + break;
1.143 + case NID_pkcs7_digest:
1.144 + if (p7->d.digest->contents != NULL)
1.145 + PKCS7_free(p7->d.digest->contents);
1.146 + p7->d.digest->contents=p7_data;
1.147 + break;
1.148 + case NID_pkcs7_data:
1.149 + case NID_pkcs7_enveloped:
1.150 + case NID_pkcs7_signedAndEnveloped:
1.151 + case NID_pkcs7_encrypted:
1.152 + default:
1.153 + PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
1.154 + goto err;
1.155 + }
1.156 + return(1);
1.157 +err:
1.158 + return(0);
1.159 + }
1.160 +
1.161 +EXPORT_C int PKCS7_set_type(PKCS7 *p7, int type)
1.162 + {
1.163 + ASN1_OBJECT *obj;
1.164 +
1.165 + /*PKCS7_content_free(p7);*/
1.166 + obj=OBJ_nid2obj(type); /* will not fail */
1.167 +
1.168 + switch (type)
1.169 + {
1.170 + case NID_pkcs7_signed:
1.171 + p7->type=obj;
1.172 + if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
1.173 + goto err;
1.174 + if (!ASN1_INTEGER_set(p7->d.sign->version,1))
1.175 + {
1.176 + PKCS7_SIGNED_free(p7->d.sign);
1.177 + p7->d.sign=NULL;
1.178 + goto err;
1.179 + }
1.180 + break;
1.181 + case NID_pkcs7_data:
1.182 + p7->type=obj;
1.183 + if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
1.184 + goto err;
1.185 + break;
1.186 + case NID_pkcs7_signedAndEnveloped:
1.187 + p7->type=obj;
1.188 + if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
1.189 + == NULL) goto err;
1.190 + ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
1.191 + if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
1.192 + goto err;
1.193 + p7->d.signed_and_enveloped->enc_data->content_type
1.194 + = OBJ_nid2obj(NID_pkcs7_data);
1.195 + break;
1.196 + case NID_pkcs7_enveloped:
1.197 + p7->type=obj;
1.198 + if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
1.199 + == NULL) goto err;
1.200 + if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
1.201 + goto err;
1.202 + p7->d.enveloped->enc_data->content_type
1.203 + = OBJ_nid2obj(NID_pkcs7_data);
1.204 + break;
1.205 + case NID_pkcs7_encrypted:
1.206 + p7->type=obj;
1.207 + if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
1.208 + == NULL) goto err;
1.209 + if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
1.210 + goto err;
1.211 + p7->d.encrypted->enc_data->content_type
1.212 + = OBJ_nid2obj(NID_pkcs7_data);
1.213 + break;
1.214 +
1.215 + case NID_pkcs7_digest:
1.216 + p7->type=obj;
1.217 + if ((p7->d.digest=PKCS7_DIGEST_new())
1.218 + == NULL) goto err;
1.219 + if (!ASN1_INTEGER_set(p7->d.digest->version,0))
1.220 + goto err;
1.221 + break;
1.222 + default:
1.223 + PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
1.224 + goto err;
1.225 + }
1.226 + return(1);
1.227 +err:
1.228 + return(0);
1.229 + }
1.230 +
1.231 +EXPORT_C int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
1.232 + {
1.233 + p7->type = OBJ_nid2obj(type);
1.234 + p7->d.other = other;
1.235 + return 1;
1.236 + }
1.237 +
1.238 +EXPORT_C int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
1.239 + {
1.240 + int i,j,nid;
1.241 + X509_ALGOR *alg;
1.242 + STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
1.243 + STACK_OF(X509_ALGOR) *md_sk;
1.244 +
1.245 + i=OBJ_obj2nid(p7->type);
1.246 + switch (i)
1.247 + {
1.248 + case NID_pkcs7_signed:
1.249 + signer_sk= p7->d.sign->signer_info;
1.250 + md_sk= p7->d.sign->md_algs;
1.251 + break;
1.252 + case NID_pkcs7_signedAndEnveloped:
1.253 + signer_sk= p7->d.signed_and_enveloped->signer_info;
1.254 + md_sk= p7->d.signed_and_enveloped->md_algs;
1.255 + break;
1.256 + default:
1.257 + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
1.258 + return(0);
1.259 + }
1.260 +
1.261 + nid=OBJ_obj2nid(psi->digest_alg->algorithm);
1.262 +
1.263 + /* If the digest is not currently listed, add it */
1.264 + j=0;
1.265 + for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
1.266 + {
1.267 + alg=sk_X509_ALGOR_value(md_sk,i);
1.268 + if (OBJ_obj2nid(alg->algorithm) == nid)
1.269 + {
1.270 + j=1;
1.271 + break;
1.272 + }
1.273 + }
1.274 + if (!j) /* we need to add another algorithm */
1.275 + {
1.276 + if(!(alg=X509_ALGOR_new())
1.277 + || !(alg->parameter = ASN1_TYPE_new()))
1.278 + {
1.279 + X509_ALGOR_free(alg);
1.280 + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
1.281 + return(0);
1.282 + }
1.283 + alg->algorithm=OBJ_nid2obj(nid);
1.284 + alg->parameter->type = V_ASN1_NULL;
1.285 + if (!sk_X509_ALGOR_push(md_sk,alg))
1.286 + {
1.287 + X509_ALGOR_free(alg);
1.288 + return 0;
1.289 + }
1.290 + }
1.291 +
1.292 + if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
1.293 + return 0;
1.294 + return(1);
1.295 + }
1.296 +
1.297 +EXPORT_C int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
1.298 + {
1.299 + int i;
1.300 + STACK_OF(X509) **sk;
1.301 +
1.302 + i=OBJ_obj2nid(p7->type);
1.303 + switch (i)
1.304 + {
1.305 + case NID_pkcs7_signed:
1.306 + sk= &(p7->d.sign->cert);
1.307 + break;
1.308 + case NID_pkcs7_signedAndEnveloped:
1.309 + sk= &(p7->d.signed_and_enveloped->cert);
1.310 + break;
1.311 + default:
1.312 + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
1.313 + return(0);
1.314 + }
1.315 +
1.316 + if (*sk == NULL)
1.317 + *sk=sk_X509_new_null();
1.318 + if (*sk == NULL)
1.319 + {
1.320 + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
1.321 + return 0;
1.322 + }
1.323 + CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
1.324 + if (!sk_X509_push(*sk,x509))
1.325 + {
1.326 + X509_free(x509);
1.327 + return 0;
1.328 + }
1.329 + return(1);
1.330 + }
1.331 +
1.332 +EXPORT_C int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
1.333 + {
1.334 + int i;
1.335 + STACK_OF(X509_CRL) **sk;
1.336 +
1.337 + i=OBJ_obj2nid(p7->type);
1.338 + switch (i)
1.339 + {
1.340 + case NID_pkcs7_signed:
1.341 + sk= &(p7->d.sign->crl);
1.342 + break;
1.343 + case NID_pkcs7_signedAndEnveloped:
1.344 + sk= &(p7->d.signed_and_enveloped->crl);
1.345 + break;
1.346 + default:
1.347 + PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
1.348 + return(0);
1.349 + }
1.350 +
1.351 + if (*sk == NULL)
1.352 + *sk=sk_X509_CRL_new_null();
1.353 + if (*sk == NULL)
1.354 + {
1.355 + PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
1.356 + return 0;
1.357 + }
1.358 +
1.359 + CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
1.360 + if (!sk_X509_CRL_push(*sk,crl))
1.361 + {
1.362 + X509_CRL_free(crl);
1.363 + return 0;
1.364 + }
1.365 + return(1);
1.366 + }
1.367 +
1.368 +EXPORT_C int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
1.369 + const EVP_MD *dgst)
1.370 + {
1.371 + int nid;
1.372 + char is_dsa;
1.373 +
1.374 + if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
1.375 + is_dsa = 1;
1.376 + else
1.377 + is_dsa = 0;
1.378 + /* We now need to add another PKCS7_SIGNER_INFO entry */
1.379 + if (!ASN1_INTEGER_set(p7i->version,1))
1.380 + goto err;
1.381 + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
1.382 + X509_get_issuer_name(x509)))
1.383 + goto err;
1.384 +
1.385 + /* because ASN1_INTEGER_set is used to set a 'long' we will do
1.386 + * things the ugly way. */
1.387 + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
1.388 + if (!(p7i->issuer_and_serial->serial=
1.389 + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
1.390 + goto err;
1.391 +
1.392 + /* lets keep the pkey around for a while */
1.393 + CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
1.394 + p7i->pkey=pkey;
1.395 +
1.396 + /* Set the algorithms */
1.397 + if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
1.398 + else
1.399 + p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
1.400 +
1.401 + if (p7i->digest_alg->parameter != NULL)
1.402 + ASN1_TYPE_free(p7i->digest_alg->parameter);
1.403 + if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
1.404 + goto err;
1.405 + p7i->digest_alg->parameter->type=V_ASN1_NULL;
1.406 +
1.407 + if (p7i->digest_enc_alg->parameter != NULL)
1.408 + ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
1.409 + nid = EVP_PKEY_type(pkey->type);
1.410 + if (nid == EVP_PKEY_RSA)
1.411 + {
1.412 + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
1.413 + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
1.414 + goto err;
1.415 + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
1.416 + }
1.417 + else if (nid == EVP_PKEY_DSA)
1.418 + {
1.419 +#if 1
1.420 + /* use 'dsaEncryption' OID for compatibility with other software
1.421 + * (PKCS #7 v1.5 does specify how to handle DSA) ... */
1.422 + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
1.423 +#else
1.424 + /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
1.425 + * would make more sense. */
1.426 + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
1.427 +#endif
1.428 + p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
1.429 + }
1.430 + else if (nid == EVP_PKEY_EC)
1.431 + {
1.432 + p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
1.433 + if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
1.434 + goto err;
1.435 + p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
1.436 + }
1.437 + else
1.438 + return(0);
1.439 +
1.440 + return(1);
1.441 +err:
1.442 + return(0);
1.443 + }
1.444 +
1.445 +EXPORT_C PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
1.446 + const EVP_MD *dgst)
1.447 + {
1.448 + PKCS7_SIGNER_INFO *si;
1.449 +
1.450 + if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
1.451 + if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
1.452 + if (!PKCS7_add_signer(p7,si)) goto err;
1.453 + return(si);
1.454 +err:
1.455 + PKCS7_SIGNER_INFO_free(si);
1.456 + return(NULL);
1.457 + }
1.458 +
1.459 +EXPORT_C int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
1.460 + {
1.461 + if (PKCS7_type_is_digest(p7))
1.462 + {
1.463 + if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
1.464 + {
1.465 + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
1.466 + return 0;
1.467 + }
1.468 + p7->d.digest->md->parameter->type = V_ASN1_NULL;
1.469 + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
1.470 + return 1;
1.471 + }
1.472 +
1.473 + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
1.474 + return 1;
1.475 + }
1.476 +
1.477 +EXPORT_C STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
1.478 + {
1.479 + if (PKCS7_type_is_signed(p7))
1.480 + {
1.481 + return(p7->d.sign->signer_info);
1.482 + }
1.483 + else if (PKCS7_type_is_signedAndEnveloped(p7))
1.484 + {
1.485 + return(p7->d.signed_and_enveloped->signer_info);
1.486 + }
1.487 + else
1.488 + return(NULL);
1.489 + }
1.490 +
1.491 +EXPORT_C PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
1.492 + {
1.493 + PKCS7_RECIP_INFO *ri;
1.494 +
1.495 + if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
1.496 + if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
1.497 + if (!PKCS7_add_recipient_info(p7,ri)) goto err;
1.498 + return(ri);
1.499 +err:
1.500 + PKCS7_RECIP_INFO_free(ri);
1.501 + return(NULL);
1.502 + }
1.503 +
1.504 +EXPORT_C int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
1.505 + {
1.506 + int i;
1.507 + STACK_OF(PKCS7_RECIP_INFO) *sk;
1.508 +
1.509 + i=OBJ_obj2nid(p7->type);
1.510 + switch (i)
1.511 + {
1.512 + case NID_pkcs7_signedAndEnveloped:
1.513 + sk= p7->d.signed_and_enveloped->recipientinfo;
1.514 + break;
1.515 + case NID_pkcs7_enveloped:
1.516 + sk= p7->d.enveloped->recipientinfo;
1.517 + break;
1.518 + default:
1.519 + PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
1.520 + return(0);
1.521 + }
1.522 +
1.523 + if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
1.524 + return 0;
1.525 + return(1);
1.526 + }
1.527 +
1.528 +EXPORT_C int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
1.529 + {
1.530 + if (!ASN1_INTEGER_set(p7i->version,0))
1.531 + return 0;
1.532 + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
1.533 + X509_get_issuer_name(x509)))
1.534 + return 0;
1.535 +
1.536 + M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
1.537 + if (!(p7i->issuer_and_serial->serial=
1.538 + M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
1.539 + return 0;
1.540 +
1.541 + X509_ALGOR_free(p7i->key_enc_algor);
1.542 + if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
1.543 + return 0;
1.544 +
1.545 + CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
1.546 + p7i->cert=x509;
1.547 +
1.548 + return(1);
1.549 + }
1.550 +
1.551 +EXPORT_C X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
1.552 + {
1.553 + if (PKCS7_type_is_signed(p7))
1.554 + return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
1.555 + si->issuer_and_serial->issuer,
1.556 + si->issuer_and_serial->serial));
1.557 + else
1.558 + return(NULL);
1.559 + }
1.560 +
1.561 +EXPORT_C int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
1.562 + {
1.563 + int i;
1.564 + ASN1_OBJECT *objtmp;
1.565 + PKCS7_ENC_CONTENT *ec;
1.566 +
1.567 + i=OBJ_obj2nid(p7->type);
1.568 + switch (i)
1.569 + {
1.570 + case NID_pkcs7_signedAndEnveloped:
1.571 + ec=p7->d.signed_and_enveloped->enc_data;
1.572 + break;
1.573 + case NID_pkcs7_enveloped:
1.574 + ec=p7->d.enveloped->enc_data;
1.575 + break;
1.576 + default:
1.577 + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
1.578 + return(0);
1.579 + }
1.580 +
1.581 + /* Check cipher OID exists and has data in it*/
1.582 + i = EVP_CIPHER_type(cipher);
1.583 + if(i == NID_undef) {
1.584 + PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
1.585 + return(0);
1.586 + }
1.587 + objtmp = OBJ_nid2obj(i);
1.588 +
1.589 + ec->cipher = cipher;
1.590 + return 1;
1.591 + }
1.592 +