And so it begins...
authorDr. Stephen Henson <steve@openssl.org>
Wed, 12 Mar 2008 21:14:28 +0000 (21:14 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 12 Mar 2008 21:14:28 +0000 (21:14 +0000)
Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.

60 files changed:
CHANGES
Makefile.org
apps/Makefile
apps/apps.h
apps/cms.c [new file with mode: 0644]
apps/enc.c
apps/progs.h
apps/progs.pl
crypto/aes/aes_wrap.c [new file with mode: 0644]
crypto/asn1/Makefile
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/asn1/asn1t.h
crypto/asn1/asn_mime.c [new file with mode: 0644]
crypto/asn1/bio_ndef.c [new file with mode: 0644]
crypto/asn1/p5_pbe.c
crypto/asn1/x_algor.c
crypto/bio/bio.h
crypto/cms/Makefile [new file with mode: 0644]
crypto/cms/cms.h [new file with mode: 0644]
crypto/cms/cms_asn1.c [new file with mode: 0644]
crypto/cms/cms_att.c [new file with mode: 0644]
crypto/cms/cms_cd.c [new file with mode: 0644]
crypto/cms/cms_dd.c [new file with mode: 0644]
crypto/cms/cms_env.c [new file with mode: 0644]
crypto/cms/cms_err.c [new file with mode: 0644]
crypto/cms/cms_io.c [new file with mode: 0644]
crypto/cms/cms_lcl.h [new file with mode: 0644]
crypto/cms/cms_lib.c [new file with mode: 0644]
crypto/cms/cms_sd.c [new file with mode: 0644]
crypto/cms/cms_smime.c [new file with mode: 0644]
crypto/comp/c_zlib.c
crypto/comp/comp.h
crypto/comp/comp_err.c
crypto/dsa/Makefile
crypto/dsa/dsa_ameth.c
crypto/dsa/dsa_pmeth.c
crypto/ec/ec_ameth.c
crypto/ec/ec_pmeth.c
crypto/err/Makefile
crypto/err/err.c
crypto/err/err.h
crypto/err/err_all.c
crypto/err/openssl.ec
crypto/evp/evp.h
crypto/evp/m_sha1.c
crypto/pem/pem.h
crypto/pem/pem_lib.c
crypto/pkcs7/bio_pk7.c
crypto/pkcs7/pk7_asn1.c
crypto/pkcs7/pk7_attr.c
crypto/pkcs7/pk7_mime.c
crypto/pkcs7/pkcs7.h
crypto/rsa/rsa_ameth.c
crypto/rsa/rsa_pmeth.c
crypto/stack/safestack.h
crypto/x509/x509.h
crypto/x509/x509_att.c
ssl/Makefile
util/mkdef.pl

diff --git a/CHANGES b/CHANGES
index 2e1a6ae..f3d0ed5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,18 @@
 
  Changes between 0.9.8g and 0.9.9  [xx XXX xxxx]
 
+  *) Initial support for Cryptographic Message Syntax (aka CMS) based
+     on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
+     support for data, signedData, compressedData types currently included,
+     more to come. Scripts to check against RFC4134 examples draft and internal
+     consistency.
+     [Steve Henson]
+
+  *) Zlib compression BIO. This is a filter BIO which compressed and
+     uncompresses any data passed through it. Add options to enc utility
+     to support it.
+     [Steve Henson]
+
   *) Extend mk1mf to support importing of options and assembly language
      files from Configure script, currently only included in VC-WIN32.
      The assembly language rules can now optionally generate the source
index 5efd0d5..249e573 100644 (file)
@@ -119,7 +119,7 @@ SDIRS=  \
        bn ec rsa dsa ecdsa dh ecdh dso engine \
        buffer bio stack lhash rand err \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-       store pqueue ts
+       store cms pqueue ts 
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 
index e39bfa7..73dd585 100644 (file)
@@ -38,7 +38,7 @@ EXE= $(PROGRAM)$(EXE_EXT)
 E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
        ca crl rsa rsautl dsa dsaparam ec ecparam \
        x509 genrsa gendsa genpkey s_server s_client speed \
-       s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+       s_time version pkcs7 cms crl2pkcs7 sess_id ciphers nseq pkcs12 \
        pkcs8 pkey pkeyparam pkeyutl spkac smime rand engine ocsp prime ts
 
 PROGS= $(PROGRAM).c
@@ -56,7 +56,7 @@ E_OBJ=        verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o er
        x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o \
        s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
        ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o \
-       spkac.o smime.o rand.o engine.o ocsp.o prime.o ts.o
+       spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o
 
 E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
        pkcs7.c crl2p7.c crl.c \
@@ -64,7 +64,7 @@ E_SRC=        verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.
        x509.c genrsa.c gendsa.c genpkey.c s_server.c s_client.c speed.c \
        s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
        ciphers.c nseq.c pkcs12.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c \
-       spkac.c smime.c rand.c engine.c ocsp.c prime.c ts.c
+       spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c
 
 SRC=$(E_SRC)
 
@@ -174,13 +174,14 @@ app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
-app_rand.o: apps.h
+app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+app_rand.o: app_rand.c apps.h
 apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -189,15 +190,15 @@ apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 apps.o: ../include/openssl/engine.h ../include/openssl/err.h
 apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-apps.o: ../include/openssl/x509v3.h apps.c apps.h
+apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+apps.o: ../include/openssl/ui.h ../include/openssl/x509.h
+apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h
 asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -205,13 +206,14 @@ asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
 asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 asn1pars.o: asn1pars.c
 ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -238,16 +240,17 @@ ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
 ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
+ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c
 crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -255,14 +258,14 @@ crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl.o: ../include/openssl/err.h ../include/openssl/evp.h
 crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-crl.o: ../include/openssl/x509v3.h apps.h crl.c
+crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
 crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -270,13 +273,14 @@ crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
 crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 crl2p7.o: crl2p7.c
 dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -286,13 +290,14 @@ dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
 dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
 dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
+dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dgst.o: ../include/openssl/x509v3.h apps.h dgst.c
 dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -301,13 +306,14 @@ dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dh.o: ../include/openssl/err.h ../include/openssl/evp.h
 dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
+dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c
 dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -316,13 +322,14 @@ dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
 dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
+dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c
 dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -332,15 +339,16 @@ dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
+dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -348,13 +356,14 @@ ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ec.o: ../include/openssl/err.h ../include/openssl/evp.h
 ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c
+ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c
 ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -363,28 +372,30 @@ ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
 ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
+ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c
 enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+enc.o: ../include/openssl/engine.h ../include/openssl/err.h
+enc.o: ../include/openssl/evp.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
 enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
+enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c
 engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 engine.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -394,16 +405,17 @@ engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 engine.o: ../include/openssl/err.h ../include/openssl/evp.h
 engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
+engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+engine.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+engine.o: ../include/openssl/x509v3.h apps.h engine.c
 errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -413,16 +425,17 @@ errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
 errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
+errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+errstr.o: ../include/openssl/x509v3.h apps.h errstr.c
 gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -432,15 +445,16 @@ gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
 gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
+gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -449,13 +463,14 @@ gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
 gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 gendsa.o: gendsa.c
 genpkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genpkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -464,13 +479,14 @@ genpkey.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 genpkey.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 genpkey.o: ../include/openssl/err.h ../include/openssl/evp.h
 genpkey.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-genpkey.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-genpkey.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-genpkey.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-genpkey.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-genpkey.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genpkey.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genpkey.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+genpkey.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+genpkey.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genpkey.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genpkey.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genpkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genpkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+genpkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+genpkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 genpkey.o: genpkey.c
 genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -481,15 +497,16 @@ genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
+genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -497,13 +514,14 @@ nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
 nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
+nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c
 ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ocsp.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -532,16 +550,17 @@ openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
 openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
+openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
@@ -551,13 +570,14 @@ passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
 passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
 passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
-passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 passwd.o: passwd.c
 pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -566,14 +586,15 @@ pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
+pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c
 pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -581,13 +602,15 @@ pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+pkcs7.o: pkcs7.c
 pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -595,14 +618,15 @@ pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
+pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c
 pkey.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkey.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkey.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -610,13 +634,14 @@ pkey.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkey.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkey.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkey.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkey.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkey.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkey.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkey.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkey.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkey.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkey.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkey.c
+pkey.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkey.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkey.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkey.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkey.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkey.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkey.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkey.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h pkey.c
 pkeyparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkeyparam.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 pkeyparam.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -624,13 +649,14 @@ pkeyparam.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkeyparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkeyparam.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkeyparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkeyparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkeyparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkeyparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkeyparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkeyparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkeyparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkeyparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+pkeyparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkeyparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkeyparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkeyparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkeyparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkeyparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkeyparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkeyparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 pkeyparam.o: pkeyparam.c
 pkeyutl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 pkeyutl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -639,13 +665,14 @@ pkeyutl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 pkeyutl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 pkeyutl.o: ../include/openssl/err.h ../include/openssl/evp.h
 pkeyutl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkeyutl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkeyutl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkeyutl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkeyutl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkeyutl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkeyutl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkeyutl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+pkeyutl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+pkeyutl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkeyutl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkeyutl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkeyutl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkeyutl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkeyutl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+pkeyutl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 pkeyutl.o: pkeyutl.c
 prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -654,12 +681,14 @@ prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
 prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
 prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c
+prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+prime.o: prime.c
 rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -667,13 +696,14 @@ rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rand.o: ../include/openssl/err.h ../include/openssl/evp.h
 rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
+rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rand.o: ../include/openssl/x509v3.h apps.h rand.c
 req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -683,15 +713,16 @@ req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 req.o: ../include/openssl/engine.h ../include/openssl/err.h
 req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-req.o: ../include/openssl/stack.h ../include/openssl/store.h
-req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/ui.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -700,13 +731,14 @@ rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
 rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
 rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
+rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
+rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c
 rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -714,14 +746,15 @@ rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
 rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
+rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c
 s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_cb.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -731,16 +764,17 @@ s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
+s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c
 s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_client.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -750,16 +784,17 @@ s_client.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_client.o: s_apps.h s_client.c timeouts.h
 s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -771,18 +806,19 @@ s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
 s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
 s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h
 s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_server.o: s_apps.h s_server.c timeouts.h
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -792,16 +828,17 @@ s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_socket.o: ../include/openssl/evp.h ../include/openssl/kssl.h
 s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 s_socket.o: s_apps.h s_socket.c
 s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -812,16 +849,17 @@ s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
 s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
+s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c
 sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -831,16 +869,17 @@ sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
 sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
 sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
+sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c
 smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -848,14 +887,15 @@ smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 smime.o: ../include/openssl/err.h ../include/openssl/evp.h
 smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-smime.o: ../include/openssl/x509v3.h apps.h smime.c
+smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+smime.o: smime.c
 speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
 speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
 speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -870,17 +910,18 @@ speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
 speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
 speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
-speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h
-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-speed.o: ../include/openssl/seed.h ../include/openssl/sha.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-speed.o: ../include/openssl/ui_compat.h ../include/openssl/whrlpool.h
-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c
-speed.o: testdsa.h testrsa.h
+speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+speed.o: ../include/openssl/safestack.h ../include/openssl/seed.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+speed.o: ../include/openssl/whrlpool.h ../include/openssl/x509.h
+speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+speed.o: speed.c testdsa.h testrsa.h
 spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -888,13 +929,15 @@ spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
 spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
+spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+spkac.o: spkac.c
 ts.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ts.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 ts.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@@ -903,15 +946,16 @@ ts.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 ts.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 ts.o: ../include/openssl/err.h ../include/openssl/evp.h
 ts.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ts.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ts.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ts.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ts.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ts.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ts.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ts.o: ../include/openssl/symhacks.h ../include/openssl/ts.h
-ts.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ts.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ts.c
+ts.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+ts.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ts.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ts.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ts.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ts.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ts.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ts.o: ../include/openssl/ts.h ../include/openssl/txt_db.h
+ts.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ts.o: ../include/openssl/x509v3.h apps.h ts.c
 verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -919,14 +963,15 @@ verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 verify.o: ../include/openssl/err.h ../include/openssl/evp.h
 verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-verify.o: ../include/openssl/x509v3.h apps.h verify.c
+verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+verify.o: verify.c
 version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
 version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
@@ -937,13 +982,14 @@ version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 version.o: ../include/openssl/evp.h ../include/openssl/idea.h
 version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
 version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
-version.o: ../include/openssl/sha.h ../include/openssl/stack.h
-version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h
+version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
 version.o: version.c
 x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
@@ -953,11 +999,12 @@ x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
 x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
 x509.o: ../include/openssl/err.h ../include/openssl/evp.h
 x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
+x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+x509.o: ../include/openssl/x509v3.h apps.h x509.c
index 4b1127f..6786cbd 100644 (file)
@@ -182,7 +182,7 @@ extern BIO *bio_err;
                        do { CONF_modules_unload(1); destroy_ui_method(); \
                        OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
                        CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
-                       ERR_free_strings(); } while(0)
+                       ERR_free_strings(); COMP_zlib_cleanup();} while(0)
 #  else
 #    define apps_startup() \
                        do { do_pipe_sig(); CRYPTO_malloc_init(); \
diff --git a/apps/cms.c b/apps/cms.c
new file mode 100644 (file)
index 0000000..9fd0aa0
--- /dev/null
@@ -0,0 +1,927 @@
+/* apps/cms.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+
+#ifndef OPENSSL_NO_CMS
+
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+
+#undef PROG
+#define PROG cms_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int smime_cb(int ok, X509_STORE_CTX *ctx);
+
+#define SMIME_OP       0x10
+#define SMIME_IP       0x20
+#define SMIME_SIGNERS  0x40
+#define SMIME_ENCRYPT          (1 | SMIME_OP)
+#define SMIME_DECRYPT          (2 | SMIME_IP)
+#define SMIME_SIGN             (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY           (4 | SMIME_IP)
+#define SMIME_CMSOUT           (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN           (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_DATAOUT          (7 | SMIME_IP)
+#define SMIME_DATA_CREATE      (8 | SMIME_OP)
+#define SMIME_DIGEST_VERIFY    (9 | SMIME_IP)
+#define SMIME_DIGEST_CREATE    (10 | SMIME_OP)
+#define SMIME_UNCOMPRESS       (11 | SMIME_IP)
+#define SMIME_COMPRESS         (12 | SMIME_OP)
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+       {
+       ENGINE *e = NULL;
+       int operation = 0;
+       int ret = 0;
+       char **args;
+       const char *inmode = "r", *outmode = "w";
+       char *infile = NULL, *outfile = NULL;
+       char *signerfile = NULL, *recipfile = NULL;
+       STACK *sksigners = NULL, *skkeys = NULL;
+       char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+       const EVP_CIPHER *cipher = NULL;
+       CMS_ContentInfo *cms = NULL;
+       X509_STORE *store = NULL;
+       X509 *cert = NULL, *recip = NULL, *signer = NULL;
+       EVP_PKEY *key = NULL;
+       STACK_OF(X509) *encerts = NULL, *other = NULL;
+       BIO *in = NULL, *out = NULL, *indata = NULL;
+       int badarg = 0;
+       int flags = CMS_DETACHED;
+       char *to = NULL, *from = NULL, *subject = NULL;
+       char *CAfile = NULL, *CApath = NULL;
+       char *passargin = NULL, *passin = NULL;
+       char *inrand = NULL;
+       int need_rand = 0;
+       int indef = 0;
+       const EVP_MD *sign_md = NULL;
+       int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+        int keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
+       char *engine=NULL;
+#endif
+
+       X509_VERIFY_PARAM *vpm = NULL;
+
+       args = argv + 1;
+       ret = 1;
+
+       apps_startup();
+
+       if (bio_err == NULL)
+               {
+               if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+                       BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+               }
+
+       if (!load_config(bio_err, NULL))
+               goto end;
+
+       while (!badarg && *args && *args[0] == '-')
+               {
+               if (!strcmp (*args, "-encrypt"))
+                       operation = SMIME_ENCRYPT;
+               else if (!strcmp (*args, "-decrypt"))
+                       operation = SMIME_DECRYPT;
+               else if (!strcmp (*args, "-sign"))
+                       operation = SMIME_SIGN;
+               else if (!strcmp (*args, "-resign"))
+                       operation = SMIME_RESIGN;
+               else if (!strcmp (*args, "-verify"))
+                       operation = SMIME_VERIFY;
+               else if (!strcmp (*args, "-cmsout"))
+                       operation = SMIME_CMSOUT;
+               else if (!strcmp (*args, "-data_out"))
+                       operation = SMIME_DATAOUT;
+               else if (!strcmp (*args, "-data_create"))
+                       operation = SMIME_DATA_CREATE;
+               else if (!strcmp (*args, "-digest_verify"))
+                       operation = SMIME_DIGEST_VERIFY;
+               else if (!strcmp (*args, "-digest_create"))
+                       operation = SMIME_DIGEST_CREATE;
+               else if (!strcmp (*args, "-compress"))
+                       operation = SMIME_COMPRESS;
+               else if (!strcmp (*args, "-uncompress"))
+                       operation = SMIME_UNCOMPRESS;
+#ifndef OPENSSL_NO_DES
+               else if (!strcmp (*args, "-des3")) 
+                               cipher = EVP_des_ede3_cbc();
+               else if (!strcmp (*args, "-des")) 
+                               cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+               else if (!strcmp (*args, "-seed")) 
+                               cipher = EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+               else if (!strcmp (*args, "-rc2-40")) 
+                               cipher = EVP_rc2_40_cbc();
+               else if (!strcmp (*args, "-rc2-128")) 
+                               cipher = EVP_rc2_cbc();
+               else if (!strcmp (*args, "-rc2-64")) 
+                               cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+               else if (!strcmp(*args,"-aes128"))
+                               cipher = EVP_aes_128_cbc();
+               else if (!strcmp(*args,"-aes192"))
+                               cipher = EVP_aes_192_cbc();
+               else if (!strcmp(*args,"-aes256"))
+                               cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               else if (!strcmp(*args,"-camellia128"))
+                               cipher = EVP_camellia_128_cbc();
+               else if (!strcmp(*args,"-camellia192"))
+                               cipher = EVP_camellia_192_cbc();
+               else if (!strcmp(*args,"-camellia256"))
+                               cipher = EVP_camellia_256_cbc();
+#endif
+               else if (!strcmp (*args, "-text")) 
+                               flags |= CMS_TEXT;
+               else if (!strcmp (*args, "-nointern")) 
+                               flags |= CMS_NOINTERN;
+               else if (!strcmp (*args, "-noverify") 
+                       || !strcmp (*args, "-no_signer_cert_verify")) 
+                               flags |= CMS_NO_SIGNER_CERT_VERIFY;
+               else if (!strcmp (*args, "-nocerts")) 
+                               flags |= CMS_NOCERTS;
+               else if (!strcmp (*args, "-noattr")) 
+                               flags |= CMS_NOATTR;
+               else if (!strcmp (*args, "-nodetach")) 
+                               flags &= ~CMS_DETACHED;
+               else if (!strcmp (*args, "-nosmimecap"))
+                               flags |= CMS_NOSMIMECAP;
+               else if (!strcmp (*args, "-binary"))
+                               flags |= CMS_BINARY;
+               else if (!strcmp (*args, "-keyid"))
+                               flags |= CMS_USE_KEYID;
+               else if (!strcmp (*args, "-nosigs"))
+                               flags |= CMS_NOSIGS;
+               else if (!strcmp (*args, "-no_content_verify"))
+                               flags |= CMS_NO_CONTENT_VERIFY;
+               else if (!strcmp (*args, "-no_attr_verify"))
+                               flags |= CMS_NO_ATTR_VERIFY;
+               else if (!strcmp (*args, "-stream"))
+                               indef = 1;
+               else if (!strcmp (*args, "-indef"))
+                               indef = 1;
+               else if (!strcmp (*args, "-noindef"))
+                               indef = 0;
+               else if (!strcmp (*args, "-nooldmime"))
+                               flags |= CMS_NOOLDMIMETYPE;
+               else if (!strcmp (*args, "-crlfeol"))
+                               flags |= CMS_CRLFEOL;
+               else if (!strcmp(*args,"-rand"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       inrand = *args;
+                       need_rand = 1;
+                       }
+#ifndef OPENSSL_NO_ENGINE
+               else if (!strcmp(*args,"-engine"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       engine = *++args;
+                       }
+#endif
+               else if (!strcmp(*args,"-passin"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       passargin = *++args;
+                       }
+               else if (!strcmp (*args, "-to"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       to = *++args;
+                       }
+               else if (!strcmp (*args, "-from"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       from = *++args;
+                       }
+               else if (!strcmp (*args, "-subject"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       subject = *++args;
+                       }
+               else if (!strcmp (*args, "-signer"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       /* If previous -signer argument add signer to list */
+
+                       if (signerfile)
+                               {
+                               if (!sksigners)
+                                       sksigners = sk_new_null();
+                               sk_push(sksigners, signerfile);
+                               if (!keyfile)
+                                       keyfile = signerfile;
+                               if (!skkeys)
+                                       skkeys = sk_new_null();
+                               sk_push(skkeys, keyfile);
+                               keyfile = NULL;
+                               }
+                       signerfile = *++args;
+                       }
+               else if (!strcmp (*args, "-recip"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       recipfile = *++args;
+                       }
+               else if (!strcmp (*args, "-md"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       sign_md = EVP_get_digestbyname(*++args);
+                       if (sign_md == NULL)
+                               {
+                               BIO_printf(bio_err, "Unknown digest %s\n",
+                                                       *args);
+                               goto argerr;
+                               }
+                       }
+               else if (!strcmp (*args, "-inkey"))
+                       {
+                       if (!args[1])   
+                               goto argerr;
+                       /* If previous -inkey arument add signer to list */
+                       if (keyfile)
+                               {
+                               if (!signerfile)
+                                       {
+                                       BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                                       goto argerr;
+                                       }
+                               if (!sksigners)
+                                       sksigners = sk_new_null();
+                               sk_push(sksigners, signerfile);
+                               signerfile = NULL;
+                               if (!skkeys)
+                                       skkeys = sk_new_null();
+                               sk_push(skkeys, keyfile);
+                               }
+                       keyfile = *++args;
+                       }
+               else if (!strcmp (*args, "-keyform"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       keyform = str2fmt(*++args);
+                       }
+               else if (!strcmp (*args, "-certfile"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       certfile = *++args;
+                       }
+               else if (!strcmp (*args, "-CAfile"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       CAfile = *++args;
+                       }
+               else if (!strcmp (*args, "-CApath"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       CApath = *++args;
+                       }
+               else if (!strcmp (*args, "-in"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       infile = *++args;
+                       }
+               else if (!strcmp (*args, "-inform"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       informat = str2fmt(*++args);
+                       }
+               else if (!strcmp (*args, "-outform"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       outformat = str2fmt(*++args);
+                       }
+               else if (!strcmp (*args, "-out"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       outfile = *++args;
+                       }
+               else if (!strcmp (*args, "-content"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       contfile = *++args;
+                       }
+               else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+                       continue;
+               else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
+                       badarg = 1;
+               args++;
+               }
+
+       if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+               {
+               BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+               goto argerr;
+               }
+
+       if (operation & SMIME_SIGNERS)
+               {
+               /* Check to see if any final signer needs to be appended */
+               if (keyfile && !signerfile)
+                       {
+                       BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                       goto argerr;
+                       }
+               if (signerfile)
+                       {
+                       if (!sksigners)
+                               sksigners = sk_new_null();
+                       sk_push(sksigners, signerfile);
+                       if (!skkeys)
+                               skkeys = sk_new_null();
+                       if (!keyfile)
+                               keyfile = signerfile;
+                       sk_push(skkeys, keyfile);
+                       }
+               if (!sksigners)
+                       {
+                       BIO_printf(bio_err, "No signer certificate specified\n");
+                       badarg = 1;
+                       }
+               signerfile = NULL;
+               keyfile = NULL;
+               need_rand = 1;
+               }
+       else if (operation == SMIME_DECRYPT)
+               {
+               if (!recipfile && !keyfile)
+                       {
+                       BIO_printf(bio_err, "No recipient certificate or key specified\n");
+                       badarg = 1;
+                       }
+               }
+       else if (operation == SMIME_ENCRYPT)
+               {
+               if (!*args)
+                       {
+                       BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+                       badarg = 1;
+                       }
+               need_rand = 1;
+               }
+       else if (!operation)
+               badarg = 1;
+
+       if (badarg)
+               {
+               argerr:
+               BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
+               BIO_printf (bio_err, "where options are\n");
+               BIO_printf (bio_err, "-encrypt       encrypt message\n");
+               BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
+               BIO_printf (bio_err, "-sign          sign message\n");
+               BIO_printf (bio_err, "-verify        verify signed message\n");
+               BIO_printf (bio_err, "-cmsout        output CMS structure\n");
+#ifndef OPENSSL_NO_DES
+               BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
+               BIO_printf (bio_err, "-des           encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+               BIO_printf (bio_err, "-seed          encrypt with SEED\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+               BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
+               BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
+               BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+               BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+               BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+               BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
+#endif
+               BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
+               BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
+               BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
+               BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
+               BIO_printf (bio_err, "-nodetach      use opaque signing\n");
+               BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
+               BIO_printf (bio_err, "-binary        don't translate message to text\n");
+               BIO_printf (bio_err, "-certfile file other certificates file\n");
+               BIO_printf (bio_err, "-signer file   signer certificate file\n");
+               BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
+               BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
+               BIO_printf (bio_err, "-in file       input file\n");
+               BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+               BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+               BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
+               BIO_printf (bio_err, "-out file      output file\n");
+               BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
+               BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
+               BIO_printf (bio_err, "-to addr       to address\n");
+               BIO_printf (bio_err, "-from ad       from address\n");
+               BIO_printf (bio_err, "-subject s     subject\n");
+               BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+               BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+               BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+               BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+               BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
+               BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+#endif
+               BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
+               BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+               BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+               BIO_printf(bio_err,  "               the random number generator\n");
+               BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
+               goto end;
+               }
+
+#ifndef OPENSSL_NO_ENGINE
+        e = setup_engine(bio_err, engine, 0);
+#endif
+
+       if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+               {
+               BIO_printf(bio_err, "Error getting password\n");
+               goto end;
+               }
+
+       if (need_rand)
+               {
+               app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+               if (inrand != NULL)
+                       BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+                               app_RAND_load_files(inrand));
+               }
+
+       ret = 2;
+
+       if (!(operation & SMIME_SIGNERS))
+               flags &= ~CMS_DETACHED;
+
+       if (operation & SMIME_OP)
+               {
+               if (outformat == FORMAT_ASN1)
+                       outmode = "wb";
+               }
+       else
+               {
+               if (flags & CMS_BINARY)
+                       outmode = "wb";
+               }
+
+       if (operation & SMIME_IP)
+               {
+               if (informat == FORMAT_ASN1)
+                       inmode = "rb";
+               }
+       else
+               {
+               if (flags & CMS_BINARY)
+                       inmode = "rb";
+               }
+
+       if (operation == SMIME_ENCRYPT)
+               {
+               if (!cipher)
+                       {
+#ifndef OPENSSL_NO_RC2                 
+                       cipher = EVP_rc2_40_cbc();
+#else
+                       BIO_printf(bio_err, "No cipher selected\n");
+                       goto end;
+#endif
+                       }
+               encerts = sk_X509_new_null();
+               while (*args)
+                       {
+                       if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+                               NULL, e, "recipient certificate file")))
+                               {
+#if 0                          /* An appropriate message is already printed */
+                               BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+#endif
+                               goto end;
+                               }
+                       sk_X509_push(encerts, cert);
+                       cert = NULL;
+                       args++;
+                       }
+               }
+
+       if (certfile)
+               {
+               if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+                       e, "certificate file")))
+                       {
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               }
+
+       if (recipfile && (operation == SMIME_DECRYPT))
+               {
+               if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+                       e, "recipient certificate file")))
+                       {
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               }
+
+       if (operation == SMIME_DECRYPT)
+               {
+               if (!keyfile)
+                       keyfile = recipfile;
+               }
+       else if (operation == SMIME_SIGN)
+               {
+               if (!keyfile)
+                       keyfile = signerfile;
+               }
+       else keyfile = NULL;
+
+       if (keyfile)
+               {
+               key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+                              "signing key file");
+               if (!key)
+                       goto end;
+               }
+
+       if (infile)
+               {
+               if (!(in = BIO_new_file(infile, inmode)))
+                       {
+                       BIO_printf (bio_err,
+                                "Can't open input file %s\n", infile);
+                       goto end;
+                       }
+               }
+       else
+               in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+       if (operation & SMIME_IP)
+               {
+               if (informat == FORMAT_SMIME) 
+                       cms = SMIME_read_CMS(in, &indata);
+               else if (informat == FORMAT_PEM) 
+                       cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+               else if (informat == FORMAT_ASN1) 
+                       cms = d2i_CMS_bio(in, NULL);
+               else
+                       {
+                       BIO_printf(bio_err, "Bad input format for CMS file\n");
+                       goto end;
+                       }
+
+               if (!cms)
+                       {
+                       BIO_printf(bio_err, "Error reading S/MIME message\n");
+                       goto end;
+                       }
+               if (contfile)
+                       {
+                       BIO_free(indata);
+                       if (!(indata = BIO_new_file(contfile, "rb")))
+                               {
+                               BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                               goto end;
+                               }
+                       }
+               }
+
+       if (outfile)
+               {
+               if (!(out = BIO_new_file(outfile, outmode)))
+                       {
+                       BIO_printf (bio_err,
+                                "Can't open output file %s\n", outfile);
+                       goto end;
+                       }
+               }
+       else
+               {
+               out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+               {
+                   BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+                   out = BIO_push(tmpbio, out);
+               }
+#endif
+               }
+
+       if (operation == SMIME_VERIFY)
+               {
+               if (!(store = setup_verify(bio_err, CAfile, CApath)))
+                       goto end;
+               X509_STORE_set_verify_cb_func(store, smime_cb);
+               if (vpm)
+                       X509_STORE_set1_param(store, vpm);
+               }
+
+
+       ret = 3;
+
+       if (operation == SMIME_DATA_CREATE)
+               {
+               if (indef)
+                       flags |= CMS_STREAM;
+               cms = CMS_data_create(in, flags);
+               }
+       else if (operation == SMIME_DIGEST_CREATE)
+               {
+               if (indef)
+                       flags |= CMS_STREAM;
+               cms = CMS_digest_create(in, sign_md, flags);
+               }
+       else if (operation == SMIME_COMPRESS)
+               {
+               if (indef)
+                       flags |= CMS_STREAM;
+               cms = CMS_compress(in, -1, flags);
+               }
+       else if (operation == SMIME_ENCRYPT)
+               {
+               if (indef)
+                       flags |= CMS_STREAM;
+               cms = CMS_encrypt(encerts, in, cipher, flags);
+               }
+       else if (operation & SMIME_SIGNERS)
+               {
+               int i;
+               /* If detached data content we only enable streaming if
+                * S/MIME output format.
+                */
+               if (operation == SMIME_SIGN)
+                       {
+                       if (flags & CMS_DETACHED)
+                               {
+                               if (outformat == FORMAT_SMIME)
+                                       flags |= CMS_STREAM;
+                               }
+                       else if (indef)
+                               flags |= CMS_STREAM;
+                       flags |= CMS_PARTIAL;
+                       cms = CMS_sign(NULL, NULL, other, in, flags);
+                       if (!cms)
+                               goto end;
+                       }
+               else
+                       flags |= CMS_REUSE_DIGEST;
+               for (i = 0; i < sk_num(sksigners); i++)
+                       {
+                       signerfile = sk_value(sksigners, i);
+                       keyfile = sk_value(skkeys, i);
+                       signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
+                                       e, "signer certificate");
+                       if (!signer)
+                               goto end;
+                       key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+                              "signing key file");
+                       if (!key)
+                               goto end;
+                       if (!CMS_add1_signer(cms, signer, key, sign_md, flags))
+                               goto end;
+                       X509_free(signer);
+                       signer = NULL;
+                       EVP_PKEY_free(key);
+                       key = NULL;
+                       }
+               /* If not streaming or resigning finalize structure */
+               if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
+                       {
+                       if (!CMS_final(cms, in, flags))
+                               goto end;
+                       }
+               }
+
+       if (!cms)
+               {
+               BIO_printf(bio_err, "Error creating CMS structure\n");
+               goto end;
+               }
+
+       ret = 4;
+       if (operation == SMIME_DECRYPT)
+               {
+               if (!CMS_decrypt(cms, key, recip, out, flags))
+                       {
+                       BIO_printf(bio_err, "Error decrypting CMS structure\n");
+                       goto end;
+                       }
+               }
+       else if (operation == SMIME_DATAOUT)
+               {
+               if (!CMS_data(cms, out, flags))
+                       goto end;
+               }
+       else if (operation == SMIME_UNCOMPRESS)
+               {
+               if (!CMS_uncompress(cms, indata, out, flags))
+                       goto end;
+               }
+       else if (operation == SMIME_DIGEST_VERIFY)
+               {
+               if (CMS_digest_verify(cms, indata, out, flags) > 0)
+                       BIO_printf(bio_err, "Verification successful\n");
+               else
+                       {
+                       BIO_printf(bio_err, "Verification failure\n");
+                       goto end;
+                       }
+               }
+       else if (operation == SMIME_VERIFY)
+               {
+               if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+                       BIO_printf(bio_err, "Verification successful\n");
+               else
+                       {
+                       BIO_printf(bio_err, "Verification failure\n");
+                       goto end;
+                       }
+               if (signerfile)
+                       {
+                       STACK_OF(X509) *signers;
+                       signers = CMS_get0_signers(cms);
+                       if (!save_certs(signerfile, signers))
+                               {
+                               BIO_printf(bio_err,
+                                               "Error writing signers to %s\n",
+                                                               signerfile);
+                               ret = 5;
+                               goto end;
+                               }
+                       sk_X509_free(signers);
+                       }
+               }
+       else
+               {
+               if (outformat == FORMAT_SMIME) 
+                       {
+                       if (to)
+                               BIO_printf(out, "To: %s\n", to);
+                       if (from)
+                               BIO_printf(out, "From: %s\n", from);
+                       if (subject)
+                               BIO_printf(out, "Subject: %s\n", subject);
+                       if (operation == SMIME_RESIGN)
+                               ret = SMIME_write_CMS(out, cms, indata, flags);
+                       else
+                               ret = SMIME_write_CMS(out, cms, in, flags);
+                       }
+               else if (outformat == FORMAT_PEM) 
+                       ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
+               else if (outformat == FORMAT_ASN1) 
+                       ret = i2d_CMS_bio_stream(out,cms, in, flags);
+               else
+                       {
+                       BIO_printf(bio_err, "Bad output format for CMS file\n");
+                       goto end;
+                       }
+               if (ret <= 0)
+                       {
+                       ret = 6;
+                       goto end;
+                       }
+               }
+       ret = 0;
+end:
+       if (ret)
+               ERR_print_errors(bio_err);
+       if (need_rand)
+               app_RAND_write_file(NULL, bio_err);
+       sk_X509_pop_free(encerts, X509_free);
+       sk_X509_pop_free(other, X509_free);
+       if (vpm)
+               X509_VERIFY_PARAM_free(vpm);
+       if (sksigners)
+               sk_free(sksigners);
+       if (skkeys)
+               sk_free(skkeys);
+       X509_STORE_free(store);
+       X509_free(cert);
+       X509_free(recip);
+       X509_free(signer);
+       EVP_PKEY_free(key);
+       CMS_ContentInfo_free(cms);
+       BIO_free(in);
+       BIO_free(indata);
+       BIO_free_all(out);
+       if (passin) OPENSSL_free(passin);
+       return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+       {
+       int i;
+       BIO *tmp;
+       if (!signerfile)
+               return 1;
+       tmp = BIO_new_file(signerfile, "w");
+       if (!tmp) return 0;
+       for(i = 0; i < sk_X509_num(signers); i++)
+               PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+       BIO_free(tmp);
+       return 1;
+       }
+       
+
+/* Minimal callback just to output policy info (if any) */
+
+static int smime_cb(int ok, X509_STORE_CTX *ctx)
+       {
+       int error;
+
+       error = X509_STORE_CTX_get_error(ctx);
+
+       if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+               && ((error != X509_V_OK) || (ok != 2)))
+               return ok;
+
+       policies_print(NULL, ctx);
+
+       return ok;
+
+       }
+
+#endif
index 38ee24e..a64c654 100644 (file)
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 #include <openssl/pem.h>
+#include <openssl/comp.h>
 #include <ctype.h>
 
 int set_hex(char *in,unsigned char *out,int size);
@@ -116,6 +117,10 @@ int MAIN(int argc, char **argv)
        char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
        char *md=NULL;
        int enc=1,printkey=0,i,base64=0;
+#ifdef ZLIB
+       int do_zlib=0;
+       BIO *bzl = NULL;
+#endif
        int debug=0,olb64=0,nosalt=0;
        const EVP_CIPHER *cipher=NULL,*c;
        EVP_CIPHER_CTX *ctx = NULL;
@@ -141,9 +146,18 @@ int MAIN(int argc, char **argv)
        program_name(argv[0],pname,sizeof pname);
        if (strcmp(pname,"base64") == 0)
                base64=1;
+#ifdef ZLIB
+       if (strcmp(pname,"zlib") == 0)
+               do_zlib=1;
+#endif
 
        cipher=EVP_get_cipherbyname(pname);
+#ifdef ZLIB
+       if (!do_zlib && !base64 && (cipher == NULL)
+                               && (strcmp(pname,"enc") != 0))
+#else
        if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
+#endif
                {
                BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
                goto bad;
@@ -199,6 +213,10 @@ int MAIN(int argc, char **argv)
                        base64=1;
                else if (strcmp(*argv,"-base64") == 0)
                        base64=1;
+#ifdef ZLIB
+               else if (strcmp(*argv,"-z") == 0)
+                       do_zlib=1;
+#endif
                else if (strcmp(*argv,"-bufsize") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -448,6 +466,19 @@ bad:
        rbio=in;
        wbio=out;
 
+#ifdef ZLIB
+
+       if (do_zlib)
+               {
+               if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
+                       goto end;
+               if (enc)
+                       wbio=BIO_push(bzl,wbio);
+               else
+                       rbio=BIO_push(bzl,rbio);
+               }
+#endif
+
        if (base64)
                {
                if ((b64=BIO_new(BIO_f_base64())) == NULL)
@@ -641,6 +672,9 @@ end:
        if (out != NULL) BIO_free_all(out);
        if (benc != NULL) BIO_free(benc);
        if (b64 != NULL) BIO_free(b64);
+#ifdef ZLIB
+       if (bzl != NULL) BIO_free(bzl);
+#endif
        if(pass) OPENSSL_free(pass);
        apps_shutdown();
        OPENSSL_EXIT(ret);
index ba8ac5a..da7072c 100644 (file)
@@ -29,6 +29,7 @@ extern int speed_main(int argc,char *argv[]);
 extern int s_time_main(int argc,char *argv[]);
 extern int version_main(int argc,char *argv[]);
 extern int pkcs7_main(int argc,char *argv[]);
+extern int cms_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
@@ -118,6 +119,9 @@ FUNCTION functions[] = {
 #endif
        {FUNC_TYPE_GENERAL,"version",version_main},
        {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+       {FUNC_TYPE_GENERAL,"cms",cms_main},
+#endif
        {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
        {FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
 #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
@@ -198,6 +202,9 @@ FUNCTION functions[] = {
        {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
 #endif
        {FUNC_TYPE_CIPHER,"base64",enc_main},
+#ifdef ZLIB
+       {FUNC_TYPE_CIPHER,"zlib",enc_main},
+#endif
 #ifndef OPENSSL_NO_DES
        {FUNC_TYPE_CIPHER,"des",enc_main},
 #endif
index af0eaa3..af57760 100644 (file)
@@ -46,6 +46,8 @@ foreach (@ARGV)
                { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
        elsif ( ($_ =~ /^pkcs12$/))
                { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+       elsif ( ($_ =~ /^cms$/))
+               { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
        else
                { print $str; }
        }
@@ -63,7 +65,7 @@ foreach (
        "camellia-128-cbc", "camellia-128-ecb",
        "camellia-192-cbc", "camellia-192-ecb",
        "camellia-256-cbc", "camellia-256-ecb",
-       "base64",
+       "base64", "zlib",
        "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
        "rc2", "bf", "cast", "rc5",
        "des-ecb", "des-ede",    "des-ede3",
@@ -90,6 +92,7 @@ foreach (
        elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
        elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
        elsif ($_ =~ /rc5/)  { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
+       elsif ($_ =~ /zlib/)  { $t="#ifdef ZLIB\n${t}#endif\n"; }
        print $t;
        }
 
diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
new file mode 100644 (file)
index 0000000..ba62b55
--- /dev/null
@@ -0,0 +1,259 @@
+/* crypto/aes/aes_wrap.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/bio.h>
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+               unsigned char *out,
+               const unsigned char *in, unsigned int inlen)
+       {
+       unsigned char *A, B[16], *R;
+       unsigned int i, j, t;
+       if ((inlen & 0x7) || (inlen < 8))
+               return -1;
+       A = B;
+       t = 1;
+       memcpy(out + 8, in, inlen);
+       if (!iv)
+               iv = default_iv;
+
+       memcpy(A, iv, 8);
+
+       for (j = 0; j < 6; j++)
+               {
+               R = out + 8;
+               for (i = 0; i < inlen; i += 8, t++, R += 8)
+                       {
+                       memcpy(B + 8, R, 8);
+                       AES_encrypt(B, B, key);
+                       A[7] ^= (unsigned char)(t & 0xff);
+                       if (t > 0xff)   
+                               {
+                               A[6] ^= (unsigned char)((t & 0xff) >> 8);
+                               A[5] ^= (unsigned char)((t & 0xff) >> 16);
+                               A[4] ^= (unsigned char)((t & 0xff) >> 24);
+                               }
+                       memcpy(R, B + 8, 8);
+                       }
+               }
+       memcpy(out, A, 8);
+       return inlen + 8;
+       }
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+               unsigned char *out,
+               const unsigned char *in, unsigned int inlen)
+       {
+       unsigned char *A, B[16], *R;
+       unsigned int i, j, t;
+       inlen -= 8;
+       if (inlen & 0x7)
+               return -1;
+       if (inlen < 8)
+               return -1;
+       A = B;
+       t =  6 * (inlen >> 3);
+       memcpy(A, in, 8);
+       memcpy(out, in + 8, inlen);
+       for (j = 0; j < 6; j++)
+               {
+               R = out + inlen - 8;
+               for (i = 0; i < inlen; i += 8, t--, R -= 8)
+                       {
+                       A[7] ^= (unsigned char)(t & 0xff);
+                       if (t > 0xff)   
+                               {
+                               A[6] ^= (unsigned char)((t & 0xff) >> 8);
+                               A[5] ^= (unsigned char)((t & 0xff) >> 16);
+                               A[4] ^= (unsigned char)((t & 0xff) >> 24);
+                               }
+                       memcpy(B + 8, R, 8);
+                       AES_decrypt(B, B, key);
+                       memcpy(R, B + 8, 8);
+                       }
+               }
+       if (!iv)
+               iv = default_iv;
+       if (memcmp(A, iv, 8))
+               {
+               OPENSSL_cleanse(out, inlen);
+               return 0;
+               }
+       return inlen;
+       }
+
+#ifdef AES_WRAP_TEST
+
+int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
+                        const unsigned char *iv,
+                        const unsigned char *eout,
+                        const unsigned char *key, int keylen)
+       {
+       unsigned char *otmp = NULL, *ptmp = NULL;
+       int r, ret = 0;
+       AES_KEY wctx;
+       otmp = OPENSSL_malloc(keylen + 8);
+       ptmp = OPENSSL_malloc(keylen);
+       if (!otmp || !ptmp)
+               return 0;
+       if (AES_set_encrypt_key(kek, keybits, &wctx))
+               goto err;
+       r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+       if (r <= 0)
+               goto err;
+
+       if (eout && memcmp(eout, otmp, keylen))
+               goto err;
+               
+       if (AES_set_decrypt_key(kek, keybits, &wctx))
+               goto err;
+       r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+
+       if (memcmp(key, ptmp, keylen))
+               goto err;
+
+       ret = 1;
+
+       err:
+       if (otmp)
+               OPENSSL_free(otmp);
+       if (ptmp)
+               OPENSSL_free(ptmp);
+
+       return ret;
+
+       }
+
+
+
+int main(int argc, char **argv)
+{
+
+static const unsigned char kek[] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+static const unsigned char key[] = {
+  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+static const unsigned char default_iv[] = {
+  0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+static const unsigned char e1[] = {
+  0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
+  0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
+  0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
+};
+
+static const unsigned char e2[] = {
+  0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
+  0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
+  0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
+};
+
+static const unsigned char e3[] = {
+  0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
+  0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
+  0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
+};
+
+static const unsigned char e4[] = {
+  0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
+  0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
+  0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
+  0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
+};
+
+static const unsigned char e5[] = {
+  0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
+  0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
+  0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
+  0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
+};
+
+static const unsigned char e6[] = {
+  0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
+  0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
+  0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
+  0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
+  0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
+};
+
+       AES_KEY wctx, xctx;
+       int ret;
+       ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
+       fprintf(stderr, "Key test result %d\n", ret);
+       ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
+       fprintf(stderr, "Key test result %d\n", ret);
+}
+       
+       
+#endif
index 8ec745b..4b4da3d 100644 (file)
@@ -27,7 +27,7 @@ LIBSRC=       a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
        tasn_prn.c ameth_lib.c \
        f_int.c f_string.c n_pkey.c \
-       f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c \
+       f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c \
        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c \
        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
@@ -40,7 +40,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
        tasn_prn.o ameth_lib.o \
        f_int.o f_string.o n_pkey.o \
-       f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o \
+       f_enum.o x_pkey.o a_bool.o x_exten.o bio_asn1.o bio_ndef.o asn_mime.o \
        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_bytes.o a_strnid.o \
        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 
@@ -366,6 +366,20 @@ asn1_par.o: ../../include/openssl/opensslconf.h
 asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c
 asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
 asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@@ -394,16 +408,26 @@ bio_asn1.o: ../../include/openssl/opensslconf.h
 bio_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bio_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bio_asn1.o: ../../include/openssl/symhacks.h bio_asn1.c
+bio_ndef.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+bio_ndef.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_ndef.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ndef.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_ndef.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ndef.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_ndef.o: ../../include/openssl/symhacks.h bio_ndef.c
 d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-d2i_pr.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-d2i_pr.o: ../cryptlib.h asn1_locl.h d2i_pr.c
+d2i_pr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+d2i_pr.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h d2i_pr.c
 d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
@@ -447,13 +471,16 @@ f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
 i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-i2d_pr.o: ../cryptlib.h asn1_locl.h i2d_pr.c
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn1_locl.h i2d_pr.c
 i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
index 8acf945..6ab12a9 100644 (file)
@@ -158,7 +158,12 @@ extern "C" {
 #define MBSTRING_BMP           (MBSTRING_FLAG|2)
 #define MBSTRING_UNIV          (MBSTRING_FLAG|4)
 
+#define SMIME_OLDMIME          0x400
+#define SMIME_CRLFEOL          0x800
+#define SMIME_STREAM           0x1000
+
 struct X509_algor_st;
+DECLARE_STACK_OF(X509_ALGOR)
 
 #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
 #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
@@ -218,6 +223,13 @@ typedef struct asn1_object_st
  * be inserted in the memory buffer 
  */
 #define ASN1_STRING_FLAG_NDEF 0x010 
+
+/* This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been 
+ * accessed. The flag will be reset when content has been written to it.
+ */
+
+#define ASN1_STRING_FLAG_CONT 0x020 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
        {
@@ -939,6 +951,12 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
 
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
 
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+#define M_ASN1_free_of(x, type) \
+               ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
 #ifndef OPENSSL_NO_FP_API
 void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
 
@@ -1100,6 +1118,21 @@ void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
 
 BIO_METHOD *BIO_f_asn1(void);
 
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                               const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                               const char *hdr,
+                               const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                               int ctype_nid,
+                               STACK_OF(X509_ALGOR) *mdalgs,
+                               const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_asn1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1149,6 +1182,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_VERIFY                                 197
 #define ASN1_F_ASN1_MBSTRING_NCOPY                      122
 #define ASN1_F_ASN1_OBJECT_NEW                          123
+#define ASN1_F_ASN1_OUTPUT_DATA                                 214
 #define ASN1_F_ASN1_PACK_STRING                                 124
 #define ASN1_F_ASN1_PCTX_NEW                            205
 #define ASN1_F_ASN1_PKCS5_PBE_SET                       125
@@ -1168,6 +1202,9 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_UNPACK_STRING                       136
 #define ASN1_F_ASN1_UTCTIME_SET                                 187
 #define ASN1_F_ASN1_VERIFY                              137
+#define ASN1_F_B64_READ_ASN1                            209
+#define ASN1_F_B64_WRITE_ASN1                           210
+#define ASN1_F_BIO_NEW_NDEF                             208
 #define ASN1_F_BITSTR_CB                                180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED                    138
 #define ASN1_F_BN_TO_ASN1_INTEGER                       139
@@ -1196,6 +1233,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_X509                                         156
 #define ASN1_F_D2I_X509_CINF                            157
 #define ASN1_F_D2I_X509_PKEY                            159
+#define ASN1_F_I2D_ASN1_BIO_STREAM                      211
 #define ASN1_F_I2D_ASN1_SET                             188
 #define ASN1_F_I2D_ASN1_TIME                            160
 #define ASN1_F_I2D_DSA_PUBKEY                           161
@@ -1209,6 +1247,9 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_PARSE_TAGGING                            182
 #define ASN1_F_PKCS5_PBE2_SET_IV                        167
 #define ASN1_F_PKCS5_PBE_SET                            202
+#define ASN1_F_PKCS5_PBE_SET0_ALGOR                     215
+#define ASN1_F_SMIME_READ_ASN1                          212
+#define ASN1_F_SMIME_TEXT                               213
 #define ASN1_F_X509_CINF_NEW                            168
 #define ASN1_F_X509_CRL_ADD0_REVOKED                    169
 #define ASN1_F_X509_INFO_NEW                            170
@@ -1220,6 +1261,8 @@ void ERR_load_ASN1_strings(void);
 
 /* Reason codes. */
 #define ASN1_R_ADDING_OBJECT                            171
+#define ASN1_R_ASN1_PARSE_ERROR                                 203
+#define ASN1_R_ASN1_SIG_PARSE_ERROR                     204
 #define ASN1_R_AUX_ERROR                                100
 #define ASN1_R_BAD_CLASS                                101
 #define ASN1_R_BAD_OBJECT_HEADER                        102
@@ -1267,6 +1310,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG               128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH                         129
 #define ASN1_R_INVALID_DIGIT                            130
+#define ASN1_R_INVALID_MIME_TYPE                        205
 #define ASN1_R_INVALID_MODIFIER                                 186
 #define ASN1_R_INVALID_NUMBER                           187
 #define ASN1_R_INVALID_SEPARATOR                        131
@@ -1276,6 +1320,9 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_IV_TOO_LARGE                             135
 #define ASN1_R_LENGTH_ERROR                             136
 #define ASN1_R_LIST_ERROR                               188
+#define ASN1_R_MIME_NO_CONTENT_TYPE                     206
+#define ASN1_R_MIME_PARSE_ERROR                                 207
+#define ASN1_R_MIME_SIG_PARSE_ERROR                     208
 #define ASN1_R_MISSING_EOC                              137
 #define ASN1_R_MISSING_SECOND_NUMBER                    138
 #define ASN1_R_MISSING_VALUE                            189
@@ -1285,8 +1332,12 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_NON_HEX_CHARACTERS                       141
 #define ASN1_R_NOT_ASCII_FORMAT                                 190
 #define ASN1_R_NOT_ENOUGH_DATA                          142
+#define ASN1_R_NO_CONTENT_TYPE                          209
 #define ASN1_R_NO_DEFAULT_DIGEST                        201
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE                  143
+#define ASN1_R_NO_MULTIPART_BODY_FAILURE                210
+#define ASN1_R_NO_MULTIPART_BOUNDARY                    211
+#define ASN1_R_NO_SIG_CONTENT_TYPE                      212
 #define ASN1_R_NULL_IS_WRONG_LENGTH                     144
 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT                  191
 #define ASN1_R_ODD_NUMBER_OF_CHARS                      145
@@ -1296,6 +1347,8 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                         149
 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG             192
 #define ASN1_R_SHORT_LINE                               150
+#define ASN1_R_SIG_INVALID_MIME_TYPE                    213
+#define ASN1_R_STREAMING_NOT_SUPPORTED                  202
 #define ASN1_R_STRING_TOO_LONG                          151
 #define ASN1_R_STRING_TOO_SHORT                                 152
 #define ASN1_R_TAG_VALUE_TOO_HIGH                       153
index 480ed70..063d705 100644 (file)
@@ -110,6 +110,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),    "ASN1_item_verify"},
 {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),     "ASN1_OBJECT_new"},
+{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),    "ASN1_OUTPUT_DATA"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),    "ASN1_pack_string"},
 {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),       "ASN1_PCTX_new"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),  "ASN1_PKCS5_PBE_SET"},
@@ -129,6 +130,9 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),  "ASN1_unpack_string"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),    "ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+{ERR_FUNC(ASN1_F_B64_READ_ASN1),       "B64_READ_ASN1"},
+{ERR_FUNC(ASN1_F_B64_WRITE_ASN1),      "B64_WRITE_ASN1"},
+{ERR_FUNC(ASN1_F_BIO_NEW_NDEF),        "BIO_new_NDEF"},
 {ERR_FUNC(ASN1_F_BITSTR_CB),   "BITSTR_CB"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),       "BN_to_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),  "BN_to_ASN1_INTEGER"},
@@ -157,6 +161,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_X509),    "D2I_X509"},
 {ERR_FUNC(ASN1_F_D2I_X509_CINF),       "D2I_X509_CINF"},
 {ERR_FUNC(ASN1_F_D2I_X509_PKEY),       "d2i_X509_PKEY"},
+{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_SET),        "i2d_ASN1_SET"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_TIME),       "I2D_ASN1_TIME"},
 {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),      "i2d_DSA_PUBKEY"},
@@ -170,6 +175,9 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),       "PARSE_TAGGING"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),   "PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),       "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR),        "PKCS5_pbe_set0_algor"},
+{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),     "SMIME_read_asn1"},
+{ERR_FUNC(ASN1_F_SMIME_TEXT),  "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),       "X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),       "X509_CRL_add0_revoked"},
 {ERR_FUNC(ASN1_F_X509_INFO_NEW),       "X509_INFO_new"},
@@ -184,6 +192,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 static ERR_STRING_DATA ASN1_str_reasons[]=
        {
 {ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
+{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     ,"asn1 parse error"},
+{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
 {ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
 {ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
@@ -231,6 +241,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
 {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
 {ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
+{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
 {ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
 {ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
@@ -240,6 +251,9 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
 {ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
 {ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
+{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
+{ERR_REASON(ASN1_R_MIME_PARSE_ERROR)     ,"mime parse error"},
+{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
 {ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
 {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
 {ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},
@@ -249,8 +263,12 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
+{ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
 {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST)    ,"no default digest"},
 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
+{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
+{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE)  ,"no sig content type"},
 {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
 {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
 {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
@@ -260,6 +278,8 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
 {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
 {ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
+{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
+{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
 {ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
 {ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
 {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
index fff8030..edf2552 100644 (file)
@@ -169,6 +169,9 @@ extern "C" {
 #define ASN1_NDEF_SEQUENCE(tname) \
        ASN1_SEQUENCE(tname)
 
+#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+       ASN1_SEQUENCE_cb(tname, cb)
+
 #define ASN1_SEQUENCE_cb(tname, cb) \
        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
        ASN1_SEQUENCE(tname)
@@ -215,6 +218,18 @@ extern "C" {
                #stname \
        ASN1_ITEM_end(tname)
 
+#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+       ;\
+       ASN1_ITEM_start(tname) \
+               ASN1_ITYPE_NDEF_SEQUENCE,\
+               V_ASN1_SEQUENCE,\
+               tname##_seq_tt,\
+               sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+               &tname##_aux,\
+               sizeof(stname),\
+               #stname \
+       ASN1_ITEM_end(tname)
+
 
 /* This pair helps declare a CHOICE type. We can do:
  *
@@ -720,6 +735,16 @@ typedef struct ASN1_PRINT_ARG_st {
        const ASN1_PCTX *pctx;
 } ASN1_PRINT_ARG;
 
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+       /* BIO to stream through */
+       BIO *out;
+       /* BIO with filters appended */
+       BIO *ndef_bio;
+       /* Streaming I/O boundary */
+       unsigned char **boundary;
+} ASN1_STREAM_ARG;
+
 /* Flags in ASN1_AUX */
 
 /* Use a reference count */
@@ -741,6 +766,10 @@ typedef struct ASN1_PRINT_ARG_st {
 #define ASN1_OP_I2D_POST       7
 #define ASN1_OP_PRINT_PRE      8
 #define ASN1_OP_PRINT_POST     9
+#define ASN1_OP_STREAM_PRE     8
+#define ASN1_OP_STREAM_POST    9
+#define ASN1_OP_DETACHED_PRE   10
+#define ASN1_OP_DETACHED_POST  11
 
 /* Macro to implement a primitive type */
 #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
new file mode 100644 (file)
index 0000000..9148817
--- /dev/null
@@ -0,0 +1,938 @@
+/* asn_mime.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "asn1_locl.h"
+
+/* Generalised MIME like utilities for streaming ASN1. Although many
+ * have a PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name;                      /* Param name e.g. "micalg" */
+char *param_value;                     /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name;                            /* Name of line e.g. "content-type" */
+char *value;                           /* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params;          /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                       const ASN1_ITEM *it);
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                       const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                       const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+/* Output an ASN1 structure in BER format streaming if necessary */
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                               const ASN1_ITEM *it)
+       {
+       /* If streaming create stream BIO and copy all content through it */
+       if (flags & SMIME_STREAM)
+               {
+               BIO *bio, *tbio;
+               bio = BIO_new_NDEF(out, val, it);
+               if (!bio)
+                       {
+                       ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM,ERR_R_MALLOC_FAILURE);
+                       return 0;
+                       }
+               SMIME_crlf_copy(in, bio, flags);
+               (void)BIO_flush(bio);
+               /* Free up successive BIOs until we hit the old output BIO */
+               do
+                       {
+                       tbio = BIO_pop(bio);
+                       BIO_free(bio);
+                       bio = tbio;
+                       } while (bio != out);
+               }
+       /* else just write out ASN1 structure which will have all content
+        * stored internally
+        */
+       else
+               ASN1_item_i2d_bio(it, out, val);
+       return 1;
+       }
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                               const ASN1_ITEM *it)
+       {
+       BIO *b64;
+       int r;
+       b64 = BIO_new(BIO_f_base64());
+       if(!b64)
+               {
+               ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
+       /* prepend the b64 BIO so all data is base64 encoded.
+        */
+       out = BIO_push(b64, out);
+       r = i2d_ASN1_bio_stream(out, val, in, flags, it);
+       (void)BIO_flush(out);
+       BIO_pop(out);
+       BIO_free(b64);
+       return r;
+       }
+
+/* Streaming ASN1 PEM write */
+
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                               const char *hdr,
+                               const ASN1_ITEM *it)
+       {
+       int r;
+       BIO_printf(out, "-----BEGIN %s-----\n", hdr);
+       r = B64_write_ASN1(out, val, in, flags, it);
+       BIO_printf(out, "-----END %s-----\n", hdr);
+       return r;
+       }
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+       BIO *b64;
+       ASN1_VALUE *val;
+       if(!(b64 = BIO_new(BIO_f_base64()))) {
+               ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       bio = BIO_push(b64, bio);
+       val = ASN1_item_d2i_bio(it, bio, NULL);
+       if(!val)
+               ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
+       (void)BIO_flush(bio);
+       bio = BIO_pop(bio);
+       BIO_free(b64);
+       return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+       {
+       const EVP_MD *md;
+       int i, have_unknown = 0, write_comma, ret = 0, md_nid;
+       have_unknown = 0;
+       write_comma = 0;
+       for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
+               {
+               if (write_comma)
+                       BIO_write(out, ",", 1);
+               write_comma = 1;
+               md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+               md = EVP_get_digestbynid(md_nid);
+               if (md && md->md_ctrl)
+                       {
+                       int rv;
+                       char *micstr;
+                       rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
+                       if (rv > 0)
+                               {
+                               BIO_puts(out, micstr);
+                               OPENSSL_free(micstr);
+                               continue;
+                               }
+                       if (rv != -2)
+                               goto err;
+                       }
+               switch(md_nid)
+                       {
+                       case NID_sha1:
+                       BIO_puts(out, "sha1");
+                       break;
+
+                       case NID_md5:
+                       BIO_puts(out, "md5");
+                       break;
+
+                       case NID_sha256:
+                       BIO_puts(out, "sha-256");
+                       break;
+
+                       case NID_sha384:
+                       BIO_puts(out, "sha-384");
+                       break;
+
+                       case NID_sha512:
+                       BIO_puts(out, "sha-512");
+                       break;
+
+                       case NID_id_GostR3411_94:
+                       BIO_puts(out, "gostr3411-94");
+                               goto err;
+                       break;
+
+                       default:
+                       if (have_unknown)
+                               write_comma = 0;
+                       else
+                               {
+                               BIO_puts(out, "unknown");
+                               have_unknown = 1;
+                               }
+                       break;
+
+                       }
+               }
+
+       ret = 1;
+       err:
+
+       return ret;
+
+       }
+
+/* SMIME sender */
+
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                               int ctype_nid,
+                               STACK_OF(X509_ALGOR) *mdalgs,
+                               const ASN1_ITEM *it)
+{
+       char bound[33], c;
+       int i;
+       const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+       const char *msg_type=NULL;
+       if (flags & SMIME_OLDMIME)
+               mime_prefix = "application/x-pkcs7-";
+       else
+               mime_prefix = "application/pkcs7-";
+
+       if (flags & SMIME_CRLFEOL)
+               mime_eol = "\r\n";
+       else
+               mime_eol = "\n";
+       if((flags & SMIME_DETACHED) && data) {
+       /* We want multipart/signed */
+               /* Generate a random boundary */
+               RAND_pseudo_bytes((unsigned char *)bound, 32);
+               for(i = 0; i < 32; i++) {
+                       c = bound[i] & 0xf;
+                       if(c < 10) c += '0';
+                       else c += 'A' - 10;
+                       bound[i] = c;
+               }
+               bound[32] = 0;
+               BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+               BIO_printf(bio, "Content-Type: multipart/signed;");
+               BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+               BIO_puts(bio, " micalg=\"");
+               asn1_write_micalg(bio, mdalgs);
+               BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                                               bound, mime_eol, mime_eol);
+               BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                                               mime_eol, mime_eol);
+               /* Now write out the first part */
+               BIO_printf(bio, "------%s%s", bound, mime_eol);
+               if (!asn1_output_data(bio, data, val, flags, it))
+                       return 0;
+               BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+               /* Headers for signature */
+
+               BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
+               BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+               BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
+                                                               mime_eol);
+               BIO_printf(bio, "Content-Disposition: attachment;");
+               BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
+                                                       mime_eol, mime_eol);
+               B64_write_ASN1(bio, val, NULL, 0, it);
+               BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
+                                                       mime_eol, mime_eol);
+               return 1;
+       }
+
+       /* Determine smime-type header */
+
+       if (ctype_nid == NID_pkcs7_enveloped)
+               msg_type = "enveloped-data";
+       else if (ctype_nid == NID_pkcs7_signed)
+               {
+               if (sk_X509_ALGOR_num(mdalgs) >= 0)
+                       msg_type = "signed-data";
+               else
+                       msg_type = "certs-only";
+               }
+       else if (ctype_nid == NID_id_smime_ct_compressedData)
+               {
+               msg_type = "compressed-data";
+               cname = "smime.p7z";
+               }
+       /* MIME headers */
+       BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+       BIO_printf(bio, "Content-Disposition: attachment;");
+       BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+       BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+       if (msg_type)
+               BIO_printf(bio, " smime-type=%s;", msg_type);
+       BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+       BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+                                               mime_eol, mime_eol);
+       if (!B64_write_ASN1(bio, val, data, flags, it))
+               return 0;
+       BIO_printf(bio, "%s", mime_eol);
+       return 1;
+}
+
+/* Handle output of ASN1 data */
+
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                                       const ASN1_ITEM *it)
+       {
+       BIO *tmpbio;
+       const ASN1_AUX *aux = it->funcs;
+       ASN1_STREAM_ARG sarg;
+
+       if (!(flags & SMIME_DETACHED))
+               {
+               SMIME_crlf_copy(data, out, flags);
+               return 1;
+               }
+
+       if (!aux || !aux->asn1_cb)
+               {
+               ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
+                                       ASN1_R_STREAMING_NOT_SUPPORTED);
+               return 0;
+               }
+
+       sarg.out = out;
+       sarg.ndef_bio = NULL;
+       sarg.boundary = NULL;
+
+       /* Let ASN1 code prepend any needed BIOs */
+
+       if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+               return 0;
+
+       /* Copy data across, passing through filter BIOs for processing */
+       SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+       /* Finalize structure */
+       if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+               return 0;
+
+       /* Now remove any digests prepended to the BIO */
+
+       while (sarg.ndef_bio != out)
+               {
+               tmpbio = BIO_pop(sarg.ndef_bio);
+               BIO_free(sarg.ndef_bio);
+               sarg.ndef_bio = tmpbio;
+               }
+
+       return 1;
+
+       }
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_asn1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+       BIO *asnin;
+       STACK_OF(MIME_HEADER) *headers = NULL;
+       STACK_OF(BIO) *parts = NULL;
+       MIME_HEADER *hdr;
+       MIME_PARAM *prm;
+       ASN1_VALUE *val;
+       int ret;
+
+       if(bcont) *bcont = NULL;
+
+       if (!(headers = mime_parse_hdr(bio))) {
+               ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
+               return NULL;
+       }
+
+       if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+               return NULL;
+       }
+
+       /* Handle multipart/signed */
+
+       if(!strcmp(hdr->value, "multipart/signed")) {
+               /* Split into two parts */
+               prm = mime_param_find(hdr, "boundary");
+               if(!prm || !prm->param_value) {
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                       ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+                       return NULL;
+               }
+               ret = multi_split(bio, prm->param_value, &parts);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               if(!ret || (sk_BIO_num(parts) != 2) ) {
+                       ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+
+               /* Parse the signature piece */
+               asnin = sk_BIO_value(parts, 1);
+
+               if (!(headers = mime_parse_hdr(asnin))) {
+                       ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+
+               /* Get content type */
+
+               if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+                                                                !hdr->value) {
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                       ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+                       return NULL;
+               }
+
+               if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+                       strcmp(hdr->value, "application/pkcs7-signature")) {
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                       ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
+                       ERR_add_error_data(2, "type: ", hdr->value);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               /* Read in ASN1 */
+               if(!(val = b64_read_asn1(asnin, it))) {
+                       ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
+                       sk_BIO_pop_free(parts, BIO_vfree);
+                       return NULL;
+               }
+
+               if(bcont) {
+                       *bcont = sk_BIO_value(parts, 0);
+                       BIO_free(asnin);
+                       sk_BIO_free(parts);
+               } else sk_BIO_pop_free(parts, BIO_vfree);
+               return val;
+       }
+               
+       /* OK, if not multipart/signed try opaque signature */
+
+       if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+           strcmp (hdr->value, "application/pkcs7-mime")) {
+               ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
+               ERR_add_error_data(2, "type: ", hdr->value);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               return NULL;
+       }
+
+       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+       
+       if(!(val = b64_read_asn1(bio, it))) {
+               ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+               return NULL;
+       }
+       return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+       BIO *bf;
+       char eol;
+       int len;
+       char linebuf[MAX_SMLEN];
+       /* Buffer output so we don't write one line at a time. This is
+        * useful when streaming as we don't end up with one OCTET STRING
+        * per line.
+        */
+       bf = BIO_new(BIO_f_buffer());
+       if (!bf)
+               return 0;
+       out = BIO_push(bf, out);
+       if(flags & SMIME_BINARY)
+               {
+               while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+                                               BIO_write(out, linebuf, len);
+               }
+       else
+               {
+               if(flags & SMIME_TEXT)
+                       BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+               while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
+                       {
+                       eol = strip_eol(linebuf, &len);
+                       if (len)
+                               BIO_write(out, linebuf, len);
+                       if(eol) BIO_write(out, "\r\n", 2);
+                       }
+               }
+       (void)BIO_flush(out);
+       BIO_pop(out);
+       BIO_free(bf);
+       return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+       char iobuf[4096];
+       int len;
+       STACK_OF(MIME_HEADER) *headers;
+       MIME_HEADER *hdr;
+
+       if (!(headers = mime_parse_hdr(in))) {
+               ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
+               return 0;
+       }
+       if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+               ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               return 0;
+       }
+       if (strcmp (hdr->value, "text/plain")) {
+               ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
+               ERR_add_error_data(2, "type: ", hdr->value);
+               sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+               return 0;
+       }
+       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+       while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+                                               BIO_write(out, iobuf, len);
+       return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+       char linebuf[MAX_SMLEN];
+       int len, blen;
+       int eol = 0, next_eol = 0;
+       BIO *bpart = NULL;
+       STACK_OF(BIO) *parts;
+       char state, part, first;
+
+       blen = strlen(bound);
+       part = 0;
+       state = 0;
+       first = 1;
+       parts = sk_BIO_new_null();
+       *ret = parts;
+       while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+               state = mime_bound_check(linebuf, len, bound, blen);
+               if(state == 1) {
+                       first = 1;
+                       part++;
+               } else if(state == 2) {
+                       sk_BIO_push(parts, bpart);
+                       return 1;
+               } else if(part) {
+                       /* Strip CR+LF from linebuf */
+                       next_eol = strip_eol(linebuf, &len);
+                       if(first) {
+                               first = 0;
+                               if(bpart) sk_BIO_push(parts, bpart);
+                               bpart = BIO_new(BIO_s_mem());
+                               BIO_set_mem_eof_return(bpart, 0);
+                       } else if (eol)
+                               BIO_write(bpart, "\r\n", 2);
+                       eol = next_eol;
+                       if (len)
+                               BIO_write(bpart, linebuf, len);
+               }
+       }
+       return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID   0
+#define MIME_START     1
+#define MIME_TYPE      2
+#define MIME_NAME      3
+#define MIME_VALUE     4
+#define MIME_QUOTE     5
+#define MIME_COMMENT   6
+
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+       char *p, *q, c;
+       char *ntmp;
+       char linebuf[MAX_SMLEN];
+       MIME_HEADER *mhdr = NULL;
+       STACK_OF(MIME_HEADER) *headers;
+       int len, state, save_state = 0;
+
+       headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+       while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+       /* If whitespace at line start then continuation line */
+       if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+       else state = MIME_START;
+       ntmp = NULL;
+       /* Go through all characters */
+       for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+       /* State machine to handle MIME headers
+        * if this looks horrible that's because it *is*
+         */
+
+               switch(state) {
+                       case MIME_START:
+                       if(c == ':') {
+                               state = MIME_TYPE;
+                               *p = 0;
+                               ntmp = strip_ends(q);
+                               q = p + 1;
+                       }
+                       break;
+
+                       case MIME_TYPE:
+                       if(c == ';') {
+                               mime_debug("Found End Value\n");
+                               *p = 0;
+                               mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                               sk_MIME_HEADER_push(headers, mhdr);
+                               ntmp = NULL;
+                               q = p + 1;
+                               state = MIME_NAME;
+                       } else if(c == '(') {
+                               save_state = state;
+                               state = MIME_COMMENT;
+                       }
+                       break;
+
+                       case MIME_COMMENT:
+                       if(c == ')') {
+                               state = save_state;
+                       }
+                       break;
+
+                       case MIME_NAME:
+                       if(c == '=') {
+                               state = MIME_VALUE;
+                               *p = 0;
+                               ntmp = strip_ends(q);
+                               q = p + 1;
+                       }
+                       break ;
+
+                       case MIME_VALUE:
+                       if(c == ';') {
+                               state = MIME_NAME;
+                               *p = 0;
+                               mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                               ntmp = NULL;
+                               q = p + 1;
+                       } else if (c == '"') {
+                               mime_debug("Found Quote\n");
+                               state = MIME_QUOTE;
+                       } else if(c == '(') {
+                               save_state = state;
+                               state = MIME_COMMENT;
+                       }
+                       break;
+
+                       case MIME_QUOTE:
+                       if(c == '"') {
+                               mime_debug("Found Match Quote\n");
+                               state = MIME_VALUE;
+                       }
+                       break;
+               }
+       }
+
+       if(state == MIME_TYPE) {
+               mhdr = mime_hdr_new(ntmp, strip_ends(q));
+               sk_MIME_HEADER_push(headers, mhdr);
+       } else if(state == MIME_VALUE)
+                        mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+       if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+       return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+       char *p, c;
+       /* Look for first non white space or quote */
+       for(p = name; (c = *p) ;p++) {
+               if(c == '"') {
+                       /* Next char is start of string if non null */
+                       if(p[1]) return p + 1;
+                       /* Else null string */
+                       return NULL;
+               }
+               if(!isspace((unsigned char)c)) return p;
+       }
+       return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+       char *p, c;
+       if(!name) return NULL;
+       /* Look for first non white space or quote */
+       for(p = name + strlen(name) - 1; p >= name ;p--) {
+               c = *p;
+               if(c == '"') {
+                       if(p - 1 == name) return NULL;
+                       *p = 0;
+                       return name;
+               }
+               if(isspace((unsigned char)c)) *p = 0;   
+               else return name;
+       }
+       return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+       MIME_HEADER *mhdr;
+       char *tmpname, *tmpval, *p;
+       int c;
+       if(name) {
+               if(!(tmpname = BUF_strdup(name))) return NULL;
+               for(p = tmpname ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpname = NULL;
+       if(value) {
+               if(!(tmpval = BUF_strdup(value))) return NULL;
+               for(p = tmpval ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpval = NULL;
+       mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
+       if(!mhdr) return NULL;
+       mhdr->name = tmpname;
+       mhdr->value = tmpval;
+       if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
+       return mhdr;
+}
+               
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+       char *tmpname, *tmpval, *p;
+       int c;
+       MIME_PARAM *mparam;
+       if(name) {
+               tmpname = BUF_strdup(name);
+               if(!tmpname) return 0;
+               for(p = tmpname ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpname = NULL;
+       if(value) {
+               tmpval = BUF_strdup(value);
+               if(!tmpval) return 0;
+       } else tmpval = NULL;
+       /* Parameter values are case sensitive so leave as is */
+       mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
+       if(!mparam) return 0;
+       mparam->param_name = tmpname;
+       mparam->param_value = tmpval;
+       sk_MIME_PARAM_push(mhdr->params, mparam);
+       return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+                       const MIME_HEADER * const *b)
+{
+       return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM * const *a,
+                       const MIME_PARAM * const *b)
+{
+       return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+       MIME_HEADER htmp;
+       int idx;
+       htmp.name = name;
+       idx = sk_MIME_HEADER_find(hdrs, &htmp);
+       if(idx < 0) return NULL;
+       return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+       MIME_PARAM param;
+       int idx;
+       param.param_name = name;
+       idx = sk_MIME_PARAM_find(hdr->params, &param);
+       if(idx < 0) return NULL;
+       return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+       if(hdr->name) OPENSSL_free(hdr->name);
+       if(hdr->value) OPENSSL_free(hdr->value);
+       if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+       OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+       if(param->param_name) OPENSSL_free(param->param_name);
+       if(param->param_value) OPENSSL_free(param->param_value);
+       OPENSSL_free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+       if(linelen == -1) linelen = strlen(line);
+       if(blen == -1) blen = strlen(bound);
+       /* Quickly eliminate if line length too short */
+       if(blen + 2 > linelen) return 0;
+       /* Check for part boundary */
+       if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+               if(!strncmp(line + blen + 2, "--", 2)) return 2;
+               else return 1;
+       }
+       return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+       {
+       int len = *plen;
+       char *p, c;
+       int is_eol = 0;
+       p = linebuf + len - 1;
+       for (p = linebuf + len - 1; len > 0; len--, p--)
+               {
+               c = *p;
+               if (c == '\n')
+                       is_eol = 1;
+               else if (c != '\r')
+                       break;
+               }
+       *plen = len;
+       return is_eol;
+       }
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
new file mode 100644 (file)
index 0000000..9607480
--- /dev/null
@@ -0,0 +1,246 @@
+/* bio_ndef.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#ifndef OPENSSL_SYSNAME_NETWARE
+#include <memory.h>
+#endif
+#include <stdio.h>
+
+/* Experimental NDEF ASN1 BIO support routines */
+
+/* The usage is quite simple, initialize an ASN1 structure,
+ * get a BIO from it then any data written through the BIO
+ * will end up translated to approptiate format on the fly.
+ * The data is streamed out and does *not* need to be
+ * all held in memory at once.
+ *
+ * When the BIO is flushed the output is finalized and any
+ * signatures etc written out.
+ *
+ * The BIO is a 'proper' BIO and can handle non blocking I/O
+ * correctly.
+ *
+ * The usage is simple. The implementation is *not*...
+ */
+
+/* BIO support data stored in the ASN1 BIO ex_arg */
+
+typedef struct ndef_aux_st
+       {
+       /* ASN1 structure this BIO refers to */
+       ASN1_VALUE *val;
+       const ASN1_ITEM *it;
+       /* Top of the BIO chain */
+       BIO *ndef_bio;
+       /* Output BIO */
+       BIO *out;
+       /* Boundary where content is inserted */
+       unsigned char **boundary;
+       /* DER buffer start */
+       unsigned char *derbuf;
+       } NDEF_SUPPORT;
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+       {
+       NDEF_SUPPORT *ndef_aux = NULL;
+       BIO *asn_bio = NULL;
+       const ASN1_AUX *aux = it->funcs;
+       ASN1_STREAM_ARG sarg;
+
+       if (!aux && !aux->asn1_cb)
+               {
+               ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+               return NULL;
+               }
+       ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT));
+       asn_bio = BIO_new(BIO_f_asn1());
+
+       /* ASN1 bio needs to be next to output BIO */
+
+       out = BIO_push(asn_bio, out);
+
+       if (!ndef_aux || !asn_bio || !out)
+               goto err;
+
+       BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+       BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+
+       /* Now let callback prepend any digest, cipher etc BIOs
+        * ASN1 structure needs.
+        */
+
+       sarg.out = out;
+       sarg.ndef_bio = NULL;
+       sarg.boundary = NULL;
+
+       if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+               goto err;
+
+       ndef_aux->val = val;
+       ndef_aux->it = it;
+       ndef_aux->ndef_bio = sarg.ndef_bio;
+       ndef_aux->boundary = sarg.boundary;
+       ndef_aux->out = out;
+
+       BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+
+       return sarg.ndef_bio;
+
+       err:
+       if (asn_bio)
+               BIO_free(asn_bio);
+       if (ndef_aux)
+               OPENSSL_free(ndef_aux);
+       return NULL;
+       }
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+       {
+       NDEF_SUPPORT *ndef_aux;
+       unsigned char *p;
+       int derlen;
+
+       if (!parg)
+               return 0;
+
+       ndef_aux = *(NDEF_SUPPORT **)parg;
+
+       derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+       p = OPENSSL_malloc(derlen);
+       ndef_aux->derbuf = p;
+       *pbuf = p;
+       derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+       if (!*ndef_aux->boundary)
+               return 0;
+
+       *plen = *ndef_aux->boundary - *pbuf;
+
+       return 1;
+       }
+
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+       {
+       NDEF_SUPPORT *ndef_aux;
+
+       if (!parg)
+               return 0;
+
+       ndef_aux = *(NDEF_SUPPORT **)parg;
+
+       if (ndef_aux->derbuf)
+               OPENSSL_free(ndef_aux->derbuf);
+
+       ndef_aux->derbuf = NULL;
+       *pbuf = NULL;
+       *plen = 0;
+       return 1;
+       }
+
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+       {
+       NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
+       if (!ndef_prefix_free(b, pbuf, plen, parg))
+               return 0;
+       OPENSSL_free(*pndef_aux);
+       *pndef_aux = NULL;
+       return 1;
+       }
+
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+       {
+       NDEF_SUPPORT *ndef_aux;
+       unsigned char *p;
+       int derlen;
+       const ASN1_AUX *aux;
+       ASN1_STREAM_ARG sarg;
+
+       if (!parg)
+               return 0;
+
+       ndef_aux = *(NDEF_SUPPORT **)parg;
+
+       aux = ndef_aux->it->funcs;
+
+       /* Finalize structures */
+       sarg.ndef_bio = ndef_aux->ndef_bio;
+       sarg.out = ndef_aux->out;
+       sarg.boundary = ndef_aux->boundary;
+       if (aux->asn1_cb(ASN1_OP_STREAM_POST,
+                               &ndef_aux->val, ndef_aux->it, &sarg) <= 0)
+               return 0;
+
+       derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+       p = OPENSSL_malloc(derlen);
+       ndef_aux->derbuf = p;
+       *pbuf = p;
+       derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+       if (!*ndef_aux->boundary)
+               return 0;
+       *pbuf = *ndef_aux->boundary;
+       *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
+
+       return 1;
+       }
index f3355e7..1982012 100644 (file)
@@ -71,61 +71,78 @@ ASN1_SEQUENCE(PBEPARAM) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
 
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
-            int saltlen)
-{
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                               const unsigned char *salt, int saltlen)
+       {
        PBEPARAM *pbe=NULL;
-       ASN1_OBJECT *al;
-       X509_ALGOR *algor;
-       ASN1_TYPE *astype=NULL;
+       ASN1_STRING *pbe_str=NULL;
+       unsigned char *sstr;
 
-       if (!(pbe = PBEPARAM_new ())) {
-               ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+       pbe = PBEPARAM_new();
+       if (!pbe)
+               {
+               ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-       }
-       if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
-       if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-               ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+               }
+       if(iter <= 0)
+               iter = PKCS5_DEFAULT_ITER;
+       if (!ASN1_INTEGER_set(pbe->iter, iter))
+               {
+               ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-       }
-       if (!saltlen) saltlen = PKCS5_SALT_LEN;
-       if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
-               ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+               }
+       if (!saltlen)
+               saltlen = PKCS5_SALT_LEN;
+       if (!ASN1_STRING_set(pbe->salt, NULL, saltlen))
+               {
+               ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-       }
-       pbe->salt->length = saltlen;
-       if (salt) memcpy (pbe->salt->data, salt, saltlen);
-       else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+               }
+       sstr = ASN1_STRING_data(pbe->salt);
+       if (salt)
+               memcpy(sstr, salt, saltlen);
+       else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
                goto err;
 
-       if (!(astype = ASN1_TYPE_new())) {
-               ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+       if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str))
+               {
+               ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
                goto err;
-       }
+               }
 
-       astype->type = V_ASN1_SEQUENCE;
-       if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM),
-                               &astype->value.sequence)) {
-               ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-               goto err;
-       }
-       PBEPARAM_free (pbe);
+       PBEPARAM_free(pbe);
        pbe = NULL;
-       
-       al = OBJ_nid2obj(alg); /* never need to free al */
-       if (!(algor = X509_ALGOR_new())) {
-               ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-               goto err;
-       }
-       ASN1_OBJECT_free(algor->algorithm);
-       algor->algorithm = al;
-       algor->parameter = astype;
 
-       return (algor);
+       if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+               return 1;
+
 err:
-       if (pbe != NULL) PBEPARAM_free(pbe);
-       if (astype != NULL) ASN1_TYPE_free(astype);
+       if (pbe != NULL)
+               PBEPARAM_free(pbe);
+       if (pbe_str != NULL)
+               ASN1_STRING_free(pbe_str);
+       return 0;
+       }
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                               const unsigned char *salt, int saltlen)
+       {
+       X509_ALGOR *ret;
+       ret = X509_ALGOR_new();
+       if (!ret)
+               {
+               ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+               return NULL;
+               }
+
+       if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 
+               return ret;
+
+       X509_ALGOR_free(ret);
        return NULL;
-}
+       }
index bd6a8d6..33533ab 100644 (file)
@@ -66,7 +66,12 @@ ASN1_SEQUENCE(X509_ALGOR) = {
        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
 
+ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
 IMPLEMENT_STACK_OF(X509_ALGOR)
index 4eade95..ea5323d 100644 (file)
@@ -96,6 +96,7 @@ extern "C" {
 #define BIO_TYPE_LINEBUFFER    (20|0x0200)             /* filter */
 #define BIO_TYPE_DGRAM         (21|0x0400|0x0100)
 #define BIO_TYPE_ASN1          (22|0x0200)             /* filter */
+#define BIO_TYPE_COMP          (23|0x0200)             /* filter */
 
 #define BIO_TYPE_DESCRIPTOR    0x0100  /* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER                0x0200
diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile
new file mode 100644 (file)
index 0000000..fdca7fe
--- /dev/null
@@ -0,0 +1,132 @@
+#
+# OpenSSL/crypto/cms/Makefile
+#
+
+DIR=   cms
+TOP=   ../..
+CC=    cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=      Makefile
+AR=            ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+       cms_sd.c cms_dd.c cms_cd.c cms_env.c
+LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
+       cms_sd.o cms_dd.o cms_cd.o cms_env.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  cms.h
+HEADER=        cms_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+       (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:   lib
+
+lib:   $(LIBOBJ)
+       $(AR) $(LIB) $(LIBOBJ)
+       $(RANLIB) $(LIB) || echo Never mind.
+       @touch lib
+
+files:
+       $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+       @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+       @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+       @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+       @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+       @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+       do  \
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+
+tags:
+       ctags $(SRC)
+
+tests:
+
+lint:
+       lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+       @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+       $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+       mv -f Makefile.new $(MAKEFILE)
+
+clean:
+       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+cms_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_asn1.o: ../../include/openssl/x509_vfy.h cms.h cms_asn1.c cms_lcl.h
+cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_att.o: cms.h cms_att.c cms_lcl.h
+cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+cms_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_lib.o: ../../include/openssl/x509_vfy.h cms.h cms_lcl.h cms_lib.c
+cms_sd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_sd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h cms.h
+cms_sd.o: cms_lcl.h cms_sd.c
diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
new file mode 100644 (file)
index 0000000..2f45f57
--- /dev/null
@@ -0,0 +1,324 @@
+/* crypto/cms/cms.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+
+#ifndef HEADER_CMS_H
+#define HEADER_CMS_H
+
+#include <openssl/x509.h>
+
+#ifdef OPENSSL_NO_CMS
+#error CMS is disabled.
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+
+DECLARE_STACK_OF(CMS_SignerInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+#define CMS_SIGNERINFO_ISSUER_SERIAL   0
+#define CMS_SIGNERINFO_KEYIDENTIFIER   1
+
+/* S/MIME related flags */
+
+#define CMS_TEXT                       0x1
+#define CMS_NOCERTS                    0x2
+#define CMS_NO_CONTENT_VERIFY          0x4
+#define CMS_NO_ATTR_VERIFY             0x8
+#define CMS_NOSIGS                     \
+                       (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+#define CMS_NOINTERN                   0x10
+#define CMS_NO_SIGNER_CERT_VERIFY      0x20
+#define CMS_NOVERIFY                   0x20
+#define CMS_DETACHED                   0x40
+#define CMS_BINARY                     0x80
+#define CMS_NOATTR                     0x100
+#define        CMS_NOSMIMECAP                  0x200
+#define CMS_NOOLDMIMETYPE              0x400
+#define CMS_CRLFEOL                    0x800
+#define CMS_STREAM                     0x1000
+#define CMS_NOCRL                      0x2000
+#define CMS_PARTIAL                    0x4000
+#define CMS_REUSE_DIGEST               0x8000
+#define CMS_USE_KEYID                  0x10000
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+CMS_ContentInfo *CMS_Data_Create(void);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+#ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+#endif
+
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                               BIO *data, unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                                                       unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                                       unsigned int flags);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                               const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *data,
+                               unsigned int flags);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                                                       unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                       X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                       unsigned int flags);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                                       unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+                                       X509_ALGOR **pdig, X509_ALGOR **psig);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                               int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CMS_strings(void);
+
+/* Error codes for the CMS functions. */
+
+/* Function codes. */
+#define CMS_F_CMS_ADD1_RECIPIENT_CERT                   99
+#define CMS_F_CMS_ADD1_SIGNER                           100
+#define CMS_F_CMS_ADD1_SIGNINGTIME                      101
+#define CMS_F_CMS_COMPRESS                              102
+#define CMS_F_CMS_COMPRESSEDDATA_CREATE                         103
+#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO               104
+#define CMS_F_CMS_COPY_CONTENT                          105
+#define CMS_F_CMS_COPY_MESSAGEDIGEST                    106
+#define CMS_F_CMS_DATA                                  107
+#define CMS_F_CMS_DATAFINAL                             108
+#define CMS_F_CMS_DATAINIT                              109
+#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX              110
+#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO              111
+#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                         112
+#define CMS_F_CMS_DIGEST_VERIFY                                 113
+#define CMS_F_CMS_ENVELOPED_DATA_INIT                   114
+#define CMS_F_CMS_FINAL                                         115
+#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES              116
+#define CMS_F_CMS_GET0_CONTENT                          117
+#define CMS_F_CMS_GET0_ECONTENT_TYPE                    118
+#define CMS_F_CMS_GET0_ENVELOPED                        119
+#define CMS_F_CMS_GET0_REVOCATION_CHOICES               120
+#define CMS_F_CMS_GET0_SIGNED                           121
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP           122
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS          123
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID     124
+#define CMS_F_CMS_SET1_SIGNERIDENTIFIER                         125
+#define CMS_F_CMS_SET_DETACHED                          126
+#define CMS_F_CMS_SIGN                                  127
+#define CMS_F_CMS_SIGNED_DATA_INIT                      128
+#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN               129
+#define CMS_F_CMS_SIGNERINFO_SIGN                       130
+#define CMS_F_CMS_SIGNERINFO_VERIFY                     131
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                132
+#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT             133
+#define CMS_F_CMS_STREAM                                134
+#define CMS_F_CMS_UNCOMPRESS                            135
+#define CMS_F_CMS_VERIFY                                136
+
+/* Reason codes. */
+#define CMS_R_ADD_SIGNER_ERROR                          99
+#define CMS_R_CERTIFICATE_VERIFY_ERROR                  100
+#define CMS_R_CMS_DATAFINAL_ERROR                       101
+#define CMS_R_CONTENT_NOT_FOUND                                 102
+#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA          103
+#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA           104
+#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA              105
+#define CMS_R_CONTENT_VERIFY_ERROR                      106
+#define CMS_R_CTRL_ERROR                                107
+#define CMS_R_CTRL_FAILURE                              108
+#define CMS_R_ERROR_GETTING_PUBLIC_KEY                  109
+#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE     110
+#define CMS_R_MD_BIO_INIT_ERROR                                 111
+#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH      112
+#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                113
+#define CMS_R_NOT_KEY_TRANSPORT                                 114
+#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE           115
+#define CMS_R_NO_CONTENT                                116
+#define CMS_R_NO_DEFAULT_DIGEST                                 117
+#define CMS_R_NO_DIGEST_SET                             118
+#define CMS_R_NO_MATCHING_DIGEST                        119
+#define CMS_R_NO_PRIVATE_KEY                            120
+#define CMS_R_NO_PUBLIC_KEY                             121
+#define CMS_R_NO_SIGNERS                                122
+#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    123
+#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND              124
+#define CMS_R_SIGNFINAL_ERROR                           125
+#define CMS_R_SMIME_TEXT_ERROR                          126
+#define CMS_R_STORE_INIT_ERROR                          127
+#define CMS_R_TYPE_NOT_COMPRESSED_DATA                  128
+#define CMS_R_TYPE_NOT_DATA                             129
+#define CMS_R_TYPE_NOT_DIGESTED_DATA                    130
+#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                131
+#define CMS_R_UNKNOWN_DIGEST_ALGORIHM                   132
+#define CMS_R_UNKNOWN_ID                                133
+#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM                 134
+#define CMS_R_UNSUPPORTED_CONTENT_TYPE                  135
+#define CMS_R_UNSUPPORTED_TYPE                          136
+#define CMS_R_VERIFICATION_FAILURE                      137
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
new file mode 100644 (file)
index 0000000..60ea339
--- /dev/null
@@ -0,0 +1,328 @@
+/* crypto/cms/cms_asn1.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+
+ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
+       ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+       ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
+
+ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
+       ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+       ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+
+ASN1_CHOICE(CMS_CertificateChoices) = {
+       ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+       ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+       ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+       ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+       ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+} ASN1_CHOICE_END(CMS_CertificateChoices)
+
+ASN1_CHOICE(CMS_SignerIdentifier) = {
+       ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+       ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+} ASN1_CHOICE_END(CMS_SignerIdentifier)
+
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
+       ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+       ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                       void *exarg)
+{
+       if(operation == ASN1_OP_FREE_POST) {
+               CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
+               if (si->pkey)
+                       EVP_PKEY_free(si->pkey);
+               if (si->signer)
+                       X509_free(si->signer);
+       }
+       return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+       ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+       ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+       ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+       ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+       ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+       ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
+
+ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
+       ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+       ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+
+ASN1_CHOICE(CMS_RevocationInfoChoice) = {
+       ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+       ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
+
+ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+       ASN1_SIMPLE(CMS_SignedData, version, LONG),
+       ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+       ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+       ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+
+ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+       ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+       ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+       ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+       ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+
+ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
+       ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+       ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
+
+ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
+       ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+       ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+       ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
+
+ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
+  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+
+ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
+       ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+       ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
+
+ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
+
+ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
+  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+
+ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
+       ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+       ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+       ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+       ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
+
+ASN1_SEQUENCE(CMS_KEKIdentifier) = {
+       ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+       ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+       ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+
+ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
+
+ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
+       ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+       ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+       ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
+  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+
+ASN1_CHOICE(CMS_RecipientInfo) = {
+       ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+       ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+       ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+       ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+       ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+} ASN1_CHOICE_END(CMS_RecipientInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
+       ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+       ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+       ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+       ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
+
+ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
+       ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+       ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+       ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
+       ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+       ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
+
+ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
+       ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+       ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+       ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+       ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+       ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+       ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+       ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+       ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+       ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+
+ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
+       ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+       ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+       ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+
+/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
+
+ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(CMS_ContentInfo) = {
+       ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+       ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+       ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+       ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+       ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+       ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+       ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
+
+/* CMS streaming support */
+static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                                       void *exarg)
+{
+       ASN1_STREAM_ARG *sarg = exarg;
+       CMS_ContentInfo *cms;
+       if (pval)
+               cms = (CMS_ContentInfo *)*pval;
+       switch(operation)
+               {
+
+               case ASN1_OP_STREAM_PRE:
+               if (CMS_stream(&sarg->boundary, cms) <= 0)
+                       return 0;
+               case ASN1_OP_DETACHED_PRE:
+               sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
+               if (!sarg->ndef_bio)
+                       return 0;
+               break;
+
+               case ASN1_OP_STREAM_POST:
+               case ASN1_OP_DETACHED_POST:
+               if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
+                       return 0;
+               break;
+
+               }
+       return 1;
+}
+
+ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
+       ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+       ASN1_ADB_OBJECT(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
+
+/* Specials for signed attributes */
+
+/* When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
+
+/* When verifying attributes we need to use the received order. So 
+ * we use SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 
+       ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                               V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
+
diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
new file mode 100644 (file)
index 0000000..5b71722
--- /dev/null
@@ -0,0 +1,195 @@
+/* crypto/cms/cms_att.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+/* CMS SignedData Attribute utilities */
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+{
+       return X509at_get_attr_count(si->signedAttrs);
+}
+
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos)
+{
+       return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
+}
+
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos)
+{
+       return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+{
+       return X509at_get_attr(si->signedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+{
+       return X509at_delete_attr(si->signedAttrs, loc);
+}
+
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+       if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
+       return 0;
+}
+
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type)
+{
+       return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
+}
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+{
+       return X509at_get_attr_count(si->unsignedAttrs);
+}
+
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                         int lastpos)
+{
+       return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
+}
+
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+                         int lastpos)
+{
+       return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+{
+       return X509at_get_attr(si->unsignedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+{
+       return X509at_delete_attr(si->unsignedAttrs, loc);
+}
+
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+       if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
+       return 0;
+}
+
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                       const ASN1_OBJECT *obj, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                       int nid, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                       const char *attrname, int type,
+                       const void *bytes, int len)
+{
+       if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+                               type, bytes, len)) return 1;
+       return 0;
+}
+
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                       int lastpos, int type)
+{
+       return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
+}
+
+/* Specific attribute cases */
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
new file mode 100644 (file)
index 0000000..5baa54a
--- /dev/null
@@ -0,0 +1,135 @@
+/* crypto/cms/cms_cd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include "cms_lcl.h"
+#include "asn1_locl.h"
+
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
+#ifdef ZLIB
+
+/* CMS CompressedData Utilities */
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+       {
+       CMS_ContentInfo *cms;
+       CMS_CompressedData *cd;
+       /* Will need something cleverer if there is ever more than one
+        * compression algorithm or parameters have some meaning...
+        */
+       if (comp_nid != NID_zlib_compression)
+               {
+               CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
+                               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+               return NULL;
+               }
+       cms = CMS_ContentInfo_new();
+       if (!cms)
+               return NULL;
+
+       cd = M_ASN1_new_of(CMS_CompressedData);
+
+       if (!cd)
+               goto err;
+
+       cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
+       cms->d.compressedData = cd;
+
+       cd->version = 0;
+
+       X509_ALGOR_set0(cd->compressionAlgorithm,
+                       OBJ_nid2obj(NID_zlib_compression),
+                       V_ASN1_UNDEF, NULL);
+
+       cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+       return cms;
+
+       err:
+
+       if (cms)
+               CMS_ContentInfo_free(cms);
+
+       return NULL;
+       }
+
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+       {
+       CMS_CompressedData *cd;
+       ASN1_OBJECT *compoid;
+       if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
+               {
+               CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+                               CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+               return NULL;
+               }
+       cd = cms->d.compressedData;
+       X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
+       if (OBJ_obj2nid(compoid) != NID_zlib_compression)
+               {
+               CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+                               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+               return NULL;
+               }
+       return BIO_new(BIO_f_zlib());
+       }
+
+#endif
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
new file mode 100644 (file)
index 0000000..ec7689d
--- /dev/null
@@ -0,0 +1,151 @@
+/* crypto/cms/cms_dd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+#include "asn1_locl.h"
+
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+
+/* CMS DigestedData Utilities */
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+       {
+       CMS_ContentInfo *cms;
+       CMS_DigestedData *dd;
+       cms = CMS_ContentInfo_new();
+       if (!cms)
+               return NULL;
+
+       dd = M_ASN1_new_of(CMS_DigestedData);
+
+       if (!dd)
+               goto err;
+
+       cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
+       cms->d.digestedData = dd;
+
+       dd->version = 0;
+       dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+       cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
+
+       return cms;
+
+       err:
+
+       if (cms)
+               CMS_ContentInfo_free(cms);
+
+       return NULL;
+       }
+
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+       {
+       CMS_DigestedData *dd;
+       if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_digest)
+               return NULL;
+       dd = cms->d.digestedData;
+       return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
+       }
+
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+       {
+       EVP_MD_CTX mctx;
+       unsigned char md[EVP_MAX_MD_SIZE];
+       unsigned int mdlen;
+       int r = 0;
+       CMS_DigestedData *dd;
+       EVP_MD_CTX_init(&mctx);
+
+       dd = cms->d.digestedData;
+
+       if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
+               goto err;
+
+       if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
+               goto err;
+
+       if (verify)
+               {
+               if (mdlen != dd->digest->length)
+                       {
+                       CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                               CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+                       goto err;
+                       }
+
+               if (memcmp(md, dd->digest->data, mdlen))
+                       CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                               CMS_R_VERIFICATION_FAILURE);
+               else
+                       r = 1;
+               }
+       else
+               {
+               if (!ASN1_STRING_set(dd->digest, md, mdlen))
+                       goto err;
+               r = 1;
+               }
+
+       err:
+       EVP_MD_CTX_cleanup(&mctx);
+
+       return r;
+
+       }
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
new file mode 100644 (file)
index 0000000..2381985
--- /dev/null
@@ -0,0 +1,253 @@
+/* crypto/cms/cms_env.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+#include "asn1_locl.h"
+
+/* CMS EnvelopedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+
+#if 0
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_EnvelopedData)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_RecipientInfo)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_KeyTransRecipientInfo)
+#endif
+
+DECLARE_STACK_OF(CMS_RecipientInfo)
+
+static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+       {
+       if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
+               {
+               CMSerr(CMS_F_CMS_GET0_ENVELOPED,
+                               CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+               return NULL;
+               }
+       return cms->d.envelopedData;
+       }
+
+static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+       {
+       if (cms->d.other == NULL)
+               {
+               cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
+               if (!cms->d.envelopedData)
+                       {
+                       CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
+                                                       ERR_R_MALLOC_FAILURE);
+                       return NULL;
+                       }
+               cms->d.envelopedData->version = 0;
+               cms->d.envelopedData->encryptedContentInfo->contentType =
+                                               OBJ_nid2obj(NID_pkcs7_data);
+               ASN1_OBJECT_free(cms->contentType);
+               cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
+               return cms->d.envelopedData;
+               }
+       return cms_get0_enveloped(cms);
+       }
+
+/* Add a recipient certificate. For now only handle key transport.
+ * If we ever handle key agreement will need updating.
+ */
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                       X509 *recip, unsigned int flags)
+       {
+       CMS_RecipientInfo *ri = NULL;
+       CMS_KeyTransRecipientInfo *ktri;
+       CMS_EnvelopedData *env;
+       EVP_PKEY *pk = NULL;
+       int i, type;
+       /* Init enveloped data */
+       env = cms_enveloped_data_init(cms);
+       if (!env)
+               goto err;
+
+       /* Initialized recipient info */
+       ri = M_ASN1_new_of(CMS_RecipientInfo);
+       if (!ri)
+               goto merr;
+
+       /* Initialize and add key transrport recipient info */
+
+       ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
+       if (!ri->d.ktri)
+               goto merr;
+       ri->type = CMS_RECIPINFO_TRANS;
+
+       ktri = ri->d.ktri;
+
+       X509_check_purpose(recip, -1, -1);
+       pk = X509_get_pubkey(recip);
+       if (!pk)
+               {
+               CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                               CMS_R_ERROR_GETTING_PUBLIC_KEY);
+               goto err;
+               }
+       CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
+       CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+       ktri->pkey = pk;
+       ktri->recip = recip;
+
+       if (flags & CMS_USE_KEYID)
+               {
+               ktri->version = 2;
+               type = CMS_RECIPINFO_KEYIDENTIFIER;
+               }
+       else
+               {
+               ktri->version = 0;
+               type = CMS_RECIPINFO_ISSUER_SERIAL;
+               }
+
+       /* Not a typo: RecipientIdentifier and SignerIdentifier are the
+        * same structure.
+        */
+
+       if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
+               goto err;
+
+       if (pk->ameth && pk->ameth->pkey_ctrl)
+               {
+               i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
+                                               0, ri);
+               if (i == -2)
+                       {
+                       CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                       goto err;
+                       }
+               if (i <= 0)
+                       {
+                       CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+                               CMS_R_CTRL_FAILURE);
+                       goto err;
+                       }
+               }
+
+       if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+               goto merr;
+
+       return ri;
+
+       merr:
+       CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
+       err:
+       if (ri)
+               M_ASN1_free_of(ri, CMS_RecipientInfo);
+       return NULL;
+
+       }
+
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                       EVP_PKEY **pk, X509 **recip,
+                                       X509_ALGOR **palg)
+       {
+       CMS_KeyTransRecipientInfo *ktri;
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return 0;
+               }
+
+       ktri = ri->d.ktri;
+
+       if (pk)
+               *pk = ktri->pkey;
+       if (recip)
+               *recip = ktri->recip;
+       if (palg)
+               *palg = ktri->keyEncryptionAlgorithm;
+       return 1;
+       }
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno)
+       {
+       CMS_KeyTransRecipientInfo *ktri;
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return 0;
+               }
+
+       return cms_SignerIdentifier_get0_signer_id(ktri->rid,
+                                                       keyid, issuer, sno);
+       }
+
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+       {
+       CMS_KeyTransRecipientInfo *ktri;
+       if (ri->type != CMS_RECIPINFO_TRANS)
+               {
+               CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
+                       CMS_R_NOT_KEY_TRANSPORT);
+               return 0;
+               }
+
+       return cms_SignerIdentifier_cert_cmp(ktri->rid, cert);
+       }
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
new file mode 100644 (file)
index 0000000..a2c7c1b
--- /dev/null
@@ -0,0 +1,170 @@
+/* crypto/cms/cms_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
+
+static ERR_STRING_DATA CMS_str_functs[]=
+       {
+{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),      "CMS_ADD1_RECIPIENT_CERT"},
+{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),      "CMS_add1_signer"},
+{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
+{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
+{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE),    "CMS_COMPRESSEDDATA_CREATE"},
+{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),  "CMS_COMPRESSEDDATA_INIT_BIO"},
+{ERR_FUNC(CMS_F_CMS_COPY_CONTENT),     "CMS_COPY_CONTENT"},
+{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST),       "CMS_COPY_MESSAGEDIGEST"},
+{ERR_FUNC(CMS_F_CMS_DATA),     "CMS_data"},
+{ERR_FUNC(CMS_F_CMS_DATAFINAL),        "CMS_dataFinal"},
+{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
+{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "CMS_DIGESTALGORITHM_FIND_CTX"},
+{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "CMS_DIGESTALGORITHM_INIT_BIO"},
+{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL),    "CMS_DIGESTEDDATA_DO_FINAL"},
+{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY),    "CMS_digest_verify"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT),      "CMS_ENVELOPED_DATA_INIT"},
+{ERR_FUNC(CMS_F_CMS_FINAL),    "CMS_final"},
+{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
+{ERR_FUNC(CMS_F_CMS_GET0_CONTENT),     "CMS_get0_content"},
+{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE),       "CMS_GET0_ECONTENT_TYPE"},
+{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),   "CMS_GET0_ENVELOPED"},
+{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),  "CMS_GET0_REVOCATION_CHOICES"},
+{ERR_FUNC(CMS_F_CMS_GET0_SIGNED),      "CMS_GET0_SIGNED"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),      "CMS_RECIPIENTINFO_KTRI_CERT_CMP"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),     "CMS_RECIPIENTINFO_KTRI_GET0_ALGS"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),        "CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID"},
+{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER),    "CMS_SET1_SIGNERIDENTIFIER"},
+{ERR_FUNC(CMS_F_CMS_SET_DETACHED),     "CMS_set_detached"},
+{ERR_FUNC(CMS_F_CMS_SIGN),     "CMS_sign"},
+{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),  "CMS_SIGNERINFO_CONTENT_SIGN"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN),  "CMS_SignerInfo_sign"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY),        "CMS_SignerInfo_verify"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),   "CMS_SIGNERINFO_VERIFY_CERT"},
+{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),        "CMS_SignerInfo_verify_content"},
+{ERR_FUNC(CMS_F_CMS_STREAM),   "CMS_stream"},
+{ERR_FUNC(CMS_F_CMS_UNCOMPRESS),       "CMS_uncompress"},
+{ERR_FUNC(CMS_F_CMS_VERIFY),   "CMS_verify"},
+{0,NULL}
+       };
+
+static ERR_STRING_DATA CMS_str_reasons[]=
+       {
+{ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},
+{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
+{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR)   ,"cms datafinal error"},
+{ERR_REASON(CMS_R_CONTENT_NOT_FOUND)     ,"content not found"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
+{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
+{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR)  ,"content verify error"},
+{ERR_REASON(CMS_R_CTRL_ERROR)            ,"ctrl error"},
+{ERR_REASON(CMS_R_CTRL_FAILURE)          ,"ctrl failure"},
+{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
+{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
+{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR)     ,"md bio init error"},
+{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
+{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
+{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT)     ,"not key transport"},
+{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
+{ERR_REASON(CMS_R_NO_CONTENT)            ,"no content"},
+{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST)     ,"no default digest"},
+{ERR_REASON(CMS_R_NO_DIGEST_SET)         ,"no digest set"},
+{ERR_REASON(CMS_R_NO_MATCHING_DIGEST)    ,"no matching digest"},
+{ERR_REASON(CMS_R_NO_PRIVATE_KEY)        ,"no private key"},
+{ERR_REASON(CMS_R_NO_PUBLIC_KEY)         ,"no public key"},
+{ERR_REASON(CMS_R_NO_SIGNERS)            ,"no signers"},
+{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
+{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
+{ERR_REASON(CMS_R_SIGNFINAL_ERROR)       ,"signfinal error"},
+{ERR_REASON(CMS_R_SMIME_TEXT_ERROR)      ,"smime text error"},
+{ERR_REASON(CMS_R_STORE_INIT_ERROR)      ,"store init error"},
+{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
+{ERR_REASON(CMS_R_TYPE_NOT_DATA)         ,"type not data"},
+{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
+{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
+{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
+{ERR_REASON(CMS_R_UNKNOWN_ID)            ,"unknown id"},
+{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
+{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_TYPE)      ,"unsupported type"},
+{ERR_REASON(CMS_R_VERIFICATION_FAILURE)  ,"verification failure"},
+{0,NULL}
+       };
+
+#endif
+
+void ERR_load_CMS_strings(void)
+       {
+#ifndef OPENSSL_NO_ERR
+
+       if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
+               {
+               ERR_load_strings(0,CMS_str_functs);
+               ERR_load_strings(0,CMS_str_reasons);
+               }
+#endif
+       }
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
new file mode 100644 (file)
index 0000000..1bb60b8
--- /dev/null
@@ -0,0 +1,146 @@
+/* crypto/cms/cms_io.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+       {
+       ASN1_OCTET_STRING **pos;
+       pos = CMS_get0_content(cms);
+       if (!pos)
+               return 0;
+       if (!*pos)
+               *pos = ASN1_OCTET_STRING_new();
+       if (*pos)
+               {
+               (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+               (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+               *boundary = &(*pos)->data;
+               return 1;
+               }
+       CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+       return 0;
+       }
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+       {
+       return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+       }
+
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+       {
+       return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+       }
+
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+
+#if 0
+/* Streaming encode support for CMS */
+
+static BIO *cmsbio_init(ASN1_VALUE *val, BIO *out)
+       {
+       return CMS_dataInit((CMS_ContentInfo *)val, out);
+       }
+
+static int cmsbio_final(ASN1_VALUE *val, BIO *cmsbio)
+       {
+       return CMS_dataFinal((CMS_ContentInfo *)val, cmsbio);
+       }
+#endif
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) 
+       {
+       return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
+                               ASN1_ITEM_rptr(CMS_ContentInfo));
+       }
+
+/* CMS wrappers round generalised stream and MIME routines */
+
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+       {
+       return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+                                       ASN1_ITEM_rptr(CMS_ContentInfo));
+       }
+
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+       {
+       return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
+                                       "CMS",
+                                       ASN1_ITEM_rptr(CMS_ContentInfo));
+       }
+
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+       {
+       STACK_OF(X509_ALGOR) *mdalgs;
+       int ctype_nid = OBJ_obj2nid(cms->contentType);
+       if (ctype_nid == NID_pkcs7_signed)
+               mdalgs = cms->d.signedData->digestAlgorithms;
+       else
+               mdalgs = NULL;
+
+       return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+                                       ctype_nid, mdalgs,
+                                       ASN1_ITEM_rptr(CMS_ContentInfo));       
+       }
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+       {
+       return (CMS_ContentInfo *)SMIME_read_asn1(bio, bcont,
+                                       ASN1_ITEM_rptr(CMS_ContentInfo));
+       }
+
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
new file mode 100644 (file)
index 0000000..864dade
--- /dev/null
@@ -0,0 +1,415 @@
+/* crypto/cms/cms_lcl.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CMS_LCL_H
+#define HEADER_CMS_LCL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <openssl/x509.h>
+
+/* Cryptographic message syntax (CMS) structures: taken
+ * from RFC3852
+ */
+
+/* Forward references */
+
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+
+struct CMS_ContentInfo_st
+       {
+       ASN1_OBJECT *contentType;
+       union   {
+               ASN1_OCTET_STRING *data;
+               CMS_SignedData *signedData;
+               CMS_EnvelopedData *envelopedData;
+               CMS_DigestedData *digestedData;
+               CMS_EncryptedData *encryptedData;
+               CMS_AuthenticatedData *authenticatedData;
+               CMS_CompressedData *compressedData;
+               ASN1_TYPE *other;
+               /* Other types ... */
+               void *otherData;
+               } d;
+       };
+
+struct CMS_SignedData_st
+       {
+       long version;
+       STACK_OF(X509_ALGOR) *digestAlgorithms;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       STACK_OF(CMS_CertificateChoices) *certificates;
+       STACK_OF(CMS_RevocationInfoChoice) *crls;
+       STACK_OF(CMS_SignerInfo) *signerInfos;
+       };
+struct CMS_EncapsulatedContentInfo_st
+       {
+       ASN1_OBJECT *eContentType;
+       ASN1_OCTET_STRING *eContent;
+       };
+
+struct CMS_SignerInfo_st
+       {
+       long version;
+       CMS_SignerIdentifier *sid;
+       X509_ALGOR *digestAlgorithm;
+       STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+       X509_ALGOR *signatureAlgorithm;
+       ASN1_OCTET_STRING *signature;
+       STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+       /* Signing certificate and key */
+       X509 *signer;
+       EVP_PKEY *pkey;
+       };
+
+struct CMS_SignerIdentifier_st
+       {
+       int type;
+       union   {
+               CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+               ASN1_OCTET_STRING *subjectKeyIdentifier;
+               } d;
+       };
+
+struct CMS_EnvelopedData_st
+       {
+       long version;
+       CMS_OriginatorInfo *originatorInfo;
+       STACK_OF(CMS_RecipientInfo) *recipientInfos;
+       CMS_EncryptedContentInfo *encryptedContentInfo;
+       STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+       };
+
+struct CMS_OriginatorInfo_st
+       {
+       STACK_OF(CMS_CertificateChoices) *certificates;
+       STACK_OF(CMS_RevocationInfoChoice) *crls;
+       };
+
+struct CMS_EncryptedContentInfo_st
+       {
+       ASN1_OBJECT *contentType;
+       X509_ALGOR *contentEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedContent;
+       };
+
+struct CMS_RecipientInfo_st
+       {
+       int type;
+       union   {
+               CMS_KeyTransRecipientInfo *ktri;
+               CMS_KeyAgreeRecipientInfo *kari;
+               CMS_KEKRecipientInfo *kekri;
+               CMS_PasswordRecipientInfo *pwri;
+               CMS_OtherRecipientInfo *ori;
+               } d;
+       };
+
+#define CMS_RECIPINFO_TRANS            0
+#define CMS_RECIPINFO_AGREE            1
+#define CMS_RECIPINFO_KEK              2
+#define CMS_RECIPINFO_PASS             3
+#define CMS_RECIPINFO_OTHER            4
+
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+
+struct CMS_KeyTransRecipientInfo_st
+       {
+       long version;
+       CMS_RecipientIdentifier *rid;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedKey;
+       /* Recipient Key and cert */
+       X509 *recip;
+       EVP_PKEY *pkey;
+       };
+
+struct CMS_KeyAgreeRecipientInfo_st
+       {
+       long version;
+       CMS_OriginatorIdentifierOrKey *originator;
+       ASN1_OCTET_STRING *ukm;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+       };
+
+struct CMS_OriginatorIdentifierOrKey_st
+       {
+       int type;
+       union   {
+               CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+               ASN1_OCTET_STRING *subjectKeyIdentifier;
+               CMS_OriginatorPublicKey *originatorKey;
+               } d;
+       };
+
+struct CMS_OriginatorPublicKey_st
+       {
+       X509_ALGOR *algorithm;
+       ASN1_BIT_STRING *publicKey;
+       };
+
+struct CMS_RecipientEncryptedKey_st
+       {
+       CMS_KeyAgreeRecipientIdentifier *rid;
+       ASN1_OCTET_STRING *encryptedKey;
+       };
+
+struct CMS_KeyAgreeRecipientIdentifier_st
+       {
+       int type;
+       union   {
+               CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+               CMS_RecipientKeyIdentifier *rKeyId;
+               } d;
+       };
+
+struct CMS_RecipientKeyIdentifier_st
+       {
+       ASN1_OCTET_STRING *subjectKeyIdentifier;
+       ASN1_GENERALIZEDTIME *date;
+       CMS_OtherKeyAttribute *other;
+       };
+
+struct CMS_KEKRecipientInfo_st
+       {
+       long version;
+       CMS_KEKIdentifier *kekid;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedKey;
+       };
+
+struct CMS_KEKIdentifier_st
+       {
+       ASN1_OCTET_STRING *keyIdentifier;
+       ASN1_GENERALIZEDTIME *date;
+       CMS_OtherKeyAttribute *other;
+       };
+
+struct CMS_PasswordRecipientInfo_st
+       {
+       long version;
+       X509_ALGOR *keyDerivationAlgorithm;
+       X509_ALGOR *keyEncryptionAlgorithm;
+       ASN1_OCTET_STRING *encryptedKey;
+       };
+
+struct CMS_OtherRecipientInfo_st
+       {
+       ASN1_OBJECT *oriType;
+       ASN1_TYPE *oriValue;
+       };
+
+struct CMS_DigestedData_st
+       {
+       long version;
+       X509_ALGOR *digestAlgorithm;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       ASN1_OCTET_STRING *digest;
+       };
+
+struct CMS_EncryptedData_st
+       {
+       long version;
+       CMS_EncryptedContentInfo *encryptedContentInfo;
+       STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+       };
+
+struct CMS_AuthenticatedData_st
+       {
+       long version;
+       CMS_OriginatorInfo *originatorInfo;
+       STACK_OF(CMS_RecipientInfo) *recipientInfos;
+       X509_ALGOR *macAlgorithm;
+       X509_ALGOR *digestAlgorithm;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       STACK_OF(X509_ATTRIBUTE) *authAttrs;
+       ASN1_OCTET_STRING *mac;
+       STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+       };
+
+struct CMS_CompressedData_st
+       {
+       long version;
+       X509_ALGOR *compressionAlgorithm;
+       STACK_OF(CMS_RecipientInfo) *recipientInfos;
+       CMS_EncapsulatedContentInfo *encapContentInfo;
+       };
+
+struct CMS_RevocationInfoChoice_st
+       {
+       int type;
+       union   {
+               X509_CRL *crl;
+               CMS_OtherRevocationInfoFormat *other;
+               } d;
+       };
+
+#define CMS_REVCHOICE_CRL              0
+#define CMS_REVCHOICE_OTHER            1
+
+struct CMS_OtherRevocationInfoFormat_st
+       {
+       ASN1_OBJECT *otherRevInfoFormat;
+       ASN1_TYPE *otherRevInfo;
+       };
+
+struct CMS_CertificateChoices
+       {
+       int type;
+               union {
+               X509 *certificate;
+               ASN1_STRING *extendedCertificate;       /* Obsolete */
+               ASN1_STRING *v1AttrCert;        /* Left encoded for now */
+               ASN1_STRING *v2AttrCert;        /* Left encoded for now */
+               CMS_OtherCertificateFormat *other;
+               } d;
+       };
+
+#define CMS_CERTCHOICE_CERT            0
+#define CMS_CERTCHOICE_EXCERT          1
+#define CMS_CERTCHOICE_V1ACERT         2
+#define CMS_CERTCHOICE_V2ACERT         3
+#define CMS_CERTCHOICE_OTHER           4
+
+struct CMS_OtherCertificateFormat_st
+       {
+       ASN1_OBJECT *otherCertFormat;
+       ASN1_TYPE *otherCert;
+       };
+
+/* This is also defined in pkcs7.h but we duplicate it
+ * to allow the CMS code to be independent of PKCS#7
+ */
+
+struct CMS_IssuerAndSerialNumber_st
+       {
+       X509_NAME *issuer;
+       ASN1_INTEGER *serialNumber;
+       };
+
+struct CMS_OtherKeyAttribute_st
+       {
+       ASN1_OBJECT *keyAttrId;
+       ASN1_TYPE *keyAttr;
+       };
+
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+
+#define CMS_SIGNERINFO_ISSUER_SERIAL   0
+#define CMS_SIGNERINFO_KEYIDENTIFIER   1
+
+#define CMS_RECIPINFO_ISSUER_SERIAL    0
+#define CMS_RECIPINFO_KEYIDENTIFIER    1
+
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *cms_Data_create(void);
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                       X509_ALGOR *mdalg);
+       
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
new file mode 100644 (file)
index 0000000..24ab0e7
--- /dev/null
@@ -0,0 +1,607 @@
+/* crypto/cms/cms_lib.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_STACK_OF(CMS_CertificateChoices)
+DECLARE_STACK_OF(CMS_RevocationInfoChoice)
+
+#if 0
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_CertificateChoices)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_RevocationInfoChoice)
+#endif
+
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
+       {
+       return cms->contentType;
+       }
+
+CMS_ContentInfo *cms_Data_create(void)
+       {
+       CMS_ContentInfo *cms;
+       cms = CMS_ContentInfo_new();
+       if (cms)
+               {
+               cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+               /* Never detached */
+               CMS_set_detached(cms, 0);
+               }
+       return cms;
+       }
+
+BIO *cms_content_bio(CMS_ContentInfo *cms)
+       {
+       ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+       if (!pos)
+               return NULL;
+       /* If content detached data goes nowhere: create NULL BIO */
+       if (!*pos)
+               return BIO_new(BIO_s_null());
+       /* If content not detached and created return memory BIO
+        */
+       if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+               return BIO_new(BIO_s_mem());
+       /* Else content was read in: return read only BIO for it */
+       return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+       }
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+       {
+       BIO *cmsbio, *cont;
+       if (icont)
+               cont = icont;
+       else
+               cont = cms_content_bio(cms);
+       if (!cont)
+               {
+               CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+               return NULL;
+               }
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_data:
+               return cont;
+
+               case NID_pkcs7_signed:
+               cmsbio = cms_SignedData_init_bio(cms);
+               break;
+
+               case NID_pkcs7_digest:
+               cmsbio = cms_DigestedData_init_bio(cms);
+               break;
+#ifdef ZLIB
+               case NID_id_smime_ct_compressedData:
+               cmsbio = cms_CompressedData_init_bio(cms);
+               break;
+#endif
+
+               default:
+               CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+               return NULL;
+               }
+
+       if (cmsbio)
+               return BIO_push(cmsbio, cont);
+
+       if (!icont)
+               BIO_free(cont);
+       return NULL;
+
+       }
+               
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+       {
+       ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+       if (!pos)
+               return 0;
+       /* If ebmedded content find memory BIO and set content */
+       if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
+               {
+               BIO *mbio;
+               unsigned char *cont;
+               long contlen;
+               mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+               if (!mbio)
+                       {
+                       CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+                       return 0;
+                       }
+               contlen = BIO_get_mem_data(mbio, &cont);
+               /* Set bio as read only so its content can't be clobbered */
+               BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+               BIO_set_mem_eof_return(mbio, 0);
+               ASN1_STRING_set0(*pos, cont, contlen);
+               (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+               }
+
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_data:
+               case NID_id_smime_ct_compressedData:
+               /* Nothing to do */
+               return 1;
+
+               case NID_pkcs7_signed:
+               return cms_SignedData_final(cms, cmsbio);
+
+               case NID_pkcs7_digest:
+               return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+               default:
+               CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+               return 0;
+               }
+       }
+
+/* Return an OCTET STRING pointer to content. This allows it to
+ * be accessed or set later.
+ */
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_data:
+               return &cms->d.data;
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->encapContentInfo->eContent;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+
+               case NID_pkcs7_digest:
+               return &cms->d.digestedData->encapContentInfo->eContent;
+
+               case NID_pkcs7_encrypted:
+               return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+
+               case NID_id_smime_ct_authData:
+               return &cms->d.authenticatedData->encapContentInfo->eContent;
+
+               case NID_id_smime_ct_compressedData:
+               return &cms->d.compressedData->encapContentInfo->eContent;
+
+               default:
+               if (cms->d.other->type == V_ASN1_OCTET_STRING)
+                       return &cms->d.other->value.octet_string;
+               CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+/* Return an ASN1_OBJECT pointer to content type. This allows it to
+ * be accessed or set later.
+ */
+
+static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->encapContentInfo->eContentType;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->encryptedContentInfo->contentType;
+
+               case NID_pkcs7_digest:
+               return &cms->d.digestedData->encapContentInfo->eContentType;
+
+               case NID_pkcs7_encrypted:
+               return &cms->d.encryptedData->encryptedContentInfo->contentType;
+
+               case NID_id_smime_ct_authData:
+               return &cms->d.authenticatedData->encapContentInfo->eContentType;
+
+               case NID_id_smime_ct_compressedData:
+               return &cms->d.compressedData->encapContentInfo->eContentType;
+
+               default:
+               CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
+                                       CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+       {
+       ASN1_OBJECT **petype;
+       petype = cms_get0_econtent_type(cms);
+       if (petype)
+               return *petype;
+       return NULL;
+       }
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+       {
+       ASN1_OBJECT **petype, *etype;
+       petype = cms_get0_econtent_type(cms);
+       if (!petype)
+               return 0;
+       if (!oid)
+               return 1;
+       etype = OBJ_dup(oid);
+       if (!etype)
+               return 0;
+       ASN1_OBJECT_free(*petype);
+       *petype = etype;
+       return 1;
+       }
+
+int CMS_is_detached(CMS_ContentInfo *cms)
+       {
+       ASN1_OCTET_STRING **pos;
+       pos = CMS_get0_content(cms);
+       if (!pos)
+               return -1;
+       if (*pos)
+               return 0;
+       return 1;
+       }
+
+int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+       {
+       ASN1_OCTET_STRING **pos;
+       pos = CMS_get0_content(cms);
+       if (!pos)
+               return 0;
+       if (detached)
+               {
+               if (*pos)
+                       {
+                       ASN1_OCTET_STRING_free(*pos);
+                       *pos = NULL;
+                       }
+               return 1;
+               }
+       if (!*pos)
+               *pos = ASN1_OCTET_STRING_new();
+       if (*pos)
+               {
+               /* NB: special flag to show content is created and not
+                * read in.
+                */
+               (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+               return 1;
+               }
+       CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+       return 0;
+       }
+
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
+       {
+       int param_type;
+
+       if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
+               param_type = V_ASN1_UNDEF;
+       else
+               param_type = V_ASN1_NULL;
+
+       X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+       }
+
+/* Create a digest BIO from an X509_ALGOR structure */
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+       {
+       BIO *mdbio = NULL;
+       ASN1_OBJECT *digestoid;
+       const EVP_MD *digest;
+       X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+       digest = EVP_get_digestbyobj(digestoid);
+       if (!digest)
+               {
+               CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+                               CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+               goto err;       
+               }
+       mdbio = BIO_new(BIO_f_md());
+       if (!mdbio || !BIO_set_md(mdbio, digest))
+               {
+               CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+                               CMS_R_MD_BIO_INIT_ERROR);
+               goto err;       
+               }
+       return mdbio;
+       err:
+       if (mdbio)
+               BIO_free(mdbio);
+       return NULL;
+       }
+
+/* Locate a message digest content from a BIO chain based on SignerInfo */
+
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                       X509_ALGOR *mdalg)
+       {
+       int nid;
+       ASN1_OBJECT *mdoid;
+       X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+       nid = OBJ_obj2nid(mdoid);
+       /* Look for digest type to match signature */
+       for (;;)
+               {
+               EVP_MD_CTX *mtmp;
+               chain = BIO_find_type(chain, BIO_TYPE_MD);
+               if (chain == NULL)
+                       {
+                       CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+                                               CMS_R_NO_MATCHING_DIGEST);
+                       return 0;
+                       }
+               BIO_get_md_ctx(chain, &mtmp);
+               if (EVP_MD_CTX_type(mtmp) == nid)
+                       {
+                       EVP_MD_CTX_copy_ex(mctx, mtmp);
+                       return 1;
+                       }
+               chain = BIO_next(chain);
+               }
+       }
+
+STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->certificates;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->originatorInfo->certificates;
+
+               default:
+               CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+                                       CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+       {
+       STACK_OF(CMS_CertificateChoices) **pcerts;
+       CMS_CertificateChoices *cch;
+       pcerts = cms_get0_certificate_choices(cms);
+       if (!pcerts)
+               return NULL;
+       if (!*pcerts)
+               *pcerts = sk_CMS_CertificateChoices_new_null();
+       if (!*pcerts)
+               return NULL;
+       cch = M_ASN1_new_of(CMS_CertificateChoices);
+       if (!cch)
+               return NULL;
+       if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
+               {
+               M_ASN1_free_of(cch, CMS_CertificateChoices);
+               return NULL;
+               }
+       return cch;
+       }
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+       {
+       CMS_CertificateChoices *cch;
+       STACK_OF(CMS_CertificateChoices) **pcerts;
+       int i;
+       pcerts = cms_get0_certificate_choices(cms);
+       if (!pcerts)
+               return 0;
+       if (!pcerts)
+               return 0;
+       for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
+               {
+               cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+               if (cch->type == CMS_CERTCHOICE_CERT)
+                       {
+                       if (!X509_cmp(cch->d.certificate, cert))
+                               return -1;
+                               
+                       }
+               }
+       cch = CMS_add0_CertificateChoices(cms);
+       if (!cch)
+               return 0;
+       cch->type = CMS_CERTCHOICE_CERT;
+       cch->d.certificate = cert;
+       return 1;
+       }
+
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+       {
+       int r;
+       r = CMS_add0_cert(cms, cert);
+       if (r > 0)
+               CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+       return r;
+       }
+
+STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
+       {
+       switch (OBJ_obj2nid(cms->contentType))
+               {
+
+               case NID_pkcs7_signed:
+               return &cms->d.signedData->crls;
+
+               case NID_pkcs7_enveloped:
+               return &cms->d.envelopedData->originatorInfo->crls;
+
+               default:
+               CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+                                       CMS_R_UNSUPPORTED_CONTENT_TYPE);
+               return NULL;
+
+               }
+       }
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+       {
+       STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+       CMS_RevocationInfoChoice *rch;
+       pcrls = cms_get0_revocation_choices(cms);
+       if (!pcrls)
+               return NULL;
+       if (!*pcrls)
+               *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+       if (!*pcrls)
+               return NULL;
+       rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+       if (!rch)
+               return NULL;
+       if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
+               {
+               M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+               return NULL;
+               }
+       return rch;
+       }
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+       {
+       CMS_RevocationInfoChoice *rch;
+       rch = CMS_add0_RevocationInfoChoice(cms);
+       if (!rch)
+               return 0;
+       rch->type = CMS_REVCHOICE_CRL;
+       rch->d.crl = crl;
+       return 1;
+       }
+
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+       {
+       STACK_OF(X509) *certs = NULL;
+       CMS_CertificateChoices *cch;
+       STACK_OF(CMS_CertificateChoices) **pcerts;
+       int i;
+       pcerts = cms_get0_certificate_choices(cms);
+       if (!pcerts)
+               return NULL;
+       for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
+               {
+               cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+               if (cch->type == 0)
+                       {
+                       if (!certs)
+                               {
+                               certs = sk_X509_new_null();
+                               if (!certs)
+                                       return NULL;
+                               }
+                       if (!sk_X509_push(certs, cch->d.certificate))
+                               {
+                               sk_X509_pop_free(certs, X509_free);
+                               return NULL;
+                               }
+                       CRYPTO_add(&cch->d.certificate->references,
+                                               1, CRYPTO_LOCK_X509);
+                       }
+               }
+       return certs;
+
+       }
+
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+       {
+       STACK_OF(X509_CRL) *crls = NULL;
+       STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+       CMS_RevocationInfoChoice *rch;
+       int i;
+       pcrls = cms_get0_revocation_choices(cms);
+       if (!pcrls)
+               return NULL;
+       for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
+               {
+               rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+               if (rch->type == 0)
+                       {
+                       if (!crls)
+                               {
+                               crls = sk_X509_CRL_new_null();
+                               if (!crls)
+                                       return NULL;
+                               }
+                       if (!sk_X509_CRL_push(crls, rch->d.crl))
+                               {
+                               sk_X509_CRL_pop_free(crls, X509_CRL_free);
+                               return NULL;
+                               }
+                       CRYPTO_add(&rch->d.crl->references,
+                                               1, CRYPTO_LOCK_X509_CRL);
+                       }
+               }
+       return crls;
+       }
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
new file mode 100644 (file)
index 0000000..5286097
--- /dev/null
@@ -0,0 +1,967 @@
+/* crypto/cms/cms_sd.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+#include "asn1_locl.h"
+
+/* CMS SignedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_SignedData)
+
+static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+       {
+       if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
+               {
+               CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+               return NULL;
+               }
+       return cms->d.signedData;
+       }
+
+static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+       {
+       if (cms->d.other == NULL)
+               {
+               cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
+               if (!cms->d.signedData)
+                       {
+                       CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+                       return NULL;
+                       }
+               cms->d.signedData->version = 1;
+               cms->d.signedData->encapContentInfo->eContentType =
+                                               OBJ_nid2obj(NID_pkcs7_data);
+               ASN1_OBJECT_free(cms->contentType);
+               cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
+               return cms->d.signedData;
+               }
+       return cms_get0_signed(cms);
+       }
+
+/* Just initialize SignedData e.g. for certs only structure */
+
+int CMS_SignedData_init(CMS_ContentInfo *cms)
+       {
+       if (cms_signed_data_init(cms))
+               return 1;
+       else
+               return 0;
+       }
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_sd_set_version(CMS_SignedData *sd)
+       {
+       int i;
+       CMS_CertificateChoices *cch;
+       CMS_RevocationInfoChoice *rch;
+       CMS_SignerInfo *si;
+
+       for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
+               {
+               cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
+               if (cch->type == CMS_CERTCHOICE_OTHER)
+                       {
+                       if (sd->version < 5)
+                               sd->version = 5;
+                       }
+               else if (cch->type == CMS_CERTCHOICE_V2ACERT)
+                       {
+                       if (sd->version < 4)
+                               sd->version = 4;
+                       }
+               else if (cch->type == CMS_CERTCHOICE_V1ACERT)
+                       {
+                       if (sd->version < 3)
+                               sd->version = 3;
+                       }
+               }
+
+       for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
+               {
+               rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
+               if (rch->type == CMS_REVCHOICE_OTHER)
+                       {
+                       if (sd->version < 5)
+                               sd->version = 5;
+                       }
+               }
+
+       if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
+                       && (sd->version < 3))
+               sd->version = 3;
+
+       for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+               if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+                       {
+                       if (si->version < 3)
+                               si->version = 3;
+                       if (sd->version < 3)
+                               sd->version = 3;
+                       }
+               else
+                       sd->version = 1;
+               }
+
+       if (sd->version < 1)
+               sd->version = 1;
+
+       }
+       
+/* Copy an existing messageDigest value */
+
+static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+       {
+       STACK_OF(CMS_SignerInfo) *sinfos;
+       CMS_SignerInfo *sitmp;
+       int i;
+       sinfos = CMS_get0_SignerInfos(cms);
+       for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+               {
+               ASN1_OCTET_STRING *messageDigest;
+               sitmp = sk_CMS_SignerInfo_value(sinfos, i);
+               if (sitmp == si)
+                       continue;
+               if (CMS_signed_get_attr_count(sitmp) < 0)
+                       continue;
+               if (OBJ_cmp(si->digestAlgorithm->algorithm,
+                               sitmp->digestAlgorithm->algorithm))
+                       continue;
+               messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
+                                       OBJ_nid2obj(NID_pkcs9_messageDigest),
+                                       -3, V_ASN1_OCTET_STRING);
+               if (!messageDigest)
+                       {
+                       CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
+                               CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+                       return 0;
+                       }
+
+               if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                               V_ASN1_OCTET_STRING,
+                                               messageDigest, -1))
+                       return 1;
+               else
+                       return 0;
+               }
+               CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+               return 0;
+       }
+
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+       {
+       switch(type)
+               {
+               case CMS_SIGNERINFO_ISSUER_SERIAL:
+               sid->d.issuerAndSerialNumber =
+                       M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+               if (!sid->d.issuerAndSerialNumber)
+                       goto merr;
+               if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
+                                       X509_get_issuer_name(cert)))
+                       goto merr;
+               if (!ASN1_STRING_copy(
+                       sid->d.issuerAndSerialNumber->serialNumber,
+                               X509_get_serialNumber(cert)))
+                       goto merr;
+               break;
+
+               case CMS_SIGNERINFO_KEYIDENTIFIER:
+               sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
+               if (!sid->d.subjectKeyIdentifier)
+                       goto merr;
+               break;
+
+               default:
+               CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
+               return 0;
+               }
+
+       sid->type = type;
+
+       return 1;
+
+       merr:
+       CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
+       return 0;
+
+       }
+
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                       ASN1_OCTET_STRING **keyid,
+                                       X509_NAME **issuer, ASN1_INTEGER **sno)
+       {
+       if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+               {
+               if (issuer)
+                       *issuer = sid->d.issuerAndSerialNumber->issuer;
+               if (sno)
+                       *sno = sid->d.issuerAndSerialNumber->serialNumber;
+               }
+       else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+               {
+               if (keyid)
+                       *keyid = sid->d.subjectKeyIdentifier;
+               }
+       else
+               return 0;
+       return 1;
+       }
+
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+       {
+       int ret;
+       if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+               {
+               ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
+                                       X509_get_issuer_name(cert));
+               if (ret)
+                       return ret;
+               return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
+                                       X509_get_serialNumber(cert));
+               }
+       else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+               {
+               X509_check_purpose(cert, -1, -1);
+               if (!cert->skid)
+                       return -1;
+               return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
+                                                       cert->skid);
+               }
+       else
+               return -1;
+       }
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                       X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                       unsigned int flags)
+       {
+       CMS_SignedData *sd;
+       CMS_SignerInfo *si = NULL;
+       X509_ALGOR *alg;
+       int i, type;
+       if(!X509_check_private_key(signer, pk))
+               {
+               CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                       CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return NULL;
+               }
+       sd = cms_signed_data_init(cms);
+       if (!sd)
+               goto err;
+       si = M_ASN1_new_of(CMS_SignerInfo);
+       if (!si)
+               goto merr;
+       X509_check_purpose(signer, -1, -1);
+
+       CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+       CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+
+       si->pkey = pk;
+       si->signer = signer;
+
+       if (flags & CMS_USE_KEYID)
+               {
+               si->version = 3;
+               if (sd->version < 3)
+                       sd->version = 3;
+               type = CMS_SIGNERINFO_KEYIDENTIFIER;
+               }
+       else
+               {
+               type = CMS_SIGNERINFO_ISSUER_SERIAL;
+               si->version = 1;
+               }
+
+       if (!cms_set1_SignerIdentifier(si->sid, signer, type))
+               goto err;
+
+       if (md == NULL)
+               {
+               int def_nid;
+               if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+                       goto err;
+               md = EVP_get_digestbynid(def_nid);
+               if (md == NULL)
+                       {
+                       CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+                       goto err;
+                       }
+               }
+
+       if (!md)
+               {
+               CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
+               goto err;
+               }
+
+       cms_DigestAlgorithm_set(si->digestAlgorithm, md);
+
+       /* See if digest is present in digestAlgorithms */
+       for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
+               {
+               ASN1_OBJECT *aoid;
+               alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+               X509_ALGOR_get0(&aoid, NULL, NULL, alg);
+               if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+                       break;
+               }
+
+       if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
+               {
+               alg = X509_ALGOR_new();
+               if (!alg)
+                       goto merr;
+               cms_DigestAlgorithm_set(alg, md);
+               if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
+                       {
+                       X509_ALGOR_free(alg);
+                       goto merr;
+                       }
+               }
+
+       if (pk->ameth && pk->ameth->pkey_ctrl)
+               {
+               i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
+                                               0, si);
+               if (i == -2)
+                       {
+                       CMSerr(CMS_F_CMS_ADD1_SIGNER,
+                               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+                       goto err;
+                       }
+               if (i <= 0)
+                       {
+                       CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
+                       goto err;
+                       }
+               }
+
+       if (!(flags & CMS_NOATTR))
+               {
+               /* Copy content type across */
+               ASN1_OBJECT *ctype =
+                               OBJ_dup(sd->encapContentInfo->eContentType); 
+               if (!ctype)
+                       goto merr;
+               i = CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+                                               V_ASN1_OBJECT, ctype, -1);
+               ASN1_OBJECT_free(ctype);
+               if (i <= 0)
+                       goto merr;
+               if (!(flags & CMS_NOSMIMECAP))
+                       {
+                       STACK_OF(X509_ALGOR) *smcap = NULL;
+                       i = CMS_add_standard_smimecap(&smcap);
+                       if (i)
+                               i = CMS_add_smimecap(si, smcap);
+                       sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+                       if (!i)
+                               goto merr;
+                       }
+               if (flags & CMS_REUSE_DIGEST)
+                       {
+                       if (!cms_copy_messageDigest(cms, si))
+                               goto err;
+                       if (!(flags & CMS_PARTIAL) &&
+                                       !CMS_SignerInfo_sign(si))
+                               goto err;
+                       }
+               }
+
+       if (!(flags & CMS_NOCERTS))
+               {
+               /* NB ignore -1 return for duplicate cert */
+               if (!CMS_add1_cert(cms, signer))
+                       goto merr;
+               }
+
+       if (!sd->signerInfos)
+               sd->signerInfos = sk_CMS_SignerInfo_new_null();
+       if (!sd->signerInfos ||
+               !sk_CMS_SignerInfo_push(sd->signerInfos, si))
+               goto merr;
+
+       return si;
+
+       merr:
+       CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+       err:
+       if (si)
+               M_ASN1_free_of(si, CMS_SignerInfo);
+       return NULL;
+
+       }
+
+int CMS_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+       {
+       ASN1_TIME *tt;
+       int r = 0;
+       if (t)
+               tt = t;
+       else
+               tt = X509_gmtime_adj(NULL, 0);
+
+       if (!tt)
+               goto merr;
+
+       if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
+                                               tt->type, tt, -1) <= 0)
+               goto merr;
+
+       r = 1;
+
+       merr:
+
+       if (!t)
+               ASN1_TIME_free(tt);
+
+       if (!r)
+               CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
+
+       return r;
+
+       }
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+       {
+       CMS_SignedData *sd;
+       sd = cms_get0_signed(cms);
+       if (!sd)
+               return NULL;
+       return sd->signerInfos;
+       }
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+       {
+       STACK_OF(X509) *signers = NULL;
+       STACK_OF(CMS_SignerInfo) *sinfos;
+       CMS_SignerInfo *si;
+       int i;
+       sinfos = CMS_get0_SignerInfos(cms);
+       for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
+               {
+               si = sk_CMS_SignerInfo_value(sinfos, i);
+               if (si->signer)
+                       {
+                       if (!signers)
+                               {
+                               signers = sk_X509_new_null();
+                               if (!signers)
+                                       return NULL;
+                               }
+                       if (!sk_X509_push(signers, si->signer))
+                               {
+                               sk_X509_free(signers);
+                               return NULL;
+                               }
+                       }
+               }
+       return signers;
+       }
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+       {
+       if (signer)
+               {
+               CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+               if (si->pkey)
+                       EVP_PKEY_free(si->pkey);
+               si->pkey = X509_get_pubkey(signer);
+               }
+       if (si->signer)
+               X509_free(si->signer);