2
0

pk7_smime.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586
  1. /* pk7_smime.c */
  2. /*
  3. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  4. * project.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * licensing@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. *
  54. * This product includes cryptographic software written by Eric Young
  55. * (eay@cryptsoft.com). This product includes software written by Tim
  56. * Hudson (tjh@cryptsoft.com).
  57. *
  58. */
  59. /* Simple PKCS#7 processing functions */
  60. #include <stdio.h>
  61. #include "internal/cryptlib.h"
  62. #include <openssl/x509.h>
  63. #include <openssl/x509v3.h>
  64. static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
  65. PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
  66. BIO *data, int flags)
  67. {
  68. PKCS7 *p7;
  69. int i;
  70. if ((p7 = PKCS7_new()) == NULL) {
  71. PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
  72. return NULL;
  73. }
  74. if (!PKCS7_set_type(p7, NID_pkcs7_signed))
  75. goto err;
  76. if (!PKCS7_content_new(p7, NID_pkcs7_data))
  77. goto err;
  78. if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
  79. PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
  80. goto err;
  81. }
  82. if (!(flags & PKCS7_NOCERTS)) {
  83. for (i = 0; i < sk_X509_num(certs); i++) {
  84. if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
  85. goto err;
  86. }
  87. }
  88. if (flags & PKCS7_DETACHED)
  89. PKCS7_set_detached(p7, 1);
  90. if (flags & (PKCS7_STREAM | PKCS7_PARTIAL))
  91. return p7;
  92. if (PKCS7_final(p7, data, flags))
  93. return p7;
  94. err:
  95. PKCS7_free(p7);
  96. return NULL;
  97. }
  98. int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
  99. {
  100. BIO *p7bio;
  101. int ret = 0;
  102. if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
  103. PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
  104. return 0;
  105. }
  106. SMIME_crlf_copy(data, p7bio, flags);
  107. (void)BIO_flush(p7bio);
  108. if (!PKCS7_dataFinal(p7, p7bio)) {
  109. PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
  110. goto err;
  111. }
  112. ret = 1;
  113. err:
  114. BIO_free_all(p7bio);
  115. return ret;
  116. }
  117. /* Check to see if a cipher exists and if so add S/MIME capabilities */
  118. static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
  119. {
  120. if (EVP_get_cipherbynid(nid))
  121. return PKCS7_simple_smimecap(sk, nid, arg);
  122. return 1;
  123. }
  124. static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
  125. {
  126. if (EVP_get_digestbynid(nid))
  127. return PKCS7_simple_smimecap(sk, nid, arg);
  128. return 1;
  129. }
  130. PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
  131. EVP_PKEY *pkey, const EVP_MD *md,
  132. int flags)
  133. {
  134. PKCS7_SIGNER_INFO *si = NULL;
  135. STACK_OF(X509_ALGOR) *smcap = NULL;
  136. if (!X509_check_private_key(signcert, pkey)) {
  137. PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
  138. PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
  139. return NULL;
  140. }
  141. if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) {
  142. PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
  143. PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
  144. return NULL;
  145. }
  146. if (!(flags & PKCS7_NOCERTS)) {
  147. if (!PKCS7_add_certificate(p7, signcert))
  148. goto err;
  149. }
  150. if (!(flags & PKCS7_NOATTR)) {
  151. if (!PKCS7_add_attrib_content_type(si, NULL))
  152. goto err;
  153. /* Add SMIMECapabilities */
  154. if (!(flags & PKCS7_NOSMIMECAP)) {
  155. if ((smcap = sk_X509_ALGOR_new_null()) == NULL) {
  156. PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
  157. goto err;
  158. }
  159. if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
  160. || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
  161. || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
  162. || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
  163. || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
  164. || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
  165. || !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
  166. || !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
  167. || !add_cipher_smcap(smcap, NID_des_cbc, -1)
  168. || !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
  169. || !PKCS7_add_attrib_smimecap(si, smcap))
  170. goto err;
  171. sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
  172. smcap = NULL;
  173. }
  174. if (flags & PKCS7_REUSE_DIGEST) {
  175. if (!pkcs7_copy_existing_digest(p7, si))
  176. goto err;
  177. if (!(flags & PKCS7_PARTIAL) && !PKCS7_SIGNER_INFO_sign(si))
  178. goto err;
  179. }
  180. }
  181. return si;
  182. err:
  183. sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
  184. return NULL;
  185. }
  186. /*
  187. * Search for a digest matching SignerInfo digest type and if found copy
  188. * across.
  189. */
  190. static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
  191. {
  192. int i;
  193. STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
  194. PKCS7_SIGNER_INFO *sitmp;
  195. ASN1_OCTET_STRING *osdig = NULL;
  196. sinfos = PKCS7_get_signer_info(p7);
  197. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
  198. sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
  199. if (si == sitmp)
  200. break;
  201. if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
  202. continue;
  203. if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) {
  204. osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
  205. break;
  206. }
  207. }
  208. if (osdig)
  209. return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
  210. PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
  211. PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
  212. return 0;
  213. }
  214. int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
  215. BIO *indata, BIO *out, int flags)
  216. {
  217. STACK_OF(X509) *signers;
  218. X509 *signer;
  219. STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
  220. PKCS7_SIGNER_INFO *si;
  221. X509_STORE_CTX cert_ctx;
  222. char buf[4096];
  223. int i, j = 0, k, ret = 0;
  224. BIO *p7bio;
  225. BIO *tmpin, *tmpout;
  226. if (!p7) {
  227. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
  228. return 0;
  229. }
  230. if (!PKCS7_type_is_signed(p7)) {
  231. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
  232. return 0;
  233. }
  234. /* Check for no data and no content: no data to verify signature */
  235. if (PKCS7_get_detached(p7) && !indata) {
  236. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
  237. return 0;
  238. }
  239. /*
  240. * Very old Netscape illegally included empty content with
  241. * a detached signature. To not support that, enable the
  242. * following flag.
  243. */
  244. #ifdef OPENSSL_DONT_SUPPORT_OLD_NETSCAPE
  245. /* Check for data and content: two sets of data */
  246. if (!PKCS7_get_detached(p7) && indata) {
  247. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
  248. return 0;
  249. }
  250. #endif
  251. sinfos = PKCS7_get_signer_info(p7);
  252. if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
  253. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
  254. return 0;
  255. }
  256. signers = PKCS7_get0_signers(p7, certs, flags);
  257. if (!signers)
  258. return 0;
  259. /* Now verify the certificates */
  260. if (!(flags & PKCS7_NOVERIFY))
  261. for (k = 0; k < sk_X509_num(signers); k++) {
  262. signer = sk_X509_value(signers, k);
  263. if (!(flags & PKCS7_NOCHAIN)) {
  264. if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
  265. p7->d.sign->cert)) {
  266. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
  267. sk_X509_free(signers);
  268. return 0;
  269. }
  270. X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
  271. } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) {
  272. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
  273. sk_X509_free(signers);
  274. return 0;
  275. }
  276. if (!(flags & PKCS7_NOCRL))
  277. X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
  278. i = X509_verify_cert(&cert_ctx);
  279. if (i <= 0)
  280. j = X509_STORE_CTX_get_error(&cert_ctx);
  281. X509_STORE_CTX_cleanup(&cert_ctx);
  282. if (i <= 0) {
  283. PKCS7err(PKCS7_F_PKCS7_VERIFY,
  284. PKCS7_R_CERTIFICATE_VERIFY_ERROR);
  285. ERR_add_error_data(2, "Verify error:",
  286. X509_verify_cert_error_string(j));
  287. sk_X509_free(signers);
  288. return 0;
  289. }
  290. /* Check for revocation status here */
  291. }
  292. /*
  293. * Performance optimization: if the content is a memory BIO then store
  294. * its contents in a temporary read only memory BIO. This avoids
  295. * potentially large numbers of slow copies of data which will occur when
  296. * reading from a read write memory BIO when signatures are calculated.
  297. */
  298. if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
  299. char *ptr;
  300. long len;
  301. len = BIO_get_mem_data(indata, &ptr);
  302. tmpin = BIO_new_mem_buf(ptr, len);
  303. if (tmpin == NULL) {
  304. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
  305. return 0;
  306. }
  307. } else
  308. tmpin = indata;
  309. if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL)
  310. goto err;
  311. if (flags & PKCS7_TEXT) {
  312. if ((tmpout = BIO_new(BIO_s_mem())) == NULL) {
  313. PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
  314. goto err;
  315. }
  316. BIO_set_mem_eof_return(tmpout, 0);
  317. } else
  318. tmpout = out;
  319. /* We now have to 'read' from p7bio to calculate digests etc. */
  320. for (;;) {
  321. i = BIO_read(p7bio, buf, sizeof(buf));
  322. if (i <= 0)
  323. break;
  324. if (tmpout)
  325. BIO_write(tmpout, buf, i);
  326. }
  327. if (flags & PKCS7_TEXT) {
  328. if (!SMIME_text(tmpout, out)) {
  329. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR);
  330. BIO_free(tmpout);
  331. goto err;
  332. }
  333. BIO_free(tmpout);
  334. }
  335. /* Now Verify All Signatures */
  336. if (!(flags & PKCS7_NOSIGS))
  337. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
  338. si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
  339. signer = sk_X509_value(signers, i);
  340. j = PKCS7_signatureVerify(p7bio, p7, si, signer);
  341. if (j <= 0) {
  342. PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
  343. goto err;
  344. }
  345. }
  346. ret = 1;
  347. err:
  348. if (tmpin == indata) {
  349. if (indata)
  350. BIO_pop(p7bio);
  351. }
  352. BIO_free_all(p7bio);
  353. sk_X509_free(signers);
  354. return ret;
  355. }
  356. STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
  357. int flags)
  358. {
  359. STACK_OF(X509) *signers;
  360. STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
  361. PKCS7_SIGNER_INFO *si;
  362. PKCS7_ISSUER_AND_SERIAL *ias;
  363. X509 *signer;
  364. int i;
  365. if (!p7) {
  366. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER);
  367. return NULL;
  368. }
  369. if (!PKCS7_type_is_signed(p7)) {
  370. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE);
  371. return NULL;
  372. }
  373. /* Collect all the signers together */
  374. sinfos = PKCS7_get_signer_info(p7);
  375. if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
  376. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
  377. return 0;
  378. }
  379. if ((signers = sk_X509_new_null()) == NULL) {
  380. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
  381. return NULL;
  382. }
  383. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
  384. si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
  385. ias = si->issuer_and_serial;
  386. signer = NULL;
  387. /* If any certificates passed they take priority */
  388. if (certs)
  389. signer = X509_find_by_issuer_and_serial(certs,
  390. ias->issuer, ias->serial);
  391. if (!signer && !(flags & PKCS7_NOINTERN)
  392. && p7->d.sign->cert)
  393. signer =
  394. X509_find_by_issuer_and_serial(p7->d.sign->cert,
  395. ias->issuer, ias->serial);
  396. if (!signer) {
  397. PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
  398. PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
  399. sk_X509_free(signers);
  400. return 0;
  401. }
  402. if (!sk_X509_push(signers, signer)) {
  403. sk_X509_free(signers);
  404. return NULL;
  405. }
  406. }
  407. return signers;
  408. }
  409. /* Build a complete PKCS#7 enveloped data */
  410. PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
  411. int flags)
  412. {
  413. PKCS7 *p7;
  414. BIO *p7bio = NULL;
  415. int i;
  416. X509 *x509;
  417. if ((p7 = PKCS7_new()) == NULL) {
  418. PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
  419. return NULL;
  420. }
  421. if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
  422. goto err;
  423. if (!PKCS7_set_cipher(p7, cipher)) {
  424. PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
  425. goto err;
  426. }
  427. for (i = 0; i < sk_X509_num(certs); i++) {
  428. x509 = sk_X509_value(certs, i);
  429. if (!PKCS7_add_recipient(p7, x509)) {
  430. PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT);
  431. goto err;
  432. }
  433. }
  434. if (flags & PKCS7_STREAM)
  435. return p7;
  436. if (PKCS7_final(p7, in, flags))
  437. return p7;
  438. err:
  439. BIO_free_all(p7bio);
  440. PKCS7_free(p7);
  441. return NULL;
  442. }
  443. int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
  444. {
  445. BIO *tmpmem;
  446. int ret, i;
  447. char buf[4096];
  448. if (!p7) {
  449. PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
  450. return 0;
  451. }
  452. if (!PKCS7_type_is_enveloped(p7)) {
  453. PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
  454. return 0;
  455. }
  456. if (cert && !X509_check_private_key(cert, pkey)) {
  457. PKCS7err(PKCS7_F_PKCS7_DECRYPT,
  458. PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
  459. return 0;
  460. }
  461. if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) {
  462. PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
  463. return 0;
  464. }
  465. if (flags & PKCS7_TEXT) {
  466. BIO *tmpbuf, *bread;
  467. /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
  468. if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) {
  469. PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
  470. BIO_free_all(tmpmem);
  471. return 0;
  472. }
  473. if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) {
  474. PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
  475. BIO_free_all(tmpbuf);
  476. BIO_free_all(tmpmem);
  477. return 0;
  478. }
  479. ret = SMIME_text(bread, data);
  480. if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
  481. if (!BIO_get_cipher_status(tmpmem))
  482. ret = 0;
  483. }
  484. BIO_free_all(bread);
  485. return ret;
  486. } else {
  487. for (;;) {
  488. i = BIO_read(tmpmem, buf, sizeof(buf));
  489. if (i <= 0) {
  490. ret = 1;
  491. if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
  492. if (!BIO_get_cipher_status(tmpmem))
  493. ret = 0;
  494. }
  495. break;
  496. }
  497. if (BIO_write(data, buf, i) != i) {
  498. ret = 0;
  499. break;
  500. }
  501. }
  502. BIO_free_all(tmpmem);
  503. return ret;
  504. }
  505. }