12 #define NewPKCS7(klass) \
13 TypedData_Wrap_Struct((klass), &ossl_pkcs7_type, 0)
14 #define SetPKCS7(obj, pkcs7) do { \
16 ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
18 RTYPEDDATA_DATA(obj) = (pkcs7); \
20 #define GetPKCS7(obj, pkcs7) do { \
21 TypedData_Get_Struct((obj), PKCS7, &ossl_pkcs7_type, (pkcs7)); \
23 ossl_raise(rb_eRuntimeError, "PKCS7 wasn't initialized."); \
27 #define NewPKCS7si(klass) \
28 TypedData_Wrap_Struct((klass), &ossl_pkcs7_signer_info_type, 0)
29 #define SetPKCS7si(obj, p7si) do { \
31 ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \
33 RTYPEDDATA_DATA(obj) = (p7si); \
35 #define GetPKCS7si(obj, p7si) do { \
36 TypedData_Get_Struct((obj), PKCS7_SIGNER_INFO, &ossl_pkcs7_signer_info_type, (p7si)); \
38 ossl_raise(rb_eRuntimeError, "PKCS7si wasn't initialized."); \
42 #define NewPKCS7ri(klass) \
43 TypedData_Wrap_Struct((klass), &ossl_pkcs7_recip_info_type, 0)
44 #define SetPKCS7ri(obj, p7ri) do { \
46 ossl_raise(rb_eRuntimeError, "PKCS7ri wasn't initialized."); \
48 RTYPEDDATA_DATA(obj) = (p7ri); \
50 #define GetPKCS7ri(obj, p7ri) do { \
51 TypedData_Get_Struct((obj), PKCS7_RECIP_INFO, &ossl_pkcs7_recip_info_type, (p7ri)); \
53 ossl_raise(rb_eRuntimeError, "PKCS7ri wasn't initialized."); \
57 #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0]))
59 #define ossl_pkcs7_set_data(o,v) rb_iv_set((o), "@data", (v))
60 #define ossl_pkcs7_get_data(o) rb_iv_get((o), "@data")
61 #define ossl_pkcs7_set_err_string(o,v) rb_iv_set((o), "@error_string", (v))
62 #define ossl_pkcs7_get_err_string(o) rb_iv_get((o), "@error_string")
73 ossl_pkcs7_free(
void *
ptr)
87 ossl_pkcs7_signer_info_free(
void *
ptr)
89 PKCS7_SIGNER_INFO_free(
ptr);
93 "OpenSSL/PKCS7/SIGNER_INFO",
95 0, ossl_pkcs7_signer_info_free,
101 ossl_pkcs7_recip_info_free(
void *
ptr)
103 PKCS7_RECIP_INFO_free(
ptr);
107 "OpenSSL/PKCS7/RECIP_INFO",
109 0, ossl_pkcs7_recip_info_free,
118 static PKCS7_SIGNER_INFO *
119 ossl_PKCS7_SIGNER_INFO_dup(
const PKCS7_SIGNER_INFO *si)
121 return (PKCS7_SIGNER_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_SIGNER_INFO,
122 (d2i_of_void *)d2i_PKCS7_SIGNER_INFO,
126 static PKCS7_RECIP_INFO *
127 ossl_PKCS7_RECIP_INFO_dup(
const PKCS7_RECIP_INFO *si)
129 return (PKCS7_RECIP_INFO *)ASN1_dup((i2d_of_void *)i2d_PKCS7_RECIP_INFO,
130 (d2i_of_void *)d2i_PKCS7_RECIP_INFO,
135 ossl_pkcs7si_new(PKCS7_SIGNER_INFO *p7si)
137 PKCS7_SIGNER_INFO *pkcs7;
141 pkcs7 = p7si ? ossl_PKCS7_SIGNER_INFO_dup(p7si) : PKCS7_SIGNER_INFO_new();
148 static PKCS7_SIGNER_INFO *
151 PKCS7_SIGNER_INFO *p7si, *pkcs7;
154 if (!(pkcs7 = ossl_PKCS7_SIGNER_INFO_dup(p7si))) {
162 ossl_pkcs7ri_new(PKCS7_RECIP_INFO *p7ri)
164 PKCS7_RECIP_INFO *pkcs7;
168 pkcs7 = p7ri ? ossl_PKCS7_RECIP_INFO_dup(p7ri) : PKCS7_RECIP_INFO_new();
175 static PKCS7_RECIP_INFO *
178 PKCS7_RECIP_INFO *p7ri, *pkcs7;
181 if (!(pkcs7 = ossl_PKCS7_RECIP_INFO_dup(p7ri))) {
202 pkcs7 = SMIME_read_PKCS7(in, &out);
220 VALUE pkcs7, data, flags;
230 if(!
NIL_P(data) && PKCS7_is_detached(p7))
231 flg |= PKCS7_DETACHED;
233 if(!(out = BIO_new(BIO_s_mem()))){
237 if(!SMIME_write_PKCS7(out, p7, in, flg)){
255 VALUE cert,
key, data, certs, flags;
272 x509s = ossl_protect_x509_ary2sk(certs, &status);
278 if(!(pkcs7 = PKCS7_sign(x509, pkey, x509s, in, flg))){
280 sk_X509_pop_free(x509s, X509_free);
287 sk_X509_pop_free(x509s, X509_free);
299 VALUE certs, data, cipher, flags;
302 const EVP_CIPHER *ciph;
309 #if !defined(OPENSSL_NO_RC2)
310 ciph = EVP_rc2_40_cbc();
311 #elif !defined(OPENSSL_NO_DES)
312 ciph = EVP_des_ede3_cbc();
313 #elif !defined(OPENSSL_NO_RC2)
314 ciph = EVP_rc2_40_cbc();
315 #elif !defined(OPENSSL_NO_AES)
316 ciph = EVP_EVP_aes_128_cbc();
326 x509s = ossl_protect_x509_ary2sk(certs, &status);
331 if(!(p7 = PKCS7_encrypt(x509s, in, (EVP_CIPHER*)ciph, flg))){
333 sk_X509_pop_free(x509s, X509_free);
339 sk_X509_pop_free(x509s, X509_free);
351 if (!(pkcs7 = PKCS7_new())) {
377 p7 = PEM_read_bio_PKCS7(in, &pkcs,
NULL,
NULL);
380 p7 = d2i_PKCS7_bio(in, &pkcs);
399 PKCS7 *a, *b, *pkcs7;
402 if (
self == other)
return self;
407 pkcs7 = PKCS7_dup(b);
424 static const struct {
428 {
"signed", NID_pkcs7_signed },
429 {
"data", NID_pkcs7_data },
430 {
"signedAndEnveloped", NID_pkcs7_signedAndEnveloped },
431 {
"enveloped", NID_pkcs7_enveloped },
432 {
"encrypted", NID_pkcs7_encrypted },
433 {
"digest", NID_pkcs7_digest },
445 ret = p7_type_tab[
i].nid;
463 if(!PKCS7_set_type(p7, ossl_pkcs7_sym2typeid(
type)))
474 ossl_pkcs7_get_type(
VALUE self)
479 if(PKCS7_type_is_signed(p7))
481 if(PKCS7_type_is_encrypted(p7))
483 if(PKCS7_type_is_enveloped(p7))
485 if(PKCS7_type_is_signedAndEnveloped(p7))
487 if(PKCS7_type_is_data(p7))
493 ossl_pkcs7_set_detached(
VALUE self,
VALUE flag)
500 if(!PKCS7_set_detached(p7, flag ==
Qtrue ? 1 : 0))
507 ossl_pkcs7_get_detached(
VALUE self)
515 ossl_pkcs7_detached_p(
VALUE self)
523 ossl_pkcs7_set_cipher(
VALUE self,
VALUE cipher)
536 ossl_pkcs7_add_signer(
VALUE self,
VALUE signer)
539 PKCS7_SIGNER_INFO *p7si;
541 p7si = DupPKCS7SignerPtr(signer);
543 if (!PKCS7_add_signer(pkcs7, p7si)) {
544 PKCS7_SIGNER_INFO_free(p7si);
547 if (PKCS7_type_is_signed(pkcs7)){
548 PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
549 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
556 ossl_pkcs7_get_signer(
VALUE self)
560 PKCS7_SIGNER_INFO *si;
565 if (!(sk = PKCS7_get_signer_info(pkcs7))) {
566 OSSL_Debug(
"OpenSSL::PKCS7#get_signer_info == NULL!");
569 if ((num = sk_PKCS7_SIGNER_INFO_num(sk)) < 0) {
573 for (
i=0;
i<num;
i++) {
574 si = sk_PKCS7_SIGNER_INFO_value(sk,
i);
582 ossl_pkcs7_add_recipient(
VALUE self,
VALUE recip)
585 PKCS7_RECIP_INFO *ri;
587 ri = DupPKCS7RecipientPtr(recip);
589 if (!PKCS7_add_recipient_info(pkcs7, ri)) {
590 PKCS7_RECIP_INFO_free(ri);
598 ossl_pkcs7_get_recipient(
VALUE self)
602 PKCS7_RECIP_INFO *si;
607 if (PKCS7_type_is_enveloped(pkcs7))
608 sk = pkcs7->d.enveloped->recipientinfo;
609 else if (PKCS7_type_is_signedAndEnveloped(pkcs7))
610 sk = pkcs7->d.signed_and_enveloped->recipientinfo;
613 if ((num = sk_PKCS7_RECIP_INFO_num(sk)) < 0) {
617 for (
i=0;
i<num;
i++) {
618 si = sk_PKCS7_RECIP_INFO_value(sk,
i);
626 ossl_pkcs7_add_certificate(
VALUE self,
VALUE cert)
633 if (!PKCS7_add_certificate(pkcs7, x509)){
641 pkcs7_get_certs(
VALUE self)
648 i = OBJ_obj2nid(pkcs7->type);
650 case NID_pkcs7_signed:
651 certs = pkcs7->d.sign->cert;
653 case NID_pkcs7_signedAndEnveloped:
654 certs = pkcs7->d.signed_and_enveloped->cert;
664 pkcs7_get_crls(
VALUE self)
671 i = OBJ_obj2nid(pkcs7->type);
673 case NID_pkcs7_signed:
674 crls = pkcs7->d.sign->crl;
676 case NID_pkcs7_signedAndEnveloped:
677 crls = pkcs7->d.signed_and_enveloped->crl;
689 return ossl_pkcs7_add_certificate(
arg,
i);
693 ossl_pkcs7_set_certificates(
VALUE self,
VALUE ary)
698 certs = pkcs7_get_certs(
self);
699 while((cert = sk_X509_pop(certs))) X509_free(cert);
706 ossl_pkcs7_get_certificates(
VALUE self)
719 if (!PKCS7_add_crl(pkcs7, x509crl)) {
729 return ossl_pkcs7_add_crl(
arg,
i);
738 crls = pkcs7_get_crls(
self);
739 while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
746 ossl_pkcs7_get_crls(
VALUE self)
754 VALUE certs, store, indata, flags;
757 int flg, ok, status = 0;
771 x509s = ossl_protect_x509_ary2sk(certs, &status);
777 if(!(out = BIO_new(BIO_s_mem()))){
779 sk_X509_pop_free(x509s, X509_free);
782 ok = PKCS7_verify(p7, x509s, x509st, in, out, flg);
784 sk_X509_pop_free(x509s, X509_free);
786 msg = ERR_reason_error_string(ERR_peek_error());
798 VALUE pkey, cert, flags;
811 if(!(out = BIO_new(BIO_s_mem())))
813 if(!PKCS7_decrypt(p7,
key, x509, out, flg)){
831 if(PKCS7_type_is_signed(pkcs7)){
832 if(!PKCS7_content_new(pkcs7, NID_pkcs7_data))
836 if(!(out = PKCS7_dataInit(pkcs7,
NULL)))
goto err;
838 if((
len = BIO_read(in,
buf,
sizeof(
buf))) <= 0)
843 if(!PKCS7_dataFinal(pkcs7, out))
goto err;
849 if(ERR_peek_error()){
857 ossl_pkcs7_to_der(
VALUE self)
865 if((
len = i2d_PKCS7(pkcs7,
NULL)) <= 0)
869 if(i2d_PKCS7(pkcs7, &p) <= 0)
877 ossl_pkcs7_to_pem(
VALUE self)
884 if (!(out = BIO_new(BIO_s_mem()))) {
887 if (!PEM_write_bio_PKCS7(out, pkcs7)) {
902 PKCS7_SIGNER_INFO *p7si;
906 if (!(p7si = PKCS7_SIGNER_INFO_new())) {
917 PKCS7_SIGNER_INFO *p7si;
926 if (!(PKCS7_SIGNER_INFO_set(p7si, x509, pkey, (EVP_MD*)md))) {
934 ossl_pkcs7si_get_issuer(
VALUE self)
936 PKCS7_SIGNER_INFO *p7si;
944 ossl_pkcs7si_get_serial(
VALUE self)
946 PKCS7_SIGNER_INFO *p7si;
954 ossl_pkcs7si_get_signed_time(
VALUE self)
956 PKCS7_SIGNER_INFO *p7si;
961 if (!(asn1obj = PKCS7_get_signed_attribute(p7si, NID_pkcs9_signingTime))) {
964 if (asn1obj->type == V_ASN1_UTCTIME) {
982 PKCS7_RECIP_INFO *p7ri;
986 if (!(p7ri = PKCS7_RECIP_INFO_new())) {
995 ossl_pkcs7ri_initialize(
VALUE self,
VALUE cert)
997 PKCS7_RECIP_INFO *p7ri;
1002 if (!PKCS7_RECIP_INFO_set(p7ri, x509)) {
1010 ossl_pkcs7ri_get_issuer(
VALUE self)
1012 PKCS7_RECIP_INFO *p7ri;
1020 ossl_pkcs7ri_get_serial(
VALUE self)
1022 PKCS7_RECIP_INFO *p7ri;
1030 ossl_pkcs7ri_get_enc_key(
VALUE self)
1032 PKCS7_RECIP_INFO *p7ri;
1102 #define DefPKCS7Const(x) rb_define_const(cPKCS7, #x, INT2NUM(PKCS7_##x))