summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-05-24 15:55:21 +0000
committerjsing <>2014-05-24 15:55:21 +0000
commit3e701b2a57219523e039e78e0cc655852ca63e1b (patch)
tree9e85cd03c39514d9c5edce1ab5a94a548e899f4b
parent9d5e69e894332ec60ed31ee4362a6c5fd3f5bd3f (diff)
downloadopenbsd-3e701b2a57219523e039e78e0cc655852ca63e1b.tar.gz
openbsd-3e701b2a57219523e039e78e0cc655852ca63e1b.tar.bz2
openbsd-3e701b2a57219523e039e78e0cc655852ca63e1b.zip
KNF.
Diffstat
-rw-r--r--src/lib/libcrypto/cms/cms.h188
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c123
-rw-r--r--src/lib/libcrypto/cms/cms_att.c122
-rw-r--r--src/lib/libcrypto/cms/cms_cd.c47
-rw-r--r--src/lib/libcrypto/cms/cms_dd.c51
-rw-r--r--src/lib/libcrypto/cms/cms_enc.c181
-rw-r--r--src/lib/libcrypto/cms/cms_env.c572
-rw-r--r--src/lib/libcrypto/cms/cms_err.c337
-rw-r--r--src/lib/libcrypto/cms/cms_ess.c243
-rw-r--r--src/lib/libcrypto/cms/cms_io.c78
-rw-r--r--src/lib/libcrypto/cms/cms_lcl.h267
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c445
-rw-r--r--src/lib/libcrypto/cms/cms_pwri.c231
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c710
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c536
-rw-r--r--src/lib/libssl/src/crypto/cms/cms.h188
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_asn1.c123
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_att.c122
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_cd.c47
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_dd.c51
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_enc.c181
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_env.c572
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_err.c337
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_ess.c243
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_io.c78
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_lcl.h267
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_lib.c445
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_pwri.c231
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_sd.c710
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_smime.c536
30 files changed, 3826 insertions, 4436 deletions
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
index 150607469d..0a782d3163 100644
--- a/src/lib/libcrypto/cms/cms.h
+++ b/src/lib/libcrypto/cms/cms.h
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -132,110 +132,94 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
132 132
133BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); 133BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
134int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); 134int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
135int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); 135int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
136 int flags);
136CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); 137CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
137int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); 138int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
138 139
139int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); 140int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
140 141
141CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 142CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
142 BIO *data, unsigned int flags); 143 STACK_OF(X509) *certs, BIO *data, unsigned int flags);
143 144
144CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, 145CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
145 X509 *signcert, EVP_PKEY *pkey, 146 EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
146 STACK_OF(X509) *certs,
147 unsigned int flags);
148 147
149int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); 148int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
150CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); 149CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
151 150
152int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 151int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
153 unsigned int flags); 152 unsigned int flags);
154CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, 153CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
155 unsigned int flags); 154 unsigned int flags);
156 155
157int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, 156int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
158 const unsigned char *key, size_t keylen, 157 size_t keylen, BIO *dcont, BIO *out, unsigned int flags);
159 BIO *dcont, BIO *out, unsigned int flags);
160 158
161CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, 159CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
162 const unsigned char *key, size_t keylen, 160 const unsigned char *key, size_t keylen, unsigned int flags);
163 unsigned int flags);
164 161
165int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, 162int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
166 const unsigned char *key, size_t keylen); 163 const unsigned char *key, size_t keylen);
167 164
168int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 165int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
169 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); 166 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
170 167
171int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, 168int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
172 STACK_OF(X509) *certs, 169 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
173 X509_STORE *store, unsigned int flags);
174 170
175STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); 171STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
176 172
177CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, 173CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
178 const EVP_CIPHER *cipher, unsigned int flags); 174 const EVP_CIPHER *cipher, unsigned int flags);
175
176int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont,
177 BIO *out, unsigned int flags);
179 178
180int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
181 BIO *dcont, BIO *out,
182 unsigned int flags);
183
184int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); 179int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
185int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 180int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key,
186 unsigned char *key, size_t keylen, 181 size_t keylen, unsigned char *id, size_t idlen);
187 unsigned char *id, size_t idlen); 182int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
188int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 183 ssize_t passlen);
189 unsigned char *pass, ssize_t passlen);
190 184
191STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); 185STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
192int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); 186int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
193CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); 187CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
194CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, 188CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
195 X509 *recip, unsigned int flags); 189 unsigned int flags);
196int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); 190int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
197int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); 191int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
198int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, 192int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
199 EVP_PKEY **pk, X509 **recip, 193 X509 **recip, X509_ALGOR **palg);
200 X509_ALGOR **palg);
201int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 194int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
202 ASN1_OCTET_STRING **keyid, 195 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
203 X509_NAME **issuer, ASN1_INTEGER **sno);
204 196
205CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 197CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
206 unsigned char *key, size_t keylen, 198 unsigned char *key, size_t keylen, unsigned char *id, size_t idlen,
207 unsigned char *id, size_t idlen, 199 ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId,
208 ASN1_GENERALIZEDTIME *date, 200 ASN1_TYPE *otherType);
209 ASN1_OBJECT *otherTypeId, 201
210 ASN1_TYPE *otherType); 202int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
211 203 ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
212int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, 204 ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
213 X509_ALGOR **palg, 205
214 ASN1_OCTET_STRING **pid, 206int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
215 ASN1_GENERALIZEDTIME **pdate, 207 size_t keylen);
216 ASN1_OBJECT **potherid, 208
217 ASN1_TYPE **pothertype); 209int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
218 210 const unsigned char *id, size_t idlen);
219int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 211
220 unsigned char *key, size_t keylen); 212int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
221 213 ssize_t passlen);
222int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 214
223 const unsigned char *id, size_t idlen); 215CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter,
224 216 int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen,
225int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 217 const EVP_CIPHER *kekciph);
226 unsigned char *pass,
227 ssize_t passlen);
228
229CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
230 int iter, int wrap_nid, int pbe_nid,
231 unsigned char *pass,
232 ssize_t passlen,
233 const EVP_CIPHER *kekciph);
234 218
235int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); 219int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
236 220
237int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 221int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
238 unsigned int flags); 222 unsigned int flags);
239CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); 223CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
240 224
241int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); 225int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
@@ -252,82 +236,70 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
252STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); 236STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
253 237
254int CMS_SignedData_init(CMS_ContentInfo *cms); 238int CMS_SignedData_init(CMS_ContentInfo *cms);
255CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 239CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer,
256 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 240 EVP_PKEY *pk, const EVP_MD *md, unsigned int flags);
257 unsigned int flags);
258STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); 241STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
259 242
260void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); 243void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
261int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 244int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
262 ASN1_OCTET_STRING **keyid, 245 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
263 X509_NAME **issuer, ASN1_INTEGER **sno);
264int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); 246int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
265int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 247int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
266 unsigned int flags); 248 unsigned int flags);
267void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, 249void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
268 X509_ALGOR **pdig, X509_ALGOR **psig); 250 X509_ALGOR **pdig, X509_ALGOR **psig);
269int CMS_SignerInfo_sign(CMS_SignerInfo *si); 251int CMS_SignerInfo_sign(CMS_SignerInfo *si);
270int CMS_SignerInfo_verify(CMS_SignerInfo *si); 252int CMS_SignerInfo_verify(CMS_SignerInfo *si);
271int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); 253int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
272 254
273int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); 255int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
274int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 256int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid,
275 int algnid, int keysize); 257 int keysize);
276int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); 258int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
277 259
278int CMS_signed_get_attr_count(const CMS_SignerInfo *si); 260int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
279int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 261int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos);
280 int lastpos);
281int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 262int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
282 int lastpos); 263 int lastpos);
283X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); 264X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
284X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); 265X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
285int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); 266int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
286int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 267int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
287 const ASN1_OBJECT *obj, int type, 268 int type, const void *bytes, int len);
288 const void *bytes, int len); 269int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
289int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 270 const void *bytes, int len);
290 int nid, int type, 271int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
291 const void *bytes, int len); 272 int type, const void *bytes, int len);
292int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
293 const char *attrname, int type,
294 const void *bytes, int len);
295void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 273void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
296 int lastpos, int type); 274 int lastpos, int type);
297 275
298int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); 276int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
299int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 277int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
300 int lastpos); 278 int lastpos);
301int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 279int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
302 int lastpos); 280 int lastpos);
303X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); 281X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
304X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); 282X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
305int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); 283int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
306int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 284int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
307 const ASN1_OBJECT *obj, int type, 285 int type, const void *bytes, int len);
308 const void *bytes, int len); 286int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
309int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 287 const void *bytes, int len);
310 int nid, int type, 288int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
311 const void *bytes, int len); 289 int type, const void *bytes, int len);
312int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
313 const char *attrname, int type,
314 const void *bytes, int len);
315void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 290void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
316 int lastpos, int type); 291 int lastpos, int type);
317 292
318#ifdef HEADER_X509V3_H 293#ifdef HEADER_X509V3_H
319 294
320int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); 295int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
321CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, 296CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
322 int allorfirst, 297 int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList,
323 STACK_OF(GENERAL_NAMES) *receiptList, 298 STACK_OF(GENERAL_NAMES) *receiptsTo);
324 STACK_OF(GENERAL_NAMES) *receiptsTo);
325int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); 299int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
326void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, 300void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
327 ASN1_STRING **pcid, 301 int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
328 int *pallorfirst, 302 STACK_OF(GENERAL_NAMES) **prto);
329 STACK_OF(GENERAL_NAMES) **plist,
330 STACK_OF(GENERAL_NAMES) **prto);
331 303
332#endif 304#endif
333 305
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index bd7466cc1d..a2b0217a93 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -57,7 +57,6 @@
57#include "cms.h" 57#include "cms.h"
58#include "cms_lcl.h" 58#include "cms_lcl.h"
59 59
60
61ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { 60ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
62 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), 61 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
63 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) 62 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
@@ -87,19 +86,18 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
87} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) 86} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
88 87
89/* Minor tweak to operation: free up signer key, cert */ 88/* Minor tweak to operation: free up signer key, cert */
90static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 89static int
91 void *exarg) 90cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
92 { 91{
93 if(operation == ASN1_OP_FREE_POST) 92 if (operation == ASN1_OP_FREE_POST) {
94 {
95 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; 93 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
96 if (si->pkey) 94 if (si->pkey)
97 EVP_PKEY_free(si->pkey); 95 EVP_PKEY_free(si->pkey);
98 if (si->signer) 96 if (si->signer)
99 X509_free(si->signer); 97 X509_free(si->signer);
100 }
101 return 1;
102 } 98 }
99 return 1;
100}
103 101
104ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { 102ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
105 ASN1_SIMPLE(CMS_SignerInfo, version, LONG), 103 ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
@@ -160,8 +158,8 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
160} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) 158} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
161 159
162ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { 160ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
163 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), 161 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
164 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) 162 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
165} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) 163} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
166 164
167ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = { 165ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
@@ -170,14 +168,14 @@ ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
170} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey) 168} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
171 169
172ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { 170ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
173 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), 171 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
174 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) 172 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
175} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) 173} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
176 174
177ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { 175ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
178 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), 176 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
179 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), 177 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
180 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) 178 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
181} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) 179} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
182 180
183ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = { 181ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
@@ -209,46 +207,38 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
209} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) 207} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
210 208
211ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { 209ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
212 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), 210 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
213 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) 211 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
214} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) 212} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
215 213
216/* Free up RecipientInfo additional data */ 214/* Free up RecipientInfo additional data */
217static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 215static int
218 void *exarg) 216cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
219 { 217{
220 if(operation == ASN1_OP_FREE_PRE) 218 if (operation == ASN1_OP_FREE_PRE) {
221 {
222 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; 219 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
223 if (ri->type == CMS_RECIPINFO_TRANS) 220 if (ri->type == CMS_RECIPINFO_TRANS) {
224 {
225 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 221 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
226 if (ktri->pkey) 222 if (ktri->pkey)
227 EVP_PKEY_free(ktri->pkey); 223 EVP_PKEY_free(ktri->pkey);
228 if (ktri->recip) 224 if (ktri->recip)
229 X509_free(ktri->recip); 225 X509_free(ktri->recip);
230 } 226 } else if (ri->type == CMS_RECIPINFO_KEK) {
231 else if (ri->type == CMS_RECIPINFO_KEK)
232 {
233 CMS_KEKRecipientInfo *kekri = ri->d.kekri; 227 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
234 if (kekri->key) 228 if (kekri->key) {
235 {
236 OPENSSL_cleanse(kekri->key, kekri->keylen); 229 OPENSSL_cleanse(kekri->key, kekri->keylen);
237 free(kekri->key); 230 free(kekri->key);
238 }
239 } 231 }
240 else if (ri->type == CMS_RECIPINFO_PASS) 232 } else if (ri->type == CMS_RECIPINFO_PASS) {
241 {
242 CMS_PasswordRecipientInfo *pwri = ri->d.pwri; 233 CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
243 if (pwri->pass) 234 if (pwri->pass) {
244 {
245 OPENSSL_cleanse(pwri->pass, pwri->passlen); 235 OPENSSL_cleanse(pwri->pass, pwri->passlen);
246 free(pwri->pass); 236 free(pwri->pass);
247 }
248 } 237 }
249 } 238 }
250 return 1;
251 } 239 }
240 return 1;
241}
252 242
253ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { 243ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
254 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), 244 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
@@ -295,7 +285,7 @@ ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
295 ASN1_SIMPLE(CMS_CompressedData, version, LONG), 285 ASN1_SIMPLE(CMS_CompressedData, version, LONG),
296 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), 286 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
297 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), 287 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
298} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) 288 } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
299 289
300/* This is the ANY DEFINED BY table for the top level ContentInfo structure */ 290/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
301 291
@@ -312,36 +302,34 @@ ASN1_ADB(CMS_ContentInfo) = {
312} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); 302} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
313 303
314/* CMS streaming support */ 304/* CMS streaming support */
315static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 305static int
316 void *exarg) 306cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
317 { 307{
318 ASN1_STREAM_ARG *sarg = exarg; 308 ASN1_STREAM_ARG *sarg = exarg;
319 CMS_ContentInfo *cms = NULL; 309 CMS_ContentInfo *cms = NULL;
310
320 if (pval) 311 if (pval)
321 cms = (CMS_ContentInfo *)*pval; 312 cms = (CMS_ContentInfo *)*pval;
322 else 313 else
323 return 1; 314 return 1;
324 switch(operation)
325 {
326 315
327 case ASN1_OP_STREAM_PRE: 316 switch (operation) {
317 case ASN1_OP_STREAM_PRE:
328 if (CMS_stream(&sarg->boundary, cms) <= 0) 318 if (CMS_stream(&sarg->boundary, cms) <= 0)
329 return 0; 319 return 0;
330 case ASN1_OP_DETACHED_PRE: 320 case ASN1_OP_DETACHED_PRE:
331 sarg->ndef_bio = CMS_dataInit(cms, sarg->out); 321 sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
332 if (!sarg->ndef_bio) 322 if (!sarg->ndef_bio)
333 return 0; 323 return 0;
334 break; 324 break;
335 325 case ASN1_OP_STREAM_POST:
336 case ASN1_OP_STREAM_POST: 326 case ASN1_OP_DETACHED_POST:
337 case ASN1_OP_DETACHED_POST:
338 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0) 327 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
339 return 0; 328 return 0;
340 break; 329 break;
341
342 }
343 return 1;
344 } 330 }
331 return 1;
332}
345 333
346ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { 334ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
347 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), 335 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
@@ -354,36 +342,33 @@ ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
354 * encoding. 342 * encoding.
355 */ 343 */
356 344
357ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 345ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
358 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) 346ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
359ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) 347ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
360 348
361/* When verifying attributes we need to use the received order. So 349/* When verifying attributes we need to use the received order. So
362 * we use SEQUENCE OF and tag it to SET OF 350 * we use SEQUENCE OF and tag it to SET OF
363 */ 351 */
364 352
365ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 353ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
366 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 354ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
367 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) 355 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
368ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) 356ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
369 357
370
371
372ASN1_CHOICE(CMS_ReceiptsFrom) = { 358ASN1_CHOICE(CMS_ReceiptsFrom) = {
373 ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), 359 ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
374 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) 360 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
375} ASN1_CHOICE_END(CMS_ReceiptsFrom) 361} ASN1_CHOICE_END(CMS_ReceiptsFrom)
376 362
377ASN1_SEQUENCE(CMS_ReceiptRequest) = { 363ASN1_SEQUENCE(CMS_ReceiptRequest) = {
378 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), 364 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
379 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), 365 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
380 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) 366 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
381} ASN1_SEQUENCE_END(CMS_ReceiptRequest) 367} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
382 368
383ASN1_SEQUENCE(CMS_Receipt) = { 369ASN1_SEQUENCE(CMS_Receipt) = {
384 ASN1_SIMPLE(CMS_Receipt, version, LONG), 370 ASN1_SIMPLE(CMS_Receipt, version, LONG),
385 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), 371 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
386 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), 372 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
387 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) 373 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
388} ASN1_SEQUENCE_END(CMS_Receipt) 374} ASN1_SEQUENCE_END(CMS_Receipt)
389
diff --git a/src/lib/libcrypto/cms/cms_att.c b/src/lib/libcrypto/cms/cms_att.c
index 5b71722ebc..c6bc784fb8 100644
--- a/src/lib/libcrypto/cms/cms_att.c
+++ b/src/lib/libcrypto/cms/cms_att.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -60,134 +60,150 @@
60 60
61/* CMS SignedData Attribute utilities */ 61/* CMS SignedData Attribute utilities */
62 62
63int CMS_signed_get_attr_count(const CMS_SignerInfo *si) 63int
64CMS_signed_get_attr_count(const CMS_SignerInfo *si)
64{ 65{
65 return X509at_get_attr_count(si->signedAttrs); 66 return X509at_get_attr_count(si->signedAttrs);
66} 67}
67 68
68int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 69int
69 int lastpos) 70CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
70{ 71{
71 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); 72 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
72} 73}
73 74
74int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 75int
75 int lastpos) 76CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
77 int lastpos)
76{ 78{
77 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); 79 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
78} 80}
79 81
80X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) 82X509_ATTRIBUTE *
83CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
81{ 84{
82 return X509at_get_attr(si->signedAttrs, loc); 85 return X509at_get_attr(si->signedAttrs, loc);
83} 86}
84 87
85X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) 88X509_ATTRIBUTE *
89CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
86{ 90{
87 return X509at_delete_attr(si->signedAttrs, loc); 91 return X509at_delete_attr(si->signedAttrs, loc);
88} 92}
89 93
90int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 94int
95CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
91{ 96{
92 if(X509at_add1_attr(&si->signedAttrs, attr)) return 1; 97 if (X509at_add1_attr(&si->signedAttrs, attr))
98 return 1;
93 return 0; 99 return 0;
94} 100}
95 101
96int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 102int
97 const ASN1_OBJECT *obj, int type, 103CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
98 const void *bytes, int len) 104 int type, const void *bytes, int len)
99{ 105{
100 if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, 106 if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
101 type, bytes, len)) return 1; 107 return 1;
102 return 0; 108 return 0;
103} 109}
104 110
105int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 111int
106 int nid, int type, 112CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
107 const void *bytes, int len) 113 const void *bytes, int len)
108{ 114{
109 if(X509at_add1_attr_by_NID(&si->signedAttrs, nid, 115 if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
110 type, bytes, len)) return 1; 116 return 1;
111 return 0; 117 return 0;
112} 118}
113 119
114int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, 120int
115 const char *attrname, int type, 121CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type,
116 const void *bytes, int len) 122 const void *bytes, int len)
117{ 123{
118 if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname, 124 if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type,
119 type, bytes, len)) return 1; 125 bytes, len))
126 return 1;
120 return 0; 127 return 0;
121} 128}
122 129
123void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 130void *
124 int lastpos, int type) 131CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos,
132 int type)
125{ 133{
126 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); 134 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
127} 135}
128 136
129int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) 137int
138CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
130{ 139{
131 return X509at_get_attr_count(si->unsignedAttrs); 140 return X509at_get_attr_count(si->unsignedAttrs);
132} 141}
133 142
134int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 143int
135 int lastpos) 144CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
136{ 145{
137 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); 146 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
138} 147}
139 148
140int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 149int
141 int lastpos) 150CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
151 int lastpos)
142{ 152{
143 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); 153 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
144} 154}
145 155
146X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) 156X509_ATTRIBUTE *
157CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
147{ 158{
148 return X509at_get_attr(si->unsignedAttrs, loc); 159 return X509at_get_attr(si->unsignedAttrs, loc);
149} 160}
150 161
151X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) 162X509_ATTRIBUTE *
163CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
152{ 164{
153 return X509at_delete_attr(si->unsignedAttrs, loc); 165 return X509at_delete_attr(si->unsignedAttrs, loc);
154} 166}
155 167
156int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 168int
169CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
157{ 170{
158 if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1; 171 if (X509at_add1_attr(&si->unsignedAttrs, attr))
172 return 1;
159 return 0; 173 return 0;
160} 174}
161 175
162int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 176int
163 const ASN1_OBJECT *obj, int type, 177CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
164 const void *bytes, int len) 178 int type, const void *bytes, int len)
165{ 179{
166 if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, 180 if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
167 type, bytes, len)) return 1; 181 return 1;
168 return 0; 182 return 0;
169} 183}
170 184
171int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 185int
172 int nid, int type, 186CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
173 const void *bytes, int len) 187 const void *bytes, int len)
174{ 188{
175 if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, 189 if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
176 type, bytes, len)) return 1; 190 return 1;
177 return 0; 191 return 0;
178} 192}
179 193
180int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, 194int
181 const char *attrname, int type, 195CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
182 const void *bytes, int len) 196 int type, const void *bytes, int len)
183{ 197{
184 if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, 198 if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, type,
185 type, bytes, len)) return 1; 199 bytes, len))
200 return 1;
186 return 0; 201 return 0;
187} 202}
188 203
189void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 204void *
190 int lastpos, int type) 205CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
206 int lastpos, int type)
191{ 207{
192 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); 208 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
193} 209}
diff --git a/src/lib/libcrypto/cms/cms_cd.c b/src/lib/libcrypto/cms/cms_cd.c
index 2021688101..ec48471df2 100644
--- a/src/lib/libcrypto/cms/cms_cd.c
+++ b/src/lib/libcrypto/cms/cms_cd.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -69,19 +69,20 @@ DECLARE_ASN1_ITEM(CMS_CompressedData)
69 69
70/* CMS CompressedData Utilities */ 70/* CMS CompressedData Utilities */
71 71
72CMS_ContentInfo *cms_CompressedData_create(int comp_nid) 72CMS_ContentInfo *
73 { 73cms_CompressedData_create(int comp_nid)
74{
74 CMS_ContentInfo *cms; 75 CMS_ContentInfo *cms;
75 CMS_CompressedData *cd; 76 CMS_CompressedData *cd;
77
76 /* Will need something cleverer if there is ever more than one 78 /* Will need something cleverer if there is ever more than one
77 * compression algorithm or parameters have some meaning... 79 * compression algorithm or parameters have some meaning...
78 */ 80 */
79 if (comp_nid != NID_zlib_compression) 81 if (comp_nid != NID_zlib_compression) {
80 {
81 CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE, 82 CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
82 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 83 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
83 return NULL; 84 return NULL;
84 } 85 }
85 cms = CMS_ContentInfo_new(); 86 cms = CMS_ContentInfo_new();
86 if (!cms) 87 if (!cms)
87 return NULL; 88 return NULL;
@@ -97,40 +98,38 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
97 cd->version = 0; 98 cd->version = 0;
98 99
99 X509_ALGOR_set0(cd->compressionAlgorithm, 100 X509_ALGOR_set0(cd->compressionAlgorithm,
100 OBJ_nid2obj(NID_zlib_compression), 101 OBJ_nid2obj(NID_zlib_compression),
101 V_ASN1_UNDEF, NULL); 102 V_ASN1_UNDEF, NULL);
102 103
103 cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); 104 cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
104 105
105 return cms; 106 return cms;
106 107
107 err: 108err:
108
109 if (cms) 109 if (cms)
110 CMS_ContentInfo_free(cms); 110 CMS_ContentInfo_free(cms);
111
112 return NULL; 111 return NULL;
113 } 112}
114 113
115BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms) 114BIO *
116 { 115cms_CompressedData_init_bio(CMS_ContentInfo *cms)
116{
117 CMS_CompressedData *cd; 117 CMS_CompressedData *cd;
118 ASN1_OBJECT *compoid; 118 ASN1_OBJECT *compoid;
119 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) 119
120 { 120 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
121 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 121 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
122 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); 122 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
123 return NULL; 123 return NULL;
124 } 124 }
125 cd = cms->d.compressedData; 125 cd = cms->d.compressedData;
126 X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm); 126 X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
127 if (OBJ_obj2nid(compoid) != NID_zlib_compression) 127 if (OBJ_obj2nid(compoid) != NID_zlib_compression) {
128 {
129 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 128 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
130 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 129 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
131 return NULL; 130 return NULL;
132 }
133 return BIO_new(BIO_f_zlib());
134 } 131 }
132 return BIO_new(BIO_f_zlib());
133}
135 134
136#endif 135#endif
diff --git a/src/lib/libcrypto/cms/cms_dd.c b/src/lib/libcrypto/cms/cms_dd.c
index 8919c15be1..f115d2274b 100644
--- a/src/lib/libcrypto/cms/cms_dd.c
+++ b/src/lib/libcrypto/cms/cms_dd.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -63,10 +63,12 @@ DECLARE_ASN1_ITEM(CMS_DigestedData)
63 63
64/* CMS DigestedData Utilities */ 64/* CMS DigestedData Utilities */
65 65
66CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) 66CMS_ContentInfo *
67 { 67cms_DigestedData_create(const EVP_MD *md)
68{
68 CMS_ContentInfo *cms; 69 CMS_ContentInfo *cms;
69 CMS_DigestedData *dd; 70 CMS_DigestedData *dd;
71
70 cms = CMS_ContentInfo_new(); 72 cms = CMS_ContentInfo_new();
71 if (!cms) 73 if (!cms)
72 return NULL; 74 return NULL;
@@ -86,28 +88,30 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
86 88
87 return cms; 89 return cms;
88 90
89 err: 91err:
90
91 if (cms) 92 if (cms)
92 CMS_ContentInfo_free(cms); 93 CMS_ContentInfo_free(cms);
93
94 return NULL; 94 return NULL;
95 } 95}
96 96
97BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) 97BIO *
98 { 98cms_DigestedData_init_bio(CMS_ContentInfo *cms)
99{
99 CMS_DigestedData *dd; 100 CMS_DigestedData *dd;
101
100 dd = cms->d.digestedData; 102 dd = cms->d.digestedData;
101 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm); 103 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
102 } 104}
103 105
104int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) 106int
105 { 107cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
108{
106 EVP_MD_CTX mctx; 109 EVP_MD_CTX mctx;
107 unsigned char md[EVP_MAX_MD_SIZE]; 110 unsigned char md[EVP_MAX_MD_SIZE];
108 unsigned int mdlen; 111 unsigned int mdlen;
109 int r = 0; 112 int r = 0;
110 CMS_DigestedData *dd; 113 CMS_DigestedData *dd;
114
111 EVP_MD_CTX_init(&mctx); 115 EVP_MD_CTX_init(&mctx);
112 116
113 dd = cms->d.digestedData; 117 dd = cms->d.digestedData;
@@ -118,31 +122,26 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
118 if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) 122 if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
119 goto err; 123 goto err;
120 124
121 if (verify) 125 if (verify) {
122 { 126 if (mdlen != (unsigned int)dd->digest->length) {
123 if (mdlen != (unsigned int)dd->digest->length)
124 {
125 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 127 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
126 CMS_R_MESSAGEDIGEST_WRONG_LENGTH); 128 CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
127 goto err; 129 goto err;
128 } 130 }
129 131
130 if (memcmp(md, dd->digest->data, mdlen)) 132 if (memcmp(md, dd->digest->data, mdlen))
131 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 133 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
132 CMS_R_VERIFICATION_FAILURE); 134 CMS_R_VERIFICATION_FAILURE);
133 else 135 else
134 r = 1; 136 r = 1;
135 } 137 } else {
136 else
137 {
138 if (!ASN1_STRING_set(dd->digest, md, mdlen)) 138 if (!ASN1_STRING_set(dd->digest, md, mdlen))
139 goto err; 139 goto err;
140 r = 1; 140 r = 1;
141 } 141 }
142 142
143 err: 143err:
144 EVP_MD_CTX_cleanup(&mctx); 144 EVP_MD_CTX_cleanup(&mctx);
145 145
146 return r; 146 return r;
147 147}
148 }
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
index 612fce6dde..75e08cdb1d 100644
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,9 @@ DECLARE_ASN1_ITEM(CMS_EncryptedData)
66 66
67/* Return BIO based on EncryptedContentInfo and key */ 67/* Return BIO based on EncryptedContentInfo and key */
68 68
69BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) 69BIO *
70 { 70cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
71{
71 BIO *b; 72 BIO *b;
72 EVP_CIPHER_CTX *ctx; 73 EVP_CIPHER_CTX *ctx;
73 const EVP_CIPHER *ciph; 74 const EVP_CIPHER *ciph;
@@ -75,87 +76,72 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
75 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; 76 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
76 unsigned char *tkey = NULL; 77 unsigned char *tkey = NULL;
77 size_t tkeylen = 0; 78 size_t tkeylen = 0;
78
79 int ok = 0; 79 int ok = 0;
80
81 int enc, keep_key = 0; 80 int enc, keep_key = 0;
82 81
83 enc = ec->cipher ? 1 : 0; 82 enc = ec->cipher ? 1 : 0;
84 83
85 b = BIO_new(BIO_f_cipher()); 84 b = BIO_new(BIO_f_cipher());
86 if (!b) 85 if (!b) {
87 {
88 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 86 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
89 ERR_R_MALLOC_FAILURE); 87 ERR_R_MALLOC_FAILURE);
90 return NULL; 88 return NULL;
91 } 89 }
92 90
93 BIO_get_cipher_ctx(b, &ctx); 91 BIO_get_cipher_ctx(b, &ctx);
94 92
95 if (enc) 93 if (enc) {
96 {
97 ciph = ec->cipher; 94 ciph = ec->cipher;
98 /* If not keeping key set cipher to NULL so subsequent calls 95 /* If not keeping key set cipher to NULL so subsequent calls
99 * decrypt. 96 * decrypt.
100 */ 97 */
101 if (ec->key) 98 if (ec->key)
102 ec->cipher = NULL; 99 ec->cipher = NULL;
103 } 100 } else {
104 else
105 {
106 ciph = EVP_get_cipherbyobj(calg->algorithm); 101 ciph = EVP_get_cipherbyobj(calg->algorithm);
107 102
108 if (!ciph) 103 if (!ciph) {
109 {
110 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 104 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
111 CMS_R_UNKNOWN_CIPHER); 105 CMS_R_UNKNOWN_CIPHER);
112 goto err; 106 goto err;
113 }
114 } 107 }
108 }
115 109
116 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) 110 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
117 {
118 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 111 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
119 CMS_R_CIPHER_INITIALISATION_ERROR); 112 CMS_R_CIPHER_INITIALISATION_ERROR);
120 goto err; 113 goto err;
121 } 114 }
122 115
123 if (enc) 116 if (enc) {
124 {
125 int ivlen; 117 int ivlen;
126 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); 118 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
127 /* Generate a random IV if we need one */ 119 /* Generate a random IV if we need one */
128 ivlen = EVP_CIPHER_CTX_iv_length(ctx); 120 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
129 if (ivlen > 0) 121 if (ivlen > 0) {
130 {
131 if (RAND_pseudo_bytes(iv, ivlen) <= 0) 122 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
132 goto err; 123 goto err;
133 piv = iv; 124 piv = iv;
134 }
135 } 125 }
136 else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) 126 } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
137 {
138 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 127 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
139 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 128 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
140 goto err; 129 goto err;
141 } 130 }
142 tkeylen = EVP_CIPHER_CTX_key_length(ctx); 131 tkeylen = EVP_CIPHER_CTX_key_length(ctx);
143 /* Generate random session key */ 132 /* Generate random session key */
144 if (!enc || !ec->key) 133 if (!enc || !ec->key) {
145 {
146 tkey = malloc(tkeylen); 134 tkey = malloc(tkeylen);
147 if (!tkey) 135 if (!tkey) {
148 {
149 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 136 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
150 ERR_R_MALLOC_FAILURE); 137 ERR_R_MALLOC_FAILURE);
151 goto err; 138 goto err;
152 } 139 }
153 if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0) 140 if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
154 goto err; 141 goto err;
155 } 142 }
156 143
157 if (!ec->key) 144 if (!ec->key) {
158 {
159 ec->key = tkey; 145 ec->key = tkey;
160 ec->keylen = tkeylen; 146 ec->keylen = tkeylen;
161 tkey = NULL; 147 tkey = NULL;
@@ -163,25 +149,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
163 keep_key = 1; 149 keep_key = 1;
164 else 150 else
165 ERR_clear_error(); 151 ERR_clear_error();
166
167 }
168 152
169 if (ec->keylen != tkeylen) 153 }
170 { 154
155 if (ec->keylen != tkeylen) {
171 /* If necessary set key length */ 156 /* If necessary set key length */
172 if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) 157 if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
173 {
174 /* Only reveal failure if debugging so we don't 158 /* Only reveal failure if debugging so we don't
175 * leak information which may be useful in MMA. 159 * leak information which may be useful in MMA.
176 */ 160 */
177 if (enc || ec->debug) 161 if (enc || ec->debug) {
178 {
179 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 162 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
180 CMS_R_INVALID_KEY_LENGTH); 163 CMS_R_INVALID_KEY_LENGTH);
181 goto err; 164 goto err;
182 } 165 } else {
183 else
184 {
185 /* Use random key */ 166 /* Use random key */
186 OPENSSL_cleanse(ec->key, ec->keylen); 167 OPENSSL_cleanse(ec->key, ec->keylen);
187 free(ec->key); 168 free(ec->key);
@@ -189,106 +170,98 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
189 ec->keylen = tkeylen; 170 ec->keylen = tkeylen;
190 tkey = NULL; 171 tkey = NULL;
191 ERR_clear_error(); 172 ERR_clear_error();
192 }
193 } 173 }
194 } 174 }
175 }
195 176
196 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) 177 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
197 {
198 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 178 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
199 CMS_R_CIPHER_INITIALISATION_ERROR); 179 CMS_R_CIPHER_INITIALISATION_ERROR);
200 goto err; 180 goto err;
201 } 181 }
202 182
203 if (piv) 183 if (piv) {
204 {
205 calg->parameter = ASN1_TYPE_new(); 184 calg->parameter = ASN1_TYPE_new();
206 if (!calg->parameter) 185 if (!calg->parameter) {
207 {
208 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 186 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
209 ERR_R_MALLOC_FAILURE); 187 ERR_R_MALLOC_FAILURE);
210 goto err; 188 goto err;
211 } 189 }
212 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) 190 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
213 {
214 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 191 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
215 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 192 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
216 goto err; 193 goto err;
217 }
218 } 194 }
195 }
219 ok = 1; 196 ok = 1;
220 197
221 err: 198err:
222 if (ec->key && !keep_key) 199 if (ec->key && !keep_key) {
223 {
224 OPENSSL_cleanse(ec->key, ec->keylen); 200 OPENSSL_cleanse(ec->key, ec->keylen);
225 free(ec->key); 201 free(ec->key);
226 ec->key = NULL; 202 ec->key = NULL;
227 } 203 }
228 if (tkey) 204 if (tkey) {
229 {
230 OPENSSL_cleanse(tkey, tkeylen); 205 OPENSSL_cleanse(tkey, tkeylen);
231 free(tkey); 206 free(tkey);
232 } 207 }
233 if (ok) 208 if (ok)
234 return b; 209 return b;
235 BIO_free(b); 210 BIO_free(b);
236 return NULL; 211 return NULL;
237 } 212}
238 213
239int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 214int
240 const EVP_CIPHER *cipher, 215cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
241 const unsigned char *key, size_t keylen) 216 const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen)
242 { 217{
243 ec->cipher = cipher; 218 ec->cipher = cipher;
244 if (key) 219 if (key) {
245 {
246 ec->key = malloc(keylen); 220 ec->key = malloc(keylen);
247 if (!ec->key) 221 if (!ec->key)
248 return 0; 222 return 0;
249 memcpy(ec->key, key, keylen); 223 memcpy(ec->key, key, keylen);
250 } 224 }
251 ec->keylen = keylen; 225 ec->keylen = keylen;
252 if (cipher) 226 if (cipher)
253 ec->contentType = OBJ_nid2obj(NID_pkcs7_data); 227 ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
254 return 1; 228 return 1;
255 } 229}
256 230
257int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, 231int
258 const unsigned char *key, size_t keylen) 232CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
259 { 233 const unsigned char *key, size_t keylen)
234{
260 CMS_EncryptedContentInfo *ec; 235 CMS_EncryptedContentInfo *ec;
261 if (!key || !keylen) 236
262 { 237 if (!key || !keylen) {
263 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY); 238 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
264 return 0; 239 return 0;
265 } 240 }
266 if (ciph) 241 if (ciph) {
267 {
268 cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData); 242 cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
269 if (!cms->d.encryptedData) 243 if (!cms->d.encryptedData) {
270 {
271 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 244 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
272 ERR_R_MALLOC_FAILURE); 245 ERR_R_MALLOC_FAILURE);
273 return 0; 246 return 0;
274 } 247 }
275 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted); 248 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
276 cms->d.encryptedData->version = 0; 249 cms->d.encryptedData->version = 0;
277 } 250 } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
278 else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
279 {
280 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 251 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
281 CMS_R_NOT_ENCRYPTED_DATA); 252 CMS_R_NOT_ENCRYPTED_DATA);
282 return 0; 253 return 0;
283 } 254 }
284 ec = cms->d.encryptedData->encryptedContentInfo; 255 ec = cms->d.encryptedData->encryptedContentInfo;
285 return cms_EncryptedContent_init(ec, ciph, key, keylen); 256 return cms_EncryptedContent_init(ec, ciph, key, keylen);
286 } 257}
287 258
288BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms) 259BIO *
289 { 260cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
261{
290 CMS_EncryptedData *enc = cms->d.encryptedData; 262 CMS_EncryptedData *enc = cms->d.encryptedData;
263
291 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) 264 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
292 enc->version = 2; 265 enc->version = 2;
293 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo); 266 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
294 } 267}
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index 5e6e7033b2..a274e26226 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -71,56 +71,59 @@ DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
71 71
72DECLARE_STACK_OF(CMS_RecipientInfo) 72DECLARE_STACK_OF(CMS_RecipientInfo)
73 73
74CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) 74CMS_EnvelopedData *
75 { 75cms_get0_enveloped(CMS_ContentInfo *cms)
76 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) 76{
77 { 77 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
78 CMSerr(CMS_F_CMS_GET0_ENVELOPED, 78 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
79 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); 79 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
80 return NULL; 80 return NULL;
81 }
82 return cms->d.envelopedData;
83 } 81 }
82 return cms->d.envelopedData;
83}
84 84
85static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) 85static CMS_EnvelopedData *
86 { 86cms_enveloped_data_init(CMS_ContentInfo *cms)
87 if (cms->d.other == NULL) 87{
88 { 88 if (cms->d.other == NULL) {
89 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); 89 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
90 if (!cms->d.envelopedData) 90 if (!cms->d.envelopedData) {
91 {
92 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, 91 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
93 ERR_R_MALLOC_FAILURE); 92 ERR_R_MALLOC_FAILURE);
94 return NULL; 93 return NULL;
95 } 94 }
96 cms->d.envelopedData->version = 0; 95 cms->d.envelopedData->version = 0;
97 cms->d.envelopedData->encryptedContentInfo->contentType = 96 cms->d.envelopedData->encryptedContentInfo->contentType =
98 OBJ_nid2obj(NID_pkcs7_data); 97 OBJ_nid2obj(NID_pkcs7_data);
99 ASN1_OBJECT_free(cms->contentType); 98 ASN1_OBJECT_free(cms->contentType);
100 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); 99 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
101 return cms->d.envelopedData; 100 return cms->d.envelopedData;
102 }
103 return cms_get0_enveloped(cms);
104 } 101 }
102 return cms_get0_enveloped(cms);
103}
105 104
106STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) 105STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
107 { 106{
108 CMS_EnvelopedData *env; 107 CMS_EnvelopedData *env;
108
109 env = cms_get0_enveloped(cms); 109 env = cms_get0_enveloped(cms);
110 if (!env) 110 if (!env)
111 return NULL; 111 return NULL;
112 return env->recipientInfos; 112 return env->recipientInfos;
113 } 113}
114 114
115int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) 115int
116 { 116CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
117{
117 return ri->type; 118 return ri->type;
118 } 119}
119 120
120CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) 121CMS_ContentInfo *
121 { 122CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
123{
122 CMS_ContentInfo *cms; 124 CMS_ContentInfo *cms;
123 CMS_EnvelopedData *env; 125 CMS_EnvelopedData *env;
126
124 cms = CMS_ContentInfo_new(); 127 cms = CMS_ContentInfo_new();
125 if (!cms) 128 if (!cms)
126 goto merr; 129 goto merr;
@@ -128,15 +131,16 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
128 if (!env) 131 if (!env)
129 goto merr; 132 goto merr;
130 if (!cms_EncryptedContent_init(env->encryptedContentInfo, 133 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
131 cipher, NULL, 0)) 134 cipher, NULL, 0))
132 goto merr; 135 goto merr;
133 return cms; 136 return cms;
134 merr: 137
138merr:
135 if (cms) 139 if (cms)
136 CMS_ContentInfo_free(cms); 140 CMS_ContentInfo_free(cms);
137 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); 141 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
138 return NULL; 142 return NULL;
139 } 143}
140 144
141/* Key Transport Recipient Info (KTRI) routines */ 145/* Key Transport Recipient Info (KTRI) routines */
142 146
@@ -144,14 +148,15 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
144 * If we ever handle key agreement will need updating. 148 * If we ever handle key agreement will need updating.
145 */ 149 */
146 150
147CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, 151CMS_RecipientInfo *
148 X509 *recip, unsigned int flags) 152CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags)
149 { 153{
150 CMS_RecipientInfo *ri = NULL; 154 CMS_RecipientInfo *ri = NULL;
151 CMS_KeyTransRecipientInfo *ktri; 155 CMS_KeyTransRecipientInfo *ktri;
152 CMS_EnvelopedData *env; 156 CMS_EnvelopedData *env;
153 EVP_PKEY *pk = NULL; 157 EVP_PKEY *pk = NULL;
154 int i, type; 158 int i, type;
159
155 env = cms_get0_enveloped(cms); 160 env = cms_get0_enveloped(cms);
156 if (!env) 161 if (!env)
157 goto err; 162 goto err;
@@ -172,26 +177,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
172 177
173 X509_check_purpose(recip, -1, -1); 178 X509_check_purpose(recip, -1, -1);
174 pk = X509_get_pubkey(recip); 179 pk = X509_get_pubkey(recip);
175 if (!pk) 180 if (!pk) {
176 {
177 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 181 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
178 CMS_R_ERROR_GETTING_PUBLIC_KEY); 182 CMS_R_ERROR_GETTING_PUBLIC_KEY);
179 goto err; 183 goto err;
180 } 184 }
181 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); 185 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
182 ktri->pkey = pk; 186 ktri->pkey = pk;
183 ktri->recip = recip; 187 ktri->recip = recip;
184 188
185 if (flags & CMS_USE_KEYID) 189 if (flags & CMS_USE_KEYID) {
186 {
187 ktri->version = 2; 190 ktri->version = 2;
188 type = CMS_RECIPINFO_KEYIDENTIFIER; 191 type = CMS_RECIPINFO_KEYIDENTIFIER;
189 } 192 } else {
190 else
191 {
192 ktri->version = 0; 193 ktri->version = 0;
193 type = CMS_RECIPINFO_ISSUER_SERIAL; 194 type = CMS_RECIPINFO_ISSUER_SERIAL;
194 } 195 }
195 196
196 /* Not a typo: RecipientIdentifier and SignerIdentifier are the 197 /* Not a typo: RecipientIdentifier and SignerIdentifier are the
197 * same structure. 198 * same structure.
@@ -200,49 +201,45 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
200 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) 201 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
201 goto err; 202 goto err;
202 203
203 if (pk->ameth && pk->ameth->pkey_ctrl) 204 if (pk->ameth && pk->ameth->pkey_ctrl) {
204 {
205 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, 205 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
206 0, ri); 206 0, ri);
207 if (i == -2) 207 if (i == -2) {
208 {
209 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 208 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
210 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 209 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
211 goto err; 210 goto err;
212 } 211 }
213 if (i <= 0) 212 if (i <= 0) {
214 {
215 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 213 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
216 CMS_R_CTRL_FAILURE); 214 CMS_R_CTRL_FAILURE);
217 goto err; 215 goto err;
218 }
219 } 216 }
217 }
220 218
221 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) 219 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
222 goto merr; 220 goto merr;
223 221
224 return ri; 222 return ri;
225 223
226 merr: 224merr:
227 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); 225 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
228 err: 226err:
229 if (ri) 227 if (ri)
230 M_ASN1_free_of(ri, CMS_RecipientInfo); 228 M_ASN1_free_of(ri, CMS_RecipientInfo);
231 return NULL; 229 return NULL;
230}
232 231
233 } 232int
234 233CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
235int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, 234 X509 **recip, X509_ALGOR **palg)
236 EVP_PKEY **pk, X509 **recip, 235{
237 X509_ALGOR **palg)
238 {
239 CMS_KeyTransRecipientInfo *ktri; 236 CMS_KeyTransRecipientInfo *ktri;
240 if (ri->type != CMS_RECIPINFO_TRANS) 237
241 { 238 if (ri->type != CMS_RECIPINFO_TRANS) {
242 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 239 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
243 CMS_R_NOT_KEY_TRANSPORT); 240 CMS_R_NOT_KEY_TRANSPORT);
244 return 0; 241 return 0;
245 } 242 }
246 243
247 ktri = ri->d.ktri; 244 ktri = ri->d.ktri;
248 245
@@ -253,53 +250,53 @@ int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
253 if (palg) 250 if (palg)
254 *palg = ktri->keyEncryptionAlgorithm; 251 *palg = ktri->keyEncryptionAlgorithm;
255 return 1; 252 return 1;
256 } 253}
257 254
258int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 255int
259 ASN1_OCTET_STRING **keyid, 256CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
260 X509_NAME **issuer, ASN1_INTEGER **sno) 257 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
261 { 258{
262 CMS_KeyTransRecipientInfo *ktri; 259 CMS_KeyTransRecipientInfo *ktri;
263 if (ri->type != CMS_RECIPINFO_TRANS) 260
264 { 261 if (ri->type != CMS_RECIPINFO_TRANS) {
265 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 262 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
266 CMS_R_NOT_KEY_TRANSPORT); 263 CMS_R_NOT_KEY_TRANSPORT);
267 return 0; 264 return 0;
268 } 265 }
269 ktri = ri->d.ktri; 266 ktri = ri->d.ktri;
270 267
271 return cms_SignerIdentifier_get0_signer_id(ktri->rid, 268 return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid,
272 keyid, issuer, sno); 269 issuer, sno);
273 } 270}
274 271
275int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) 272int
276 { 273CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
277 if (ri->type != CMS_RECIPINFO_TRANS) 274{
278 { 275 if (ri->type != CMS_RECIPINFO_TRANS) {
279 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 276 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
280 CMS_R_NOT_KEY_TRANSPORT); 277 CMS_R_NOT_KEY_TRANSPORT);
281 return -2; 278 return -2;
282 }
283 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
284 } 279 }
280 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
281}
285 282
286int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) 283int
287 { 284CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
288 if (ri->type != CMS_RECIPINFO_TRANS) 285{
289 { 286 if (ri->type != CMS_RECIPINFO_TRANS) {
290 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 287 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
291 CMS_R_NOT_KEY_TRANSPORT); 288 CMS_R_NOT_KEY_TRANSPORT);
292 return 0; 289 return 0;
293 } 290 }
294 ri->d.ktri->pkey = pkey; 291 ri->d.ktri->pkey = pkey;
295 return 1; 292 return 1;
296 } 293}
297 294
298/* Encrypt content key in key transport recipient info */ 295/* Encrypt content key in key transport recipient info */
299 296
300static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, 297static int
301 CMS_RecipientInfo *ri) 298cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
302 { 299{
303 CMS_KeyTransRecipientInfo *ktri; 300 CMS_KeyTransRecipientInfo *ktri;
304 CMS_EncryptedContentInfo *ec; 301 CMS_EncryptedContentInfo *ec;
305 EVP_PKEY_CTX *pctx = NULL; 302 EVP_PKEY_CTX *pctx = NULL;
@@ -308,12 +305,11 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
308 305
309 int ret = 0; 306 int ret = 0;
310 307
311 if (ri->type != CMS_RECIPINFO_TRANS) 308 if (ri->type != CMS_RECIPINFO_TRANS) {
312 {
313 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 309 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
314 CMS_R_NOT_KEY_TRANSPORT); 310 CMS_R_NOT_KEY_TRANSPORT);
315 return 0; 311 return 0;
316 } 312 }
317 ktri = ri->d.ktri; 313 ktri = ri->d.ktri;
318 ec = cms->d.envelopedData->encryptedContentInfo; 314 ec = cms->d.envelopedData->encryptedContentInfo;
319 315
@@ -325,23 +321,21 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
325 goto err; 321 goto err;
326 322
327 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 323 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
328 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) 324 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
329 {
330 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); 325 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
331 goto err; 326 goto err;
332 } 327 }
333 328
334 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) 329 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
335 goto err; 330 goto err;
336 331
337 ek = malloc(eklen); 332 ek = malloc(eklen);
338 333
339 if (ek == NULL) 334 if (ek == NULL) {
340 {
341 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 335 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
342 ERR_R_MALLOC_FAILURE); 336 ERR_R_MALLOC_FAILURE);
343 goto err; 337 goto err;
344 } 338 }
345 339
346 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) 340 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
347 goto err; 341 goto err;
@@ -351,33 +345,32 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
351 345
352 ret = 1; 346 ret = 1;
353 347
354 err: 348err:
355 if (pctx) 349 if (pctx)
356 EVP_PKEY_CTX_free(pctx); 350 EVP_PKEY_CTX_free(pctx);
357 free(ek); 351 free(ek);
358 return ret; 352 return ret;
359 353}
360 }
361 354
362/* Decrypt content key from KTRI */ 355/* Decrypt content key from KTRI */
363 356
364static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, 357static int
365 CMS_RecipientInfo *ri) 358cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
366 { 359{
367 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 360 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
368 EVP_PKEY_CTX *pctx = NULL; 361 EVP_PKEY_CTX *pctx = NULL;
369 unsigned char *ek = NULL; 362 unsigned char *ek = NULL;
370 size_t eklen; 363 size_t eklen;
371 int ret = 0; 364 int ret = 0;
372 CMS_EncryptedContentInfo *ec; 365 CMS_EncryptedContentInfo *ec;
366
373 ec = cms->d.envelopedData->encryptedContentInfo; 367 ec = cms->d.envelopedData->encryptedContentInfo;
374 368
375 if (ktri->pkey == NULL) 369 if (ktri->pkey == NULL) {
376 {
377 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 370 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
378 CMS_R_NO_PRIVATE_KEY); 371 CMS_R_NO_PRIVATE_KEY);
379 return 0; 372 return 0;
380 } 373 }
381 374
382 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); 375 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
383 if (!pctx) 376 if (!pctx)
@@ -387,152 +380,134 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
387 goto err; 380 goto err;
388 381
389 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 382 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
390 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) 383 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
391 {
392 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); 384 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
393 goto err; 385 goto err;
394 } 386 }
395 387
396 if (EVP_PKEY_decrypt(pctx, NULL, &eklen, 388 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
397 ktri->encryptedKey->data, 389 ktri->encryptedKey->data,
398 ktri->encryptedKey->length) <= 0) 390 ktri->encryptedKey->length) <= 0)
399 goto err; 391 goto err;
400 392
401 ek = malloc(eklen); 393 ek = malloc(eklen);
402 394
403 if (ek == NULL) 395 if (ek == NULL) {
404 {
405 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 396 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
406 ERR_R_MALLOC_FAILURE); 397 ERR_R_MALLOC_FAILURE);
407 goto err; 398 goto err;
408 } 399 }
409 400
410 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 401 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
411 ktri->encryptedKey->data, 402 ktri->encryptedKey->data,
412 ktri->encryptedKey->length) <= 0) 403 ktri->encryptedKey->length) <= 0) {
413 {
414 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); 404 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
415 goto err; 405 goto err;
416 } 406 }
417 407
418 ret = 1; 408 ret = 1;
419 409
420 if (ec->key) 410 if (ec->key) {
421 {
422 OPENSSL_cleanse(ec->key, ec->keylen); 411 OPENSSL_cleanse(ec->key, ec->keylen);
423 free(ec->key); 412 free(ec->key);
424 } 413 }
425 414
426 ec->key = ek; 415 ec->key = ek;
427 ec->keylen = eklen; 416 ec->keylen = eklen;
428 417
429 err: 418err:
430 if (pctx) 419 if (pctx)
431 EVP_PKEY_CTX_free(pctx); 420 EVP_PKEY_CTX_free(pctx);
432 if (!ret && ek) 421 if (!ret && ek)
433 free(ek); 422 free(ek);
434 423
435 return ret; 424 return ret;
436 } 425}
437 426
438/* Key Encrypted Key (KEK) RecipientInfo routines */ 427/* Key Encrypted Key (KEK) RecipientInfo routines */
439 428
440int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 429int
441 const unsigned char *id, size_t idlen) 430CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id,
442 { 431 size_t idlen)
432{
443 ASN1_OCTET_STRING tmp_os; 433 ASN1_OCTET_STRING tmp_os;
444 CMS_KEKRecipientInfo *kekri; 434 CMS_KEKRecipientInfo *kekri;
445 if (ri->type != CMS_RECIPINFO_KEK) 435
446 { 436 if (ri->type != CMS_RECIPINFO_KEK) {
447 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); 437 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
448 return -2; 438 return -2;
449 } 439 }
450 kekri = ri->d.kekri; 440 kekri = ri->d.kekri;
451 tmp_os.type = V_ASN1_OCTET_STRING; 441 tmp_os.type = V_ASN1_OCTET_STRING;
452 tmp_os.flags = 0; 442 tmp_os.flags = 0;
453 tmp_os.data = (unsigned char *)id; 443 tmp_os.data = (unsigned char *)id;
454 tmp_os.length = (int)idlen; 444 tmp_os.length = (int)idlen;
455 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); 445 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
456 } 446}
457 447
458/* For now hard code AES key wrap info */ 448/* For now hard code AES key wrap info */
459 449
460static size_t aes_wrap_keylen(int nid) 450static size_t
461 { 451aes_wrap_keylen(int nid)
462 switch (nid) 452{
463 { 453 switch (nid) {
464 case NID_id_aes128_wrap: 454 case NID_id_aes128_wrap:
465 return 16; 455 return 16;
466 456 case NID_id_aes192_wrap:
467 case NID_id_aes192_wrap: 457 return 24;
468 return 24; 458 case NID_id_aes256_wrap:
469 459 return 32;
470 case NID_id_aes256_wrap: 460 default:
471 return 32;
472
473 default:
474 return 0; 461 return 0;
475 }
476 } 462 }
463}
477 464
478CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 465CMS_RecipientInfo *
479 unsigned char *key, size_t keylen, 466CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key,
480 unsigned char *id, size_t idlen, 467 size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date,
481 ASN1_GENERALIZEDTIME *date, 468 ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType)
482 ASN1_OBJECT *otherTypeId, 469{
483 ASN1_TYPE *otherType)
484 {
485 CMS_RecipientInfo *ri = NULL; 470 CMS_RecipientInfo *ri = NULL;
486 CMS_EnvelopedData *env; 471 CMS_EnvelopedData *env;
487 CMS_KEKRecipientInfo *kekri; 472 CMS_KEKRecipientInfo *kekri;
473
488 env = cms_get0_enveloped(cms); 474 env = cms_get0_enveloped(cms);
489 if (!env) 475 if (!env)
490 goto err; 476 goto err;
491 477
492 if (nid == NID_undef) 478 if (nid == NID_undef) {
493 { 479 switch (keylen) {
494 switch (keylen) 480 case 16:
495 {
496 case 16:
497 nid = NID_id_aes128_wrap; 481 nid = NID_id_aes128_wrap;
498 break; 482 break;
499 483 case 24:
500 case 24:
501 nid = NID_id_aes192_wrap; 484 nid = NID_id_aes192_wrap;
502 break; 485 break;
503 486 case 32:
504 case 32:
505 nid = NID_id_aes256_wrap; 487 nid = NID_id_aes256_wrap;
506 break; 488 break;
507 489 default:
508 default:
509 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, 490 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
510 CMS_R_INVALID_KEY_LENGTH); 491 CMS_R_INVALID_KEY_LENGTH);
511 goto err; 492 goto err;
512 }
513
514 } 493 }
515 else 494 } else {
516 {
517
518 size_t exp_keylen = aes_wrap_keylen(nid); 495 size_t exp_keylen = aes_wrap_keylen(nid);
519 496
520 if (!exp_keylen) 497 if (!exp_keylen) {
521 {
522 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, 498 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
523 CMS_R_UNSUPPORTED_KEK_ALGORITHM); 499 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
524 goto err; 500 goto err;
525 } 501 }
526 502
527 if (keylen != exp_keylen) 503 if (keylen != exp_keylen) {
528 {
529 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, 504 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
530 CMS_R_INVALID_KEY_LENGTH); 505 CMS_R_INVALID_KEY_LENGTH);
531 goto err; 506 goto err;
532 }
533
534 } 507 }
535 508
509 }
510
536 /* Initialize recipient info */ 511 /* Initialize recipient info */
537 ri = M_ASN1_new_of(CMS_RecipientInfo); 512 ri = M_ASN1_new_of(CMS_RecipientInfo);
538 if (!ri) 513 if (!ri)
@@ -545,17 +520,15 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
545 520
546 kekri = ri->d.kekri; 521 kekri = ri->d.kekri;
547 522
548 if (otherTypeId) 523 if (otherTypeId) {
549 {
550 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); 524 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
551 if (kekri->kekid->other == NULL) 525 if (kekri->kekid->other == NULL)
552 goto merr; 526 goto merr;
553 } 527 }
554 528
555 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) 529 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
556 goto merr; 530 goto merr;
557 531
558
559 /* After this point no calls can fail */ 532 /* After this point no calls can fail */
560 533
561 kekri->version = 4; 534 kekri->version = 4;
@@ -567,85 +540,79 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
567 540
568 kekri->kekid->date = date; 541 kekri->kekid->date = date;
569 542
570 if (kekri->kekid->other) 543 if (kekri->kekid->other) {
571 {
572 kekri->kekid->other->keyAttrId = otherTypeId; 544 kekri->kekid->other->keyAttrId = otherTypeId;
573 kekri->kekid->other->keyAttr = otherType; 545 kekri->kekid->other->keyAttr = otherType;
574 } 546 }
575 547
576 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, 548 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
577 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); 549 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
578 550
579 return ri; 551 return ri;
580 552
581 merr: 553merr:
582 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); 554 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
583 err: 555err:
584 if (ri) 556 if (ri)
585 M_ASN1_free_of(ri, CMS_RecipientInfo); 557 M_ASN1_free_of(ri, CMS_RecipientInfo);
586 return NULL; 558 return NULL;
559}
587 560
588 } 561int
589 562CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
590int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, 563 ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
591 X509_ALGOR **palg, 564 ASN1_OBJECT **potherid, ASN1_TYPE **pothertype)
592 ASN1_OCTET_STRING **pid, 565{
593 ASN1_GENERALIZEDTIME **pdate,
594 ASN1_OBJECT **potherid,
595 ASN1_TYPE **pothertype)
596 {
597 CMS_KEKIdentifier *rkid; 566 CMS_KEKIdentifier *rkid;
598 if (ri->type != CMS_RECIPINFO_KEK) 567
599 { 568 if (ri->type != CMS_RECIPINFO_KEK) {
600 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); 569 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
601 return 0; 570 return 0;
602 } 571 }
603 rkid = ri->d.kekri->kekid; 572 rkid = ri->d.kekri->kekid;
604 if (palg) 573 if (palg)
605 *palg = ri->d.kekri->keyEncryptionAlgorithm; 574 *palg = ri->d.kekri->keyEncryptionAlgorithm;
606 if (pid) 575 if (pid)
607 *pid = rkid->keyIdentifier; 576 *pid = rkid->keyIdentifier;
608 if (pdate) 577 if (pdate)
609 *pdate = rkid->date; 578 *pdate = rkid->date;
610 if (potherid) 579 if (potherid) {
611 {
612 if (rkid->other) 580 if (rkid->other)
613 *potherid = rkid->other->keyAttrId; 581 *potherid = rkid->other->keyAttrId;
614 else 582 else
615 *potherid = NULL; 583 *potherid = NULL;
616 } 584 }
617 if (pothertype) 585 if (pothertype) {
618 {
619 if (rkid->other) 586 if (rkid->other)
620 *pothertype = rkid->other->keyAttr; 587 *pothertype = rkid->other->keyAttr;
621 else 588 else
622 *pothertype = NULL; 589 *pothertype = NULL;
623 }
624 return 1;
625 } 590 }
591 return 1;
592}
626 593
627int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 594int
628 unsigned char *key, size_t keylen) 595CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
629 { 596 size_t keylen)
597{
630 CMS_KEKRecipientInfo *kekri; 598 CMS_KEKRecipientInfo *kekri;
631 if (ri->type != CMS_RECIPINFO_KEK) 599
632 { 600 if (ri->type != CMS_RECIPINFO_KEK) {
633 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); 601 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
634 return 0; 602 return 0;
635 } 603 }
636 604
637 kekri = ri->d.kekri; 605 kekri = ri->d.kekri;
638 kekri->key = key; 606 kekri->key = key;
639 kekri->keylen = keylen; 607 kekri->keylen = keylen;
640 return 1; 608 return 1;
641 } 609}
642
643 610
644/* Encrypt content key in KEK recipient info */ 611/* Encrypt content key in KEK recipient info */
645 612
646static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, 613static int
647 CMS_RecipientInfo *ri) 614cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
648 { 615{
649 CMS_EncryptedContentInfo *ec; 616 CMS_EncryptedContentInfo *ec;
650 CMS_KEKRecipientInfo *kekri; 617 CMS_KEKRecipientInfo *kekri;
651 AES_KEY actx; 618 AES_KEY actx;
@@ -657,55 +624,49 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
657 624
658 kekri = ri->d.kekri; 625 kekri = ri->d.kekri;
659 626
660 if (!kekri->key) 627 if (!kekri->key) {
661 {
662 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY); 628 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
663 return 0; 629 return 0;
664 } 630 }
665 631
666 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) 632 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
667 {
668 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 633 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
669 CMS_R_ERROR_SETTING_KEY); 634 CMS_R_ERROR_SETTING_KEY);
670 goto err; 635 goto err;
671 } 636 }
672 637
673 wkey = malloc(ec->keylen + 8); 638 wkey = malloc(ec->keylen + 8);
674 639
675 if (!wkey) 640 if (!wkey) {
676 {
677 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 641 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
678 ERR_R_MALLOC_FAILURE); 642 ERR_R_MALLOC_FAILURE);
679 goto err; 643 goto err;
680 } 644 }
681 645
682 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); 646 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
683 647
684 if (wkeylen <= 0) 648 if (wkeylen <= 0) {
685 {
686 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); 649 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
687 goto err; 650 goto err;
688 } 651 }
689 652
690 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); 653 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
691 654
692 r = 1; 655 r = 1;
693 656
694 err: 657err:
695
696 if (!r && wkey) 658 if (!r && wkey)
697 free(wkey); 659 free(wkey);
698 OPENSSL_cleanse(&actx, sizeof(actx)); 660 OPENSSL_cleanse(&actx, sizeof(actx));
699 661
700 return r; 662 return r;
701 663}
702 }
703 664
704/* Decrypt content key in KEK recipient info */ 665/* Decrypt content key in KEK recipient info */
705 666
706static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, 667static int
707 CMS_RecipientInfo *ri) 668cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
708 { 669{
709 CMS_EncryptedContentInfo *ec; 670 CMS_EncryptedContentInfo *ec;
710 CMS_KEKRecipientInfo *kekri; 671 CMS_KEKRecipientInfo *kekri;
711 AES_KEY actx; 672 AES_KEY actx;
@@ -717,93 +678,83 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
717 678
718 kekri = ri->d.kekri; 679 kekri = ri->d.kekri;
719 680
720 if (!kekri->key) 681 if (!kekri->key) {
721 {
722 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY); 682 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
723 return 0; 683 return 0;
724 } 684 }
725 685
726 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); 686 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
727 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) 687 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
728 {
729 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 688 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
730 CMS_R_INVALID_KEY_LENGTH); 689 CMS_R_INVALID_KEY_LENGTH);
731 return 0; 690 return 0;
732 } 691 }
733 692
734 /* If encrypted key length is invalid don't bother */ 693 /* If encrypted key length is invalid don't bother */
735 694
736 if (kekri->encryptedKey->length < 16) 695 if (kekri->encryptedKey->length < 16) {
737 {
738 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 696 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
739 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); 697 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
740 goto err; 698 goto err;
741 } 699 }
742 700
743 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) 701 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
744 {
745 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 702 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
746 CMS_R_ERROR_SETTING_KEY); 703 CMS_R_ERROR_SETTING_KEY);
747 goto err; 704 goto err;
748 } 705 }
749 706
750 ukey = malloc(kekri->encryptedKey->length - 8); 707 ukey = malloc(kekri->encryptedKey->length - 8);
751 708
752 if (!ukey) 709 if (!ukey) {
753 {
754 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 710 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
755 ERR_R_MALLOC_FAILURE); 711 ERR_R_MALLOC_FAILURE);
756 goto err; 712 goto err;
757 } 713 }
758 714
759 ukeylen = AES_unwrap_key(&actx, NULL, ukey, 715 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
760 kekri->encryptedKey->data, 716 kekri->encryptedKey->data,
761 kekri->encryptedKey->length); 717 kekri->encryptedKey->length);
762 718
763 if (ukeylen <= 0) 719 if (ukeylen <= 0) {
764 {
765 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 720 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
766 CMS_R_UNWRAP_ERROR); 721 CMS_R_UNWRAP_ERROR);
767 goto err; 722 goto err;
768 } 723 }
769 724
770 ec->key = ukey; 725 ec->key = ukey;
771 ec->keylen = ukeylen; 726 ec->keylen = ukeylen;
772 727
773 r = 1; 728 r = 1;
774 729
775 err: 730err:
776
777 if (!r && ukey) 731 if (!r && ukey)
778 free(ukey); 732 free(ukey);
779 OPENSSL_cleanse(&actx, sizeof(actx)); 733 OPENSSL_cleanse(&actx, sizeof(actx));
780 734
781 return r; 735 return r;
736}
782 737
783 } 738int
784 739CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
785int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) 740{
786 { 741 switch (ri->type) {
787 switch(ri->type) 742 case CMS_RECIPINFO_TRANS:
788 {
789 case CMS_RECIPINFO_TRANS:
790 return cms_RecipientInfo_ktri_decrypt(cms, ri); 743 return cms_RecipientInfo_ktri_decrypt(cms, ri);
791 744 case CMS_RECIPINFO_KEK:
792 case CMS_RECIPINFO_KEK:
793 return cms_RecipientInfo_kekri_decrypt(cms, ri); 745 return cms_RecipientInfo_kekri_decrypt(cms, ri);
794 746 case CMS_RECIPINFO_PASS:
795 case CMS_RECIPINFO_PASS:
796 return cms_RecipientInfo_pwri_crypt(cms, ri, 0); 747 return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
797 748 default:
798 default:
799 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, 749 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
800 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); 750 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
801 return 0; 751 return 0;
802 }
803 } 752 }
753}
804 754
805BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) 755BIO *
806 { 756cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
757{
807 CMS_EncryptedContentInfo *ec; 758 CMS_EncryptedContentInfo *ec;
808 STACK_OF(CMS_RecipientInfo) *rinfos; 759 STACK_OF(CMS_RecipientInfo) *rinfos;
809 CMS_RecipientInfo *ri; 760 CMS_RecipientInfo *ri;
@@ -824,52 +775,47 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
824 775
825 rinfos = cms->d.envelopedData->recipientInfos; 776 rinfos = cms->d.envelopedData->recipientInfos;
826 777
827 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) 778 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
828 {
829 ri = sk_CMS_RecipientInfo_value(rinfos, i); 779 ri = sk_CMS_RecipientInfo_value(rinfos, i);
830 780
831 switch (ri->type) 781 switch (ri->type) {
832 { 782 case CMS_RECIPINFO_TRANS:
833 case CMS_RECIPINFO_TRANS:
834 r = cms_RecipientInfo_ktri_encrypt(cms, ri); 783 r = cms_RecipientInfo_ktri_encrypt(cms, ri);
835 break; 784 break;
836 785
837 case CMS_RECIPINFO_KEK: 786 case CMS_RECIPINFO_KEK:
838 r = cms_RecipientInfo_kekri_encrypt(cms, ri); 787 r = cms_RecipientInfo_kekri_encrypt(cms, ri);
839 break; 788 break;
840 789
841 case CMS_RECIPINFO_PASS: 790 case CMS_RECIPINFO_PASS:
842 r = cms_RecipientInfo_pwri_crypt(cms, ri, 1); 791 r = cms_RecipientInfo_pwri_crypt(cms, ri, 1);
843 break; 792 break;
844 793
845 default: 794 default:
846 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 795 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
847 CMS_R_UNSUPPORTED_RECIPIENT_TYPE); 796 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
848 goto err; 797 goto err;
849 } 798 }
850 799
851 if (r <= 0) 800 if (r <= 0) {
852 {
853 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 801 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
854 CMS_R_ERROR_SETTING_RECIPIENTINFO); 802 CMS_R_ERROR_SETTING_RECIPIENTINFO);
855 goto err; 803 goto err;
856 }
857 } 804 }
805 }
858 806
859 ok = 1; 807 ok = 1;
860 808
861 err: 809err:
862 ec->cipher = NULL; 810 ec->cipher = NULL;
863 if (ec->key) 811 if (ec->key) {
864 {
865 OPENSSL_cleanse(ec->key, ec->keylen); 812 OPENSSL_cleanse(ec->key, ec->keylen);
866 free(ec->key); 813 free(ec->key);
867 ec->key = NULL; 814 ec->key = NULL;
868 ec->keylen = 0; 815 ec->keylen = 0;
869 } 816 }
870 if (ok) 817 if (ok)
871 return ret; 818 return ret;
872 BIO_free(ret); 819 BIO_free(ret);
873 return NULL; 820 return NULL;
874 821}
875 }
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
index 8330ead7ed..313354691a 100644
--- a/src/lib/libcrypto/cms/cms_err.c
+++ b/src/lib/libcrypto/cms/cms_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,178 +68,175 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
70 70
71static ERR_STRING_DATA CMS_str_functs[]= 71static ERR_STRING_DATA CMS_str_functs[]= {
72 { 72 {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
73{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, 73 {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
74{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, 74 {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
75{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, 75 {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), "CMS_add0_recipient_password"},
76{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), "CMS_add0_recipient_password"}, 76 {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
77{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, 77 {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
78{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, 78 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
79{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, 79 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
80{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, 80 {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
81{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, 81 {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
82{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, 82 {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"},
83{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, 83 {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
84{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, 84 {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
85{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, 85 {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
86{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, 86 {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
87{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, 87 {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
88{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, 88 {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
89{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"}, 89 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
90{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"}, 90 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
91{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"}, 91 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
92{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"}, 92 {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
93{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"}, 93 {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
94{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"}, 94 {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
95{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"}, 95 {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
96{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"}, 96 {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
97{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"}, 97 {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
98{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"}, 98 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"},
99{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"}, 99 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
100{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"}, 100 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
101{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"}, 101 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"},
102{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"}, 102 {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
103{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, 103 {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"},
104{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, 104 {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
105{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, 105 {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
106{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, 106 {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
107{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"}, 107 {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
108{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, 108 {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
109{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, 109 {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
110{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"}, 110 {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
111{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"}, 111 {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
112{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, 112 {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
113{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, 113 {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
114{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, 114 {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
115{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"}, 115 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
116{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, 116 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
117{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, 117 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
118{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, 118 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"},
119{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, 119 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"},
120{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"}, 120 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"},
121{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, 121 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
122{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, 122 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
123{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, 123 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
124{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, 124 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
125{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"}, 125 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"},
126{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"}, 126 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
127{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"}, 127 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), "CMS_RecipientInfo_set0_password"},
128{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), "CMS_RecipientInfo_set0_password"}, 128 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
129{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, 129 {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
130{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, 130 {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
131{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, 131 {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
132{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, 132 {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
133{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, 133 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"},
134{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"}, 134 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
135{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, 135 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
136{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, 136 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
137{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, 137 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
138{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, 138 {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
139{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, 139 {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
140{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"}, 140 {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
141{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, 141 {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
142{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, 142 {0, NULL}
143{0,NULL} 143};
144 };
145 144
146static ERR_STRING_DATA CMS_str_reasons[]= 145static ERR_STRING_DATA CMS_str_reasons[]= {
147 { 146 {ERR_REASON(CMS_R_ADD_SIGNER_ERROR) , "add signer error"},
148{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"}, 147 {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT), "certificate already present"},
149{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"}, 148 {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
150{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"}, 149 {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
151{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, 150 {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR), "cipher initialisation error"},
152{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"}, 151 {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), "cipher parameter initialisation error"},
153{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"}, 152 {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) , "cms datafinal error"},
154{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"}, 153 {ERR_REASON(CMS_R_CMS_LIB) , "cms lib"},
155{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"}, 154 {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH), "contentidentifier mismatch"},
156{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"}, 155 {ERR_REASON(CMS_R_CONTENT_NOT_FOUND) , "content not found"},
157{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"}, 156 {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) , "content type mismatch"},
158{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"}, 157 {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), "content type not compressed data"},
159{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"}, 158 {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), "content type not enveloped data"},
160{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"}, 159 {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), "content type not signed data"},
161{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"}, 160 {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) , "content verify error"},
162{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"}, 161 {ERR_REASON(CMS_R_CTRL_ERROR) , "ctrl error"},
163{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"}, 162 {ERR_REASON(CMS_R_CTRL_FAILURE) , "ctrl failure"},
164{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"}, 163 {ERR_REASON(CMS_R_DECRYPT_ERROR) , "decrypt error"},
165{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"}, 164 {ERR_REASON(CMS_R_DIGEST_ERROR) , "digest error"},
166{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"}, 165 {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
167{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"}, 166 {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), "error reading messagedigest attribute"},
168{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"}, 167 {ERR_REASON(CMS_R_ERROR_SETTING_KEY) , "error setting key"},
169{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"}, 168 {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO), "error setting recipientinfo"},
170{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"}, 169 {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), "invalid encrypted key length"},
171{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"}, 170 {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), "invalid key encryption parameter"},
172{ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),"invalid key encryption parameter"}, 171 {ERR_REASON(CMS_R_INVALID_KEY_LENGTH) , "invalid key length"},
173{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, 172 {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) , "md bio init error"},
174{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"}, 173 {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), "messagedigest attribute wrong length"},
175{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"}, 174 {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH), "messagedigest wrong length"},
176{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"}, 175 {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) , "msgsigdigest error"},
177{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"}, 176 {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), "msgsigdigest verification failure"},
178{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"}, 177 {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH), "msgsigdigest wrong length"},
179{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"}, 178 {ERR_REASON(CMS_R_NEED_ONE_SIGNER) , "need one signer"},
180{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"}, 179 {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) , "not a signed receipt"},
181{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"}, 180 {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) , "not encrypted data"},
182{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"}, 181 {ERR_REASON(CMS_R_NOT_KEK) , "not kek"},
183{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"}, 182 {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) , "not key transport"},
184{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"}, 183 {ERR_REASON(CMS_R_NOT_PWRI) , "not pwri"},
185{ERR_REASON(CMS_R_NOT_PWRI) ,"not pwri"}, 184 {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "not supported for this key type"},
186{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"}, 185 {ERR_REASON(CMS_R_NO_CIPHER) , "no cipher"},
187{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"}, 186 {ERR_REASON(CMS_R_NO_CONTENT) , "no content"},
188{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"}, 187 {ERR_REASON(CMS_R_NO_CONTENT_TYPE) , "no content type"},
189{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"}, 188 {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) , "no default digest"},
190{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"}, 189 {ERR_REASON(CMS_R_NO_DIGEST_SET) , "no digest set"},
191{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"}, 190 {ERR_REASON(CMS_R_NO_KEY) , "no key"},
192{ERR_REASON(CMS_R_NO_KEY) ,"no key"}, 191 {ERR_REASON(CMS_R_NO_KEY_OR_CERT) , "no key or cert"},
193{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"}, 192 {ERR_REASON(CMS_R_NO_MATCHING_DIGEST) , "no matching digest"},
194{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"}, 193 {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) , "no matching recipient"},
195{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"}, 194 {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) , "no matching signature"},
196{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"}, 195 {ERR_REASON(CMS_R_NO_MSGSIGDIGEST) , "no msgsigdigest"},
197{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"}, 196 {ERR_REASON(CMS_R_NO_PASSWORD) , "no password"},
198{ERR_REASON(CMS_R_NO_PASSWORD) ,"no password"}, 197 {ERR_REASON(CMS_R_NO_PRIVATE_KEY) , "no private key"},
199{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"}, 198 {ERR_REASON(CMS_R_NO_PUBLIC_KEY) , "no public key"},
200{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"}, 199 {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) , "no receipt request"},
201{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"}, 200 {ERR_REASON(CMS_R_NO_SIGNERS) , "no signers"},
202{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"}, 201 {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
203{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, 202 {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) , "receipt decode error"},
204{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"}, 203 {ERR_REASON(CMS_R_RECIPIENT_ERROR) , "recipient error"},
205{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"}, 204 {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
206{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, 205 {ERR_REASON(CMS_R_SIGNFINAL_ERROR) , "signfinal error"},
207{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"}, 206 {ERR_REASON(CMS_R_SMIME_TEXT_ERROR) , "smime text error"},
208{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"}, 207 {ERR_REASON(CMS_R_STORE_INIT_ERROR) , "store init error"},
209{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"}, 208 {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
210{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"}, 209 {ERR_REASON(CMS_R_TYPE_NOT_DATA) , "type not data"},
211{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"}, 210 {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
212{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"}, 211 {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
213{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"}, 212 {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
214{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"}, 213 {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT), "unable to finalize context"},
215{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"}, 214 {ERR_REASON(CMS_R_UNKNOWN_CIPHER) , "unknown cipher"},
216{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"}, 215 {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
217{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"}, 216 {ERR_REASON(CMS_R_UNKNOWN_ID) , "unknown id"},
218{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"}, 217 {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"},
219{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, 218 {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
220{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, 219 {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM), "unsupported kek algorithm"},
221{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"}, 220 {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), "unsupported key encryption algorithm"},
222{ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),"unsupported key encryption algorithm"}, 221 {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"},
223{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"}, 222 {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE), "unsupported recpientinfo type"},
224{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"}, 223 {ERR_REASON(CMS_R_UNSUPPORTED_TYPE) , "unsupported type"},
225{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"}, 224 {ERR_REASON(CMS_R_UNWRAP_ERROR) , "unwrap error"},
226{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"}, 225 {ERR_REASON(CMS_R_UNWRAP_FAILURE) , "unwrap failure"},
227{ERR_REASON(CMS_R_UNWRAP_FAILURE) ,"unwrap failure"}, 226 {ERR_REASON(CMS_R_VERIFICATION_FAILURE) , "verification failure"},
228{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"}, 227 {ERR_REASON(CMS_R_WRAP_ERROR) , "wrap error"},
229{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"}, 228 {0, NULL}
230{0,NULL} 229};
231 };
232 230
233#endif 231#endif
234 232
235void ERR_load_CMS_strings(void) 233void
236 { 234ERR_load_CMS_strings(void)
235{
237#ifndef OPENSSL_NO_ERR 236#ifndef OPENSSL_NO_ERR
238 237 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
239 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) 238 ERR_load_strings(0, CMS_str_functs);
240 { 239 ERR_load_strings(0, CMS_str_reasons);
241 ERR_load_strings(0,CMS_str_functs);
242 ERR_load_strings(0,CMS_str_reasons);
243 }
244#endif
245 } 240 }
241#endif
242}
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
index 8dbd56ef2b..6868edaaed 100644
--- a/src/lib/libcrypto/cms/cms_ess.c
+++ b/src/lib/libcrypto/cms/cms_ess.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,15 +67,17 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
67 67
68/* ESS services: for now just Signed Receipt related */ 68/* ESS services: for now just Signed Receipt related */
69 69
70int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) 70int
71 { 71CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
72{
72 ASN1_STRING *str; 73 ASN1_STRING *str;
73 CMS_ReceiptRequest *rr = NULL; 74 CMS_ReceiptRequest *rr = NULL;
75
74 if (prr) 76 if (prr)
75 *prr = NULL; 77 *prr = NULL;
76 str = CMS_signed_get0_data_by_OBJ(si, 78 str = CMS_signed_get0_data_by_OBJ(si,
77 OBJ_nid2obj(NID_id_smime_aa_receiptRequest), 79 OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
78 -3, V_ASN1_SEQUENCE); 80 -3, V_ASN1_SEQUENCE);
79 if (!str) 81 if (!str)
80 return 0; 82 return 0;
81 83
@@ -87,13 +89,12 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
87 else 89 else
88 CMS_ReceiptRequest_free(rr); 90 CMS_ReceiptRequest_free(rr);
89 return 1; 91 return 1;
90 } 92}
91 93
92CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, 94CMS_ReceiptRequest *
93 int allorfirst, 95CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
94 STACK_OF(GENERAL_NAMES) *receiptList, 96 STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
95 STACK_OF(GENERAL_NAMES) *receiptsTo) 97{
96 {
97 CMS_ReceiptRequest *rr = NULL; 98 CMS_ReceiptRequest *rr = NULL;
98 99
99 rr = CMS_ReceiptRequest_new(); 100 rr = CMS_ReceiptRequest_new();
@@ -101,44 +102,38 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
101 goto merr; 102 goto merr;
102 if (id) 103 if (id)
103 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); 104 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
104 else 105 else {
105 {
106 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) 106 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
107 goto merr; 107 goto merr;
108 if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) 108 if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
109 <= 0) 109 <= 0)
110 goto err; 110 goto err;
111 } 111 }
112 112
113 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free); 113 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
114 rr->receiptsTo = receiptsTo; 114 rr->receiptsTo = receiptsTo;
115 115
116 if (receiptList) 116 if (receiptList) {
117 {
118 rr->receiptsFrom->type = 1; 117 rr->receiptsFrom->type = 1;
119 rr->receiptsFrom->d.receiptList = receiptList; 118 rr->receiptsFrom->d.receiptList = receiptList;
120 } 119 } else {
121 else
122 {
123 rr->receiptsFrom->type = 0; 120 rr->receiptsFrom->type = 0;
124 rr->receiptsFrom->d.allOrFirstTier = allorfirst; 121 rr->receiptsFrom->d.allOrFirstTier = allorfirst;
125 } 122 }
126 123
127 return rr; 124 return rr;
128 125
129 merr: 126merr:
130 CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE); 127 CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
131 128err:
132 err:
133 if (rr) 129 if (rr)
134 CMS_ReceiptRequest_free(rr); 130 CMS_ReceiptRequest_free(rr);
135
136 return NULL; 131 return NULL;
137 132}
138 }
139 133
140int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) 134int
141 { 135CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
136{
142 unsigned char *rrder = NULL; 137 unsigned char *rrder = NULL;
143 int rrderlen, r = 0; 138 int rrderlen, r = 0;
144 139
@@ -147,86 +142,81 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
147 goto merr; 142 goto merr;
148 143
149 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, 144 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
150 V_ASN1_SEQUENCE, rrder, rrderlen)) 145 V_ASN1_SEQUENCE, rrder, rrderlen))
151 goto merr; 146 goto merr;
152 147
153 r = 1; 148 r = 1;
154 149
155 merr: 150merr:
156 if (!r) 151 if (!r)
157 CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); 152 CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
158
159 free(rrder); 153 free(rrder);
160
161 return r; 154 return r;
162 155}
163 }
164 156
165void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, 157void
166 ASN1_STRING **pcid, 158CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
167 int *pallorfirst, 159 int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
168 STACK_OF(GENERAL_NAMES) **plist, 160 STACK_OF(GENERAL_NAMES) **prto)
169 STACK_OF(GENERAL_NAMES) **prto) 161{
170 {
171 if (pcid) 162 if (pcid)
172 *pcid = rr->signedContentIdentifier; 163 *pcid = rr->signedContentIdentifier;
173 if (rr->receiptsFrom->type == 0) 164 if (rr->receiptsFrom->type == 0) {
174 {
175 if (pallorfirst) 165 if (pallorfirst)
176 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier; 166 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
177 if (plist) 167 if (plist)
178 *plist = NULL; 168 *plist = NULL;
179 } 169 } else {
180 else
181 {
182 if (pallorfirst) 170 if (pallorfirst)
183 *pallorfirst = -1; 171 *pallorfirst = -1;
184 if (plist) 172 if (plist)
185 *plist = rr->receiptsFrom->d.receiptList; 173 *plist = rr->receiptsFrom->d.receiptList;
186 } 174 }
187 if (prto) 175 if (prto)
188 *prto = rr->receiptsTo; 176 *prto = rr->receiptsTo;
189 } 177}
190 178
191/* Digest a SignerInfo structure for msgSigDigest attribute processing */ 179/* Digest a SignerInfo structure for msgSigDigest attribute processing */
192 180
193static int cms_msgSigDigest(CMS_SignerInfo *si, 181static int
194 unsigned char *dig, unsigned int *diglen) 182cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen)
195 { 183{
196 const EVP_MD *md; 184 const EVP_MD *md;
185
197 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 186 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
198 if (md == NULL) 187 if (md == NULL)
199 return 0; 188 return 0;
200 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, 189 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
201 si->signedAttrs, dig, diglen)) 190 si->signedAttrs, dig, diglen))
202 return 0; 191 return 0;
203 return 1; 192 return 1;
204 } 193}
205 194
206/* Add a msgSigDigest attribute to a SignerInfo */ 195/* Add a msgSigDigest attribute to a SignerInfo */
207 196
208int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) 197int
209 { 198cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
199{
210 unsigned char dig[EVP_MAX_MD_SIZE]; 200 unsigned char dig[EVP_MAX_MD_SIZE];
211 unsigned int diglen; 201 unsigned int diglen;
212 if (!cms_msgSigDigest(src, dig, &diglen)) 202
213 { 203 if (!cms_msgSigDigest(src, dig, &diglen)) {
214 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR); 204 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
215 return 0; 205 return 0;
216 } 206 }
217 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, 207 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
218 V_ASN1_OCTET_STRING, dig, diglen)) 208 V_ASN1_OCTET_STRING, dig, diglen)) {
219 {
220 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE); 209 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
221 return 0; 210 return 0;
222 }
223 return 1;
224 } 211 }
212 return 1;
213}
225 214
226/* Verify signed receipt after it has already passed normal CMS verify */ 215/* Verify signed receipt after it has already passed normal CMS verify */
227 216
228int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) 217int
229 { 218cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
219{
230 int r = 0, i; 220 int r = 0, i;
231 CMS_ReceiptRequest *rr = NULL; 221 CMS_ReceiptRequest *rr = NULL;
232 CMS_Receipt *rct = NULL; 222 CMS_Receipt *rct = NULL;
@@ -243,138 +233,122 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
243 if (!osis || !sis) 233 if (!osis || !sis)
244 goto err; 234 goto err;
245 235
246 if (sk_CMS_SignerInfo_num(sis) != 1) 236 if (sk_CMS_SignerInfo_num(sis) != 1) {
247 {
248 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER); 237 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
249 goto err; 238 goto err;
250 } 239 }
251 240
252 /* Check receipt content type */ 241 /* Check receipt content type */
253 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) 242 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
254 {
255 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT); 243 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
256 goto err; 244 goto err;
257 } 245 }
258 246
259 /* Extract and decode receipt content */ 247 /* Extract and decode receipt content */
260 pcont = CMS_get0_content(cms); 248 pcont = CMS_get0_content(cms);
261 if (!pcont || !*pcont) 249 if (!pcont || !*pcont) {
262 {
263 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT); 250 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
264 goto err; 251 goto err;
265 } 252 }
266 253
267 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt)); 254 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
268 255
269 if (!rct) 256 if (!rct) {
270 {
271 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR); 257 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
272 goto err; 258 goto err;
273 } 259 }
274 260
275 /* Locate original request */ 261 /* Locate original request */
276 262
277 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) 263 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
278 {
279 osi = sk_CMS_SignerInfo_value(osis, i); 264 osi = sk_CMS_SignerInfo_value(osis, i);
280 if (!ASN1_STRING_cmp(osi->signature, 265 if (!ASN1_STRING_cmp(osi->signature,
281 rct->originatorSignatureValue)) 266 rct->originatorSignatureValue))
282 break; 267 break;
283 } 268 }
284 269
285 if (i == sk_CMS_SignerInfo_num(osis)) 270 if (i == sk_CMS_SignerInfo_num(osis)) {
286 {
287 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE); 271 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
288 goto err; 272 goto err;
289 } 273 }
290 274
291 si = sk_CMS_SignerInfo_value(sis, 0); 275 si = sk_CMS_SignerInfo_value(sis, 0);
292 276
293 /* Get msgSigDigest value and compare */ 277 /* Get msgSigDigest value and compare */
294 278
295 msig = CMS_signed_get0_data_by_OBJ(si, 279 msig = CMS_signed_get0_data_by_OBJ(si,
296 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), 280 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, V_ASN1_OCTET_STRING);
297 -3, V_ASN1_OCTET_STRING);
298 281
299 if (!msig) 282 if (!msig) {
300 {
301 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST); 283 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
302 goto err; 284 goto err;
303 } 285 }
304 286
305 if (!cms_msgSigDigest(osi, dig, &diglen)) 287 if (!cms_msgSigDigest(osi, dig, &diglen)) {
306 {
307 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR); 288 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
308 goto err; 289 goto err;
309 } 290 }
310 291
311 if (diglen != (unsigned int)msig->length) 292 if (diglen != (unsigned int)msig->length) {
312 { 293 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
313 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, 294 CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
314 CMS_R_MSGSIGDIGEST_WRONG_LENGTH); 295 goto err;
315 goto err; 296 }
316 }
317 297
318 if (memcmp(dig, msig->data, diglen)) 298 if (memcmp(dig, msig->data, diglen)) {
319 { 299 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
320 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, 300 CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
321 CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE); 301 goto err;
322 goto err; 302 }
323 }
324 303
325 /* Compare content types */ 304 /* Compare content types */
326 305
327 octype = CMS_signed_get0_data_by_OBJ(osi, 306 octype = CMS_signed_get0_data_by_OBJ(osi,
328 OBJ_nid2obj(NID_pkcs9_contentType), 307 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
329 -3, V_ASN1_OBJECT); 308 if (!octype) {
330 if (!octype)
331 {
332 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE); 309 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
333 goto err; 310 goto err;
334 } 311 }
335 312
336 /* Compare details in receipt request */ 313 /* Compare details in receipt request */
337 314
338 if (OBJ_cmp(octype, rct->contentType)) 315 if (OBJ_cmp(octype, rct->contentType)) {
339 {
340 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH); 316 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
341 goto err; 317 goto err;
342 } 318 }
343 319
344 /* Get original receipt request details */ 320 /* Get original receipt request details */
345 321
346 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) 322 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
347 {
348 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); 323 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
349 goto err; 324 goto err;
350 } 325 }
351 326
352 if (ASN1_STRING_cmp(rr->signedContentIdentifier, 327 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
353 rct->signedContentIdentifier)) 328 rct->signedContentIdentifier)) {
354 {
355 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, 329 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
356 CMS_R_CONTENTIDENTIFIER_MISMATCH); 330 CMS_R_CONTENTIDENTIFIER_MISMATCH);
357 goto err; 331 goto err;
358 } 332 }
359 333
360 r = 1; 334 r = 1;
361 335
362 err: 336err:
363 if (rr) 337 if (rr)
364 CMS_ReceiptRequest_free(rr); 338 CMS_ReceiptRequest_free(rr);
365 if (rct) 339 if (rct)
366 M_ASN1_free_of(rct, CMS_Receipt); 340 M_ASN1_free_of(rct, CMS_Receipt);
367 341
368 return r; 342 return r;
369 343}
370 }
371 344
372/* Encode a Receipt into an OCTET STRING read for including into content of 345/* Encode a Receipt into an OCTET STRING read for including into content of
373 * a SignedData ContentInfo. 346 * a SignedData ContentInfo.
374 */ 347 */
375 348
376ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) 349ASN1_OCTET_STRING *
377 { 350cms_encode_Receipt(CMS_SignerInfo *si)
351{
378 CMS_Receipt rct; 352 CMS_Receipt rct;
379 CMS_ReceiptRequest *rr = NULL; 353 CMS_ReceiptRequest *rr = NULL;
380 ASN1_OBJECT *ctype; 354 ASN1_OBJECT *ctype;
@@ -384,22 +358,19 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
384 358
385 /* Get original receipt request details */ 359 /* Get original receipt request details */
386 360
387 if (CMS_get1_ReceiptRequest(si, &rr) <= 0) 361 if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
388 {
389 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); 362 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
390 goto err; 363 goto err;
391 } 364 }
392 365
393 /* Get original content type */ 366 /* Get original content type */
394 367
395 ctype = CMS_signed_get0_data_by_OBJ(si, 368 ctype = CMS_signed_get0_data_by_OBJ(si,
396 OBJ_nid2obj(NID_pkcs9_contentType), 369 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
397 -3, V_ASN1_OBJECT); 370 if (!ctype) {
398 if (!ctype)
399 {
400 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE); 371 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
401 goto err; 372 goto err;
402 } 373 }
403 374
404 rct.version = 1; 375 rct.version = 1;
405 rct.contentType = ctype; 376 rct.contentType = ctype;
@@ -408,12 +379,8 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
408 379
409 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); 380 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
410 381
411 err: 382err:
412 if (rr) 383 if (rr)
413 CMS_ReceiptRequest_free(rr); 384 CMS_ReceiptRequest_free(rr);
414
415 return os; 385 return os;
416 386}
417 }
418
419
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
index 1cb0264cc5..f8c1d45152 100644
--- a/src/lib/libcrypto/cms/cms_io.c
+++ b/src/lib/libcrypto/cms/cms_io.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -58,76 +58,82 @@
58#include "cms.h" 58#include "cms.h"
59#include "cms_lcl.h" 59#include "cms_lcl.h"
60 60
61int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) 61int
62 { 62CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
63{
63 ASN1_OCTET_STRING **pos; 64 ASN1_OCTET_STRING **pos;
65
64 pos = CMS_get0_content(cms); 66 pos = CMS_get0_content(cms);
65 if (!pos) 67 if (!pos)
66 return 0; 68 return 0;
67 if (!*pos) 69 if (!*pos)
68 *pos = ASN1_OCTET_STRING_new(); 70 *pos = ASN1_OCTET_STRING_new();
69 if (*pos) 71 if (*pos) {
70 {
71 (*pos)->flags |= ASN1_STRING_FLAG_NDEF; 72 (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
72 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; 73 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
73 *boundary = &(*pos)->data; 74 *boundary = &(*pos)->data;
74 return 1; 75 return 1;
75 } 76 }
76 CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE); 77 CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
77 return 0; 78 return 0;
78 } 79}
79 80
80CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) 81CMS_ContentInfo *
81 { 82d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
83{
82 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); 84 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
83 } 85}
84 86
85int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) 87int
86 { 88i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
89{
87 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); 90 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
88 } 91}
89 92
90IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) 93IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
91 94
92BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) 95BIO *
93 { 96BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
97{
94 return BIO_new_NDEF(out, (ASN1_VALUE *)cms, 98 return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
95 ASN1_ITEM_rptr(CMS_ContentInfo)); 99 ASN1_ITEM_rptr(CMS_ContentInfo));
96 } 100}
97 101
98/* CMS wrappers round generalised stream and MIME routines */ 102/* CMS wrappers round generalised stream and MIME routines */
99 103
100int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) 104int
101 { 105i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
106{
102 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags, 107 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
103 ASN1_ITEM_rptr(CMS_ContentInfo)); 108 ASN1_ITEM_rptr(CMS_ContentInfo));
104 } 109}
105 110
106int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) 111int
107 { 112PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
113{
108 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags, 114 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
109 "CMS", 115 "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
110 ASN1_ITEM_rptr(CMS_ContentInfo)); 116}
111 }
112 117
113int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) 118int
114 { 119SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
120{
115 STACK_OF(X509_ALGOR) *mdalgs; 121 STACK_OF(X509_ALGOR) *mdalgs;
116 int ctype_nid = OBJ_obj2nid(cms->contentType); 122 int ctype_nid = OBJ_obj2nid(cms->contentType);
117 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); 123 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
124
118 if (ctype_nid == NID_pkcs7_signed) 125 if (ctype_nid == NID_pkcs7_signed)
119 mdalgs = cms->d.signedData->digestAlgorithms; 126 mdalgs = cms->d.signedData->digestAlgorithms;
120 else 127 else
121 mdalgs = NULL; 128 mdalgs = NULL;
122 129
123 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, 130 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
124 ctype_nid, econt_nid, mdalgs, 131 ctype_nid, econt_nid, mdalgs, ASN1_ITEM_rptr(CMS_ContentInfo));
125 ASN1_ITEM_rptr(CMS_ContentInfo)); 132}
126 }
127 133
128CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) 134CMS_ContentInfo *
129 { 135SMIME_read_CMS(BIO *bio, BIO **bcont)
136{
130 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, 137 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
131 ASN1_ITEM_rptr(CMS_ContentInfo)); 138 ASN1_ITEM_rptr(CMS_ContentInfo));
132 } 139}
133
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
index a9f9730157..3c905342f4 100644
--- a/src/lib/libcrypto/cms/cms_lcl.h
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -93,10 +93,9 @@ typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; 93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; 94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
95 95
96struct CMS_ContentInfo_st 96struct CMS_ContentInfo_st {
97 {
98 ASN1_OBJECT *contentType; 97 ASN1_OBJECT *contentType;
99 union { 98 union {
100 ASN1_OCTET_STRING *data; 99 ASN1_OCTET_STRING *data;
101 CMS_SignedData *signedData; 100 CMS_SignedData *signedData;
102 CMS_EnvelopedData *envelopedData; 101 CMS_EnvelopedData *envelopedData;
@@ -107,29 +106,26 @@ struct CMS_ContentInfo_st
107 ASN1_TYPE *other; 106 ASN1_TYPE *other;
108 /* Other types ... */ 107 /* Other types ... */
109 void *otherData; 108 void *otherData;
110 } d; 109 } d;
111 }; 110};
112 111
113struct CMS_SignedData_st 112struct CMS_SignedData_st {
114 {
115 long version; 113 long version;
116 STACK_OF(X509_ALGOR) *digestAlgorithms; 114 STACK_OF(X509_ALGOR) *digestAlgorithms;
117 CMS_EncapsulatedContentInfo *encapContentInfo; 115 CMS_EncapsulatedContentInfo *encapContentInfo;
118 STACK_OF(CMS_CertificateChoices) *certificates; 116 STACK_OF(CMS_CertificateChoices) *certificates;
119 STACK_OF(CMS_RevocationInfoChoice) *crls; 117 STACK_OF(CMS_RevocationInfoChoice) *crls;
120 STACK_OF(CMS_SignerInfo) *signerInfos; 118 STACK_OF(CMS_SignerInfo) *signerInfos;
121 }; 119};
122 120
123struct CMS_EncapsulatedContentInfo_st 121struct CMS_EncapsulatedContentInfo_st {
124 {
125 ASN1_OBJECT *eContentType; 122 ASN1_OBJECT *eContentType;
126 ASN1_OCTET_STRING *eContent; 123 ASN1_OCTET_STRING *eContent;
127 /* Set to 1 if incomplete structure only part set up */ 124 /* Set to 1 if incomplete structure only part set up */
128 int partial; 125 int partial;
129 }; 126};
130 127
131struct CMS_SignerInfo_st 128struct CMS_SignerInfo_st {
132 {
133 long version; 129 long version;
134 CMS_SignerIdentifier *sid; 130 CMS_SignerIdentifier *sid;
135 X509_ALGOR *digestAlgorithm; 131 X509_ALGOR *digestAlgorithm;
@@ -140,34 +136,30 @@ struct CMS_SignerInfo_st
140 /* Signing certificate and key */ 136 /* Signing certificate and key */
141 X509 *signer; 137 X509 *signer;
142 EVP_PKEY *pkey; 138 EVP_PKEY *pkey;
143 }; 139};
144 140
145struct CMS_SignerIdentifier_st 141struct CMS_SignerIdentifier_st {
146 {
147 int type; 142 int type;
148 union { 143 union {
149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 144 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
150 ASN1_OCTET_STRING *subjectKeyIdentifier; 145 ASN1_OCTET_STRING *subjectKeyIdentifier;
151 } d; 146 } d;
152 }; 147};
153 148
154struct CMS_EnvelopedData_st 149struct CMS_EnvelopedData_st {
155 {
156 long version; 150 long version;
157 CMS_OriginatorInfo *originatorInfo; 151 CMS_OriginatorInfo *originatorInfo;
158 STACK_OF(CMS_RecipientInfo) *recipientInfos; 152 STACK_OF(CMS_RecipientInfo) *recipientInfos;
159 CMS_EncryptedContentInfo *encryptedContentInfo; 153 CMS_EncryptedContentInfo *encryptedContentInfo;
160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 154 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
161 }; 155};
162 156
163struct CMS_OriginatorInfo_st 157struct CMS_OriginatorInfo_st {
164 {
165 STACK_OF(CMS_CertificateChoices) *certificates; 158 STACK_OF(CMS_CertificateChoices) *certificates;
166 STACK_OF(CMS_RevocationInfoChoice) *crls; 159 STACK_OF(CMS_RevocationInfoChoice) *crls;
167 }; 160};
168 161
169struct CMS_EncryptedContentInfo_st 162struct CMS_EncryptedContentInfo_st {
170 {
171 ASN1_OBJECT *contentType; 163 ASN1_OBJECT *contentType;
172 X509_ALGOR *contentEncryptionAlgorithm; 164 X509_ALGOR *contentEncryptionAlgorithm;
173 ASN1_OCTET_STRING *encryptedContent; 165 ASN1_OCTET_STRING *encryptedContent;
@@ -177,24 +169,22 @@ struct CMS_EncryptedContentInfo_st
177 size_t keylen; 169 size_t keylen;
178 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ 170 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
179 int debug; 171 int debug;
180 }; 172};
181 173
182struct CMS_RecipientInfo_st 174struct CMS_RecipientInfo_st {
183 { 175 int type;
184 int type; 176 union {
185 union { 177 CMS_KeyTransRecipientInfo *ktri;
186 CMS_KeyTransRecipientInfo *ktri; 178 CMS_KeyAgreeRecipientInfo *kari;
187 CMS_KeyAgreeRecipientInfo *kari; 179 CMS_KEKRecipientInfo *kekri;
188 CMS_KEKRecipientInfo *kekri;
189 CMS_PasswordRecipientInfo *pwri; 180 CMS_PasswordRecipientInfo *pwri;
190 CMS_OtherRecipientInfo *ori; 181 CMS_OtherRecipientInfo *ori;
191 } d; 182 } d;
192 }; 183};
193 184
194typedef CMS_SignerIdentifier CMS_RecipientIdentifier; 185typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
195 186
196struct CMS_KeyTransRecipientInfo_st 187struct CMS_KeyTransRecipientInfo_st {
197 {
198 long version; 188 long version;
199 CMS_RecipientIdentifier *rid; 189 CMS_RecipientIdentifier *rid;
200 X509_ALGOR *keyEncryptionAlgorithm; 190 X509_ALGOR *keyEncryptionAlgorithm;
@@ -202,107 +192,94 @@ struct CMS_KeyTransRecipientInfo_st
202 /* Recipient Key and cert */ 192 /* Recipient Key and cert */
203 X509 *recip; 193 X509 *recip;
204 EVP_PKEY *pkey; 194 EVP_PKEY *pkey;
205 }; 195};
206 196
207struct CMS_KeyAgreeRecipientInfo_st 197struct CMS_KeyAgreeRecipientInfo_st {
208 {
209 long version; 198 long version;
210 CMS_OriginatorIdentifierOrKey *originator; 199 CMS_OriginatorIdentifierOrKey *originator;
211 ASN1_OCTET_STRING *ukm; 200 ASN1_OCTET_STRING *ukm;
212 X509_ALGOR *keyEncryptionAlgorithm; 201 X509_ALGOR *keyEncryptionAlgorithm;
213 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; 202 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
214 }; 203};
215 204
216struct CMS_OriginatorIdentifierOrKey_st 205struct CMS_OriginatorIdentifierOrKey_st {
217 {
218 int type; 206 int type;
219 union { 207 union {
220 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 208 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
221 ASN1_OCTET_STRING *subjectKeyIdentifier; 209 ASN1_OCTET_STRING *subjectKeyIdentifier;
222 CMS_OriginatorPublicKey *originatorKey; 210 CMS_OriginatorPublicKey *originatorKey;
223 } d; 211 } d;
224 }; 212};
225 213
226struct CMS_OriginatorPublicKey_st 214struct CMS_OriginatorPublicKey_st {
227 {
228 X509_ALGOR *algorithm; 215 X509_ALGOR *algorithm;
229 ASN1_BIT_STRING *publicKey; 216 ASN1_BIT_STRING *publicKey;
230 }; 217};
231 218
232struct CMS_RecipientEncryptedKey_st 219struct CMS_RecipientEncryptedKey_st {
233 { 220 CMS_KeyAgreeRecipientIdentifier *rid;
234 CMS_KeyAgreeRecipientIdentifier *rid; 221 ASN1_OCTET_STRING *encryptedKey;
235 ASN1_OCTET_STRING *encryptedKey; 222};
236 };
237 223
238struct CMS_KeyAgreeRecipientIdentifier_st 224struct CMS_KeyAgreeRecipientIdentifier_st {
239 {
240 int type; 225 int type;
241 union { 226 union {
242 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 227 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
243 CMS_RecipientKeyIdentifier *rKeyId; 228 CMS_RecipientKeyIdentifier *rKeyId;
244 } d; 229 } d;
245 }; 230};
246 231
247struct CMS_RecipientKeyIdentifier_st 232struct CMS_RecipientKeyIdentifier_st {
248 { 233 ASN1_OCTET_STRING *subjectKeyIdentifier;
249 ASN1_OCTET_STRING *subjectKeyIdentifier; 234 ASN1_GENERALIZEDTIME *date;
250 ASN1_GENERALIZEDTIME *date; 235 CMS_OtherKeyAttribute *other;
251 CMS_OtherKeyAttribute *other; 236};
252 };
253 237
254struct CMS_KEKRecipientInfo_st 238struct CMS_KEKRecipientInfo_st {
255 { 239 long version;
256 long version; 240 CMS_KEKIdentifier *kekid;
257 CMS_KEKIdentifier *kekid; 241 X509_ALGOR *keyEncryptionAlgorithm;
258 X509_ALGOR *keyEncryptionAlgorithm; 242 ASN1_OCTET_STRING *encryptedKey;
259 ASN1_OCTET_STRING *encryptedKey;
260 /* Extra info: symmetric key to use */ 243 /* Extra info: symmetric key to use */
261 unsigned char *key; 244 unsigned char *key;
262 size_t keylen; 245 size_t keylen;
263 }; 246};
264 247
265struct CMS_KEKIdentifier_st 248struct CMS_KEKIdentifier_st {
266 { 249 ASN1_OCTET_STRING *keyIdentifier;
267 ASN1_OCTET_STRING *keyIdentifier; 250 ASN1_GENERALIZEDTIME *date;
268 ASN1_GENERALIZEDTIME *date; 251 CMS_OtherKeyAttribute *other;
269 CMS_OtherKeyAttribute *other; 252};
270 };
271 253
272struct CMS_PasswordRecipientInfo_st 254struct CMS_PasswordRecipientInfo_st {
273 { 255 long version;
274 long version; 256 X509_ALGOR *keyDerivationAlgorithm;
275 X509_ALGOR *keyDerivationAlgorithm; 257 X509_ALGOR *keyEncryptionAlgorithm;
276 X509_ALGOR *keyEncryptionAlgorithm; 258 ASN1_OCTET_STRING *encryptedKey;
277 ASN1_OCTET_STRING *encryptedKey;
278 /* Extra info: password to use */ 259 /* Extra info: password to use */
279 unsigned char *pass; 260 unsigned char *pass;
280 size_t passlen; 261 size_t passlen;
281 }; 262};
282 263
283struct CMS_OtherRecipientInfo_st 264struct CMS_OtherRecipientInfo_st {
284 { 265 ASN1_OBJECT *oriType;
285 ASN1_OBJECT *oriType; 266 ASN1_TYPE *oriValue;
286 ASN1_TYPE *oriValue; 267};
287 };
288 268
289struct CMS_DigestedData_st 269struct CMS_DigestedData_st {
290 {
291 long version; 270 long version;
292 X509_ALGOR *digestAlgorithm; 271 X509_ALGOR *digestAlgorithm;
293 CMS_EncapsulatedContentInfo *encapContentInfo; 272 CMS_EncapsulatedContentInfo *encapContentInfo;
294 ASN1_OCTET_STRING *digest; 273 ASN1_OCTET_STRING *digest;
295 }; 274};
296 275
297struct CMS_EncryptedData_st 276struct CMS_EncryptedData_st {
298 {
299 long version; 277 long version;
300 CMS_EncryptedContentInfo *encryptedContentInfo; 278 CMS_EncryptedContentInfo *encryptedContentInfo;
301 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 279 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
302 }; 280};
303 281
304struct CMS_AuthenticatedData_st 282struct CMS_AuthenticatedData_st {
305 {
306 long version; 283 long version;
307 CMS_OriginatorInfo *originatorInfo; 284 CMS_OriginatorInfo *originatorInfo;
308 STACK_OF(CMS_RecipientInfo) *recipientInfos; 285 STACK_OF(CMS_RecipientInfo) *recipientInfos;
@@ -312,45 +289,41 @@ struct CMS_AuthenticatedData_st
312 STACK_OF(X509_ATTRIBUTE) *authAttrs; 289 STACK_OF(X509_ATTRIBUTE) *authAttrs;
313 ASN1_OCTET_STRING *mac; 290 ASN1_OCTET_STRING *mac;
314 STACK_OF(X509_ATTRIBUTE) *unauthAttrs; 291 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
315 }; 292};
316 293
317struct CMS_CompressedData_st 294struct CMS_CompressedData_st {
318 {
319 long version; 295 long version;
320 X509_ALGOR *compressionAlgorithm; 296 X509_ALGOR *compressionAlgorithm;
321 STACK_OF(CMS_RecipientInfo) *recipientInfos; 297 STACK_OF(CMS_RecipientInfo) *recipientInfos;
322 CMS_EncapsulatedContentInfo *encapContentInfo; 298 CMS_EncapsulatedContentInfo *encapContentInfo;
323 }; 299};
324 300
325struct CMS_RevocationInfoChoice_st 301struct CMS_RevocationInfoChoice_st {
326 {
327 int type; 302 int type;
328 union { 303 union {
329 X509_CRL *crl; 304 X509_CRL *crl;
330 CMS_OtherRevocationInfoFormat *other; 305 CMS_OtherRevocationInfoFormat *other;
331 } d; 306 } d;
332 }; 307};
333 308
334#define CMS_REVCHOICE_CRL 0 309#define CMS_REVCHOICE_CRL 0
335#define CMS_REVCHOICE_OTHER 1 310#define CMS_REVCHOICE_OTHER 1
336 311
337struct CMS_OtherRevocationInfoFormat_st 312struct CMS_OtherRevocationInfoFormat_st {
338 {
339 ASN1_OBJECT *otherRevInfoFormat; 313 ASN1_OBJECT *otherRevInfoFormat;
340 ASN1_TYPE *otherRevInfo; 314 ASN1_TYPE *otherRevInfo;
341 }; 315};
342 316
343struct CMS_CertificateChoices 317struct CMS_CertificateChoices {
344 {
345 int type; 318 int type;
346 union { 319 union {
347 X509 *certificate; 320 X509 *certificate;
348 ASN1_STRING *extendedCertificate; /* Obsolete */ 321 ASN1_STRING *extendedCertificate; /* Obsolete */
349 ASN1_STRING *v1AttrCert; /* Left encoded for now */ 322 ASN1_STRING *v1AttrCert; /* Left encoded for now */
350 ASN1_STRING *v2AttrCert; /* Left encoded for now */ 323 ASN1_STRING *v2AttrCert; /* Left encoded for now */
351 CMS_OtherCertificateFormat *other; 324 CMS_OtherCertificateFormat *other;
352 } d; 325 } d;
353 }; 326};
354 327
355#define CMS_CERTCHOICE_CERT 0 328#define CMS_CERTCHOICE_CERT 0
356#define CMS_CERTCHOICE_EXCERT 1 329#define CMS_CERTCHOICE_EXCERT 1
@@ -358,58 +331,52 @@ struct CMS_CertificateChoices
358#define CMS_CERTCHOICE_V2ACERT 3 331#define CMS_CERTCHOICE_V2ACERT 3
359#define CMS_CERTCHOICE_OTHER 4 332#define CMS_CERTCHOICE_OTHER 4
360 333
361struct CMS_OtherCertificateFormat_st 334struct CMS_OtherCertificateFormat_st {
362 {
363 ASN1_OBJECT *otherCertFormat; 335 ASN1_OBJECT *otherCertFormat;
364 ASN1_TYPE *otherCert; 336 ASN1_TYPE *otherCert;
365 }; 337};
366 338
367/* This is also defined in pkcs7.h but we duplicate it 339/* This is also defined in pkcs7.h but we duplicate it
368 * to allow the CMS code to be independent of PKCS#7 340 * to allow the CMS code to be independent of PKCS#7
369 */ 341 */
370 342
371struct CMS_IssuerAndSerialNumber_st 343struct CMS_IssuerAndSerialNumber_st {
372 {
373 X509_NAME *issuer; 344 X509_NAME *issuer;
374 ASN1_INTEGER *serialNumber; 345 ASN1_INTEGER *serialNumber;
375 }; 346};
376 347
377struct CMS_OtherKeyAttribute_st 348struct CMS_OtherKeyAttribute_st {
378 {
379 ASN1_OBJECT *keyAttrId; 349 ASN1_OBJECT *keyAttrId;
380 ASN1_TYPE *keyAttr; 350 ASN1_TYPE *keyAttr;
381 }; 351};
382 352
383/* ESS structures */ 353/* ESS structures */
384 354
385#ifdef HEADER_X509V3_H 355#ifdef HEADER_X509V3_H
386 356
387struct CMS_ReceiptRequest_st 357struct CMS_ReceiptRequest_st {
388 {
389 ASN1_OCTET_STRING *signedContentIdentifier; 358 ASN1_OCTET_STRING *signedContentIdentifier;
390 CMS_ReceiptsFrom *receiptsFrom; 359 CMS_ReceiptsFrom *receiptsFrom;
391 STACK_OF(GENERAL_NAMES) *receiptsTo; 360 STACK_OF(GENERAL_NAMES) *receiptsTo;
392 }; 361};
393 362
394 363
395struct CMS_ReceiptsFrom_st 364struct CMS_ReceiptsFrom_st {
396 {
397 int type; 365 int type;
398 union 366 union
399 { 367 {
400 long allOrFirstTier; 368 long allOrFirstTier;
401 STACK_OF(GENERAL_NAMES) *receiptList; 369 STACK_OF(GENERAL_NAMES) *receiptList;
402 } d; 370 } d;
403 }; 371};
404#endif 372#endif
405 373
406struct CMS_Receipt_st 374struct CMS_Receipt_st {
407 {
408 long version; 375 long version;
409 ASN1_OBJECT *contentType; 376 ASN1_OBJECT *contentType;
410 ASN1_OCTET_STRING *signedContentIdentifier; 377 ASN1_OCTET_STRING *signedContentIdentifier;
411 ASN1_OCTET_STRING *originatorSignatureValue; 378 ASN1_OCTET_STRING *originatorSignatureValue;
412 }; 379};
413 380
414DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) 381DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
415DECLARE_ASN1_ITEM(CMS_SignerInfo) 382DECLARE_ASN1_ITEM(CMS_SignerInfo)
@@ -438,8 +405,7 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
438int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); 405int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
439int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); 406int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
440int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 407int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
441 ASN1_OCTET_STRING **keyid, 408 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
442 X509_NAME **issuer, ASN1_INTEGER **sno);
443int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); 409int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
444 410
445CMS_ContentInfo *cms_CompressedData_create(int comp_nid); 411CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
@@ -448,13 +414,12 @@ BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
448void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); 414void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
449BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); 415BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
450int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 416int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
451 X509_ALGOR *mdalg); 417 X509_ALGOR *mdalg);
452 418
453BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); 419BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
454BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); 420BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
455int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 421int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
456 const EVP_CIPHER *cipher, 422 const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen);
457 const unsigned char *key, size_t keylen);
458 423
459int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); 424int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
460int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); 425int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
@@ -465,8 +430,8 @@ CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
465 430
466/* PWRI routines */ 431/* PWRI routines */
467int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 432int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
468 int en_de); 433 int en_de);
469 434
470#ifdef __cplusplus 435#ifdef __cplusplus
471} 436}
472#endif 437#endif
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index ba08279a04..66bd73c86c 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -68,27 +68,31 @@ DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
68DECLARE_STACK_OF(CMS_CertificateChoices) 68DECLARE_STACK_OF(CMS_CertificateChoices)
69DECLARE_STACK_OF(CMS_RevocationInfoChoice) 69DECLARE_STACK_OF(CMS_RevocationInfoChoice)
70 70
71const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms) 71const ASN1_OBJECT *
72 { 72CMS_get0_type(CMS_ContentInfo *cms)
73{
73 return cms->contentType; 74 return cms->contentType;
74 } 75}
75 76
76CMS_ContentInfo *cms_Data_create(void) 77CMS_ContentInfo *
77 { 78cms_Data_create(void)
79{
78 CMS_ContentInfo *cms; 80 CMS_ContentInfo *cms;
81
79 cms = CMS_ContentInfo_new(); 82 cms = CMS_ContentInfo_new();
80 if (cms) 83 if (cms) {
81 {
82 cms->contentType = OBJ_nid2obj(NID_pkcs7_data); 84 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
83 /* Never detached */ 85 /* Never detached */
84 CMS_set_detached(cms, 0); 86 CMS_set_detached(cms, 0);
85 }
86 return cms;
87 } 87 }
88 return cms;
89}
88 90
89BIO *cms_content_bio(CMS_ContentInfo *cms) 91BIO *
90 { 92cms_content_bio(CMS_ContentInfo *cms)
93{
91 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 94 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
95
92 if (!pos) 96 if (!pos)
93 return NULL; 97 return NULL;
94 /* If content detached data goes nowhere: create NULL BIO */ 98 /* If content detached data goes nowhere: create NULL BIO */
@@ -100,51 +104,45 @@ BIO *cms_content_bio(CMS_ContentInfo *cms)
100 return BIO_new(BIO_s_mem()); 104 return BIO_new(BIO_s_mem());
101 /* Else content was read in: return read only BIO for it */ 105 /* Else content was read in: return read only BIO for it */
102 return BIO_new_mem_buf((*pos)->data, (*pos)->length); 106 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
103 } 107}
104 108
105BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) 109BIO *
106 { 110CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
111{
107 BIO *cmsbio, *cont; 112 BIO *cmsbio, *cont;
113
108 if (icont) 114 if (icont)
109 cont = icont; 115 cont = icont;
110 else 116 else
111 cont = cms_content_bio(cms); 117 cont = cms_content_bio(cms);
112 if (!cont) 118 if (!cont) {
113 {
114 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT); 119 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
115 return NULL; 120 return NULL;
116 } 121 }
117 switch (OBJ_obj2nid(cms->contentType)) 122 switch (OBJ_obj2nid(cms->contentType)) {
118 { 123 case NID_pkcs7_data:
119
120 case NID_pkcs7_data:
121 return cont; 124 return cont;
122 125 case NID_pkcs7_signed:
123 case NID_pkcs7_signed:
124 cmsbio = cms_SignedData_init_bio(cms); 126 cmsbio = cms_SignedData_init_bio(cms);
125 break; 127 break;
126 128 case NID_pkcs7_digest:
127 case NID_pkcs7_digest:
128 cmsbio = cms_DigestedData_init_bio(cms); 129 cmsbio = cms_DigestedData_init_bio(cms);
129 break; 130 break;
130#ifdef ZLIB 131#ifdef ZLIB
131 case NID_id_smime_ct_compressedData: 132 case NID_id_smime_ct_compressedData:
132 cmsbio = cms_CompressedData_init_bio(cms); 133 cmsbio = cms_CompressedData_init_bio(cms);
133 break; 134 break;
134#endif 135#endif
135 136 case NID_pkcs7_encrypted:
136 case NID_pkcs7_encrypted:
137 cmsbio = cms_EncryptedData_init_bio(cms); 137 cmsbio = cms_EncryptedData_init_bio(cms);
138 break; 138 break;
139 139 case NID_pkcs7_enveloped:
140 case NID_pkcs7_enveloped:
141 cmsbio = cms_EnvelopedData_init_bio(cms); 140 cmsbio = cms_EnvelopedData_init_bio(cms);
142 break; 141 break;
143 142 default:
144 default:
145 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); 143 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
146 return NULL; 144 return NULL;
147 } 145 }
148 146
149 if (cmsbio) 147 if (cmsbio)
150 return BIO_push(cmsbio, cont); 148 return BIO_push(cmsbio, cont);
@@ -152,142 +150,121 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
152 if (!icont) 150 if (!icont)
153 BIO_free(cont); 151 BIO_free(cont);
154 return NULL; 152 return NULL;
153}
155 154
156 } 155int
157 156CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
158int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) 157{
159 {
160 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 158 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
159
161 if (!pos) 160 if (!pos)
162 return 0; 161 return 0;
163 /* If ebmedded content find memory BIO and set content */ 162 /* If ebmedded content find memory BIO and set content */
164 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) 163 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
165 {
166 BIO *mbio; 164 BIO *mbio;
167 unsigned char *cont; 165 unsigned char *cont;
168 long contlen; 166 long contlen;
169 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); 167 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
170 if (!mbio) 168 if (!mbio) {
171 {
172 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND); 169 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
173 return 0; 170 return 0;
174 } 171 }
175 contlen = BIO_get_mem_data(mbio, &cont); 172 contlen = BIO_get_mem_data(mbio, &cont);
176 /* Set bio as read only so its content can't be clobbered */ 173 /* Set bio as read only so its content can't be clobbered */
177 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); 174 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
178 BIO_set_mem_eof_return(mbio, 0); 175 BIO_set_mem_eof_return(mbio, 0);
179 ASN1_STRING_set0(*pos, cont, contlen); 176 ASN1_STRING_set0(*pos, cont, contlen);
180 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; 177 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
181 } 178 }
182
183 switch (OBJ_obj2nid(cms->contentType))
184 {
185 179
186 case NID_pkcs7_data: 180 switch (OBJ_obj2nid(cms->contentType)) {
187 case NID_pkcs7_enveloped: 181 case NID_pkcs7_data:
188 case NID_pkcs7_encrypted: 182 case NID_pkcs7_enveloped:
189 case NID_id_smime_ct_compressedData: 183 case NID_pkcs7_encrypted:
184 case NID_id_smime_ct_compressedData:
190 /* Nothing to do */ 185 /* Nothing to do */
191 return 1; 186 return 1;
192 187 case NID_pkcs7_signed:
193 case NID_pkcs7_signed:
194 return cms_SignedData_final(cms, cmsbio); 188 return cms_SignedData_final(cms, cmsbio);
195 189 case NID_pkcs7_digest:
196 case NID_pkcs7_digest:
197 return cms_DigestedData_do_final(cms, cmsbio, 0); 190 return cms_DigestedData_do_final(cms, cmsbio, 0);
198 191 default:
199 default:
200 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE); 192 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
201 return 0; 193 return 0;
202 }
203 } 194 }
195}
204 196
205/* Return an OCTET STRING pointer to content. This allows it to 197/* Return an OCTET STRING pointer to content. This allows it to
206 * be accessed or set later. 198 * be accessed or set later.
207 */ 199 */
208 200
209ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) 201ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
210 { 202{
211 switch (OBJ_obj2nid(cms->contentType)) 203 switch (OBJ_obj2nid(cms->contentType)) {
212 { 204 case NID_pkcs7_data:
213
214 case NID_pkcs7_data:
215 return &cms->d.data; 205 return &cms->d.data;
216 206 case NID_pkcs7_signed:
217 case NID_pkcs7_signed:
218 return &cms->d.signedData->encapContentInfo->eContent; 207 return &cms->d.signedData->encapContentInfo->eContent;
219 208 case NID_pkcs7_enveloped:
220 case NID_pkcs7_enveloped:
221 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; 209 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
222 210 case NID_pkcs7_digest:
223 case NID_pkcs7_digest:
224 return &cms->d.digestedData->encapContentInfo->eContent; 211 return &cms->d.digestedData->encapContentInfo->eContent;
225 212 case NID_pkcs7_encrypted:
226 case NID_pkcs7_encrypted:
227 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; 213 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
228 214 case NID_id_smime_ct_authData:
229 case NID_id_smime_ct_authData:
230 return &cms->d.authenticatedData->encapContentInfo->eContent; 215 return &cms->d.authenticatedData->encapContentInfo->eContent;
231 216 case NID_id_smime_ct_compressedData:
232 case NID_id_smime_ct_compressedData:
233 return &cms->d.compressedData->encapContentInfo->eContent; 217 return &cms->d.compressedData->encapContentInfo->eContent;
234 218 default:
235 default:
236 if (cms->d.other->type == V_ASN1_OCTET_STRING) 219 if (cms->d.other->type == V_ASN1_OCTET_STRING)
237 return &cms->d.other->value.octet_string; 220 return &cms->d.other->value.octet_string;
238 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); 221 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
239 return NULL; 222 return NULL;
240
241 }
242 } 223 }
224}
243 225
244/* Return an ASN1_OBJECT pointer to content type. This allows it to 226/* Return an ASN1_OBJECT pointer to content type. This allows it to
245 * be accessed or set later. 227 * be accessed or set later.
246 */ 228 */
247 229
248static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) 230static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
249 { 231{
250 switch (OBJ_obj2nid(cms->contentType)) 232 switch (OBJ_obj2nid(cms->contentType)) {
251 { 233 case NID_pkcs7_signed:
252
253 case NID_pkcs7_signed:
254 return &cms->d.signedData->encapContentInfo->eContentType; 234 return &cms->d.signedData->encapContentInfo->eContentType;
255 235 case NID_pkcs7_enveloped:
256 case NID_pkcs7_enveloped:
257 return &cms->d.envelopedData->encryptedContentInfo->contentType; 236 return &cms->d.envelopedData->encryptedContentInfo->contentType;
258 237 case NID_pkcs7_digest:
259 case NID_pkcs7_digest:
260 return &cms->d.digestedData->encapContentInfo->eContentType; 238 return &cms->d.digestedData->encapContentInfo->eContentType;
261 239 case NID_pkcs7_encrypted:
262 case NID_pkcs7_encrypted:
263 return &cms->d.encryptedData->encryptedContentInfo->contentType; 240 return &cms->d.encryptedData->encryptedContentInfo->contentType;
264 241 case NID_id_smime_ct_authData:
265 case NID_id_smime_ct_authData:
266 return &cms->d.authenticatedData->encapContentInfo->eContentType; 242 return &cms->d.authenticatedData->encapContentInfo->eContentType;
267 243 case NID_id_smime_ct_compressedData:
268 case NID_id_smime_ct_compressedData:
269 return &cms->d.compressedData->encapContentInfo->eContentType; 244 return &cms->d.compressedData->encapContentInfo->eContentType;
270 245 default:
271 default:
272 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, 246 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
273 CMS_R_UNSUPPORTED_CONTENT_TYPE); 247 CMS_R_UNSUPPORTED_CONTENT_TYPE);
274 return NULL; 248 return NULL;
275
276 }
277 } 249 }
250}
278 251
279const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) 252const ASN1_OBJECT *
280 { 253CMS_get0_eContentType(CMS_ContentInfo *cms)
254{
281 ASN1_OBJECT **petype; 255 ASN1_OBJECT **petype;
256
282 petype = cms_get0_econtent_type(cms); 257 petype = cms_get0_econtent_type(cms);
283 if (petype) 258 if (petype)
284 return *petype; 259 return *petype;
285 return NULL; 260 return NULL;
286 } 261}
287 262
288int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) 263int
289 { 264CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
265{
290 ASN1_OBJECT **petype, *etype; 266 ASN1_OBJECT **petype, *etype;
267
291 petype = cms_get0_econtent_type(cms); 268 petype = cms_get0_econtent_type(cms);
292 if (!petype) 269 if (!petype)
293 return 0; 270 return 0;
@@ -299,52 +276,54 @@ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
299 ASN1_OBJECT_free(*petype); 276 ASN1_OBJECT_free(*petype);
300 *petype = etype; 277 *petype = etype;
301 return 1; 278 return 1;
302 } 279}
303 280
304int CMS_is_detached(CMS_ContentInfo *cms) 281int
305 { 282CMS_is_detached(CMS_ContentInfo *cms)
283{
306 ASN1_OCTET_STRING **pos; 284 ASN1_OCTET_STRING **pos;
285
307 pos = CMS_get0_content(cms); 286 pos = CMS_get0_content(cms);
308 if (!pos) 287 if (!pos)
309 return -1; 288 return -1;
310 if (*pos) 289 if (*pos)
311 return 0; 290 return 0;
312 return 1; 291 return 1;
313 } 292}
314 293
315int CMS_set_detached(CMS_ContentInfo *cms, int detached) 294int
316 { 295CMS_set_detached(CMS_ContentInfo *cms, int detached)
296{
317 ASN1_OCTET_STRING **pos; 297 ASN1_OCTET_STRING **pos;
298
318 pos = CMS_get0_content(cms); 299 pos = CMS_get0_content(cms);
319 if (!pos) 300 if (!pos)
320 return 0; 301 return 0;
321 if (detached) 302 if (detached) {
322 { 303 if (*pos) {
323 if (*pos)
324 {
325 ASN1_OCTET_STRING_free(*pos); 304 ASN1_OCTET_STRING_free(*pos);
326 *pos = NULL; 305 *pos = NULL;
327 }
328 return 1;
329 } 306 }
307 return 1;
308 }
330 if (!*pos) 309 if (!*pos)
331 *pos = ASN1_OCTET_STRING_new(); 310 *pos = ASN1_OCTET_STRING_new();
332 if (*pos) 311 if (*pos) {
333 {
334 /* NB: special flag to show content is created and not 312 /* NB: special flag to show content is created and not
335 * read in. 313 * read in.
336 */ 314 */
337 (*pos)->flags |= ASN1_STRING_FLAG_CONT; 315 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
338 return 1; 316 return 1;
339 } 317 }
340 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); 318 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
341 return 0; 319 return 0;
342 } 320}
343 321
344/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ 322/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
345 323
346void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) 324void
347 { 325cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
326{
348 int param_type; 327 int param_type;
349 328
350 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) 329 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
@@ -354,91 +333,90 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
354 333
355 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); 334 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
356 335
357 } 336}
358 337
359/* Create a digest BIO from an X509_ALGOR structure */ 338/* Create a digest BIO from an X509_ALGOR structure */
360 339
361BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) 340BIO *
362 { 341cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
342{
363 BIO *mdbio = NULL; 343 BIO *mdbio = NULL;
364 ASN1_OBJECT *digestoid; 344 ASN1_OBJECT *digestoid;
365 const EVP_MD *digest; 345 const EVP_MD *digest;
346
366 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); 347 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
367 digest = EVP_get_digestbyobj(digestoid); 348 digest = EVP_get_digestbyobj(digestoid);
368 if (!digest) 349 if (!digest) {
369 {
370 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 350 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
371 CMS_R_UNKNOWN_DIGEST_ALGORIHM); 351 CMS_R_UNKNOWN_DIGEST_ALGORIHM);
372 goto err; 352 goto err;
373 } 353 }
374 mdbio = BIO_new(BIO_f_md()); 354 mdbio = BIO_new(BIO_f_md());
375 if (!mdbio || !BIO_set_md(mdbio, digest)) 355 if (!mdbio || !BIO_set_md(mdbio, digest)) {
376 {
377 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 356 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
378 CMS_R_MD_BIO_INIT_ERROR); 357 CMS_R_MD_BIO_INIT_ERROR);
379 goto err; 358 goto err;
380 } 359 }
381 return mdbio; 360 return mdbio;
382 err: 361
362err:
383 if (mdbio) 363 if (mdbio)
384 BIO_free(mdbio); 364 BIO_free(mdbio);
385 return NULL; 365 return NULL;
386 } 366}
387 367
388/* Locate a message digest content from a BIO chain based on SignerInfo */ 368/* Locate a message digest content from a BIO chain based on SignerInfo */
389 369
390int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 370int
391 X509_ALGOR *mdalg) 371cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg)
392 { 372{
393 int nid; 373 int nid;
394 ASN1_OBJECT *mdoid; 374 ASN1_OBJECT *mdoid;
375
395 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); 376 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
396 nid = OBJ_obj2nid(mdoid); 377 nid = OBJ_obj2nid(mdoid);
378
397 /* Look for digest type to match signature */ 379 /* Look for digest type to match signature */
398 for (;;) 380 for (;;) {
399 {
400 EVP_MD_CTX *mtmp; 381 EVP_MD_CTX *mtmp;
401 chain = BIO_find_type(chain, BIO_TYPE_MD); 382 chain = BIO_find_type(chain, BIO_TYPE_MD);
402 if (chain == NULL) 383 if (chain == NULL) {
403 {
404 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 384 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
405 CMS_R_NO_MATCHING_DIGEST); 385 CMS_R_NO_MATCHING_DIGEST);
406 return 0; 386 return 0;
407 } 387 }
408 BIO_get_md_ctx(chain, &mtmp); 388 BIO_get_md_ctx(chain, &mtmp);
409 if (EVP_MD_CTX_type(mtmp) == nid 389 if (EVP_MD_CTX_type(mtmp) == nid
410 /* Workaround for broken implementations that use signature 390 /* Workaround for broken implementations that use signature
411 * algorithm OID instead of digest. 391 * algorithm OID instead of digest.
412 */ 392 */ ||
413 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) 393 EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
414 return EVP_MD_CTX_copy_ex(mctx, mtmp); 394 return EVP_MD_CTX_copy_ex(mctx, mtmp);
415 chain = BIO_next(chain); 395 chain = BIO_next(chain);
416 }
417 } 396 }
397}
418 398
419static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms) 399static STACK_OF(CMS_CertificateChoices) **
420 { 400cms_get0_certificate_choices(CMS_ContentInfo *cms)
421 switch (OBJ_obj2nid(cms->contentType)) 401{
422 { 402 switch (OBJ_obj2nid(cms->contentType)) {
423 403 case NID_pkcs7_signed:
424 case NID_pkcs7_signed:
425 return &cms->d.signedData->certificates; 404 return &cms->d.signedData->certificates;
426 405 case NID_pkcs7_enveloped:
427 case NID_pkcs7_enveloped:
428 return &cms->d.envelopedData->originatorInfo->certificates; 406 return &cms->d.envelopedData->originatorInfo->certificates;
429 407 default:
430 default:
431 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 408 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
432 CMS_R_UNSUPPORTED_CONTENT_TYPE); 409 CMS_R_UNSUPPORTED_CONTENT_TYPE);
433 return NULL; 410 return NULL;
434
435 }
436 } 411 }
412}
437 413
438CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) 414CMS_CertificateChoices *
439 { 415CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
416{
440 STACK_OF(CMS_CertificateChoices) **pcerts; 417 STACK_OF(CMS_CertificateChoices) **pcerts;
441 CMS_CertificateChoices *cch; 418 CMS_CertificateChoices *cch;
419
442 pcerts = cms_get0_certificate_choices(cms); 420 pcerts = cms_get0_certificate_choices(cms);
443 if (!pcerts) 421 if (!pcerts)
444 return NULL; 422 return NULL;
@@ -449,75 +427,73 @@ CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
449 cch = M_ASN1_new_of(CMS_CertificateChoices); 427 cch = M_ASN1_new_of(CMS_CertificateChoices);
450 if (!cch) 428 if (!cch)
451 return NULL; 429 return NULL;
452 if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) 430 if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
453 {
454 M_ASN1_free_of(cch, CMS_CertificateChoices); 431 M_ASN1_free_of(cch, CMS_CertificateChoices);
455 return NULL; 432 return NULL;
456 }
457 return cch;
458 } 433 }
434 return cch;
435}
459 436
460int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) 437int
461 { 438CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
439{
462 CMS_CertificateChoices *cch; 440 CMS_CertificateChoices *cch;
463 STACK_OF(CMS_CertificateChoices) **pcerts; 441 STACK_OF(CMS_CertificateChoices) **pcerts;
464 int i; 442 int i;
443
465 pcerts = cms_get0_certificate_choices(cms); 444 pcerts = cms_get0_certificate_choices(cms);
466 if (!pcerts) 445 if (!pcerts)
467 return 0; 446 return 0;
468 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) 447 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
469 {
470 cch = sk_CMS_CertificateChoices_value(*pcerts, i); 448 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
471 if (cch->type == CMS_CERTCHOICE_CERT) 449 if (cch->type == CMS_CERTCHOICE_CERT) {
472 { 450 if (!X509_cmp(cch->d.certificate, cert)) {
473 if (!X509_cmp(cch->d.certificate, cert)) 451 CMSerr(CMS_F_CMS_ADD0_CERT,
474 { 452 CMS_R_CERTIFICATE_ALREADY_PRESENT);
475 CMSerr(CMS_F_CMS_ADD0_CERT,
476 CMS_R_CERTIFICATE_ALREADY_PRESENT);
477 return 0; 453 return 0;
478 }
479 } 454 }
480 } 455 }
456 }
481 cch = CMS_add0_CertificateChoices(cms); 457 cch = CMS_add0_CertificateChoices(cms);
482 if (!cch) 458 if (!cch)
483 return 0; 459 return 0;
484 cch->type = CMS_CERTCHOICE_CERT; 460 cch->type = CMS_CERTCHOICE_CERT;
485 cch->d.certificate = cert; 461 cch->d.certificate = cert;
486 return 1; 462 return 1;
487 } 463}
488 464
489int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) 465int
490 { 466CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
467{
491 int r; 468 int r;
469
492 r = CMS_add0_cert(cms, cert); 470 r = CMS_add0_cert(cms, cert);
493 if (r > 0) 471 if (r > 0)
494 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); 472 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
495 return r; 473 return r;
496 } 474}
497 475
498static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms) 476static STACK_OF(CMS_RevocationInfoChoice) **
499 { 477cms_get0_revocation_choices(CMS_ContentInfo *cms)
500 switch (OBJ_obj2nid(cms->contentType)) 478{
501 { 479 switch (OBJ_obj2nid(cms->contentType)) {
502 480 case NID_pkcs7_signed:
503 case NID_pkcs7_signed:
504 return &cms->d.signedData->crls; 481 return &cms->d.signedData->crls;
505 482 case NID_pkcs7_enveloped:
506 case NID_pkcs7_enveloped:
507 return &cms->d.envelopedData->originatorInfo->crls; 483 return &cms->d.envelopedData->originatorInfo->crls;
508 484 default:
509 default:
510 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, 485 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
511 CMS_R_UNSUPPORTED_CONTENT_TYPE); 486 CMS_R_UNSUPPORTED_CONTENT_TYPE);
512 return NULL; 487 return NULL;
513
514 }
515 } 488 }
489}
516 490
517CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) 491CMS_RevocationInfoChoice *
518 { 492CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
493{
519 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 494 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
520 CMS_RevocationInfoChoice *rch; 495 CMS_RevocationInfoChoice *rch;
496
521 pcrls = cms_get0_revocation_choices(cms); 497 pcrls = cms_get0_revocation_choices(cms);
522 if (!pcrls) 498 if (!pcrls)
523 return NULL; 499 return NULL;
@@ -528,95 +504,92 @@ CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
528 rch = M_ASN1_new_of(CMS_RevocationInfoChoice); 504 rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
529 if (!rch) 505 if (!rch)
530 return NULL; 506 return NULL;
531 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) 507 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
532 {
533 M_ASN1_free_of(rch, CMS_RevocationInfoChoice); 508 M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
534 return NULL; 509 return NULL;
535 }
536 return rch;
537 } 510 }
511 return rch;
512}
538 513
539int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) 514int
540 { 515CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
516{
541 CMS_RevocationInfoChoice *rch; 517 CMS_RevocationInfoChoice *rch;
518
542 rch = CMS_add0_RevocationInfoChoice(cms); 519 rch = CMS_add0_RevocationInfoChoice(cms);
543 if (!rch) 520 if (!rch)
544 return 0; 521 return 0;
545 rch->type = CMS_REVCHOICE_CRL; 522 rch->type = CMS_REVCHOICE_CRL;
546 rch->d.crl = crl; 523 rch->d.crl = crl;
547 return 1; 524 return 1;
548 } 525}
549 526
550int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) 527int
551 { 528CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
529{
552 int r; 530 int r;
531
553 r = CMS_add0_crl(cms, crl); 532 r = CMS_add0_crl(cms, crl);
554 if (r > 0) 533 if (r > 0)
555 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); 534 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
556 return r; 535 return r;
557 } 536}
558 537
559STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) 538STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
560 { 539{
561 STACK_OF(X509) *certs = NULL; 540 STACK_OF(X509) *certs = NULL;
562 CMS_CertificateChoices *cch; 541 CMS_CertificateChoices *cch;
563 STACK_OF(CMS_CertificateChoices) **pcerts; 542 STACK_OF(CMS_CertificateChoices) **pcerts;
564 int i; 543 int i;
544
565 pcerts = cms_get0_certificate_choices(cms); 545 pcerts = cms_get0_certificate_choices(cms);
566 if (!pcerts) 546 if (!pcerts)
567 return NULL; 547 return NULL;
568 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) 548 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
569 {
570 cch = sk_CMS_CertificateChoices_value(*pcerts, i); 549 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
571 if (cch->type == 0) 550 if (cch->type == 0) {
572 { 551 if (!certs) {
573 if (!certs)
574 {
575 certs = sk_X509_new_null(); 552 certs = sk_X509_new_null();
576 if (!certs) 553 if (!certs)
577 return NULL; 554 return NULL;
578 } 555 }
579 if (!sk_X509_push(certs, cch->d.certificate)) 556 if (!sk_X509_push(certs, cch->d.certificate)) {
580 {
581 sk_X509_pop_free(certs, X509_free); 557 sk_X509_pop_free(certs, X509_free);
582 return NULL; 558 return NULL;
583 }
584 CRYPTO_add(&cch->d.certificate->references,
585 1, CRYPTO_LOCK_X509);
586 } 559 }
560 CRYPTO_add(&cch->d.certificate->references,
561 1, CRYPTO_LOCK_X509);
587 } 562 }
563 }
588 return certs; 564 return certs;
589 565
590 } 566}
591 567
592STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) 568STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
593 { 569{
594 STACK_OF(X509_CRL) *crls = NULL; 570 STACK_OF(X509_CRL) *crls = NULL;
595 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 571 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
596 CMS_RevocationInfoChoice *rch; 572 CMS_RevocationInfoChoice *rch;
597 int i; 573 int i;
574
598 pcrls = cms_get0_revocation_choices(cms); 575 pcrls = cms_get0_revocation_choices(cms);
599 if (!pcrls) 576 if (!pcrls)
600 return NULL; 577 return NULL;
601 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) 578 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
602 {
603 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); 579 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
604 if (rch->type == 0) 580 if (rch->type == 0) {
605 { 581 if (!crls) {
606 if (!crls)
607 {
608 crls = sk_X509_CRL_new_null(); 582 crls = sk_X509_CRL_new_null();
609 if (!crls) 583 if (!crls)
610 return NULL; 584 return NULL;
611 } 585 }
612 if (!sk_X509_CRL_push(crls, rch->d.crl)) 586 if (!sk_X509_CRL_push(crls, rch->d.crl)) {
613 {
614 sk_X509_CRL_pop_free(crls, X509_CRL_free); 587 sk_X509_CRL_pop_free(crls, X509_CRL_free);
615 return NULL; 588 return NULL;
616 }
617 CRYPTO_add(&rch->d.crl->references,
618 1, CRYPTO_LOCK_X509_CRL);
619 } 589 }
590 CRYPTO_add(&rch->d.crl->references,
591 1, CRYPTO_LOCK_X509_CRL);
620 } 592 }
621 return crls;
622 } 593 }
594 return crls;
595}
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index 36d50f1797..1399cbd606 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,15 +62,16 @@
62#include "cms_lcl.h" 62#include "cms_lcl.h"
63#include "asn1_locl.h" 63#include "asn1_locl.h"
64 64
65int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 65int
66 unsigned char *pass, ssize_t passlen) 66CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
67 { 67 ssize_t passlen)
68{
68 CMS_PasswordRecipientInfo *pwri; 69 CMS_PasswordRecipientInfo *pwri;
69 if (ri->type != CMS_RECIPINFO_PASS) 70
70 { 71 if (ri->type != CMS_RECIPINFO_PASS) {
71 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI); 72 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
72 return 0; 73 return 0;
73 } 74 }
74 75
75 pwri = ri->d.pwri; 76 pwri = ri->d.pwri;
76 pwri->pass = pass; 77 pwri->pass = pass;
@@ -78,14 +79,13 @@ int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
78 passlen = strlen((char *)pass); 79 passlen = strlen((char *)pass);
79 pwri->passlen = passlen; 80 pwri->passlen = passlen;
80 return 1; 81 return 1;
81 } 82}
82 83
83CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, 84CMS_RecipientInfo *
84 int iter, int wrap_nid, int pbe_nid, 85CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
85 unsigned char *pass, 86 int pbe_nid, unsigned char *pass, ssize_t passlen,
86 ssize_t passlen, 87 const EVP_CIPHER *kekciph)
87 const EVP_CIPHER *kekciph) 88{
88 {
89 CMS_RecipientInfo *ri = NULL; 89 CMS_RecipientInfo *ri = NULL;
90 CMS_EnvelopedData *env; 90 CMS_EnvelopedData *env;
91 CMS_PasswordRecipientInfo *pwri; 91 CMS_PasswordRecipientInfo *pwri;
@@ -93,6 +93,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
93 X509_ALGOR *encalg = NULL; 93 X509_ALGOR *encalg = NULL;
94 unsigned char iv[EVP_MAX_IV_LENGTH]; 94 unsigned char iv[EVP_MAX_IV_LENGTH];
95 int ivlen; 95 int ivlen;
96
96 env = cms_get0_enveloped(cms); 97 env = cms_get0_enveloped(cms);
97 if (!env) 98 if (!env)
98 goto err; 99 goto err;
@@ -107,54 +108,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
107 if (kekciph == NULL) 108 if (kekciph == NULL)
108 kekciph = env->encryptedContentInfo->cipher; 109 kekciph = env->encryptedContentInfo->cipher;
109 110
110 if (kekciph == NULL) 111 if (kekciph == NULL) {
111 {
112 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER); 112 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
113 return NULL; 113 return NULL;
114 } 114 }
115 if (wrap_nid != NID_id_alg_PWRI_KEK) 115 if (wrap_nid != NID_id_alg_PWRI_KEK) {
116 {
117 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 116 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
118 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 117 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
119 return NULL; 118 return NULL;
120 } 119 }
121 120
122 /* Setup algorithm identifier for cipher */ 121 /* Setup algorithm identifier for cipher */
123 encalg = X509_ALGOR_new(); 122 encalg = X509_ALGOR_new();
124 EVP_CIPHER_CTX_init(&ctx); 123 EVP_CIPHER_CTX_init(&ctx);
125 124
126 if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) 125 if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
127 {
128 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); 126 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
129 goto err; 127 goto err;
130 } 128 }
131 129
132 ivlen = EVP_CIPHER_CTX_iv_length(&ctx); 130 ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
133 131
134 if (ivlen > 0) 132 if (ivlen > 0) {
135 {
136 if (RAND_pseudo_bytes(iv, ivlen) <= 0) 133 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
137 goto err; 134 goto err;
138 if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) 135 if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
139 {
140 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 136 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
141 ERR_R_EVP_LIB); 137 ERR_R_EVP_LIB);
142 goto err; 138 goto err;
143 } 139 }
144 encalg->parameter = ASN1_TYPE_new(); 140 encalg->parameter = ASN1_TYPE_new();
145 if (!encalg->parameter) 141 if (!encalg->parameter) {
146 {
147 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 142 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
148 ERR_R_MALLOC_FAILURE); 143 ERR_R_MALLOC_FAILURE);
149 goto err; 144 goto err;
150 } 145 }
151 if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) 146 if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
152 {
153 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 147 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
154 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 148 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
155 goto err; 149 goto err;
156 }
157 } 150 }
151 }
158 152
159 153
160 encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx)); 154 encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
@@ -182,10 +176,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
182 if (!pwri->keyEncryptionAlgorithm->parameter) 176 if (!pwri->keyEncryptionAlgorithm->parameter)
183 goto merr; 177 goto merr;
184 178
185 if(!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), 179 if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
186 &pwri->keyEncryptionAlgorithm->parameter->value.sequence)) 180 &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
187 goto merr; 181 goto merr;
188 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE; 182 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
189 183
190 X509_ALGOR_free(encalg); 184 X509_ALGOR_free(encalg);
191 encalg = NULL; 185 encalg = NULL;
@@ -205,48 +199,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
205 199
206 return ri; 200 return ri;
207 201
208 merr: 202merr:
209 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE); 203 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
210 err: 204err:
211 EVP_CIPHER_CTX_cleanup(&ctx); 205 EVP_CIPHER_CTX_cleanup(&ctx);
212 if (ri) 206 if (ri)
213 M_ASN1_free_of(ri, CMS_RecipientInfo); 207 M_ASN1_free_of(ri, CMS_RecipientInfo);
214 if (encalg) 208 if (encalg)
215 X509_ALGOR_free(encalg); 209 X509_ALGOR_free(encalg);
216 return NULL; 210 return NULL;
217 211}
218 }
219 212
220/* This is an implementation of the key wrapping mechanism in RFC3211, 213/* This is an implementation of the key wrapping mechanism in RFC3211,
221 * at some point this should go into EVP. 214 * at some point this should go into EVP.
222 */ 215 */
223 216
224static int kek_unwrap_key(unsigned char *out, size_t *outlen, 217static int
225 const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) 218kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
226 { 219 size_t inlen, EVP_CIPHER_CTX *ctx)
220{
227 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); 221 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
228 unsigned char *tmp; 222 unsigned char *tmp;
229 int outl, rv = 0; 223 int outl, rv = 0;
230 if (inlen < 2 * blocklen) 224
231 { 225 if (inlen < 2 * blocklen) {
232 /* too small */ 226 /* too small */
233 return 0; 227 return 0;
234 } 228 }
235 if (inlen % blocklen) 229 if (inlen % blocklen) {
236 {
237 /* Invalid size */ 230 /* Invalid size */
238 return 0; 231 return 0;
239 } 232 }
240 tmp = malloc(inlen); 233 tmp = malloc(inlen);
241 /* setup IV by decrypting last two blocks */ 234 /* setup IV by decrypting last two blocks */
242 EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, 235 EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
243 in + inlen - 2 * blocklen, blocklen * 2); 236 in + inlen - 2 * blocklen, blocklen * 2);
244 /* Do a decrypt of last decrypted block to set IV to correct value 237 /* Do a decrypt of last decrypted block to set IV to correct value
245 * output it to start of buffer so we don't corrupt decrypted block 238 * output it to start of buffer so we don't corrupt decrypted block
246 * this works because buffer is at least two block lengths long. 239 * this works because buffer is at least two block lengths long.
247 */ 240 */
248 EVP_DecryptUpdate(ctx, tmp, &outl, 241 EVP_DecryptUpdate(ctx, tmp, &outl,
249 tmp + inlen - blocklen, blocklen); 242 tmp + inlen - blocklen, blocklen);
250 /* Can now decrypt first n - 1 blocks */ 243 /* Can now decrypt first n - 1 blocks */
251 EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen); 244 EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
252 245
@@ -255,49 +248,47 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
255 /* Decrypt again */ 248 /* Decrypt again */
256 EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen); 249 EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
257 /* Check check bytes */ 250 /* Check check bytes */
258 if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) 251 if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) &
259 { 252 (tmp[3] ^ tmp[6])) != 0xff) {
260 /* Check byte failure */ 253 /* Check byte failure */
261 goto err; 254 goto err;
262 } 255 }
263 if (inlen < (size_t)(tmp[0] - 4 )) 256 if (inlen < (size_t)(tmp[0] - 4 )) {
264 {
265 /* Invalid length value */ 257 /* Invalid length value */
266 goto err; 258 goto err;
267 } 259 }
268 *outlen = (size_t)tmp[0]; 260 *outlen = (size_t)tmp[0];
269 memcpy(out, tmp + 4, *outlen); 261 memcpy(out, tmp + 4, *outlen);
270 rv = 1; 262 rv = 1;
271 err: 263
264err:
272 OPENSSL_cleanse(tmp, inlen); 265 OPENSSL_cleanse(tmp, inlen);
273 free(tmp); 266 free(tmp);
274 return rv; 267 return rv;
268}
275 269
276 } 270static int
277 271kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
278static int kek_wrap_key(unsigned char *out, size_t *outlen, 272 size_t inlen, EVP_CIPHER_CTX *ctx)
279 const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) 273{
280 {
281 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); 274 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
282 size_t olen; 275 size_t olen;
283 int dummy; 276 int dummy;
277
284 /* First decide length of output buffer: need header and round up to 278 /* First decide length of output buffer: need header and round up to
285 * multiple of block length. 279 * multiple of block length.
286 */ 280 */
287 olen = (inlen + 4 + blocklen - 1)/blocklen; 281 olen = (inlen + 4 + blocklen - 1)/blocklen;
288 olen *= blocklen; 282 olen *= blocklen;
289 if (olen < 2 * blocklen) 283 if (olen < 2 * blocklen) {
290 {
291 /* Key too small */ 284 /* Key too small */
292 return 0; 285 return 0;
293 } 286 }
294 if (inlen > 0xFF) 287 if (inlen > 0xFF) {
295 {
296 /* Key too large */ 288 /* Key too large */
297 return 0; 289 return 0;
298 } 290 }
299 if (out) 291 if (out) {
300 {
301 /* Set header */ 292 /* Set header */
302 out[0] = (unsigned char)inlen; 293 out[0] = (unsigned char)inlen;
303 out[1] = in[0] ^ 0xFF; 294 out[1] = in[0] ^ 0xFF;
@@ -310,18 +301,19 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
310 /* Encrypt twice */ 301 /* Encrypt twice */
311 EVP_EncryptUpdate(ctx, out, &dummy, out, olen); 302 EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
312 EVP_EncryptUpdate(ctx, out, &dummy, out, olen); 303 EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
313 } 304 }
314 305
315 *outlen = olen; 306 *outlen = olen;
316 307
317 return 1; 308 return 1;
318 } 309}
319 310
320/* Encrypt/Decrypt content key in PWRI recipient info */ 311/* Encrypt/Decrypt content key in PWRI recipient info */
321 312
322int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 313int
323 int en_de) 314cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
324 { 315 int en_de)
316{
325 CMS_EncryptedContentInfo *ec; 317 CMS_EncryptedContentInfo *ec;
326 CMS_PasswordRecipientInfo *pwri; 318 CMS_PasswordRecipientInfo *pwri;
327 const unsigned char *p = NULL; 319 const unsigned char *p = NULL;
@@ -338,69 +330,61 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
338 pwri = ri->d.pwri; 330 pwri = ri->d.pwri;
339 EVP_CIPHER_CTX_init(&kekctx); 331 EVP_CIPHER_CTX_init(&kekctx);
340 332
341 if (!pwri->pass) 333 if (!pwri->pass) {
342 {
343 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); 334 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
344 return 0; 335 return 0;
345 } 336 }
346 algtmp = pwri->keyEncryptionAlgorithm; 337 algtmp = pwri->keyEncryptionAlgorithm;
347 338
348 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) 339 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
349 {
350 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 340 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
351 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 341 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
352 return 0; 342 return 0;
353 } 343 }
354 344
355 if (algtmp->parameter->type == V_ASN1_SEQUENCE) 345 if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
356 {
357 p = algtmp->parameter->value.sequence->data; 346 p = algtmp->parameter->value.sequence->data;
358 plen = algtmp->parameter->value.sequence->length; 347 plen = algtmp->parameter->value.sequence->length;
359 kekalg = d2i_X509_ALGOR(NULL, &p, plen); 348 kekalg = d2i_X509_ALGOR(NULL, &p, plen);
360 } 349 }
361 if (kekalg == NULL) 350 if (kekalg == NULL) {
362 {
363 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 351 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
364 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); 352 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
365 return 0; 353 return 0;
366 } 354 }
367 355
368 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); 356 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
369 357
370 if(!kekcipher) 358 if (!kekcipher) {
371 {
372 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 359 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
373 CMS_R_UNKNOWN_CIPHER); 360 CMS_R_UNKNOWN_CIPHER);
374 goto err; 361 goto err;
375 } 362 }
376 363
377 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ 364 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
378 if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de)) 365 if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
379 goto err; 366 goto err;
380 EVP_CIPHER_CTX_set_padding(&kekctx, 0); 367 EVP_CIPHER_CTX_set_padding(&kekctx, 0);
381 if(EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) 368 if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
382 {
383 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 369 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
384 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 370 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
385 goto err; 371 goto err;
386 } 372 }
387 373
388 algtmp = pwri->keyDerivationAlgorithm; 374 algtmp = pwri->keyDerivationAlgorithm;
389 375
390 /* Finish password based key derivation to setup key in "ctx" */ 376 /* Finish password based key derivation to setup key in "ctx" */
391 377
392 if (EVP_PBE_CipherInit(algtmp->algorithm, 378 if (EVP_PBE_CipherInit(algtmp->algorithm,
393 (char *)pwri->pass, pwri->passlen, 379 (char *)pwri->pass, pwri->passlen,
394 algtmp->parameter, &kekctx, en_de) < 0) 380 algtmp->parameter, &kekctx, en_de) < 0) {
395 {
396 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB); 381 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
397 goto err; 382 goto err;
398 } 383 }
399 384
400 /* Finally wrap/unwrap the key */ 385 /* Finally wrap/unwrap the key */
401 386
402 if (en_de) 387 if (en_de) {
403 {
404 388
405 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx)) 389 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
406 goto err; 390 goto err;
@@ -414,41 +398,34 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
414 goto err; 398 goto err;
415 pwri->encryptedKey->data = key; 399 pwri->encryptedKey->data = key;
416 pwri->encryptedKey->length = keylen; 400 pwri->encryptedKey->length = keylen;
417 } 401 } else {
418 else
419 {
420 key = malloc(pwri->encryptedKey->length); 402 key = malloc(pwri->encryptedKey->length);
421 403
422 if (!key) 404 if (!key) {
423 {
424 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 405 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
425 ERR_R_MALLOC_FAILURE); 406 ERR_R_MALLOC_FAILURE);
426 goto err; 407 goto err;
427 } 408 }
428 if (!kek_unwrap_key(key, &keylen, 409 if (!kek_unwrap_key(key, &keylen,
429 pwri->encryptedKey->data, 410 pwri->encryptedKey->data,
430 pwri->encryptedKey->length, &kekctx)) 411 pwri->encryptedKey->length, &kekctx)) {
431 {
432 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 412 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
433 CMS_R_UNWRAP_FAILURE); 413 CMS_R_UNWRAP_FAILURE);
434 goto err; 414 goto err;
435 } 415 }
436 416
437 ec->key = key; 417 ec->key = key;
438 ec->keylen = keylen; 418 ec->keylen = keylen;
439 419
440 } 420 }
441 421
442 r = 1; 422 r = 1;
443 423
444 err: 424err:
445
446 EVP_CIPHER_CTX_cleanup(&kekctx); 425 EVP_CIPHER_CTX_cleanup(&kekctx);
447
448 if (!r && key) 426 if (!r && key)
449 free(key); 427 free(key);
450 X509_ALGOR_free(kekalg); 428 X509_ALGOR_free(kekalg);
451 429
452 return r; 430 return r;
453 431}
454 }
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index 976881743b..7fbc0490ba 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -64,119 +64,111 @@
64 64
65DECLARE_ASN1_ITEM(CMS_SignedData) 65DECLARE_ASN1_ITEM(CMS_SignedData)
66 66
67static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) 67static CMS_SignedData *
68 { 68cms_get0_signed(CMS_ContentInfo *cms)
69 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) 69{
70 { 70 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
71 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 71 CMSerr(CMS_F_CMS_GET0_SIGNED,
72 CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
72 return NULL; 73 return NULL;
73 }
74 return cms->d.signedData;
75 } 74 }
75 return cms->d.signedData;
76}
76 77
77static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) 78static CMS_SignedData *
78 { 79cms_signed_data_init(CMS_ContentInfo *cms)
79 if (cms->d.other == NULL) 80{
80 { 81 if (cms->d.other == NULL) {
81 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 82 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
82 if (!cms->d.signedData) 83 if (!cms->d.signedData) {
83 { 84 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT,
84 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); 85 ERR_R_MALLOC_FAILURE);
85 return NULL; 86 return NULL;
86 } 87 }
87 cms->d.signedData->version = 1; 88 cms->d.signedData->version = 1;
88 cms->d.signedData->encapContentInfo->eContentType = 89 cms->d.signedData->encapContentInfo->eContentType =
89 OBJ_nid2obj(NID_pkcs7_data); 90 OBJ_nid2obj(NID_pkcs7_data);
90 cms->d.signedData->encapContentInfo->partial = 1; 91 cms->d.signedData->encapContentInfo->partial = 1;
91 ASN1_OBJECT_free(cms->contentType); 92 ASN1_OBJECT_free(cms->contentType);
92 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); 93 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
93 return cms->d.signedData; 94 return cms->d.signedData;
94 }
95 return cms_get0_signed(cms);
96 } 95 }
96 return cms_get0_signed(cms);
97}
97 98
98/* Just initialize SignedData e.g. for certs only structure */ 99/* Just initialize SignedData e.g. for certs only structure */
99 100
100int CMS_SignedData_init(CMS_ContentInfo *cms) 101int
101 { 102CMS_SignedData_init(CMS_ContentInfo *cms)
103{
102 if (cms_signed_data_init(cms)) 104 if (cms_signed_data_init(cms))
103 return 1; 105 return 1;
104 else 106 else
105 return 0; 107 return 0;
106 } 108}
107 109
108/* Check structures and fixup version numbers (if necessary) */ 110/* Check structures and fixup version numbers (if necessary) */
109 111
110static void cms_sd_set_version(CMS_SignedData *sd) 112static void
111 { 113cms_sd_set_version(CMS_SignedData *sd)
114{
112 int i; 115 int i;
113 CMS_CertificateChoices *cch; 116 CMS_CertificateChoices *cch;
114 CMS_RevocationInfoChoice *rch; 117 CMS_RevocationInfoChoice *rch;
115 CMS_SignerInfo *si; 118 CMS_SignerInfo *si;
116 119
117 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) 120 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
118 {
119 cch = sk_CMS_CertificateChoices_value(sd->certificates, i); 121 cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
120 if (cch->type == CMS_CERTCHOICE_OTHER) 122 if (cch->type == CMS_CERTCHOICE_OTHER) {
121 {
122 if (sd->version < 5) 123 if (sd->version < 5)
123 sd->version = 5; 124 sd->version = 5;
124 } 125 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
125 else if (cch->type == CMS_CERTCHOICE_V2ACERT)
126 {
127 if (sd->version < 4) 126 if (sd->version < 4)
128 sd->version = 4; 127 sd->version = 4;
129 } 128 } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
130 else if (cch->type == CMS_CERTCHOICE_V1ACERT)
131 {
132 if (sd->version < 3) 129 if (sd->version < 3)
133 sd->version = 3; 130 sd->version = 3;
134 }
135 } 131 }
132 }
136 133
137 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) 134 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
138 {
139 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); 135 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
140 if (rch->type == CMS_REVCHOICE_OTHER) 136 if (rch->type == CMS_REVCHOICE_OTHER) {
141 {
142 if (sd->version < 5) 137 if (sd->version < 5)
143 sd->version = 5; 138 sd->version = 5;
144 }
145 } 139 }
140 }
146 141
147 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) 142 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) !=
148 && (sd->version < 3)) 143 NID_pkcs7_data) && (sd->version < 3))
149 sd->version = 3; 144 sd->version = 3;
150 145
151 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) 146 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
152 {
153 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 147 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
154 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 148 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
155 {
156 if (si->version < 3) 149 if (si->version < 3)
157 si->version = 3; 150 si->version = 3;
158 if (sd->version < 3) 151 if (sd->version < 3)
159 sd->version = 3; 152 sd->version = 3;
160 } 153 } else
161 else
162 sd->version = 1; 154 sd->version = 1;
163 } 155 }
164 156
165 if (sd->version < 1) 157 if (sd->version < 1)
166 sd->version = 1; 158 sd->version = 1;
159}
167 160
168 }
169
170/* Copy an existing messageDigest value */ 161/* Copy an existing messageDigest value */
171 162
172static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) 163static int
173 { 164cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
165{
174 STACK_OF(CMS_SignerInfo) *sinfos; 166 STACK_OF(CMS_SignerInfo) *sinfos;
175 CMS_SignerInfo *sitmp; 167 CMS_SignerInfo *sitmp;
176 int i; 168 int i;
169
177 sinfos = CMS_get0_SignerInfos(cms); 170 sinfos = CMS_get0_SignerInfos(cms);
178 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 171 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
179 {
180 ASN1_OCTET_STRING *messageDigest; 172 ASN1_OCTET_STRING *messageDigest;
181 sitmp = sk_CMS_SignerInfo_value(sinfos, i); 173 sitmp = sk_CMS_SignerInfo_value(sinfos, i);
182 if (sitmp == si) 174 if (sitmp == si)
@@ -184,133 +176,124 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
184 if (CMS_signed_get_attr_count(sitmp) < 0) 176 if (CMS_signed_get_attr_count(sitmp) < 0)
185 continue; 177 continue;
186 if (OBJ_cmp(si->digestAlgorithm->algorithm, 178 if (OBJ_cmp(si->digestAlgorithm->algorithm,
187 sitmp->digestAlgorithm->algorithm)) 179 sitmp->digestAlgorithm->algorithm))
188 continue; 180 continue;
189 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 181 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
190 OBJ_nid2obj(NID_pkcs9_messageDigest), 182 OBJ_nid2obj(NID_pkcs9_messageDigest),
191 -3, V_ASN1_OCTET_STRING); 183 -3, V_ASN1_OCTET_STRING);
192 if (!messageDigest) 184 if (!messageDigest) {
193 {
194 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, 185 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
195 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 186 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
196 return 0; 187 return 0;
197 } 188 }
198 189
199 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 190 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
200 V_ASN1_OCTET_STRING, 191 V_ASN1_OCTET_STRING,
201 messageDigest, -1)) 192 messageDigest, -1))
202 return 1; 193 return 1;
203 else 194 else
204 return 0; 195 return 0;
205 }
206 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
207 return 0;
208 } 196 }
197 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
198 return 0;
199}
209 200
210int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) 201int
211 { 202cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
212 switch(type) 203{
213 { 204 switch (type) {
214 case CMS_SIGNERINFO_ISSUER_SERIAL: 205 case CMS_SIGNERINFO_ISSUER_SERIAL:
215 sid->d.issuerAndSerialNumber = 206 sid->d.issuerAndSerialNumber =
216 M_ASN1_new_of(CMS_IssuerAndSerialNumber); 207 M_ASN1_new_of(CMS_IssuerAndSerialNumber);
217 if (!sid->d.issuerAndSerialNumber) 208 if (!sid->d.issuerAndSerialNumber)
218 goto merr; 209 goto merr;
219 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, 210 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
220 X509_get_issuer_name(cert))) 211 X509_get_issuer_name(cert)))
221 goto merr; 212 goto merr;
222 if (!ASN1_STRING_copy( 213 if (!ASN1_STRING_copy(
223 sid->d.issuerAndSerialNumber->serialNumber, 214 sid->d.issuerAndSerialNumber->serialNumber,
224 X509_get_serialNumber(cert))) 215 X509_get_serialNumber(cert)))
225 goto merr; 216 goto merr;
226 break; 217 break;
227 218
228 case CMS_SIGNERINFO_KEYIDENTIFIER: 219 case CMS_SIGNERINFO_KEYIDENTIFIER:
229 if (!cert->skid) 220 if (!cert->skid) {
230 {
231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, 221 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
232 CMS_R_CERTIFICATE_HAS_NO_KEYID); 222 CMS_R_CERTIFICATE_HAS_NO_KEYID);
233 return 0; 223 return 0;
234 } 224 }
235 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); 225 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
236 if (!sid->d.subjectKeyIdentifier) 226 if (!sid->d.subjectKeyIdentifier)
237 goto merr; 227 goto merr;
238 break; 228 break;
239 229
240 default: 230 default:
241 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); 231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
242 return 0; 232 return 0;
243 } 233 }
244 234
245 sid->type = type; 235 sid->type = type;
246 236
247 return 1; 237 return 1;
248 238
249 merr: 239merr:
250 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); 240 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
251 return 0; 241 return 0;
242}
252 243
253 } 244int
254 245cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
255int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 246 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
256 ASN1_OCTET_STRING **keyid, 247{
257 X509_NAME **issuer, ASN1_INTEGER **sno) 248 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
258 {
259 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
260 {
261 if (issuer) 249 if (issuer)
262 *issuer = sid->d.issuerAndSerialNumber->issuer; 250 *issuer = sid->d.issuerAndSerialNumber->issuer;
263 if (sno) 251 if (sno)
264 *sno = sid->d.issuerAndSerialNumber->serialNumber; 252 *sno = sid->d.issuerAndSerialNumber->serialNumber;
265 } 253 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
266 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
267 {
268 if (keyid) 254 if (keyid)
269 *keyid = sid->d.subjectKeyIdentifier; 255 *keyid = sid->d.subjectKeyIdentifier;
270 } 256 } else
271 else
272 return 0; 257 return 0;
273 return 1; 258 return 1;
274 } 259}
275 260
276int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) 261int
277 { 262cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
263{
278 int ret; 264 int ret;
279 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 265
280 { 266 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
281 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer, 267 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
282 X509_get_issuer_name(cert)); 268 X509_get_issuer_name(cert));
283 if (ret) 269 if (ret)
284 return ret; 270 return ret;
285 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber, 271 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
286 X509_get_serialNumber(cert)); 272 X509_get_serialNumber(cert));
287 } 273 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
288 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
289 {
290 X509_check_purpose(cert, -1, -1); 274 X509_check_purpose(cert, -1, -1);
291 if (!cert->skid) 275 if (!cert->skid)
292 return -1; 276 return -1;
293 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier, 277 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
294 cert->skid); 278 cert->skid);
295 } 279 } else
296 else
297 return -1; 280 return -1;
298 } 281}
299 282
300CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 283CMS_SignerInfo *
301 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 284CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
302 unsigned int flags) 285 const EVP_MD *md, unsigned int flags)
303 { 286{
304 CMS_SignedData *sd; 287 CMS_SignedData *sd;
305 CMS_SignerInfo *si = NULL; 288 CMS_SignerInfo *si = NULL;
306 X509_ALGOR *alg; 289 X509_ALGOR *alg;
307 int i, type; 290 int i, type;
308 if(!X509_check_private_key(signer, pk)) 291
309 { 292 if (!X509_check_private_key(signer, pk)) {
310 CMSerr(CMS_F_CMS_ADD1_SIGNER, 293 CMSerr(CMS_F_CMS_ADD1_SIGNER,
311 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 294 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
312 return NULL; 295 return NULL;
313 } 296 }
314 sd = cms_signed_data_init(cms); 297 sd = cms_signed_data_init(cms);
315 if (!sd) 298 if (!sd)
316 goto err; 299 goto err;
@@ -325,98 +308,83 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
325 si->pkey = pk; 308 si->pkey = pk;
326 si->signer = signer; 309 si->signer = signer;
327 310
328 if (flags & CMS_USE_KEYID) 311 if (flags & CMS_USE_KEYID) {
329 {
330 si->version = 3; 312 si->version = 3;
331 if (sd->version < 3) 313 if (sd->version < 3)
332 sd->version = 3; 314 sd->version = 3;
333 type = CMS_SIGNERINFO_KEYIDENTIFIER; 315 type = CMS_SIGNERINFO_KEYIDENTIFIER;
334 } 316 } else {
335 else
336 {
337 type = CMS_SIGNERINFO_ISSUER_SERIAL; 317 type = CMS_SIGNERINFO_ISSUER_SERIAL;
338 si->version = 1; 318 si->version = 1;
339 } 319 }
340 320
341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) 321 if (!cms_set1_SignerIdentifier(si->sid, signer, type))
342 goto err; 322 goto err;
343 323
344 if (md == NULL) 324 if (md == NULL) {
345 {
346 int def_nid; 325 int def_nid;
347 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) 326 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
348 goto err; 327 goto err;
349 md = EVP_get_digestbynid(def_nid); 328 md = EVP_get_digestbynid(def_nid);
350 if (md == NULL) 329 if (md == NULL) {
351 {
352 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); 330 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
353 goto err; 331 goto err;
354 }
355 } 332 }
333 }
356 334
357 if (!md) 335 if (!md) {
358 {
359 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); 336 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
360 goto err; 337 goto err;
361 } 338 }
362 339
363 cms_DigestAlgorithm_set(si->digestAlgorithm, md); 340 cms_DigestAlgorithm_set(si->digestAlgorithm, md);
364 341
365 /* See if digest is present in digestAlgorithms */ 342 /* See if digest is present in digestAlgorithms */
366 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) 343 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
367 {
368 ASN1_OBJECT *aoid; 344 ASN1_OBJECT *aoid;
369 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 345 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
370 X509_ALGOR_get0(&aoid, NULL, NULL, alg); 346 X509_ALGOR_get0(&aoid, NULL, NULL, alg);
371 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) 347 if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
372 break; 348 break;
373 } 349 }
374 350
375 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) 351 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
376 {
377 alg = X509_ALGOR_new(); 352 alg = X509_ALGOR_new();
378 if (!alg) 353 if (!alg)
379 goto merr; 354 goto merr;
380 cms_DigestAlgorithm_set(alg, md); 355 cms_DigestAlgorithm_set(alg, md);
381 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) 356 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
382 {
383 X509_ALGOR_free(alg); 357 X509_ALGOR_free(alg);
384 goto merr; 358 goto merr;
385 }
386 } 359 }
360 }
387 361
388 if (pk->ameth && pk->ameth->pkey_ctrl) 362 if (pk->ameth && pk->ameth->pkey_ctrl) {
389 {
390 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN, 363 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
391 0, si); 364 0, si);
392 if (i == -2) 365 if (i == -2) {
393 {
394 CMSerr(CMS_F_CMS_ADD1_SIGNER, 366 CMSerr(CMS_F_CMS_ADD1_SIGNER,
395 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 367 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
396 goto err; 368 goto err;
397 } 369 }
398 if (i <= 0) 370 if (i <= 0) {
399 {
400 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE); 371 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
401 goto err; 372 goto err;
402 }
403 } 373 }
374 }
404 375
405 if (!(flags & CMS_NOATTR)) 376 if (!(flags & CMS_NOATTR)) {
406 {
407 /* Initialialize signed attributes strutucture so other 377 /* Initialialize signed attributes strutucture so other
408 * attributes such as signing time etc are added later 378 * attributes such as signing time etc are added later
409 * even if we add none here. 379 * even if we add none here.
410 */ 380 */
411 if (!si->signedAttrs) 381 if (!si->signedAttrs) {
412 {
413 si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); 382 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
414 if (!si->signedAttrs) 383 if (!si->signedAttrs)
415 goto merr; 384 goto merr;
416 } 385 }
417 386
418 if (!(flags & CMS_NOSMIMECAP)) 387 if (!(flags & CMS_NOSMIMECAP)) {
419 {
420 STACK_OF(X509_ALGOR) *smcap = NULL; 388 STACK_OF(X509_ALGOR) *smcap = NULL;
421 i = CMS_add_standard_smimecap(&smcap); 389 i = CMS_add_standard_smimecap(&smcap);
422 if (i) 390 if (i)
@@ -424,45 +392,44 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
424 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 392 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
425 if (!i) 393 if (!i)
426 goto merr; 394 goto merr;
427 } 395 }
428 if (flags & CMS_REUSE_DIGEST) 396 if (flags & CMS_REUSE_DIGEST) {
429 {
430 if (!cms_copy_messageDigest(cms, si)) 397 if (!cms_copy_messageDigest(cms, si))
431 goto err; 398 goto err;
432 if (!(flags & CMS_PARTIAL) && 399 if (!(flags & CMS_PARTIAL) &&
433 !CMS_SignerInfo_sign(si)) 400 !CMS_SignerInfo_sign(si))
434 goto err; 401 goto err;
435 }
436 } 402 }
403 }
437 404
438 if (!(flags & CMS_NOCERTS)) 405 if (!(flags & CMS_NOCERTS)) {
439 {
440 /* NB ignore -1 return for duplicate cert */ 406 /* NB ignore -1 return for duplicate cert */
441 if (!CMS_add1_cert(cms, signer)) 407 if (!CMS_add1_cert(cms, signer))
442 goto merr; 408 goto merr;
443 } 409 }
444 410
445 if (!sd->signerInfos) 411 if (!sd->signerInfos)
446 sd->signerInfos = sk_CMS_SignerInfo_new_null(); 412 sd->signerInfos = sk_CMS_SignerInfo_new_null();
447 if (!sd->signerInfos || 413 if (!sd->signerInfos ||
448 !sk_CMS_SignerInfo_push(sd->signerInfos, si)) 414 !sk_CMS_SignerInfo_push(sd->signerInfos, si))
449 goto merr; 415 goto merr;
450 416
451 return si; 417 return si;
452 418
453 merr: 419merr:
454 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 420 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
455 err: 421err:
456 if (si) 422 if (si)
457 M_ASN1_free_of(si, CMS_SignerInfo); 423 M_ASN1_free_of(si, CMS_SignerInfo);
458 return NULL; 424 return NULL;
425}
459 426
460 } 427static int
461 428cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
462static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) 429{
463 {
464 ASN1_TIME *tt; 430 ASN1_TIME *tt;
465 int r = 0; 431 int r = 0;
432
466 if (t) 433 if (t)
467 tt = t; 434 tt = t;
468 else 435 else
@@ -472,89 +439,88 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
472 goto merr; 439 goto merr;
473 440
474 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, 441 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
475 tt->type, tt, -1) <= 0) 442 tt->type, tt, -1) <= 0)
476 goto merr; 443 goto merr;
477 444
478 r = 1; 445 r = 1;
479 446
480 merr: 447merr:
481
482 if (!t) 448 if (!t)
483 ASN1_TIME_free(tt); 449 ASN1_TIME_free(tt);
484
485 if (!r) 450 if (!r)
486 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); 451 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
487 452
488 return r; 453 return r;
454}
489 455
490 } 456STACK_OF(CMS_SignerInfo) *
491 457CMS_get0_SignerInfos(CMS_ContentInfo *cms)
492STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) 458{
493 {
494 CMS_SignedData *sd; 459 CMS_SignedData *sd;
460
495 sd = cms_get0_signed(cms); 461 sd = cms_get0_signed(cms);
496 if (!sd) 462 if (!sd)
497 return NULL; 463 return NULL;
498 return sd->signerInfos; 464 return sd->signerInfos;
499 } 465}
500 466
501STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) 467STACK_OF(X509) *
502 { 468CMS_get0_signers(CMS_ContentInfo *cms)
469{
503 STACK_OF(X509) *signers = NULL; 470 STACK_OF(X509) *signers = NULL;
504 STACK_OF(CMS_SignerInfo) *sinfos; 471 STACK_OF(CMS_SignerInfo) *sinfos;
505 CMS_SignerInfo *si; 472 CMS_SignerInfo *si;
506 int i; 473 int i;
474
507 sinfos = CMS_get0_SignerInfos(cms); 475 sinfos = CMS_get0_SignerInfos(cms);
508 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 476 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
509 {
510 si = sk_CMS_SignerInfo_value(sinfos, i); 477 si = sk_CMS_SignerInfo_value(sinfos, i);
511 if (si->signer) 478 if (si->signer) {
512 { 479 if (!signers) {
513 if (!signers)
514 {
515 signers = sk_X509_new_null(); 480 signers = sk_X509_new_null();
516 if (!signers) 481 if (!signers)
517 return NULL; 482 return NULL;
518 } 483 }
519 if (!sk_X509_push(signers, si->signer)) 484 if (!sk_X509_push(signers, si->signer)) {
520 {
521 sk_X509_free(signers); 485 sk_X509_free(signers);
522 return NULL; 486 return NULL;
523 }
524 } 487 }
525 } 488 }
526 return signers;
527 } 489 }
490 return signers;
491}
528 492
529void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) 493void
530 { 494CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
531 if (signer) 495{
532 { 496 if (signer) {
533 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); 497 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
534 if (si->pkey) 498 if (si->pkey)
535 EVP_PKEY_free(si->pkey); 499 EVP_PKEY_free(si->pkey);
536 si->pkey = X509_get_pubkey(signer); 500 si->pkey = X509_get_pubkey(signer);
537 } 501 }
538 if (si->signer) 502 if (si->signer)
539 X509_free(si->signer); 503 X509_free(si->signer);
540 si->signer = signer; 504 si->signer = signer;
541 } 505}
542 506
543int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 507int
544 ASN1_OCTET_STRING **keyid, 508CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
545 X509_NAME **issuer, ASN1_INTEGER **sno) 509 X509_NAME **issuer, ASN1_INTEGER **sno)
546 { 510{
547 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); 511 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
548 } 512}
549 513
550int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) 514int
551 { 515CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
516{
552 return cms_SignerIdentifier_cert_cmp(si->sid, cert); 517 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
553 } 518}
554 519
555int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, 520int
556 unsigned int flags) 521CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
557 { 522 unsigned int flags)
523{
558 CMS_SignedData *sd; 524 CMS_SignedData *sd;
559 CMS_SignerInfo *si; 525 CMS_SignerInfo *si;
560 CMS_CertificateChoices *cch; 526 CMS_CertificateChoices *cch;
@@ -562,50 +528,47 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
562 X509 *x; 528 X509 *x;
563 int i, j; 529 int i, j;
564 int ret = 0; 530 int ret = 0;
531
565 sd = cms_get0_signed(cms); 532 sd = cms_get0_signed(cms);
566 if (!sd) 533 if (!sd)
567 return -1; 534 return -1;
568 certs = sd->certificates; 535 certs = sd->certificates;
569 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) 536 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
570 {
571 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 537 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
572 if (si->signer) 538 if (si->signer)
573 continue; 539 continue;
574 540
575 for (j = 0; j < sk_X509_num(scerts); j++) 541 for (j = 0; j < sk_X509_num(scerts); j++) {
576 {
577 x = sk_X509_value(scerts, j); 542 x = sk_X509_value(scerts, j);
578 if (CMS_SignerInfo_cert_cmp(si, x) == 0) 543 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
579 {
580 CMS_SignerInfo_set1_signer_cert(si, x); 544 CMS_SignerInfo_set1_signer_cert(si, x);
581 ret++; 545 ret++;
582 break; 546 break;
583 }
584 } 547 }
548 }
585 549
586 if (si->signer || (flags & CMS_NOINTERN)) 550 if (si->signer || (flags & CMS_NOINTERN))
587 continue; 551 continue;
588 552
589 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) 553 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
590 {
591 cch = sk_CMS_CertificateChoices_value(certs, j); 554 cch = sk_CMS_CertificateChoices_value(certs, j);
592 if (cch->type != 0) 555 if (cch->type != 0)
593 continue; 556 continue;
594 x = cch->d.certificate; 557 x = cch->d.certificate;
595 if (CMS_SignerInfo_cert_cmp(si, x) == 0) 558 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
596 {
597 CMS_SignerInfo_set1_signer_cert(si, x); 559 CMS_SignerInfo_set1_signer_cert(si, x);
598 ret++; 560 ret++;
599 break; 561 break;
600 }
601 } 562 }
602 } 563 }
603 return ret;
604 } 564 }
565 return ret;
566}
605 567
606void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, 568void
607 X509_ALGOR **pdig, X509_ALGOR **psig) 569CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
608 { 570 X509_ALGOR **pdig, X509_ALGOR **psig)
571{
609 if (pk) 572 if (pk)
610 *pk = si->pkey; 573 *pk = si->pkey;
611 if (signer) 574 if (signer)
@@ -614,93 +577,88 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
614 *pdig = si->digestAlgorithm; 577 *pdig = si->digestAlgorithm;
615 if (psig) 578 if (psig)
616 *psig = si->signatureAlgorithm; 579 *psig = si->signatureAlgorithm;
617 } 580}
618 581
619static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 582static int
620 CMS_SignerInfo *si, BIO *chain) 583cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si,
621 { 584 BIO *chain)
585{
622 EVP_MD_CTX mctx; 586 EVP_MD_CTX mctx;
623 int r = 0; 587 int r = 0;
624 EVP_MD_CTX_init(&mctx); 588 EVP_MD_CTX_init(&mctx);
625 589
626 590 if (!si->pkey) {
627 if (!si->pkey)
628 {
629 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); 591 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
630 return 0; 592 return 0;
631 } 593 }
632 594
633 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) 595 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
634 goto err; 596 goto err;
635 597
636 /* If any signed attributes calculate and add messageDigest attribute */ 598 /* If any signed attributes calculate and add messageDigest attribute */
637 599
638 if (CMS_signed_get_attr_count(si) >= 0) 600 if (CMS_signed_get_attr_count(si) >= 0) {
639 {
640 ASN1_OBJECT *ctype = 601 ASN1_OBJECT *ctype =
641 cms->d.signedData->encapContentInfo->eContentType; 602 cms->d.signedData->encapContentInfo->eContentType;
642 unsigned char md[EVP_MAX_MD_SIZE]; 603 unsigned char md[EVP_MAX_MD_SIZE];
643 unsigned int mdlen; 604 unsigned int mdlen;
644 if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) 605 if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
645 goto err; 606 goto err;
646 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 607 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
647 V_ASN1_OCTET_STRING, 608 V_ASN1_OCTET_STRING,
648 md, mdlen)) 609 md, mdlen))
649 goto err; 610 goto err;
650 /* Copy content type across */ 611 /* Copy content type across */
651 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, 612 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
652 V_ASN1_OBJECT, ctype, -1) <= 0) 613 V_ASN1_OBJECT, ctype, -1) <= 0)
653 goto err; 614 goto err;
654 if (!CMS_SignerInfo_sign(si)) 615 if (!CMS_SignerInfo_sign(si))
655 goto err; 616 goto err;
656 } 617 } else {
657 else
658 {
659 unsigned char *sig; 618 unsigned char *sig;
660 unsigned int siglen; 619 unsigned int siglen;
661 sig = malloc(EVP_PKEY_size(si->pkey)); 620 sig = malloc(EVP_PKEY_size(si->pkey));
662 if (!sig) 621 if (!sig) {
663 {
664 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 622 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
665 ERR_R_MALLOC_FAILURE); 623 ERR_R_MALLOC_FAILURE);
666 goto err; 624 goto err;
667 } 625 }
668 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) 626 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
669 {
670 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 627 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
671 CMS_R_SIGNFINAL_ERROR); 628 CMS_R_SIGNFINAL_ERROR);
672 free(sig); 629 free(sig);
673 goto err; 630 goto err;
674 }
675 ASN1_STRING_set0(si->signature, sig, siglen);
676 } 631 }
632 ASN1_STRING_set0(si->signature, sig, siglen);
633 }
677 634
678 r = 1; 635 r = 1;
679 636
680 err: 637err:
681 EVP_MD_CTX_cleanup(&mctx); 638 EVP_MD_CTX_cleanup(&mctx);
682 return r; 639 return r;
640}
683 641
684 } 642int
685 643cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
686int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) 644{
687 {
688 STACK_OF(CMS_SignerInfo) *sinfos; 645 STACK_OF(CMS_SignerInfo) *sinfos;
689 CMS_SignerInfo *si; 646 CMS_SignerInfo *si;
690 int i; 647 int i;
648
691 sinfos = CMS_get0_SignerInfos(cms); 649 sinfos = CMS_get0_SignerInfos(cms);
692 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 650 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
693 {
694 si = sk_CMS_SignerInfo_value(sinfos, i); 651 si = sk_CMS_SignerInfo_value(sinfos, i);
695 if (!cms_SignerInfo_content_sign(cms, si, chain)) 652 if (!cms_SignerInfo_content_sign(cms, si, chain))
696 return 0; 653 return 0;
697 } 654 }
698 cms->d.signedData->encapContentInfo->partial = 0; 655 cms->d.signedData->encapContentInfo->partial = 0;
699 return 1; 656 return 1;
700 } 657}
701 658
702int CMS_SignerInfo_sign(CMS_SignerInfo *si) 659int
703 { 660CMS_SignerInfo_sign(CMS_SignerInfo *si)
661{
704 EVP_MD_CTX mctx; 662 EVP_MD_CTX mctx;
705 EVP_PKEY_CTX *pctx; 663 EVP_PKEY_CTX *pctx;
706 unsigned char *abuf = NULL; 664 unsigned char *abuf = NULL;
@@ -714,25 +672,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
714 672
715 EVP_MD_CTX_init(&mctx); 673 EVP_MD_CTX_init(&mctx);
716 674
717 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) 675 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
718 {
719 if (!cms_add1_signingTime(si, NULL)) 676 if (!cms_add1_signingTime(si, NULL))
720 goto err; 677 goto err;
721 } 678 }
722 679
723 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) 680 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
724 goto err; 681 goto err;
725 682
726 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 683 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
727 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) 684 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
728 {
729 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 685 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
730 goto err; 686 goto err;
731 } 687 }
732 688
733 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 689 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
734 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 690 ASN1_ITEM_rptr(CMS_Attributes_Sign));
735 if(!abuf) 691 if (!abuf)
736 goto err; 692 goto err;
737 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) 693 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
738 goto err; 694 goto err;
@@ -740,17 +696,16 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
740 goto err; 696 goto err;
741 free(abuf); 697 free(abuf);
742 abuf = malloc(siglen); 698 abuf = malloc(siglen);
743 if(!abuf) 699 if (!abuf)
744 goto err; 700 goto err;
745 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) 701 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
746 goto err; 702 goto err;
747 703
748 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 704 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
749 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) 705 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
750 {
751 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 706 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
752 goto err; 707 goto err;
753 } 708 }
754 709
755 EVP_MD_CTX_cleanup(&mctx); 710 EVP_MD_CTX_cleanup(&mctx);
756 711
@@ -758,26 +713,25 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
758 713
759 return 1; 714 return 1;
760 715
761 err: 716err:
762 free(abuf); 717 free(abuf);
763 EVP_MD_CTX_cleanup(&mctx); 718 EVP_MD_CTX_cleanup(&mctx);
764 return 0; 719 return 0;
720}
765 721
766 } 722int
767 723CMS_SignerInfo_verify(CMS_SignerInfo *si)
768int CMS_SignerInfo_verify(CMS_SignerInfo *si) 724{
769 {
770 EVP_MD_CTX mctx; 725 EVP_MD_CTX mctx;
771 EVP_PKEY_CTX *pctx; 726 EVP_PKEY_CTX *pctx;
772 unsigned char *abuf = NULL; 727 unsigned char *abuf = NULL;
773 int alen, r = -1; 728 int alen, r = -1;
774 const EVP_MD *md = NULL; 729 const EVP_MD *md = NULL;
775 730
776 if (!si->pkey) 731 if (!si->pkey) {
777 {
778 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); 732 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
779 return -1; 733 return -1;
780 } 734 }
781 735
782 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 736 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
783 if (md == NULL) 737 if (md == NULL)
@@ -786,199 +740,195 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
786 if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) 740 if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
787 goto err; 741 goto err;
788 742
789 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 743 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
790 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 744 ASN1_ITEM_rptr(CMS_Attributes_Verify));
791 if(!abuf) 745 if (!abuf)
792 goto err; 746 goto err;
793 r = EVP_DigestVerifyUpdate(&mctx, abuf, alen); 747 r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
794 free(abuf); 748 free(abuf);
795 if (r <= 0) 749 if (r <= 0) {
796 {
797 r = -1; 750 r = -1;
798 goto err; 751 goto err;
799 } 752 }
800 r = EVP_DigestVerifyFinal(&mctx, 753 r = EVP_DigestVerifyFinal(&mctx,
801 si->signature->data, si->signature->length); 754 si->signature->data, si->signature->length);
802 if (r <= 0) 755 if (r <= 0)
803 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); 756 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
804 err: 757
758err:
805 EVP_MD_CTX_cleanup(&mctx); 759 EVP_MD_CTX_cleanup(&mctx);
806 return r; 760 return r;
807 } 761}
808 762
809/* Create a chain of digest BIOs from a CMS ContentInfo */ 763/* Create a chain of digest BIOs from a CMS ContentInfo */
810 764
811BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) 765BIO *
812 { 766cms_SignedData_init_bio(CMS_ContentInfo *cms)
767{
813 int i; 768 int i;
814 CMS_SignedData *sd; 769 CMS_SignedData *sd;
815 BIO *chain = NULL; 770 BIO *chain = NULL;
771
816 sd = cms_get0_signed(cms); 772 sd = cms_get0_signed(cms);
817 if (!sd) 773 if (!sd)
818 return NULL; 774 return NULL;
819 if (cms->d.signedData->encapContentInfo->partial) 775 if (cms->d.signedData->encapContentInfo->partial)
820 cms_sd_set_version(sd); 776 cms_sd_set_version(sd);
821 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) 777 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
822 {
823 X509_ALGOR *digestAlgorithm; 778 X509_ALGOR *digestAlgorithm;
824 BIO *mdbio; 779 BIO *mdbio;
825 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 780 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
826 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); 781 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
827 if (!mdbio) 782 if (!mdbio)
828 goto err; 783 goto err;
829 if (chain) 784 if (chain)
830 BIO_push(chain, mdbio); 785 BIO_push(chain, mdbio);
831 else 786 else
832 chain = mdbio; 787 chain = mdbio;
833 } 788 }
834 return chain; 789 return chain;
835 err: 790
791err:
836 if (chain) 792 if (chain)
837 BIO_free_all(chain); 793 BIO_free_all(chain);
838 return NULL; 794 return NULL;
839 } 795}
840 796
841int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) 797int
842 { 798CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
799{
843 ASN1_OCTET_STRING *os = NULL; 800 ASN1_OCTET_STRING *os = NULL;
844 EVP_MD_CTX mctx; 801 EVP_MD_CTX mctx;
845 int r = -1; 802 int r = -1;
803
846 EVP_MD_CTX_init(&mctx); 804 EVP_MD_CTX_init(&mctx);
847 /* If we have any signed attributes look for messageDigest value */ 805 /* If we have any signed attributes look for messageDigest value */
848 if (CMS_signed_get_attr_count(si) >= 0) 806 if (CMS_signed_get_attr_count(si) >= 0) {
849 {
850 os = CMS_signed_get0_data_by_OBJ(si, 807 os = CMS_signed_get0_data_by_OBJ(si,
851 OBJ_nid2obj(NID_pkcs9_messageDigest), 808 OBJ_nid2obj(NID_pkcs9_messageDigest),
852 -3, V_ASN1_OCTET_STRING); 809 -3, V_ASN1_OCTET_STRING);
853 if (!os) 810 if (!os) {
854 {
855 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 811 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
856 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 812 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
857 goto err; 813 goto err;
858 }
859 } 814 }
815 }
860 816
861 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) 817 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
862 goto err; 818 goto err;
863 819
864 /* If messageDigest found compare it */ 820 /* If messageDigest found compare it */
865 821
866 if (os) 822 if (os) {
867 {
868 unsigned char mval[EVP_MAX_MD_SIZE]; 823 unsigned char mval[EVP_MAX_MD_SIZE];
869 unsigned int mlen; 824 unsigned int mlen;
870 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) 825 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
871 {
872 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 826 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
873 CMS_R_UNABLE_TO_FINALIZE_CONTEXT); 827 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
874 goto err; 828 goto err;
875 } 829 }
876 if (mlen != (unsigned int)os->length) 830 if (mlen != (unsigned int)os->length) {
877 {
878 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 831 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
879 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); 832 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
880 goto err; 833 goto err;
881 } 834 }
882 835
883 if (memcmp(mval, os->data, mlen)) 836 if (memcmp(mval, os->data, mlen)) {
884 {
885 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 837 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
886 CMS_R_VERIFICATION_FAILURE); 838 CMS_R_VERIFICATION_FAILURE);
887 r = 0; 839 r = 0;
888 } 840 } else
889 else
890 r = 1; 841 r = 1;
891 } 842 } else {
892 else
893 {
894 r = EVP_VerifyFinal(&mctx, si->signature->data, 843 r = EVP_VerifyFinal(&mctx, si->signature->data,
895 si->signature->length, si->pkey); 844 si->signature->length, si->pkey);
896 if (r <= 0) 845 if (r <= 0) {
897 {
898 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 846 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
899 CMS_R_VERIFICATION_FAILURE); 847 CMS_R_VERIFICATION_FAILURE);
900 r = 0; 848 r = 0;
901 }
902 } 849 }
850 }
903 851
904 err: 852err:
905 EVP_MD_CTX_cleanup(&mctx); 853 EVP_MD_CTX_cleanup(&mctx);
906 return r; 854 return r;
855}
907 856
908 } 857int
909 858CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
910int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) 859{
911 {
912 unsigned char *smder = NULL; 860 unsigned char *smder = NULL;
913 int smderlen, r; 861 int smderlen, r;
862
914 smderlen = i2d_X509_ALGORS(algs, &smder); 863 smderlen = i2d_X509_ALGORS(algs, &smder);
915 if (smderlen <= 0) 864 if (smderlen <= 0)
916 return 0; 865 return 0;
917 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, 866 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
918 V_ASN1_SEQUENCE, smder, smderlen); 867 V_ASN1_SEQUENCE, smder, smderlen);
919 free(smder); 868 free(smder);
920 return r; 869 return r;
921 } 870}
922 871
923int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 872int
924 int algnid, int keysize) 873CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize)
925 { 874{
926 X509_ALGOR *alg; 875 X509_ALGOR *alg;
927 ASN1_INTEGER *key = NULL; 876 ASN1_INTEGER *key = NULL;
928 if (keysize > 0) 877
929 { 878 if (keysize > 0) {
930 key = ASN1_INTEGER_new(); 879 key = ASN1_INTEGER_new();
931 if (!key || !ASN1_INTEGER_set(key, keysize)) 880 if (!key || !ASN1_INTEGER_set(key, keysize))
932 return 0; 881 return 0;
933 } 882 }
934 alg = X509_ALGOR_new(); 883 alg = X509_ALGOR_new();
935 if (!alg) 884 if (!alg) {
936 {
937 if (key) 885 if (key)
938 ASN1_INTEGER_free(key); 886 ASN1_INTEGER_free(key);
939 return 0; 887 return 0;
940 } 888 }
941 889
942 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 890 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
943 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); 891 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
944 if (!*algs) 892 if (!*algs)
945 *algs = sk_X509_ALGOR_new_null(); 893 *algs = sk_X509_ALGOR_new_null();
946 if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) 894 if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) {
947 {
948 X509_ALGOR_free(alg); 895 X509_ALGOR_free(alg);
949 return 0; 896 return 0;
950 }
951 return 1;
952 } 897 }
898 return 1;
899}
953 900
954/* Check to see if a cipher exists and if so add S/MIME capabilities */ 901/* Check to see if a cipher exists and if so add S/MIME capabilities */
955 902
956static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 903static int
957 { 904cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
905{
958 if (EVP_get_cipherbynid(nid)) 906 if (EVP_get_cipherbynid(nid))
959 return CMS_add_simple_smimecap(sk, nid, arg); 907 return CMS_add_simple_smimecap(sk, nid, arg);
960 return 1; 908 return 1;
961 } 909}
962 910
963static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 911static int
964 { 912cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
913{
965 if (EVP_get_digestbynid(nid)) 914 if (EVP_get_digestbynid(nid))
966 return CMS_add_simple_smimecap(sk, nid, arg); 915 return CMS_add_simple_smimecap(sk, nid, arg);
967 return 1; 916 return 1;
968 } 917}
969 918
970int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 919int
971 { 920CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
972 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 921{
973 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 922 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
974 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 923 !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
975 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 924 !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
976 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 925 !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
977 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 926 !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
978 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) 927 !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
979 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) 928 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
980 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) 929 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
981 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) 930 !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) ||
931 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
982 return 0; 932 return 0;
983 return 1; 933 return 1;
984 } 934}
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index 94f60c1b5c..e32a58b3bc 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -59,114 +59,107 @@
59#include <openssl/cms.h> 59#include <openssl/cms.h>
60#include "cms_lcl.h" 60#include "cms_lcl.h"
61 61
62static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) 62static int
63 { 63cms_copy_content(BIO *out, BIO *in, unsigned int flags)
64{
64 unsigned char buf[4096]; 65 unsigned char buf[4096];
65 int r = 0, i; 66 int r = 0, i;
66 BIO *tmpout = NULL; 67 BIO *tmpout = NULL;
67 68
68 if (out == NULL) 69 if (out == NULL)
69 tmpout = BIO_new(BIO_s_null()); 70 tmpout = BIO_new(BIO_s_null());
70 else if (flags & CMS_TEXT) 71 else if (flags & CMS_TEXT) {
71 {
72 tmpout = BIO_new(BIO_s_mem()); 72 tmpout = BIO_new(BIO_s_mem());
73 BIO_set_mem_eof_return(tmpout, 0); 73 BIO_set_mem_eof_return(tmpout, 0);
74 } 74 } else
75 else
76 tmpout = out; 75 tmpout = out;
77 76
78 if(!tmpout) 77 if (!tmpout) {
79 { 78 CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
80 CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
81 goto err; 79 goto err;
82 } 80 }
83 81
84 /* Read all content through chain to process digest, decrypt etc */ 82 /* Read all content through chain to process digest, decrypt etc */
85 for (;;) 83 for (;;) {
86 { 84 i = BIO_read(in, buf, sizeof(buf));
87 i=BIO_read(in,buf,sizeof(buf)); 85 if (i <= 0) {
88 if (i <= 0) 86 if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
89 {
90 if (BIO_method_type(in) == BIO_TYPE_CIPHER)
91 {
92 if (!BIO_get_cipher_status(in)) 87 if (!BIO_get_cipher_status(in))
93 goto err; 88 goto err;
94 } 89 }
95 if (i < 0) 90 if (i < 0)
96 goto err; 91 goto err;
97 break; 92 break;
98 } 93 }
99 94
100 if (tmpout && (BIO_write(tmpout, buf, i) != i)) 95 if (tmpout && (BIO_write(tmpout, buf, i) != i))
101 goto err; 96 goto err;
102 } 97 }
103 98
104 if(flags & CMS_TEXT) 99 if (flags & CMS_TEXT) {
105 { 100 if (!SMIME_text(tmpout, out)) {
106 if(!SMIME_text(tmpout, out)) 101 CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR);
107 {
108 CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
109 goto err; 102 goto err;
110 }
111 } 103 }
104 }
112 105
113 r = 1; 106 r = 1;
114 107
115 err: 108err:
116 if (tmpout && (tmpout != out)) 109 if (tmpout && (tmpout != out))
117 BIO_free(tmpout); 110 BIO_free(tmpout);
118 return r; 111 return r;
112}
119 113
120 } 114static int
121 115check_content(CMS_ContentInfo *cms)
122static int check_content(CMS_ContentInfo *cms) 116{
123 {
124 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 117 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
125 if (!pos || !*pos) 118
126 { 119 if (!pos || !*pos) {
127 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); 120 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
128 return 0; 121 return 0;
129 }
130 return 1;
131 } 122 }
123 return 1;
124}
132 125
133static void do_free_upto(BIO *f, BIO *upto) 126static void
134 { 127do_free_upto(BIO *f, BIO *upto)
135 if (upto) 128{
136 { 129 if (upto) {
137 BIO *tbio; 130 BIO *tbio;
138 do 131 do {
139 {
140 tbio = BIO_pop(f); 132 tbio = BIO_pop(f);
141 BIO_free(f); 133 BIO_free(f);
142 f = tbio; 134 f = tbio;
143 } 135 } while (f != upto);
144 while (f != upto); 136 } else
145 }
146 else
147 BIO_free_all(f); 137 BIO_free_all(f);
148 } 138}
149 139
150int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) 140int
151 { 141CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
142{
152 BIO *cont; 143 BIO *cont;
153 int r; 144 int r;
154 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) 145
155 { 146 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
156 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); 147 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
157 return 0; 148 return 0;
158 } 149 }
159 cont = CMS_dataInit(cms, NULL); 150 cont = CMS_dataInit(cms, NULL);
160 if (!cont) 151 if (!cont)
161 return 0; 152 return 0;
162 r = cms_copy_content(out, cont, flags); 153 r = cms_copy_content(out, cont, flags);
163 BIO_free_all(cont); 154 BIO_free_all(cont);
164 return r; 155 return r;
165 } 156}
166 157
167CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) 158CMS_ContentInfo *
168 { 159CMS_data_create(BIO *in, unsigned int flags)
160{
169 CMS_ContentInfo *cms; 161 CMS_ContentInfo *cms;
162
170 cms = cms_Data_create(); 163 cms = cms_Data_create();
171 if (!cms) 164 if (!cms)
172 return NULL; 165 return NULL;
@@ -177,18 +170,19 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
177 CMS_ContentInfo_free(cms); 170 CMS_ContentInfo_free(cms);
178 171
179 return NULL; 172 return NULL;
180 } 173}
181 174
182int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 175int
183 unsigned int flags) 176CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
184 { 177 unsigned int flags)
178{
185 BIO *cont; 179 BIO *cont;
186 int r; 180 int r;
187 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) 181
188 { 182 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
189 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); 183 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
190 return 0; 184 return 0;
191 } 185 }
192 186
193 if (!dcont && !check_content(cms)) 187 if (!dcont && !check_content(cms))
194 return 0; 188 return 0;
@@ -201,19 +195,20 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
201 r = cms_DigestedData_do_final(cms, cont, 1); 195 r = cms_DigestedData_do_final(cms, cont, 1);
202 do_free_upto(cont, dcont); 196 do_free_upto(cont, dcont);
203 return r; 197 return r;
204 } 198}
205 199
206CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, 200CMS_ContentInfo *
207 unsigned int flags) 201CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags)
208 { 202{
209 CMS_ContentInfo *cms; 203 CMS_ContentInfo *cms;
204
210 if (!md) 205 if (!md)
211 md = EVP_sha1(); 206 md = EVP_sha1();
212 cms = cms_DigestedData_create(md); 207 cms = cms_DigestedData_create(md);
213 if (!cms) 208 if (!cms)
214 return NULL; 209 return NULL;
215 210
216 if(!(flags & CMS_DETACHED)) 211 if (!(flags & CMS_DETACHED))
217 CMS_set_detached(cms, 0); 212 CMS_set_detached(cms, 0);
218 213
219 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) 214 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
@@ -221,20 +216,20 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
221 216
222 CMS_ContentInfo_free(cms); 217 CMS_ContentInfo_free(cms);
223 return NULL; 218 return NULL;
224 } 219}
225 220
226int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, 221int
227 const unsigned char *key, size_t keylen, 222CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
228 BIO *dcont, BIO *out, unsigned int flags) 223 size_t keylen, BIO *dcont, BIO *out, unsigned int flags)
229 { 224{
230 BIO *cont; 225 BIO *cont;
231 int r; 226 int r;
232 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) 227
233 { 228 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
234 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 229 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
235 CMS_R_TYPE_NOT_ENCRYPTED_DATA); 230 CMS_R_TYPE_NOT_ENCRYPTED_DATA);
236 return 0; 231 return 0;
237 } 232 }
238 233
239 if (!dcont && !check_content(cms)) 234 if (!dcont && !check_content(cms))
240 return 0; 235 return 0;
@@ -247,75 +242,73 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
247 r = cms_copy_content(out, cont, flags); 242 r = cms_copy_content(out, cont, flags);
248 do_free_upto(cont, dcont); 243 do_free_upto(cont, dcont);
249 return r; 244 return r;
250 } 245}
251 246
252CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, 247CMS_ContentInfo *
253 const unsigned char *key, size_t keylen, 248CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
254 unsigned int flags) 249 const unsigned char *key, size_t keylen, unsigned int flags)
255 { 250{
256 CMS_ContentInfo *cms; 251 CMS_ContentInfo *cms;
257 if (!cipher) 252
258 { 253 if (!cipher) {
259 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); 254 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
260 return NULL; 255 return NULL;
261 } 256 }
262 cms = CMS_ContentInfo_new(); 257 cms = CMS_ContentInfo_new();
263 if (!cms) 258 if (!cms)
264 return NULL; 259 return NULL;
265 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) 260 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
266 return NULL; 261 return NULL;
267 262
268 if(!(flags & CMS_DETACHED)) 263 if (!(flags & CMS_DETACHED))
269 CMS_set_detached(cms, 0); 264 CMS_set_detached(cms, 0);
270 265
271 if ((flags & (CMS_STREAM|CMS_PARTIAL)) 266 if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
272 || CMS_final(cms, in, NULL, flags)) 267 CMS_final(cms, in, NULL, flags))
273 return cms; 268 return cms;
274 269
275 CMS_ContentInfo_free(cms); 270 CMS_ContentInfo_free(cms);
276 return NULL; 271 return NULL;
277 } 272}
278 273
279static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, 274static int
280 X509_STORE *store, 275cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store,
281 STACK_OF(X509) *certs, 276 STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls, unsigned int flags)
282 STACK_OF(X509_CRL) *crls, 277{
283 unsigned int flags)
284 {
285 X509_STORE_CTX ctx; 278 X509_STORE_CTX ctx;
286 X509 *signer; 279 X509 *signer;
287 int i, j, r = 0; 280 int i, j, r = 0;
281
288 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); 282 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
289 if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) 283 if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) {
290 {
291 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 284 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
292 CMS_R_STORE_INIT_ERROR); 285 CMS_R_STORE_INIT_ERROR);
293 goto err; 286 goto err;
294 } 287 }
295 X509_STORE_CTX_set_default(&ctx, "smime_sign"); 288 X509_STORE_CTX_set_default(&ctx, "smime_sign");
296 if (crls) 289 if (crls)
297 X509_STORE_CTX_set0_crls(&ctx, crls); 290 X509_STORE_CTX_set0_crls(&ctx, crls);
298 291
299 i = X509_verify_cert(&ctx); 292 i = X509_verify_cert(&ctx);
300 if (i <= 0) 293 if (i <= 0) {
301 {
302 j = X509_STORE_CTX_get_error(&ctx); 294 j = X509_STORE_CTX_get_error(&ctx);
303 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 295 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
304 CMS_R_CERTIFICATE_VERIFY_ERROR); 296 CMS_R_CERTIFICATE_VERIFY_ERROR);
305 ERR_asprintf_error_data("Verify error:%s", 297 ERR_asprintf_error_data("Verify error:%s",
306 X509_verify_cert_error_string(j)); 298 X509_verify_cert_error_string(j));
307 goto err; 299 goto err;
308 } 300 }
309 r = 1; 301 r = 1;
310 err: 302
303err:
311 X509_STORE_CTX_cleanup(&ctx); 304 X509_STORE_CTX_cleanup(&ctx);
312 return r; 305 return r;
306}
313 307
314 } 308int
315 309CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
316int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 310 BIO *dcont, BIO *out, unsigned int flags)
317 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) 311{
318 {
319 CMS_SignerInfo *si; 312 CMS_SignerInfo *si;
320 STACK_OF(CMS_SignerInfo) *sinfos; 313 STACK_OF(CMS_SignerInfo) *sinfos;
321 STACK_OF(X509) *cms_certs = NULL; 314 STACK_OF(X509) *cms_certs = NULL;
@@ -331,58 +324,51 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
331 324
332 sinfos = CMS_get0_SignerInfos(cms); 325 sinfos = CMS_get0_SignerInfos(cms);
333 326
334 if (sk_CMS_SignerInfo_num(sinfos) <= 0) 327 if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
335 {
336 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); 328 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
337 goto err; 329 goto err;
338 } 330 }
339 331
340 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 332 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
341 {
342 si = sk_CMS_SignerInfo_value(sinfos, i); 333 si = sk_CMS_SignerInfo_value(sinfos, i);
343 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); 334 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
344 if (signer) 335 if (signer)
345 scount++; 336 scount++;
346 } 337 }
347 338
348 if (scount != sk_CMS_SignerInfo_num(sinfos)) 339 if (scount != sk_CMS_SignerInfo_num(sinfos))
349 scount += CMS_set1_signers_certs(cms, certs, flags); 340 scount += CMS_set1_signers_certs(cms, certs, flags);
350 341
351 if (scount != sk_CMS_SignerInfo_num(sinfos)) 342 if (scount != sk_CMS_SignerInfo_num(sinfos)) {
352 {
353 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); 343 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
354 goto err; 344 goto err;
355 } 345 }
356 346
357 /* Attempt to verify all signers certs */ 347 /* Attempt to verify all signers certs */
358 348
359 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) 349 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
360 {
361 cms_certs = CMS_get1_certs(cms); 350 cms_certs = CMS_get1_certs(cms);
362 if (!(flags & CMS_NOCRL)) 351 if (!(flags & CMS_NOCRL))
363 crls = CMS_get1_crls(cms); 352 crls = CMS_get1_crls(cms);
364 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 353 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
365 {
366 si = sk_CMS_SignerInfo_value(sinfos, i); 354 si = sk_CMS_SignerInfo_value(sinfos, i);
367 if (!cms_signerinfo_verify_cert(si, store, 355 if (!cms_signerinfo_verify_cert(si, store,
368 cms_certs, crls, flags)) 356 cms_certs, crls, flags))
369 goto err; 357 goto err;
370 }
371 } 358 }
359 }
372 360
373 /* Attempt to verify all SignerInfo signed attribute signatures */ 361 /* Attempt to verify all SignerInfo signed attribute signatures */
374 362
375 if (!(flags & CMS_NO_ATTR_VERIFY)) 363 if (!(flags & CMS_NO_ATTR_VERIFY)) {
376 { 364 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
377 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
378 {
379 si = sk_CMS_SignerInfo_value(sinfos, i); 365 si = sk_CMS_SignerInfo_value(sinfos, i);
380 if (CMS_signed_get_attr_count(si) < 0) 366 if (CMS_signed_get_attr_count(si) < 0)
381 continue; 367 continue;
382 if (CMS_SignerInfo_verify(si) <= 0) 368 if (CMS_SignerInfo_verify(si) <= 0)
383 goto err; 369 goto err;
384 }
385 } 370 }
371 }
386 372
387 /* Performance optimization: if the content is a memory BIO then 373 /* Performance optimization: if the content is a memory BIO then
388 * store its contents in a temporary read only memory BIO. This 374 * store its contents in a temporary read only memory BIO. This
@@ -391,47 +377,40 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
391 * are calculated. 377 * are calculated.
392 */ 378 */
393 379
394 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) 380 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
395 {
396 char *ptr; 381 char *ptr;
397 long len; 382 long len;
398 len = BIO_get_mem_data(dcont, &ptr); 383 len = BIO_get_mem_data(dcont, &ptr);
399 tmpin = BIO_new_mem_buf(ptr, len); 384 tmpin = BIO_new_mem_buf(ptr, len);
400 if (tmpin == NULL) 385 if (tmpin == NULL) {
401 { 386 CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
402 CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
403 return 0; 387 return 0;
404 }
405 } 388 }
406 else 389 } else
407 tmpin = dcont; 390 tmpin = dcont;
408
409 391
410 cmsbio=CMS_dataInit(cms, tmpin); 392
393 cmsbio = CMS_dataInit(cms, tmpin);
411 if (!cmsbio) 394 if (!cmsbio)
412 goto err; 395 goto err;
413 396
414 if (!cms_copy_content(out, cmsbio, flags)) 397 if (!cms_copy_content(out, cmsbio, flags))
415 goto err; 398 goto err;
416 399
417 if (!(flags & CMS_NO_CONTENT_VERIFY)) 400 if (!(flags & CMS_NO_CONTENT_VERIFY)) {
418 { 401 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
419 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
420 {
421 si = sk_CMS_SignerInfo_value(sinfos, i); 402 si = sk_CMS_SignerInfo_value(sinfos, i);
422 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) 403 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
423 {
424 CMSerr(CMS_F_CMS_VERIFY, 404 CMSerr(CMS_F_CMS_VERIFY,
425 CMS_R_CONTENT_VERIFY_ERROR); 405 CMS_R_CONTENT_VERIFY_ERROR);
426 goto err; 406 goto err;
427 }
428 } 407 }
429 } 408 }
409 }
430 410
431 ret = 1; 411 ret = 1;
432 412
433 err: 413err:
434
435 if (dcont && (tmpin == dcont)) 414 if (dcont && (tmpin == dcont))
436 do_free_upto(cmsbio, dcont); 415 do_free_upto(cmsbio, dcont);
437 else 416 else
@@ -443,23 +422,25 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
443 sk_X509_CRL_pop_free(crls, X509_CRL_free); 422 sk_X509_CRL_pop_free(crls, X509_CRL_free);
444 423
445 return ret; 424 return ret;
446 } 425}
447 426
448int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, 427int
449 STACK_OF(X509) *certs, 428CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
450 X509_STORE *store, unsigned int flags) 429 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags)
451 { 430{
452 int r; 431 int r;
432
453 flags &= ~(CMS_DETACHED|CMS_TEXT); 433 flags &= ~(CMS_DETACHED|CMS_TEXT);
454 r = CMS_verify(rcms, certs, store, NULL, NULL, flags); 434 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
455 if (r <= 0) 435 if (r <= 0)
456 return r; 436 return r;
457 return cms_Receipt_verify(rcms, ocms); 437 return cms_Receipt_verify(rcms, ocms);
458 } 438}
459 439
460CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 440CMS_ContentInfo *
461 BIO *data, unsigned int flags) 441CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
462 { 442 unsigned int flags)
443{
463 CMS_ContentInfo *cms; 444 CMS_ContentInfo *cms;
464 int i; 445 int i;
465 446
@@ -467,42 +448,38 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
467 if (!cms || !CMS_SignedData_init(cms)) 448 if (!cms || !CMS_SignedData_init(cms))
468 goto merr; 449 goto merr;
469 450
470 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) 451 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
471 {
472 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR); 452 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
473 goto err; 453 goto err;
474 } 454 }
475 455
476 for (i = 0; i < sk_X509_num(certs); i++) 456 for (i = 0; i < sk_X509_num(certs); i++) {
477 {
478 X509 *x = sk_X509_value(certs, i); 457 X509 *x = sk_X509_value(certs, i);
479 if (!CMS_add1_cert(cms, x)) 458 if (!CMS_add1_cert(cms, x))
480 goto merr; 459 goto merr;
481 } 460 }
482 461
483 if(!(flags & CMS_DETACHED)) 462 if (!(flags & CMS_DETACHED))
484 CMS_set_detached(cms, 0); 463 CMS_set_detached(cms, 0);
485 464
486 if ((flags & (CMS_STREAM|CMS_PARTIAL)) 465 if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
487 || CMS_final(cms, data, NULL, flags)) 466 CMS_final(cms, data, NULL, flags))
488 return cms; 467 return cms;
489 else 468 else
490 goto err; 469 goto err;
491 470
492 merr: 471merr:
493 CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); 472 CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
494 473err:
495 err:
496 if (cms) 474 if (cms)
497 CMS_ContentInfo_free(cms); 475 CMS_ContentInfo_free(cms);
498 return NULL; 476 return NULL;
499 } 477}
500 478
501CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, 479CMS_ContentInfo *
502 X509 *signcert, EVP_PKEY *pkey, 480CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey,
503 STACK_OF(X509) *certs, 481 STACK_OF(X509) *certs, unsigned int flags)
504 unsigned int flags) 482{
505 {
506 CMS_SignerInfo *rct_si; 483 CMS_SignerInfo *rct_si;
507 CMS_ContentInfo *cms = NULL; 484 CMS_ContentInfo *cms = NULL;
508 ASN1_OCTET_STRING **pos, *os; 485 ASN1_OCTET_STRING **pos, *os;
@@ -512,11 +489,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
512 flags &= ~(CMS_STREAM|CMS_TEXT); 489 flags &= ~(CMS_STREAM|CMS_TEXT);
513 /* Not really detached but avoids content being allocated */ 490 /* Not really detached but avoids content being allocated */
514 flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED; 491 flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
515 if (!pkey || !signcert) 492 if (!pkey || !signcert) {
516 {
517 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT); 493 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
518 return NULL; 494 return NULL;
519 } 495 }
520 496
521 /* Initialize signed data */ 497 /* Initialize signed data */
522 498
@@ -529,11 +505,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
529 goto err; 505 goto err;
530 506
531 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags); 507 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
532 if (!rct_si) 508 if (!rct_si) {
533 {
534 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR); 509 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
535 goto err; 510 goto err;
536 } 511 }
537 512
538 os = cms_encode_Receipt(si); 513 os = cms_encode_Receipt(si);
539 514
@@ -560,91 +535,88 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
560 535
561 r = 1; 536 r = 1;
562 537
563 err: 538err:
564 if (rct_cont) 539 if (rct_cont)
565 BIO_free(rct_cont); 540 BIO_free(rct_cont);
566 if (r) 541 if (r)
567 return cms; 542 return cms;
568 CMS_ContentInfo_free(cms); 543 CMS_ContentInfo_free(cms);
569 return NULL; 544 return NULL;
545}
570 546
571 } 547CMS_ContentInfo *
572 548CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher,
573CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, 549 unsigned int flags)
574 const EVP_CIPHER *cipher, unsigned int flags) 550{
575 {
576 CMS_ContentInfo *cms; 551 CMS_ContentInfo *cms;
577 int i; 552 int i;
578 X509 *recip; 553 X509 *recip;
554
579 cms = CMS_EnvelopedData_create(cipher); 555 cms = CMS_EnvelopedData_create(cipher);
580 if (!cms) 556 if (!cms)
581 goto merr; 557 goto merr;
582 for (i = 0; i < sk_X509_num(certs); i++) 558 for (i = 0; i < sk_X509_num(certs); i++) {
583 {
584 recip = sk_X509_value(certs, i); 559 recip = sk_X509_value(certs, i);
585 if (!CMS_add1_recipient_cert(cms, recip, flags)) 560 if (!CMS_add1_recipient_cert(cms, recip, flags)) {
586 {
587 CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR); 561 CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
588 goto err; 562 goto err;
589 }
590 } 563 }
564 }
591 565
592 if(!(flags & CMS_DETACHED)) 566 if (!(flags & CMS_DETACHED))
593 CMS_set_detached(cms, 0); 567 CMS_set_detached(cms, 0);
594 568
595 if ((flags & (CMS_STREAM|CMS_PARTIAL)) 569 if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
596 || CMS_final(cms, data, NULL, flags)) 570 CMS_final(cms, data, NULL, flags))
597 return cms; 571 return cms;
598 else 572 else
599 goto err; 573 goto err;
600 574
601 merr: 575merr:
602 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); 576 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
603 err: 577err:
604 if (cms) 578 if (cms)
605 CMS_ContentInfo_free(cms); 579 CMS_ContentInfo_free(cms);
606 return NULL; 580 return NULL;
607 } 581}
608 582
609int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 583int
610 { 584CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
585{
611 STACK_OF(CMS_RecipientInfo) *ris; 586 STACK_OF(CMS_RecipientInfo) *ris;
612 CMS_RecipientInfo *ri; 587 CMS_RecipientInfo *ri;
613 int i, r; 588 int i, r;
614 int debug = 0; 589 int debug = 0;
590
615 ris = CMS_get0_RecipientInfos(cms); 591 ris = CMS_get0_RecipientInfos(cms);
616 if (ris) 592 if (ris)
617 debug = cms->d.envelopedData->encryptedContentInfo->debug; 593 debug = cms->d.envelopedData->encryptedContentInfo->debug;
618 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) 594 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
619 {
620 ri = sk_CMS_RecipientInfo_value(ris, i); 595 ri = sk_CMS_RecipientInfo_value(ris, i);
621 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) 596 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
622 continue; 597 continue;
623 /* If we have a cert try matching RecipientInfo 598 /* If we have a cert try matching RecipientInfo
624 * otherwise try them all. 599 * otherwise try them all.
625 */ 600 */
626 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) 601 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) {
627 {
628 CMS_RecipientInfo_set0_pkey(ri, pk); 602 CMS_RecipientInfo_set0_pkey(ri, pk);
629 r = CMS_RecipientInfo_decrypt(cms, ri); 603 r = CMS_RecipientInfo_decrypt(cms, ri);
630 CMS_RecipientInfo_set0_pkey(ri, NULL); 604 CMS_RecipientInfo_set0_pkey(ri, NULL);
631 if (cert) 605 if (cert) {
632 {
633 /* If not debugging clear any error and 606 /* If not debugging clear any error and
634 * return success to avoid leaking of 607 * return success to avoid leaking of
635 * information useful to MMA 608 * information useful to MMA
636 */ 609 */
637 if (!debug) 610 if (!debug) {
638 {
639 ERR_clear_error(); 611 ERR_clear_error();
640 return 1; 612 return 1;
641 } 613 }
642 if (r > 0) 614 if (r > 0)
643 return 1; 615 return 1;
644 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, 616 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
645 CMS_R_DECRYPT_ERROR); 617 CMS_R_DECRYPT_ERROR);
646 return 0; 618 return 0;
647 } 619 }
648 /* If no cert and not debugging don't leave loop 620 /* If no cert and not debugging don't leave loop
649 * after first successful decrypt. Always attempt 621 * after first successful decrypt. Always attempt
650 * to decrypt all recipients to avoid leaking timing 622 * to decrypt all recipients to avoid leaking timing
@@ -652,94 +624,90 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
652 */ 624 */
653 else if (r > 0 && debug) 625 else if (r > 0 && debug)
654 return 1; 626 return 1;
655 }
656 } 627 }
628 }
657 /* If no cert and not debugging always return success */ 629 /* If no cert and not debugging always return success */
658 if (!cert && !debug) 630 if (!cert && !debug) {
659 {
660 ERR_clear_error(); 631 ERR_clear_error();
661 return 1; 632 return 1;
662 } 633 }
663 634
664 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); 635 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
665 return 0; 636 return 0;
637}
666 638
667 } 639int
668 640CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen,
669int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 641 unsigned char *id, size_t idlen)
670 unsigned char *key, size_t keylen, 642{
671 unsigned char *id, size_t idlen)
672 {
673 STACK_OF(CMS_RecipientInfo) *ris; 643 STACK_OF(CMS_RecipientInfo) *ris;
674 CMS_RecipientInfo *ri; 644 CMS_RecipientInfo *ri;
675 int i, r; 645 int i, r;
646
676 ris = CMS_get0_RecipientInfos(cms); 647 ris = CMS_get0_RecipientInfos(cms);
677 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) 648 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
678 {
679 ri = sk_CMS_RecipientInfo_value(ris, i); 649 ri = sk_CMS_RecipientInfo_value(ris, i);
680 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) 650 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
681 continue; 651 continue;
682 652
683 /* If we have an id try matching RecipientInfo 653 /* If we have an id try matching RecipientInfo
684 * otherwise try them all. 654 * otherwise try them all.
685 */ 655 */
686 if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) 656 if (!id ||
687 { 657 (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
688 CMS_RecipientInfo_set0_key(ri, key, keylen); 658 CMS_RecipientInfo_set0_key(ri, key, keylen);
689 r = CMS_RecipientInfo_decrypt(cms, ri); 659 r = CMS_RecipientInfo_decrypt(cms, ri);
690 CMS_RecipientInfo_set0_key(ri, NULL, 0); 660 CMS_RecipientInfo_set0_key(ri, NULL, 0);
691 if (r > 0) 661 if (r > 0)
692 return 1; 662 return 1;
693 if (id) 663 if (id) {
694 {
695 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, 664 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
696 CMS_R_DECRYPT_ERROR); 665 CMS_R_DECRYPT_ERROR);
697 return 0; 666 return 0;
698 }
699 ERR_clear_error();
700 } 667 }
668 ERR_clear_error();
701 } 669 }
670 }
702 671
703 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); 672 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
704 return 0; 673 return 0;
674}
705 675
706 } 676int
707 677CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
708int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 678 ssize_t passlen)
709 unsigned char *pass, ssize_t passlen) 679{
710 {
711 STACK_OF(CMS_RecipientInfo) *ris; 680 STACK_OF(CMS_RecipientInfo) *ris;
712 CMS_RecipientInfo *ri; 681 CMS_RecipientInfo *ri;
713 int i, r; 682 int i, r;
683
714 ris = CMS_get0_RecipientInfos(cms); 684 ris = CMS_get0_RecipientInfos(cms);
715 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) 685 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
716 {
717 ri = sk_CMS_RecipientInfo_value(ris, i); 686 ri = sk_CMS_RecipientInfo_value(ris, i);
718 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS) 687 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
719 continue; 688 continue;
720 CMS_RecipientInfo_set0_password(ri, pass, passlen); 689 CMS_RecipientInfo_set0_password(ri, pass, passlen);
721 r = CMS_RecipientInfo_decrypt(cms, ri); 690 r = CMS_RecipientInfo_decrypt(cms, ri);
722 CMS_RecipientInfo_set0_password(ri, NULL, 0); 691 CMS_RecipientInfo_set0_password(ri, NULL, 0);
723 if (r > 0) 692 if (r > 0)
724 return 1; 693 return 1;
725 } 694 }
726 695
727 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT); 696 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
728 return 0; 697 return 0;
698}
729 699
730 } 700int
731 701CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
732int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, 702 BIO *out, unsigned int flags)
733 BIO *dcont, BIO *out, 703{
734 unsigned int flags)
735 {
736 int r; 704 int r;
737 BIO *cont; 705 BIO *cont;
738 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) 706
739 { 707 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
740 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); 708 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
741 return 0; 709 return 0;
742 } 710 }
743 if (!dcont && !check_content(cms)) 711 if (!dcont && !check_content(cms))
744 return 0; 712 return 0;
745 if (flags & CMS_DEBUG_DECRYPT) 713 if (flags & CMS_DEBUG_DECRYPT)
@@ -756,51 +724,50 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
756 r = cms_copy_content(out, cont, flags); 724 r = cms_copy_content(out, cont, flags);
757 do_free_upto(cont, dcont); 725 do_free_upto(cont, dcont);
758 return r; 726 return r;
759 } 727}
760 728
761int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) 729int
762 { 730CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
731{
763 BIO *cmsbio; 732 BIO *cmsbio;
764 int ret = 0; 733 int ret = 0;
765 if (!(cmsbio = CMS_dataInit(cms, dcont))) 734
766 { 735 if (!(cmsbio = CMS_dataInit(cms, dcont))) {
767 CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE); 736 CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
768 return 0; 737 return 0;
769 } 738 }
770 739
771 SMIME_crlf_copy(data, cmsbio, flags); 740 SMIME_crlf_copy(data, cmsbio, flags);
772 741
773 (void)BIO_flush(cmsbio); 742 (void)BIO_flush(cmsbio);
774 743
775 744
776 if (!CMS_dataFinal(cms, cmsbio)) 745 if (!CMS_dataFinal(cms, cmsbio)) {
777 { 746 CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR);
778 CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
779 goto err; 747 goto err;
780 } 748 }
781 749
782 ret = 1; 750 ret = 1;
783 751
784 err: 752err:
785 do_free_upto(cmsbio, dcont); 753 do_free_upto(cmsbio, dcont);
786 754
787 return ret; 755 return ret;
788 756}
789 }
790 757
791#ifdef ZLIB 758#ifdef ZLIB
792 759
793int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 760int
794 unsigned int flags) 761CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
795 { 762{
796 BIO *cont; 763 BIO *cont;
797 int r; 764 int r;
798 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) 765
799 { 766 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
800 CMSerr(CMS_F_CMS_UNCOMPRESS, 767 CMSerr(CMS_F_CMS_UNCOMPRESS,
801 CMS_R_TYPE_NOT_COMPRESSED_DATA); 768 CMS_R_TYPE_NOT_COMPRESSED_DATA);
802 return 0; 769 return 0;
803 } 770 }
804 771
805 if (!dcont && !check_content(cms)) 772 if (!dcont && !check_content(cms))
806 return 0; 773 return 0;
@@ -811,18 +778,20 @@ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
811 r = cms_copy_content(out, cont, flags); 778 r = cms_copy_content(out, cont, flags);
812 do_free_upto(cont, dcont); 779 do_free_upto(cont, dcont);
813 return r; 780 return r;
814 } 781}
815 782
816CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 783CMS_ContentInfo *
817 { 784CMS_compress(BIO *in, int comp_nid, unsigned int flags)
785{
818 CMS_ContentInfo *cms; 786 CMS_ContentInfo *cms;
787
819 if (comp_nid <= 0) 788 if (comp_nid <= 0)
820 comp_nid = NID_zlib_compression; 789 comp_nid = NID_zlib_compression;
821 cms = cms_CompressedData_create(comp_nid); 790 cms = cms_CompressedData_create(comp_nid);
822 if (!cms) 791 if (!cms)
823 return NULL; 792 return NULL;
824 793
825 if(!(flags & CMS_DETACHED)) 794 if (!(flags & CMS_DETACHED))
826 CMS_set_detached(cms, 0); 795 CMS_set_detached(cms, 0);
827 796
828 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) 797 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
@@ -830,21 +799,22 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
830 799
831 CMS_ContentInfo_free(cms); 800 CMS_ContentInfo_free(cms);
832 return NULL; 801 return NULL;
833 } 802}
834 803
835#else 804#else
836 805
837int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 806int
838 unsigned int flags) 807CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
839 { 808{
840 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 809 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
841 return 0; 810 return 0;
842 } 811}
843 812
844CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 813CMS_ContentInfo *
845 { 814CMS_compress(BIO *in, int comp_nid, unsigned int flags)
815{
846 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 816 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
847 return NULL; 817 return NULL;
848 } 818}
849 819
850#endif 820#endif
diff --git a/src/lib/libssl/src/crypto/cms/cms.h b/src/lib/libssl/src/crypto/cms/cms.h
index 150607469d..0a782d3163 100644
--- a/src/lib/libssl/src/crypto/cms/cms.h
+++ b/src/lib/libssl/src/crypto/cms/cms.h
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -132,110 +132,94 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
132 132
133BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); 133BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
134int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); 134int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
135int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); 135int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
136 int flags);
136CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); 137CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
137int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); 138int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
138 139
139int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); 140int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
140 141
141CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 142CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
142 BIO *data, unsigned int flags); 143 STACK_OF(X509) *certs, BIO *data, unsigned int flags);
143 144
144CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, 145CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
145 X509 *signcert, EVP_PKEY *pkey, 146 EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
146 STACK_OF(X509) *certs,
147 unsigned int flags);
148 147
149int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); 148int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
150CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); 149CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
151 150
152int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 151int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
153 unsigned int flags); 152 unsigned int flags);
154CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, 153CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
155 unsigned int flags); 154 unsigned int flags);
156 155
157int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, 156int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
158 const unsigned char *key, size_t keylen, 157 size_t keylen, BIO *dcont, BIO *out, unsigned int flags);
159 BIO *dcont, BIO *out, unsigned int flags);
160 158
161CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, 159CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
162 const unsigned char *key, size_t keylen, 160 const unsigned char *key, size_t keylen, unsigned int flags);
163 unsigned int flags);
164 161
165int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, 162int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
166 const unsigned char *key, size_t keylen); 163 const unsigned char *key, size_t keylen);
167 164
168int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 165int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
169 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); 166 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
170 167
171int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, 168int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
172 STACK_OF(X509) *certs, 169 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
173 X509_STORE *store, unsigned int flags);
174 170
175STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); 171STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
176 172
177CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, 173CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
178 const EVP_CIPHER *cipher, unsigned int flags); 174 const EVP_CIPHER *cipher, unsigned int flags);
175
176int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont,
177 BIO *out, unsigned int flags);
179 178
180int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
181 BIO *dcont, BIO *out,
182 unsigned int flags);
183
184int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); 179int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
185int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 180int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key,
186 unsigned char *key, size_t keylen, 181 size_t keylen, unsigned char *id, size_t idlen);
187 unsigned char *id, size_t idlen); 182int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
188int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 183 ssize_t passlen);
189 unsigned char *pass, ssize_t passlen);
190 184
191STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); 185STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
192int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); 186int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
193CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); 187CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
194CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, 188CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
195 X509 *recip, unsigned int flags); 189 unsigned int flags);
196int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); 190int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
197int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); 191int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
198int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, 192int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
199 EVP_PKEY **pk, X509 **recip, 193 X509 **recip, X509_ALGOR **palg);
200 X509_ALGOR **palg);
201int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 194int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
202 ASN1_OCTET_STRING **keyid, 195 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
203 X509_NAME **issuer, ASN1_INTEGER **sno);
204 196
205CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 197CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
206 unsigned char *key, size_t keylen, 198 unsigned char *key, size_t keylen, unsigned char *id, size_t idlen,
207 unsigned char *id, size_t idlen, 199 ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId,
208 ASN1_GENERALIZEDTIME *date, 200 ASN1_TYPE *otherType);
209 ASN1_OBJECT *otherTypeId, 201
210 ASN1_TYPE *otherType); 202int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
211 203 ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
212int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, 204 ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
213 X509_ALGOR **palg, 205
214 ASN1_OCTET_STRING **pid, 206int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
215 ASN1_GENERALIZEDTIME **pdate, 207 size_t keylen);
216 ASN1_OBJECT **potherid, 208
217 ASN1_TYPE **pothertype); 209int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
218 210 const unsigned char *id, size_t idlen);
219int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 211
220 unsigned char *key, size_t keylen); 212int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
221 213 ssize_t passlen);
222int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 214
223 const unsigned char *id, size_t idlen); 215CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter,
224 216 int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen,
225int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 217 const EVP_CIPHER *kekciph);
226 unsigned char *pass,
227 ssize_t passlen);
228
229CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
230 int iter, int wrap_nid, int pbe_nid,
231 unsigned char *pass,
232 ssize_t passlen,
233 const EVP_CIPHER *kekciph);
234 218
235int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); 219int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
236 220
237int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 221int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
238 unsigned int flags); 222 unsigned int flags);
239CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); 223CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
240 224
241int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); 225int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
@@ -252,82 +236,70 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
252STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); 236STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
253 237
254int CMS_SignedData_init(CMS_ContentInfo *cms); 238int CMS_SignedData_init(CMS_ContentInfo *cms);
255CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 239CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer,
256 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 240 EVP_PKEY *pk, const EVP_MD *md, unsigned int flags);
257 unsigned int flags);
258STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); 241STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
259 242
260void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); 243void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
261int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 244int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
262 ASN1_OCTET_STRING **keyid, 245 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
263 X509_NAME **issuer, ASN1_INTEGER **sno);
264int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); 246int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
265int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 247int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
266 unsigned int flags); 248 unsigned int flags);
267void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, 249void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
268 X509_ALGOR **pdig, X509_ALGOR **psig); 250 X509_ALGOR **pdig, X509_ALGOR **psig);
269int CMS_SignerInfo_sign(CMS_SignerInfo *si); 251int CMS_SignerInfo_sign(CMS_SignerInfo *si);
270int CMS_SignerInfo_verify(CMS_SignerInfo *si); 252int CMS_SignerInfo_verify(CMS_SignerInfo *si);
271int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); 253int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
272 254
273int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); 255int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
274int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 256int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid,
275 int algnid, int keysize); 257 int keysize);
276int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); 258int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
277 259
278int CMS_signed_get_attr_count(const CMS_SignerInfo *si); 260int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
279int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 261int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos);
280 int lastpos);
281int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 262int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
282 int lastpos); 263 int lastpos);
283X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); 264X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
284X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); 265X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
285int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); 266int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
286int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 267int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
287 const ASN1_OBJECT *obj, int type, 268 int type, const void *bytes, int len);
288 const void *bytes, int len); 269int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
289int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 270 const void *bytes, int len);
290 int nid, int type, 271int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
291 const void *bytes, int len); 272 int type, const void *bytes, int len);
292int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
293 const char *attrname, int type,
294 const void *bytes, int len);
295void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 273void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
296 int lastpos, int type); 274 int lastpos, int type);
297 275
298int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); 276int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
299int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 277int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
300 int lastpos); 278 int lastpos);
301int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 279int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
302 int lastpos); 280 int lastpos);
303X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); 281X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
304X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); 282X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
305int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); 283int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
306int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 284int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
307 const ASN1_OBJECT *obj, int type, 285 int type, const void *bytes, int len);
308 const void *bytes, int len); 286int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
309int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 287 const void *bytes, int len);
310 int nid, int type, 288int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
311 const void *bytes, int len); 289 int type, const void *bytes, int len);
312int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
313 const char *attrname, int type,
314 const void *bytes, int len);
315void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 290void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
316 int lastpos, int type); 291 int lastpos, int type);
317 292
318#ifdef HEADER_X509V3_H 293#ifdef HEADER_X509V3_H
319 294
320int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); 295int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
321CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, 296CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
322 int allorfirst, 297 int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList,
323 STACK_OF(GENERAL_NAMES) *receiptList, 298 STACK_OF(GENERAL_NAMES) *receiptsTo);
324 STACK_OF(GENERAL_NAMES) *receiptsTo);
325int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); 299int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
326void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, 300void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
327 ASN1_STRING **pcid, 301 int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
328 int *pallorfirst, 302 STACK_OF(GENERAL_NAMES) **prto);
329 STACK_OF(GENERAL_NAMES) **plist,
330 STACK_OF(GENERAL_NAMES) **prto);
331 303
332#endif 304#endif
333 305
diff --git a/src/lib/libssl/src/crypto/cms/cms_asn1.c b/src/lib/libssl/src/crypto/cms/cms_asn1.c
index bd7466cc1d..a2b0217a93 100644
--- a/src/lib/libssl/src/crypto/cms/cms_asn1.c
+++ b/src/lib/libssl/src/crypto/cms/cms_asn1.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -57,7 +57,6 @@
57#include "cms.h" 57#include "cms.h"
58#include "cms_lcl.h" 58#include "cms_lcl.h"
59 59
60
61ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { 60ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
62 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), 61 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
63 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) 62 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
@@ -87,19 +86,18 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
87} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) 86} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
88 87
89/* Minor tweak to operation: free up signer key, cert */ 88/* Minor tweak to operation: free up signer key, cert */
90static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 89static int
91 void *exarg) 90cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
92 { 91{
93 if(operation == ASN1_OP_FREE_POST) 92 if (operation == ASN1_OP_FREE_POST) {
94 {
95 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; 93 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
96 if (si->pkey) 94 if (si->pkey)
97 EVP_PKEY_free(si->pkey); 95 EVP_PKEY_free(si->pkey);
98 if (si->signer) 96 if (si->signer)
99 X509_free(si->signer); 97 X509_free(si->signer);
100 }
101 return 1;
102 } 98 }
99 return 1;
100}
103 101
104ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { 102ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
105 ASN1_SIMPLE(CMS_SignerInfo, version, LONG), 103 ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
@@ -160,8 +158,8 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
160} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) 158} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
161 159
162ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { 160ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
163 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), 161 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
164 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) 162 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
165} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) 163} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
166 164
167ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = { 165ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
@@ -170,14 +168,14 @@ ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
170} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey) 168} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
171 169
172ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { 170ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
173 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), 171 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
174 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) 172 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
175} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) 173} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
176 174
177ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { 175ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
178 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), 176 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
179 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), 177 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
180 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) 178 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
181} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) 179} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
182 180
183ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = { 181ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
@@ -209,46 +207,38 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
209} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) 207} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
210 208
211ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { 209ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
212 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), 210 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
213 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) 211 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
214} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) 212} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
215 213
216/* Free up RecipientInfo additional data */ 214/* Free up RecipientInfo additional data */
217static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 215static int
218 void *exarg) 216cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
219 { 217{
220 if(operation == ASN1_OP_FREE_PRE) 218 if (operation == ASN1_OP_FREE_PRE) {
221 {
222 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; 219 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
223 if (ri->type == CMS_RECIPINFO_TRANS) 220 if (ri->type == CMS_RECIPINFO_TRANS) {
224 {
225 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 221 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
226 if (ktri->pkey) 222 if (ktri->pkey)
227 EVP_PKEY_free(ktri->pkey); 223 EVP_PKEY_free(ktri->pkey);
228 if (ktri->recip) 224 if (ktri->recip)
229 X509_free(ktri->recip); 225 X509_free(ktri->recip);
230 } 226 } else if (ri->type == CMS_RECIPINFO_KEK) {
231 else if (ri->type == CMS_RECIPINFO_KEK)
232 {
233 CMS_KEKRecipientInfo *kekri = ri->d.kekri; 227 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
234 if (kekri->key) 228 if (kekri->key) {
235 {
236 OPENSSL_cleanse(kekri->key, kekri->keylen); 229 OPENSSL_cleanse(kekri->key, kekri->keylen);
237 free(kekri->key); 230 free(kekri->key);
238 }
239 } 231 }
240 else if (ri->type == CMS_RECIPINFO_PASS) 232 } else if (ri->type == CMS_RECIPINFO_PASS) {
241 {
242 CMS_PasswordRecipientInfo *pwri = ri->d.pwri; 233 CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
243 if (pwri->pass) 234 if (pwri->pass) {
244 {
245 OPENSSL_cleanse(pwri->pass, pwri->passlen); 235 OPENSSL_cleanse(pwri->pass, pwri->passlen);
246 free(pwri->pass); 236 free(pwri->pass);
247 }
248 } 237 }
249 } 238 }
250 return 1;
251 } 239 }
240 return 1;
241}
252 242
253ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { 243ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
254 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), 244 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
@@ -295,7 +285,7 @@ ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
295 ASN1_SIMPLE(CMS_CompressedData, version, LONG), 285 ASN1_SIMPLE(CMS_CompressedData, version, LONG),
296 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), 286 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
297 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), 287 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
298} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) 288 } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
299 289
300/* This is the ANY DEFINED BY table for the top level ContentInfo structure */ 290/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
301 291
@@ -312,36 +302,34 @@ ASN1_ADB(CMS_ContentInfo) = {
312} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); 302} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
313 303
314/* CMS streaming support */ 304/* CMS streaming support */
315static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 305static int
316 void *exarg) 306cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
317 { 307{
318 ASN1_STREAM_ARG *sarg = exarg; 308 ASN1_STREAM_ARG *sarg = exarg;
319 CMS_ContentInfo *cms = NULL; 309 CMS_ContentInfo *cms = NULL;
310
320 if (pval) 311 if (pval)
321 cms = (CMS_ContentInfo *)*pval; 312 cms = (CMS_ContentInfo *)*pval;
322 else 313 else
323 return 1; 314 return 1;
324 switch(operation)
325 {
326 315
327 case ASN1_OP_STREAM_PRE: 316 switch (operation) {
317 case ASN1_OP_STREAM_PRE:
328 if (CMS_stream(&sarg->boundary, cms) <= 0) 318 if (CMS_stream(&sarg->boundary, cms) <= 0)
329 return 0; 319 return 0;
330 case ASN1_OP_DETACHED_PRE: 320 case ASN1_OP_DETACHED_PRE:
331 sarg->ndef_bio = CMS_dataInit(cms, sarg->out); 321 sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
332 if (!sarg->ndef_bio) 322 if (!sarg->ndef_bio)
333 return 0; 323 return 0;
334 break; 324 break;
335 325 case ASN1_OP_STREAM_POST:
336 case ASN1_OP_STREAM_POST: 326 case ASN1_OP_DETACHED_POST:
337 case ASN1_OP_DETACHED_POST:
338 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0) 327 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
339 return 0; 328 return 0;
340 break; 329 break;
341
342 }
343 return 1;
344 } 330 }
331 return 1;
332}
345 333
346ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { 334ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
347 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), 335 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
@@ -354,36 +342,33 @@ ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
354 * encoding. 342 * encoding.
355 */ 343 */
356 344
357ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 345ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
358 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) 346ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
359ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) 347ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
360 348
361/* When verifying attributes we need to use the received order. So 349/* When verifying attributes we need to use the received order. So
362 * we use SEQUENCE OF and tag it to SET OF 350 * we use SEQUENCE OF and tag it to SET OF
363 */ 351 */
364 352
365ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 353ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
366 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 354ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
367 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) 355 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
368ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) 356ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
369 357
370
371
372ASN1_CHOICE(CMS_ReceiptsFrom) = { 358ASN1_CHOICE(CMS_ReceiptsFrom) = {
373 ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), 359 ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
374 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) 360 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
375} ASN1_CHOICE_END(CMS_ReceiptsFrom) 361} ASN1_CHOICE_END(CMS_ReceiptsFrom)
376 362
377ASN1_SEQUENCE(CMS_ReceiptRequest) = { 363ASN1_SEQUENCE(CMS_ReceiptRequest) = {
378 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), 364 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
379 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), 365 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
380 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) 366 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
381} ASN1_SEQUENCE_END(CMS_ReceiptRequest) 367} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
382 368
383ASN1_SEQUENCE(CMS_Receipt) = { 369ASN1_SEQUENCE(CMS_Receipt) = {
384 ASN1_SIMPLE(CMS_Receipt, version, LONG), 370 ASN1_SIMPLE(CMS_Receipt, version, LONG),
385 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), 371 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
386 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), 372 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
387 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) 373 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
388} ASN1_SEQUENCE_END(CMS_Receipt) 374} ASN1_SEQUENCE_END(CMS_Receipt)
389
diff --git a/src/lib/libssl/src/crypto/cms/cms_att.c b/src/lib/libssl/src/crypto/cms/cms_att.c
index 5b71722ebc..c6bc784fb8 100644
--- a/src/lib/libssl/src/crypto/cms/cms_att.c
+++ b/src/lib/libssl/src/crypto/cms/cms_att.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -60,134 +60,150 @@
60 60
61/* CMS SignedData Attribute utilities */ 61/* CMS SignedData Attribute utilities */
62 62
63int CMS_signed_get_attr_count(const CMS_SignerInfo *si) 63int
64CMS_signed_get_attr_count(const CMS_SignerInfo *si)
64{ 65{
65 return X509at_get_attr_count(si->signedAttrs); 66 return X509at_get_attr_count(si->signedAttrs);
66} 67}
67 68
68int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 69int
69 int lastpos) 70CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
70{ 71{
71 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); 72 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
72} 73}
73 74
74int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 75int
75 int lastpos) 76CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
77 int lastpos)
76{ 78{
77 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); 79 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
78} 80}
79 81
80X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) 82X509_ATTRIBUTE *
83CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
81{ 84{
82 return X509at_get_attr(si->signedAttrs, loc); 85 return X509at_get_attr(si->signedAttrs, loc);
83} 86}
84 87
85X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) 88X509_ATTRIBUTE *
89CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
86{ 90{
87 return X509at_delete_attr(si->signedAttrs, loc); 91 return X509at_delete_attr(si->signedAttrs, loc);
88} 92}
89 93
90int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 94int
95CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
91{ 96{
92 if(X509at_add1_attr(&si->signedAttrs, attr)) return 1; 97 if (X509at_add1_attr(&si->signedAttrs, attr))
98 return 1;
93 return 0; 99 return 0;
94} 100}
95 101
96int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 102int
97 const ASN1_OBJECT *obj, int type, 103CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
98 const void *bytes, int len) 104 int type, const void *bytes, int len)
99{ 105{
100 if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, 106 if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
101 type, bytes, len)) return 1; 107 return 1;
102 return 0; 108 return 0;
103} 109}
104 110
105int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 111int
106 int nid, int type, 112CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
107 const void *bytes, int len) 113 const void *bytes, int len)
108{ 114{
109 if(X509at_add1_attr_by_NID(&si->signedAttrs, nid, 115 if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
110 type, bytes, len)) return 1; 116 return 1;
111 return 0; 117 return 0;
112} 118}
113 119
114int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, 120int
115 const char *attrname, int type, 121CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type,
116 const void *bytes, int len) 122 const void *bytes, int len)
117{ 123{
118 if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname, 124 if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type,
119 type, bytes, len)) return 1; 125 bytes, len))
126 return 1;
120 return 0; 127 return 0;
121} 128}
122 129
123void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 130void *
124 int lastpos, int type) 131CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos,
132 int type)
125{ 133{
126 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); 134 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
127} 135}
128 136
129int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) 137int
138CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
130{ 139{
131 return X509at_get_attr_count(si->unsignedAttrs); 140 return X509at_get_attr_count(si->unsignedAttrs);
132} 141}
133 142
134int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 143int
135 int lastpos) 144CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
136{ 145{
137 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); 146 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
138} 147}
139 148
140int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, 149int
141 int lastpos) 150CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
151 int lastpos)
142{ 152{
143 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); 153 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
144} 154}
145 155
146X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) 156X509_ATTRIBUTE *
157CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
147{ 158{
148 return X509at_get_attr(si->unsignedAttrs, loc); 159 return X509at_get_attr(si->unsignedAttrs, loc);
149} 160}
150 161
151X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) 162X509_ATTRIBUTE *
163CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
152{ 164{
153 return X509at_delete_attr(si->unsignedAttrs, loc); 165 return X509at_delete_attr(si->unsignedAttrs, loc);
154} 166}
155 167
156int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 168int
169CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
157{ 170{
158 if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1; 171 if (X509at_add1_attr(&si->unsignedAttrs, attr))
172 return 1;
159 return 0; 173 return 0;
160} 174}
161 175
162int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 176int
163 const ASN1_OBJECT *obj, int type, 177CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
164 const void *bytes, int len) 178 int type, const void *bytes, int len)
165{ 179{
166 if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, 180 if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
167 type, bytes, len)) return 1; 181 return 1;
168 return 0; 182 return 0;
169} 183}
170 184
171int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 185int
172 int nid, int type, 186CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
173 const void *bytes, int len) 187 const void *bytes, int len)
174{ 188{
175 if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, 189 if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
176 type, bytes, len)) return 1; 190 return 1;
177 return 0; 191 return 0;
178} 192}
179 193
180int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, 194int
181 const char *attrname, int type, 195CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
182 const void *bytes, int len) 196 int type, const void *bytes, int len)
183{ 197{
184 if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, 198 if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, type,
185 type, bytes, len)) return 1; 199 bytes, len))
200 return 1;
186 return 0; 201 return 0;
187} 202}
188 203
189void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 204void *
190 int lastpos, int type) 205CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
206 int lastpos, int type)
191{ 207{
192 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); 208 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
193} 209}
diff --git a/src/lib/libssl/src/crypto/cms/cms_cd.c b/src/lib/libssl/src/crypto/cms/cms_cd.c
index 2021688101..ec48471df2 100644
--- a/src/lib/libssl/src/crypto/cms/cms_cd.c
+++ b/src/lib/libssl/src/crypto/cms/cms_cd.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -69,19 +69,20 @@ DECLARE_ASN1_ITEM(CMS_CompressedData)
69 69
70/* CMS CompressedData Utilities */ 70/* CMS CompressedData Utilities */
71 71
72CMS_ContentInfo *cms_CompressedData_create(int comp_nid) 72CMS_ContentInfo *
73 { 73cms_CompressedData_create(int comp_nid)
74{
74 CMS_ContentInfo *cms; 75 CMS_ContentInfo *cms;
75 CMS_CompressedData *cd; 76 CMS_CompressedData *cd;
77
76 /* Will need something cleverer if there is ever more than one 78 /* Will need something cleverer if there is ever more than one
77 * compression algorithm or parameters have some meaning... 79 * compression algorithm or parameters have some meaning...
78 */ 80 */
79 if (comp_nid != NID_zlib_compression) 81 if (comp_nid != NID_zlib_compression) {
80 {
81 CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE, 82 CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
82 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 83 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
83 return NULL; 84 return NULL;
84 } 85 }
85 cms = CMS_ContentInfo_new(); 86 cms = CMS_ContentInfo_new();
86 if (!cms) 87 if (!cms)
87 return NULL; 88 return NULL;
@@ -97,40 +98,38 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
97 cd->version = 0; 98 cd->version = 0;
98 99
99 X509_ALGOR_set0(cd->compressionAlgorithm, 100 X509_ALGOR_set0(cd->compressionAlgorithm,
100 OBJ_nid2obj(NID_zlib_compression), 101 OBJ_nid2obj(NID_zlib_compression),
101 V_ASN1_UNDEF, NULL); 102 V_ASN1_UNDEF, NULL);
102 103
103 cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); 104 cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
104 105
105 return cms; 106 return cms;
106 107
107 err: 108err:
108
109 if (cms) 109 if (cms)
110 CMS_ContentInfo_free(cms); 110 CMS_ContentInfo_free(cms);
111
112 return NULL; 111 return NULL;
113 } 112}
114 113
115BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms) 114BIO *
116 { 115cms_CompressedData_init_bio(CMS_ContentInfo *cms)
116{
117 CMS_CompressedData *cd; 117 CMS_CompressedData *cd;
118 ASN1_OBJECT *compoid; 118 ASN1_OBJECT *compoid;
119 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) 119
120 { 120 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
121 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 121 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
122 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); 122 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
123 return NULL; 123 return NULL;
124 } 124 }
125 cd = cms->d.compressedData; 125 cd = cms->d.compressedData;
126 X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm); 126 X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
127 if (OBJ_obj2nid(compoid) != NID_zlib_compression) 127 if (OBJ_obj2nid(compoid) != NID_zlib_compression) {
128 {
129 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 128 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
130 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 129 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
131 return NULL; 130 return NULL;
132 }
133 return BIO_new(BIO_f_zlib());
134 } 131 }
132 return BIO_new(BIO_f_zlib());
133}
135 134
136#endif 135#endif
diff --git a/src/lib/libssl/src/crypto/cms/cms_dd.c b/src/lib/libssl/src/crypto/cms/cms_dd.c
index 8919c15be1..f115d2274b 100644
--- a/src/lib/libssl/src/crypto/cms/cms_dd.c
+++ b/src/lib/libssl/src/crypto/cms/cms_dd.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -63,10 +63,12 @@ DECLARE_ASN1_ITEM(CMS_DigestedData)
63 63
64/* CMS DigestedData Utilities */ 64/* CMS DigestedData Utilities */
65 65
66CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) 66CMS_ContentInfo *
67 { 67cms_DigestedData_create(const EVP_MD *md)
68{
68 CMS_ContentInfo *cms; 69 CMS_ContentInfo *cms;
69 CMS_DigestedData *dd; 70 CMS_DigestedData *dd;
71
70 cms = CMS_ContentInfo_new(); 72 cms = CMS_ContentInfo_new();
71 if (!cms) 73 if (!cms)
72 return NULL; 74 return NULL;
@@ -86,28 +88,30 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
86 88
87 return cms; 89 return cms;
88 90
89 err: 91err:
90
91 if (cms) 92 if (cms)
92 CMS_ContentInfo_free(cms); 93 CMS_ContentInfo_free(cms);
93
94 return NULL; 94 return NULL;
95 } 95}
96 96
97BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) 97BIO *
98 { 98cms_DigestedData_init_bio(CMS_ContentInfo *cms)
99{
99 CMS_DigestedData *dd; 100 CMS_DigestedData *dd;
101
100 dd = cms->d.digestedData; 102 dd = cms->d.digestedData;
101 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm); 103 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
102 } 104}
103 105
104int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) 106int
105 { 107cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
108{
106 EVP_MD_CTX mctx; 109 EVP_MD_CTX mctx;
107 unsigned char md[EVP_MAX_MD_SIZE]; 110 unsigned char md[EVP_MAX_MD_SIZE];
108 unsigned int mdlen; 111 unsigned int mdlen;
109 int r = 0; 112 int r = 0;
110 CMS_DigestedData *dd; 113 CMS_DigestedData *dd;
114
111 EVP_MD_CTX_init(&mctx); 115 EVP_MD_CTX_init(&mctx);
112 116
113 dd = cms->d.digestedData; 117 dd = cms->d.digestedData;
@@ -118,31 +122,26 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
118 if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) 122 if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
119 goto err; 123 goto err;
120 124
121 if (verify) 125 if (verify) {
122 { 126 if (mdlen != (unsigned int)dd->digest->length) {
123 if (mdlen != (unsigned int)dd->digest->length)
124 {
125 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 127 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
126 CMS_R_MESSAGEDIGEST_WRONG_LENGTH); 128 CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
127 goto err; 129 goto err;
128 } 130 }
129 131
130 if (memcmp(md, dd->digest->data, mdlen)) 132 if (memcmp(md, dd->digest->data, mdlen))
131 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 133 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
132 CMS_R_VERIFICATION_FAILURE); 134 CMS_R_VERIFICATION_FAILURE);
133 else 135 else
134 r = 1; 136 r = 1;
135 } 137 } else {
136 else
137 {
138 if (!ASN1_STRING_set(dd->digest, md, mdlen)) 138 if (!ASN1_STRING_set(dd->digest, md, mdlen))
139 goto err; 139 goto err;
140 r = 1; 140 r = 1;
141 } 141 }
142 142
143 err: 143err:
144 EVP_MD_CTX_cleanup(&mctx); 144 EVP_MD_CTX_cleanup(&mctx);
145 145
146 return r; 146 return r;
147 147}
148 }
diff --git a/src/lib/libssl/src/crypto/cms/cms_enc.c b/src/lib/libssl/src/crypto/cms/cms_enc.c
index 612fce6dde..75e08cdb1d 100644
--- a/src/lib/libssl/src/crypto/cms/cms_enc.c
+++ b/src/lib/libssl/src/crypto/cms/cms_enc.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,9 @@ DECLARE_ASN1_ITEM(CMS_EncryptedData)
66 66
67/* Return BIO based on EncryptedContentInfo and key */ 67/* Return BIO based on EncryptedContentInfo and key */
68 68
69BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) 69BIO *
70 { 70cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
71{
71 BIO *b; 72 BIO *b;
72 EVP_CIPHER_CTX *ctx; 73 EVP_CIPHER_CTX *ctx;
73 const EVP_CIPHER *ciph; 74 const EVP_CIPHER *ciph;
@@ -75,87 +76,72 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
75 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; 76 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
76 unsigned char *tkey = NULL; 77 unsigned char *tkey = NULL;
77 size_t tkeylen = 0; 78 size_t tkeylen = 0;
78
79 int ok = 0; 79 int ok = 0;
80
81 int enc, keep_key = 0; 80 int enc, keep_key = 0;
82 81
83 enc = ec->cipher ? 1 : 0; 82 enc = ec->cipher ? 1 : 0;
84 83
85 b = BIO_new(BIO_f_cipher()); 84 b = BIO_new(BIO_f_cipher());
86 if (!b) 85 if (!b) {
87 {
88 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 86 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
89 ERR_R_MALLOC_FAILURE); 87 ERR_R_MALLOC_FAILURE);
90 return NULL; 88 return NULL;
91 } 89 }
92 90
93 BIO_get_cipher_ctx(b, &ctx); 91 BIO_get_cipher_ctx(b, &ctx);
94 92
95 if (enc) 93 if (enc) {
96 {
97 ciph = ec->cipher; 94 ciph = ec->cipher;
98 /* If not keeping key set cipher to NULL so subsequent calls 95 /* If not keeping key set cipher to NULL so subsequent calls
99 * decrypt. 96 * decrypt.
100 */ 97 */
101 if (ec->key) 98 if (ec->key)
102 ec->cipher = NULL; 99 ec->cipher = NULL;
103 } 100 } else {
104 else
105 {
106 ciph = EVP_get_cipherbyobj(calg->algorithm); 101 ciph = EVP_get_cipherbyobj(calg->algorithm);
107 102
108 if (!ciph) 103 if (!ciph) {
109 {
110 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 104 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
111 CMS_R_UNKNOWN_CIPHER); 105 CMS_R_UNKNOWN_CIPHER);
112 goto err; 106 goto err;
113 }
114 } 107 }
108 }
115 109
116 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) 110 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
117 {
118 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 111 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
119 CMS_R_CIPHER_INITIALISATION_ERROR); 112 CMS_R_CIPHER_INITIALISATION_ERROR);
120 goto err; 113 goto err;
121 } 114 }
122 115
123 if (enc) 116 if (enc) {
124 {
125 int ivlen; 117 int ivlen;
126 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); 118 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
127 /* Generate a random IV if we need one */ 119 /* Generate a random IV if we need one */
128 ivlen = EVP_CIPHER_CTX_iv_length(ctx); 120 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
129 if (ivlen > 0) 121 if (ivlen > 0) {
130 {
131 if (RAND_pseudo_bytes(iv, ivlen) <= 0) 122 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
132 goto err; 123 goto err;
133 piv = iv; 124 piv = iv;
134 }
135 } 125 }
136 else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) 126 } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
137 {
138 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 127 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
139 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 128 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
140 goto err; 129 goto err;
141 } 130 }
142 tkeylen = EVP_CIPHER_CTX_key_length(ctx); 131 tkeylen = EVP_CIPHER_CTX_key_length(ctx);
143 /* Generate random session key */ 132 /* Generate random session key */
144 if (!enc || !ec->key) 133 if (!enc || !ec->key) {
145 {
146 tkey = malloc(tkeylen); 134 tkey = malloc(tkeylen);
147 if (!tkey) 135 if (!tkey) {
148 {
149 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 136 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
150 ERR_R_MALLOC_FAILURE); 137 ERR_R_MALLOC_FAILURE);
151 goto err; 138 goto err;
152 } 139 }
153 if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0) 140 if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
154 goto err; 141 goto err;
155 } 142 }
156 143
157 if (!ec->key) 144 if (!ec->key) {
158 {
159 ec->key = tkey; 145 ec->key = tkey;
160 ec->keylen = tkeylen; 146 ec->keylen = tkeylen;
161 tkey = NULL; 147 tkey = NULL;
@@ -163,25 +149,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
163 keep_key = 1; 149 keep_key = 1;
164 else 150 else
165 ERR_clear_error(); 151 ERR_clear_error();
166
167 }
168 152
169 if (ec->keylen != tkeylen) 153 }
170 { 154
155 if (ec->keylen != tkeylen) {
171 /* If necessary set key length */ 156 /* If necessary set key length */
172 if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) 157 if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
173 {
174 /* Only reveal failure if debugging so we don't 158 /* Only reveal failure if debugging so we don't
175 * leak information which may be useful in MMA. 159 * leak information which may be useful in MMA.
176 */ 160 */
177 if (enc || ec->debug) 161 if (enc || ec->debug) {
178 {
179 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 162 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
180 CMS_R_INVALID_KEY_LENGTH); 163 CMS_R_INVALID_KEY_LENGTH);
181 goto err; 164 goto err;
182 } 165 } else {
183 else
184 {
185 /* Use random key */ 166 /* Use random key */
186 OPENSSL_cleanse(ec->key, ec->keylen); 167 OPENSSL_cleanse(ec->key, ec->keylen);
187 free(ec->key); 168 free(ec->key);
@@ -189,106 +170,98 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
189 ec->keylen = tkeylen; 170 ec->keylen = tkeylen;
190 tkey = NULL; 171 tkey = NULL;
191 ERR_clear_error(); 172 ERR_clear_error();
192 }
193 } 173 }
194 } 174 }
175 }
195 176
196 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) 177 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
197 {
198 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 178 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
199 CMS_R_CIPHER_INITIALISATION_ERROR); 179 CMS_R_CIPHER_INITIALISATION_ERROR);
200 goto err; 180 goto err;
201 } 181 }
202 182
203 if (piv) 183 if (piv) {
204 {
205 calg->parameter = ASN1_TYPE_new(); 184 calg->parameter = ASN1_TYPE_new();
206 if (!calg->parameter) 185 if (!calg->parameter) {
207 {
208 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 186 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
209 ERR_R_MALLOC_FAILURE); 187 ERR_R_MALLOC_FAILURE);
210 goto err; 188 goto err;
211 } 189 }
212 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) 190 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
213 {
214 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 191 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
215 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 192 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
216 goto err; 193 goto err;
217 }
218 } 194 }
195 }
219 ok = 1; 196 ok = 1;
220 197
221 err: 198err:
222 if (ec->key && !keep_key) 199 if (ec->key && !keep_key) {
223 {
224 OPENSSL_cleanse(ec->key, ec->keylen); 200 OPENSSL_cleanse(ec->key, ec->keylen);
225 free(ec->key); 201 free(ec->key);
226 ec->key = NULL; 202 ec->key = NULL;
227 } 203 }
228 if (tkey) 204 if (tkey) {
229 {
230 OPENSSL_cleanse(tkey, tkeylen); 205 OPENSSL_cleanse(tkey, tkeylen);
231 free(tkey); 206 free(tkey);
232 } 207 }
233 if (ok) 208 if (ok)
234 return b; 209 return b;
235 BIO_free(b); 210 BIO_free(b);
236 return NULL; 211 return NULL;
237 } 212}
238 213
239int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 214int
240 const EVP_CIPHER *cipher, 215cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
241 const unsigned char *key, size_t keylen) 216 const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen)
242 { 217{
243 ec->cipher = cipher; 218 ec->cipher = cipher;
244 if (key) 219 if (key) {
245 {
246 ec->key = malloc(keylen); 220 ec->key = malloc(keylen);
247 if (!ec->key) 221 if (!ec->key)
248 return 0; 222 return 0;
249 memcpy(ec->key, key, keylen); 223 memcpy(ec->key, key, keylen);
250 } 224 }
251 ec->keylen = keylen; 225 ec->keylen = keylen;
252 if (cipher) 226 if (cipher)
253 ec->contentType = OBJ_nid2obj(NID_pkcs7_data); 227 ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
254 return 1; 228 return 1;
255 } 229}
256 230
257int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, 231int
258 const unsigned char *key, size_t keylen) 232CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
259 { 233 const unsigned char *key, size_t keylen)
234{
260 CMS_EncryptedContentInfo *ec; 235 CMS_EncryptedContentInfo *ec;
261 if (!key || !keylen) 236
262 { 237 if (!key || !keylen) {
263 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY); 238 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
264 return 0; 239 return 0;
265 } 240 }
266 if (ciph) 241 if (ciph) {
267 {
268 cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData); 242 cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
269 if (!cms->d.encryptedData) 243 if (!cms->d.encryptedData) {
270 {
271 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 244 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
272 ERR_R_MALLOC_FAILURE); 245 ERR_R_MALLOC_FAILURE);
273 return 0; 246 return 0;
274 } 247 }
275 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted); 248 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
276 cms->d.encryptedData->version = 0; 249 cms->d.encryptedData->version = 0;
277 } 250 } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
278 else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
279 {
280 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 251 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
281 CMS_R_NOT_ENCRYPTED_DATA); 252 CMS_R_NOT_ENCRYPTED_DATA);
282 return 0; 253 return 0;
283 } 254 }
284 ec = cms->d.encryptedData->encryptedContentInfo; 255 ec = cms->d.encryptedData->encryptedContentInfo;
285 return cms_EncryptedContent_init(ec, ciph, key, keylen); 256 return cms_EncryptedContent_init(ec, ciph, key, keylen);
286 } 257}
287 258
288BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms) 259BIO *
289 { 260cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
261{
290 CMS_EncryptedData *enc = cms->d.encryptedData; 262 CMS_EncryptedData *enc = cms->d.encryptedData;
263
291 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) 264 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
292 enc->version = 2; 265 enc->version = 2;
293 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo); 266 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
294 } 267}
diff --git a/src/lib/libssl/src/crypto/cms/cms_env.c b/src/lib/libssl/src/crypto/cms/cms_env.c
index 5e6e7033b2..a274e26226 100644
--- a/src/lib/libssl/src/crypto/cms/cms_env.c
+++ b/src/lib/libssl/src/crypto/cms/cms_env.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -71,56 +71,59 @@ DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
71 71
72DECLARE_STACK_OF(CMS_RecipientInfo) 72DECLARE_STACK_OF(CMS_RecipientInfo)
73 73
74CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) 74CMS_EnvelopedData *
75 { 75cms_get0_enveloped(CMS_ContentInfo *cms)
76 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) 76{
77 { 77 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
78 CMSerr(CMS_F_CMS_GET0_ENVELOPED, 78 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
79 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); 79 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
80 return NULL; 80 return NULL;
81 }
82 return cms->d.envelopedData;
83 } 81 }
82 return cms->d.envelopedData;
83}
84 84
85static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) 85static CMS_EnvelopedData *
86 { 86cms_enveloped_data_init(CMS_ContentInfo *cms)
87 if (cms->d.other == NULL) 87{
88 { 88 if (cms->d.other == NULL) {
89 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); 89 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
90 if (!cms->d.envelopedData) 90 if (!cms->d.envelopedData) {
91 {
92 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, 91 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
93 ERR_R_MALLOC_FAILURE); 92 ERR_R_MALLOC_FAILURE);
94 return NULL; 93 return NULL;
95 } 94 }
96 cms->d.envelopedData->version = 0; 95 cms->d.envelopedData->version = 0;
97 cms->d.envelopedData->encryptedContentInfo->contentType = 96 cms->d.envelopedData->encryptedContentInfo->contentType =
98 OBJ_nid2obj(NID_pkcs7_data); 97 OBJ_nid2obj(NID_pkcs7_data);
99 ASN1_OBJECT_free(cms->contentType); 98 ASN1_OBJECT_free(cms->contentType);
100 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); 99 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
101 return cms->d.envelopedData; 100 return cms->d.envelopedData;
102 }
103 return cms_get0_enveloped(cms);
104 } 101 }
102 return cms_get0_enveloped(cms);
103}
105 104
106STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) 105STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
107 { 106{
108 CMS_EnvelopedData *env; 107 CMS_EnvelopedData *env;
108
109 env = cms_get0_enveloped(cms); 109 env = cms_get0_enveloped(cms);
110 if (!env) 110 if (!env)
111 return NULL; 111 return NULL;
112 return env->recipientInfos; 112 return env->recipientInfos;
113 } 113}
114 114
115int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) 115int
116 { 116CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
117{
117 return ri->type; 118 return ri->type;
118 } 119}
119 120
120CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) 121CMS_ContentInfo *
121 { 122CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
123{
122 CMS_ContentInfo *cms; 124 CMS_ContentInfo *cms;
123 CMS_EnvelopedData *env; 125 CMS_EnvelopedData *env;
126
124 cms = CMS_ContentInfo_new(); 127 cms = CMS_ContentInfo_new();
125 if (!cms) 128 if (!cms)
126 goto merr; 129 goto merr;
@@ -128,15 +131,16 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
128 if (!env) 131 if (!env)
129 goto merr; 132 goto merr;
130 if (!cms_EncryptedContent_init(env->encryptedContentInfo, 133 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
131 cipher, NULL, 0)) 134 cipher, NULL, 0))
132 goto merr; 135 goto merr;
133 return cms; 136 return cms;
134 merr: 137
138merr:
135 if (cms) 139 if (cms)
136 CMS_ContentInfo_free(cms); 140 CMS_ContentInfo_free(cms);
137 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); 141 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
138 return NULL; 142 return NULL;
139 } 143}
140 144
141/* Key Transport Recipient Info (KTRI) routines */ 145/* Key Transport Recipient Info (KTRI) routines */
142 146
@@ -144,14 +148,15 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
144 * If we ever handle key agreement will need updating. 148 * If we ever handle key agreement will need updating.
145 */ 149 */
146 150
147CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, 151CMS_RecipientInfo *
148 X509 *recip, unsigned int flags) 152CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags)
149 { 153{
150 CMS_RecipientInfo *ri = NULL; 154 CMS_RecipientInfo *ri = NULL;
151 CMS_KeyTransRecipientInfo *ktri; 155 CMS_KeyTransRecipientInfo *ktri;
152 CMS_EnvelopedData *env; 156 CMS_EnvelopedData *env;
153 EVP_PKEY *pk = NULL; 157 EVP_PKEY *pk = NULL;
154 int i, type; 158 int i, type;
159
155 env = cms_get0_enveloped(cms); 160 env = cms_get0_enveloped(cms);
156 if (!env) 161 if (!env)
157 goto err; 162 goto err;
@@ -172,26 +177,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
172 177
173 X509_check_purpose(recip, -1, -1); 178 X509_check_purpose(recip, -1, -1);
174 pk = X509_get_pubkey(recip); 179 pk = X509_get_pubkey(recip);
175 if (!pk) 180 if (!pk) {
176 {
177 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 181 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
178 CMS_R_ERROR_GETTING_PUBLIC_KEY); 182 CMS_R_ERROR_GETTING_PUBLIC_KEY);
179 goto err; 183 goto err;
180 } 184 }
181 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); 185 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
182 ktri->pkey = pk; 186 ktri->pkey = pk;
183 ktri->recip = recip; 187 ktri->recip = recip;
184 188
185 if (flags & CMS_USE_KEYID) 189 if (flags & CMS_USE_KEYID) {
186 {
187 ktri->version = 2; 190 ktri->version = 2;
188 type = CMS_RECIPINFO_KEYIDENTIFIER; 191 type = CMS_RECIPINFO_KEYIDENTIFIER;
189 } 192 } else {
190 else
191 {
192 ktri->version = 0; 193 ktri->version = 0;
193 type = CMS_RECIPINFO_ISSUER_SERIAL; 194 type = CMS_RECIPINFO_ISSUER_SERIAL;
194 } 195 }
195 196
196 /* Not a typo: RecipientIdentifier and SignerIdentifier are the 197 /* Not a typo: RecipientIdentifier and SignerIdentifier are the
197 * same structure. 198 * same structure.
@@ -200,49 +201,45 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
200 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) 201 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
201 goto err; 202 goto err;
202 203
203 if (pk->ameth && pk->ameth->pkey_ctrl) 204 if (pk->ameth && pk->ameth->pkey_ctrl) {
204 {
205 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, 205 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
206 0, ri); 206 0, ri);
207 if (i == -2) 207 if (i == -2) {
208 {
209 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 208 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
210 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 209 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
211 goto err; 210 goto err;
212 } 211 }
213 if (i <= 0) 212 if (i <= 0) {
214 {
215 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 213 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
216 CMS_R_CTRL_FAILURE); 214 CMS_R_CTRL_FAILURE);
217 goto err; 215 goto err;
218 }
219 } 216 }
217 }
220 218
221 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) 219 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
222 goto merr; 220 goto merr;
223 221
224 return ri; 222 return ri;
225 223
226 merr: 224merr:
227 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); 225 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
228 err: 226err:
229 if (ri) 227 if (ri)
230 M_ASN1_free_of(ri, CMS_RecipientInfo); 228 M_ASN1_free_of(ri, CMS_RecipientInfo);
231 return NULL; 229 return NULL;
230}
232 231
233 } 232int
234 233CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
235int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, 234 X509 **recip, X509_ALGOR **palg)
236 EVP_PKEY **pk, X509 **recip, 235{
237 X509_ALGOR **palg)
238 {
239 CMS_KeyTransRecipientInfo *ktri; 236 CMS_KeyTransRecipientInfo *ktri;
240 if (ri->type != CMS_RECIPINFO_TRANS) 237
241 { 238 if (ri->type != CMS_RECIPINFO_TRANS) {
242 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 239 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
243 CMS_R_NOT_KEY_TRANSPORT); 240 CMS_R_NOT_KEY_TRANSPORT);
244 return 0; 241 return 0;
245 } 242 }
246 243
247 ktri = ri->d.ktri; 244 ktri = ri->d.ktri;
248 245
@@ -253,53 +250,53 @@ int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
253 if (palg) 250 if (palg)
254 *palg = ktri->keyEncryptionAlgorithm; 251 *palg = ktri->keyEncryptionAlgorithm;
255 return 1; 252 return 1;
256 } 253}
257 254
258int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 255int
259 ASN1_OCTET_STRING **keyid, 256CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
260 X509_NAME **issuer, ASN1_INTEGER **sno) 257 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
261 { 258{
262 CMS_KeyTransRecipientInfo *ktri; 259 CMS_KeyTransRecipientInfo *ktri;
263 if (ri->type != CMS_RECIPINFO_TRANS) 260
264 { 261 if (ri->type != CMS_RECIPINFO_TRANS) {
265 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 262 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
266 CMS_R_NOT_KEY_TRANSPORT); 263 CMS_R_NOT_KEY_TRANSPORT);
267 return 0; 264 return 0;
268 } 265 }
269 ktri = ri->d.ktri; 266 ktri = ri->d.ktri;
270 267
271 return cms_SignerIdentifier_get0_signer_id(ktri->rid, 268 return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid,
272 keyid, issuer, sno); 269 issuer, sno);
273 } 270}
274 271
275int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) 272int
276 { 273CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
277 if (ri->type != CMS_RECIPINFO_TRANS) 274{
278 { 275 if (ri->type != CMS_RECIPINFO_TRANS) {
279 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 276 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
280 CMS_R_NOT_KEY_TRANSPORT); 277 CMS_R_NOT_KEY_TRANSPORT);
281 return -2; 278 return -2;
282 }
283 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
284 } 279 }
280 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
281}
285 282
286int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) 283int
287 { 284CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
288 if (ri->type != CMS_RECIPINFO_TRANS) 285{
289 { 286 if (ri->type != CMS_RECIPINFO_TRANS) {
290 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 287 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
291 CMS_R_NOT_KEY_TRANSPORT); 288 CMS_R_NOT_KEY_TRANSPORT);
292 return 0; 289 return 0;
293 } 290 }
294 ri->d.ktri->pkey = pkey; 291 ri->d.ktri->pkey = pkey;
295 return 1; 292 return 1;
296 } 293}
297 294
298/* Encrypt content key in key transport recipient info */ 295/* Encrypt content key in key transport recipient info */
299 296
300static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, 297static int
301 CMS_RecipientInfo *ri) 298cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
302 { 299{
303 CMS_KeyTransRecipientInfo *ktri; 300 CMS_KeyTransRecipientInfo *ktri;
304 CMS_EncryptedContentInfo *ec; 301 CMS_EncryptedContentInfo *ec;
305 EVP_PKEY_CTX *pctx = NULL; 302 EVP_PKEY_CTX *pctx = NULL;
@@ -308,12 +305,11 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
308 305
309 int ret = 0; 306 int ret = 0;
310 307
311 if (ri->type != CMS_RECIPINFO_TRANS) 308 if (ri->type != CMS_RECIPINFO_TRANS) {
312 {
313 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 309 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
314 CMS_R_NOT_KEY_TRANSPORT); 310 CMS_R_NOT_KEY_TRANSPORT);
315 return 0; 311 return 0;
316 } 312 }
317 ktri = ri->d.ktri; 313 ktri = ri->d.ktri;
318 ec = cms->d.envelopedData->encryptedContentInfo; 314 ec = cms->d.envelopedData->encryptedContentInfo;
319 315
@@ -325,23 +321,21 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
325 goto err; 321 goto err;
326 322
327 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 323 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
328 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) 324 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
329 {
330 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); 325 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
331 goto err; 326 goto err;
332 } 327 }
333 328
334 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) 329 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
335 goto err; 330 goto err;
336 331
337 ek = malloc(eklen); 332 ek = malloc(eklen);
338 333
339 if (ek == NULL) 334 if (ek == NULL) {
340 {
341 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 335 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
342 ERR_R_MALLOC_FAILURE); 336 ERR_R_MALLOC_FAILURE);
343 goto err; 337 goto err;
344 } 338 }
345 339
346 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) 340 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
347 goto err; 341 goto err;
@@ -351,33 +345,32 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
351 345
352 ret = 1; 346 ret = 1;
353 347
354 err: 348err:
355 if (pctx) 349 if (pctx)
356 EVP_PKEY_CTX_free(pctx); 350 EVP_PKEY_CTX_free(pctx);
357 free(ek); 351 free(ek);
358 return ret; 352 return ret;
359 353}
360 }
361 354
362/* Decrypt content key from KTRI */ 355/* Decrypt content key from KTRI */
363 356
364static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, 357static int
365 CMS_RecipientInfo *ri) 358cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
366 { 359{
367 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 360 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
368 EVP_PKEY_CTX *pctx = NULL; 361 EVP_PKEY_CTX *pctx = NULL;
369 unsigned char *ek = NULL; 362 unsigned char *ek = NULL;
370 size_t eklen; 363 size_t eklen;
371 int ret = 0; 364 int ret = 0;
372 CMS_EncryptedContentInfo *ec; 365 CMS_EncryptedContentInfo *ec;
366
373 ec = cms->d.envelopedData->encryptedContentInfo; 367 ec = cms->d.envelopedData->encryptedContentInfo;
374 368
375 if (ktri->pkey == NULL) 369 if (ktri->pkey == NULL) {
376 {
377 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 370 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
378 CMS_R_NO_PRIVATE_KEY); 371 CMS_R_NO_PRIVATE_KEY);
379 return 0; 372 return 0;
380 } 373 }
381 374
382 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); 375 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
383 if (!pctx) 376 if (!pctx)
@@ -387,152 +380,134 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
387 goto err; 380 goto err;
388 381
389 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 382 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
390 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) 383 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
391 {
392 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); 384 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
393 goto err; 385 goto err;
394 } 386 }
395 387
396 if (EVP_PKEY_decrypt(pctx, NULL, &eklen, 388 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
397 ktri->encryptedKey->data, 389 ktri->encryptedKey->data,
398 ktri->encryptedKey->length) <= 0) 390 ktri->encryptedKey->length) <= 0)
399 goto err; 391 goto err;
400 392
401 ek = malloc(eklen); 393 ek = malloc(eklen);
402 394
403 if (ek == NULL) 395 if (ek == NULL) {
404 {
405 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 396 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
406 ERR_R_MALLOC_FAILURE); 397 ERR_R_MALLOC_FAILURE);
407 goto err; 398 goto err;
408 } 399 }
409 400
410 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 401 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
411 ktri->encryptedKey->data, 402 ktri->encryptedKey->data,
412 ktri->encryptedKey->length) <= 0) 403 ktri->encryptedKey->length) <= 0) {
413 {
414 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); 404 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
415 goto err; 405 goto err;
416 } 406 }
417 407
418 ret = 1; 408 ret = 1;
419 409
420 if (ec->key) 410 if (ec->key) {
421 {
422 OPENSSL_cleanse(ec->key, ec->keylen); 411 OPENSSL_cleanse(ec->key, ec->keylen);
423 free(ec->key); 412 free(ec->key);
424 } 413 }
425 414
426 ec->key = ek; 415 ec->key = ek;
427 ec->keylen = eklen; 416 ec->keylen = eklen;
428 417
429 err: 418err:
430 if (pctx) 419 if (pctx)
431 EVP_PKEY_CTX_free(pctx); 420 EVP_PKEY_CTX_free(pctx);
432 if (!ret && ek) 421 if (!ret && ek)
433 free(ek); 422 free(ek);
434 423
435 return ret; 424 return ret;
436 } 425}
437 426
438/* Key Encrypted Key (KEK) RecipientInfo routines */ 427/* Key Encrypted Key (KEK) RecipientInfo routines */
439 428
440int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 429int
441 const unsigned char *id, size_t idlen) 430CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id,
442 { 431 size_t idlen)
432{
443 ASN1_OCTET_STRING tmp_os; 433 ASN1_OCTET_STRING tmp_os;
444 CMS_KEKRecipientInfo *kekri; 434 CMS_KEKRecipientInfo *kekri;
445 if (ri->type != CMS_RECIPINFO_KEK) 435
446 { 436 if (ri->type != CMS_RECIPINFO_KEK) {
447 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); 437 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
448 return -2; 438 return -2;
449 } 439 }
450 kekri = ri->d.kekri; 440 kekri = ri->d.kekri;
451 tmp_os.type = V_ASN1_OCTET_STRING; 441 tmp_os.type = V_ASN1_OCTET_STRING;
452 tmp_os.flags = 0; 442 tmp_os.flags = 0;
453 tmp_os.data = (unsigned char *)id; 443 tmp_os.data = (unsigned char *)id;
454 tmp_os.length = (int)idlen; 444 tmp_os.length = (int)idlen;
455 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); 445 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
456 } 446}
457 447
458/* For now hard code AES key wrap info */ 448/* For now hard code AES key wrap info */
459 449
460static size_t aes_wrap_keylen(int nid) 450static size_t
461 { 451aes_wrap_keylen(int nid)
462 switch (nid) 452{
463 { 453 switch (nid) {
464 case NID_id_aes128_wrap: 454 case NID_id_aes128_wrap:
465 return 16; 455 return 16;
466 456 case NID_id_aes192_wrap:
467 case NID_id_aes192_wrap: 457 return 24;
468 return 24; 458 case NID_id_aes256_wrap:
469 459 return 32;
470 case NID_id_aes256_wrap: 460 default:
471 return 32;
472
473 default:
474 return 0; 461 return 0;
475 }
476 } 462 }
463}
477 464
478CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 465CMS_RecipientInfo *
479 unsigned char *key, size_t keylen, 466CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key,
480 unsigned char *id, size_t idlen, 467 size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date,
481 ASN1_GENERALIZEDTIME *date, 468 ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType)
482 ASN1_OBJECT *otherTypeId, 469{
483 ASN1_TYPE *otherType)
484 {
485 CMS_RecipientInfo *ri = NULL; 470 CMS_RecipientInfo *ri = NULL;
486 CMS_EnvelopedData *env; 471 CMS_EnvelopedData *env;
487 CMS_KEKRecipientInfo *kekri; 472 CMS_KEKRecipientInfo *kekri;
473
488 env = cms_get0_enveloped(cms); 474 env = cms_get0_enveloped(cms);
489 if (!env) 475 if (!env)
490 goto err; 476 goto err;
491 477
492 if (nid == NID_undef) 478 if (nid == NID_undef) {
493 { 479 switch (keylen) {
494 switch (keylen) 480 case 16:
495 {
496 case 16:
497 nid = NID_id_aes128_wrap; 481 nid = NID_id_aes128_wrap;
498 break; 482 break;
499 483 case 24:
500 case 24:
501 nid = NID_id_aes192_wrap; 484 nid = NID_id_aes192_wrap;
502 break; 485 break;
503 486 case 32:
504 case 32:
505 nid = NID_id_aes256_wrap; 487 nid = NID_id_aes256_wrap;
506 break; 488 break;
507 489 default:
508 default:
509 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, 490 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
510 CMS_R_INVALID_KEY_LENGTH); 491 CMS_R_INVALID_KEY_LENGTH);
511 goto err; 492 goto err;
512 }
513
514 } 493 }
515 else 494 } else {
516 {
517
518 size_t exp_keylen = aes_wrap_keylen(nid); 495 size_t exp_keylen = aes_wrap_keylen(nid);
519 496
520 if (!exp_keylen) 497 if (!exp_keylen) {
521 {
522 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, 498 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
523 CMS_R_UNSUPPORTED_KEK_ALGORITHM); 499 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
524 goto err; 500 goto err;
525 } 501 }
526 502
527 if (keylen != exp_keylen) 503 if (keylen != exp_keylen) {
528 {
529 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, 504 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
530 CMS_R_INVALID_KEY_LENGTH); 505 CMS_R_INVALID_KEY_LENGTH);
531 goto err; 506 goto err;
532 }
533
534 } 507 }
535 508
509 }
510
536 /* Initialize recipient info */ 511 /* Initialize recipient info */
537 ri = M_ASN1_new_of(CMS_RecipientInfo); 512 ri = M_ASN1_new_of(CMS_RecipientInfo);
538 if (!ri) 513 if (!ri)
@@ -545,17 +520,15 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
545 520
546 kekri = ri->d.kekri; 521 kekri = ri->d.kekri;
547 522
548 if (otherTypeId) 523 if (otherTypeId) {
549 {
550 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); 524 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
551 if (kekri->kekid->other == NULL) 525 if (kekri->kekid->other == NULL)
552 goto merr; 526 goto merr;
553 } 527 }
554 528
555 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) 529 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
556 goto merr; 530 goto merr;
557 531
558
559 /* After this point no calls can fail */ 532 /* After this point no calls can fail */
560 533
561 kekri->version = 4; 534 kekri->version = 4;
@@ -567,85 +540,79 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
567 540
568 kekri->kekid->date = date; 541 kekri->kekid->date = date;
569 542
570 if (kekri->kekid->other) 543 if (kekri->kekid->other) {
571 {
572 kekri->kekid->other->keyAttrId = otherTypeId; 544 kekri->kekid->other->keyAttrId = otherTypeId;
573 kekri->kekid->other->keyAttr = otherType; 545 kekri->kekid->other->keyAttr = otherType;
574 } 546 }
575 547
576 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, 548 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
577 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); 549 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
578 550
579 return ri; 551 return ri;
580 552
581 merr: 553merr:
582 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); 554 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
583 err: 555err:
584 if (ri) 556 if (ri)
585 M_ASN1_free_of(ri, CMS_RecipientInfo); 557 M_ASN1_free_of(ri, CMS_RecipientInfo);
586 return NULL; 558 return NULL;
559}
587 560
588 } 561int
589 562CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
590int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, 563 ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
591 X509_ALGOR **palg, 564 ASN1_OBJECT **potherid, ASN1_TYPE **pothertype)
592 ASN1_OCTET_STRING **pid, 565{
593 ASN1_GENERALIZEDTIME **pdate,
594 ASN1_OBJECT **potherid,
595 ASN1_TYPE **pothertype)
596 {
597 CMS_KEKIdentifier *rkid; 566 CMS_KEKIdentifier *rkid;
598 if (ri->type != CMS_RECIPINFO_KEK) 567
599 { 568 if (ri->type != CMS_RECIPINFO_KEK) {
600 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); 569 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
601 return 0; 570 return 0;
602 } 571 }
603 rkid = ri->d.kekri->kekid; 572 rkid = ri->d.kekri->kekid;
604 if (palg) 573 if (palg)
605 *palg = ri->d.kekri->keyEncryptionAlgorithm; 574 *palg = ri->d.kekri->keyEncryptionAlgorithm;
606 if (pid) 575 if (pid)
607 *pid = rkid->keyIdentifier; 576 *pid = rkid->keyIdentifier;
608 if (pdate) 577 if (pdate)
609 *pdate = rkid->date; 578 *pdate = rkid->date;
610 if (potherid) 579 if (potherid) {
611 {
612 if (rkid->other) 580 if (rkid->other)
613 *potherid = rkid->other->keyAttrId; 581 *potherid = rkid->other->keyAttrId;
614 else 582 else
615 *potherid = NULL; 583 *potherid = NULL;
616 } 584 }
617 if (pothertype) 585 if (pothertype) {
618 {
619 if (rkid->other) 586 if (rkid->other)
620 *pothertype = rkid->other->keyAttr; 587 *pothertype = rkid->other->keyAttr;
621 else 588 else
622 *pothertype = NULL; 589 *pothertype = NULL;
623 }
624 return 1;
625 } 590 }
591 return 1;
592}
626 593
627int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 594int
628 unsigned char *key, size_t keylen) 595CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
629 { 596 size_t keylen)
597{
630 CMS_KEKRecipientInfo *kekri; 598 CMS_KEKRecipientInfo *kekri;
631 if (ri->type != CMS_RECIPINFO_KEK) 599
632 { 600 if (ri->type != CMS_RECIPINFO_KEK) {
633 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); 601 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
634 return 0; 602 return 0;
635 } 603 }
636 604
637 kekri = ri->d.kekri; 605 kekri = ri->d.kekri;
638 kekri->key = key; 606 kekri->key = key;
639 kekri->keylen = keylen; 607 kekri->keylen = keylen;
640 return 1; 608 return 1;
641 } 609}
642
643 610
644/* Encrypt content key in KEK recipient info */ 611/* Encrypt content key in KEK recipient info */
645 612
646static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, 613static int
647 CMS_RecipientInfo *ri) 614cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
648 { 615{
649 CMS_EncryptedContentInfo *ec; 616 CMS_EncryptedContentInfo *ec;
650 CMS_KEKRecipientInfo *kekri; 617 CMS_KEKRecipientInfo *kekri;
651 AES_KEY actx; 618 AES_KEY actx;
@@ -657,55 +624,49 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
657 624
658 kekri = ri->d.kekri; 625 kekri = ri->d.kekri;
659 626
660 if (!kekri->key) 627 if (!kekri->key) {
661 {
662 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY); 628 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
663 return 0; 629 return 0;
664 } 630 }
665 631
666 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) 632 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
667 {
668 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 633 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
669 CMS_R_ERROR_SETTING_KEY); 634 CMS_R_ERROR_SETTING_KEY);
670 goto err; 635 goto err;
671 } 636 }
672 637
673 wkey = malloc(ec->keylen + 8); 638 wkey = malloc(ec->keylen + 8);
674 639
675 if (!wkey) 640 if (!wkey) {
676 {
677 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 641 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
678 ERR_R_MALLOC_FAILURE); 642 ERR_R_MALLOC_FAILURE);
679 goto err; 643 goto err;
680 } 644 }
681 645
682 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); 646 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
683 647
684 if (wkeylen <= 0) 648 if (wkeylen <= 0) {
685 {
686 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); 649 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
687 goto err; 650 goto err;
688 } 651 }
689 652
690 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); 653 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
691 654
692 r = 1; 655 r = 1;
693 656
694 err: 657err:
695
696 if (!r && wkey) 658 if (!r && wkey)
697 free(wkey); 659 free(wkey);
698 OPENSSL_cleanse(&actx, sizeof(actx)); 660 OPENSSL_cleanse(&actx, sizeof(actx));
699 661
700 return r; 662 return r;
701 663}
702 }
703 664
704/* Decrypt content key in KEK recipient info */ 665/* Decrypt content key in KEK recipient info */
705 666
706static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, 667static int
707 CMS_RecipientInfo *ri) 668cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
708 { 669{
709 CMS_EncryptedContentInfo *ec; 670 CMS_EncryptedContentInfo *ec;
710 CMS_KEKRecipientInfo *kekri; 671 CMS_KEKRecipientInfo *kekri;
711 AES_KEY actx; 672 AES_KEY actx;
@@ -717,93 +678,83 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
717 678
718 kekri = ri->d.kekri; 679 kekri = ri->d.kekri;
719 680
720 if (!kekri->key) 681 if (!kekri->key) {
721 {
722 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY); 682 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
723 return 0; 683 return 0;
724 } 684 }
725 685
726 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); 686 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
727 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) 687 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
728 {
729 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 688 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
730 CMS_R_INVALID_KEY_LENGTH); 689 CMS_R_INVALID_KEY_LENGTH);
731 return 0; 690 return 0;
732 } 691 }
733 692
734 /* If encrypted key length is invalid don't bother */ 693 /* If encrypted key length is invalid don't bother */
735 694
736 if (kekri->encryptedKey->length < 16) 695 if (kekri->encryptedKey->length < 16) {
737 {
738 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 696 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
739 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); 697 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
740 goto err; 698 goto err;
741 } 699 }
742 700
743 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) 701 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
744 {
745 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 702 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
746 CMS_R_ERROR_SETTING_KEY); 703 CMS_R_ERROR_SETTING_KEY);
747 goto err; 704 goto err;
748 } 705 }
749 706
750 ukey = malloc(kekri->encryptedKey->length - 8); 707 ukey = malloc(kekri->encryptedKey->length - 8);
751 708
752 if (!ukey) 709 if (!ukey) {
753 {
754 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 710 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
755 ERR_R_MALLOC_FAILURE); 711 ERR_R_MALLOC_FAILURE);
756 goto err; 712 goto err;
757 } 713 }
758 714
759 ukeylen = AES_unwrap_key(&actx, NULL, ukey, 715 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
760 kekri->encryptedKey->data, 716 kekri->encryptedKey->data,
761 kekri->encryptedKey->length); 717 kekri->encryptedKey->length);
762 718
763 if (ukeylen <= 0) 719 if (ukeylen <= 0) {
764 {
765 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 720 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
766 CMS_R_UNWRAP_ERROR); 721 CMS_R_UNWRAP_ERROR);
767 goto err; 722 goto err;
768 } 723 }
769 724
770 ec->key = ukey; 725 ec->key = ukey;
771 ec->keylen = ukeylen; 726 ec->keylen = ukeylen;
772 727
773 r = 1; 728 r = 1;
774 729
775 err: 730err:
776
777 if (!r && ukey) 731 if (!r && ukey)
778 free(ukey); 732 free(ukey);
779 OPENSSL_cleanse(&actx, sizeof(actx)); 733 OPENSSL_cleanse(&actx, sizeof(actx));
780 734
781 return r; 735 return r;
736}
782 737
783 } 738int
784 739CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
785int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) 740{
786 { 741 switch (ri->type) {
787 switch(ri->type) 742 case CMS_RECIPINFO_TRANS:
788 {
789 case CMS_RECIPINFO_TRANS:
790 return cms_RecipientInfo_ktri_decrypt(cms, ri); 743 return cms_RecipientInfo_ktri_decrypt(cms, ri);
791 744 case CMS_RECIPINFO_KEK:
792 case CMS_RECIPINFO_KEK:
793 return cms_RecipientInfo_kekri_decrypt(cms, ri); 745 return cms_RecipientInfo_kekri_decrypt(cms, ri);
794 746 case CMS_RECIPINFO_PASS:
795 case CMS_RECIPINFO_PASS:
796 return cms_RecipientInfo_pwri_crypt(cms, ri, 0); 747 return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
797 748 default:
798 default:
799 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, 749 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
800 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); 750 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
801 return 0; 751 return 0;
802 }
803 } 752 }
753}
804 754
805BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) 755BIO *
806 { 756cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
757{
807 CMS_EncryptedContentInfo *ec; 758 CMS_EncryptedContentInfo *ec;
808 STACK_OF(CMS_RecipientInfo) *rinfos; 759 STACK_OF(CMS_RecipientInfo) *rinfos;
809 CMS_RecipientInfo *ri; 760 CMS_RecipientInfo *ri;
@@ -824,52 +775,47 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
824 775
825 rinfos = cms->d.envelopedData->recipientInfos; 776 rinfos = cms->d.envelopedData->recipientInfos;
826 777
827 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) 778 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
828 {
829 ri = sk_CMS_RecipientInfo_value(rinfos, i); 779 ri = sk_CMS_RecipientInfo_value(rinfos, i);
830 780
831 switch (ri->type) 781 switch (ri->type) {
832 { 782 case CMS_RECIPINFO_TRANS:
833 case CMS_RECIPINFO_TRANS:
834 r = cms_RecipientInfo_ktri_encrypt(cms, ri); 783 r = cms_RecipientInfo_ktri_encrypt(cms, ri);
835 break; 784 break;
836 785
837 case CMS_RECIPINFO_KEK: 786 case CMS_RECIPINFO_KEK:
838 r = cms_RecipientInfo_kekri_encrypt(cms, ri); 787 r = cms_RecipientInfo_kekri_encrypt(cms, ri);
839 break; 788 break;
840 789
841 case CMS_RECIPINFO_PASS: 790 case CMS_RECIPINFO_PASS:
842 r = cms_RecipientInfo_pwri_crypt(cms, ri, 1); 791 r = cms_RecipientInfo_pwri_crypt(cms, ri, 1);
843 break; 792 break;
844 793
845 default: 794 default:
846 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 795 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
847 CMS_R_UNSUPPORTED_RECIPIENT_TYPE); 796 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
848 goto err; 797 goto err;
849 } 798 }
850 799
851 if (r <= 0) 800 if (r <= 0) {
852 {
853 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 801 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
854 CMS_R_ERROR_SETTING_RECIPIENTINFO); 802 CMS_R_ERROR_SETTING_RECIPIENTINFO);
855 goto err; 803 goto err;
856 }
857 } 804 }
805 }
858 806
859 ok = 1; 807 ok = 1;
860 808
861 err: 809err:
862 ec->cipher = NULL; 810 ec->cipher = NULL;
863 if (ec->key) 811 if (ec->key) {
864 {
865 OPENSSL_cleanse(ec->key, ec->keylen); 812 OPENSSL_cleanse(ec->key, ec->keylen);
866 free(ec->key); 813 free(ec->key);
867 ec->key = NULL; 814 ec->key = NULL;
868 ec->keylen = 0; 815 ec->keylen = 0;
869 } 816 }
870 if (ok) 817 if (ok)
871 return ret; 818 return ret;
872 BIO_free(ret); 819 BIO_free(ret);
873 return NULL; 820 return NULL;
874 821}
875 }
diff --git a/src/lib/libssl/src/crypto/cms/cms_err.c b/src/lib/libssl/src/crypto/cms/cms_err.c
index 8330ead7ed..313354691a 100644
--- a/src/lib/libssl/src/crypto/cms/cms_err.c
+++ b/src/lib/libssl/src/crypto/cms/cms_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,178 +68,175 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
70 70
71static ERR_STRING_DATA CMS_str_functs[]= 71static ERR_STRING_DATA CMS_str_functs[]= {
72 { 72 {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
73{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, 73 {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
74{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, 74 {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
75{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, 75 {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), "CMS_add0_recipient_password"},
76{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), "CMS_add0_recipient_password"}, 76 {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
77{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, 77 {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
78{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, 78 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
79{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, 79 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
80{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, 80 {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
81{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, 81 {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
82{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, 82 {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"},
83{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, 83 {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
84{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, 84 {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
85{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, 85 {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
86{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, 86 {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
87{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, 87 {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
88{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, 88 {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
89{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"}, 89 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
90{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"}, 90 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
91{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"}, 91 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
92{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"}, 92 {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
93{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"}, 93 {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
94{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"}, 94 {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
95{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"}, 95 {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
96{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"}, 96 {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
97{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"}, 97 {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
98{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"}, 98 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"},
99{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"}, 99 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
100{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"}, 100 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
101{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"}, 101 {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"},
102{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"}, 102 {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
103{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, 103 {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"},
104{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, 104 {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
105{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, 105 {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
106{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, 106 {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
107{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"}, 107 {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
108{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, 108 {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
109{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, 109 {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
110{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"}, 110 {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
111{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"}, 111 {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
112{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, 112 {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
113{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, 113 {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
114{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, 114 {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
115{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"}, 115 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
116{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, 116 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
117{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, 117 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
118{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, 118 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"},
119{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, 119 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"},
120{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"}, 120 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"},
121{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, 121 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
122{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, 122 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
123{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, 123 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
124{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, 124 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
125{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"}, 125 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"},
126{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"}, 126 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
127{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"}, 127 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), "CMS_RecipientInfo_set0_password"},
128{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), "CMS_RecipientInfo_set0_password"}, 128 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
129{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, 129 {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
130{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, 130 {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
131{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, 131 {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
132{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, 132 {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
133{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, 133 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"},
134{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"}, 134 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
135{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, 135 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
136{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, 136 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
137{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, 137 {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
138{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, 138 {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
139{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, 139 {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
140{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"}, 140 {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
141{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, 141 {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
142{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, 142 {0, NULL}
143{0,NULL} 143};
144 };
145 144
146static ERR_STRING_DATA CMS_str_reasons[]= 145static ERR_STRING_DATA CMS_str_reasons[]= {
147 { 146 {ERR_REASON(CMS_R_ADD_SIGNER_ERROR) , "add signer error"},
148{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"}, 147 {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT), "certificate already present"},
149{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"}, 148 {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
150{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"}, 149 {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
151{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, 150 {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR), "cipher initialisation error"},
152{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"}, 151 {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), "cipher parameter initialisation error"},
153{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"}, 152 {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) , "cms datafinal error"},
154{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"}, 153 {ERR_REASON(CMS_R_CMS_LIB) , "cms lib"},
155{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"}, 154 {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH), "contentidentifier mismatch"},
156{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"}, 155 {ERR_REASON(CMS_R_CONTENT_NOT_FOUND) , "content not found"},
157{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"}, 156 {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) , "content type mismatch"},
158{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"}, 157 {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), "content type not compressed data"},
159{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"}, 158 {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), "content type not enveloped data"},
160{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"}, 159 {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), "content type not signed data"},
161{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"}, 160 {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) , "content verify error"},
162{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"}, 161 {ERR_REASON(CMS_R_CTRL_ERROR) , "ctrl error"},
163{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"}, 162 {ERR_REASON(CMS_R_CTRL_FAILURE) , "ctrl failure"},
164{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"}, 163 {ERR_REASON(CMS_R_DECRYPT_ERROR) , "decrypt error"},
165{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"}, 164 {ERR_REASON(CMS_R_DIGEST_ERROR) , "digest error"},
166{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"}, 165 {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
167{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"}, 166 {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), "error reading messagedigest attribute"},
168{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"}, 167 {ERR_REASON(CMS_R_ERROR_SETTING_KEY) , "error setting key"},
169{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"}, 168 {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO), "error setting recipientinfo"},
170{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"}, 169 {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), "invalid encrypted key length"},
171{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"}, 170 {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), "invalid key encryption parameter"},
172{ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),"invalid key encryption parameter"}, 171 {ERR_REASON(CMS_R_INVALID_KEY_LENGTH) , "invalid key length"},
173{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, 172 {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) , "md bio init error"},
174{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"}, 173 {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), "messagedigest attribute wrong length"},
175{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"}, 174 {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH), "messagedigest wrong length"},
176{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"}, 175 {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) , "msgsigdigest error"},
177{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"}, 176 {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), "msgsigdigest verification failure"},
178{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"}, 177 {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH), "msgsigdigest wrong length"},
179{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"}, 178 {ERR_REASON(CMS_R_NEED_ONE_SIGNER) , "need one signer"},
180{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"}, 179 {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) , "not a signed receipt"},
181{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"}, 180 {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) , "not encrypted data"},
182{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"}, 181 {ERR_REASON(CMS_R_NOT_KEK) , "not kek"},
183{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"}, 182 {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) , "not key transport"},
184{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"}, 183 {ERR_REASON(CMS_R_NOT_PWRI) , "not pwri"},
185{ERR_REASON(CMS_R_NOT_PWRI) ,"not pwri"}, 184 {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "not supported for this key type"},
186{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"}, 185 {ERR_REASON(CMS_R_NO_CIPHER) , "no cipher"},
187{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"}, 186 {ERR_REASON(CMS_R_NO_CONTENT) , "no content"},
188{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"}, 187 {ERR_REASON(CMS_R_NO_CONTENT_TYPE) , "no content type"},
189{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"}, 188 {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) , "no default digest"},
190{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"}, 189 {ERR_REASON(CMS_R_NO_DIGEST_SET) , "no digest set"},
191{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"}, 190 {ERR_REASON(CMS_R_NO_KEY) , "no key"},
192{ERR_REASON(CMS_R_NO_KEY) ,"no key"}, 191 {ERR_REASON(CMS_R_NO_KEY_OR_CERT) , "no key or cert"},
193{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"}, 192 {ERR_REASON(CMS_R_NO_MATCHING_DIGEST) , "no matching digest"},
194{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"}, 193 {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) , "no matching recipient"},
195{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"}, 194 {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) , "no matching signature"},
196{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"}, 195 {ERR_REASON(CMS_R_NO_MSGSIGDIGEST) , "no msgsigdigest"},
197{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"}, 196 {ERR_REASON(CMS_R_NO_PASSWORD) , "no password"},
198{ERR_REASON(CMS_R_NO_PASSWORD) ,"no password"}, 197 {ERR_REASON(CMS_R_NO_PRIVATE_KEY) , "no private key"},
199{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"}, 198 {ERR_REASON(CMS_R_NO_PUBLIC_KEY) , "no public key"},
200{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"}, 199 {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) , "no receipt request"},
201{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"}, 200 {ERR_REASON(CMS_R_NO_SIGNERS) , "no signers"},
202{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"}, 201 {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
203{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, 202 {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) , "receipt decode error"},
204{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"}, 203 {ERR_REASON(CMS_R_RECIPIENT_ERROR) , "recipient error"},
205{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"}, 204 {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
206{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, 205 {ERR_REASON(CMS_R_SIGNFINAL_ERROR) , "signfinal error"},
207{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"}, 206 {ERR_REASON(CMS_R_SMIME_TEXT_ERROR) , "smime text error"},
208{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"}, 207 {ERR_REASON(CMS_R_STORE_INIT_ERROR) , "store init error"},
209{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"}, 208 {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
210{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"}, 209 {ERR_REASON(CMS_R_TYPE_NOT_DATA) , "type not data"},
211{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"}, 210 {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
212{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"}, 211 {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
213{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"}, 212 {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
214{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"}, 213 {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT), "unable to finalize context"},
215{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"}, 214 {ERR_REASON(CMS_R_UNKNOWN_CIPHER) , "unknown cipher"},
216{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"}, 215 {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
217{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"}, 216 {ERR_REASON(CMS_R_UNKNOWN_ID) , "unknown id"},
218{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"}, 217 {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"},
219{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, 218 {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
220{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, 219 {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM), "unsupported kek algorithm"},
221{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"}, 220 {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), "unsupported key encryption algorithm"},
222{ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),"unsupported key encryption algorithm"}, 221 {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"},
223{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"}, 222 {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE), "unsupported recpientinfo type"},
224{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"}, 223 {ERR_REASON(CMS_R_UNSUPPORTED_TYPE) , "unsupported type"},
225{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"}, 224 {ERR_REASON(CMS_R_UNWRAP_ERROR) , "unwrap error"},
226{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"}, 225 {ERR_REASON(CMS_R_UNWRAP_FAILURE) , "unwrap failure"},
227{ERR_REASON(CMS_R_UNWRAP_FAILURE) ,"unwrap failure"}, 226 {ERR_REASON(CMS_R_VERIFICATION_FAILURE) , "verification failure"},
228{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"}, 227 {ERR_REASON(CMS_R_WRAP_ERROR) , "wrap error"},
229{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"}, 228 {0, NULL}
230{0,NULL} 229};
231 };
232 230
233#endif 231#endif
234 232
235void ERR_load_CMS_strings(void) 233void
236 { 234ERR_load_CMS_strings(void)
235{
237#ifndef OPENSSL_NO_ERR 236#ifndef OPENSSL_NO_ERR
238 237 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
239 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) 238 ERR_load_strings(0, CMS_str_functs);
240 { 239 ERR_load_strings(0, CMS_str_reasons);
241 ERR_load_strings(0,CMS_str_functs);
242 ERR_load_strings(0,CMS_str_reasons);
243 }
244#endif
245 } 240 }
241#endif
242}
diff --git a/src/lib/libssl/src/crypto/cms/cms_ess.c b/src/lib/libssl/src/crypto/cms/cms_ess.c
index 8dbd56ef2b..6868edaaed 100644
--- a/src/lib/libssl/src/crypto/cms/cms_ess.c
+++ b/src/lib/libssl/src/crypto/cms/cms_ess.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -67,15 +67,17 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
67 67
68/* ESS services: for now just Signed Receipt related */ 68/* ESS services: for now just Signed Receipt related */
69 69
70int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) 70int
71 { 71CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
72{
72 ASN1_STRING *str; 73 ASN1_STRING *str;
73 CMS_ReceiptRequest *rr = NULL; 74 CMS_ReceiptRequest *rr = NULL;
75
74 if (prr) 76 if (prr)
75 *prr = NULL; 77 *prr = NULL;
76 str = CMS_signed_get0_data_by_OBJ(si, 78 str = CMS_signed_get0_data_by_OBJ(si,
77 OBJ_nid2obj(NID_id_smime_aa_receiptRequest), 79 OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
78 -3, V_ASN1_SEQUENCE); 80 -3, V_ASN1_SEQUENCE);
79 if (!str) 81 if (!str)
80 return 0; 82 return 0;
81 83
@@ -87,13 +89,12 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
87 else 89 else
88 CMS_ReceiptRequest_free(rr); 90 CMS_ReceiptRequest_free(rr);
89 return 1; 91 return 1;
90 } 92}
91 93
92CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, 94CMS_ReceiptRequest *
93 int allorfirst, 95CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
94 STACK_OF(GENERAL_NAMES) *receiptList, 96 STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
95 STACK_OF(GENERAL_NAMES) *receiptsTo) 97{
96 {
97 CMS_ReceiptRequest *rr = NULL; 98 CMS_ReceiptRequest *rr = NULL;
98 99
99 rr = CMS_ReceiptRequest_new(); 100 rr = CMS_ReceiptRequest_new();
@@ -101,44 +102,38 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
101 goto merr; 102 goto merr;
102 if (id) 103 if (id)
103 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); 104 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
104 else 105 else {
105 {
106 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) 106 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
107 goto merr; 107 goto merr;
108 if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) 108 if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
109 <= 0) 109 <= 0)
110 goto err; 110 goto err;
111 } 111 }
112 112
113 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free); 113 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
114 rr->receiptsTo = receiptsTo; 114 rr->receiptsTo = receiptsTo;
115 115
116 if (receiptList) 116 if (receiptList) {
117 {
118 rr->receiptsFrom->type = 1; 117 rr->receiptsFrom->type = 1;
119 rr->receiptsFrom->d.receiptList = receiptList; 118 rr->receiptsFrom->d.receiptList = receiptList;
120 } 119 } else {
121 else
122 {
123 rr->receiptsFrom->type = 0; 120 rr->receiptsFrom->type = 0;
124 rr->receiptsFrom->d.allOrFirstTier = allorfirst; 121 rr->receiptsFrom->d.allOrFirstTier = allorfirst;
125 } 122 }
126 123
127 return rr; 124 return rr;
128 125
129 merr: 126merr:
130 CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE); 127 CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
131 128err:
132 err:
133 if (rr) 129 if (rr)
134 CMS_ReceiptRequest_free(rr); 130 CMS_ReceiptRequest_free(rr);
135
136 return NULL; 131 return NULL;
137 132}
138 }
139 133
140int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) 134int
141 { 135CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
136{
142 unsigned char *rrder = NULL; 137 unsigned char *rrder = NULL;
143 int rrderlen, r = 0; 138 int rrderlen, r = 0;
144 139
@@ -147,86 +142,81 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
147 goto merr; 142 goto merr;
148 143
149 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, 144 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
150 V_ASN1_SEQUENCE, rrder, rrderlen)) 145 V_ASN1_SEQUENCE, rrder, rrderlen))
151 goto merr; 146 goto merr;
152 147
153 r = 1; 148 r = 1;
154 149
155 merr: 150merr:
156 if (!r) 151 if (!r)
157 CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); 152 CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
158
159 free(rrder); 153 free(rrder);
160
161 return r; 154 return r;
162 155}
163 }
164 156
165void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, 157void
166 ASN1_STRING **pcid, 158CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
167 int *pallorfirst, 159 int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
168 STACK_OF(GENERAL_NAMES) **plist, 160 STACK_OF(GENERAL_NAMES) **prto)
169 STACK_OF(GENERAL_NAMES) **prto) 161{
170 {
171 if (pcid) 162 if (pcid)
172 *pcid = rr->signedContentIdentifier; 163 *pcid = rr->signedContentIdentifier;
173 if (rr->receiptsFrom->type == 0) 164 if (rr->receiptsFrom->type == 0) {
174 {
175 if (pallorfirst) 165 if (pallorfirst)
176 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier; 166 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
177 if (plist) 167 if (plist)
178 *plist = NULL; 168 *plist = NULL;
179 } 169 } else {
180 else
181 {
182 if (pallorfirst) 170 if (pallorfirst)
183 *pallorfirst = -1; 171 *pallorfirst = -1;
184 if (plist) 172 if (plist)
185 *plist = rr->receiptsFrom->d.receiptList; 173 *plist = rr->receiptsFrom->d.receiptList;
186 } 174 }
187 if (prto) 175 if (prto)
188 *prto = rr->receiptsTo; 176 *prto = rr->receiptsTo;
189 } 177}
190 178
191/* Digest a SignerInfo structure for msgSigDigest attribute processing */ 179/* Digest a SignerInfo structure for msgSigDigest attribute processing */
192 180
193static int cms_msgSigDigest(CMS_SignerInfo *si, 181static int
194 unsigned char *dig, unsigned int *diglen) 182cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen)
195 { 183{
196 const EVP_MD *md; 184 const EVP_MD *md;
185
197 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 186 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
198 if (md == NULL) 187 if (md == NULL)
199 return 0; 188 return 0;
200 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, 189 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
201 si->signedAttrs, dig, diglen)) 190 si->signedAttrs, dig, diglen))
202 return 0; 191 return 0;
203 return 1; 192 return 1;
204 } 193}
205 194
206/* Add a msgSigDigest attribute to a SignerInfo */ 195/* Add a msgSigDigest attribute to a SignerInfo */
207 196
208int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) 197int
209 { 198cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
199{
210 unsigned char dig[EVP_MAX_MD_SIZE]; 200 unsigned char dig[EVP_MAX_MD_SIZE];
211 unsigned int diglen; 201 unsigned int diglen;
212 if (!cms_msgSigDigest(src, dig, &diglen)) 202
213 { 203 if (!cms_msgSigDigest(src, dig, &diglen)) {
214 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR); 204 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
215 return 0; 205 return 0;
216 } 206 }
217 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, 207 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
218 V_ASN1_OCTET_STRING, dig, diglen)) 208 V_ASN1_OCTET_STRING, dig, diglen)) {
219 {
220 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE); 209 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
221 return 0; 210 return 0;
222 }
223 return 1;
224 } 211 }
212 return 1;
213}
225 214
226/* Verify signed receipt after it has already passed normal CMS verify */ 215/* Verify signed receipt after it has already passed normal CMS verify */
227 216
228int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) 217int
229 { 218cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
219{
230 int r = 0, i; 220 int r = 0, i;
231 CMS_ReceiptRequest *rr = NULL; 221 CMS_ReceiptRequest *rr = NULL;
232 CMS_Receipt *rct = NULL; 222 CMS_Receipt *rct = NULL;
@@ -243,138 +233,122 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
243 if (!osis || !sis) 233 if (!osis || !sis)
244 goto err; 234 goto err;
245 235
246 if (sk_CMS_SignerInfo_num(sis) != 1) 236 if (sk_CMS_SignerInfo_num(sis) != 1) {
247 {
248 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER); 237 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
249 goto err; 238 goto err;
250 } 239 }
251 240
252 /* Check receipt content type */ 241 /* Check receipt content type */
253 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) 242 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
254 {
255 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT); 243 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
256 goto err; 244 goto err;
257 } 245 }
258 246
259 /* Extract and decode receipt content */ 247 /* Extract and decode receipt content */
260 pcont = CMS_get0_content(cms); 248 pcont = CMS_get0_content(cms);
261 if (!pcont || !*pcont) 249 if (!pcont || !*pcont) {
262 {
263 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT); 250 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
264 goto err; 251 goto err;
265 } 252 }
266 253
267 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt)); 254 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
268 255
269 if (!rct) 256 if (!rct) {
270 {
271 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR); 257 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
272 goto err; 258 goto err;
273 } 259 }
274 260
275 /* Locate original request */ 261 /* Locate original request */
276 262
277 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) 263 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
278 {
279 osi = sk_CMS_SignerInfo_value(osis, i); 264 osi = sk_CMS_SignerInfo_value(osis, i);
280 if (!ASN1_STRING_cmp(osi->signature, 265 if (!ASN1_STRING_cmp(osi->signature,
281 rct->originatorSignatureValue)) 266 rct->originatorSignatureValue))
282 break; 267 break;
283 } 268 }
284 269
285 if (i == sk_CMS_SignerInfo_num(osis)) 270 if (i == sk_CMS_SignerInfo_num(osis)) {
286 {
287 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE); 271 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
288 goto err; 272 goto err;
289 } 273 }
290 274
291 si = sk_CMS_SignerInfo_value(sis, 0); 275 si = sk_CMS_SignerInfo_value(sis, 0);
292 276
293 /* Get msgSigDigest value and compare */ 277 /* Get msgSigDigest value and compare */
294 278
295 msig = CMS_signed_get0_data_by_OBJ(si, 279 msig = CMS_signed_get0_data_by_OBJ(si,
296 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), 280 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, V_ASN1_OCTET_STRING);
297 -3, V_ASN1_OCTET_STRING);
298 281
299 if (!msig) 282 if (!msig) {
300 {
301 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST); 283 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
302 goto err; 284 goto err;
303 } 285 }
304 286
305 if (!cms_msgSigDigest(osi, dig, &diglen)) 287 if (!cms_msgSigDigest(osi, dig, &diglen)) {
306 {
307 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR); 288 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
308 goto err; 289 goto err;
309 } 290 }
310 291
311 if (diglen != (unsigned int)msig->length) 292 if (diglen != (unsigned int)msig->length) {
312 { 293 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
313 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, 294 CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
314 CMS_R_MSGSIGDIGEST_WRONG_LENGTH); 295 goto err;
315 goto err; 296 }
316 }
317 297
318 if (memcmp(dig, msig->data, diglen)) 298 if (memcmp(dig, msig->data, diglen)) {
319 { 299 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
320 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, 300 CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
321 CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE); 301 goto err;
322 goto err; 302 }
323 }
324 303
325 /* Compare content types */ 304 /* Compare content types */
326 305
327 octype = CMS_signed_get0_data_by_OBJ(osi, 306 octype = CMS_signed_get0_data_by_OBJ(osi,
328 OBJ_nid2obj(NID_pkcs9_contentType), 307 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
329 -3, V_ASN1_OBJECT); 308 if (!octype) {
330 if (!octype)
331 {
332 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE); 309 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
333 goto err; 310 goto err;
334 } 311 }
335 312
336 /* Compare details in receipt request */ 313 /* Compare details in receipt request */
337 314
338 if (OBJ_cmp(octype, rct->contentType)) 315 if (OBJ_cmp(octype, rct->contentType)) {
339 {
340 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH); 316 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
341 goto err; 317 goto err;
342 } 318 }
343 319
344 /* Get original receipt request details */ 320 /* Get original receipt request details */
345 321
346 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) 322 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
347 {
348 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); 323 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
349 goto err; 324 goto err;
350 } 325 }
351 326
352 if (ASN1_STRING_cmp(rr->signedContentIdentifier, 327 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
353 rct->signedContentIdentifier)) 328 rct->signedContentIdentifier)) {
354 {
355 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, 329 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
356 CMS_R_CONTENTIDENTIFIER_MISMATCH); 330 CMS_R_CONTENTIDENTIFIER_MISMATCH);
357 goto err; 331 goto err;
358 } 332 }
359 333
360 r = 1; 334 r = 1;
361 335
362 err: 336err:
363 if (rr) 337 if (rr)
364 CMS_ReceiptRequest_free(rr); 338 CMS_ReceiptRequest_free(rr);
365 if (rct) 339 if (rct)
366 M_ASN1_free_of(rct, CMS_Receipt); 340 M_ASN1_free_of(rct, CMS_Receipt);
367 341
368 return r; 342 return r;
369 343}
370 }
371 344
372/* Encode a Receipt into an OCTET STRING read for including into content of 345/* Encode a Receipt into an OCTET STRING read for including into content of
373 * a SignedData ContentInfo. 346 * a SignedData ContentInfo.
374 */ 347 */
375 348
376ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) 349ASN1_OCTET_STRING *
377 { 350cms_encode_Receipt(CMS_SignerInfo *si)
351{
378 CMS_Receipt rct; 352 CMS_Receipt rct;
379 CMS_ReceiptRequest *rr = NULL; 353 CMS_ReceiptRequest *rr = NULL;
380 ASN1_OBJECT *ctype; 354 ASN1_OBJECT *ctype;
@@ -384,22 +358,19 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
384 358
385 /* Get original receipt request details */ 359 /* Get original receipt request details */
386 360
387 if (CMS_get1_ReceiptRequest(si, &rr) <= 0) 361 if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
388 {
389 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); 362 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
390 goto err; 363 goto err;
391 } 364 }
392 365
393 /* Get original content type */ 366 /* Get original content type */
394 367
395 ctype = CMS_signed_get0_data_by_OBJ(si, 368 ctype = CMS_signed_get0_data_by_OBJ(si,
396 OBJ_nid2obj(NID_pkcs9_contentType), 369 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
397 -3, V_ASN1_OBJECT); 370 if (!ctype) {
398 if (!ctype)
399 {
400 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE); 371 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
401 goto err; 372 goto err;
402 } 373 }
403 374
404 rct.version = 1; 375 rct.version = 1;
405 rct.contentType = ctype; 376 rct.contentType = ctype;
@@ -408,12 +379,8 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
408 379
409 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); 380 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
410 381
411 err: 382err:
412 if (rr) 383 if (rr)
413 CMS_ReceiptRequest_free(rr); 384 CMS_ReceiptRequest_free(rr);
414
415 return os; 385 return os;
416 386}
417 }
418
419
diff --git a/src/lib/libssl/src/crypto/cms/cms_io.c b/src/lib/libssl/src/crypto/cms/cms_io.c
index 1cb0264cc5..f8c1d45152 100644
--- a/src/lib/libssl/src/crypto/cms/cms_io.c
+++ b/src/lib/libssl/src/crypto/cms/cms_io.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -58,76 +58,82 @@
58#include "cms.h" 58#include "cms.h"
59#include "cms_lcl.h" 59#include "cms_lcl.h"
60 60
61int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) 61int
62 { 62CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
63{
63 ASN1_OCTET_STRING **pos; 64 ASN1_OCTET_STRING **pos;
65
64 pos = CMS_get0_content(cms); 66 pos = CMS_get0_content(cms);
65 if (!pos) 67 if (!pos)
66 return 0; 68 return 0;
67 if (!*pos) 69 if (!*pos)
68 *pos = ASN1_OCTET_STRING_new(); 70 *pos = ASN1_OCTET_STRING_new();
69 if (*pos) 71 if (*pos) {
70 {
71 (*pos)->flags |= ASN1_STRING_FLAG_NDEF; 72 (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
72 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; 73 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
73 *boundary = &(*pos)->data; 74 *boundary = &(*pos)->data;
74 return 1; 75 return 1;
75 } 76 }
76 CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE); 77 CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
77 return 0; 78 return 0;
78 } 79}
79 80
80CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) 81CMS_ContentInfo *
81 { 82d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
83{
82 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); 84 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
83 } 85}
84 86
85int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) 87int
86 { 88i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
89{
87 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); 90 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
88 } 91}
89 92
90IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) 93IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
91 94
92BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) 95BIO *
93 { 96BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
97{
94 return BIO_new_NDEF(out, (ASN1_VALUE *)cms, 98 return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
95 ASN1_ITEM_rptr(CMS_ContentInfo)); 99 ASN1_ITEM_rptr(CMS_ContentInfo));
96 } 100}
97 101
98/* CMS wrappers round generalised stream and MIME routines */ 102/* CMS wrappers round generalised stream and MIME routines */
99 103
100int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) 104int
101 { 105i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
106{
102 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags, 107 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
103 ASN1_ITEM_rptr(CMS_ContentInfo)); 108 ASN1_ITEM_rptr(CMS_ContentInfo));
104 } 109}
105 110
106int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) 111int
107 { 112PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
113{
108 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags, 114 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
109 "CMS", 115 "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
110 ASN1_ITEM_rptr(CMS_ContentInfo)); 116}
111 }
112 117
113int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) 118int
114 { 119SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
120{
115 STACK_OF(X509_ALGOR) *mdalgs; 121 STACK_OF(X509_ALGOR) *mdalgs;
116 int ctype_nid = OBJ_obj2nid(cms->contentType); 122 int ctype_nid = OBJ_obj2nid(cms->contentType);
117 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); 123 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
124
118 if (ctype_nid == NID_pkcs7_signed) 125 if (ctype_nid == NID_pkcs7_signed)
119 mdalgs = cms->d.signedData->digestAlgorithms; 126 mdalgs = cms->d.signedData->digestAlgorithms;
120 else 127 else
121 mdalgs = NULL; 128 mdalgs = NULL;
122 129
123 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, 130 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
124 ctype_nid, econt_nid, mdalgs, 131 ctype_nid, econt_nid, mdalgs, ASN1_ITEM_rptr(CMS_ContentInfo));
125 ASN1_ITEM_rptr(CMS_ContentInfo)); 132}
126 }
127 133
128CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) 134CMS_ContentInfo *
129 { 135SMIME_read_CMS(BIO *bio, BIO **bcont)
136{
130 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, 137 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
131 ASN1_ITEM_rptr(CMS_ContentInfo)); 138 ASN1_ITEM_rptr(CMS_ContentInfo));
132 } 139}
133
diff --git a/src/lib/libssl/src/crypto/cms/cms_lcl.h b/src/lib/libssl/src/crypto/cms/cms_lcl.h
index a9f9730157..3c905342f4 100644
--- a/src/lib/libssl/src/crypto/cms/cms_lcl.h
+++ b/src/lib/libssl/src/crypto/cms/cms_lcl.h
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -93,10 +93,9 @@ typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; 93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; 94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
95 95
96struct CMS_ContentInfo_st 96struct CMS_ContentInfo_st {
97 {
98 ASN1_OBJECT *contentType; 97 ASN1_OBJECT *contentType;
99 union { 98 union {
100 ASN1_OCTET_STRING *data; 99 ASN1_OCTET_STRING *data;
101 CMS_SignedData *signedData; 100 CMS_SignedData *signedData;
102 CMS_EnvelopedData *envelopedData; 101 CMS_EnvelopedData *envelopedData;
@@ -107,29 +106,26 @@ struct CMS_ContentInfo_st
107 ASN1_TYPE *other; 106 ASN1_TYPE *other;
108 /* Other types ... */ 107 /* Other types ... */
109 void *otherData; 108 void *otherData;
110 } d; 109 } d;
111 }; 110};
112 111
113struct CMS_SignedData_st 112struct CMS_SignedData_st {
114 {
115 long version; 113 long version;
116 STACK_OF(X509_ALGOR) *digestAlgorithms; 114 STACK_OF(X509_ALGOR) *digestAlgorithms;
117 CMS_EncapsulatedContentInfo *encapContentInfo; 115 CMS_EncapsulatedContentInfo *encapContentInfo;
118 STACK_OF(CMS_CertificateChoices) *certificates; 116 STACK_OF(CMS_CertificateChoices) *certificates;
119 STACK_OF(CMS_RevocationInfoChoice) *crls; 117 STACK_OF(CMS_RevocationInfoChoice) *crls;
120 STACK_OF(CMS_SignerInfo) *signerInfos; 118 STACK_OF(CMS_SignerInfo) *signerInfos;
121 }; 119};
122 120
123struct CMS_EncapsulatedContentInfo_st 121struct CMS_EncapsulatedContentInfo_st {
124 {
125 ASN1_OBJECT *eContentType; 122 ASN1_OBJECT *eContentType;
126 ASN1_OCTET_STRING *eContent; 123 ASN1_OCTET_STRING *eContent;
127 /* Set to 1 if incomplete structure only part set up */ 124 /* Set to 1 if incomplete structure only part set up */
128 int partial; 125 int partial;
129 }; 126};
130 127
131struct CMS_SignerInfo_st 128struct CMS_SignerInfo_st {
132 {
133 long version; 129 long version;
134 CMS_SignerIdentifier *sid; 130 CMS_SignerIdentifier *sid;
135 X509_ALGOR *digestAlgorithm; 131 X509_ALGOR *digestAlgorithm;
@@ -140,34 +136,30 @@ struct CMS_SignerInfo_st
140 /* Signing certificate and key */ 136 /* Signing certificate and key */
141 X509 *signer; 137 X509 *signer;
142 EVP_PKEY *pkey; 138 EVP_PKEY *pkey;
143 }; 139};
144 140
145struct CMS_SignerIdentifier_st 141struct CMS_SignerIdentifier_st {
146 {
147 int type; 142 int type;
148 union { 143 union {
149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 144 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
150 ASN1_OCTET_STRING *subjectKeyIdentifier; 145 ASN1_OCTET_STRING *subjectKeyIdentifier;
151 } d; 146 } d;
152 }; 147};
153 148
154struct CMS_EnvelopedData_st 149struct CMS_EnvelopedData_st {
155 {
156 long version; 150 long version;
157 CMS_OriginatorInfo *originatorInfo; 151 CMS_OriginatorInfo *originatorInfo;
158 STACK_OF(CMS_RecipientInfo) *recipientInfos; 152 STACK_OF(CMS_RecipientInfo) *recipientInfos;
159 CMS_EncryptedContentInfo *encryptedContentInfo; 153 CMS_EncryptedContentInfo *encryptedContentInfo;
160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 154 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
161 }; 155};
162 156
163struct CMS_OriginatorInfo_st 157struct CMS_OriginatorInfo_st {
164 {
165 STACK_OF(CMS_CertificateChoices) *certificates; 158 STACK_OF(CMS_CertificateChoices) *certificates;
166 STACK_OF(CMS_RevocationInfoChoice) *crls; 159 STACK_OF(CMS_RevocationInfoChoice) *crls;
167 }; 160};
168 161
169struct CMS_EncryptedContentInfo_st 162struct CMS_EncryptedContentInfo_st {
170 {
171 ASN1_OBJECT *contentType; 163 ASN1_OBJECT *contentType;
172 X509_ALGOR *contentEncryptionAlgorithm; 164 X509_ALGOR *contentEncryptionAlgorithm;
173 ASN1_OCTET_STRING *encryptedContent; 165 ASN1_OCTET_STRING *encryptedContent;
@@ -177,24 +169,22 @@ struct CMS_EncryptedContentInfo_st
177 size_t keylen; 169 size_t keylen;
178 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ 170 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
179 int debug; 171 int debug;
180 }; 172};
181 173
182struct CMS_RecipientInfo_st 174struct CMS_RecipientInfo_st {
183 { 175 int type;
184 int type; 176 union {
185 union { 177 CMS_KeyTransRecipientInfo *ktri;
186 CMS_KeyTransRecipientInfo *ktri; 178 CMS_KeyAgreeRecipientInfo *kari;
187 CMS_KeyAgreeRecipientInfo *kari; 179 CMS_KEKRecipientInfo *kekri;
188 CMS_KEKRecipientInfo *kekri;
189 CMS_PasswordRecipientInfo *pwri; 180 CMS_PasswordRecipientInfo *pwri;
190 CMS_OtherRecipientInfo *ori; 181 CMS_OtherRecipientInfo *ori;
191 } d; 182 } d;
192 }; 183};
193 184
194typedef CMS_SignerIdentifier CMS_RecipientIdentifier; 185typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
195 186
196struct CMS_KeyTransRecipientInfo_st 187struct CMS_KeyTransRecipientInfo_st {
197 {
198 long version; 188 long version;
199 CMS_RecipientIdentifier *rid; 189 CMS_RecipientIdentifier *rid;
200 X509_ALGOR *keyEncryptionAlgorithm; 190 X509_ALGOR *keyEncryptionAlgorithm;
@@ -202,107 +192,94 @@ struct CMS_KeyTransRecipientInfo_st
202 /* Recipient Key and cert */ 192 /* Recipient Key and cert */
203 X509 *recip; 193 X509 *recip;
204 EVP_PKEY *pkey; 194 EVP_PKEY *pkey;
205 }; 195};
206 196
207struct CMS_KeyAgreeRecipientInfo_st 197struct CMS_KeyAgreeRecipientInfo_st {
208 {
209 long version; 198 long version;
210 CMS_OriginatorIdentifierOrKey *originator; 199 CMS_OriginatorIdentifierOrKey *originator;
211 ASN1_OCTET_STRING *ukm; 200 ASN1_OCTET_STRING *ukm;
212 X509_ALGOR *keyEncryptionAlgorithm; 201 X509_ALGOR *keyEncryptionAlgorithm;
213 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; 202 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
214 }; 203};
215 204
216struct CMS_OriginatorIdentifierOrKey_st 205struct CMS_OriginatorIdentifierOrKey_st {
217 {
218 int type; 206 int type;
219 union { 207 union {
220 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 208 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
221 ASN1_OCTET_STRING *subjectKeyIdentifier; 209 ASN1_OCTET_STRING *subjectKeyIdentifier;
222 CMS_OriginatorPublicKey *originatorKey; 210 CMS_OriginatorPublicKey *originatorKey;
223 } d; 211 } d;
224 }; 212};
225 213
226struct CMS_OriginatorPublicKey_st 214struct CMS_OriginatorPublicKey_st {
227 {
228 X509_ALGOR *algorithm; 215 X509_ALGOR *algorithm;
229 ASN1_BIT_STRING *publicKey; 216 ASN1_BIT_STRING *publicKey;
230 }; 217};
231 218
232struct CMS_RecipientEncryptedKey_st 219struct CMS_RecipientEncryptedKey_st {
233 { 220 CMS_KeyAgreeRecipientIdentifier *rid;
234 CMS_KeyAgreeRecipientIdentifier *rid; 221 ASN1_OCTET_STRING *encryptedKey;
235 ASN1_OCTET_STRING *encryptedKey; 222};
236 };
237 223
238struct CMS_KeyAgreeRecipientIdentifier_st 224struct CMS_KeyAgreeRecipientIdentifier_st {
239 {
240 int type; 225 int type;
241 union { 226 union {
242 CMS_IssuerAndSerialNumber *issuerAndSerialNumber; 227 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
243 CMS_RecipientKeyIdentifier *rKeyId; 228 CMS_RecipientKeyIdentifier *rKeyId;
244 } d; 229 } d;
245 }; 230};
246 231
247struct CMS_RecipientKeyIdentifier_st 232struct CMS_RecipientKeyIdentifier_st {
248 { 233 ASN1_OCTET_STRING *subjectKeyIdentifier;
249 ASN1_OCTET_STRING *subjectKeyIdentifier; 234 ASN1_GENERALIZEDTIME *date;
250 ASN1_GENERALIZEDTIME *date; 235 CMS_OtherKeyAttribute *other;
251 CMS_OtherKeyAttribute *other; 236};
252 };
253 237
254struct CMS_KEKRecipientInfo_st 238struct CMS_KEKRecipientInfo_st {
255 { 239 long version;
256 long version; 240 CMS_KEKIdentifier *kekid;
257 CMS_KEKIdentifier *kekid; 241 X509_ALGOR *keyEncryptionAlgorithm;
258 X509_ALGOR *keyEncryptionAlgorithm; 242 ASN1_OCTET_STRING *encryptedKey;
259 ASN1_OCTET_STRING *encryptedKey;
260 /* Extra info: symmetric key to use */ 243 /* Extra info: symmetric key to use */
261 unsigned char *key; 244 unsigned char *key;
262 size_t keylen; 245 size_t keylen;
263 }; 246};
264 247
265struct CMS_KEKIdentifier_st 248struct CMS_KEKIdentifier_st {
266 { 249 ASN1_OCTET_STRING *keyIdentifier;
267 ASN1_OCTET_STRING *keyIdentifier; 250 ASN1_GENERALIZEDTIME *date;
268 ASN1_GENERALIZEDTIME *date; 251 CMS_OtherKeyAttribute *other;
269 CMS_OtherKeyAttribute *other; 252};
270 };
271 253
272struct CMS_PasswordRecipientInfo_st 254struct CMS_PasswordRecipientInfo_st {
273 { 255 long version;
274 long version; 256 X509_ALGOR *keyDerivationAlgorithm;
275 X509_ALGOR *keyDerivationAlgorithm; 257 X509_ALGOR *keyEncryptionAlgorithm;
276 X509_ALGOR *keyEncryptionAlgorithm; 258 ASN1_OCTET_STRING *encryptedKey;
277 ASN1_OCTET_STRING *encryptedKey;
278 /* Extra info: password to use */ 259 /* Extra info: password to use */
279 unsigned char *pass; 260 unsigned char *pass;
280 size_t passlen; 261 size_t passlen;
281 }; 262};
282 263
283struct CMS_OtherRecipientInfo_st 264struct CMS_OtherRecipientInfo_st {
284 { 265 ASN1_OBJECT *oriType;
285 ASN1_OBJECT *oriType; 266 ASN1_TYPE *oriValue;
286 ASN1_TYPE *oriValue; 267};
287 };
288 268
289struct CMS_DigestedData_st 269struct CMS_DigestedData_st {
290 {
291 long version; 270 long version;
292 X509_ALGOR *digestAlgorithm; 271 X509_ALGOR *digestAlgorithm;
293 CMS_EncapsulatedContentInfo *encapContentInfo; 272 CMS_EncapsulatedContentInfo *encapContentInfo;
294 ASN1_OCTET_STRING *digest; 273 ASN1_OCTET_STRING *digest;
295 }; 274};
296 275
297struct CMS_EncryptedData_st 276struct CMS_EncryptedData_st {
298 {
299 long version; 277 long version;
300 CMS_EncryptedContentInfo *encryptedContentInfo; 278 CMS_EncryptedContentInfo *encryptedContentInfo;
301 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; 279 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
302 }; 280};
303 281
304struct CMS_AuthenticatedData_st 282struct CMS_AuthenticatedData_st {
305 {
306 long version; 283 long version;
307 CMS_OriginatorInfo *originatorInfo; 284 CMS_OriginatorInfo *originatorInfo;
308 STACK_OF(CMS_RecipientInfo) *recipientInfos; 285 STACK_OF(CMS_RecipientInfo) *recipientInfos;
@@ -312,45 +289,41 @@ struct CMS_AuthenticatedData_st
312 STACK_OF(X509_ATTRIBUTE) *authAttrs; 289 STACK_OF(X509_ATTRIBUTE) *authAttrs;
313 ASN1_OCTET_STRING *mac; 290 ASN1_OCTET_STRING *mac;
314 STACK_OF(X509_ATTRIBUTE) *unauthAttrs; 291 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
315 }; 292};
316 293
317struct CMS_CompressedData_st 294struct CMS_CompressedData_st {
318 {
319 long version; 295 long version;
320 X509_ALGOR *compressionAlgorithm; 296 X509_ALGOR *compressionAlgorithm;
321 STACK_OF(CMS_RecipientInfo) *recipientInfos; 297 STACK_OF(CMS_RecipientInfo) *recipientInfos;
322 CMS_EncapsulatedContentInfo *encapContentInfo; 298 CMS_EncapsulatedContentInfo *encapContentInfo;
323 }; 299};
324 300
325struct CMS_RevocationInfoChoice_st 301struct CMS_RevocationInfoChoice_st {
326 {
327 int type; 302 int type;
328 union { 303 union {
329 X509_CRL *crl; 304 X509_CRL *crl;
330 CMS_OtherRevocationInfoFormat *other; 305 CMS_OtherRevocationInfoFormat *other;
331 } d; 306 } d;
332 }; 307};
333 308
334#define CMS_REVCHOICE_CRL 0 309#define CMS_REVCHOICE_CRL 0
335#define CMS_REVCHOICE_OTHER 1 310#define CMS_REVCHOICE_OTHER 1
336 311
337struct CMS_OtherRevocationInfoFormat_st 312struct CMS_OtherRevocationInfoFormat_st {
338 {
339 ASN1_OBJECT *otherRevInfoFormat; 313 ASN1_OBJECT *otherRevInfoFormat;
340 ASN1_TYPE *otherRevInfo; 314 ASN1_TYPE *otherRevInfo;
341 }; 315};
342 316
343struct CMS_CertificateChoices 317struct CMS_CertificateChoices {
344 {
345 int type; 318 int type;
346 union { 319 union {
347 X509 *certificate; 320 X509 *certificate;
348 ASN1_STRING *extendedCertificate; /* Obsolete */ 321 ASN1_STRING *extendedCertificate; /* Obsolete */
349 ASN1_STRING *v1AttrCert; /* Left encoded for now */ 322 ASN1_STRING *v1AttrCert; /* Left encoded for now */
350 ASN1_STRING *v2AttrCert; /* Left encoded for now */ 323 ASN1_STRING *v2AttrCert; /* Left encoded for now */
351 CMS_OtherCertificateFormat *other; 324 CMS_OtherCertificateFormat *other;
352 } d; 325 } d;
353 }; 326};
354 327
355#define CMS_CERTCHOICE_CERT 0 328#define CMS_CERTCHOICE_CERT 0
356#define CMS_CERTCHOICE_EXCERT 1 329#define CMS_CERTCHOICE_EXCERT 1
@@ -358,58 +331,52 @@ struct CMS_CertificateChoices
358#define CMS_CERTCHOICE_V2ACERT 3 331#define CMS_CERTCHOICE_V2ACERT 3
359#define CMS_CERTCHOICE_OTHER 4 332#define CMS_CERTCHOICE_OTHER 4
360 333
361struct CMS_OtherCertificateFormat_st 334struct CMS_OtherCertificateFormat_st {
362 {
363 ASN1_OBJECT *otherCertFormat; 335 ASN1_OBJECT *otherCertFormat;
364 ASN1_TYPE *otherCert; 336 ASN1_TYPE *otherCert;
365 }; 337};
366 338
367/* This is also defined in pkcs7.h but we duplicate it 339/* This is also defined in pkcs7.h but we duplicate it
368 * to allow the CMS code to be independent of PKCS#7 340 * to allow the CMS code to be independent of PKCS#7
369 */ 341 */
370 342
371struct CMS_IssuerAndSerialNumber_st 343struct CMS_IssuerAndSerialNumber_st {
372 {
373 X509_NAME *issuer; 344 X509_NAME *issuer;
374 ASN1_INTEGER *serialNumber; 345 ASN1_INTEGER *serialNumber;
375 }; 346};
376 347
377struct CMS_OtherKeyAttribute_st 348struct CMS_OtherKeyAttribute_st {
378 {
379 ASN1_OBJECT *keyAttrId; 349 ASN1_OBJECT *keyAttrId;
380 ASN1_TYPE *keyAttr; 350 ASN1_TYPE *keyAttr;
381 }; 351};
382 352
383/* ESS structures */ 353/* ESS structures */
384 354
385#ifdef HEADER_X509V3_H 355#ifdef HEADER_X509V3_H
386 356
387struct CMS_ReceiptRequest_st 357struct CMS_ReceiptRequest_st {
388 {
389 ASN1_OCTET_STRING *signedContentIdentifier; 358 ASN1_OCTET_STRING *signedContentIdentifier;
390 CMS_ReceiptsFrom *receiptsFrom; 359 CMS_ReceiptsFrom *receiptsFrom;
391 STACK_OF(GENERAL_NAMES) *receiptsTo; 360 STACK_OF(GENERAL_NAMES) *receiptsTo;
392 }; 361};
393 362
394 363
395struct CMS_ReceiptsFrom_st 364struct CMS_ReceiptsFrom_st {
396 {
397 int type; 365 int type;
398 union 366 union
399 { 367 {
400 long allOrFirstTier; 368 long allOrFirstTier;
401 STACK_OF(GENERAL_NAMES) *receiptList; 369 STACK_OF(GENERAL_NAMES) *receiptList;
402 } d; 370 } d;
403 }; 371};
404#endif 372#endif
405 373
406struct CMS_Receipt_st 374struct CMS_Receipt_st {
407 {
408 long version; 375 long version;
409 ASN1_OBJECT *contentType; 376 ASN1_OBJECT *contentType;
410 ASN1_OCTET_STRING *signedContentIdentifier; 377 ASN1_OCTET_STRING *signedContentIdentifier;
411 ASN1_OCTET_STRING *originatorSignatureValue; 378 ASN1_OCTET_STRING *originatorSignatureValue;
412 }; 379};
413 380
414DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) 381DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
415DECLARE_ASN1_ITEM(CMS_SignerInfo) 382DECLARE_ASN1_ITEM(CMS_SignerInfo)
@@ -438,8 +405,7 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
438int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); 405int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
439int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); 406int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
440int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 407int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
441 ASN1_OCTET_STRING **keyid, 408 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
442 X509_NAME **issuer, ASN1_INTEGER **sno);
443int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); 409int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
444 410
445CMS_ContentInfo *cms_CompressedData_create(int comp_nid); 411CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
@@ -448,13 +414,12 @@ BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
448void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); 414void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
449BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); 415BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
450int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 416int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
451 X509_ALGOR *mdalg); 417 X509_ALGOR *mdalg);
452 418
453BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); 419BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
454BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); 420BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
455int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 421int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
456 const EVP_CIPHER *cipher, 422 const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen);
457 const unsigned char *key, size_t keylen);
458 423
459int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); 424int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
460int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); 425int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
@@ -465,8 +430,8 @@ CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
465 430
466/* PWRI routines */ 431/* PWRI routines */
467int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 432int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
468 int en_de); 433 int en_de);
469 434
470#ifdef __cplusplus 435#ifdef __cplusplus
471} 436}
472#endif 437#endif
diff --git a/src/lib/libssl/src/crypto/cms/cms_lib.c b/src/lib/libssl/src/crypto/cms/cms_lib.c
index ba08279a04..66bd73c86c 100644
--- a/src/lib/libssl/src/crypto/cms/cms_lib.c
+++ b/src/lib/libssl/src/crypto/cms/cms_lib.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -68,27 +68,31 @@ DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
68DECLARE_STACK_OF(CMS_CertificateChoices) 68DECLARE_STACK_OF(CMS_CertificateChoices)
69DECLARE_STACK_OF(CMS_RevocationInfoChoice) 69DECLARE_STACK_OF(CMS_RevocationInfoChoice)
70 70
71const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms) 71const ASN1_OBJECT *
72 { 72CMS_get0_type(CMS_ContentInfo *cms)
73{
73 return cms->contentType; 74 return cms->contentType;
74 } 75}
75 76
76CMS_ContentInfo *cms_Data_create(void) 77CMS_ContentInfo *
77 { 78cms_Data_create(void)
79{
78 CMS_ContentInfo *cms; 80 CMS_ContentInfo *cms;
81
79 cms = CMS_ContentInfo_new(); 82 cms = CMS_ContentInfo_new();
80 if (cms) 83 if (cms) {
81 {
82 cms->contentType = OBJ_nid2obj(NID_pkcs7_data); 84 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
83 /* Never detached */ 85 /* Never detached */
84 CMS_set_detached(cms, 0); 86 CMS_set_detached(cms, 0);
85 }
86 return cms;
87 } 87 }
88 return cms;
89}
88 90
89BIO *cms_content_bio(CMS_ContentInfo *cms) 91BIO *
90 { 92cms_content_bio(CMS_ContentInfo *cms)
93{
91 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 94 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
95
92 if (!pos) 96 if (!pos)
93 return NULL; 97 return NULL;
94 /* If content detached data goes nowhere: create NULL BIO */ 98 /* If content detached data goes nowhere: create NULL BIO */
@@ -100,51 +104,45 @@ BIO *cms_content_bio(CMS_ContentInfo *cms)
100 return BIO_new(BIO_s_mem()); 104 return BIO_new(BIO_s_mem());
101 /* Else content was read in: return read only BIO for it */ 105 /* Else content was read in: return read only BIO for it */
102 return BIO_new_mem_buf((*pos)->data, (*pos)->length); 106 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
103 } 107}
104 108
105BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) 109BIO *
106 { 110CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
111{
107 BIO *cmsbio, *cont; 112 BIO *cmsbio, *cont;
113
108 if (icont) 114 if (icont)
109 cont = icont; 115 cont = icont;
110 else 116 else
111 cont = cms_content_bio(cms); 117 cont = cms_content_bio(cms);
112 if (!cont) 118 if (!cont) {
113 {
114 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT); 119 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
115 return NULL; 120 return NULL;
116 } 121 }
117 switch (OBJ_obj2nid(cms->contentType)) 122 switch (OBJ_obj2nid(cms->contentType)) {
118 { 123 case NID_pkcs7_data:
119
120 case NID_pkcs7_data:
121 return cont; 124 return cont;
122 125 case NID_pkcs7_signed:
123 case NID_pkcs7_signed:
124 cmsbio = cms_SignedData_init_bio(cms); 126 cmsbio = cms_SignedData_init_bio(cms);
125 break; 127 break;
126 128 case NID_pkcs7_digest:
127 case NID_pkcs7_digest:
128 cmsbio = cms_DigestedData_init_bio(cms); 129 cmsbio = cms_DigestedData_init_bio(cms);
129 break; 130 break;
130#ifdef ZLIB 131#ifdef ZLIB
131 case NID_id_smime_ct_compressedData: 132 case NID_id_smime_ct_compressedData:
132 cmsbio = cms_CompressedData_init_bio(cms); 133 cmsbio = cms_CompressedData_init_bio(cms);
133 break; 134 break;
134#endif 135#endif
135 136 case NID_pkcs7_encrypted:
136 case NID_pkcs7_encrypted:
137 cmsbio = cms_EncryptedData_init_bio(cms); 137 cmsbio = cms_EncryptedData_init_bio(cms);
138 break; 138 break;
139 139 case NID_pkcs7_enveloped:
140 case NID_pkcs7_enveloped:
141 cmsbio = cms_EnvelopedData_init_bio(cms); 140 cmsbio = cms_EnvelopedData_init_bio(cms);
142 break; 141 break;
143 142 default:
144 default:
145 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); 143 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
146 return NULL; 144 return NULL;
147 } 145 }
148 146
149 if (cmsbio) 147 if (cmsbio)
150 return BIO_push(cmsbio, cont); 148 return BIO_push(cmsbio, cont);
@@ -152,142 +150,121 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
152 if (!icont) 150 if (!icont)
153 BIO_free(cont); 151 BIO_free(cont);
154 return NULL; 152 return NULL;
153}
155 154
156 } 155int
157 156CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
158int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) 157{
159 {
160 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 158 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
159
161 if (!pos) 160 if (!pos)
162 return 0; 161 return 0;
163 /* If ebmedded content find memory BIO and set content */ 162 /* If ebmedded content find memory BIO and set content */
164 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) 163 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
165 {
166 BIO *mbio; 164 BIO *mbio;
167 unsigned char *cont; 165 unsigned char *cont;
168 long contlen; 166 long contlen;
169 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); 167 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
170 if (!mbio) 168 if (!mbio) {
171 {
172 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND); 169 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
173 return 0; 170 return 0;
174 } 171 }
175 contlen = BIO_get_mem_data(mbio, &cont); 172 contlen = BIO_get_mem_data(mbio, &cont);
176 /* Set bio as read only so its content can't be clobbered */ 173 /* Set bio as read only so its content can't be clobbered */
177 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); 174 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
178 BIO_set_mem_eof_return(mbio, 0); 175 BIO_set_mem_eof_return(mbio, 0);
179 ASN1_STRING_set0(*pos, cont, contlen); 176 ASN1_STRING_set0(*pos, cont, contlen);
180 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; 177 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
181 } 178 }
182
183 switch (OBJ_obj2nid(cms->contentType))
184 {
185 179
186 case NID_pkcs7_data: 180 switch (OBJ_obj2nid(cms->contentType)) {
187 case NID_pkcs7_enveloped: 181 case NID_pkcs7_data:
188 case NID_pkcs7_encrypted: 182 case NID_pkcs7_enveloped:
189 case NID_id_smime_ct_compressedData: 183 case NID_pkcs7_encrypted:
184 case NID_id_smime_ct_compressedData:
190 /* Nothing to do */ 185 /* Nothing to do */
191 return 1; 186 return 1;
192 187 case NID_pkcs7_signed:
193 case NID_pkcs7_signed:
194 return cms_SignedData_final(cms, cmsbio); 188 return cms_SignedData_final(cms, cmsbio);
195 189 case NID_pkcs7_digest:
196 case NID_pkcs7_digest:
197 return cms_DigestedData_do_final(cms, cmsbio, 0); 190 return cms_DigestedData_do_final(cms, cmsbio, 0);
198 191 default:
199 default:
200 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE); 192 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
201 return 0; 193 return 0;
202 }
203 } 194 }
195}
204 196
205/* Return an OCTET STRING pointer to content. This allows it to 197/* Return an OCTET STRING pointer to content. This allows it to
206 * be accessed or set later. 198 * be accessed or set later.
207 */ 199 */
208 200
209ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) 201ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
210 { 202{
211 switch (OBJ_obj2nid(cms->contentType)) 203 switch (OBJ_obj2nid(cms->contentType)) {
212 { 204 case NID_pkcs7_data:
213
214 case NID_pkcs7_data:
215 return &cms->d.data; 205 return &cms->d.data;
216 206 case NID_pkcs7_signed:
217 case NID_pkcs7_signed:
218 return &cms->d.signedData->encapContentInfo->eContent; 207 return &cms->d.signedData->encapContentInfo->eContent;
219 208 case NID_pkcs7_enveloped:
220 case NID_pkcs7_enveloped:
221 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; 209 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
222 210 case NID_pkcs7_digest:
223 case NID_pkcs7_digest:
224 return &cms->d.digestedData->encapContentInfo->eContent; 211 return &cms->d.digestedData->encapContentInfo->eContent;
225 212 case NID_pkcs7_encrypted:
226 case NID_pkcs7_encrypted:
227 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; 213 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
228 214 case NID_id_smime_ct_authData:
229 case NID_id_smime_ct_authData:
230 return &cms->d.authenticatedData->encapContentInfo->eContent; 215 return &cms->d.authenticatedData->encapContentInfo->eContent;
231 216 case NID_id_smime_ct_compressedData:
232 case NID_id_smime_ct_compressedData:
233 return &cms->d.compressedData->encapContentInfo->eContent; 217 return &cms->d.compressedData->encapContentInfo->eContent;
234 218 default:
235 default:
236 if (cms->d.other->type == V_ASN1_OCTET_STRING) 219 if (cms->d.other->type == V_ASN1_OCTET_STRING)
237 return &cms->d.other->value.octet_string; 220 return &cms->d.other->value.octet_string;
238 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); 221 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
239 return NULL; 222 return NULL;
240
241 }
242 } 223 }
224}
243 225
244/* Return an ASN1_OBJECT pointer to content type. This allows it to 226/* Return an ASN1_OBJECT pointer to content type. This allows it to
245 * be accessed or set later. 227 * be accessed or set later.
246 */ 228 */
247 229
248static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) 230static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
249 { 231{
250 switch (OBJ_obj2nid(cms->contentType)) 232 switch (OBJ_obj2nid(cms->contentType)) {
251 { 233 case NID_pkcs7_signed:
252
253 case NID_pkcs7_signed:
254 return &cms->d.signedData->encapContentInfo->eContentType; 234 return &cms->d.signedData->encapContentInfo->eContentType;
255 235 case NID_pkcs7_enveloped:
256 case NID_pkcs7_enveloped:
257 return &cms->d.envelopedData->encryptedContentInfo->contentType; 236 return &cms->d.envelopedData->encryptedContentInfo->contentType;
258 237 case NID_pkcs7_digest:
259 case NID_pkcs7_digest:
260 return &cms->d.digestedData->encapContentInfo->eContentType; 238 return &cms->d.digestedData->encapContentInfo->eContentType;
261 239 case NID_pkcs7_encrypted:
262 case NID_pkcs7_encrypted:
263 return &cms->d.encryptedData->encryptedContentInfo->contentType; 240 return &cms->d.encryptedData->encryptedContentInfo->contentType;
264 241 case NID_id_smime_ct_authData:
265 case NID_id_smime_ct_authData:
266 return &cms->d.authenticatedData->encapContentInfo->eContentType; 242 return &cms->d.authenticatedData->encapContentInfo->eContentType;
267 243 case NID_id_smime_ct_compressedData:
268 case NID_id_smime_ct_compressedData:
269 return &cms->d.compressedData->encapContentInfo->eContentType; 244 return &cms->d.compressedData->encapContentInfo->eContentType;
270 245 default:
271 default:
272 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, 246 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
273 CMS_R_UNSUPPORTED_CONTENT_TYPE); 247 CMS_R_UNSUPPORTED_CONTENT_TYPE);
274 return NULL; 248 return NULL;
275
276 }
277 } 249 }
250}
278 251
279const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) 252const ASN1_OBJECT *
280 { 253CMS_get0_eContentType(CMS_ContentInfo *cms)
254{
281 ASN1_OBJECT **petype; 255 ASN1_OBJECT **petype;
256
282 petype = cms_get0_econtent_type(cms); 257 petype = cms_get0_econtent_type(cms);
283 if (petype) 258 if (petype)
284 return *petype; 259 return *petype;
285 return NULL; 260 return NULL;
286 } 261}
287 262
288int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) 263int
289 { 264CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
265{
290 ASN1_OBJECT **petype, *etype; 266 ASN1_OBJECT **petype, *etype;
267
291 petype = cms_get0_econtent_type(cms); 268 petype = cms_get0_econtent_type(cms);
292 if (!petype) 269 if (!petype)
293 return 0; 270 return 0;
@@ -299,52 +276,54 @@ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
299 ASN1_OBJECT_free(*petype); 276 ASN1_OBJECT_free(*petype);
300 *petype = etype; 277 *petype = etype;
301 return 1; 278 return 1;
302 } 279}
303 280
304int CMS_is_detached(CMS_ContentInfo *cms) 281int
305 { 282CMS_is_detached(CMS_ContentInfo *cms)
283{
306 ASN1_OCTET_STRING **pos; 284 ASN1_OCTET_STRING **pos;
285
307 pos = CMS_get0_content(cms); 286 pos = CMS_get0_content(cms);
308 if (!pos) 287 if (!pos)
309 return -1; 288 return -1;
310 if (*pos) 289 if (*pos)
311 return 0; 290 return 0;
312 return 1; 291 return 1;
313 } 292}
314 293
315int CMS_set_detached(CMS_ContentInfo *cms, int detached) 294int
316 { 295CMS_set_detached(CMS_ContentInfo *cms, int detached)
296{
317 ASN1_OCTET_STRING **pos; 297 ASN1_OCTET_STRING **pos;
298
318 pos = CMS_get0_content(cms); 299 pos = CMS_get0_content(cms);
319 if (!pos) 300 if (!pos)
320 return 0; 301 return 0;
321 if (detached) 302 if (detached) {
322 { 303 if (*pos) {
323 if (*pos)
324 {
325 ASN1_OCTET_STRING_free(*pos); 304 ASN1_OCTET_STRING_free(*pos);
326 *pos = NULL; 305 *pos = NULL;
327 }
328 return 1;
329 } 306 }
307 return 1;
308 }
330 if (!*pos) 309 if (!*pos)
331 *pos = ASN1_OCTET_STRING_new(); 310 *pos = ASN1_OCTET_STRING_new();
332 if (*pos) 311 if (*pos) {
333 {
334 /* NB: special flag to show content is created and not 312 /* NB: special flag to show content is created and not
335 * read in. 313 * read in.
336 */ 314 */
337 (*pos)->flags |= ASN1_STRING_FLAG_CONT; 315 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
338 return 1; 316 return 1;
339 } 317 }
340 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); 318 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
341 return 0; 319 return 0;
342 } 320}
343 321
344/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ 322/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
345 323
346void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) 324void
347 { 325cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
326{
348 int param_type; 327 int param_type;
349 328
350 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) 329 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
@@ -354,91 +333,90 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
354 333
355 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); 334 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
356 335
357 } 336}
358 337
359/* Create a digest BIO from an X509_ALGOR structure */ 338/* Create a digest BIO from an X509_ALGOR structure */
360 339
361BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) 340BIO *
362 { 341cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
342{
363 BIO *mdbio = NULL; 343 BIO *mdbio = NULL;
364 ASN1_OBJECT *digestoid; 344 ASN1_OBJECT *digestoid;
365 const EVP_MD *digest; 345 const EVP_MD *digest;
346
366 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); 347 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
367 digest = EVP_get_digestbyobj(digestoid); 348 digest = EVP_get_digestbyobj(digestoid);
368 if (!digest) 349 if (!digest) {
369 {
370 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 350 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
371 CMS_R_UNKNOWN_DIGEST_ALGORIHM); 351 CMS_R_UNKNOWN_DIGEST_ALGORIHM);
372 goto err; 352 goto err;
373 } 353 }
374 mdbio = BIO_new(BIO_f_md()); 354 mdbio = BIO_new(BIO_f_md());
375 if (!mdbio || !BIO_set_md(mdbio, digest)) 355 if (!mdbio || !BIO_set_md(mdbio, digest)) {
376 {
377 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 356 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
378 CMS_R_MD_BIO_INIT_ERROR); 357 CMS_R_MD_BIO_INIT_ERROR);
379 goto err; 358 goto err;
380 } 359 }
381 return mdbio; 360 return mdbio;
382 err: 361
362err:
383 if (mdbio) 363 if (mdbio)
384 BIO_free(mdbio); 364 BIO_free(mdbio);
385 return NULL; 365 return NULL;
386 } 366}
387 367
388/* Locate a message digest content from a BIO chain based on SignerInfo */ 368/* Locate a message digest content from a BIO chain based on SignerInfo */
389 369
390int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 370int
391 X509_ALGOR *mdalg) 371cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg)
392 { 372{
393 int nid; 373 int nid;
394 ASN1_OBJECT *mdoid; 374 ASN1_OBJECT *mdoid;
375
395 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); 376 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
396 nid = OBJ_obj2nid(mdoid); 377 nid = OBJ_obj2nid(mdoid);
378
397 /* Look for digest type to match signature */ 379 /* Look for digest type to match signature */
398 for (;;) 380 for (;;) {
399 {
400 EVP_MD_CTX *mtmp; 381 EVP_MD_CTX *mtmp;
401 chain = BIO_find_type(chain, BIO_TYPE_MD); 382 chain = BIO_find_type(chain, BIO_TYPE_MD);
402 if (chain == NULL) 383 if (chain == NULL) {
403 {
404 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 384 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
405 CMS_R_NO_MATCHING_DIGEST); 385 CMS_R_NO_MATCHING_DIGEST);
406 return 0; 386 return 0;
407 } 387 }
408 BIO_get_md_ctx(chain, &mtmp); 388 BIO_get_md_ctx(chain, &mtmp);
409 if (EVP_MD_CTX_type(mtmp) == nid 389 if (EVP_MD_CTX_type(mtmp) == nid
410 /* Workaround for broken implementations that use signature 390 /* Workaround for broken implementations that use signature
411 * algorithm OID instead of digest. 391 * algorithm OID instead of digest.
412 */ 392 */ ||
413 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) 393 EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
414 return EVP_MD_CTX_copy_ex(mctx, mtmp); 394 return EVP_MD_CTX_copy_ex(mctx, mtmp);
415 chain = BIO_next(chain); 395 chain = BIO_next(chain);
416 }
417 } 396 }
397}
418 398
419static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms) 399static STACK_OF(CMS_CertificateChoices) **
420 { 400cms_get0_certificate_choices(CMS_ContentInfo *cms)
421 switch (OBJ_obj2nid(cms->contentType)) 401{
422 { 402 switch (OBJ_obj2nid(cms->contentType)) {
423 403 case NID_pkcs7_signed:
424 case NID_pkcs7_signed:
425 return &cms->d.signedData->certificates; 404 return &cms->d.signedData->certificates;
426 405 case NID_pkcs7_enveloped:
427 case NID_pkcs7_enveloped:
428 return &cms->d.envelopedData->originatorInfo->certificates; 406 return &cms->d.envelopedData->originatorInfo->certificates;
429 407 default:
430 default:
431 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 408 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
432 CMS_R_UNSUPPORTED_CONTENT_TYPE); 409 CMS_R_UNSUPPORTED_CONTENT_TYPE);
433 return NULL; 410 return NULL;
434
435 }
436 } 411 }
412}
437 413
438CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) 414CMS_CertificateChoices *
439 { 415CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
416{
440 STACK_OF(CMS_CertificateChoices) **pcerts; 417 STACK_OF(CMS_CertificateChoices) **pcerts;
441 CMS_CertificateChoices *cch; 418 CMS_CertificateChoices *cch;
419
442 pcerts = cms_get0_certificate_choices(cms); 420 pcerts = cms_get0_certificate_choices(cms);
443 if (!pcerts) 421 if (!pcerts)
444 return NULL; 422 return NULL;
@@ -449,75 +427,73 @@ CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
449 cch = M_ASN1_new_of(CMS_CertificateChoices); 427 cch = M_ASN1_new_of(CMS_CertificateChoices);
450 if (!cch) 428 if (!cch)
451 return NULL; 429 return NULL;
452 if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) 430 if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
453 {
454 M_ASN1_free_of(cch, CMS_CertificateChoices); 431 M_ASN1_free_of(cch, CMS_CertificateChoices);
455 return NULL; 432 return NULL;
456 }
457 return cch;
458 } 433 }
434 return cch;
435}
459 436
460int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) 437int
461 { 438CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
439{
462 CMS_CertificateChoices *cch; 440 CMS_CertificateChoices *cch;
463 STACK_OF(CMS_CertificateChoices) **pcerts; 441 STACK_OF(CMS_CertificateChoices) **pcerts;
464 int i; 442 int i;
443
465 pcerts = cms_get0_certificate_choices(cms); 444 pcerts = cms_get0_certificate_choices(cms);
466 if (!pcerts) 445 if (!pcerts)
467 return 0; 446 return 0;
468 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) 447 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
469 {
470 cch = sk_CMS_CertificateChoices_value(*pcerts, i); 448 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
471 if (cch->type == CMS_CERTCHOICE_CERT) 449 if (cch->type == CMS_CERTCHOICE_CERT) {
472 { 450 if (!X509_cmp(cch->d.certificate, cert)) {
473 if (!X509_cmp(cch->d.certificate, cert)) 451 CMSerr(CMS_F_CMS_ADD0_CERT,
474 { 452 CMS_R_CERTIFICATE_ALREADY_PRESENT);
475 CMSerr(CMS_F_CMS_ADD0_CERT,
476 CMS_R_CERTIFICATE_ALREADY_PRESENT);
477 return 0; 453 return 0;
478 }
479 } 454 }
480 } 455 }
456 }
481 cch = CMS_add0_CertificateChoices(cms); 457 cch = CMS_add0_CertificateChoices(cms);
482 if (!cch) 458 if (!cch)
483 return 0; 459 return 0;
484 cch->type = CMS_CERTCHOICE_CERT; 460 cch->type = CMS_CERTCHOICE_CERT;
485 cch->d.certificate = cert; 461 cch->d.certificate = cert;
486 return 1; 462 return 1;
487 } 463}
488 464
489int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) 465int
490 { 466CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
467{
491 int r; 468 int r;
469
492 r = CMS_add0_cert(cms, cert); 470 r = CMS_add0_cert(cms, cert);
493 if (r > 0) 471 if (r > 0)
494 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); 472 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
495 return r; 473 return r;
496 } 474}
497 475
498static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms) 476static STACK_OF(CMS_RevocationInfoChoice) **
499 { 477cms_get0_revocation_choices(CMS_ContentInfo *cms)
500 switch (OBJ_obj2nid(cms->contentType)) 478{
501 { 479 switch (OBJ_obj2nid(cms->contentType)) {
502 480 case NID_pkcs7_signed:
503 case NID_pkcs7_signed:
504 return &cms->d.signedData->crls; 481 return &cms->d.signedData->crls;
505 482 case NID_pkcs7_enveloped:
506 case NID_pkcs7_enveloped:
507 return &cms->d.envelopedData->originatorInfo->crls; 483 return &cms->d.envelopedData->originatorInfo->crls;
508 484 default:
509 default:
510 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, 485 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
511 CMS_R_UNSUPPORTED_CONTENT_TYPE); 486 CMS_R_UNSUPPORTED_CONTENT_TYPE);
512 return NULL; 487 return NULL;
513
514 }
515 } 488 }
489}
516 490
517CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) 491CMS_RevocationInfoChoice *
518 { 492CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
493{
519 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 494 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
520 CMS_RevocationInfoChoice *rch; 495 CMS_RevocationInfoChoice *rch;
496
521 pcrls = cms_get0_revocation_choices(cms); 497 pcrls = cms_get0_revocation_choices(cms);
522 if (!pcrls) 498 if (!pcrls)
523 return NULL; 499 return NULL;
@@ -528,95 +504,92 @@ CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
528 rch = M_ASN1_new_of(CMS_RevocationInfoChoice); 504 rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
529 if (!rch) 505 if (!rch)
530 return NULL; 506 return NULL;
531 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) 507 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
532 {
533 M_ASN1_free_of(rch, CMS_RevocationInfoChoice); 508 M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
534 return NULL; 509 return NULL;
535 }
536 return rch;
537 } 510 }
511 return rch;
512}
538 513
539int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) 514int
540 { 515CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
516{
541 CMS_RevocationInfoChoice *rch; 517 CMS_RevocationInfoChoice *rch;
518
542 rch = CMS_add0_RevocationInfoChoice(cms); 519 rch = CMS_add0_RevocationInfoChoice(cms);
543 if (!rch) 520 if (!rch)
544 return 0; 521 return 0;
545 rch->type = CMS_REVCHOICE_CRL; 522 rch->type = CMS_REVCHOICE_CRL;
546 rch->d.crl = crl; 523 rch->d.crl = crl;
547 return 1; 524 return 1;
548 } 525}
549 526
550int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) 527int
551 { 528CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
529{
552 int r; 530 int r;
531
553 r = CMS_add0_crl(cms, crl); 532 r = CMS_add0_crl(cms, crl);
554 if (r > 0) 533 if (r > 0)
555 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); 534 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
556 return r; 535 return r;
557 } 536}
558 537
559STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) 538STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
560 { 539{
561 STACK_OF(X509) *certs = NULL; 540 STACK_OF(X509) *certs = NULL;
562 CMS_CertificateChoices *cch; 541 CMS_CertificateChoices *cch;
563 STACK_OF(CMS_CertificateChoices) **pcerts; 542 STACK_OF(CMS_CertificateChoices) **pcerts;
564 int i; 543 int i;
544
565 pcerts = cms_get0_certificate_choices(cms); 545 pcerts = cms_get0_certificate_choices(cms);
566 if (!pcerts) 546 if (!pcerts)
567 return NULL; 547 return NULL;
568 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) 548 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
569 {
570 cch = sk_CMS_CertificateChoices_value(*pcerts, i); 549 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
571 if (cch->type == 0) 550 if (cch->type == 0) {
572 { 551 if (!certs) {
573 if (!certs)
574 {
575 certs = sk_X509_new_null(); 552 certs = sk_X509_new_null();
576 if (!certs) 553 if (!certs)
577 return NULL; 554 return NULL;
578 } 555 }
579 if (!sk_X509_push(certs, cch->d.certificate)) 556 if (!sk_X509_push(certs, cch->d.certificate)) {
580 {
581 sk_X509_pop_free(certs, X509_free); 557 sk_X509_pop_free(certs, X509_free);
582 return NULL; 558 return NULL;
583 }
584 CRYPTO_add(&cch->d.certificate->references,
585 1, CRYPTO_LOCK_X509);
586 } 559 }
560 CRYPTO_add(&cch->d.certificate->references,
561 1, CRYPTO_LOCK_X509);
587 } 562 }
563 }
588 return certs; 564 return certs;
589 565
590 } 566}
591 567
592STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) 568STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
593 { 569{
594 STACK_OF(X509_CRL) *crls = NULL; 570 STACK_OF(X509_CRL) *crls = NULL;
595 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 571 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
596 CMS_RevocationInfoChoice *rch; 572 CMS_RevocationInfoChoice *rch;
597 int i; 573 int i;
574
598 pcrls = cms_get0_revocation_choices(cms); 575 pcrls = cms_get0_revocation_choices(cms);
599 if (!pcrls) 576 if (!pcrls)
600 return NULL; 577 return NULL;
601 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) 578 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
602 {
603 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); 579 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
604 if (rch->type == 0) 580 if (rch->type == 0) {
605 { 581 if (!crls) {
606 if (!crls)
607 {
608 crls = sk_X509_CRL_new_null(); 582 crls = sk_X509_CRL_new_null();
609 if (!crls) 583 if (!crls)
610 return NULL; 584 return NULL;
611 } 585 }
612 if (!sk_X509_CRL_push(crls, rch->d.crl)) 586 if (!sk_X509_CRL_push(crls, rch->d.crl)) {
613 {
614 sk_X509_CRL_pop_free(crls, X509_CRL_free); 587 sk_X509_CRL_pop_free(crls, X509_CRL_free);
615 return NULL; 588 return NULL;
616 }
617 CRYPTO_add(&rch->d.crl->references,
618 1, CRYPTO_LOCK_X509_CRL);
619 } 589 }
590 CRYPTO_add(&rch->d.crl->references,
591 1, CRYPTO_LOCK_X509_CRL);
620 } 592 }
621 return crls;
622 } 593 }
594 return crls;
595}
diff --git a/src/lib/libssl/src/crypto/cms/cms_pwri.c b/src/lib/libssl/src/crypto/cms/cms_pwri.c
index 36d50f1797..1399cbd606 100644
--- a/src/lib/libssl/src/crypto/cms/cms_pwri.c
+++ b/src/lib/libssl/src/crypto/cms/cms_pwri.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,15 +62,16 @@
62#include "cms_lcl.h" 62#include "cms_lcl.h"
63#include "asn1_locl.h" 63#include "asn1_locl.h"
64 64
65int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 65int
66 unsigned char *pass, ssize_t passlen) 66CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
67 { 67 ssize_t passlen)
68{
68 CMS_PasswordRecipientInfo *pwri; 69 CMS_PasswordRecipientInfo *pwri;
69 if (ri->type != CMS_RECIPINFO_PASS) 70
70 { 71 if (ri->type != CMS_RECIPINFO_PASS) {
71 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI); 72 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
72 return 0; 73 return 0;
73 } 74 }
74 75
75 pwri = ri->d.pwri; 76 pwri = ri->d.pwri;
76 pwri->pass = pass; 77 pwri->pass = pass;
@@ -78,14 +79,13 @@ int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
78 passlen = strlen((char *)pass); 79 passlen = strlen((char *)pass);
79 pwri->passlen = passlen; 80 pwri->passlen = passlen;
80 return 1; 81 return 1;
81 } 82}
82 83
83CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, 84CMS_RecipientInfo *
84 int iter, int wrap_nid, int pbe_nid, 85CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
85 unsigned char *pass, 86 int pbe_nid, unsigned char *pass, ssize_t passlen,
86 ssize_t passlen, 87 const EVP_CIPHER *kekciph)
87 const EVP_CIPHER *kekciph) 88{
88 {
89 CMS_RecipientInfo *ri = NULL; 89 CMS_RecipientInfo *ri = NULL;
90 CMS_EnvelopedData *env; 90 CMS_EnvelopedData *env;
91 CMS_PasswordRecipientInfo *pwri; 91 CMS_PasswordRecipientInfo *pwri;
@@ -93,6 +93,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
93 X509_ALGOR *encalg = NULL; 93 X509_ALGOR *encalg = NULL;
94 unsigned char iv[EVP_MAX_IV_LENGTH]; 94 unsigned char iv[EVP_MAX_IV_LENGTH];
95 int ivlen; 95 int ivlen;
96
96 env = cms_get0_enveloped(cms); 97 env = cms_get0_enveloped(cms);
97 if (!env) 98 if (!env)
98 goto err; 99 goto err;
@@ -107,54 +108,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
107 if (kekciph == NULL) 108 if (kekciph == NULL)
108 kekciph = env->encryptedContentInfo->cipher; 109 kekciph = env->encryptedContentInfo->cipher;
109 110
110 if (kekciph == NULL) 111 if (kekciph == NULL) {
111 {
112 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER); 112 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
113 return NULL; 113 return NULL;
114 } 114 }
115 if (wrap_nid != NID_id_alg_PWRI_KEK) 115 if (wrap_nid != NID_id_alg_PWRI_KEK) {
116 {
117 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 116 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
118 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 117 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
119 return NULL; 118 return NULL;
120 } 119 }
121 120
122 /* Setup algorithm identifier for cipher */ 121 /* Setup algorithm identifier for cipher */
123 encalg = X509_ALGOR_new(); 122 encalg = X509_ALGOR_new();
124 EVP_CIPHER_CTX_init(&ctx); 123 EVP_CIPHER_CTX_init(&ctx);
125 124
126 if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) 125 if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
127 {
128 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); 126 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
129 goto err; 127 goto err;
130 } 128 }
131 129
132 ivlen = EVP_CIPHER_CTX_iv_length(&ctx); 130 ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
133 131
134 if (ivlen > 0) 132 if (ivlen > 0) {
135 {
136 if (RAND_pseudo_bytes(iv, ivlen) <= 0) 133 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
137 goto err; 134 goto err;
138 if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) 135 if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
139 {
140 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 136 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
141 ERR_R_EVP_LIB); 137 ERR_R_EVP_LIB);
142 goto err; 138 goto err;
143 } 139 }
144 encalg->parameter = ASN1_TYPE_new(); 140 encalg->parameter = ASN1_TYPE_new();
145 if (!encalg->parameter) 141 if (!encalg->parameter) {
146 {
147 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 142 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
148 ERR_R_MALLOC_FAILURE); 143 ERR_R_MALLOC_FAILURE);
149 goto err; 144 goto err;
150 } 145 }
151 if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) 146 if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
152 {
153 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 147 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
154 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 148 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
155 goto err; 149 goto err;
156 }
157 } 150 }
151 }
158 152
159 153
160 encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx)); 154 encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
@@ -182,10 +176,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
182 if (!pwri->keyEncryptionAlgorithm->parameter) 176 if (!pwri->keyEncryptionAlgorithm->parameter)
183 goto merr; 177 goto merr;
184 178
185 if(!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), 179 if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
186 &pwri->keyEncryptionAlgorithm->parameter->value.sequence)) 180 &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
187 goto merr; 181 goto merr;
188 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE; 182 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
189 183
190 X509_ALGOR_free(encalg); 184 X509_ALGOR_free(encalg);
191 encalg = NULL; 185 encalg = NULL;
@@ -205,48 +199,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
205 199
206 return ri; 200 return ri;
207 201
208 merr: 202merr:
209 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE); 203 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
210 err: 204err:
211 EVP_CIPHER_CTX_cleanup(&ctx); 205 EVP_CIPHER_CTX_cleanup(&ctx);
212 if (ri) 206 if (ri)
213 M_ASN1_free_of(ri, CMS_RecipientInfo); 207 M_ASN1_free_of(ri, CMS_RecipientInfo);
214 if (encalg) 208 if (encalg)
215 X509_ALGOR_free(encalg); 209 X509_ALGOR_free(encalg);
216 return NULL; 210 return NULL;
217 211}
218 }
219 212
220/* This is an implementation of the key wrapping mechanism in RFC3211, 213/* This is an implementation of the key wrapping mechanism in RFC3211,
221 * at some point this should go into EVP. 214 * at some point this should go into EVP.
222 */ 215 */
223 216
224static int kek_unwrap_key(unsigned char *out, size_t *outlen, 217static int
225 const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) 218kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
226 { 219 size_t inlen, EVP_CIPHER_CTX *ctx)
220{
227 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); 221 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
228 unsigned char *tmp; 222 unsigned char *tmp;
229 int outl, rv = 0; 223 int outl, rv = 0;
230 if (inlen < 2 * blocklen) 224
231 { 225 if (inlen < 2 * blocklen) {
232 /* too small */ 226 /* too small */
233 return 0; 227 return 0;
234 } 228 }
235 if (inlen % blocklen) 229 if (inlen % blocklen) {
236 {
237 /* Invalid size */ 230 /* Invalid size */
238 return 0; 231 return 0;
239 } 232 }
240 tmp = malloc(inlen); 233 tmp = malloc(inlen);
241 /* setup IV by decrypting last two blocks */ 234 /* setup IV by decrypting last two blocks */
242 EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, 235 EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
243 in + inlen - 2 * blocklen, blocklen * 2); 236 in + inlen - 2 * blocklen, blocklen * 2);
244 /* Do a decrypt of last decrypted block to set IV to correct value 237 /* Do a decrypt of last decrypted block to set IV to correct value
245 * output it to start of buffer so we don't corrupt decrypted block 238 * output it to start of buffer so we don't corrupt decrypted block
246 * this works because buffer is at least two block lengths long. 239 * this works because buffer is at least two block lengths long.
247 */ 240 */
248 EVP_DecryptUpdate(ctx, tmp, &outl, 241 EVP_DecryptUpdate(ctx, tmp, &outl,
249 tmp + inlen - blocklen, blocklen); 242 tmp + inlen - blocklen, blocklen);
250 /* Can now decrypt first n - 1 blocks */ 243 /* Can now decrypt first n - 1 blocks */
251 EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen); 244 EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
252 245
@@ -255,49 +248,47 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
255 /* Decrypt again */ 248 /* Decrypt again */
256 EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen); 249 EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
257 /* Check check bytes */ 250 /* Check check bytes */
258 if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) 251 if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) &
259 { 252 (tmp[3] ^ tmp[6])) != 0xff) {
260 /* Check byte failure */ 253 /* Check byte failure */
261 goto err; 254 goto err;
262 } 255 }
263 if (inlen < (size_t)(tmp[0] - 4 )) 256 if (inlen < (size_t)(tmp[0] - 4 )) {
264 {
265 /* Invalid length value */ 257 /* Invalid length value */
266 goto err; 258 goto err;
267 } 259 }
268 *outlen = (size_t)tmp[0]; 260 *outlen = (size_t)tmp[0];
269 memcpy(out, tmp + 4, *outlen); 261 memcpy(out, tmp + 4, *outlen);
270 rv = 1; 262 rv = 1;
271 err: 263
264err:
272 OPENSSL_cleanse(tmp, inlen); 265 OPENSSL_cleanse(tmp, inlen);
273 free(tmp); 266 free(tmp);
274 return rv; 267 return rv;
268}
275 269
276 } 270static int
277 271kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
278static int kek_wrap_key(unsigned char *out, size_t *outlen, 272 size_t inlen, EVP_CIPHER_CTX *ctx)
279 const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) 273{
280 {
281 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); 274 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
282 size_t olen; 275 size_t olen;
283 int dummy; 276 int dummy;
277
284 /* First decide length of output buffer: need header and round up to 278 /* First decide length of output buffer: need header and round up to
285 * multiple of block length. 279 * multiple of block length.
286 */ 280 */
287 olen = (inlen + 4 + blocklen - 1)/blocklen; 281 olen = (inlen + 4 + blocklen - 1)/blocklen;
288 olen *= blocklen; 282 olen *= blocklen;
289 if (olen < 2 * blocklen) 283 if (olen < 2 * blocklen) {
290 {
291 /* Key too small */ 284 /* Key too small */
292 return 0; 285 return 0;
293 } 286 }
294 if (inlen > 0xFF) 287 if (inlen > 0xFF) {
295 {
296 /* Key too large */ 288 /* Key too large */
297 return 0; 289 return 0;
298 } 290 }
299 if (out) 291 if (out) {
300 {
301 /* Set header */ 292 /* Set header */
302 out[0] = (unsigned char)inlen; 293 out[0] = (unsigned char)inlen;
303 out[1] = in[0] ^ 0xFF; 294 out[1] = in[0] ^ 0xFF;
@@ -310,18 +301,19 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
310 /* Encrypt twice */ 301 /* Encrypt twice */
311 EVP_EncryptUpdate(ctx, out, &dummy, out, olen); 302 EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
312 EVP_EncryptUpdate(ctx, out, &dummy, out, olen); 303 EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
313 } 304 }
314 305
315 *outlen = olen; 306 *outlen = olen;
316 307
317 return 1; 308 return 1;
318 } 309}
319 310
320/* Encrypt/Decrypt content key in PWRI recipient info */ 311/* Encrypt/Decrypt content key in PWRI recipient info */
321 312
322int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 313int
323 int en_de) 314cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
324 { 315 int en_de)
316{
325 CMS_EncryptedContentInfo *ec; 317 CMS_EncryptedContentInfo *ec;
326 CMS_PasswordRecipientInfo *pwri; 318 CMS_PasswordRecipientInfo *pwri;
327 const unsigned char *p = NULL; 319 const unsigned char *p = NULL;
@@ -338,69 +330,61 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
338 pwri = ri->d.pwri; 330 pwri = ri->d.pwri;
339 EVP_CIPHER_CTX_init(&kekctx); 331 EVP_CIPHER_CTX_init(&kekctx);
340 332
341 if (!pwri->pass) 333 if (!pwri->pass) {
342 {
343 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); 334 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
344 return 0; 335 return 0;
345 } 336 }
346 algtmp = pwri->keyEncryptionAlgorithm; 337 algtmp = pwri->keyEncryptionAlgorithm;
347 338
348 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) 339 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
349 {
350 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 340 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
351 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 341 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
352 return 0; 342 return 0;
353 } 343 }
354 344
355 if (algtmp->parameter->type == V_ASN1_SEQUENCE) 345 if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
356 {
357 p = algtmp->parameter->value.sequence->data; 346 p = algtmp->parameter->value.sequence->data;
358 plen = algtmp->parameter->value.sequence->length; 347 plen = algtmp->parameter->value.sequence->length;
359 kekalg = d2i_X509_ALGOR(NULL, &p, plen); 348 kekalg = d2i_X509_ALGOR(NULL, &p, plen);
360 } 349 }
361 if (kekalg == NULL) 350 if (kekalg == NULL) {
362 {
363 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 351 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
364 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); 352 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
365 return 0; 353 return 0;
366 } 354 }
367 355
368 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); 356 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
369 357
370 if(!kekcipher) 358 if (!kekcipher) {
371 {
372 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 359 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
373 CMS_R_UNKNOWN_CIPHER); 360 CMS_R_UNKNOWN_CIPHER);
374 goto err; 361 goto err;
375 } 362 }
376 363
377 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ 364 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
378 if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de)) 365 if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
379 goto err; 366 goto err;
380 EVP_CIPHER_CTX_set_padding(&kekctx, 0); 367 EVP_CIPHER_CTX_set_padding(&kekctx, 0);
381 if(EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) 368 if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
382 {
383 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 369 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
384 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 370 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
385 goto err; 371 goto err;
386 } 372 }
387 373
388 algtmp = pwri->keyDerivationAlgorithm; 374 algtmp = pwri->keyDerivationAlgorithm;
389 375
390 /* Finish password based key derivation to setup key in "ctx" */ 376 /* Finish password based key derivation to setup key in "ctx" */
391 377
392 if (EVP_PBE_CipherInit(algtmp->algorithm, 378 if (EVP_PBE_CipherInit(algtmp->algorithm,
393 (char *)pwri->pass, pwri->passlen, 379 (char *)pwri->pass, pwri->passlen,
394 algtmp->parameter, &kekctx, en_de) < 0) 380 algtmp->parameter, &kekctx, en_de) < 0) {
395 {
396 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB); 381 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
397 goto err; 382 goto err;
398 } 383 }
399 384
400 /* Finally wrap/unwrap the key */ 385 /* Finally wrap/unwrap the key */
401 386
402 if (en_de) 387 if (en_de) {
403 {
404 388
405 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx)) 389 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
406 goto err; 390 goto err;
@@ -414,41 +398,34 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
414 goto err; 398 goto err;
415 pwri->encryptedKey->data = key; 399 pwri->encryptedKey->data = key;
416 pwri->encryptedKey->length = keylen; 400 pwri->encryptedKey->length = keylen;
417 } 401 } else {
418 else
419 {
420 key = malloc(pwri->encryptedKey->length); 402 key = malloc(pwri->encryptedKey->length);
421 403
422 if (!key) 404 if (!key) {
423 {
424 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 405 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
425 ERR_R_MALLOC_FAILURE); 406 ERR_R_MALLOC_FAILURE);
426 goto err; 407 goto err;
427 } 408 }
428 if (!kek_unwrap_key(key, &keylen, 409 if (!kek_unwrap_key(key, &keylen,
429 pwri->encryptedKey->data, 410 pwri->encryptedKey->data,
430 pwri->encryptedKey->length, &kekctx)) 411 pwri->encryptedKey->length, &kekctx)) {
431 {
432 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 412 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
433 CMS_R_UNWRAP_FAILURE); 413 CMS_R_UNWRAP_FAILURE);
434 goto err; 414 goto err;
435 } 415 }
436 416
437 ec->key = key; 417 ec->key = key;
438 ec->keylen = keylen; 418 ec->keylen = keylen;
439 419
440 } 420 }
441 421
442 r = 1; 422 r = 1;
443 423
444 err: 424err:
445
446 EVP_CIPHER_CTX_cleanup(&kekctx); 425 EVP_CIPHER_CTX_cleanup(&kekctx);
447
448 if (!r && key) 426 if (!r && key)
449 free(key); 427 free(key);
450 X509_ALGOR_free(kekalg); 428 X509_ALGOR_free(kekalg);
451 429
452 return r; 430 return r;
453 431}
454 }
diff --git a/src/lib/libssl/src/crypto/cms/cms_sd.c b/src/lib/libssl/src/crypto/cms/cms_sd.c
index 976881743b..7fbc0490ba 100644
--- a/src/lib/libssl/src/crypto/cms/cms_sd.c
+++ b/src/lib/libssl/src/crypto/cms/cms_sd.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -64,119 +64,111 @@
64 64
65DECLARE_ASN1_ITEM(CMS_SignedData) 65DECLARE_ASN1_ITEM(CMS_SignedData)
66 66
67static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) 67static CMS_SignedData *
68 { 68cms_get0_signed(CMS_ContentInfo *cms)
69 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) 69{
70 { 70 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
71 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 71 CMSerr(CMS_F_CMS_GET0_SIGNED,
72 CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
72 return NULL; 73 return NULL;
73 }
74 return cms->d.signedData;
75 } 74 }
75 return cms->d.signedData;
76}
76 77
77static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) 78static CMS_SignedData *
78 { 79cms_signed_data_init(CMS_ContentInfo *cms)
79 if (cms->d.other == NULL) 80{
80 { 81 if (cms->d.other == NULL) {
81 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 82 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
82 if (!cms->d.signedData) 83 if (!cms->d.signedData) {
83 { 84 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT,
84 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); 85 ERR_R_MALLOC_FAILURE);
85 return NULL; 86 return NULL;
86 } 87 }
87 cms->d.signedData->version = 1; 88 cms->d.signedData->version = 1;
88 cms->d.signedData->encapContentInfo->eContentType = 89 cms->d.signedData->encapContentInfo->eContentType =
89 OBJ_nid2obj(NID_pkcs7_data); 90 OBJ_nid2obj(NID_pkcs7_data);
90 cms->d.signedData->encapContentInfo->partial = 1; 91 cms->d.signedData->encapContentInfo->partial = 1;
91 ASN1_OBJECT_free(cms->contentType); 92 ASN1_OBJECT_free(cms->contentType);
92 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); 93 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
93 return cms->d.signedData; 94 return cms->d.signedData;
94 }
95 return cms_get0_signed(cms);
96 } 95 }
96 return cms_get0_signed(cms);
97}
97 98
98/* Just initialize SignedData e.g. for certs only structure */ 99/* Just initialize SignedData e.g. for certs only structure */
99 100
100int CMS_SignedData_init(CMS_ContentInfo *cms) 101int
101 { 102CMS_SignedData_init(CMS_ContentInfo *cms)
103{
102 if (cms_signed_data_init(cms)) 104 if (cms_signed_data_init(cms))
103 return 1; 105 return 1;
104 else 106 else
105 return 0; 107 return 0;
106 } 108}
107 109
108/* Check structures and fixup version numbers (if necessary) */ 110/* Check structures and fixup version numbers (if necessary) */
109 111
110static void cms_sd_set_version(CMS_SignedData *sd) 112static void
111 { 113cms_sd_set_version(CMS_SignedData *sd)
114{
112 int i; 115 int i;
113 CMS_CertificateChoices *cch; 116 CMS_CertificateChoices *cch;
114 CMS_RevocationInfoChoice *rch; 117 CMS_RevocationInfoChoice *rch;
115 CMS_SignerInfo *si; 118 CMS_SignerInfo *si;
116 119
117 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) 120 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
118 {
119 cch = sk_CMS_CertificateChoices_value(sd->certificates, i); 121 cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
120 if (cch->type == CMS_CERTCHOICE_OTHER) 122 if (cch->type == CMS_CERTCHOICE_OTHER) {
121 {
122 if (sd->version < 5) 123 if (sd->version < 5)
123 sd->version = 5; 124 sd->version = 5;
124 } 125 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
125 else if (cch->type == CMS_CERTCHOICE_V2ACERT)
126 {
127 if (sd->version < 4) 126 if (sd->version < 4)
128 sd->version = 4; 127 sd->version = 4;
129 } 128 } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
130 else if (cch->type == CMS_CERTCHOICE_V1ACERT)
131 {
132 if (sd->version < 3) 129 if (sd->version < 3)
133 sd->version = 3; 130 sd->version = 3;
134 }
135 } 131 }
132 }
136 133
137 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) 134 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
138 {
139 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); 135 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
140 if (rch->type == CMS_REVCHOICE_OTHER) 136 if (rch->type == CMS_REVCHOICE_OTHER) {
141 {
142 if (sd->version < 5) 137 if (sd->version < 5)
143 sd->version = 5; 138 sd->version = 5;
144 }
145 } 139 }
140 }
146 141
147 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) 142 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) !=
148 && (sd->version < 3)) 143 NID_pkcs7_data) && (sd->version < 3))
149 sd->version = 3; 144 sd->version = 3;
150 145
151 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) 146 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
152 {
153 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 147 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
154 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) 148 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
155 {
156 if (si->version < 3) 149 if (si->version < 3)
157 si->version = 3; 150 si->version = 3;
158 if (sd->version < 3) 151 if (sd->version < 3)
159 sd->version = 3; 152 sd->version = 3;
160 } 153 } else
161 else
162 sd->version = 1; 154 sd->version = 1;
163 } 155 }
164 156
165 if (sd->version < 1) 157 if (sd->version < 1)
166 sd->version = 1; 158 sd->version = 1;
159}
167 160
168 }
169
170/* Copy an existing messageDigest value */ 161/* Copy an existing messageDigest value */
171 162
172static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) 163static int
173 { 164cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
165{
174 STACK_OF(CMS_SignerInfo) *sinfos; 166 STACK_OF(CMS_SignerInfo) *sinfos;
175 CMS_SignerInfo *sitmp; 167 CMS_SignerInfo *sitmp;
176 int i; 168 int i;
169
177 sinfos = CMS_get0_SignerInfos(cms); 170 sinfos = CMS_get0_SignerInfos(cms);
178 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 171 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
179 {
180 ASN1_OCTET_STRING *messageDigest; 172 ASN1_OCTET_STRING *messageDigest;
181 sitmp = sk_CMS_SignerInfo_value(sinfos, i); 173 sitmp = sk_CMS_SignerInfo_value(sinfos, i);
182 if (sitmp == si) 174 if (sitmp == si)
@@ -184,133 +176,124 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
184 if (CMS_signed_get_attr_count(sitmp) < 0) 176 if (CMS_signed_get_attr_count(sitmp) < 0)
185 continue; 177 continue;
186 if (OBJ_cmp(si->digestAlgorithm->algorithm, 178 if (OBJ_cmp(si->digestAlgorithm->algorithm,
187 sitmp->digestAlgorithm->algorithm)) 179 sitmp->digestAlgorithm->algorithm))
188 continue; 180 continue;
189 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 181 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
190 OBJ_nid2obj(NID_pkcs9_messageDigest), 182 OBJ_nid2obj(NID_pkcs9_messageDigest),
191 -3, V_ASN1_OCTET_STRING); 183 -3, V_ASN1_OCTET_STRING);
192 if (!messageDigest) 184 if (!messageDigest) {
193 {
194 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, 185 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
195 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 186 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
196 return 0; 187 return 0;
197 } 188 }
198 189
199 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 190 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
200 V_ASN1_OCTET_STRING, 191 V_ASN1_OCTET_STRING,
201 messageDigest, -1)) 192 messageDigest, -1))
202 return 1; 193 return 1;
203 else 194 else
204 return 0; 195 return 0;
205 }
206 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
207 return 0;
208 } 196 }
197 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
198 return 0;
199}
209 200
210int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) 201int
211 { 202cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
212 switch(type) 203{
213 { 204 switch (type) {
214 case CMS_SIGNERINFO_ISSUER_SERIAL: 205 case CMS_SIGNERINFO_ISSUER_SERIAL:
215 sid->d.issuerAndSerialNumber = 206 sid->d.issuerAndSerialNumber =
216 M_ASN1_new_of(CMS_IssuerAndSerialNumber); 207 M_ASN1_new_of(CMS_IssuerAndSerialNumber);
217 if (!sid->d.issuerAndSerialNumber) 208 if (!sid->d.issuerAndSerialNumber)
218 goto merr; 209 goto merr;
219 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, 210 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
220 X509_get_issuer_name(cert))) 211 X509_get_issuer_name(cert)))
221 goto merr; 212 goto merr;
222 if (!ASN1_STRING_copy( 213 if (!ASN1_STRING_copy(
223 sid->d.issuerAndSerialNumber->serialNumber, 214 sid->d.issuerAndSerialNumber->serialNumber,
224 X509_get_serialNumber(cert))) 215 X509_get_serialNumber(cert)))
225 goto merr; 216 goto merr;
226 break; 217 break;
227 218
228 case CMS_SIGNERINFO_KEYIDENTIFIER: 219 case CMS_SIGNERINFO_KEYIDENTIFIER:
229 if (!cert->skid) 220 if (!cert->skid) {
230 {
231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, 221 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
232 CMS_R_CERTIFICATE_HAS_NO_KEYID); 222 CMS_R_CERTIFICATE_HAS_NO_KEYID);
233 return 0; 223 return 0;
234 } 224 }
235 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); 225 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
236 if (!sid->d.subjectKeyIdentifier) 226 if (!sid->d.subjectKeyIdentifier)
237 goto merr; 227 goto merr;
238 break; 228 break;
239 229
240 default: 230 default:
241 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); 231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
242 return 0; 232 return 0;
243 } 233 }
244 234
245 sid->type = type; 235 sid->type = type;
246 236
247 return 1; 237 return 1;
248 238
249 merr: 239merr:
250 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); 240 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
251 return 0; 241 return 0;
242}
252 243
253 } 244int
254 245cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
255int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 246 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
256 ASN1_OCTET_STRING **keyid, 247{
257 X509_NAME **issuer, ASN1_INTEGER **sno) 248 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
258 {
259 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
260 {
261 if (issuer) 249 if (issuer)
262 *issuer = sid->d.issuerAndSerialNumber->issuer; 250 *issuer = sid->d.issuerAndSerialNumber->issuer;
263 if (sno) 251 if (sno)
264 *sno = sid->d.issuerAndSerialNumber->serialNumber; 252 *sno = sid->d.issuerAndSerialNumber->serialNumber;
265 } 253 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
266 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
267 {
268 if (keyid) 254 if (keyid)
269 *keyid = sid->d.subjectKeyIdentifier; 255 *keyid = sid->d.subjectKeyIdentifier;
270 } 256 } else
271 else
272 return 0; 257 return 0;
273 return 1; 258 return 1;
274 } 259}
275 260
276int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) 261int
277 { 262cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
263{
278 int ret; 264 int ret;
279 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 265
280 { 266 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
281 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer, 267 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
282 X509_get_issuer_name(cert)); 268 X509_get_issuer_name(cert));
283 if (ret) 269 if (ret)
284 return ret; 270 return ret;
285 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber, 271 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
286 X509_get_serialNumber(cert)); 272 X509_get_serialNumber(cert));
287 } 273 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
288 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
289 {
290 X509_check_purpose(cert, -1, -1); 274 X509_check_purpose(cert, -1, -1);
291 if (!cert->skid) 275 if (!cert->skid)
292 return -1; 276 return -1;
293 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier, 277 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
294 cert->skid); 278 cert->skid);
295 } 279 } else
296 else
297 return -1; 280 return -1;
298 } 281}
299 282
300CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 283CMS_SignerInfo *
301 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 284CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
302 unsigned int flags) 285 const EVP_MD *md, unsigned int flags)
303 { 286{
304 CMS_SignedData *sd; 287 CMS_SignedData *sd;
305 CMS_SignerInfo *si = NULL; 288 CMS_SignerInfo *si = NULL;
306 X509_ALGOR *alg; 289 X509_ALGOR *alg;
307 int i, type; 290 int i, type;
308 if(!X509_check_private_key(signer, pk)) 291
309 { 292 if (!X509_check_private_key(signer, pk)) {
310 CMSerr(CMS_F_CMS_ADD1_SIGNER, 293 CMSerr(CMS_F_CMS_ADD1_SIGNER,
311 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 294 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
312 return NULL; 295 return NULL;
313 } 296 }
314 sd = cms_signed_data_init(cms); 297 sd = cms_signed_data_init(cms);
315 if (!sd) 298 if (!sd)
316 goto err; 299 goto err;
@@ -325,98 +308,83 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
325 si->pkey = pk; 308 si->pkey = pk;
326 si->signer = signer; 309 si->signer = signer;
327 310
328 if (flags & CMS_USE_KEYID) 311 if (flags & CMS_USE_KEYID) {
329 {
330 si->version = 3; 312 si->version = 3;
331 if (sd->version < 3) 313 if (sd->version < 3)
332 sd->version = 3; 314 sd->version = 3;
333 type = CMS_SIGNERINFO_KEYIDENTIFIER; 315 type = CMS_SIGNERINFO_KEYIDENTIFIER;
334 } 316 } else {
335 else
336 {
337 type = CMS_SIGNERINFO_ISSUER_SERIAL; 317 type = CMS_SIGNERINFO_ISSUER_SERIAL;
338 si->version = 1; 318 si->version = 1;
339 } 319 }
340 320
341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) 321 if (!cms_set1_SignerIdentifier(si->sid, signer, type))
342 goto err; 322 goto err;
343 323
344 if (md == NULL) 324 if (md == NULL) {
345 {
346 int def_nid; 325 int def_nid;
347 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) 326 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
348 goto err; 327 goto err;
349 md = EVP_get_digestbynid(def_nid); 328 md = EVP_get_digestbynid(def_nid);
350 if (md == NULL) 329 if (md == NULL) {
351 {
352 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); 330 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
353 goto err; 331 goto err;
354 }
355 } 332 }
333 }
356 334
357 if (!md) 335 if (!md) {
358 {
359 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); 336 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
360 goto err; 337 goto err;
361 } 338 }
362 339
363 cms_DigestAlgorithm_set(si->digestAlgorithm, md); 340 cms_DigestAlgorithm_set(si->digestAlgorithm, md);
364 341
365 /* See if digest is present in digestAlgorithms */ 342 /* See if digest is present in digestAlgorithms */
366 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) 343 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
367 {
368 ASN1_OBJECT *aoid; 344 ASN1_OBJECT *aoid;
369 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 345 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
370 X509_ALGOR_get0(&aoid, NULL, NULL, alg); 346 X509_ALGOR_get0(&aoid, NULL, NULL, alg);
371 if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) 347 if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
372 break; 348 break;
373 } 349 }
374 350
375 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) 351 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
376 {
377 alg = X509_ALGOR_new(); 352 alg = X509_ALGOR_new();
378 if (!alg) 353 if (!alg)
379 goto merr; 354 goto merr;
380 cms_DigestAlgorithm_set(alg, md); 355 cms_DigestAlgorithm_set(alg, md);
381 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) 356 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
382 {
383 X509_ALGOR_free(alg); 357 X509_ALGOR_free(alg);
384 goto merr; 358 goto merr;
385 }
386 } 359 }
360 }
387 361
388 if (pk->ameth && pk->ameth->pkey_ctrl) 362 if (pk->ameth && pk->ameth->pkey_ctrl) {
389 {
390 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN, 363 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
391 0, si); 364 0, si);
392 if (i == -2) 365 if (i == -2) {
393 {
394 CMSerr(CMS_F_CMS_ADD1_SIGNER, 366 CMSerr(CMS_F_CMS_ADD1_SIGNER,
395 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 367 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
396 goto err; 368 goto err;
397 } 369 }
398 if (i <= 0) 370 if (i <= 0) {
399 {
400 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE); 371 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
401 goto err; 372 goto err;
402 }
403 } 373 }
374 }
404 375
405 if (!(flags & CMS_NOATTR)) 376 if (!(flags & CMS_NOATTR)) {
406 {
407 /* Initialialize signed attributes strutucture so other 377 /* Initialialize signed attributes strutucture so other
408 * attributes such as signing time etc are added later 378 * attributes such as signing time etc are added later
409 * even if we add none here. 379 * even if we add none here.
410 */ 380 */
411 if (!si->signedAttrs) 381 if (!si->signedAttrs) {
412 {
413 si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); 382 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
414 if (!si->signedAttrs) 383 if (!si->signedAttrs)
415 goto merr; 384 goto merr;
416 } 385 }
417 386
418 if (!(flags & CMS_NOSMIMECAP)) 387 if (!(flags & CMS_NOSMIMECAP)) {
419 {
420 STACK_OF(X509_ALGOR) *smcap = NULL; 388 STACK_OF(X509_ALGOR) *smcap = NULL;
421 i = CMS_add_standard_smimecap(&smcap); 389 i = CMS_add_standard_smimecap(&smcap);
422 if (i) 390 if (i)
@@ -424,45 +392,44 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
424 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 392 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
425 if (!i) 393 if (!i)
426 goto merr; 394 goto merr;
427 } 395 }
428 if (flags & CMS_REUSE_DIGEST) 396 if (flags & CMS_REUSE_DIGEST) {
429 {
430 if (!cms_copy_messageDigest(cms, si)) 397 if (!cms_copy_messageDigest(cms, si))
431 goto err; 398 goto err;
432 if (!(flags & CMS_PARTIAL) && 399 if (!(flags & CMS_PARTIAL) &&
433 !CMS_SignerInfo_sign(si)) 400 !CMS_SignerInfo_sign(si))
434 goto err; 401 goto err;
435 }
436 } 402 }
403 }
437 404
438 if (!(flags & CMS_NOCERTS)) 405 if (!(flags & CMS_NOCERTS)) {
439 {
440 /* NB ignore -1 return for duplicate cert */ 406 /* NB ignore -1 return for duplicate cert */
441 if (!CMS_add1_cert(cms, signer)) 407 if (!CMS_add1_cert(cms, signer))
442 goto merr; 408 goto merr;
443 } 409 }
444 410
445 if (!sd->signerInfos) 411 if (!sd->signerInfos)
446 sd->signerInfos = sk_CMS_SignerInfo_new_null(); 412 sd->signerInfos = sk_CMS_SignerInfo_new_null();
447 if (!sd->signerInfos || 413 if (!sd->signerInfos ||
448 !sk_CMS_SignerInfo_push(sd->signerInfos, si)) 414 !sk_CMS_SignerInfo_push(sd->signerInfos, si))
449 goto merr; 415 goto merr;
450 416
451 return si; 417 return si;
452 418
453 merr: 419merr:
454 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 420 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
455 err: 421err:
456 if (si) 422 if (si)
457 M_ASN1_free_of(si, CMS_SignerInfo); 423 M_ASN1_free_of(si, CMS_SignerInfo);
458 return NULL; 424 return NULL;
425}
459 426
460 } 427static int
461 428cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
462static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) 429{
463 {
464 ASN1_TIME *tt; 430 ASN1_TIME *tt;
465 int r = 0; 431 int r = 0;
432
466 if (t) 433 if (t)
467 tt = t; 434 tt = t;
468 else 435 else
@@ -472,89 +439,88 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
472 goto merr; 439 goto merr;
473 440
474 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, 441 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
475 tt->type, tt, -1) <= 0) 442 tt->type, tt, -1) <= 0)
476 goto merr; 443 goto merr;
477 444
478 r = 1; 445 r = 1;
479 446
480 merr: 447merr:
481
482 if (!t) 448 if (!t)
483 ASN1_TIME_free(tt); 449 ASN1_TIME_free(tt);
484
485 if (!r) 450 if (!r)
486 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); 451 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
487 452
488 return r; 453 return r;
454}
489 455
490 } 456STACK_OF(CMS_SignerInfo) *
491 457CMS_get0_SignerInfos(CMS_ContentInfo *cms)
492STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) 458{
493 {
494 CMS_SignedData *sd; 459 CMS_SignedData *sd;
460
495 sd = cms_get0_signed(cms); 461 sd = cms_get0_signed(cms);
496 if (!sd) 462 if (!sd)
497 return NULL; 463 return NULL;
498 return sd->signerInfos; 464 return sd->signerInfos;
499 } 465}
500 466
501STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) 467STACK_OF(X509) *
502 { 468CMS_get0_signers(CMS_ContentInfo *cms)
469{
503 STACK_OF(X509) *signers = NULL; 470 STACK_OF(X509) *signers = NULL;
504 STACK_OF(CMS_SignerInfo) *sinfos; 471 STACK_OF(CMS_SignerInfo) *sinfos;
505 CMS_SignerInfo *si; 472 CMS_SignerInfo *si;
506 int i; 473 int i;
474
507 sinfos = CMS_get0_SignerInfos(cms); 475 sinfos = CMS_get0_SignerInfos(cms);
508 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 476 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
509 {
510 si = sk_CMS_SignerInfo_value(sinfos, i); 477 si = sk_CMS_SignerInfo_value(sinfos, i);
511 if (si->signer) 478 if (si->signer) {
512 { 479 if (!signers) {
513 if (!signers)
514 {
515 signers = sk_X509_new_null(); 480 signers = sk_X509_new_null();
516 if (!signers) 481 if (!signers)
517 return NULL; 482 return NULL;
518 } 483 }
519 if (!sk_X509_push(signers, si->signer)) 484 if (!sk_X509_push(signers, si->signer)) {
520 {
521 sk_X509_free(signers); 485 sk_X509_free(signers);
522 return NULL; 486 return NULL;
523 }
524 } 487 }
525 } 488 }
526 return signers;
527 } 489 }
490 return signers;
491}
528 492
529void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) 493void
530 { 494CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
531 if (signer) 495{
532 { 496 if (signer) {
533 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); 497 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
534 if (si->pkey) 498 if (si->pkey)
535 EVP_PKEY_free(si->pkey); 499 EVP_PKEY_free(si->pkey);
536 si->pkey = X509_get_pubkey(signer); 500 si->pkey = X509_get_pubkey(signer);
537 } 501 }
538 if (si->signer) 502 if (si->signer)
539 X509_free(si->signer); 503 X509_free(si->signer);
540 si->signer = signer; 504 si->signer = signer;
541 } 505}
542 506
543int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 507int
544 ASN1_OCTET_STRING **keyid, 508CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
545 X509_NAME **issuer, ASN1_INTEGER **sno) 509 X509_NAME **issuer, ASN1_INTEGER **sno)
546 { 510{
547 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); 511 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
548 } 512}
549 513
550int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) 514int
551 { 515CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
516{
552 return cms_SignerIdentifier_cert_cmp(si->sid, cert); 517 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
553 } 518}
554 519
555int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, 520int
556 unsigned int flags) 521CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
557 { 522 unsigned int flags)
523{
558 CMS_SignedData *sd; 524 CMS_SignedData *sd;
559 CMS_SignerInfo *si; 525 CMS_SignerInfo *si;
560 CMS_CertificateChoices *cch; 526 CMS_CertificateChoices *cch;
@@ -562,50 +528,47 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
562 X509 *x; 528 X509 *x;
563 int i, j; 529 int i, j;
564 int ret = 0; 530 int ret = 0;
531
565 sd = cms_get0_signed(cms); 532 sd = cms_get0_signed(cms);
566 if (!sd) 533 if (!sd)
567 return -1; 534 return -1;
568 certs = sd->certificates; 535 certs = sd->certificates;
569 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) 536 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
570 {
571 si = sk_CMS_SignerInfo_value(sd->signerInfos, i); 537 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
572 if (si->signer) 538 if (si->signer)
573 continue; 539 continue;
574 540
575 for (j = 0; j < sk_X509_num(scerts); j++) 541 for (j = 0; j < sk_X509_num(scerts); j++) {
576 {
577 x = sk_X509_value(scerts, j); 542 x = sk_X509_value(scerts, j);
578 if (CMS_SignerInfo_cert_cmp(si, x) == 0) 543 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
579 {
580 CMS_SignerInfo_set1_signer_cert(si, x); 544 CMS_SignerInfo_set1_signer_cert(si, x);
581 ret++; 545 ret++;
582 break; 546 break;
583 }
584 } 547 }
548 }
585 549
586 if (si->signer || (flags & CMS_NOINTERN)) 550 if (si->signer || (flags & CMS_NOINTERN))
587 continue; 551 continue;
588 552
589 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) 553 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
590 {
591 cch = sk_CMS_CertificateChoices_value(certs, j); 554 cch = sk_CMS_CertificateChoices_value(certs, j);
592 if (cch->type != 0) 555 if (cch->type != 0)
593 continue; 556 continue;
594 x = cch->d.certificate; 557 x = cch->d.certificate;
595 if (CMS_SignerInfo_cert_cmp(si, x) == 0) 558 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
596 {
597 CMS_SignerInfo_set1_signer_cert(si, x); 559 CMS_SignerInfo_set1_signer_cert(si, x);
598 ret++; 560 ret++;
599 break; 561 break;
600 }
601 } 562 }
602 } 563 }
603 return ret;
604 } 564 }
565 return ret;
566}
605 567
606void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, 568void
607 X509_ALGOR **pdig, X509_ALGOR **psig) 569CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
608 { 570 X509_ALGOR **pdig, X509_ALGOR **psig)
571{
609 if (pk) 572 if (pk)
610 *pk = si->pkey; 573 *pk = si->pkey;
611 if (signer) 574 if (signer)
@@ -614,93 +577,88 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
614 *pdig = si->digestAlgorithm; 577 *pdig = si->digestAlgorithm;
615 if (psig) 578 if (psig)
616 *psig = si->signatureAlgorithm; 579 *psig = si->signatureAlgorithm;
617 } 580}
618 581
619static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 582static int
620 CMS_SignerInfo *si, BIO *chain) 583cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si,
621 { 584 BIO *chain)
585{
622 EVP_MD_CTX mctx; 586 EVP_MD_CTX mctx;
623 int r = 0; 587 int r = 0;
624 EVP_MD_CTX_init(&mctx); 588 EVP_MD_CTX_init(&mctx);
625 589
626 590 if (!si->pkey) {
627 if (!si->pkey)
628 {
629 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); 591 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
630 return 0; 592 return 0;
631 } 593 }
632 594
633 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) 595 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
634 goto err; 596 goto err;
635 597
636 /* If any signed attributes calculate and add messageDigest attribute */ 598 /* If any signed attributes calculate and add messageDigest attribute */
637 599
638 if (CMS_signed_get_attr_count(si) >= 0) 600 if (CMS_signed_get_attr_count(si) >= 0) {
639 {
640 ASN1_OBJECT *ctype = 601 ASN1_OBJECT *ctype =
641 cms->d.signedData->encapContentInfo->eContentType; 602 cms->d.signedData->encapContentInfo->eContentType;
642 unsigned char md[EVP_MAX_MD_SIZE]; 603 unsigned char md[EVP_MAX_MD_SIZE];
643 unsigned int mdlen; 604 unsigned int mdlen;
644 if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) 605 if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
645 goto err; 606 goto err;
646 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 607 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
647 V_ASN1_OCTET_STRING, 608 V_ASN1_OCTET_STRING,
648 md, mdlen)) 609 md, mdlen))
649 goto err; 610 goto err;
650 /* Copy content type across */ 611 /* Copy content type across */
651 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, 612 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
652 V_ASN1_OBJECT, ctype, -1) <= 0) 613 V_ASN1_OBJECT, ctype, -1) <= 0)
653 goto err; 614 goto err;
654 if (!CMS_SignerInfo_sign(si)) 615 if (!CMS_SignerInfo_sign(si))
655 goto err; 616 goto err;
656 } 617 } else {
657 else
658 {
659 unsigned char *sig; 618 unsigned char *sig;
660 unsigned int siglen; 619 unsigned int siglen;
661 sig = malloc(EVP_PKEY_size(si->pkey)); 620 sig = malloc(EVP_PKEY_size(si->pkey));
662 if (!sig) 621 if (!sig) {
663 {
664 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 622 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
665 ERR_R_MALLOC_FAILURE); 623 ERR_R_MALLOC_FAILURE);
666 goto err; 624 goto err;
667 } 625 }
668 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) 626 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
669 {
670 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 627 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
671 CMS_R_SIGNFINAL_ERROR); 628 CMS_R_SIGNFINAL_ERROR);
672 free(sig); 629 free(sig);
673 goto err; 630 goto err;
674 }
675 ASN1_STRING_set0(si->signature, sig, siglen);
676 } 631 }
632 ASN1_STRING_set0(si->signature, sig, siglen);
633 }
677 634
678 r = 1; 635 r = 1;
679 636
680 err: 637err:
681 EVP_MD_CTX_cleanup(&mctx); 638 EVP_MD_CTX_cleanup(&mctx);
682 return r; 639 return r;
640}
683 641
684 } 642int
685 643cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
686int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) 644{
687 {
688 STACK_OF(CMS_SignerInfo) *sinfos; 645 STACK_OF(CMS_SignerInfo) *sinfos;
689 CMS_SignerInfo *si; 646 CMS_SignerInfo *si;
690 int i; 647 int i;
648
691 sinfos = CMS_get0_SignerInfos(cms); 649 sinfos = CMS_get0_SignerInfos(cms);
692 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 650 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
693 {
694 si = sk_CMS_SignerInfo_value(sinfos, i); 651 si = sk_CMS_SignerInfo_value(sinfos, i);
695 if (!cms_SignerInfo_content_sign(cms, si, chain)) 652 if (!cms_SignerInfo_content_sign(cms, si, chain))
696 return 0; 653 return 0;
697 } 654 }
698 cms->d.signedData->encapContentInfo->partial = 0; 655 cms->d.signedData->encapContentInfo->partial = 0;
699 return 1; 656 return 1;
700 } 657}
701 658
702int CMS_SignerInfo_sign(CMS_SignerInfo *si) 659int
703 { 660CMS_SignerInfo_sign(CMS_SignerInfo *si)
661{
704 EVP_MD_CTX mctx; 662 EVP_MD_CTX mctx;
705 EVP_PKEY_CTX *pctx; 663 EVP_PKEY_CTX *pctx;
706 unsigned char *abuf = NULL; 664 unsigned char *abuf = NULL;
@@ -714,25 +672,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
714 672
715 EVP_MD_CTX_init(&mctx); 673 EVP_MD_CTX_init(&mctx);
716 674
717 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) 675 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
718 {
719 if (!cms_add1_signingTime(si, NULL)) 676 if (!cms_add1_signingTime(si, NULL))
720 goto err; 677 goto err;
721 } 678 }
722 679
723 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) 680 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
724 goto err; 681 goto err;
725 682
726 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 683 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
727 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) 684 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
728 {
729 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 685 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
730 goto err; 686 goto err;
731 } 687 }
732 688
733 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 689 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
734 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 690 ASN1_ITEM_rptr(CMS_Attributes_Sign));
735 if(!abuf) 691 if (!abuf)
736 goto err; 692 goto err;
737 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) 693 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
738 goto err; 694 goto err;
@@ -740,17 +696,16 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
740 goto err; 696 goto err;
741 free(abuf); 697 free(abuf);
742 abuf = malloc(siglen); 698 abuf = malloc(siglen);
743 if(!abuf) 699 if (!abuf)
744 goto err; 700 goto err;
745 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) 701 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
746 goto err; 702 goto err;
747 703
748 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 704 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
749 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) 705 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
750 {
751 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 706 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
752 goto err; 707 goto err;
753 } 708 }
754 709
755 EVP_MD_CTX_cleanup(&mctx); 710 EVP_MD_CTX_cleanup(&mctx);
756 711
@@ -758,26 +713,25 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
758 713
759 return 1; 714 return 1;
760 715
761 err: 716err:
762 free(abuf); 717 free(abuf);
763 EVP_MD_CTX_cleanup(&mctx); 718 EVP_MD_CTX_cleanup(&mctx);
764 return 0; 719 return 0;
720}
765 721
766 } 722int
767 723CMS_SignerInfo_verify(CMS_SignerInfo *si)
768int CMS_SignerInfo_verify(CMS_SignerInfo *si) 724{
769 {
770 EVP_MD_CTX mctx; 725 EVP_MD_CTX mctx;
771 EVP_PKEY_CTX *pctx; 726 EVP_PKEY_CTX *pctx;
772 unsigned char *abuf = NULL; 727 unsigned char *abuf = NULL;
773 int alen, r = -1; 728 int alen, r = -1;
774 const EVP_MD *md = NULL; 729 const EVP_MD *md = NULL;
775 730
776 if (!si->pkey) 731 if (!si->pkey) {
777 {
778 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); 732 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
779 return -1; 733 return -1;
780 } 734 }
781 735
782 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 736 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
783 if (md == NULL) 737 if (md == NULL)
@@ -786,199 +740,195 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
786 if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) 740 if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
787 goto err; 741 goto err;
788 742
789 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 743 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
790 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 744 ASN1_ITEM_rptr(CMS_Attributes_Verify));
791 if(!abuf) 745 if (!abuf)
792 goto err; 746 goto err;
793 r = EVP_DigestVerifyUpdate(&mctx, abuf, alen); 747 r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
794 free(abuf); 748 free(abuf);
795 if (r <= 0) 749 if (r <= 0) {
796 {
797 r = -1; 750 r = -1;
798 goto err; 751 goto err;
799 } 752 }
800 r = EVP_DigestVerifyFinal(&mctx, 753 r = EVP_DigestVerifyFinal(&mctx,
801 si->signature->data, si->signature->length); 754 si->signature->data, si->signature->length);
802 if (r <= 0) 755 if (r <= 0)
803 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); 756 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
804 err: 757
758err:
805 EVP_MD_CTX_cleanup(&mctx); 759 EVP_MD_CTX_cleanup(&mctx);
806 return r; 760 return r;
807 } 761}
808 762
809/* Create a chain of digest BIOs from a CMS ContentInfo */ 763/* Create a chain of digest BIOs from a CMS ContentInfo */
810 764
811BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) 765BIO *
812 { 766cms_SignedData_init_bio(CMS_ContentInfo *cms)
767{
813 int i; 768 int i;
814 CMS_SignedData *sd; 769 CMS_SignedData *sd;
815 BIO *chain = NULL; 770 BIO *chain = NULL;
771
816 sd = cms_get0_signed(cms); 772 sd = cms_get0_signed(cms);
817 if (!sd) 773 if (!sd)
818 return NULL; 774 return NULL;
819 if (cms->d.signedData->encapContentInfo->partial) 775 if (cms->d.signedData->encapContentInfo->partial)
820 cms_sd_set_version(sd); 776 cms_sd_set_version(sd);
821 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) 777 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
822 {
823 X509_ALGOR *digestAlgorithm; 778 X509_ALGOR *digestAlgorithm;
824 BIO *mdbio; 779 BIO *mdbio;
825 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); 780 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
826 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); 781 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
827 if (!mdbio) 782 if (!mdbio)
828 goto err; 783 goto err;
829 if (chain) 784 if (chain)
830 BIO_push(chain, mdbio); 785 BIO_push(chain, mdbio);
831 else 786 else
832 chain = mdbio; 787 chain = mdbio;
833 } 788 }
834 return chain; 789 return chain;
835 err: 790
791err:
836 if (chain) 792 if (chain)
837 BIO_free_all(chain); 793 BIO_free_all(chain);
838 return NULL; 794 return NULL;
839 } 795}
840 796
841int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) 797int
842 { 798CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
799{
843 ASN1_OCTET_STRING *os = NULL; 800 ASN1_OCTET_STRING *os = NULL;
844 EVP_MD_CTX mctx; 801 EVP_MD_CTX mctx;
845 int r = -1; 802 int r = -1;
803
846 EVP_MD_CTX_init(&mctx); 804 EVP_MD_CTX_init(&mctx);
847 /* If we have any signed attributes look for messageDigest value */ 805 /* If we have any signed attributes look for messageDigest value */
848 if (CMS_signed_get_attr_count(si) >= 0) 806 if (CMS_signed_get_attr_count(si) >= 0) {
849 {
850 os = CMS_signed_get0_data_by_OBJ(si, 807 os = CMS_signed_get0_data_by_OBJ(si,
851 OBJ_nid2obj(NID_pkcs9_messageDigest), 808 OBJ_nid2obj(NID_pkcs9_messageDigest),
852 -3, V_ASN1_OCTET_STRING); 809 -3, V_ASN1_OCTET_STRING);
853 if (!os) 810 if (!os) {
854 {
855 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 811 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
856 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 812 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
857 goto err; 813 goto err;
858 }
859 } 814 }
815 }
860 816
861 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) 817 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
862 goto err; 818 goto err;
863 819
864 /* If messageDigest found compare it */ 820 /* If messageDigest found compare it */
865 821
866 if (os) 822 if (os) {
867 {
868 unsigned char mval[EVP_MAX_MD_SIZE]; 823 unsigned char mval[EVP_MAX_MD_SIZE];
869 unsigned int mlen; 824 unsigned int mlen;
870 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) 825 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
871 {
872 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 826 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
873 CMS_R_UNABLE_TO_FINALIZE_CONTEXT); 827 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
874 goto err; 828 goto err;
875 } 829 }
876 if (mlen != (unsigned int)os->length) 830 if (mlen != (unsigned int)os->length) {
877 {
878 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 831 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
879 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); 832 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
880 goto err; 833 goto err;
881 } 834 }
882 835
883 if (memcmp(mval, os->data, mlen)) 836 if (memcmp(mval, os->data, mlen)) {
884 {
885 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 837 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
886 CMS_R_VERIFICATION_FAILURE); 838 CMS_R_VERIFICATION_FAILURE);
887 r = 0; 839 r = 0;
888 } 840 } else
889 else
890 r = 1; 841 r = 1;
891 } 842 } else {
892 else
893 {
894 r = EVP_VerifyFinal(&mctx, si->signature->data, 843 r = EVP_VerifyFinal(&mctx, si->signature->data,
895 si->signature->length, si->pkey); 844 si->signature->length, si->pkey);
896 if (r <= 0) 845 if (r <= 0) {
897 {
898 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 846 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
899 CMS_R_VERIFICATION_FAILURE); 847 CMS_R_VERIFICATION_FAILURE);
900 r = 0; 848 r = 0;
901 }
902 } 849 }
850 }
903 851
904 err: 852err:
905 EVP_MD_CTX_cleanup(&mctx); 853 EVP_MD_CTX_cleanup(&mctx);
906 return r; 854 return r;
855}
907 856
908 } 857int
909 858CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
910int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) 859{
911 {
912 unsigned char *smder = NULL; 860 unsigned char *smder = NULL;
913 int smderlen, r; 861 int smderlen, r;
862
914 smderlen = i2d_X509_ALGORS(algs, &smder); 863 smderlen = i2d_X509_ALGORS(algs, &smder);
915 if (smderlen <= 0) 864 if (smderlen <= 0)
916 return 0; 865 return 0;
917 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, 866 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
918 V_ASN1_SEQUENCE, smder, smderlen); 867 V_ASN1_SEQUENCE, smder, smderlen);
919 free(smder); 868 free(smder);
920 return r; 869 return r;
921 } 870}
922 871
923int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 872int
924 int algnid, int keysize) 873CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize)
925 { 874{
926 X509_ALGOR *alg; 875 X509_ALGOR *alg;
927 ASN1_INTEGER *key = NULL; 876 ASN1_INTEGER *key = NULL;
928 if (keysize > 0) 877
929 { 878 if (keysize > 0) {
930 key = ASN1_INTEGER_new(); 879 key = ASN1_INTEGER_new();
931 if (!key || !ASN1_INTEGER_set(key, keysize)) 880 if (!key || !ASN1_INTEGER_set(key, keysize))
932 return 0; 881 return 0;
933 } 882 }
934 alg = X509_ALGOR_new(); 883 alg = X509_ALGOR_new();
935 if (!alg) 884 if (!alg) {
936 {
937 if (key) 885 if (key)
938 ASN1_INTEGER_free(key); 886 ASN1_INTEGER_free(key);
939 return 0; 887 return 0;
940 } 888 }
941 889
942 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 890 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
943 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); 891 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
944 if (!*algs) 892 if (!*algs)
945 *algs = sk_X509_ALGOR_new_null(); 893 *algs = sk_X509_ALGOR_new_null();
946 if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) 894 if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) {
947 {
948 X509_ALGOR_free(alg); 895 X509_ALGOR_free(alg);
949 return 0; 896 return 0;
950 }
951 return 1;
952 } 897 }
898 return 1;
899}
953 900
954/* Check to see if a cipher exists and if so add S/MIME capabilities */ 901/* Check to see if a cipher exists and if so add S/MIME capabilities */
955 902
956static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 903static int
957 { 904cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
905{
958 if (EVP_get_cipherbynid(nid)) 906 if (EVP_get_cipherbynid(nid))
959 return CMS_add_simple_smimecap(sk, nid, arg); 907 return CMS_add_simple_smimecap(sk, nid, arg);
960 return 1; 908 return 1;
961 } 909}
962 910
963static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 911static int
964 { 912cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
913{
965 if (EVP_get_digestbynid(nid)) 914 if (EVP_get_digestbynid(nid))
966 return CMS_add_simple_smimecap(sk, nid, arg); 915 return CMS_add_simple_smimecap(sk, nid, arg);
967 return 1; 916 return 1;
968 } 917}
969 918
970int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 919int
971 { 920CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
972 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 921{
973 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 922 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
974 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 923 !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
975 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 924 !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
976 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 925 !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
977 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 926 !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
978 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) 927 !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
979 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) 928 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
980 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) 929 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
981 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) 930 !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) ||
931 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
982 return 0; 932 return 0;
983 return 1; 933 return 1;
984 } 934}
diff --git a/src/lib/libssl/src/crypto/cms/cms_smime.c b/src/lib/libssl/src/crypto/cms/cms_smime.c
index 94f60c1b5c..e32a58b3bc 100644
--- a/src/lib/libssl/src/crypto/cms/cms_smime.c
+++ b/src/lib/libssl/src/crypto/cms/cms_smime.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -59,114 +59,107 @@
59#include <openssl/cms.h> 59#include <openssl/cms.h>
60#include "cms_lcl.h" 60#include "cms_lcl.h"
61 61
62static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) 62static int
63 { 63cms_copy_content(BIO *out, BIO *in, unsigned int flags)
64{
64 unsigned char buf[4096]; 65 unsigned char buf[4096];
65 int r = 0, i; 66 int r = 0, i;
66 BIO *tmpout = NULL; 67 BIO *tmpout = NULL;
67 68
68 if (out == NULL) 69 if (out == NULL)
69 tmpout = BIO_new(BIO_s_null()); 70 tmpout = BIO_new(BIO_s_null());
70 else if (flags & CMS_TEXT) 71 else if (flags & CMS_TEXT) {
71 {
72 tmpout = BIO_new(BIO_s_mem()); 72 tmpout = BIO_new(BIO_s_mem());
73 BIO_set_mem_eof_return(tmpout, 0); 73 BIO_set_mem_eof_return(tmpout, 0);
74 } 74 } else
75 else
76 tmpout = out; 75 tmpout = out;
77 76
78 if(!tmpout) 77 if (!tmpout) {
79 { 78 CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
80 CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
81 goto err; 79 goto err;
82 } 80 }
83 81
84 /* Read all content through chain to process digest, decrypt etc */ 82 /* Read all content through chain to process digest, decrypt etc */
85 for (;;) 83 for (;;) {
86 { 84 i = BIO_read(in, buf, sizeof(buf));
87 i=BIO_read(in,buf,sizeof(buf)); 85 if (i <= 0) {
88 if (i <= 0) 86 if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
89 {
90 if (BIO_method_type(in) == BIO_TYPE_CIPHER)
91 {
92 if (!BIO_get_cipher_status(in)) 87 if (!BIO_get_cipher_status(in))
93 goto err; 88 goto err;
94 } 89 }
95 if (i < 0) 90 if (i < 0)
96 goto err; 91 goto err;
97 break; 92 break;
98 } 93 }
99 94
100 if (tmpout && (BIO_write(tmpout, buf, i) != i)) 95 if (tmpout && (BIO_write(tmpout, buf, i) != i))
101 goto err; 96 goto err;
102 } 97 }
103 98
104 if(flags & CMS_TEXT) 99 if (flags & CMS_TEXT) {
105 { 100 if (!SMIME_text(tmpout, out)) {
106 if(!SMIME_text(tmpout, out)) 101 CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR);
107 {
108 CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
109 goto err; 102 goto err;
110 }
111 } 103 }
104 }
112 105
113 r = 1; 106 r = 1;
114 107
115 err: 108err:
116 if (tmpout && (tmpout != out)) 109 if (tmpout && (tmpout != out))
117 BIO_free(tmpout); 110 BIO_free(tmpout);
118 return r; 111 return r;
112}
119 113
120 } 114static int
121 115check_content(CMS_ContentInfo *cms)
122static int check_content(CMS_ContentInfo *cms) 116{
123 {
124 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 117 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
125 if (!pos || !*pos) 118
126 { 119 if (!pos || !*pos) {
127 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); 120 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
128 return 0; 121 return 0;
129 }
130 return 1;
131 } 122 }
123 return 1;
124}
132 125
133static void do_free_upto(BIO *f, BIO *upto) 126static void
134 { 127do_free_upto(BIO *f, BIO *upto)
135 if (upto) 128{
136 { 129 if (upto) {
137 BIO *tbio; 130 BIO *tbio;
138 do 131 do {
139 {
140 tbio = BIO_pop(f); 132 tbio = BIO_pop(f);
141 BIO_free(f); 133 BIO_free(f);
142 f = tbio; 134 f = tbio;
143 } 135 } while (f != upto);
144 while (f != upto); 136 } else
145 }
146 else
147 BIO_free_all(f); 137 BIO_free_all(f);
148 } 138}
149 139
150int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) 140int
151 { 141CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
142{
152 BIO *cont; 143 BIO *cont;
153 int r; 144 int r;
154 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) 145
155 { 146 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
156 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); 147 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
157 return 0; 148 return 0;
158 } 149 }
159 cont = CMS_dataInit(cms, NULL); 150 cont = CMS_dataInit(cms, NULL);
160 if (!cont) 151 if (!cont)
161 return 0; 152 return 0;
162 r = cms_copy_content(out, cont, flags); 153 r = cms_copy_content(out, cont, flags);
163 BIO_free_all(cont); 154 BIO_free_all(cont);
164 return r; 155 return r;
165 } 156}
166 157
167CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) 158CMS_ContentInfo *
168 { 159CMS_data_create(BIO *in, unsigned int flags)
160{
169 CMS_ContentInfo *cms; 161 CMS_ContentInfo *cms;
162
170 cms = cms_Data_create(); 163 cms = cms_Data_create();
171 if (!cms) 164 if (!cms)
172 return NULL; 165 return NULL;
@@ -177,18 +170,19 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
177 CMS_ContentInfo_free(cms); 170 CMS_ContentInfo_free(cms);
178 171
179 return NULL; 172 return NULL;
180 } 173}
181 174
182int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 175int
183 unsigned int flags) 176CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
184 { 177 unsigned int flags)
178{
185 BIO *cont; 179 BIO *cont;
186 int r; 180 int r;
187 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) 181
188 { 182 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
189 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); 183 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
190 return 0; 184 return 0;
191 } 185 }
192 186
193 if (!dcont && !check_content(cms)) 187 if (!dcont && !check_content(cms))
194 return 0; 188 return 0;
@@ -201,19 +195,20 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
201 r = cms_DigestedData_do_final(cms, cont, 1); 195 r = cms_DigestedData_do_final(cms, cont, 1);
202 do_free_upto(cont, dcont); 196 do_free_upto(cont, dcont);
203 return r; 197 return r;
204 } 198}
205 199
206CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, 200CMS_ContentInfo *
207 unsigned int flags) 201CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags)
208 { 202{
209 CMS_ContentInfo *cms; 203 CMS_ContentInfo *cms;
204
210 if (!md) 205 if (!md)
211 md = EVP_sha1(); 206 md = EVP_sha1();
212 cms = cms_DigestedData_create(md); 207 cms = cms_DigestedData_create(md);
213 if (!cms) 208 if (!cms)
214 return NULL; 209 return NULL;
215 210
216 if(!(flags & CMS_DETACHED)) 211 if (!(flags & CMS_DETACHED))
217 CMS_set_detached(cms, 0); 212 CMS_set_detached(cms, 0);
218 213
219 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) 214 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
@@ -221,20 +216,20 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
221 216
222 CMS_ContentInfo_free(cms); 217 CMS_ContentInfo_free(cms);
223 return NULL; 218 return NULL;
224 } 219}
225 220
226int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, 221int
227 const unsigned char *key, size_t keylen, 222CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
228 BIO *dcont, BIO *out, unsigned int flags) 223 size_t keylen, BIO *dcont, BIO *out, unsigned int flags)
229 { 224{
230 BIO *cont; 225 BIO *cont;
231 int r; 226 int r;
232 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) 227
233 { 228 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
234 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 229 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
235 CMS_R_TYPE_NOT_ENCRYPTED_DATA); 230 CMS_R_TYPE_NOT_ENCRYPTED_DATA);
236 return 0; 231 return 0;
237 } 232 }
238 233
239 if (!dcont && !check_content(cms)) 234 if (!dcont && !check_content(cms))
240 return 0; 235 return 0;
@@ -247,75 +242,73 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
247 r = cms_copy_content(out, cont, flags); 242 r = cms_copy_content(out, cont, flags);
248 do_free_upto(cont, dcont); 243 do_free_upto(cont, dcont);
249 return r; 244 return r;
250 } 245}
251 246
252CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, 247CMS_ContentInfo *
253 const unsigned char *key, size_t keylen, 248CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
254 unsigned int flags) 249 const unsigned char *key, size_t keylen, unsigned int flags)
255 { 250{
256 CMS_ContentInfo *cms; 251 CMS_ContentInfo *cms;
257 if (!cipher) 252
258 { 253 if (!cipher) {
259 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); 254 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
260 return NULL; 255 return NULL;
261 } 256 }
262 cms = CMS_ContentInfo_new(); 257 cms = CMS_ContentInfo_new();
263 if (!cms) 258 if (!cms)
264 return NULL; 259 return NULL;
265 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) 260 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
266 return NULL; 261 return NULL;
267 262
268 if(!(flags & CMS_DETACHED)) 263 if (!(flags & CMS_DETACHED))
269 CMS_set_detached(cms, 0); 264 CMS_set_detached(cms, 0);
270 265
271 if ((flags & (CMS_STREAM|CMS_PARTIAL)) 266 if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
272 || CMS_final(cms, in, NULL, flags)) 267 CMS_final(cms, in, NULL, flags))
273 return cms; 268 return cms;
274 269
275 CMS_ContentInfo_free(cms); 270 CMS_ContentInfo_free(cms);
276 return NULL; 271 return NULL;
277 } 272}
278 273
279static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, 274static int
280 X509_STORE *store, 275cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store,
281 STACK_OF(X509) *certs, 276 STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls, unsigned int flags)
282 STACK_OF(X509_CRL) *crls, 277{
283 unsigned int flags)
284 {
285 X509_STORE_CTX ctx; 278 X509_STORE_CTX ctx;
286 X509 *signer; 279 X509 *signer;
287 int i, j, r = 0; 280 int i, j, r = 0;
281
288 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); 282 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
289 if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) 283 if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) {
290 {
291 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 284 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
292 CMS_R_STORE_INIT_ERROR); 285 CMS_R_STORE_INIT_ERROR);
293 goto err; 286 goto err;
294 } 287 }
295 X509_STORE_CTX_set_default(&ctx, "smime_sign"); 288 X509_STORE_CTX_set_default(&ctx, "smime_sign");
296 if (crls) 289 if (crls)
297 X509_STORE_CTX_set0_crls(&ctx, crls); 290 X509_STORE_CTX_set0_crls(&ctx, crls);
298 291
299 i = X509_verify_cert(&ctx); 292 i = X509_verify_cert(&ctx);
300 if (i <= 0) 293 if (i <= 0) {
301 {
302 j = X509_STORE_CTX_get_error(&ctx); 294 j = X509_STORE_CTX_get_error(&ctx);
303 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 295 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
304 CMS_R_CERTIFICATE_VERIFY_ERROR); 296 CMS_R_CERTIFICATE_VERIFY_ERROR);
305 ERR_asprintf_error_data("Verify error:%s", 297 ERR_asprintf_error_data("Verify error:%s",
306 X509_verify_cert_error_string(j)); 298 X509_verify_cert_error_string(j));
307 goto err; 299 goto err;
308 } 300 }
309 r = 1; 301 r = 1;
310 err: 302
303err:
311 X509_STORE_CTX_cleanup(&ctx); 304 X509_STORE_CTX_cleanup(&ctx);
312 return r; 305 return r;
306}
313 307
314 } 308int
315 309CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
316int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 310 BIO *dcont, BIO *out, unsigned int flags)
317 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) 311{
318 {
319 CMS_SignerInfo *si; 312 CMS_SignerInfo *si;
320 STACK_OF(CMS_SignerInfo) *sinfos; 313 STACK_OF(CMS_SignerInfo) *sinfos;
321 STACK_OF(X509) *cms_certs = NULL; 314 STACK_OF(X509) *cms_certs = NULL;
@@ -331,58 +324,51 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
331 324
332 sinfos = CMS_get0_SignerInfos(cms); 325 sinfos = CMS_get0_SignerInfos(cms);
333 326
334 if (sk_CMS_SignerInfo_num(sinfos) <= 0) 327 if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
335 {
336 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); 328 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
337 goto err; 329 goto err;
338 } 330 }
339 331
340 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 332 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
341 {
342 si = sk_CMS_SignerInfo_value(sinfos, i); 333 si = sk_CMS_SignerInfo_value(sinfos, i);
343 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); 334 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
344 if (signer) 335 if (signer)
345 scount++; 336 scount++;
346 } 337 }
347 338
348 if (scount != sk_CMS_SignerInfo_num(sinfos)) 339 if (scount != sk_CMS_SignerInfo_num(sinfos))
349 scount += CMS_set1_signers_certs(cms, certs, flags); 340 scount += CMS_set1_signers_certs(cms, certs, flags);
350 341
351 if (scount != sk_CMS_SignerInfo_num(sinfos)) 342 if (scount != sk_CMS_SignerInfo_num(sinfos)) {
352 {
353 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); 343 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
354 goto err; 344 goto err;
355 } 345 }
356 346
357 /* Attempt to verify all signers certs */ 347 /* Attempt to verify all signers certs */
358 348
359 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) 349 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
360 {
361 cms_certs = CMS_get1_certs(cms); 350 cms_certs = CMS_get1_certs(cms);
362 if (!(flags & CMS_NOCRL)) 351 if (!(flags & CMS_NOCRL))
363 crls = CMS_get1_crls(cms); 352 crls = CMS_get1_crls(cms);
364 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) 353 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
365 {
366 si = sk_CMS_SignerInfo_value(sinfos, i); 354 si = sk_CMS_SignerInfo_value(sinfos, i);
367 if (!cms_signerinfo_verify_cert(si, store, 355 if (!cms_signerinfo_verify_cert(si, store,
368 cms_certs, crls, flags)) 356 cms_certs, crls, flags))
369 goto err; 357 goto err;
370 }
371 } 358 }
359 }
372 360
373 /* Attempt to verify all SignerInfo signed attribute signatures */ 361 /* Attempt to verify all SignerInfo signed attribute signatures */
374 362
375 if (!(flags & CMS_NO_ATTR_VERIFY)) 363 if (!(flags & CMS_NO_ATTR_VERIFY)) {
376 { 364 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
377 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
378 {
379 si = sk_CMS_SignerInfo_value(sinfos, i); 365 si = sk_CMS_SignerInfo_value(sinfos, i);
380 if (CMS_signed_get_attr_count(si) < 0) 366 if (CMS_signed_get_attr_count(si) < 0)
381 continue; 367 continue;
382 if (CMS_SignerInfo_verify(si) <= 0) 368 if (CMS_SignerInfo_verify(si) <= 0)
383 goto err; 369 goto err;
384 }
385 } 370 }
371 }
386 372
387 /* Performance optimization: if the content is a memory BIO then 373 /* Performance optimization: if the content is a memory BIO then
388 * store its contents in a temporary read only memory BIO. This 374 * store its contents in a temporary read only memory BIO. This
@@ -391,47 +377,40 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
391 * are calculated. 377 * are calculated.
392 */ 378 */
393 379
394 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) 380 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
395 {
396 char *ptr; 381 char *ptr;
397 long len; 382 long len;
398 len = BIO_get_mem_data(dcont, &ptr); 383 len = BIO_get_mem_data(dcont, &ptr);
399 tmpin = BIO_new_mem_buf(ptr, len); 384 tmpin = BIO_new_mem_buf(ptr, len);
400 if (tmpin == NULL) 385 if (tmpin == NULL) {
401 { 386 CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
402 CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
403 return 0; 387 return 0;
404 }
405 } 388 }
406 else 389 } else
407 tmpin = dcont; 390 tmpin = dcont;
408
409 391
410 cmsbio=CMS_dataInit(cms, tmpin); 392
393 cmsbio = CMS_dataInit(cms, tmpin);
411 if (!cmsbio) 394 if (!cmsbio)
412 goto err; 395 goto err;
413 396
414 if (!cms_copy_content(out, cmsbio, flags)) 397 if (!cms_copy_content(out, cmsbio, flags))
415 goto err; 398 goto err;
416 399
417 if (!(flags & CMS_NO_CONTENT_VERIFY)) 400 if (!(flags & CMS_NO_CONTENT_VERIFY)) {
418 { 401 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
419 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
420 {
421 si = sk_CMS_SignerInfo_value(sinfos, i); 402 si = sk_CMS_SignerInfo_value(sinfos, i);
422 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) 403 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
423 {
424 CMSerr(CMS_F_CMS_VERIFY, 404 CMSerr(CMS_F_CMS_VERIFY,
425 CMS_R_CONTENT_VERIFY_ERROR); 405 CMS_R_CONTENT_VERIFY_ERROR);
426 goto err; 406 goto err;
427 }
428 } 407 }
429 } 408 }
409 }
430 410
431 ret = 1; 411 ret = 1;
432 412
433 err: 413err:
434
435 if (dcont && (tmpin == dcont)) 414 if (dcont && (tmpin == dcont))
436 do_free_upto(cmsbio, dcont); 415 do_free_upto(cmsbio, dcont);
437 else 416 else
@@ -443,23 +422,25 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
443 sk_X509_CRL_pop_free(crls, X509_CRL_free); 422 sk_X509_CRL_pop_free(crls, X509_CRL_free);
444 423
445 return ret; 424 return ret;
446 } 425}
447 426
448int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, 427int
449 STACK_OF(X509) *certs, 428CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
450 X509_STORE *store, unsigned int flags) 429 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags)
451 { 430{
452 int r; 431 int r;
432
453 flags &= ~(CMS_DETACHED|CMS_TEXT); 433 flags &= ~(CMS_DETACHED|CMS_TEXT);
454 r = CMS_verify(rcms, certs, store, NULL, NULL, flags); 434 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
455 if (r <= 0) 435 if (r <= 0)
456 return r; 436 return r;
457 return cms_Receipt_verify(rcms, ocms); 437 return cms_Receipt_verify(rcms, ocms);
458 } 438}
459 439
460CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 440CMS_ContentInfo *
461 BIO *data, unsigned int flags) 441CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
462 { 442 unsigned int flags)
443{
463 CMS_ContentInfo *cms; 444 CMS_ContentInfo *cms;
464 int i; 445 int i;
465 446
@@ -467,42 +448,38 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
467 if (!cms || !CMS_SignedData_init(cms)) 448 if (!cms || !CMS_SignedData_init(cms))
468 goto merr; 449 goto merr;
469 450
470 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) 451 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
471 {
472 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR); 452 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
473 goto err; 453 goto err;
474 } 454 }
475 455
476 for (i = 0; i < sk_X509_num(certs); i++) 456 for (i = 0; i < sk_X509_num(certs); i++) {
477 {
478 X509 *x = sk_X509_value(certs, i); 457 X509 *x = sk_X509_value(certs, i);
479 if (!CMS_add1_cert(cms, x)) 458 if (!CMS_add1_cert(cms, x))
480 goto merr; 459 goto merr;
481 } 460 }
482 461
483 if(!(flags & CMS_DETACHED)) 462 if (!(flags & CMS_DETACHED))
484 CMS_set_detached(cms, 0); 463 CMS_set_detached(cms, 0);
485 464
486 if ((flags & (CMS_STREAM|CMS_PARTIAL)) 465 if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
487 || CMS_final(cms, data, NULL, flags)) 466 CMS_final(cms, data, NULL, flags))
488 return cms; 467 return cms;
489 else 468 else
490 goto err; 469 goto err;
491 470
492 merr: 471merr:
493 CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); 472 CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
494 473err:
495 err:
496 if (cms) 474 if (cms)
497 CMS_ContentInfo_free(cms); 475 CMS_ContentInfo_free(cms);
498 return NULL; 476 return NULL;
499 } 477}
500 478
501CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, 479CMS_ContentInfo *
502 X509 *signcert, EVP_PKEY *pkey, 480CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey,
503 STACK_OF(X509) *certs, 481 STACK_OF(X509) *certs, unsigned int flags)
504 unsigned int flags) 482{
505 {
506 CMS_SignerInfo *rct_si; 483 CMS_SignerInfo *rct_si;
507 CMS_ContentInfo *cms = NULL; 484 CMS_ContentInfo *cms = NULL;
508 ASN1_OCTET_STRING **pos, *os; 485 ASN1_OCTET_STRING **pos, *os;
@@ -512,11 +489,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
512 flags &= ~(CMS_STREAM|CMS_TEXT); 489 flags &= ~(CMS_STREAM|CMS_TEXT);
513 /* Not really detached but avoids content being allocated */ 490 /* Not really detached but avoids content being allocated */
514 flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED; 491 flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
515 if (!pkey || !signcert) 492 if (!pkey || !signcert) {
516 {
517 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT); 493 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
518 return NULL; 494 return NULL;
519 } 495 }
520 496
521 /* Initialize signed data */ 497 /* Initialize signed data */
522 498
@@ -529,11 +505,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
529 goto err; 505 goto err;
530 506
531 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags); 507 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
532 if (!rct_si) 508 if (!rct_si) {
533 {
534 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR); 509 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
535 goto err; 510 goto err;
536 } 511 }
537 512
538 os = cms_encode_Receipt(si); 513 os = cms_encode_Receipt(si);
539 514
@@ -560,91 +535,88 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
560 535
561 r = 1; 536 r = 1;
562 537
563 err: 538err:
564 if (rct_cont) 539 if (rct_cont)
565 BIO_free(rct_cont); 540 BIO_free(rct_cont);
566 if (r) 541 if (r)
567 return cms; 542 return cms;
568 CMS_ContentInfo_free(cms); 543 CMS_ContentInfo_free(cms);
569 return NULL; 544 return NULL;
545}
570 546
571 } 547CMS_ContentInfo *
572 548CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher,
573CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, 549 unsigned int flags)
574 const EVP_CIPHER *cipher, unsigned int flags) 550{
575 {
576 CMS_ContentInfo *cms; 551 CMS_ContentInfo *cms;
577 int i; 552 int i;
578 X509 *recip; 553 X509 *recip;
554
579 cms = CMS_EnvelopedData_create(cipher); 555 cms = CMS_EnvelopedData_create(cipher);
580 if (!cms) 556 if (!cms)
581 goto merr; 557 goto merr;
582 for (i = 0; i < sk_X509_num(certs); i++) 558 for (i = 0; i < sk_X509_num(certs); i++) {
583 {
584 recip = sk_X509_value(certs, i); 559 recip = sk_X509_value(certs, i);
585 if (!CMS_add1_recipient_cert(cms, recip, flags)) 560 if (!CMS_add1_recipient_cert(cms, recip, flags)) {
586 {
587 CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR); 561 CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
588 goto err; 562 goto err;
589 }
590 } 563 }
564 }
591 565
592 if(!(flags & CMS_DETACHED)) 566 if (!(flags & CMS_DETACHED))
593 CMS_set_detached(cms, 0); 567 CMS_set_detached(cms, 0);
594 568
595 if ((flags & (CMS_STREAM|CMS_PARTIAL)) 569 if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
596 || CMS_final(cms, data, NULL, flags)) 570 CMS_final(cms, data, NULL, flags))
597 return cms; 571 return cms;
598 else 572 else
599 goto err; 573 goto err;
600 574
601 merr: 575merr:
602 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); 576 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
603 err: 577err:
604 if (cms) 578 if (cms)
605 CMS_ContentInfo_free(cms); 579 CMS_ContentInfo_free(cms);
606 return NULL; 580 return NULL;
607 } 581}
608 582
609int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 583int
610 { 584CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
585{
611 STACK_OF(CMS_RecipientInfo) *ris; 586 STACK_OF(CMS_RecipientInfo) *ris;
612 CMS_RecipientInfo *ri; 587 CMS_RecipientInfo *ri;
613 int i, r; 588 int i, r;
614 int debug = 0; 589 int debug = 0;
590
615 ris = CMS_get0_RecipientInfos(cms); 591 ris = CMS_get0_RecipientInfos(cms);
616 if (ris) 592 if (ris)
617 debug = cms->d.envelopedData->encryptedContentInfo->debug; 593 debug = cms->d.envelopedData->encryptedContentInfo->debug;
618 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) 594 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
619 {
620 ri = sk_CMS_RecipientInfo_value(ris, i); 595 ri = sk_CMS_RecipientInfo_value(ris, i);
621 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) 596 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
622 continue; 597 continue;
623 /* If we have a cert try matching RecipientInfo 598 /* If we have a cert try matching RecipientInfo
624 * otherwise try them all. 599 * otherwise try them all.
625 */ 600 */
626 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) 601 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) {
627 {
628 CMS_RecipientInfo_set0_pkey(ri, pk); 602 CMS_RecipientInfo_set0_pkey(ri, pk);
629 r = CMS_RecipientInfo_decrypt(cms, ri); 603 r = CMS_RecipientInfo_decrypt(cms, ri);
630 CMS_RecipientInfo_set0_pkey(ri, NULL); 604 CMS_RecipientInfo_set0_pkey(ri, NULL);
631 if (cert) 605 if (cert) {
632 {
633 /* If not debugging clear any error and 606 /* If not debugging clear any error and
634 * return success to avoid leaking of 607 * return success to avoid leaking of
635 * information useful to MMA 608 * information useful to MMA
636 */ 609 */
637 if (!debug) 610 if (!debug) {
638 {
639 ERR_clear_error(); 611 ERR_clear_error();
640 return 1; 612 return 1;
641 } 613 }
642 if (r > 0) 614 if (r > 0)
643 return 1; 615 return 1;
644 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, 616 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
645 CMS_R_DECRYPT_ERROR); 617 CMS_R_DECRYPT_ERROR);
646 return 0; 618 return 0;
647 } 619 }
648 /* If no cert and not debugging don't leave loop 620 /* If no cert and not debugging don't leave loop
649 * after first successful decrypt. Always attempt 621 * after first successful decrypt. Always attempt
650 * to decrypt all recipients to avoid leaking timing 622 * to decrypt all recipients to avoid leaking timing
@@ -652,94 +624,90 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
652 */ 624 */
653 else if (r > 0 && debug) 625 else if (r > 0 && debug)
654 return 1; 626 return 1;
655 }
656 } 627 }
628 }
657 /* If no cert and not debugging always return success */ 629 /* If no cert and not debugging always return success */
658 if (!cert && !debug) 630 if (!cert && !debug) {
659 {
660 ERR_clear_error(); 631 ERR_clear_error();
661 return 1; 632 return 1;
662 } 633 }
663 634
664 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); 635 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
665 return 0; 636 return 0;
637}
666 638
667 } 639int
668 640CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen,
669int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 641 unsigned char *id, size_t idlen)
670 unsigned char *key, size_t keylen, 642{
671 unsigned char *id, size_t idlen)
672 {
673 STACK_OF(CMS_RecipientInfo) *ris; 643 STACK_OF(CMS_RecipientInfo) *ris;
674 CMS_RecipientInfo *ri; 644 CMS_RecipientInfo *ri;
675 int i, r; 645 int i, r;
646
676 ris = CMS_get0_RecipientInfos(cms); 647 ris = CMS_get0_RecipientInfos(cms);
677 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) 648 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
678 {
679 ri = sk_CMS_RecipientInfo_value(ris, i); 649 ri = sk_CMS_RecipientInfo_value(ris, i);
680 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) 650 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
681 continue; 651 continue;
682 652
683 /* If we have an id try matching RecipientInfo 653 /* If we have an id try matching RecipientInfo
684 * otherwise try them all. 654 * otherwise try them all.
685 */ 655 */
686 if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) 656 if (!id ||
687 { 657 (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
688 CMS_RecipientInfo_set0_key(ri, key, keylen); 658 CMS_RecipientInfo_set0_key(ri, key, keylen);
689 r = CMS_RecipientInfo_decrypt(cms, ri); 659 r = CMS_RecipientInfo_decrypt(cms, ri);
690 CMS_RecipientInfo_set0_key(ri, NULL, 0); 660 CMS_RecipientInfo_set0_key(ri, NULL, 0);
691 if (r > 0) 661 if (r > 0)
692 return 1; 662 return 1;
693 if (id) 663 if (id) {
694 {
695 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, 664 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
696 CMS_R_DECRYPT_ERROR); 665 CMS_R_DECRYPT_ERROR);
697 return 0; 666 return 0;
698 }
699 ERR_clear_error();
700 } 667 }
668 ERR_clear_error();
701 } 669 }
670 }
702 671
703 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); 672 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
704 return 0; 673 return 0;
674}
705 675
706 } 676int
707 677CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
708int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 678 ssize_t passlen)
709 unsigned char *pass, ssize_t passlen) 679{
710 {
711 STACK_OF(CMS_RecipientInfo) *ris; 680 STACK_OF(CMS_RecipientInfo) *ris;
712 CMS_RecipientInfo *ri; 681 CMS_RecipientInfo *ri;
713 int i, r; 682 int i, r;
683
714 ris = CMS_get0_RecipientInfos(cms); 684 ris = CMS_get0_RecipientInfos(cms);
715 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) 685 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
716 {
717 ri = sk_CMS_RecipientInfo_value(ris, i); 686 ri = sk_CMS_RecipientInfo_value(ris, i);
718 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS) 687 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
719 continue; 688 continue;
720 CMS_RecipientInfo_set0_password(ri, pass, passlen); 689 CMS_RecipientInfo_set0_password(ri, pass, passlen);
721 r = CMS_RecipientInfo_decrypt(cms, ri); 690 r = CMS_RecipientInfo_decrypt(cms, ri);
722 CMS_RecipientInfo_set0_password(ri, NULL, 0); 691 CMS_RecipientInfo_set0_password(ri, NULL, 0);
723 if (r > 0) 692 if (r > 0)
724 return 1; 693 return 1;
725 } 694 }
726 695
727 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT); 696 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
728 return 0; 697 return 0;
698}
729 699
730 } 700int
731 701CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
732int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, 702 BIO *out, unsigned int flags)
733 BIO *dcont, BIO *out, 703{
734 unsigned int flags)
735 {
736 int r; 704 int r;
737 BIO *cont; 705 BIO *cont;
738 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) 706
739 { 707 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
740 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); 708 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
741 return 0; 709 return 0;
742 } 710 }
743 if (!dcont && !check_content(cms)) 711 if (!dcont && !check_content(cms))
744 return 0; 712 return 0;
745 if (flags & CMS_DEBUG_DECRYPT) 713 if (flags & CMS_DEBUG_DECRYPT)
@@ -756,51 +724,50 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
756 r = cms_copy_content(out, cont, flags); 724 r = cms_copy_content(out, cont, flags);
757 do_free_upto(cont, dcont); 725 do_free_upto(cont, dcont);
758 return r; 726 return r;
759 } 727}
760 728
761int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) 729int
762 { 730CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
731{
763 BIO *cmsbio; 732 BIO *cmsbio;
764 int ret = 0; 733 int ret = 0;
765 if (!(cmsbio = CMS_dataInit(cms, dcont))) 734
766 { 735 if (!(cmsbio = CMS_dataInit(cms, dcont))) {
767 CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE); 736 CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
768 return 0; 737 return 0;
769 } 738 }
770 739
771 SMIME_crlf_copy(data, cmsbio, flags); 740 SMIME_crlf_copy(data, cmsbio, flags);
772 741
773 (void)BIO_flush(cmsbio); 742 (void)BIO_flush(cmsbio);
774 743
775 744
776 if (!CMS_dataFinal(cms, cmsbio)) 745 if (!CMS_dataFinal(cms, cmsbio)) {
777 { 746 CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR);
778 CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
779 goto err; 747 goto err;
780 } 748 }
781 749
782 ret = 1; 750 ret = 1;
783 751
784 err: 752err:
785 do_free_upto(cmsbio, dcont); 753 do_free_upto(cmsbio, dcont);
786 754
787 return ret; 755 return ret;
788 756}
789 }
790 757
791#ifdef ZLIB 758#ifdef ZLIB
792 759
793int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 760int
794 unsigned int flags) 761CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
795 { 762{
796 BIO *cont; 763 BIO *cont;
797 int r; 764 int r;
798 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) 765
799 { 766 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
800 CMSerr(CMS_F_CMS_UNCOMPRESS, 767 CMSerr(CMS_F_CMS_UNCOMPRESS,
801 CMS_R_TYPE_NOT_COMPRESSED_DATA); 768 CMS_R_TYPE_NOT_COMPRESSED_DATA);
802 return 0; 769 return 0;
803 } 770 }
804 771
805 if (!dcont && !check_content(cms)) 772 if (!dcont && !check_content(cms))
806 return 0; 773 return 0;
@@ -811,18 +778,20 @@ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
811 r = cms_copy_content(out, cont, flags); 778 r = cms_copy_content(out, cont, flags);
812 do_free_upto(cont, dcont); 779 do_free_upto(cont, dcont);
813 return r; 780 return r;
814 } 781}
815 782
816CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 783CMS_ContentInfo *
817 { 784CMS_compress(BIO *in, int comp_nid, unsigned int flags)
785{
818 CMS_ContentInfo *cms; 786 CMS_ContentInfo *cms;
787
819 if (comp_nid <= 0) 788 if (comp_nid <= 0)
820 comp_nid = NID_zlib_compression; 789 comp_nid = NID_zlib_compression;
821 cms = cms_CompressedData_create(comp_nid); 790 cms = cms_CompressedData_create(comp_nid);
822 if (!cms) 791 if (!cms)
823 return NULL; 792 return NULL;
824 793
825 if(!(flags & CMS_DETACHED)) 794 if (!(flags & CMS_DETACHED))
826 CMS_set_detached(cms, 0); 795 CMS_set_detached(cms, 0);
827 796
828 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) 797 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
@@ -830,21 +799,22 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
830 799
831 CMS_ContentInfo_free(cms); 800 CMS_ContentInfo_free(cms);
832 return NULL; 801 return NULL;
833 } 802}
834 803
835#else 804#else
836 805
837int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 806int
838 unsigned int flags) 807CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
839 { 808{
840 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 809 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
841 return 0; 810 return 0;
842 } 811}
843 812
844CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 813CMS_ContentInfo *
845 { 814CMS_compress(BIO *in, int comp_nid, unsigned int flags)
815{
846 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 816 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
847 return NULL; 817 return NULL;
848 } 818}
849 819
850#endif 820#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 19:42:31 +0000