summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2012-07-13 17:49:55 +0000
committercvs2svn <admin@example.com>2012-07-13 17:49:55 +0000
commit6fdb436ab2cd5b35066babb3a03be7ad0daf1ae2 (patch)
treea760cf389e7ea59961bb306a1f50bf5443205176 /src/lib/libcrypto/cms
parent9204e59073bcf27e1487ec4ac46e981902ddd904 (diff)
downloadopenbsd-OPENBSD_5_2_BASE.tar.gz
openbsd-OPENBSD_5_2_BASE.tar.bz2
openbsd-OPENBSD_5_2_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_5_2_BASE'.OPENBSD_5_2_BASE
Diffstat (limited to 'src/lib/libcrypto/cms')
-rw-r--r--src/lib/libcrypto/cms/cms.h479
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c380
-rw-r--r--src/lib/libcrypto/cms/cms_att.c195
-rw-r--r--src/lib/libcrypto/cms/cms_cd.c134
-rw-r--r--src/lib/libcrypto/cms/cms_dd.c148
-rw-r--r--src/lib/libcrypto/cms/cms_enc.c262
-rw-r--r--src/lib/libcrypto/cms/cms_env.c862
-rw-r--r--src/lib/libcrypto/cms/cms_err.c236
-rw-r--r--src/lib/libcrypto/cms/cms_ess.c420
-rw-r--r--src/lib/libcrypto/cms/cms_io.c133
-rw-r--r--src/lib/libcrypto/cms/cms_lcl.h461
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c627
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c984
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c797
14 files changed, 0 insertions, 6118 deletions
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
deleted file mode 100644
index 09c45d0412..0000000000
--- a/src/lib/libcrypto/cms/cms.h
+++ /dev/null
@@ -1,479 +0,0 @@
1/* crypto/cms/cms.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54
55#ifndef HEADER_CMS_H
56#define HEADER_CMS_H
57
58#include <openssl/x509.h>
59
60#ifdef OPENSSL_NO_CMS
61#error CMS is disabled.
62#endif
63
64#ifdef __cplusplus
65extern "C" {
66#endif
67
68
69typedef struct CMS_ContentInfo_st CMS_ContentInfo;
70typedef struct CMS_SignerInfo_st CMS_SignerInfo;
71typedef struct CMS_CertificateChoices CMS_CertificateChoices;
72typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
73typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
74typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
75typedef struct CMS_Receipt_st CMS_Receipt;
76
77DECLARE_STACK_OF(CMS_SignerInfo)
78DECLARE_STACK_OF(GENERAL_NAMES)
79DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
80DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
81DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
82
83#define CMS_SIGNERINFO_ISSUER_SERIAL 0
84#define CMS_SIGNERINFO_KEYIDENTIFIER 1
85
86#define CMS_RECIPINFO_TRANS 0
87#define CMS_RECIPINFO_AGREE 1
88#define CMS_RECIPINFO_KEK 2
89#define CMS_RECIPINFO_PASS 3
90#define CMS_RECIPINFO_OTHER 4
91
92/* S/MIME related flags */
93
94#define CMS_TEXT 0x1
95#define CMS_NOCERTS 0x2
96#define CMS_NO_CONTENT_VERIFY 0x4
97#define CMS_NO_ATTR_VERIFY 0x8
98#define CMS_NOSIGS \
99 (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
100#define CMS_NOINTERN 0x10
101#define CMS_NO_SIGNER_CERT_VERIFY 0x20
102#define CMS_NOVERIFY 0x20
103#define CMS_DETACHED 0x40
104#define CMS_BINARY 0x80
105#define CMS_NOATTR 0x100
106#define CMS_NOSMIMECAP 0x200
107#define CMS_NOOLDMIMETYPE 0x400
108#define CMS_CRLFEOL 0x800
109#define CMS_STREAM 0x1000
110#define CMS_NOCRL 0x2000
111#define CMS_PARTIAL 0x4000
112#define CMS_REUSE_DIGEST 0x8000
113#define CMS_USE_KEYID 0x10000
114
115const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
116
117BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
118int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
119
120ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
121int CMS_is_detached(CMS_ContentInfo *cms);
122int CMS_set_detached(CMS_ContentInfo *cms, int detached);
123
124#ifdef HEADER_PEM_H
125DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
126#endif
127
128int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
129CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
130int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
131
132BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
133int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
134int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
135CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
136int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
137
138int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
139
140CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
141 BIO *data, unsigned int flags);
142
143CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
144 X509 *signcert, EVP_PKEY *pkey,
145 STACK_OF(X509) *certs,
146 unsigned int flags);
147
148int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
149CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
150
151int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
152 unsigned int flags);
153CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
154 unsigned int flags);
155
156int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
157 const unsigned char *key, size_t keylen,
158 BIO *dcont, BIO *out, unsigned int flags);
159
160CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
161 const unsigned char *key, size_t keylen,
162 unsigned int flags);
163
164int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
165 const unsigned char *key, size_t keylen);
166
167int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
168 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
169
170int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
171 STACK_OF(X509) *certs,
172 X509_STORE *store, unsigned int flags);
173
174STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
175
176CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
177 const EVP_CIPHER *cipher, unsigned int flags);
178
179int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
180 BIO *dcont, BIO *out,
181 unsigned int flags);
182
183int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
184int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
185 unsigned char *key, size_t keylen,
186 unsigned char *id, size_t idlen);
187
188STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
189int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
190CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
191CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
192 X509 *recip, unsigned int flags);
193int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
194int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
195int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
196 EVP_PKEY **pk, X509 **recip,
197 X509_ALGOR **palg);
198int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
199 ASN1_OCTET_STRING **keyid,
200 X509_NAME **issuer, ASN1_INTEGER **sno);
201
202CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
203 unsigned char *key, size_t keylen,
204 unsigned char *id, size_t idlen,
205 ASN1_GENERALIZEDTIME *date,
206 ASN1_OBJECT *otherTypeId,
207 ASN1_TYPE *otherType);
208
209int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
210 X509_ALGOR **palg,
211 ASN1_OCTET_STRING **pid,
212 ASN1_GENERALIZEDTIME **pdate,
213 ASN1_OBJECT **potherid,
214 ASN1_TYPE **pothertype);
215
216int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
217 unsigned char *key, size_t keylen);
218
219int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
220 const unsigned char *id, size_t idlen);
221
222int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
223
224int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
225 unsigned int flags);
226CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
227
228int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
229const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
230
231CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
232int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
233int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
234STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
235
236CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
237int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
238int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
239STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
240
241int CMS_SignedData_init(CMS_ContentInfo *cms);
242CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
243 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
244 unsigned int flags);
245STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
246
247void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
248int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
249 ASN1_OCTET_STRING **keyid,
250 X509_NAME **issuer, ASN1_INTEGER **sno);
251int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
252int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
253 unsigned int flags);
254void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
255 X509_ALGOR **pdig, X509_ALGOR **psig);
256int CMS_SignerInfo_sign(CMS_SignerInfo *si);
257int CMS_SignerInfo_verify(CMS_SignerInfo *si);
258int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
259
260int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
261int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
262 int algnid, int keysize);
263int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
264
265int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
266int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
267 int lastpos);
268int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
269 int lastpos);
270X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
271X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
272int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
273int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
274 const ASN1_OBJECT *obj, int type,
275 const void *bytes, int len);
276int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
277 int nid, int type,
278 const void *bytes, int len);
279int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
280 const char *attrname, int type,
281 const void *bytes, int len);
282void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
283 int lastpos, int type);
284
285int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
286int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
287 int lastpos);
288int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
289 int lastpos);
290X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
291X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
292int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
293int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
294 const ASN1_OBJECT *obj, int type,
295 const void *bytes, int len);
296int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
297 int nid, int type,
298 const void *bytes, int len);
299int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
300 const char *attrname, int type,
301 const void *bytes, int len);
302void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
303 int lastpos, int type);
304
305#ifdef HEADER_X509V3_H
306
307int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
308CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
309 int allorfirst,
310 STACK_OF(GENERAL_NAMES) *receiptList,
311 STACK_OF(GENERAL_NAMES) *receiptsTo);
312int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
313void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
314 ASN1_STRING **pcid,
315 int *pallorfirst,
316 STACK_OF(GENERAL_NAMES) **plist,
317 STACK_OF(GENERAL_NAMES) **prto);
318
319#endif
320
321/* BEGIN ERROR CODES */
322/* The following lines are auto generated by the script mkerr.pl. Any changes
323 * made after this point may be overwritten when the script is next run.
324 */
325void ERR_load_CMS_strings(void);
326
327/* Error codes for the CMS functions. */
328
329/* Function codes. */
330#define CMS_F_CHECK_CONTENT 99
331#define CMS_F_CMS_ADD0_CERT 164
332#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
333#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
334#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
335#define CMS_F_CMS_ADD1_SIGNER 102
336#define CMS_F_CMS_ADD1_SIGNINGTIME 103
337#define CMS_F_CMS_COMPRESS 104
338#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
339#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
340#define CMS_F_CMS_COPY_CONTENT 107
341#define CMS_F_CMS_COPY_MESSAGEDIGEST 108
342#define CMS_F_CMS_DATA 109
343#define CMS_F_CMS_DATAFINAL 110
344#define CMS_F_CMS_DATAINIT 111
345#define CMS_F_CMS_DECRYPT 112
346#define CMS_F_CMS_DECRYPT_SET1_KEY 113
347#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
348#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
349#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
350#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
351#define CMS_F_CMS_DIGEST_VERIFY 118
352#define CMS_F_CMS_ENCODE_RECEIPT 161
353#define CMS_F_CMS_ENCRYPT 119
354#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
355#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
356#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
357#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
358#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
359#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
360#define CMS_F_CMS_ENVELOPED_DATA_INIT 126
361#define CMS_F_CMS_FINAL 127
362#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
363#define CMS_F_CMS_GET0_CONTENT 129
364#define CMS_F_CMS_GET0_ECONTENT_TYPE 130
365#define CMS_F_CMS_GET0_ENVELOPED 131
366#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
367#define CMS_F_CMS_GET0_SIGNED 133
368#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
369#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
370#define CMS_F_CMS_RECEIPT_VERIFY 160
371#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
372#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
373#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
374#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
375#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
376#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
377#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
378#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
379#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
380#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
381#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
382#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
383#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
384#define CMS_F_CMS_SET_DETACHED 147
385#define CMS_F_CMS_SIGN 148
386#define CMS_F_CMS_SIGNED_DATA_INIT 149
387#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
388#define CMS_F_CMS_SIGNERINFO_SIGN 151
389#define CMS_F_CMS_SIGNERINFO_VERIFY 152
390#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
391#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
392#define CMS_F_CMS_SIGN_RECEIPT 163
393#define CMS_F_CMS_STREAM 155
394#define CMS_F_CMS_UNCOMPRESS 156
395#define CMS_F_CMS_VERIFY 157
396
397/* Reason codes. */
398#define CMS_R_ADD_SIGNER_ERROR 99
399#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
400#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
401#define CMS_R_CERTIFICATE_VERIFY_ERROR 100
402#define CMS_R_CIPHER_INITIALISATION_ERROR 101
403#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
404#define CMS_R_CMS_DATAFINAL_ERROR 103
405#define CMS_R_CMS_LIB 104
406#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
407#define CMS_R_CONTENT_NOT_FOUND 105
408#define CMS_R_CONTENT_TYPE_MISMATCH 171
409#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
410#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
411#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
412#define CMS_R_CONTENT_VERIFY_ERROR 109
413#define CMS_R_CTRL_ERROR 110
414#define CMS_R_CTRL_FAILURE 111
415#define CMS_R_DECRYPT_ERROR 112
416#define CMS_R_DIGEST_ERROR 161
417#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
418#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
419#define CMS_R_ERROR_SETTING_KEY 115
420#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
421#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
422#define CMS_R_INVALID_KEY_LENGTH 118
423#define CMS_R_MD_BIO_INIT_ERROR 119
424#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
425#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
426#define CMS_R_MSGSIGDIGEST_ERROR 172
427#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
428#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
429#define CMS_R_NEED_ONE_SIGNER 164
430#define CMS_R_NOT_A_SIGNED_RECEIPT 165
431#define CMS_R_NOT_ENCRYPTED_DATA 122
432#define CMS_R_NOT_KEK 123
433#define CMS_R_NOT_KEY_TRANSPORT 124
434#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
435#define CMS_R_NO_CIPHER 126
436#define CMS_R_NO_CONTENT 127
437#define CMS_R_NO_CONTENT_TYPE 173
438#define CMS_R_NO_DEFAULT_DIGEST 128
439#define CMS_R_NO_DIGEST_SET 129
440#define CMS_R_NO_KEY 130
441#define CMS_R_NO_KEY_OR_CERT 174
442#define CMS_R_NO_MATCHING_DIGEST 131
443#define CMS_R_NO_MATCHING_RECIPIENT 132
444#define CMS_R_NO_MATCHING_SIGNATURE 166
445#define CMS_R_NO_MSGSIGDIGEST 167
446#define CMS_R_NO_PRIVATE_KEY 133
447#define CMS_R_NO_PUBLIC_KEY 134
448#define CMS_R_NO_RECEIPT_REQUEST 168
449#define CMS_R_NO_SIGNERS 135
450#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
451#define CMS_R_RECEIPT_DECODE_ERROR 169
452#define CMS_R_RECIPIENT_ERROR 137
453#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
454#define CMS_R_SIGNFINAL_ERROR 139
455#define CMS_R_SMIME_TEXT_ERROR 140
456#define CMS_R_STORE_INIT_ERROR 141
457#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
458#define CMS_R_TYPE_NOT_DATA 143
459#define CMS_R_TYPE_NOT_DIGESTED_DATA 144
460#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
461#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
462#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
463#define CMS_R_UNKNOWN_CIPHER 148
464#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
465#define CMS_R_UNKNOWN_ID 150
466#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
467#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
468#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
469#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
470#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
471#define CMS_R_UNSUPPORTED_TYPE 156
472#define CMS_R_UNWRAP_ERROR 157
473#define CMS_R_VERIFICATION_FAILURE 158
474#define CMS_R_WRAP_ERROR 159
475
476#ifdef __cplusplus
477}
478#endif
479#endif
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
deleted file mode 100644
index fcba4dcbcc..0000000000
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ /dev/null
@@ -1,380 +0,0 @@
1/* crypto/cms/cms_asn1.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/pem.h>
56#include <openssl/x509v3.h>
57#include "cms.h"
58#include "cms_lcl.h"
59
60
61ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
62 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
63 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
64} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
65
66ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
67 ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
68 ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
69} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
70
71ASN1_CHOICE(CMS_CertificateChoices) = {
72 ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
73 ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
74 ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
75 ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
76 ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
77} ASN1_CHOICE_END(CMS_CertificateChoices)
78
79ASN1_CHOICE(CMS_SignerIdentifier) = {
80 ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
81 ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
82} ASN1_CHOICE_END(CMS_SignerIdentifier)
83
84ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
85 ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
86 ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
87} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
88
89/* Minor tweak to operation: free up signer key, cert */
90static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
91 void *exarg)
92 {
93 if(operation == ASN1_OP_FREE_POST)
94 {
95 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
96 if (si->pkey)
97 EVP_PKEY_free(si->pkey);
98 if (si->signer)
99 X509_free(si->signer);
100 }
101 return 1;
102 }
103
104ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
105 ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
106 ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
107 ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
108 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
109 ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
110 ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
111 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
112} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
113
114ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
115 ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
116 ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
117} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
118
119ASN1_CHOICE(CMS_RevocationInfoChoice) = {
120 ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
121 ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
122} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
123
124ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
125 ASN1_SIMPLE(CMS_SignedData, version, LONG),
126 ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
127 ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
128 ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
129 ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
130 ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
131} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
132
133ASN1_SEQUENCE(CMS_OriginatorInfo) = {
134 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
135 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
136} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
137
138ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
139 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
140 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
141 ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
142} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
143
144ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
145 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
146 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
147 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
148 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
149} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
150
151ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
152 ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
153 ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
154} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
155
156ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
157 ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
158 ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
159 ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
160} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
161
162ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
163 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
164 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
165} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
166
167ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
168 ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
169 ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
170} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
171
172ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
173 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
174 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
175} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
176
177ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
178 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
179 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
180 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
181} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
182
183ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
184 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
185 ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
186 ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
187 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
188 ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
189} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
190
191ASN1_SEQUENCE(CMS_KEKIdentifier) = {
192 ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
193 ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
194 ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
195} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
196
197ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
198 ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
199 ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
200 ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
201 ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
202} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
203
204ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
205 ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
206 ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
207 ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
208 ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
209} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
210
211ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
212 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
213 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
214} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
215
216/* Free up RecipientInfo additional data */
217static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
218 void *exarg)
219 {
220 if(operation == ASN1_OP_FREE_PRE)
221 {
222 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
223 if (ri->type == CMS_RECIPINFO_TRANS)
224 {
225 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
226 if (ktri->pkey)
227 EVP_PKEY_free(ktri->pkey);
228 if (ktri->recip)
229 X509_free(ktri->recip);
230 }
231 else if (ri->type == CMS_RECIPINFO_KEK)
232 {
233 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
234 if (kekri->key)
235 {
236 OPENSSL_cleanse(kekri->key, kekri->keylen);
237 OPENSSL_free(kekri->key);
238 }
239 }
240 }
241 return 1;
242 }
243
244ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
245 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
246 ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
247 ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
248 ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
249 ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
250} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
251
252ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
253 ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
254 ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
255 ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
256 ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
257 ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
258} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
259
260ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
261 ASN1_SIMPLE(CMS_DigestedData, version, LONG),
262 ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
263 ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
264 ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
265} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
266
267ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
268 ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
269 ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
270 ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
271} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
272
273ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
274 ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
275 ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
276 ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
277 ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
278 ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
279 ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
280 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
281 ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
282 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
283} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
284
285ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
286 ASN1_SIMPLE(CMS_CompressedData, version, LONG),
287 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
288 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
289} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
290
291/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
292
293ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
294
295ASN1_ADB(CMS_ContentInfo) = {
296 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
297 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
298 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
299 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
300 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
301 ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
302 ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
303} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
304
305/* CMS streaming support */
306static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
307 void *exarg)
308 {
309 ASN1_STREAM_ARG *sarg = exarg;
310 CMS_ContentInfo *cms = NULL;
311 if (pval)
312 cms = (CMS_ContentInfo *)*pval;
313 else
314 return 1;
315 switch(operation)
316 {
317
318 case ASN1_OP_STREAM_PRE:
319 if (CMS_stream(&sarg->boundary, cms) <= 0)
320 return 0;
321 case ASN1_OP_DETACHED_PRE:
322 sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
323 if (!sarg->ndef_bio)
324 return 0;
325 break;
326
327 case ASN1_OP_STREAM_POST:
328 case ASN1_OP_DETACHED_POST:
329 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
330 return 0;
331 break;
332
333 }
334 return 1;
335 }
336
337ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
338 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
339 ASN1_ADB_OBJECT(CMS_ContentInfo)
340} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
341
342/* Specials for signed attributes */
343
344/* When signing attributes we want to reorder them to match the sorted
345 * encoding.
346 */
347
348ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
349 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
350ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
351
352/* When verifying attributes we need to use the received order. So
353 * we use SEQUENCE OF and tag it to SET OF
354 */
355
356ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
357 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
358 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
359ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
360
361
362
363ASN1_CHOICE(CMS_ReceiptsFrom) = {
364 ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
365 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
366} ASN1_CHOICE_END(CMS_ReceiptsFrom)
367
368ASN1_SEQUENCE(CMS_ReceiptRequest) = {
369 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
370 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
371 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
372} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
373
374ASN1_SEQUENCE(CMS_Receipt) = {
375 ASN1_SIMPLE(CMS_Receipt, version, LONG),
376 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
377 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
378 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
379} ASN1_SEQUENCE_END(CMS_Receipt)
380
diff --git a/src/lib/libcrypto/cms/cms_att.c b/src/lib/libcrypto/cms/cms_att.c
deleted file mode 100644
index 5b71722ebc..0000000000
--- a/src/lib/libcrypto/cms/cms_att.c
+++ /dev/null
@@ -1,195 +0,0 @@
1/* crypto/cms/cms_att.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/pem.h>
56#include <openssl/x509v3.h>
57#include <openssl/err.h>
58#include "cms.h"
59#include "cms_lcl.h"
60
61/* CMS SignedData Attribute utilities */
62
63int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
64{
65 return X509at_get_attr_count(si->signedAttrs);
66}
67
68int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
69 int lastpos)
70{
71 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
72}
73
74int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
75 int lastpos)
76{
77 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
78}
79
80X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
81{
82 return X509at_get_attr(si->signedAttrs, loc);
83}
84
85X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
86{
87 return X509at_delete_attr(si->signedAttrs, loc);
88}
89
90int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
91{
92 if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
93 return 0;
94}
95
96int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
97 const ASN1_OBJECT *obj, int type,
98 const void *bytes, int len)
99{
100 if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
101 type, bytes, len)) return 1;
102 return 0;
103}
104
105int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
106 int nid, int type,
107 const void *bytes, int len)
108{
109 if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
110 type, bytes, len)) return 1;
111 return 0;
112}
113
114int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
115 const char *attrname, int type,
116 const void *bytes, int len)
117{
118 if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
119 type, bytes, len)) return 1;
120 return 0;
121}
122
123void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
124 int lastpos, int type)
125{
126 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
127}
128
129int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
130{
131 return X509at_get_attr_count(si->unsignedAttrs);
132}
133
134int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
135 int lastpos)
136{
137 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
138}
139
140int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
141 int lastpos)
142{
143 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
144}
145
146X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
147{
148 return X509at_get_attr(si->unsignedAttrs, loc);
149}
150
151X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
152{
153 return X509at_delete_attr(si->unsignedAttrs, loc);
154}
155
156int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
157{
158 if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
159 return 0;
160}
161
162int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
163 const ASN1_OBJECT *obj, int type,
164 const void *bytes, int len)
165{
166 if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
167 type, bytes, len)) return 1;
168 return 0;
169}
170
171int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
172 int nid, int type,
173 const void *bytes, int len)
174{
175 if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
176 type, bytes, len)) return 1;
177 return 0;
178}
179
180int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
181 const char *attrname, int type,
182 const void *bytes, int len)
183{
184 if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
185 type, bytes, len)) return 1;
186 return 0;
187}
188
189void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
190 int lastpos, int type)
191{
192 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
193}
194
195/* Specific attribute cases */
diff --git a/src/lib/libcrypto/cms/cms_cd.c b/src/lib/libcrypto/cms/cms_cd.c
deleted file mode 100644
index a5fc2c4e2b..0000000000
--- a/src/lib/libcrypto/cms/cms_cd.c
+++ /dev/null
@@ -1,134 +0,0 @@
1/* crypto/cms/cms_cd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/bio.h>
61#include <openssl/comp.h>
62#include "cms_lcl.h"
63
64DECLARE_ASN1_ITEM(CMS_CompressedData)
65
66#ifdef ZLIB
67
68/* CMS CompressedData Utilities */
69
70CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
71 {
72 CMS_ContentInfo *cms;
73 CMS_CompressedData *cd;
74 /* Will need something cleverer if there is ever more than one
75 * compression algorithm or parameters have some meaning...
76 */
77 if (comp_nid != NID_zlib_compression)
78 {
79 CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
80 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
81 return NULL;
82 }
83 cms = CMS_ContentInfo_new();
84 if (!cms)
85 return NULL;
86
87 cd = M_ASN1_new_of(CMS_CompressedData);
88
89 if (!cd)
90 goto err;
91
92 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
93 cms->d.compressedData = cd;
94
95 cd->version = 0;
96
97 X509_ALGOR_set0(cd->compressionAlgorithm,
98 OBJ_nid2obj(NID_zlib_compression),
99 V_ASN1_UNDEF, NULL);
100
101 cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
102
103 return cms;
104
105 err:
106
107 if (cms)
108 CMS_ContentInfo_free(cms);
109
110 return NULL;
111 }
112
113BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
114 {
115 CMS_CompressedData *cd;
116 ASN1_OBJECT *compoid;
117 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
118 {
119 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
120 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
121 return NULL;
122 }
123 cd = cms->d.compressedData;
124 X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
125 if (OBJ_obj2nid(compoid) != NID_zlib_compression)
126 {
127 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
128 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
129 return NULL;
130 }
131 return BIO_new(BIO_f_zlib());
132 }
133
134#endif
diff --git a/src/lib/libcrypto/cms/cms_dd.c b/src/lib/libcrypto/cms/cms_dd.c
deleted file mode 100644
index 8919c15be1..0000000000
--- a/src/lib/libcrypto/cms/cms_dd.c
+++ /dev/null
@@ -1,148 +0,0 @@
1/* crypto/cms/cms_dd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61
62DECLARE_ASN1_ITEM(CMS_DigestedData)
63
64/* CMS DigestedData Utilities */
65
66CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
67 {
68 CMS_ContentInfo *cms;
69 CMS_DigestedData *dd;
70 cms = CMS_ContentInfo_new();
71 if (!cms)
72 return NULL;
73
74 dd = M_ASN1_new_of(CMS_DigestedData);
75
76 if (!dd)
77 goto err;
78
79 cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
80 cms->d.digestedData = dd;
81
82 dd->version = 0;
83 dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
84
85 cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
86
87 return cms;
88
89 err:
90
91 if (cms)
92 CMS_ContentInfo_free(cms);
93
94 return NULL;
95 }
96
97BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
98 {
99 CMS_DigestedData *dd;
100 dd = cms->d.digestedData;
101 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
102 }
103
104int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
105 {
106 EVP_MD_CTX mctx;
107 unsigned char md[EVP_MAX_MD_SIZE];
108 unsigned int mdlen;
109 int r = 0;
110 CMS_DigestedData *dd;
111 EVP_MD_CTX_init(&mctx);
112
113 dd = cms->d.digestedData;
114
115 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
116 goto err;
117
118 if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
119 goto err;
120
121 if (verify)
122 {
123 if (mdlen != (unsigned int)dd->digest->length)
124 {
125 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
126 CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
127 goto err;
128 }
129
130 if (memcmp(md, dd->digest->data, mdlen))
131 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
132 CMS_R_VERIFICATION_FAILURE);
133 else
134 r = 1;
135 }
136 else
137 {
138 if (!ASN1_STRING_set(dd->digest, md, mdlen))
139 goto err;
140 r = 1;
141 }
142
143 err:
144 EVP_MD_CTX_cleanup(&mctx);
145
146 return r;
147
148 }
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
deleted file mode 100644
index bab26235bd..0000000000
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ /dev/null
@@ -1,262 +0,0 @@
1/* crypto/cms/cms_enc.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/rand.h>
61#include "cms_lcl.h"
62
63/* CMS EncryptedData Utilities */
64
65DECLARE_ASN1_ITEM(CMS_EncryptedData)
66
67/* Return BIO based on EncryptedContentInfo and key */
68
69BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
70 {
71 BIO *b;
72 EVP_CIPHER_CTX *ctx;
73 const EVP_CIPHER *ciph;
74 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
75 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
76
77 int ok = 0;
78
79 int enc, keep_key = 0;
80
81 enc = ec->cipher ? 1 : 0;
82
83 b = BIO_new(BIO_f_cipher());
84 if (!b)
85 {
86 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
87 ERR_R_MALLOC_FAILURE);
88 return NULL;
89 }
90
91 BIO_get_cipher_ctx(b, &ctx);
92
93 if (enc)
94 {
95 ciph = ec->cipher;
96 /* If not keeping key set cipher to NULL so subsequent calls
97 * decrypt.
98 */
99 if (ec->key)
100 ec->cipher = NULL;
101 }
102 else
103 {
104 ciph = EVP_get_cipherbyobj(calg->algorithm);
105
106 if (!ciph)
107 {
108 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
109 CMS_R_UNKNOWN_CIPHER);
110 goto err;
111 }
112 }
113
114 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
115 {
116 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
117 CMS_R_CIPHER_INITIALISATION_ERROR);
118 goto err;
119 }
120
121 if (enc)
122 {
123 int ivlen;
124 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
125 /* Generate a random IV if we need one */
126 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
127 if (ivlen > 0)
128 {
129 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
130 goto err;
131 piv = iv;
132 }
133 }
134 else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
135 {
136 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
137 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
138 goto err;
139 }
140
141
142 if (enc && !ec->key)
143 {
144 /* Generate random key */
145 if (!ec->keylen)
146 ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
147 ec->key = OPENSSL_malloc(ec->keylen);
148 if (!ec->key)
149 {
150 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
151 ERR_R_MALLOC_FAILURE);
152 goto err;
153 }
154 if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
155 goto err;
156 keep_key = 1;
157 }
158 else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
159 {
160 /* If necessary set key length */
161 if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
162 {
163 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
164 CMS_R_INVALID_KEY_LENGTH);
165 goto err;
166 }
167 }
168
169 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
170 {
171 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
172 CMS_R_CIPHER_INITIALISATION_ERROR);
173 goto err;
174 }
175
176 if (piv)
177 {
178 calg->parameter = ASN1_TYPE_new();
179 if (!calg->parameter)
180 {
181 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
182 ERR_R_MALLOC_FAILURE);
183 goto err;
184 }
185 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
186 {
187 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
188 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
189 goto err;
190 }
191 }
192 ok = 1;
193
194 err:
195 if (ec->key && !keep_key)
196 {
197 OPENSSL_cleanse(ec->key, ec->keylen);
198 OPENSSL_free(ec->key);
199 ec->key = NULL;
200 }
201 if (ok)
202 return b;
203 BIO_free(b);
204 return NULL;
205 }
206
207int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
208 const EVP_CIPHER *cipher,
209 const unsigned char *key, size_t keylen)
210 {
211 ec->cipher = cipher;
212 if (key)
213 {
214 ec->key = OPENSSL_malloc(keylen);
215 if (!ec->key)
216 return 0;
217 memcpy(ec->key, key, keylen);
218 }
219 ec->keylen = keylen;
220 if (cipher)
221 ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
222 return 1;
223 }
224
225int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
226 const unsigned char *key, size_t keylen)
227 {
228 CMS_EncryptedContentInfo *ec;
229 if (!key || !keylen)
230 {
231 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
232 return 0;
233 }
234 if (ciph)
235 {
236 cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
237 if (!cms->d.encryptedData)
238 {
239 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
240 ERR_R_MALLOC_FAILURE);
241 return 0;
242 }
243 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
244 cms->d.encryptedData->version = 0;
245 }
246 else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
247 {
248 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
249 CMS_R_NOT_ENCRYPTED_DATA);
250 return 0;
251 }
252 ec = cms->d.encryptedData->encryptedContentInfo;
253 return cms_EncryptedContent_init(ec, ciph, key, keylen);
254 }
255
256BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
257 {
258 CMS_EncryptedData *enc = cms->d.encryptedData;
259 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
260 enc->version = 2;
261 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
262 }
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
deleted file mode 100644
index b3237d4b94..0000000000
--- a/src/lib/libcrypto/cms/cms_env.c
+++ /dev/null
@@ -1,862 +0,0 @@
1/* crypto/cms/cms_env.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/rand.h>
61#include <openssl/aes.h>
62#include "cms_lcl.h"
63#include "asn1_locl.h"
64
65/* CMS EnvelopedData Utilities */
66
67DECLARE_ASN1_ITEM(CMS_EnvelopedData)
68DECLARE_ASN1_ITEM(CMS_RecipientInfo)
69DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
70DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
71DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
72
73DECLARE_STACK_OF(CMS_RecipientInfo)
74
75static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
76 {
77 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
78 {
79 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
80 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
81 return NULL;
82 }
83 return cms->d.envelopedData;
84 }
85
86static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
87 {
88 if (cms->d.other == NULL)
89 {
90 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
91 if (!cms->d.envelopedData)
92 {
93 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
94 ERR_R_MALLOC_FAILURE);
95 return NULL;
96 }
97 cms->d.envelopedData->version = 0;
98 cms->d.envelopedData->encryptedContentInfo->contentType =
99 OBJ_nid2obj(NID_pkcs7_data);
100 ASN1_OBJECT_free(cms->contentType);
101 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
102 return cms->d.envelopedData;
103 }
104 return cms_get0_enveloped(cms);
105 }
106
107STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
108 {
109 CMS_EnvelopedData *env;
110 env = cms_get0_enveloped(cms);
111 if (!env)
112 return NULL;
113 return env->recipientInfos;
114 }
115
116int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
117 {
118 return ri->type;
119 }
120
121CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
122 {
123 CMS_ContentInfo *cms;
124 CMS_EnvelopedData *env;
125 cms = CMS_ContentInfo_new();
126 if (!cms)
127 goto merr;
128 env = cms_enveloped_data_init(cms);
129 if (!env)
130 goto merr;
131 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
132 cipher, NULL, 0))
133 goto merr;
134 return cms;
135 merr:
136 if (cms)
137 CMS_ContentInfo_free(cms);
138 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
139 return NULL;
140 }
141
142/* Key Transport Recipient Info (KTRI) routines */
143
144/* Add a recipient certificate. For now only handle key transport.
145 * If we ever handle key agreement will need updating.
146 */
147
148CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
149 X509 *recip, unsigned int flags)
150 {
151 CMS_RecipientInfo *ri = NULL;
152 CMS_KeyTransRecipientInfo *ktri;
153 CMS_EnvelopedData *env;
154 EVP_PKEY *pk = NULL;
155 int i, type;
156 env = cms_get0_enveloped(cms);
157 if (!env)
158 goto err;
159
160 /* Initialize recipient info */
161 ri = M_ASN1_new_of(CMS_RecipientInfo);
162 if (!ri)
163 goto merr;
164
165 /* Initialize and add key transport recipient info */
166
167 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
168 if (!ri->d.ktri)
169 goto merr;
170 ri->type = CMS_RECIPINFO_TRANS;
171
172 ktri = ri->d.ktri;
173
174 X509_check_purpose(recip, -1, -1);
175 pk = X509_get_pubkey(recip);
176 if (!pk)
177 {
178 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
179 CMS_R_ERROR_GETTING_PUBLIC_KEY);
180 goto err;
181 }
182 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
183 ktri->pkey = pk;
184 ktri->recip = recip;
185
186 if (flags & CMS_USE_KEYID)
187 {
188 ktri->version = 2;
189 type = CMS_RECIPINFO_KEYIDENTIFIER;
190 }
191 else
192 {
193 ktri->version = 0;
194 type = CMS_RECIPINFO_ISSUER_SERIAL;
195 }
196
197 /* Not a typo: RecipientIdentifier and SignerIdentifier are the
198 * same structure.
199 */
200
201 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
202 goto err;
203
204 if (pk->ameth && pk->ameth->pkey_ctrl)
205 {
206 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
207 0, ri);
208 if (i == -2)
209 {
210 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
211 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
212 goto err;
213 }
214 if (i <= 0)
215 {
216 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
217 CMS_R_CTRL_FAILURE);
218 goto err;
219 }
220 }
221
222 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
223 goto merr;
224
225 return ri;
226
227 merr:
228 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
229 err:
230 if (ri)
231 M_ASN1_free_of(ri, CMS_RecipientInfo);
232 return NULL;
233
234 }
235
236int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
237 EVP_PKEY **pk, X509 **recip,
238 X509_ALGOR **palg)
239 {
240 CMS_KeyTransRecipientInfo *ktri;
241 if (ri->type != CMS_RECIPINFO_TRANS)
242 {
243 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
244 CMS_R_NOT_KEY_TRANSPORT);
245 return 0;
246 }
247
248 ktri = ri->d.ktri;
249
250 if (pk)
251 *pk = ktri->pkey;
252 if (recip)
253 *recip = ktri->recip;
254 if (palg)
255 *palg = ktri->keyEncryptionAlgorithm;
256 return 1;
257 }
258
259int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
260 ASN1_OCTET_STRING **keyid,
261 X509_NAME **issuer, ASN1_INTEGER **sno)
262 {
263 CMS_KeyTransRecipientInfo *ktri;
264 if (ri->type != CMS_RECIPINFO_TRANS)
265 {
266 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
267 CMS_R_NOT_KEY_TRANSPORT);
268 return 0;
269 }
270 ktri = ri->d.ktri;
271
272 return cms_SignerIdentifier_get0_signer_id(ktri->rid,
273 keyid, issuer, sno);
274 }
275
276int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
277 {
278 if (ri->type != CMS_RECIPINFO_TRANS)
279 {
280 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
281 CMS_R_NOT_KEY_TRANSPORT);
282 return -2;
283 }
284 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
285 }
286
287int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
288 {
289 if (ri->type != CMS_RECIPINFO_TRANS)
290 {
291 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
292 CMS_R_NOT_KEY_TRANSPORT);
293 return 0;
294 }
295 ri->d.ktri->pkey = pkey;
296 return 1;
297 }
298
299/* Encrypt content key in key transport recipient info */
300
301static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
302 CMS_RecipientInfo *ri)
303 {
304 CMS_KeyTransRecipientInfo *ktri;
305 CMS_EncryptedContentInfo *ec;
306 EVP_PKEY_CTX *pctx = NULL;
307 unsigned char *ek = NULL;
308 size_t eklen;
309
310 int ret = 0;
311
312 if (ri->type != CMS_RECIPINFO_TRANS)
313 {
314 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
315 CMS_R_NOT_KEY_TRANSPORT);
316 return 0;
317 }
318 ktri = ri->d.ktri;
319 ec = cms->d.envelopedData->encryptedContentInfo;
320
321 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
322 if (!pctx)
323 return 0;
324
325 if (EVP_PKEY_encrypt_init(pctx) <= 0)
326 goto err;
327
328 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
329 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
330 {
331 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
332 goto err;
333 }
334
335 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
336 goto err;
337
338 ek = OPENSSL_malloc(eklen);
339
340 if (ek == NULL)
341 {
342 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
343 ERR_R_MALLOC_FAILURE);
344 goto err;
345 }
346
347 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
348 goto err;
349
350 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
351 ek = NULL;
352
353 ret = 1;
354
355 err:
356 if (pctx)
357 EVP_PKEY_CTX_free(pctx);
358 if (ek)
359 OPENSSL_free(ek);
360 return ret;
361
362 }
363
364/* Decrypt content key from KTRI */
365
366static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
367 CMS_RecipientInfo *ri)
368 {
369 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
370 EVP_PKEY_CTX *pctx = NULL;
371 unsigned char *ek = NULL;
372 size_t eklen;
373 int ret = 0;
374
375 if (ktri->pkey == NULL)
376 {
377 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
378 CMS_R_NO_PRIVATE_KEY);
379 return 0;
380 }
381
382 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
383 if (!pctx)
384 return 0;
385
386 if (EVP_PKEY_decrypt_init(pctx) <= 0)
387 goto err;
388
389 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
390 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
391 {
392 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
393 goto err;
394 }
395
396 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
397 ktri->encryptedKey->data,
398 ktri->encryptedKey->length) <= 0)
399 goto err;
400
401 ek = OPENSSL_malloc(eklen);
402
403 if (ek == NULL)
404 {
405 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
406 ERR_R_MALLOC_FAILURE);
407 goto err;
408 }
409
410 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
411 ktri->encryptedKey->data,
412 ktri->encryptedKey->length) <= 0)
413 {
414 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
415 goto err;
416 }
417
418 ret = 1;
419
420 cms->d.envelopedData->encryptedContentInfo->key = ek;
421 cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
422
423 err:
424 if (pctx)
425 EVP_PKEY_CTX_free(pctx);
426 if (!ret && ek)
427 OPENSSL_free(ek);
428
429 return ret;
430 }
431
432/* Key Encrypted Key (KEK) RecipientInfo routines */
433
434int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
435 const unsigned char *id, size_t idlen)
436 {
437 ASN1_OCTET_STRING tmp_os;
438 CMS_KEKRecipientInfo *kekri;
439 if (ri->type != CMS_RECIPINFO_KEK)
440 {
441 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
442 return -2;
443 }
444 kekri = ri->d.kekri;
445 tmp_os.type = V_ASN1_OCTET_STRING;
446 tmp_os.flags = 0;
447 tmp_os.data = (unsigned char *)id;
448 tmp_os.length = (int)idlen;
449 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
450 }
451
452/* For now hard code AES key wrap info */
453
454static size_t aes_wrap_keylen(int nid)
455 {
456 switch (nid)
457 {
458 case NID_id_aes128_wrap:
459 return 16;
460
461 case NID_id_aes192_wrap:
462 return 24;
463
464 case NID_id_aes256_wrap:
465 return 32;
466
467 default:
468 return 0;
469 }
470 }
471
472CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
473 unsigned char *key, size_t keylen,
474 unsigned char *id, size_t idlen,
475 ASN1_GENERALIZEDTIME *date,
476 ASN1_OBJECT *otherTypeId,
477 ASN1_TYPE *otherType)
478 {
479 CMS_RecipientInfo *ri = NULL;
480 CMS_EnvelopedData *env;
481 CMS_KEKRecipientInfo *kekri;
482 env = cms_get0_enveloped(cms);
483 if (!env)
484 goto err;
485
486 if (nid == NID_undef)
487 {
488 switch (keylen)
489 {
490 case 16:
491 nid = NID_id_aes128_wrap;
492 break;
493
494 case 24:
495 nid = NID_id_aes192_wrap;
496 break;
497
498 case 32:
499 nid = NID_id_aes256_wrap;
500 break;
501
502 default:
503 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
504 CMS_R_INVALID_KEY_LENGTH);
505 goto err;
506 }
507
508 }
509 else
510 {
511
512 size_t exp_keylen = aes_wrap_keylen(nid);
513
514 if (!exp_keylen)
515 {
516 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
517 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
518 goto err;
519 }
520
521 if (keylen != exp_keylen)
522 {
523 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
524 CMS_R_INVALID_KEY_LENGTH);
525 goto err;
526 }
527
528 }
529
530 /* Initialize recipient info */
531 ri = M_ASN1_new_of(CMS_RecipientInfo);
532 if (!ri)
533 goto merr;
534
535 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
536 if (!ri->d.kekri)
537 goto merr;
538 ri->type = CMS_RECIPINFO_KEK;
539
540 kekri = ri->d.kekri;
541
542 if (otherTypeId)
543 {
544 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
545 if (kekri->kekid->other == NULL)
546 goto merr;
547 }
548
549 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
550 goto merr;
551
552
553 /* After this point no calls can fail */
554
555 kekri->version = 4;
556
557 kekri->key = key;
558 kekri->keylen = keylen;
559
560 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
561
562 kekri->kekid->date = date;
563
564 if (kekri->kekid->other)
565 {
566 kekri->kekid->other->keyAttrId = otherTypeId;
567 kekri->kekid->other->keyAttr = otherType;
568 }
569
570 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
571 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
572
573 return ri;
574
575 merr:
576 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
577 err:
578 if (ri)
579 M_ASN1_free_of(ri, CMS_RecipientInfo);
580 return NULL;
581
582 }
583
584int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
585 X509_ALGOR **palg,
586 ASN1_OCTET_STRING **pid,
587 ASN1_GENERALIZEDTIME **pdate,
588 ASN1_OBJECT **potherid,
589 ASN1_TYPE **pothertype)
590 {
591 CMS_KEKIdentifier *rkid;
592 if (ri->type != CMS_RECIPINFO_KEK)
593 {
594 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
595 return 0;
596 }
597 rkid = ri->d.kekri->kekid;
598 if (palg)
599 *palg = ri->d.kekri->keyEncryptionAlgorithm;
600 if (pid)
601 *pid = rkid->keyIdentifier;
602 if (pdate)
603 *pdate = rkid->date;
604 if (potherid)
605 {
606 if (rkid->other)
607 *potherid = rkid->other->keyAttrId;
608 else
609 *potherid = NULL;
610 }
611 if (pothertype)
612 {
613 if (rkid->other)
614 *pothertype = rkid->other->keyAttr;
615 else
616 *pothertype = NULL;
617 }
618 return 1;
619 }
620
621int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
622 unsigned char *key, size_t keylen)
623 {
624 CMS_KEKRecipientInfo *kekri;
625 if (ri->type != CMS_RECIPINFO_KEK)
626 {
627 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
628 return 0;
629 }
630
631 kekri = ri->d.kekri;
632 kekri->key = key;
633 kekri->keylen = keylen;
634 return 1;
635 }
636
637
638/* Encrypt content key in KEK recipient info */
639
640static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
641 CMS_RecipientInfo *ri)
642 {
643 CMS_EncryptedContentInfo *ec;
644 CMS_KEKRecipientInfo *kekri;
645 AES_KEY actx;
646 unsigned char *wkey = NULL;
647 int wkeylen;
648 int r = 0;
649
650 ec = cms->d.envelopedData->encryptedContentInfo;
651
652 kekri = ri->d.kekri;
653
654 if (!kekri->key)
655 {
656 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
657 return 0;
658 }
659
660 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
661 {
662 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
663 CMS_R_ERROR_SETTING_KEY);
664 goto err;
665 }
666
667 wkey = OPENSSL_malloc(ec->keylen + 8);
668
669 if (!wkey)
670 {
671 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
672 ERR_R_MALLOC_FAILURE);
673 goto err;
674 }
675
676 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
677
678 if (wkeylen <= 0)
679 {
680 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
681 goto err;
682 }
683
684 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
685
686 r = 1;
687
688 err:
689
690 if (!r && wkey)
691 OPENSSL_free(wkey);
692 OPENSSL_cleanse(&actx, sizeof(actx));
693
694 return r;
695
696 }
697
698/* Decrypt content key in KEK recipient info */
699
700static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
701 CMS_RecipientInfo *ri)
702 {
703 CMS_EncryptedContentInfo *ec;
704 CMS_KEKRecipientInfo *kekri;
705 AES_KEY actx;
706 unsigned char *ukey = NULL;
707 int ukeylen;
708 int r = 0, wrap_nid;
709
710 ec = cms->d.envelopedData->encryptedContentInfo;
711
712 kekri = ri->d.kekri;
713
714 if (!kekri->key)
715 {
716 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
717 return 0;
718 }
719
720 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
721 if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
722 {
723 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
724 CMS_R_INVALID_KEY_LENGTH);
725 return 0;
726 }
727
728 /* If encrypted key length is invalid don't bother */
729
730 if (kekri->encryptedKey->length < 16)
731 {
732 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
733 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
734 goto err;
735 }
736
737 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
738 {
739 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
740 CMS_R_ERROR_SETTING_KEY);
741 goto err;
742 }
743
744 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
745
746 if (!ukey)
747 {
748 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
749 ERR_R_MALLOC_FAILURE);
750 goto err;
751 }
752
753 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
754 kekri->encryptedKey->data,
755 kekri->encryptedKey->length);
756
757 if (ukeylen <= 0)
758 {
759 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
760 CMS_R_UNWRAP_ERROR);
761 goto err;
762 }
763
764 ec->key = ukey;
765 ec->keylen = ukeylen;
766
767 r = 1;
768
769 err:
770
771 if (!r && ukey)
772 OPENSSL_free(ukey);
773 OPENSSL_cleanse(&actx, sizeof(actx));
774
775 return r;
776
777 }
778
779int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
780 {
781 switch(ri->type)
782 {
783 case CMS_RECIPINFO_TRANS:
784 return cms_RecipientInfo_ktri_decrypt(cms, ri);
785
786 case CMS_RECIPINFO_KEK:
787 return cms_RecipientInfo_kekri_decrypt(cms, ri);
788
789 default:
790 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
791 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
792 return 0;
793 }
794 }
795
796BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
797 {
798 CMS_EncryptedContentInfo *ec;
799 STACK_OF(CMS_RecipientInfo) *rinfos;
800 CMS_RecipientInfo *ri;
801 int i, r, ok = 0;
802 BIO *ret;
803
804 /* Get BIO first to set up key */
805
806 ec = cms->d.envelopedData->encryptedContentInfo;
807 ret = cms_EncryptedContent_init_bio(ec);
808
809 /* If error or no cipher end of processing */
810
811 if (!ret || !ec->cipher)
812 return ret;
813
814 /* Now encrypt content key according to each RecipientInfo type */
815
816 rinfos = cms->d.envelopedData->recipientInfos;
817
818 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
819 {
820 ri = sk_CMS_RecipientInfo_value(rinfos, i);
821
822 switch (ri->type)
823 {
824 case CMS_RECIPINFO_TRANS:
825 r = cms_RecipientInfo_ktri_encrypt(cms, ri);
826 break;
827
828 case CMS_RECIPINFO_KEK:
829 r = cms_RecipientInfo_kekri_encrypt(cms, ri);
830 break;
831
832 default:
833 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
834 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
835 goto err;
836 }
837
838 if (r <= 0)
839 {
840 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
841 CMS_R_ERROR_SETTING_RECIPIENTINFO);
842 goto err;
843 }
844 }
845
846 ok = 1;
847
848 err:
849 ec->cipher = NULL;
850 if (ec->key)
851 {
852 OPENSSL_cleanse(ec->key, ec->keylen);
853 OPENSSL_free(ec->key);
854 ec->key = NULL;
855 ec->keylen = 0;
856 }
857 if (ok)
858 return ret;
859 BIO_free(ret);
860 return NULL;
861
862 }
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
deleted file mode 100644
index ff7b0309e5..0000000000
--- a/src/lib/libcrypto/cms/cms_err.c
+++ /dev/null
@@ -1,236 +0,0 @@
1/* crypto/cms/cms_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/cms.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
70
71static ERR_STRING_DATA CMS_str_functs[]=
72 {
73{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
74{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
75{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
76{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
77{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
78{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
79{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
80{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
81{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
82{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"},
83{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
84{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
85{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
86{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
87{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
88{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
89{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
90{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
91{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
92{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
93{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
94{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
95{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
96{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
97{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"},
98{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
99{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
100{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"},
101{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
102{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"},
103{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
104{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
105{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
106{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
107{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
108{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"},
109{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
110{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
111{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
112{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
113{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
114{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
115{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
116{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
117{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"},
118{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"},
119{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"},
120{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
121{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
122{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
123{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
124{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
125{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
126{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
127{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
128{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
129{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
130{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"},
131{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
132{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
133{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
134{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
135{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
136{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
137{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
138{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
139{0,NULL}
140 };
141
142static ERR_STRING_DATA CMS_str_reasons[]=
143 {
144{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"},
145{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
146{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
147{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
148{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
149{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
150{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"},
151{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"},
152{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
153{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"},
154{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
155{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
156{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
157{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
158{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"},
159{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"},
160{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"},
161{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"},
162{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"},
163{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
164{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
165{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"},
166{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
167{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
168{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
169{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"},
170{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
171{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
172{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"},
173{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
174{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
175{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"},
176{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"},
177{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"},
178{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"},
179{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"},
180{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
181{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"},
182{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"},
183{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"},
184{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"},
185{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"},
186{ERR_REASON(CMS_R_NO_KEY) ,"no key"},
187{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"},
188{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"},
189{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
190{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
191{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"},
192{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"},
193{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"},
194{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"},
195{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"},
196{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
197{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"},
198{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"},
199{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
200{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"},
201{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"},
202{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"},
203{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
204{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"},
205{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
206{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
207{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
208{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
209{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"},
210{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
211{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"},
212{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
213{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
214{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
215{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
216{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
217{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"},
218{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"},
219{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"},
220{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"},
221{0,NULL}
222 };
223
224#endif
225
226void ERR_load_CMS_strings(void)
227 {
228#ifndef OPENSSL_NO_ERR
229
230 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
231 {
232 ERR_load_strings(0,CMS_str_functs);
233 ERR_load_strings(0,CMS_str_reasons);
234 }
235#endif
236 }
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
deleted file mode 100644
index 90c0b82fb5..0000000000
--- a/src/lib/libcrypto/cms/cms_ess.c
+++ /dev/null
@@ -1,420 +0,0 @@
1/* crypto/cms/cms_ess.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/rand.h>
58#include <openssl/x509v3.h>
59#include <openssl/err.h>
60#include <openssl/cms.h>
61#include "cms_lcl.h"
62
63DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
64DECLARE_ASN1_ITEM(CMS_Receipt)
65
66IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
67
68/* ESS services: for now just Signed Receipt related */
69
70int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
71 {
72 ASN1_STRING *str;
73 CMS_ReceiptRequest *rr = NULL;
74 if (prr)
75 *prr = NULL;
76 str = CMS_signed_get0_data_by_OBJ(si,
77 OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
78 -3, V_ASN1_SEQUENCE);
79 if (!str)
80 return 0;
81
82 rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
83 if (!rr)
84 return -1;
85 if (prr)
86 *prr = rr;
87 else
88 CMS_ReceiptRequest_free(rr);
89 return 1;
90 }
91
92CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
93 int allorfirst,
94 STACK_OF(GENERAL_NAMES) *receiptList,
95 STACK_OF(GENERAL_NAMES) *receiptsTo)
96 {
97 CMS_ReceiptRequest *rr = NULL;
98
99 rr = CMS_ReceiptRequest_new();
100 if (!rr)
101 goto merr;
102 if (id)
103 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
104 else
105 {
106 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
107 goto merr;
108 if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
109 <= 0)
110 goto err;
111 }
112
113 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
114 rr->receiptsTo = receiptsTo;
115
116 if (receiptList)
117 {
118 rr->receiptsFrom->type = 1;
119 rr->receiptsFrom->d.receiptList = receiptList;
120 }
121 else
122 {
123 rr->receiptsFrom->type = 0;
124 rr->receiptsFrom->d.allOrFirstTier = allorfirst;
125 }
126
127 return rr;
128
129 merr:
130 CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
131
132 err:
133 if (rr)
134 CMS_ReceiptRequest_free(rr);
135
136 return NULL;
137
138 }
139
140int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
141 {
142 unsigned char *rrder = NULL;
143 int rrderlen, r = 0;
144
145 rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
146 if (rrderlen < 0)
147 goto merr;
148
149 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
150 V_ASN1_SEQUENCE, rrder, rrderlen))
151 goto merr;
152
153 r = 1;
154
155 merr:
156 if (!r)
157 CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
158
159 if (rrder)
160 OPENSSL_free(rrder);
161
162 return r;
163
164 }
165
166void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
167 ASN1_STRING **pcid,
168 int *pallorfirst,
169 STACK_OF(GENERAL_NAMES) **plist,
170 STACK_OF(GENERAL_NAMES) **prto)
171 {
172 if (pcid)
173 *pcid = rr->signedContentIdentifier;
174 if (rr->receiptsFrom->type == 0)
175 {
176 if (pallorfirst)
177 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
178 if (plist)
179 *plist = NULL;
180 }
181 else
182 {
183 if (pallorfirst)
184 *pallorfirst = -1;
185 if (plist)
186 *plist = rr->receiptsFrom->d.receiptList;
187 }
188 if (prto)
189 *prto = rr->receiptsTo;
190 }
191
192/* Digest a SignerInfo structure for msgSigDigest attribute processing */
193
194static int cms_msgSigDigest(CMS_SignerInfo *si,
195 unsigned char *dig, unsigned int *diglen)
196 {
197 const EVP_MD *md;
198 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
199 if (md == NULL)
200 return 0;
201 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
202 si->signedAttrs, dig, diglen))
203 return 0;
204 return 1;
205 }
206
207/* Add a msgSigDigest attribute to a SignerInfo */
208
209int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
210 {
211 unsigned char dig[EVP_MAX_MD_SIZE];
212 unsigned int diglen;
213 if (!cms_msgSigDigest(src, dig, &diglen))
214 {
215 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
216 return 0;
217 }
218 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
219 V_ASN1_OCTET_STRING, dig, diglen))
220 {
221 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
222 return 0;
223 }
224 return 1;
225 }
226
227/* Verify signed receipt after it has already passed normal CMS verify */
228
229int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
230 {
231 int r = 0, i;
232 CMS_ReceiptRequest *rr = NULL;
233 CMS_Receipt *rct = NULL;
234 STACK_OF(CMS_SignerInfo) *sis, *osis;
235 CMS_SignerInfo *si, *osi = NULL;
236 ASN1_OCTET_STRING *msig, **pcont;
237 ASN1_OBJECT *octype;
238 unsigned char dig[EVP_MAX_MD_SIZE];
239 unsigned int diglen;
240
241 /* Get SignerInfos, also checks SignedData content type */
242 osis = CMS_get0_SignerInfos(req_cms);
243 sis = CMS_get0_SignerInfos(cms);
244 if (!osis || !sis)
245 goto err;
246
247 if (sk_CMS_SignerInfo_num(sis) != 1)
248 {
249 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
250 goto err;
251 }
252
253 /* Check receipt content type */
254 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
255 {
256 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
257 goto err;
258 }
259
260 /* Extract and decode receipt content */
261 pcont = CMS_get0_content(cms);
262 if (!pcont || !*pcont)
263 {
264 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
265 goto err;
266 }
267
268 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
269
270 if (!rct)
271 {
272 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
273 goto err;
274 }
275
276 /* Locate original request */
277
278 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
279 {
280 osi = sk_CMS_SignerInfo_value(osis, i);
281 if (!ASN1_STRING_cmp(osi->signature,
282 rct->originatorSignatureValue))
283 break;
284 }
285
286 if (i == sk_CMS_SignerInfo_num(osis))
287 {
288 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
289 goto err;
290 }
291
292 si = sk_CMS_SignerInfo_value(sis, 0);
293
294 /* Get msgSigDigest value and compare */
295
296 msig = CMS_signed_get0_data_by_OBJ(si,
297 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
298 -3, V_ASN1_OCTET_STRING);
299
300 if (!msig)
301 {
302 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
303 goto err;
304 }
305
306 if (!cms_msgSigDigest(osi, dig, &diglen))
307 {
308 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
309 goto err;
310 }
311
312 if (diglen != (unsigned int)msig->length)
313 {
314 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
315 CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
316 goto err;
317 }
318
319 if (memcmp(dig, msig->data, diglen))
320 {
321 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
322 CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
323 goto err;
324 }
325
326 /* Compare content types */
327
328 octype = CMS_signed_get0_data_by_OBJ(osi,
329 OBJ_nid2obj(NID_pkcs9_contentType),
330 -3, V_ASN1_OBJECT);
331 if (!octype)
332 {
333 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
334 goto err;
335 }
336
337 /* Compare details in receipt request */
338
339 if (OBJ_cmp(octype, rct->contentType))
340 {
341 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
342 goto err;
343 }
344
345 /* Get original receipt request details */
346
347 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
348 {
349 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
350 goto err;
351 }
352
353 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
354 rct->signedContentIdentifier))
355 {
356 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
357 CMS_R_CONTENTIDENTIFIER_MISMATCH);
358 goto err;
359 }
360
361 r = 1;
362
363 err:
364 if (rr)
365 CMS_ReceiptRequest_free(rr);
366 if (rct)
367 M_ASN1_free_of(rct, CMS_Receipt);
368
369 return r;
370
371 }
372
373/* Encode a Receipt into an OCTET STRING read for including into content of
374 * a SignedData ContentInfo.
375 */
376
377ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
378 {
379 CMS_Receipt rct;
380 CMS_ReceiptRequest *rr = NULL;
381 ASN1_OBJECT *ctype;
382 ASN1_OCTET_STRING *os = NULL;
383
384 /* Get original receipt request */
385
386 /* Get original receipt request details */
387
388 if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
389 {
390 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
391 goto err;
392 }
393
394 /* Get original content type */
395
396 ctype = CMS_signed_get0_data_by_OBJ(si,
397 OBJ_nid2obj(NID_pkcs9_contentType),
398 -3, V_ASN1_OBJECT);
399 if (!ctype)
400 {
401 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
402 goto err;
403 }
404
405 rct.version = 1;
406 rct.contentType = ctype;
407 rct.signedContentIdentifier = rr->signedContentIdentifier;
408 rct.originatorSignatureValue = si->signature;
409
410 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
411
412 err:
413 if (rr)
414 CMS_ReceiptRequest_free(rr);
415
416 return os;
417
418 }
419
420
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
deleted file mode 100644
index 1cb0264cc5..0000000000
--- a/src/lib/libcrypto/cms/cms_io.c
+++ /dev/null
@@ -1,133 +0,0 @@
1/* crypto/cms/cms_io.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/x509.h>
56#include <openssl/err.h>
57#include <openssl/pem.h>
58#include "cms.h"
59#include "cms_lcl.h"
60
61int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
62 {
63 ASN1_OCTET_STRING **pos;
64 pos = CMS_get0_content(cms);
65 if (!pos)
66 return 0;
67 if (!*pos)
68 *pos = ASN1_OCTET_STRING_new();
69 if (*pos)
70 {
71 (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
72 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
73 *boundary = &(*pos)->data;
74 return 1;
75 }
76 CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
77 return 0;
78 }
79
80CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
81 {
82 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
83 }
84
85int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
86 {
87 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
88 }
89
90IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
91
92BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
93 {
94 return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
95 ASN1_ITEM_rptr(CMS_ContentInfo));
96 }
97
98/* CMS wrappers round generalised stream and MIME routines */
99
100int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
101 {
102 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
103 ASN1_ITEM_rptr(CMS_ContentInfo));
104 }
105
106int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
107 {
108 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
109 "CMS",
110 ASN1_ITEM_rptr(CMS_ContentInfo));
111 }
112
113int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
114 {
115 STACK_OF(X509_ALGOR) *mdalgs;
116 int ctype_nid = OBJ_obj2nid(cms->contentType);
117 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
118 if (ctype_nid == NID_pkcs7_signed)
119 mdalgs = cms->d.signedData->digestAlgorithms;
120 else
121 mdalgs = NULL;
122
123 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
124 ctype_nid, econt_nid, mdalgs,
125 ASN1_ITEM_rptr(CMS_ContentInfo));
126 }
127
128CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
129 {
130 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
131 ASN1_ITEM_rptr(CMS_ContentInfo));
132 }
133
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
deleted file mode 100644
index c8ecfa724a..0000000000
--- a/src/lib/libcrypto/cms/cms_lcl.h
+++ /dev/null
@@ -1,461 +0,0 @@
1/* crypto/cms/cms_lcl.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#ifndef HEADER_CMS_LCL_H
55#define HEADER_CMS_LCL_H
56
57#ifdef __cplusplus
58extern "C" {
59#endif
60
61#include <openssl/x509.h>
62
63/* Cryptographic message syntax (CMS) structures: taken
64 * from RFC3852
65 */
66
67/* Forward references */
68
69typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
70typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
71typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
72typedef struct CMS_SignedData_st CMS_SignedData;
73typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
74typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
75typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
76typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
77typedef struct CMS_DigestedData_st CMS_DigestedData;
78typedef struct CMS_EncryptedData_st CMS_EncryptedData;
79typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
80typedef struct CMS_CompressedData_st CMS_CompressedData;
81typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
82typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
83typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
84typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
85typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
86typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
87typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
88typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
89typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
90typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
91typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
92typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
95
96struct CMS_ContentInfo_st
97 {
98 ASN1_OBJECT *contentType;
99 union {
100 ASN1_OCTET_STRING *data;
101 CMS_SignedData *signedData;
102 CMS_EnvelopedData *envelopedData;
103 CMS_DigestedData *digestedData;
104 CMS_EncryptedData *encryptedData;
105 CMS_AuthenticatedData *authenticatedData;
106 CMS_CompressedData *compressedData;
107 ASN1_TYPE *other;
108 /* Other types ... */
109 void *otherData;
110 } d;
111 };
112
113struct CMS_SignedData_st
114 {
115 long version;
116 STACK_OF(X509_ALGOR) *digestAlgorithms;
117 CMS_EncapsulatedContentInfo *encapContentInfo;
118 STACK_OF(CMS_CertificateChoices) *certificates;
119 STACK_OF(CMS_RevocationInfoChoice) *crls;
120 STACK_OF(CMS_SignerInfo) *signerInfos;
121 };
122
123struct CMS_EncapsulatedContentInfo_st
124 {
125 ASN1_OBJECT *eContentType;
126 ASN1_OCTET_STRING *eContent;
127 /* Set to 1 if incomplete structure only part set up */
128 int partial;
129 };
130
131struct CMS_SignerInfo_st
132 {
133 long version;
134 CMS_SignerIdentifier *sid;
135 X509_ALGOR *digestAlgorithm;
136 STACK_OF(X509_ATTRIBUTE) *signedAttrs;
137 X509_ALGOR *signatureAlgorithm;
138 ASN1_OCTET_STRING *signature;
139 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
140 /* Signing certificate and key */
141 X509 *signer;
142 EVP_PKEY *pkey;
143 };
144
145struct CMS_SignerIdentifier_st
146 {
147 int type;
148 union {
149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
150 ASN1_OCTET_STRING *subjectKeyIdentifier;
151 } d;
152 };
153
154struct CMS_EnvelopedData_st
155 {
156 long version;
157 CMS_OriginatorInfo *originatorInfo;
158 STACK_OF(CMS_RecipientInfo) *recipientInfos;
159 CMS_EncryptedContentInfo *encryptedContentInfo;
160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
161 };
162
163struct CMS_OriginatorInfo_st
164 {
165 STACK_OF(CMS_CertificateChoices) *certificates;
166 STACK_OF(CMS_RevocationInfoChoice) *crls;
167 };
168
169struct CMS_EncryptedContentInfo_st
170 {
171 ASN1_OBJECT *contentType;
172 X509_ALGOR *contentEncryptionAlgorithm;
173 ASN1_OCTET_STRING *encryptedContent;
174 /* Content encryption algorithm and key */
175 const EVP_CIPHER *cipher;
176 unsigned char *key;
177 size_t keylen;
178 };
179
180struct CMS_RecipientInfo_st
181 {
182 int type;
183 union {
184 CMS_KeyTransRecipientInfo *ktri;
185 CMS_KeyAgreeRecipientInfo *kari;
186 CMS_KEKRecipientInfo *kekri;
187 CMS_PasswordRecipientInfo *pwri;
188 CMS_OtherRecipientInfo *ori;
189 } d;
190 };
191
192typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
193
194struct CMS_KeyTransRecipientInfo_st
195 {
196 long version;
197 CMS_RecipientIdentifier *rid;
198 X509_ALGOR *keyEncryptionAlgorithm;
199 ASN1_OCTET_STRING *encryptedKey;
200 /* Recipient Key and cert */
201 X509 *recip;
202 EVP_PKEY *pkey;
203 };
204
205struct CMS_KeyAgreeRecipientInfo_st
206 {
207 long version;
208 CMS_OriginatorIdentifierOrKey *originator;
209 ASN1_OCTET_STRING *ukm;
210 X509_ALGOR *keyEncryptionAlgorithm;
211 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
212 };
213
214struct CMS_OriginatorIdentifierOrKey_st
215 {
216 int type;
217 union {
218 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
219 ASN1_OCTET_STRING *subjectKeyIdentifier;
220 CMS_OriginatorPublicKey *originatorKey;
221 } d;
222 };
223
224struct CMS_OriginatorPublicKey_st
225 {
226 X509_ALGOR *algorithm;
227 ASN1_BIT_STRING *publicKey;
228 };
229
230struct CMS_RecipientEncryptedKey_st
231 {
232 CMS_KeyAgreeRecipientIdentifier *rid;
233 ASN1_OCTET_STRING *encryptedKey;
234 };
235
236struct CMS_KeyAgreeRecipientIdentifier_st
237 {
238 int type;
239 union {
240 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
241 CMS_RecipientKeyIdentifier *rKeyId;
242 } d;
243 };
244
245struct CMS_RecipientKeyIdentifier_st
246 {
247 ASN1_OCTET_STRING *subjectKeyIdentifier;
248 ASN1_GENERALIZEDTIME *date;
249 CMS_OtherKeyAttribute *other;
250 };
251
252struct CMS_KEKRecipientInfo_st
253 {
254 long version;
255 CMS_KEKIdentifier *kekid;
256 X509_ALGOR *keyEncryptionAlgorithm;
257 ASN1_OCTET_STRING *encryptedKey;
258 /* Extra info: symmetric key to use */
259 unsigned char *key;
260 size_t keylen;
261 };
262
263struct CMS_KEKIdentifier_st
264 {
265 ASN1_OCTET_STRING *keyIdentifier;
266 ASN1_GENERALIZEDTIME *date;
267 CMS_OtherKeyAttribute *other;
268 };
269
270struct CMS_PasswordRecipientInfo_st
271 {
272 long version;
273 X509_ALGOR *keyDerivationAlgorithm;
274 X509_ALGOR *keyEncryptionAlgorithm;
275 ASN1_OCTET_STRING *encryptedKey;
276 };
277
278struct CMS_OtherRecipientInfo_st
279 {
280 ASN1_OBJECT *oriType;
281 ASN1_TYPE *oriValue;
282 };
283
284struct CMS_DigestedData_st
285 {
286 long version;
287 X509_ALGOR *digestAlgorithm;
288 CMS_EncapsulatedContentInfo *encapContentInfo;
289 ASN1_OCTET_STRING *digest;
290 };
291
292struct CMS_EncryptedData_st
293 {
294 long version;
295 CMS_EncryptedContentInfo *encryptedContentInfo;
296 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
297 };
298
299struct CMS_AuthenticatedData_st
300 {
301 long version;
302 CMS_OriginatorInfo *originatorInfo;
303 STACK_OF(CMS_RecipientInfo) *recipientInfos;
304 X509_ALGOR *macAlgorithm;
305 X509_ALGOR *digestAlgorithm;
306 CMS_EncapsulatedContentInfo *encapContentInfo;
307 STACK_OF(X509_ATTRIBUTE) *authAttrs;
308 ASN1_OCTET_STRING *mac;
309 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
310 };
311
312struct CMS_CompressedData_st
313 {
314 long version;
315 X509_ALGOR *compressionAlgorithm;
316 STACK_OF(CMS_RecipientInfo) *recipientInfos;
317 CMS_EncapsulatedContentInfo *encapContentInfo;
318 };
319
320struct CMS_RevocationInfoChoice_st
321 {
322 int type;
323 union {
324 X509_CRL *crl;
325 CMS_OtherRevocationInfoFormat *other;
326 } d;
327 };
328
329#define CMS_REVCHOICE_CRL 0
330#define CMS_REVCHOICE_OTHER 1
331
332struct CMS_OtherRevocationInfoFormat_st
333 {
334 ASN1_OBJECT *otherRevInfoFormat;
335 ASN1_TYPE *otherRevInfo;
336 };
337
338struct CMS_CertificateChoices
339 {
340 int type;
341 union {
342 X509 *certificate;
343 ASN1_STRING *extendedCertificate; /* Obsolete */
344 ASN1_STRING *v1AttrCert; /* Left encoded for now */
345 ASN1_STRING *v2AttrCert; /* Left encoded for now */
346 CMS_OtherCertificateFormat *other;
347 } d;
348 };
349
350#define CMS_CERTCHOICE_CERT 0
351#define CMS_CERTCHOICE_EXCERT 1
352#define CMS_CERTCHOICE_V1ACERT 2
353#define CMS_CERTCHOICE_V2ACERT 3
354#define CMS_CERTCHOICE_OTHER 4
355
356struct CMS_OtherCertificateFormat_st
357 {
358 ASN1_OBJECT *otherCertFormat;
359 ASN1_TYPE *otherCert;
360 };
361
362/* This is also defined in pkcs7.h but we duplicate it
363 * to allow the CMS code to be independent of PKCS#7
364 */
365
366struct CMS_IssuerAndSerialNumber_st
367 {
368 X509_NAME *issuer;
369 ASN1_INTEGER *serialNumber;
370 };
371
372struct CMS_OtherKeyAttribute_st
373 {
374 ASN1_OBJECT *keyAttrId;
375 ASN1_TYPE *keyAttr;
376 };
377
378/* ESS structures */
379
380#ifdef HEADER_X509V3_H
381
382struct CMS_ReceiptRequest_st
383 {
384 ASN1_OCTET_STRING *signedContentIdentifier;
385 CMS_ReceiptsFrom *receiptsFrom;
386 STACK_OF(GENERAL_NAMES) *receiptsTo;
387 };
388
389
390struct CMS_ReceiptsFrom_st
391 {
392 int type;
393 union
394 {
395 long allOrFirstTier;
396 STACK_OF(GENERAL_NAMES) *receiptList;
397 } d;
398 };
399#endif
400
401struct CMS_Receipt_st
402 {
403 long version;
404 ASN1_OBJECT *contentType;
405 ASN1_OCTET_STRING *signedContentIdentifier;
406 ASN1_OCTET_STRING *originatorSignatureValue;
407 };
408
409DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
410DECLARE_ASN1_ITEM(CMS_SignerInfo)
411DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
412DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
413DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
414DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
415
416#define CMS_SIGNERINFO_ISSUER_SERIAL 0
417#define CMS_SIGNERINFO_KEYIDENTIFIER 1
418
419#define CMS_RECIPINFO_ISSUER_SERIAL 0
420#define CMS_RECIPINFO_KEYIDENTIFIER 1
421
422BIO *cms_content_bio(CMS_ContentInfo *cms);
423
424CMS_ContentInfo *cms_Data_create(void);
425
426CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
427BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
428int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
429
430BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
431int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
432int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
433int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
434 ASN1_OCTET_STRING **keyid,
435 X509_NAME **issuer, ASN1_INTEGER **sno);
436int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
437
438CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
439BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
440
441void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
442BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
443int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
444 X509_ALGOR *mdalg);
445
446BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
447BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
448int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
449 const EVP_CIPHER *cipher,
450 const unsigned char *key, size_t keylen);
451
452int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
453int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
454ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
455
456BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
457
458#ifdef __cplusplus
459}
460#endif
461#endif
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
deleted file mode 100644
index d00fe0f87b..0000000000
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ /dev/null
@@ -1,627 +0,0 @@
1/* crypto/cms/cms_lib.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/x509.h>
56#include <openssl/err.h>
57#include <openssl/pem.h>
58#include <openssl/bio.h>
59#include <openssl/asn1.h>
60#include "cms.h"
61#include "cms_lcl.h"
62
63IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
64IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
65
66DECLARE_ASN1_ITEM(CMS_CertificateChoices)
67DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
68DECLARE_STACK_OF(CMS_CertificateChoices)
69DECLARE_STACK_OF(CMS_RevocationInfoChoice)
70
71const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
72 {
73 return cms->contentType;
74 }
75
76CMS_ContentInfo *cms_Data_create(void)
77 {
78 CMS_ContentInfo *cms;
79 cms = CMS_ContentInfo_new();
80 if (cms)
81 {
82 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
83 /* Never detached */
84 CMS_set_detached(cms, 0);
85 }
86 return cms;
87 }
88
89BIO *cms_content_bio(CMS_ContentInfo *cms)
90 {
91 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
92 if (!pos)
93 return NULL;
94 /* If content detached data goes nowhere: create NULL BIO */
95 if (!*pos)
96 return BIO_new(BIO_s_null());
97 /* If content not detached and created return memory BIO
98 */
99 if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
100 return BIO_new(BIO_s_mem());
101 /* Else content was read in: return read only BIO for it */
102 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
103 }
104
105BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
106 {
107 BIO *cmsbio, *cont;
108 if (icont)
109 cont = icont;
110 else
111 cont = cms_content_bio(cms);
112 if (!cont)
113 {
114 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
115 return NULL;
116 }
117 switch (OBJ_obj2nid(cms->contentType))
118 {
119
120 case NID_pkcs7_data:
121 return cont;
122
123 case NID_pkcs7_signed:
124 cmsbio = cms_SignedData_init_bio(cms);
125 break;
126
127 case NID_pkcs7_digest:
128 cmsbio = cms_DigestedData_init_bio(cms);
129 break;
130#ifdef ZLIB
131 case NID_id_smime_ct_compressedData:
132 cmsbio = cms_CompressedData_init_bio(cms);
133 break;
134#endif
135
136 case NID_pkcs7_encrypted:
137 cmsbio = cms_EncryptedData_init_bio(cms);
138 break;
139
140 case NID_pkcs7_enveloped:
141 cmsbio = cms_EnvelopedData_init_bio(cms);
142 break;
143
144 default:
145 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
146 return NULL;
147 }
148
149 if (cmsbio)
150 return BIO_push(cmsbio, cont);
151
152 if (!icont)
153 BIO_free(cont);
154 return NULL;
155
156 }
157
158int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
159 {
160 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
161 if (!pos)
162 return 0;
163 /* If ebmedded content find memory BIO and set content */
164 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
165 {
166 BIO *mbio;
167 unsigned char *cont;
168 long contlen;
169 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
170 if (!mbio)
171 {
172 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
173 return 0;
174 }
175 contlen = BIO_get_mem_data(mbio, &cont);
176 /* Set bio as read only so its content can't be clobbered */
177 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
178 BIO_set_mem_eof_return(mbio, 0);
179 ASN1_STRING_set0(*pos, cont, contlen);
180 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
181 }
182
183 switch (OBJ_obj2nid(cms->contentType))
184 {
185
186 case NID_pkcs7_data:
187 case NID_pkcs7_enveloped:
188 case NID_pkcs7_encrypted:
189 case NID_id_smime_ct_compressedData:
190 /* Nothing to do */
191 return 1;
192
193 case NID_pkcs7_signed:
194 return cms_SignedData_final(cms, cmsbio);
195
196 case NID_pkcs7_digest:
197 return cms_DigestedData_do_final(cms, cmsbio, 0);
198
199 default:
200 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
201 return 0;
202 }
203 }
204
205/* Return an OCTET STRING pointer to content. This allows it to
206 * be accessed or set later.
207 */
208
209ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
210 {
211 switch (OBJ_obj2nid(cms->contentType))
212 {
213
214 case NID_pkcs7_data:
215 return &cms->d.data;
216
217 case NID_pkcs7_signed:
218 return &cms->d.signedData->encapContentInfo->eContent;
219
220 case NID_pkcs7_enveloped:
221 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
222
223 case NID_pkcs7_digest:
224 return &cms->d.digestedData->encapContentInfo->eContent;
225
226 case NID_pkcs7_encrypted:
227 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
228
229 case NID_id_smime_ct_authData:
230 return &cms->d.authenticatedData->encapContentInfo->eContent;
231
232 case NID_id_smime_ct_compressedData:
233 return &cms->d.compressedData->encapContentInfo->eContent;
234
235 default:
236 if (cms->d.other->type == V_ASN1_OCTET_STRING)
237 return &cms->d.other->value.octet_string;
238 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
239 return NULL;
240
241 }
242 }
243
244/* Return an ASN1_OBJECT pointer to content type. This allows it to
245 * be accessed or set later.
246 */
247
248static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
249 {
250 switch (OBJ_obj2nid(cms->contentType))
251 {
252
253 case NID_pkcs7_signed:
254 return &cms->d.signedData->encapContentInfo->eContentType;
255
256 case NID_pkcs7_enveloped:
257 return &cms->d.envelopedData->encryptedContentInfo->contentType;
258
259 case NID_pkcs7_digest:
260 return &cms->d.digestedData->encapContentInfo->eContentType;
261
262 case NID_pkcs7_encrypted:
263 return &cms->d.encryptedData->encryptedContentInfo->contentType;
264
265 case NID_id_smime_ct_authData:
266 return &cms->d.authenticatedData->encapContentInfo->eContentType;
267
268 case NID_id_smime_ct_compressedData:
269 return &cms->d.compressedData->encapContentInfo->eContentType;
270
271 default:
272 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
273 CMS_R_UNSUPPORTED_CONTENT_TYPE);
274 return NULL;
275
276 }
277 }
278
279const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
280 {
281 ASN1_OBJECT **petype;
282 petype = cms_get0_econtent_type(cms);
283 if (petype)
284 return *petype;
285 return NULL;
286 }
287
288int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
289 {
290 ASN1_OBJECT **petype, *etype;
291 petype = cms_get0_econtent_type(cms);
292 if (!petype)
293 return 0;
294 if (!oid)
295 return 1;
296 etype = OBJ_dup(oid);
297 if (!etype)
298 return 0;
299 ASN1_OBJECT_free(*petype);
300 *petype = etype;
301 return 1;
302 }
303
304int CMS_is_detached(CMS_ContentInfo *cms)
305 {
306 ASN1_OCTET_STRING **pos;
307 pos = CMS_get0_content(cms);
308 if (!pos)
309 return -1;
310 if (*pos)
311 return 0;
312 return 1;
313 }
314
315int CMS_set_detached(CMS_ContentInfo *cms, int detached)
316 {
317 ASN1_OCTET_STRING **pos;
318 pos = CMS_get0_content(cms);
319 if (!pos)
320 return 0;
321 if (detached)
322 {
323 if (*pos)
324 {
325 ASN1_OCTET_STRING_free(*pos);
326 *pos = NULL;
327 }
328 return 1;
329 }
330 if (!*pos)
331 *pos = ASN1_OCTET_STRING_new();
332 if (*pos)
333 {
334 /* NB: special flag to show content is created and not
335 * read in.
336 */
337 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
338 return 1;
339 }
340 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
341 return 0;
342 }
343
344/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
345
346void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
347 {
348 int param_type;
349
350 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
351 param_type = V_ASN1_UNDEF;
352 else
353 param_type = V_ASN1_NULL;
354
355 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
356
357 }
358
359/* Create a digest BIO from an X509_ALGOR structure */
360
361BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
362 {
363 BIO *mdbio = NULL;
364 ASN1_OBJECT *digestoid;
365 const EVP_MD *digest;
366 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
367 digest = EVP_get_digestbyobj(digestoid);
368 if (!digest)
369 {
370 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
371 CMS_R_UNKNOWN_DIGEST_ALGORIHM);
372 goto err;
373 }
374 mdbio = BIO_new(BIO_f_md());
375 if (!mdbio || !BIO_set_md(mdbio, digest))
376 {
377 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
378 CMS_R_MD_BIO_INIT_ERROR);
379 goto err;
380 }
381 return mdbio;
382 err:
383 if (mdbio)
384 BIO_free(mdbio);
385 return NULL;
386 }
387
388/* Locate a message digest content from a BIO chain based on SignerInfo */
389
390int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
391 X509_ALGOR *mdalg)
392 {
393 int nid;
394 ASN1_OBJECT *mdoid;
395 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
396 nid = OBJ_obj2nid(mdoid);
397 /* Look for digest type to match signature */
398 for (;;)
399 {
400 EVP_MD_CTX *mtmp;
401 chain = BIO_find_type(chain, BIO_TYPE_MD);
402 if (chain == NULL)
403 {
404 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
405 CMS_R_NO_MATCHING_DIGEST);
406 return 0;
407 }
408 BIO_get_md_ctx(chain, &mtmp);
409 if (EVP_MD_CTX_type(mtmp) == nid
410 /* Workaround for broken implementations that use signature
411 * algorithm OID instead of digest.
412 */
413 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
414 {
415 EVP_MD_CTX_copy_ex(mctx, mtmp);
416 return 1;
417 }
418 chain = BIO_next(chain);
419 }
420 }
421
422static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
423 {
424 switch (OBJ_obj2nid(cms->contentType))
425 {
426
427 case NID_pkcs7_signed:
428 return &cms->d.signedData->certificates;
429
430 case NID_pkcs7_enveloped:
431 return &cms->d.envelopedData->originatorInfo->certificates;
432
433 default:
434 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
435 CMS_R_UNSUPPORTED_CONTENT_TYPE);
436 return NULL;
437
438 }
439 }
440
441CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
442 {
443 STACK_OF(CMS_CertificateChoices) **pcerts;
444 CMS_CertificateChoices *cch;
445 pcerts = cms_get0_certificate_choices(cms);
446 if (!pcerts)
447 return NULL;
448 if (!*pcerts)
449 *pcerts = sk_CMS_CertificateChoices_new_null();
450 if (!*pcerts)
451 return NULL;
452 cch = M_ASN1_new_of(CMS_CertificateChoices);
453 if (!cch)
454 return NULL;
455 if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
456 {
457 M_ASN1_free_of(cch, CMS_CertificateChoices);
458 return NULL;
459 }
460 return cch;
461 }
462
463int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
464 {
465 CMS_CertificateChoices *cch;
466 STACK_OF(CMS_CertificateChoices) **pcerts;
467 int i;
468 pcerts = cms_get0_certificate_choices(cms);
469 if (!pcerts)
470 return 0;
471 if (!pcerts)
472 return 0;
473 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
474 {
475 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
476 if (cch->type == CMS_CERTCHOICE_CERT)
477 {
478 if (!X509_cmp(cch->d.certificate, cert))
479 {
480 CMSerr(CMS_F_CMS_ADD0_CERT,
481 CMS_R_CERTIFICATE_ALREADY_PRESENT);
482 return 0;
483 }
484 }
485 }
486 cch = CMS_add0_CertificateChoices(cms);
487 if (!cch)
488 return 0;
489 cch->type = CMS_CERTCHOICE_CERT;
490 cch->d.certificate = cert;
491 return 1;
492 }
493
494int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
495 {
496 int r;
497 r = CMS_add0_cert(cms, cert);
498 if (r > 0)
499 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
500 return r;
501 }
502
503static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
504 {
505 switch (OBJ_obj2nid(cms->contentType))
506 {
507
508 case NID_pkcs7_signed:
509 return &cms->d.signedData->crls;
510
511 case NID_pkcs7_enveloped:
512 return &cms->d.envelopedData->originatorInfo->crls;
513
514 default:
515 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
516 CMS_R_UNSUPPORTED_CONTENT_TYPE);
517 return NULL;
518
519 }
520 }
521
522CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
523 {
524 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
525 CMS_RevocationInfoChoice *rch;
526 pcrls = cms_get0_revocation_choices(cms);
527 if (!pcrls)
528 return NULL;
529 if (!*pcrls)
530 *pcrls = sk_CMS_RevocationInfoChoice_new_null();
531 if (!*pcrls)
532 return NULL;
533 rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
534 if (!rch)
535 return NULL;
536 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
537 {
538 M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
539 return NULL;
540 }
541 return rch;
542 }
543
544int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
545 {
546 CMS_RevocationInfoChoice *rch;
547 rch = CMS_add0_RevocationInfoChoice(cms);
548 if (!rch)
549 return 0;
550 rch->type = CMS_REVCHOICE_CRL;
551 rch->d.crl = crl;
552 return 1;
553 }
554
555int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
556 {
557 int r;
558 r = CMS_add0_crl(cms, crl);
559 if (r > 0)
560 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
561 return r;
562 }
563
564STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
565 {
566 STACK_OF(X509) *certs = NULL;
567 CMS_CertificateChoices *cch;
568 STACK_OF(CMS_CertificateChoices) **pcerts;
569 int i;
570 pcerts = cms_get0_certificate_choices(cms);
571 if (!pcerts)
572 return NULL;
573 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
574 {
575 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
576 if (cch->type == 0)
577 {
578 if (!certs)
579 {
580 certs = sk_X509_new_null();
581 if (!certs)
582 return NULL;
583 }
584 if (!sk_X509_push(certs, cch->d.certificate))
585 {
586 sk_X509_pop_free(certs, X509_free);
587 return NULL;
588 }
589 CRYPTO_add(&cch->d.certificate->references,
590 1, CRYPTO_LOCK_X509);
591 }
592 }
593 return certs;
594
595 }
596
597STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
598 {
599 STACK_OF(X509_CRL) *crls = NULL;
600 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
601 CMS_RevocationInfoChoice *rch;
602 int i;
603 pcrls = cms_get0_revocation_choices(cms);
604 if (!pcrls)
605 return NULL;
606 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
607 {
608 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
609 if (rch->type == 0)
610 {
611 if (!crls)
612 {
613 crls = sk_X509_CRL_new_null();
614 if (!crls)
615 return NULL;
616 }
617 if (!sk_X509_CRL_push(crls, rch->d.crl))
618 {
619 sk_X509_CRL_pop_free(crls, X509_CRL_free);
620 return NULL;
621 }
622 CRYPTO_add(&rch->d.crl->references,
623 1, CRYPTO_LOCK_X509_CRL);
624 }
625 }
626 return crls;
627 }
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
deleted file mode 100644
index e3192b9c57..0000000000
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ /dev/null
@@ -1,984 +0,0 @@
1/* crypto/cms/cms_sd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61#include "asn1_locl.h"
62
63/* CMS SignedData Utilities */
64
65DECLARE_ASN1_ITEM(CMS_SignedData)
66
67static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
68 {
69 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
70 {
71 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
72 return NULL;
73 }
74 return cms->d.signedData;
75 }
76
77static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
78 {
79 if (cms->d.other == NULL)
80 {
81 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
82 if (!cms->d.signedData)
83 {
84 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
85 return NULL;
86 }
87 cms->d.signedData->version = 1;
88 cms->d.signedData->encapContentInfo->eContentType =
89 OBJ_nid2obj(NID_pkcs7_data);
90 cms->d.signedData->encapContentInfo->partial = 1;
91 ASN1_OBJECT_free(cms->contentType);
92 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
93 return cms->d.signedData;
94 }
95 return cms_get0_signed(cms);
96 }
97
98/* Just initialize SignedData e.g. for certs only structure */
99
100int CMS_SignedData_init(CMS_ContentInfo *cms)
101 {
102 if (cms_signed_data_init(cms))
103 return 1;
104 else
105 return 0;
106 }
107
108/* Check structures and fixup version numbers (if necessary) */
109
110static void cms_sd_set_version(CMS_SignedData *sd)
111 {
112 int i;
113 CMS_CertificateChoices *cch;
114 CMS_RevocationInfoChoice *rch;
115 CMS_SignerInfo *si;
116
117 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
118 {
119 cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
120 if (cch->type == CMS_CERTCHOICE_OTHER)
121 {
122 if (sd->version < 5)
123 sd->version = 5;
124 }
125 else if (cch->type == CMS_CERTCHOICE_V2ACERT)
126 {
127 if (sd->version < 4)
128 sd->version = 4;
129 }
130 else if (cch->type == CMS_CERTCHOICE_V1ACERT)
131 {
132 if (sd->version < 3)
133 sd->version = 3;
134 }
135 }
136
137 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
138 {
139 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
140 if (rch->type == CMS_REVCHOICE_OTHER)
141 {
142 if (sd->version < 5)
143 sd->version = 5;
144 }
145 }
146
147 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
148 && (sd->version < 3))
149 sd->version = 3;
150
151 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
152 {
153 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
154 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
155 {
156 if (si->version < 3)
157 si->version = 3;
158 if (sd->version < 3)
159 sd->version = 3;
160 }
161 else
162 sd->version = 1;
163 }
164
165 if (sd->version < 1)
166 sd->version = 1;
167
168 }
169
170/* Copy an existing messageDigest value */
171
172static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
173 {
174 STACK_OF(CMS_SignerInfo) *sinfos;
175 CMS_SignerInfo *sitmp;
176 int i;
177 sinfos = CMS_get0_SignerInfos(cms);
178 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
179 {
180 ASN1_OCTET_STRING *messageDigest;
181 sitmp = sk_CMS_SignerInfo_value(sinfos, i);
182 if (sitmp == si)
183 continue;
184 if (CMS_signed_get_attr_count(sitmp) < 0)
185 continue;
186 if (OBJ_cmp(si->digestAlgorithm->algorithm,
187 sitmp->digestAlgorithm->algorithm))
188 continue;
189 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
190 OBJ_nid2obj(NID_pkcs9_messageDigest),
191 -3, V_ASN1_OCTET_STRING);
192 if (!messageDigest)
193 {
194 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
195 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
196 return 0;
197 }
198
199 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
200 V_ASN1_OCTET_STRING,
201 messageDigest, -1))
202 return 1;
203 else
204 return 0;
205 }
206 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
207 return 0;
208 }
209
210int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
211 {
212 switch(type)
213 {
214 case CMS_SIGNERINFO_ISSUER_SERIAL:
215 sid->d.issuerAndSerialNumber =
216 M_ASN1_new_of(CMS_IssuerAndSerialNumber);
217 if (!sid->d.issuerAndSerialNumber)
218 goto merr;
219 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
220 X509_get_issuer_name(cert)))
221 goto merr;
222 if (!ASN1_STRING_copy(
223 sid->d.issuerAndSerialNumber->serialNumber,
224 X509_get_serialNumber(cert)))
225 goto merr;
226 break;
227
228 case CMS_SIGNERINFO_KEYIDENTIFIER:
229 if (!cert->skid)
230 {
231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
232 CMS_R_CERTIFICATE_HAS_NO_KEYID);
233 return 0;
234 }
235 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
236 if (!sid->d.subjectKeyIdentifier)
237 goto merr;
238 break;
239
240 default:
241 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
242 return 0;
243 }
244
245 sid->type = type;
246
247 return 1;
248
249 merr:
250 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
251 return 0;
252
253 }
254
255int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
256 ASN1_OCTET_STRING **keyid,
257 X509_NAME **issuer, ASN1_INTEGER **sno)
258 {
259 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
260 {
261 if (issuer)
262 *issuer = sid->d.issuerAndSerialNumber->issuer;
263 if (sno)
264 *sno = sid->d.issuerAndSerialNumber->serialNumber;
265 }
266 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
267 {
268 if (keyid)
269 *keyid = sid->d.subjectKeyIdentifier;
270 }
271 else
272 return 0;
273 return 1;
274 }
275
276int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
277 {
278 int ret;
279 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
280 {
281 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
282 X509_get_issuer_name(cert));
283 if (ret)
284 return ret;
285 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
286 X509_get_serialNumber(cert));
287 }
288 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
289 {
290 X509_check_purpose(cert, -1, -1);
291 if (!cert->skid)
292 return -1;
293 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
294 cert->skid);
295 }
296 else
297 return -1;
298 }
299
300CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
301 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
302 unsigned int flags)
303 {
304 CMS_SignedData *sd;
305 CMS_SignerInfo *si = NULL;
306 X509_ALGOR *alg;
307 int i, type;
308 if(!X509_check_private_key(signer, pk))
309 {
310 CMSerr(CMS_F_CMS_ADD1_SIGNER,
311 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
312 return NULL;
313 }
314 sd = cms_signed_data_init(cms);
315 if (!sd)
316 goto err;
317 si = M_ASN1_new_of(CMS_SignerInfo);
318 if (!si)
319 goto merr;
320 X509_check_purpose(signer, -1, -1);
321
322 CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
323 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
324
325 si->pkey = pk;
326 si->signer = signer;
327
328 if (flags & CMS_USE_KEYID)
329 {
330 si->version = 3;
331 if (sd->version < 3)
332 sd->version = 3;
333 type = CMS_SIGNERINFO_KEYIDENTIFIER;
334 }
335 else
336 {
337 type = CMS_SIGNERINFO_ISSUER_SERIAL;
338 si->version = 1;
339 }
340
341 if (!cms_set1_SignerIdentifier(si->sid, signer, type))
342 goto err;
343
344 if (md == NULL)
345 {
346 int def_nid;
347 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
348 goto err;
349 md = EVP_get_digestbynid(def_nid);
350 if (md == NULL)
351 {
352 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
353 goto err;
354 }
355 }
356
357 if (!md)
358 {
359 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
360 goto err;
361 }
362
363 cms_DigestAlgorithm_set(si->digestAlgorithm, md);
364
365 /* See if digest is present in digestAlgorithms */
366 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
367 {
368 ASN1_OBJECT *aoid;
369 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
370 X509_ALGOR_get0(&aoid, NULL, NULL, alg);
371 if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
372 break;
373 }
374
375 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
376 {
377 alg = X509_ALGOR_new();
378 if (!alg)
379 goto merr;
380 cms_DigestAlgorithm_set(alg, md);
381 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
382 {
383 X509_ALGOR_free(alg);
384 goto merr;
385 }
386 }
387
388 if (pk->ameth && pk->ameth->pkey_ctrl)
389 {
390 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
391 0, si);
392 if (i == -2)
393 {
394 CMSerr(CMS_F_CMS_ADD1_SIGNER,
395 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
396 goto err;
397 }
398 if (i <= 0)
399 {
400 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
401 goto err;
402 }
403 }
404
405 if (!(flags & CMS_NOATTR))
406 {
407 /* Initialialize signed attributes strutucture so other
408 * attributes such as signing time etc are added later
409 * even if we add none here.
410 */
411 if (!si->signedAttrs)
412 {
413 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
414 if (!si->signedAttrs)
415 goto merr;
416 }
417
418 if (!(flags & CMS_NOSMIMECAP))
419 {
420 STACK_OF(X509_ALGOR) *smcap = NULL;
421 i = CMS_add_standard_smimecap(&smcap);
422 if (i)
423 i = CMS_add_smimecap(si, smcap);
424 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
425 if (!i)
426 goto merr;
427 }
428 if (flags & CMS_REUSE_DIGEST)
429 {
430 if (!cms_copy_messageDigest(cms, si))
431 goto err;
432 if (!(flags & CMS_PARTIAL) &&
433 !CMS_SignerInfo_sign(si))
434 goto err;
435 }
436 }
437
438 if (!(flags & CMS_NOCERTS))
439 {
440 /* NB ignore -1 return for duplicate cert */
441 if (!CMS_add1_cert(cms, signer))
442 goto merr;
443 }
444
445 if (!sd->signerInfos)
446 sd->signerInfos = sk_CMS_SignerInfo_new_null();
447 if (!sd->signerInfos ||
448 !sk_CMS_SignerInfo_push(sd->signerInfos, si))
449 goto merr;
450
451 return si;
452
453 merr:
454 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
455 err:
456 if (si)
457 M_ASN1_free_of(si, CMS_SignerInfo);
458 return NULL;
459
460 }
461
462static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
463 {
464 ASN1_TIME *tt;
465 int r = 0;
466 if (t)
467 tt = t;
468 else
469 tt = X509_gmtime_adj(NULL, 0);
470
471 if (!tt)
472 goto merr;
473
474 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
475 tt->type, tt, -1) <= 0)
476 goto merr;
477
478 r = 1;
479
480 merr:
481
482 if (!t)
483 ASN1_TIME_free(tt);
484
485 if (!r)
486 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
487
488 return r;
489
490 }
491
492STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
493 {
494 CMS_SignedData *sd;
495 sd = cms_get0_signed(cms);
496 if (!sd)
497 return NULL;
498 return sd->signerInfos;
499 }
500
501STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
502 {
503 STACK_OF(X509) *signers = NULL;
504 STACK_OF(CMS_SignerInfo) *sinfos;
505 CMS_SignerInfo *si;
506 int i;
507 sinfos = CMS_get0_SignerInfos(cms);
508 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
509 {
510 si = sk_CMS_SignerInfo_value(sinfos, i);
511 if (si->signer)
512 {
513 if (!signers)
514 {
515 signers = sk_X509_new_null();
516 if (!signers)
517 return NULL;
518 }
519 if (!sk_X509_push(signers, si->signer))
520 {
521 sk_X509_free(signers);
522 return NULL;
523 }
524 }
525 }
526 return signers;
527 }
528
529void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
530 {
531 if (signer)
532 {
533 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
534 if (si->pkey)
535 EVP_PKEY_free(si->pkey);
536 si->pkey = X509_get_pubkey(signer);
537 }
538 if (si->signer)
539 X509_free(si->signer);
540 si->signer = signer;
541 }
542
543int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
544 ASN1_OCTET_STRING **keyid,
545 X509_NAME **issuer, ASN1_INTEGER **sno)
546 {
547 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
548 }
549
550int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
551 {
552 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
553 }
554
555int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
556 unsigned int flags)
557 {
558 CMS_SignedData *sd;
559 CMS_SignerInfo *si;
560 CMS_CertificateChoices *cch;
561 STACK_OF(CMS_CertificateChoices) *certs;
562 X509 *x;
563 int i, j;
564 int ret = 0;
565 sd = cms_get0_signed(cms);
566 if (!sd)
567 return -1;
568 certs = sd->certificates;
569 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
570 {
571 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
572 if (si->signer)
573 continue;
574
575 for (j = 0; j < sk_X509_num(scerts); j++)
576 {
577 x = sk_X509_value(scerts, j);
578 if (CMS_SignerInfo_cert_cmp(si, x) == 0)
579 {
580 CMS_SignerInfo_set1_signer_cert(si, x);
581 ret++;
582 break;
583 }
584 }
585
586 if (si->signer || (flags & CMS_NOINTERN))
587 continue;
588
589 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
590 {
591 cch = sk_CMS_CertificateChoices_value(certs, j);
592 if (cch->type != 0)
593 continue;
594 x = cch->d.certificate;
595 if (CMS_SignerInfo_cert_cmp(si, x) == 0)
596 {
597 CMS_SignerInfo_set1_signer_cert(si, x);
598 ret++;
599 break;
600 }
601 }
602 }
603 return ret;
604 }
605
606void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
607 X509_ALGOR **pdig, X509_ALGOR **psig)
608 {
609 if (pk)
610 *pk = si->pkey;
611 if (signer)
612 *signer = si->signer;
613 if (pdig)
614 *pdig = si->digestAlgorithm;
615 if (psig)
616 *psig = si->signatureAlgorithm;
617 }
618
619static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
620 CMS_SignerInfo *si, BIO *chain)
621 {
622 EVP_MD_CTX mctx;
623 int r = 0;
624 EVP_MD_CTX_init(&mctx);
625
626
627 if (!si->pkey)
628 {
629 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
630 return 0;
631 }
632
633 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
634 goto err;
635
636 /* If any signed attributes calculate and add messageDigest attribute */
637
638 if (CMS_signed_get_attr_count(si) >= 0)
639 {
640 ASN1_OBJECT *ctype =
641 cms->d.signedData->encapContentInfo->eContentType;
642 unsigned char md[EVP_MAX_MD_SIZE];
643 unsigned int mdlen;
644 EVP_DigestFinal_ex(&mctx, md, &mdlen);
645 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
646 V_ASN1_OCTET_STRING,
647 md, mdlen))
648 goto err;
649 /* Copy content type across */
650 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
651 V_ASN1_OBJECT, ctype, -1) <= 0)
652 goto err;
653 if (!CMS_SignerInfo_sign(si))
654 goto err;
655 }
656 else
657 {
658 unsigned char *sig;
659 unsigned int siglen;
660 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
661 if (!sig)
662 {
663 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
664 ERR_R_MALLOC_FAILURE);
665 goto err;
666 }
667 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
668 {
669 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
670 CMS_R_SIGNFINAL_ERROR);
671 OPENSSL_free(sig);
672 goto err;
673 }
674 ASN1_STRING_set0(si->signature, sig, siglen);
675 }
676
677 r = 1;
678
679 err:
680 EVP_MD_CTX_cleanup(&mctx);
681 return r;
682
683 }
684
685int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
686 {
687 STACK_OF(CMS_SignerInfo) *sinfos;
688 CMS_SignerInfo *si;
689 int i;
690 sinfos = CMS_get0_SignerInfos(cms);
691 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
692 {
693 si = sk_CMS_SignerInfo_value(sinfos, i);
694 if (!cms_SignerInfo_content_sign(cms, si, chain))
695 return 0;
696 }
697 cms->d.signedData->encapContentInfo->partial = 0;
698 return 1;
699 }
700
701int CMS_SignerInfo_sign(CMS_SignerInfo *si)
702 {
703 EVP_MD_CTX mctx;
704 EVP_PKEY_CTX *pctx;
705 unsigned char *abuf = NULL;
706 int alen;
707 size_t siglen;
708 const EVP_MD *md = NULL;
709
710 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
711 if (md == NULL)
712 return 0;
713
714 EVP_MD_CTX_init(&mctx);
715
716 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
717 {
718 if (!cms_add1_signingTime(si, NULL))
719 goto err;
720 }
721
722 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
723 goto err;
724
725 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
726 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
727 {
728 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
729 goto err;
730 }
731
732 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
733 ASN1_ITEM_rptr(CMS_Attributes_Sign));
734 if(!abuf)
735 goto err;
736 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
737 goto err;
738 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
739 goto err;
740 OPENSSL_free(abuf);
741 abuf = OPENSSL_malloc(siglen);
742 if(!abuf)
743 goto err;
744 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
745 goto err;
746
747 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
748 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
749 {
750 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
751 goto err;
752 }
753
754 EVP_MD_CTX_cleanup(&mctx);
755
756 ASN1_STRING_set0(si->signature, abuf, siglen);
757
758 return 1;
759
760 err:
761 if (abuf)
762 OPENSSL_free(abuf);
763 EVP_MD_CTX_cleanup(&mctx);
764 return 0;
765
766 }
767
768int CMS_SignerInfo_verify(CMS_SignerInfo *si)
769 {
770 EVP_MD_CTX mctx;
771 EVP_PKEY_CTX *pctx;
772 unsigned char *abuf = NULL;
773 int alen, r = -1;
774 const EVP_MD *md = NULL;
775
776 if (!si->pkey)
777 {
778 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
779 return -1;
780 }
781
782 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
783 if (md == NULL)
784 return -1;
785 EVP_MD_CTX_init(&mctx);
786 if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
787 goto err;
788
789 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
790 ASN1_ITEM_rptr(CMS_Attributes_Verify));
791 if(!abuf)
792 goto err;
793 r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
794 OPENSSL_free(abuf);
795 if (r <= 0)
796 {
797 r = -1;
798 goto err;
799 }
800 r = EVP_DigestVerifyFinal(&mctx,
801 si->signature->data, si->signature->length);
802 if (r <= 0)
803 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
804 err:
805 EVP_MD_CTX_cleanup(&mctx);
806 return r;
807 }
808
809/* Create a chain of digest BIOs from a CMS ContentInfo */
810
811BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
812 {
813 int i;
814 CMS_SignedData *sd;
815 BIO *chain = NULL;
816 sd = cms_get0_signed(cms);
817 if (!sd)
818 return NULL;
819 if (cms->d.signedData->encapContentInfo->partial)
820 cms_sd_set_version(sd);
821 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
822 {
823 X509_ALGOR *digestAlgorithm;
824 BIO *mdbio;
825 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
826 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
827 if (!mdbio)
828 goto err;
829 if (chain)
830 BIO_push(chain, mdbio);
831 else
832 chain = mdbio;
833 }
834 return chain;
835 err:
836 if (chain)
837 BIO_free_all(chain);
838 return NULL;
839 }
840
841int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
842 {
843 ASN1_OCTET_STRING *os = NULL;
844 EVP_MD_CTX mctx;
845 int r = -1;
846 EVP_MD_CTX_init(&mctx);
847 /* If we have any signed attributes look for messageDigest value */
848 if (CMS_signed_get_attr_count(si) >= 0)
849 {
850 os = CMS_signed_get0_data_by_OBJ(si,
851 OBJ_nid2obj(NID_pkcs9_messageDigest),
852 -3, V_ASN1_OCTET_STRING);
853 if (!os)
854 {
855 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
856 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
857 goto err;
858 }
859 }
860
861 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
862 goto err;
863
864 /* If messageDigest found compare it */
865
866 if (os)
867 {
868 unsigned char mval[EVP_MAX_MD_SIZE];
869 unsigned int mlen;
870 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
871 {
872 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
873 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
874 goto err;
875 }
876 if (mlen != (unsigned int)os->length)
877 {
878 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
879 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
880 goto err;
881 }
882
883 if (memcmp(mval, os->data, mlen))
884 {
885 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
886 CMS_R_VERIFICATION_FAILURE);
887 r = 0;
888 }
889 else
890 r = 1;
891 }
892 else
893 {
894 r = EVP_VerifyFinal(&mctx, si->signature->data,
895 si->signature->length, si->pkey);
896 if (r <= 0)
897 {
898 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
899 CMS_R_VERIFICATION_FAILURE);
900 r = 0;
901 }
902 }
903
904 err:
905 EVP_MD_CTX_cleanup(&mctx);
906 return r;
907
908 }
909
910int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
911 {
912 unsigned char *smder = NULL;
913 int smderlen, r;
914 smderlen = i2d_X509_ALGORS(algs, &smder);
915 if (smderlen <= 0)
916 return 0;
917 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
918 V_ASN1_SEQUENCE, smder, smderlen);
919 OPENSSL_free(smder);
920 return r;
921 }
922
923int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
924 int algnid, int keysize)
925 {
926 X509_ALGOR *alg;
927 ASN1_INTEGER *key = NULL;
928 if (keysize > 0)
929 {
930 key = ASN1_INTEGER_new();
931 if (!key || !ASN1_INTEGER_set(key, keysize))
932 return 0;
933 }
934 alg = X509_ALGOR_new();
935 if (!alg)
936 {
937 if (key)
938 ASN1_INTEGER_free(key);
939 return 0;
940 }
941
942 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
943 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
944 if (!*algs)
945 *algs = sk_X509_ALGOR_new_null();
946 if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
947 {
948 X509_ALGOR_free(alg);
949 return 0;
950 }
951 return 1;
952 }
953
954/* Check to see if a cipher exists and if so add S/MIME capabilities */
955
956static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
957 {
958 if (EVP_get_cipherbynid(nid))
959 return CMS_add_simple_smimecap(sk, nid, arg);
960 return 1;
961 }
962
963static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
964 {
965 if (EVP_get_digestbynid(nid))
966 return CMS_add_simple_smimecap(sk, nid, arg);
967 return 1;
968 }
969
970int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
971 {
972 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
973 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
974 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
975 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
976 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
977 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
978 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
979 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
980 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
981 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
982 return 0;
983 return 1;
984 }
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
deleted file mode 100644
index 4a799eb897..0000000000
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ /dev/null
@@ -1,797 +0,0 @@
1/* crypto/cms/cms_smime.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/x509.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61
62static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
63 {
64 unsigned char buf[4096];
65 int r = 0, i;
66 BIO *tmpout = NULL;
67
68 if (out == NULL)
69 tmpout = BIO_new(BIO_s_null());
70 else if (flags & CMS_TEXT)
71 {
72 tmpout = BIO_new(BIO_s_mem());
73 BIO_set_mem_eof_return(tmpout, 0);
74 }
75 else
76 tmpout = out;
77
78 if(!tmpout)
79 {
80 CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
81 goto err;
82 }
83
84 /* Read all content through chain to process digest, decrypt etc */
85 for (;;)
86 {
87 i=BIO_read(in,buf,sizeof(buf));
88 if (i <= 0)
89 {
90 if (BIO_method_type(in) == BIO_TYPE_CIPHER)
91 {
92 if (!BIO_get_cipher_status(in))
93 goto err;
94 }
95 if (i < 0)
96 goto err;
97 break;
98 }
99
100 if (tmpout && (BIO_write(tmpout, buf, i) != i))
101 goto err;
102 }
103
104 if(flags & CMS_TEXT)
105 {
106 if(!SMIME_text(tmpout, out))
107 {
108 CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
109 goto err;
110 }
111 }
112
113 r = 1;
114
115 err:
116 if (tmpout && (tmpout != out))
117 BIO_free(tmpout);
118 return r;
119
120 }
121
122static int check_content(CMS_ContentInfo *cms)
123 {
124 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
125 if (!pos || !*pos)
126 {
127 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
128 return 0;
129 }
130 return 1;
131 }
132
133static void do_free_upto(BIO *f, BIO *upto)
134 {
135 if (upto)
136 {
137 BIO *tbio;
138 do
139 {
140 tbio = BIO_pop(f);
141 BIO_free(f);
142 f = tbio;
143 }
144 while (f != upto);
145 }
146 else
147 BIO_free_all(f);
148 }
149
150int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
151 {
152 BIO *cont;
153 int r;
154 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
155 {
156 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
157 return 0;
158 }
159 cont = CMS_dataInit(cms, NULL);
160 if (!cont)
161 return 0;
162 r = cms_copy_content(out, cont, flags);
163 BIO_free_all(cont);
164 return r;
165 }
166
167CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
168 {
169 CMS_ContentInfo *cms;
170 cms = cms_Data_create();
171 if (!cms)
172 return NULL;
173
174 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
175 return cms;
176
177 CMS_ContentInfo_free(cms);
178
179 return NULL;
180 }
181
182int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
183 unsigned int flags)
184 {
185 BIO *cont;
186 int r;
187 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
188 {
189 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
190 return 0;
191 }
192
193 if (!dcont && !check_content(cms))
194 return 0;
195
196 cont = CMS_dataInit(cms, dcont);
197 if (!cont)
198 return 0;
199 r = cms_copy_content(out, cont, flags);
200 if (r)
201 r = cms_DigestedData_do_final(cms, cont, 1);
202 do_free_upto(cont, dcont);
203 return r;
204 }
205
206CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
207 unsigned int flags)
208 {
209 CMS_ContentInfo *cms;
210 if (!md)
211 md = EVP_sha1();
212 cms = cms_DigestedData_create(md);
213 if (!cms)
214 return NULL;
215
216 if(!(flags & CMS_DETACHED))
217 CMS_set_detached(cms, 0);
218
219 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
220 return cms;
221
222 CMS_ContentInfo_free(cms);
223 return NULL;
224 }
225
226int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
227 const unsigned char *key, size_t keylen,
228 BIO *dcont, BIO *out, unsigned int flags)
229 {
230 BIO *cont;
231 int r;
232 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
233 {
234 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
235 CMS_R_TYPE_NOT_ENCRYPTED_DATA);
236 return 0;
237 }
238
239 if (!dcont && !check_content(cms))
240 return 0;
241
242 if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
243 return 0;
244 cont = CMS_dataInit(cms, dcont);
245 if (!cont)
246 return 0;
247 r = cms_copy_content(out, cont, flags);
248 do_free_upto(cont, dcont);
249 return r;
250 }
251
252CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
253 const unsigned char *key, size_t keylen,
254 unsigned int flags)
255 {
256 CMS_ContentInfo *cms;
257 if (!cipher)
258 {
259 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
260 return NULL;
261 }
262 cms = CMS_ContentInfo_new();
263 if (!cms)
264 return NULL;
265 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
266 return NULL;
267
268 if(!(flags & CMS_DETACHED))
269 CMS_set_detached(cms, 0);
270
271 if ((flags & (CMS_STREAM|CMS_PARTIAL))
272 || CMS_final(cms, in, NULL, flags))
273 return cms;
274
275 CMS_ContentInfo_free(cms);
276 return NULL;
277 }
278
279static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
280 X509_STORE *store,
281 STACK_OF(X509) *certs,
282 STACK_OF(X509_CRL) *crls,
283 unsigned int flags)
284 {
285 X509_STORE_CTX ctx;
286 X509 *signer;
287 int i, j, r = 0;
288 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
289 if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
290 {
291 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
292 CMS_R_STORE_INIT_ERROR);
293 goto err;
294 }
295 X509_STORE_CTX_set_default(&ctx, "smime_sign");
296 if (crls)
297 X509_STORE_CTX_set0_crls(&ctx, crls);
298
299 i = X509_verify_cert(&ctx);
300 if (i <= 0)
301 {
302 j = X509_STORE_CTX_get_error(&ctx);
303 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
304 CMS_R_CERTIFICATE_VERIFY_ERROR);
305 ERR_add_error_data(2, "Verify error:",
306 X509_verify_cert_error_string(j));
307 goto err;
308 }
309 r = 1;
310 err:
311 X509_STORE_CTX_cleanup(&ctx);
312 return r;
313
314 }
315
316int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
317 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
318 {
319 CMS_SignerInfo *si;
320 STACK_OF(CMS_SignerInfo) *sinfos;
321 STACK_OF(X509) *cms_certs = NULL;
322 STACK_OF(X509_CRL) *crls = NULL;
323 X509 *signer;
324 int i, scount = 0, ret = 0;
325 BIO *cmsbio = NULL, *tmpin = NULL;
326
327 if (!dcont && !check_content(cms))
328 return 0;
329
330 /* Attempt to find all signer certificates */
331
332 sinfos = CMS_get0_SignerInfos(cms);
333
334 if (sk_CMS_SignerInfo_num(sinfos) <= 0)
335 {
336 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
337 goto err;
338 }
339
340 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
341 {
342 si = sk_CMS_SignerInfo_value(sinfos, i);
343 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
344 if (signer)
345 scount++;
346 }
347
348 if (scount != sk_CMS_SignerInfo_num(sinfos))
349 scount += CMS_set1_signers_certs(cms, certs, flags);
350
351 if (scount != sk_CMS_SignerInfo_num(sinfos))
352 {
353 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
354 goto err;
355 }
356
357 /* Attempt to verify all signers certs */
358
359 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
360 {
361 cms_certs = CMS_get1_certs(cms);
362 if (!(flags & CMS_NOCRL))
363 crls = CMS_get1_crls(cms);
364 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
365 {
366 si = sk_CMS_SignerInfo_value(sinfos, i);
367 if (!cms_signerinfo_verify_cert(si, store,
368 cms_certs, crls, flags))
369 goto err;
370 }
371 }
372
373 /* Attempt to verify all SignerInfo signed attribute signatures */
374
375 if (!(flags & CMS_NO_ATTR_VERIFY))
376 {
377 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
378 {
379 si = sk_CMS_SignerInfo_value(sinfos, i);
380 if (CMS_signed_get_attr_count(si) < 0)
381 continue;
382 if (CMS_SignerInfo_verify(si) <= 0)
383 goto err;
384 }
385 }
386
387 /* Performance optimization: if the content is a memory BIO then
388 * store its contents in a temporary read only memory BIO. This
389 * avoids potentially large numbers of slow copies of data which will
390 * occur when reading from a read write memory BIO when signatures
391 * are calculated.
392 */
393
394 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
395 {
396 char *ptr;
397 long len;
398 len = BIO_get_mem_data(dcont, &ptr);
399 tmpin = BIO_new_mem_buf(ptr, len);
400 if (tmpin == NULL)
401 {
402 CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
403 return 0;
404 }
405 }
406 else
407 tmpin = dcont;
408
409
410 cmsbio=CMS_dataInit(cms, tmpin);
411 if (!cmsbio)
412 goto err;
413
414 if (!cms_copy_content(out, cmsbio, flags))
415 goto err;
416
417 if (!(flags & CMS_NO_CONTENT_VERIFY))
418 {
419 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
420 {
421 si = sk_CMS_SignerInfo_value(sinfos, i);
422 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
423 {
424 CMSerr(CMS_F_CMS_VERIFY,
425 CMS_R_CONTENT_VERIFY_ERROR);
426 goto err;
427 }
428 }
429 }
430
431 ret = 1;
432
433 err:
434
435 if (dcont && (tmpin == dcont))
436 do_free_upto(cmsbio, dcont);
437 else
438 BIO_free_all(cmsbio);
439
440 if (cms_certs)
441 sk_X509_pop_free(cms_certs, X509_free);
442 if (crls)
443 sk_X509_CRL_pop_free(crls, X509_CRL_free);
444
445 return ret;
446 }
447
448int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
449 STACK_OF(X509) *certs,
450 X509_STORE *store, unsigned int flags)
451 {
452 int r;
453 flags &= ~(CMS_DETACHED|CMS_TEXT);
454 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
455 if (r <= 0)
456 return r;
457 return cms_Receipt_verify(rcms, ocms);
458 }
459
460CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
461 BIO *data, unsigned int flags)
462 {
463 CMS_ContentInfo *cms;
464 int i;
465
466 cms = CMS_ContentInfo_new();
467 if (!cms || !CMS_SignedData_init(cms))
468 goto merr;
469
470 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
471 {
472 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
473 goto err;
474 }
475
476 for (i = 0; i < sk_X509_num(certs); i++)
477 {
478 X509 *x = sk_X509_value(certs, i);
479 if (!CMS_add1_cert(cms, x))
480 goto merr;
481 }
482
483 if(!(flags & CMS_DETACHED))
484 CMS_set_detached(cms, 0);
485
486 if ((flags & (CMS_STREAM|CMS_PARTIAL))
487 || CMS_final(cms, data, NULL, flags))
488 return cms;
489 else
490 goto err;
491
492 merr:
493 CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
494
495 err:
496 if (cms)
497 CMS_ContentInfo_free(cms);
498 return NULL;
499 }
500
501CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
502 X509 *signcert, EVP_PKEY *pkey,
503 STACK_OF(X509) *certs,
504 unsigned int flags)
505 {
506 CMS_SignerInfo *rct_si;
507 CMS_ContentInfo *cms = NULL;
508 ASN1_OCTET_STRING **pos, *os;
509 BIO *rct_cont = NULL;
510 int r = 0;
511
512 flags &= ~(CMS_STREAM|CMS_TEXT);
513 /* Not really detached but avoids content being allocated */
514 flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
515 if (!pkey || !signcert)
516 {
517 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
518 return NULL;
519 }
520
521 /* Initialize signed data */
522
523 cms = CMS_sign(NULL, NULL, certs, NULL, flags);
524 if (!cms)
525 goto err;
526
527 /* Set inner content type to signed receipt */
528 if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
529 goto err;
530
531 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
532 if (!rct_si)
533 {
534 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
535 goto err;
536 }
537
538 os = cms_encode_Receipt(si);
539
540 if (!os)
541 goto err;
542
543 /* Set content to digest */
544 rct_cont = BIO_new_mem_buf(os->data, os->length);
545 if (!rct_cont)
546 goto err;
547
548 /* Add msgSigDigest attribute */
549
550 if (!cms_msgSigDigest_add1(rct_si, si))
551 goto err;
552
553 /* Finalize structure */
554 if (!CMS_final(cms, rct_cont, NULL, flags))
555 goto err;
556
557 /* Set embedded content */
558 pos = CMS_get0_content(cms);
559 *pos = os;
560
561 r = 1;
562
563 err:
564 if (rct_cont)
565 BIO_free(rct_cont);
566 if (r)
567 return cms;
568 CMS_ContentInfo_free(cms);
569 return NULL;
570
571 }
572
573CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
574 const EVP_CIPHER *cipher, unsigned int flags)
575 {
576 CMS_ContentInfo *cms;
577 int i;
578 X509 *recip;
579 cms = CMS_EnvelopedData_create(cipher);
580 if (!cms)
581 goto merr;
582 for (i = 0; i < sk_X509_num(certs); i++)
583 {
584 recip = sk_X509_value(certs, i);
585 if (!CMS_add1_recipient_cert(cms, recip, flags))
586 {
587 CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
588 goto err;
589 }
590 }
591
592 if(!(flags & CMS_DETACHED))
593 CMS_set_detached(cms, 0);
594
595 if ((flags & (CMS_STREAM|CMS_PARTIAL))
596 || CMS_final(cms, data, NULL, flags))
597 return cms;
598 else
599 goto err;
600
601 merr:
602 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
603 err:
604 if (cms)
605 CMS_ContentInfo_free(cms);
606 return NULL;
607 }
608
609int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
610 {
611 STACK_OF(CMS_RecipientInfo) *ris;
612 CMS_RecipientInfo *ri;
613 int i, r;
614 ris = CMS_get0_RecipientInfos(cms);
615 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
616 {
617 ri = sk_CMS_RecipientInfo_value(ris, i);
618 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
619 continue;
620 /* If we have a cert try matching RecipientInfo
621 * otherwise try them all.
622 */
623 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
624 {
625 CMS_RecipientInfo_set0_pkey(ri, pk);
626 r = CMS_RecipientInfo_decrypt(cms, ri);
627 CMS_RecipientInfo_set0_pkey(ri, NULL);
628 if (r > 0)
629 return 1;
630 if (cert)
631 {
632 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
633 CMS_R_DECRYPT_ERROR);
634 return 0;
635 }
636 ERR_clear_error();
637 }
638 }
639
640 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
641 return 0;
642
643 }
644
645int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
646 unsigned char *key, size_t keylen,
647 unsigned char *id, size_t idlen)
648 {
649 STACK_OF(CMS_RecipientInfo) *ris;
650 CMS_RecipientInfo *ri;
651 int i, r;
652 ris = CMS_get0_RecipientInfos(cms);
653 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
654 {
655 ri = sk_CMS_RecipientInfo_value(ris, i);
656 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
657 continue;
658
659 /* If we have an id try matching RecipientInfo
660 * otherwise try them all.
661 */
662 if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
663 {
664 CMS_RecipientInfo_set0_key(ri, key, keylen);
665 r = CMS_RecipientInfo_decrypt(cms, ri);
666 CMS_RecipientInfo_set0_key(ri, NULL, 0);
667 if (r > 0)
668 return 1;
669 if (id)
670 {
671 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
672 CMS_R_DECRYPT_ERROR);
673 return 0;
674 }
675 ERR_clear_error();
676 }
677 }
678
679 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
680 return 0;
681
682 }
683
684int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
685 BIO *dcont, BIO *out,
686 unsigned int flags)
687 {
688 int r;
689 BIO *cont;
690 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
691 {
692 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
693 return 0;
694 }
695 if (!dcont && !check_content(cms))
696 return 0;
697 if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
698 return 0;
699
700 cont = CMS_dataInit(cms, dcont);
701 if (!cont)
702 return 0;
703 r = cms_copy_content(out, cont, flags);
704 do_free_upto(cont, dcont);
705 return r;
706 }
707
708int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
709 {
710 BIO *cmsbio;
711 int ret = 0;
712 if (!(cmsbio = CMS_dataInit(cms, dcont)))
713 {
714 CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
715 return 0;
716 }
717
718 SMIME_crlf_copy(data, cmsbio, flags);
719
720 (void)BIO_flush(cmsbio);
721
722
723 if (!CMS_dataFinal(cms, cmsbio))
724 {
725 CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
726 goto err;
727 }
728
729 ret = 1;
730
731 err:
732 do_free_upto(cmsbio, dcont);
733
734 return ret;
735
736 }
737
738#ifdef ZLIB
739
740int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
741 unsigned int flags)
742 {
743 BIO *cont;
744 int r;
745 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
746 {
747 CMSerr(CMS_F_CMS_UNCOMPRESS,
748 CMS_R_TYPE_NOT_COMPRESSED_DATA);
749 return 0;
750 }
751
752 if (!dcont && !check_content(cms))
753 return 0;
754
755 cont = CMS_dataInit(cms, dcont);
756 if (!cont)
757 return 0;
758 r = cms_copy_content(out, cont, flags);
759 do_free_upto(cont, dcont);
760 return r;
761 }
762
763CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
764 {
765 CMS_ContentInfo *cms;
766 if (comp_nid <= 0)
767 comp_nid = NID_zlib_compression;
768 cms = cms_CompressedData_create(comp_nid);
769 if (!cms)
770 return NULL;
771
772 if(!(flags & CMS_DETACHED))
773 CMS_set_detached(cms, 0);
774
775 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
776 return cms;
777
778 CMS_ContentInfo_free(cms);
779 return NULL;
780 }
781
782#else
783
784int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
785 unsigned int flags)
786 {
787 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
788 return 0;
789 }
790
791CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
792 {
793 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
794 return NULL;
795 }
796
797#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 16:46:38 +0000