summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
committercvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
commitb1ddde874c215cc8891531ed92876f091b7eb83e (patch)
treeedb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libcrypto/cms
parentf0a36529837a161734c802ae4c42e84e42347be2 (diff)
downloadopenbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414
Diffstat (limited to 'src/lib/libcrypto/cms')
-rw-r--r--src/lib/libcrypto/cms/cms.h534
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c1629
-rw-r--r--src/lib/libcrypto/cms/cms_att.c231
-rw-r--r--src/lib/libcrypto/cms/cms_dd.c152
-rw-r--r--src/lib/libcrypto/cms/cms_enc.c266
-rw-r--r--src/lib/libcrypto/cms/cms_env.c996
-rw-r--r--src/lib/libcrypto/cms/cms_err.c166
-rw-r--r--src/lib/libcrypto/cms/cms_ess.c413
-rw-r--r--src/lib/libcrypto/cms/cms_io.c180
-rw-r--r--src/lib/libcrypto/cms/cms_kari.c490
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c780
-rw-r--r--src/lib/libcrypto/cms/cms_local.h472
-rw-r--r--src/lib/libcrypto/cms/cms_pwri.c438
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c1088
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c908
15 files changed, 0 insertions, 8743 deletions
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
deleted file mode 100644
index 90030bdde0..0000000000
--- a/src/lib/libcrypto/cms/cms.h
+++ /dev/null
@@ -1,534 +0,0 @@
1/* $OpenBSD: cms.h,v 1.18 2024/03/30 00:35:15 joshua Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#ifndef HEADER_CMS_H
56#define HEADER_CMS_H
57
58#include <openssl/opensslconf.h>
59
60#ifndef OPENSSL_NO_CMS
61
62#include <openssl/pem.h>
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66#ifdef __cplusplus
67extern "C" {
68#endif
69
70typedef struct CMS_ContentInfo_st CMS_ContentInfo;
71typedef struct CMS_SignerInfo_st CMS_SignerInfo;
72typedef struct CMS_CertificateChoices CMS_CertificateChoices;
73typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
74typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
75typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
76typedef struct CMS_Receipt_st CMS_Receipt;
77typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
78typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
79
80DECLARE_STACK_OF(CMS_SignerInfo)
81DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
82DECLARE_STACK_OF(CMS_RecipientInfo)
83DECLARE_STACK_OF(CMS_RevocationInfoChoice)
84CMS_ContentInfo *CMS_ContentInfo_new(void);
85void CMS_ContentInfo_free(CMS_ContentInfo *a);
86CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len);
87int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **out);
88extern const ASN1_ITEM CMS_ContentInfo_it;
89CMS_ReceiptRequest *CMS_ReceiptRequest_new(void);
90void CMS_ReceiptRequest_free(CMS_ReceiptRequest *a);
91CMS_ReceiptRequest *d2i_CMS_ReceiptRequest(CMS_ReceiptRequest **a, const unsigned char **in, long len);
92int i2d_CMS_ReceiptRequest(CMS_ReceiptRequest *a, unsigned char **out);
93extern const ASN1_ITEM CMS_ReceiptRequest_it;
94int CMS_ContentInfo_print_ctx(BIO *out, CMS_ContentInfo *x, int indent, const ASN1_PCTX *pctx);
95
96#define CMS_SIGNERINFO_ISSUER_SERIAL 0
97#define CMS_SIGNERINFO_KEYIDENTIFIER 1
98
99#define CMS_RECIPINFO_NONE -1
100#define CMS_RECIPINFO_TRANS 0
101#define CMS_RECIPINFO_AGREE 1
102#define CMS_RECIPINFO_KEK 2
103#define CMS_RECIPINFO_PASS 3
104#define CMS_RECIPINFO_OTHER 4
105
106/* S/MIME related flags */
107
108#define CMS_TEXT 0x1
109#define CMS_NOCERTS 0x2
110#define CMS_NO_CONTENT_VERIFY 0x4
111#define CMS_NO_ATTR_VERIFY 0x8
112#define CMS_NOSIGS \
113 (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
114#define CMS_NOINTERN 0x10
115#define CMS_NO_SIGNER_CERT_VERIFY 0x20
116#define CMS_NOVERIFY 0x20
117#define CMS_DETACHED 0x40
118#define CMS_BINARY 0x80
119#define CMS_NOATTR 0x100
120#define CMS_NOSMIMECAP 0x200
121#define CMS_NOOLDMIMETYPE 0x400
122#define CMS_CRLFEOL 0x800
123#define CMS_STREAM 0x1000
124#define CMS_NOCRL 0x2000
125#define CMS_PARTIAL 0x4000
126#define CMS_REUSE_DIGEST 0x8000
127#define CMS_USE_KEYID 0x10000
128#define CMS_DEBUG_DECRYPT 0x20000
129#define CMS_KEY_PARAM 0x40000
130#define CMS_ASCIICRLF 0x80000
131
132const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
133
134int CMS_get_version(const CMS_ContentInfo *cms, long *version);
135int CMS_SignerInfo_get_version(const CMS_SignerInfo *si, long *version);
136
137BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
138int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
139
140ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
141int CMS_is_detached(CMS_ContentInfo *cms);
142int CMS_set_detached(CMS_ContentInfo *cms, int detached);
143
144CMS_ContentInfo *PEM_read_bio_CMS(BIO *bp, CMS_ContentInfo **x,
145 pem_password_cb *cb, void *u);
146CMS_ContentInfo *PEM_read_CMS(FILE *fp, CMS_ContentInfo **x,
147 pem_password_cb *cb, void *u);
148int PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x);
149int PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x);
150int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
151CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
152int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
153
154BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
155int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
156int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
157 int flags);
158CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
159int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
160
161int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
162
163CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
164 BIO *data, unsigned int flags);
165
166CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
167 EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
168
169int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
170CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
171
172int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
173 unsigned int flags);
174CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
175 unsigned int flags);
176
177int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
178 size_t keylen, BIO *dcont, BIO *out, unsigned int flags);
179
180CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
181 const unsigned char *key, size_t keylen, unsigned int flags);
182
183int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
184 const unsigned char *key, size_t keylen);
185
186int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
187 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
188
189int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
190 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
191
192STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
193
194CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
195 const EVP_CIPHER *cipher, unsigned int flags);
196
197int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
198 BIO *dcont, BIO *out, unsigned int flags);
199
200int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
201int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key,
202 size_t keylen, const unsigned char *id, size_t idlen);
203int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
204 ssize_t passlen);
205
206STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
207int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
208EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
209CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
210CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
211 unsigned int flags);
212int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
213int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
214int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
215 X509 **recip, X509_ALGOR **palg);
216int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
217 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
218
219CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
220 unsigned char *key, size_t keylen, unsigned char *id, size_t idlen,
221 ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType);
222
223int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
224 ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
225 ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
226
227int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
228 size_t keylen);
229
230int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
231 const unsigned char *id, size_t idlen);
232
233int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
234 ssize_t passlen);
235
236CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter,
237 int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen,
238 const EVP_CIPHER *kekciph);
239
240int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
241int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
242
243int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
244 unsigned int flags);
245CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
246
247int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
248const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
249
250CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
251int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
252int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
253STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
254
255CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
256int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
257int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
258STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
259
260int CMS_SignedData_init(CMS_ContentInfo *cms);
261CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer,
262 EVP_PKEY *pk, const EVP_MD *md, unsigned int flags);
263EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
264EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
265STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
266
267void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
268int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
269 X509_NAME **issuer, ASN1_INTEGER **sno);
270int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
271int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
272 unsigned int flags);
273void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
274 X509_ALGOR **pdig, X509_ALGOR **psig);
275ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
276int CMS_SignerInfo_sign(CMS_SignerInfo *si);
277int CMS_SignerInfo_verify(CMS_SignerInfo *si);
278int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
279
280int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
281int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid,
282 int keysize);
283int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
284
285int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
286int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos);
287int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
288 int lastpos);
289X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
290X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
291int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
292int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
293 int type, const void *bytes, int len);
294int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
295 const void *bytes, int len);
296int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
297 const char *attrname, int type, const void *bytes, int len);
298void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
299 int lastpos, int type);
300
301int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
302int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
303 int lastpos);
304int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
305 const ASN1_OBJECT *obj, int lastpos);
306X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
307X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
308int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
309int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
310 const ASN1_OBJECT *obj, int type, const void *bytes, int len);
311int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
312 const void *bytes, int len);
313int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
314 int type, const void *bytes, int len);
315void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
316 int lastpos, int type);
317
318int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
319CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
320 int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList,
321 STACK_OF(GENERAL_NAMES) *receiptsTo);
322int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
323void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
324 int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
325 STACK_OF(GENERAL_NAMES) **prto);
326
327int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
328 ASN1_OCTET_STRING **pukm);
329STACK_OF(CMS_RecipientEncryptedKey) *
330 CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
331
332int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
333 X509_ALGOR **pubalg, ASN1_BIT_STRING **pubkey, ASN1_OCTET_STRING **keyid,
334 X509_NAME **issuer, ASN1_INTEGER **sno);
335
336int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
337
338int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
339 ASN1_OCTET_STRING **keyid, ASN1_GENERALIZEDTIME **tm,
340 CMS_OtherKeyAttribute **other, X509_NAME **issuer, ASN1_INTEGER **sno);
341int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
342 X509 *cert);
343int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
344EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
345int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
346 CMS_RecipientInfo *ri, CMS_RecipientEncryptedKey *rek);
347
348int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
349 ASN1_OCTET_STRING *ukm, int keylen);
350
351/* Backward compatibility for spelling errors. */
352#define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
353#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
354 CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
355
356int ERR_load_CMS_strings(void);
357
358/*
359 * CMS function codes.
360 */
361#define CMS_F_CHECK_CONTENT 99
362#define CMS_F_CMS_ADD0_CERT 164
363#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
364#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
365#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
366#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
367#define CMS_F_CMS_ADD1_SIGNER 102
368#define CMS_F_CMS_ADD1_SIGNINGTIME 103
369#define CMS_F_CMS_COMPRESS 104
370#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
371#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
372#define CMS_F_CMS_COPY_CONTENT 107
373#define CMS_F_CMS_COPY_MESSAGEDIGEST 108
374#define CMS_F_CMS_DATA 109
375#define CMS_F_CMS_DATAFINAL 110
376#define CMS_F_CMS_DATAINIT 111
377#define CMS_F_CMS_DECRYPT 112
378#define CMS_F_CMS_DECRYPT_SET1_KEY 113
379#define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
380#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
381#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
382#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
383#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
384#define CMS_F_CMS_DIGEST_VERIFY 118
385#define CMS_F_CMS_ENCODE_RECEIPT 161
386#define CMS_F_CMS_ENCRYPT 119
387#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179
388#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
389#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
390#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
391#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
392#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
393#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
394#define CMS_F_CMS_ENVELOPED_DATA_INIT 126
395#define CMS_F_CMS_ENV_ASN1_CTRL 171
396#define CMS_F_CMS_FINAL 127
397#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
398#define CMS_F_CMS_GET0_CONTENT 129
399#define CMS_F_CMS_GET0_ECONTENT_TYPE 130
400#define CMS_F_CMS_GET0_ENVELOPED 131
401#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
402#define CMS_F_CMS_GET0_SIGNED 133
403#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
404#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
405#define CMS_F_CMS_RECEIPT_VERIFY 160
406#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
407#define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169
408#define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178
409#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175
410#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173
411#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172
412#define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174
413#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
414#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
415#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
416#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
417#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
418#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
419#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
420#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
421#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
422#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
423#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
424#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
425#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
426#define CMS_F_CMS_SD_ASN1_CTRL 170
427#define CMS_F_CMS_SET1_IAS 176
428#define CMS_F_CMS_SET1_KEYID 177
429#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
430#define CMS_F_CMS_SET_DETACHED 147
431#define CMS_F_CMS_SIGN 148
432#define CMS_F_CMS_SIGNED_DATA_INIT 149
433#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
434#define CMS_F_CMS_SIGNERINFO_SIGN 151
435#define CMS_F_CMS_SIGNERINFO_VERIFY 152
436#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
437#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
438#define CMS_F_CMS_SIGN_RECEIPT 163
439#define CMS_F_CMS_STREAM 155
440#define CMS_F_CMS_UNCOMPRESS 156
441#define CMS_F_CMS_VERIFY 157
442#define CMS_F_KEK_UNWRAP_KEY 180
443
444/*
445 * CMS reason codes.
446 */
447#define CMS_R_ADD_SIGNER_ERROR 99
448#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
449#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
450#define CMS_R_CERTIFICATE_VERIFY_ERROR 100
451#define CMS_R_CIPHER_INITIALISATION_ERROR 101
452#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
453#define CMS_R_CMS_DATAFINAL_ERROR 103
454#define CMS_R_CMS_LIB 104
455#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
456#define CMS_R_CONTENT_NOT_FOUND 105
457#define CMS_R_CONTENT_TYPE_MISMATCH 171
458#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
459#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
460#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
461#define CMS_R_CONTENT_VERIFY_ERROR 109
462#define CMS_R_CTRL_ERROR 110
463#define CMS_R_CTRL_FAILURE 111
464#define CMS_R_DECRYPT_ERROR 112
465#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
466#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
467#define CMS_R_ERROR_SETTING_KEY 115
468#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
469#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
470#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
471#define CMS_R_INVALID_KEY_LENGTH 118
472#define CMS_R_MD_BIO_INIT_ERROR 119
473#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
474#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
475#define CMS_R_MSGSIGDIGEST_ERROR 172
476#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
477#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
478#define CMS_R_NEED_ONE_SIGNER 164
479#define CMS_R_NOT_A_SIGNED_RECEIPT 165
480#define CMS_R_NOT_ENCRYPTED_DATA 122
481#define CMS_R_NOT_KEK 123
482#define CMS_R_NOT_KEY_AGREEMENT 181
483#define CMS_R_NOT_KEY_TRANSPORT 124
484#define CMS_R_NOT_PWRI 177
485#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
486#define CMS_R_NO_CIPHER 126
487#define CMS_R_NO_CONTENT 127
488#define CMS_R_NO_CONTENT_TYPE 173
489#define CMS_R_NO_DEFAULT_DIGEST 128
490#define CMS_R_NO_DIGEST_SET 129
491#define CMS_R_NO_KEY 130
492#define CMS_R_NO_KEY_OR_CERT 174
493#define CMS_R_NO_MATCHING_DIGEST 131
494#define CMS_R_NO_MATCHING_RECIPIENT 132
495#define CMS_R_NO_MATCHING_SIGNATURE 166
496#define CMS_R_NO_MSGSIGDIGEST 167
497#define CMS_R_NO_PASSWORD 178
498#define CMS_R_NO_PRIVATE_KEY 133
499#define CMS_R_NO_PUBLIC_KEY 134
500#define CMS_R_NO_RECEIPT_REQUEST 168
501#define CMS_R_NO_SIGNERS 135
502#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
503#define CMS_R_RECEIPT_DECODE_ERROR 169
504#define CMS_R_RECIPIENT_ERROR 137
505#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
506#define CMS_R_SIGNFINAL_ERROR 139
507#define CMS_R_SMIME_TEXT_ERROR 140
508#define CMS_R_STORE_INIT_ERROR 141
509#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
510#define CMS_R_TYPE_NOT_DATA 143
511#define CMS_R_TYPE_NOT_DIGESTED_DATA 144
512#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
513#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
514#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
515#define CMS_R_UNKNOWN_CIPHER 148
516#define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149
517#define CMS_R_UNKNOWN_ID 150
518#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
519#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
520#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
521#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
522#define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155
523#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
524#define CMS_R_UNSUPPORTED_TYPE 156
525#define CMS_R_UNWRAP_ERROR 157
526#define CMS_R_UNWRAP_FAILURE 180
527#define CMS_R_VERIFICATION_FAILURE 158
528#define CMS_R_WRAP_ERROR 159
529
530#ifdef __cplusplus
531}
532#endif
533#endif
534#endif
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
deleted file mode 100644
index 2c95eddf03..0000000000
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ /dev/null
@@ -1,1629 +0,0 @@
1/* $OpenBSD: cms_asn1.c,v 1.25 2024/11/01 18:53:35 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <stddef.h>
56#include <stdlib.h>
57
58#include <openssl/asn1.h>
59#include <openssl/asn1t.h>
60#include <openssl/cms.h>
61#include <openssl/evp.h>
62#include <openssl/x509.h>
63#include <openssl/x509v3.h>
64
65#include "cms_local.h"
66
67static const ASN1_TEMPLATE CMS_IssuerAndSerialNumber_seq_tt[] = {
68 {
69 .flags = 0,
70 .tag = 0,
71 .offset = offsetof(CMS_IssuerAndSerialNumber, issuer),
72 .field_name = "issuer",
73 .item = &X509_NAME_it,
74 },
75 {
76 .flags = 0,
77 .tag = 0,
78 .offset = offsetof(CMS_IssuerAndSerialNumber, serialNumber),
79 .field_name = "serialNumber",
80 .item = &ASN1_INTEGER_it,
81 },
82};
83
84const ASN1_ITEM CMS_IssuerAndSerialNumber_it = {
85 .itype = ASN1_ITYPE_SEQUENCE,
86 .utype = V_ASN1_SEQUENCE,
87 .templates = CMS_IssuerAndSerialNumber_seq_tt,
88 .tcount = sizeof(CMS_IssuerAndSerialNumber_seq_tt) / sizeof(ASN1_TEMPLATE),
89 .funcs = NULL,
90 .size = sizeof(CMS_IssuerAndSerialNumber),
91 .sname = "CMS_IssuerAndSerialNumber",
92};
93
94static const ASN1_TEMPLATE CMS_OtherCertificateFormat_seq_tt[] = {
95 {
96 .flags = 0,
97 .tag = 0,
98 .offset = offsetof(CMS_OtherCertificateFormat, otherCertFormat),
99 .field_name = "otherCertFormat",
100 .item = &ASN1_OBJECT_it,
101 },
102 {
103 .flags = ASN1_TFLG_OPTIONAL,
104 .tag = 0,
105 .offset = offsetof(CMS_OtherCertificateFormat, otherCert),
106 .field_name = "otherCert",
107 .item = &ASN1_ANY_it,
108 },
109};
110
111static const ASN1_ITEM CMS_OtherCertificateFormat_it = {
112 .itype = ASN1_ITYPE_SEQUENCE,
113 .utype = V_ASN1_SEQUENCE,
114 .templates = CMS_OtherCertificateFormat_seq_tt,
115 .tcount = sizeof(CMS_OtherCertificateFormat_seq_tt) / sizeof(ASN1_TEMPLATE),
116 .funcs = NULL,
117 .size = sizeof(CMS_OtherCertificateFormat),
118 .sname = "CMS_OtherCertificateFormat",
119};
120
121static const ASN1_TEMPLATE CMS_CertificateChoices_ch_tt[] = {
122 {
123 .flags = 0,
124 .tag = 0,
125 .offset = offsetof(CMS_CertificateChoices, d.certificate),
126 .field_name = "d.certificate",
127 .item = &X509_it,
128 },
129 {
130 .flags = ASN1_TFLG_IMPLICIT,
131 .tag = 0,
132 .offset = offsetof(CMS_CertificateChoices, d.extendedCertificate),
133 .field_name = "d.extendedCertificate",
134 .item = &ASN1_SEQUENCE_it,
135 },
136 {
137 .flags = ASN1_TFLG_IMPLICIT,
138 .tag = 1,
139 .offset = offsetof(CMS_CertificateChoices, d.v1AttrCert),
140 .field_name = "d.v1AttrCert",
141 .item = &ASN1_SEQUENCE_it,
142 },
143 {
144 .flags = ASN1_TFLG_IMPLICIT,
145 .tag = 2,
146 .offset = offsetof(CMS_CertificateChoices, d.v2AttrCert),
147 .field_name = "d.v2AttrCert",
148 .item = &ASN1_SEQUENCE_it,
149 },
150 {
151 .flags = ASN1_TFLG_IMPLICIT,
152 .tag = 3,
153 .offset = offsetof(CMS_CertificateChoices, d.other),
154 .field_name = "d.other",
155 .item = &CMS_OtherCertificateFormat_it,
156 },
157};
158
159const ASN1_ITEM CMS_CertificateChoices_it = {
160 .itype = ASN1_ITYPE_CHOICE,
161 .utype = offsetof(CMS_CertificateChoices, type),
162 .templates = CMS_CertificateChoices_ch_tt,
163 .tcount = sizeof(CMS_CertificateChoices_ch_tt) / sizeof(ASN1_TEMPLATE),
164 .funcs = NULL,
165 .size = sizeof(CMS_CertificateChoices),
166 .sname = "CMS_CertificateChoices",
167};
168
169static const ASN1_TEMPLATE CMS_SignerIdentifier_ch_tt[] = {
170 {
171 .flags = 0,
172 .tag = 0,
173 .offset = offsetof(CMS_SignerIdentifier, d.issuerAndSerialNumber),
174 .field_name = "d.issuerAndSerialNumber",
175 .item = &CMS_IssuerAndSerialNumber_it,
176 },
177 {
178 .flags = ASN1_TFLG_IMPLICIT,
179 .tag = 0,
180 .offset = offsetof(CMS_SignerIdentifier, d.subjectKeyIdentifier),
181 .field_name = "d.subjectKeyIdentifier",
182 .item = &ASN1_OCTET_STRING_it,
183 },
184};
185
186static const ASN1_ITEM CMS_SignerIdentifier_it = {
187 .itype = ASN1_ITYPE_CHOICE,
188 .utype = offsetof(CMS_SignerIdentifier, type),
189 .templates = CMS_SignerIdentifier_ch_tt,
190 .tcount = sizeof(CMS_SignerIdentifier_ch_tt) / sizeof(ASN1_TEMPLATE),
191 .funcs = NULL,
192 .size = sizeof(CMS_SignerIdentifier),
193 .sname = "CMS_SignerIdentifier",
194};
195
196static const ASN1_TEMPLATE CMS_EncapsulatedContentInfo_seq_tt[] = {
197 {
198 .flags = 0,
199 .tag = 0,
200 .offset = offsetof(CMS_EncapsulatedContentInfo, eContentType),
201 .field_name = "eContentType",
202 .item = &ASN1_OBJECT_it,
203 },
204 {
205 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF,
206 .tag = 0,
207 .offset = offsetof(CMS_EncapsulatedContentInfo, eContent),
208 .field_name = "eContent",
209 .item = &ASN1_OCTET_STRING_NDEF_it,
210 },
211};
212
213static const ASN1_ITEM CMS_EncapsulatedContentInfo_it = {
214 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
215 .utype = V_ASN1_SEQUENCE,
216 .templates = CMS_EncapsulatedContentInfo_seq_tt,
217 .tcount = sizeof(CMS_EncapsulatedContentInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
218 .funcs = NULL,
219 .size = sizeof(CMS_EncapsulatedContentInfo),
220 .sname = "CMS_EncapsulatedContentInfo",
221};
222
223/* Minor tweak to operation: free up signer key, cert */
224static int
225cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
226{
227 if (operation == ASN1_OP_FREE_POST) {
228 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
229 EVP_PKEY_free(si->pkey);
230 X509_free(si->signer);
231 EVP_MD_CTX_free(si->mctx);
232 }
233 return 1;
234}
235
236static const ASN1_AUX CMS_SignerInfo_aux = {
237 .app_data = NULL,
238 .flags = 0,
239 .ref_offset = 0,
240 .ref_lock = 0,
241 .asn1_cb = cms_si_cb,
242 .enc_offset = 0,
243};
244static const ASN1_TEMPLATE CMS_SignerInfo_seq_tt[] = {
245 {
246 .flags = 0,
247 .tag = 0,
248 .offset = offsetof(CMS_SignerInfo, version),
249 .field_name = "version",
250 .item = &LONG_it,
251 },
252 {
253 .flags = 0,
254 .tag = 0,
255 .offset = offsetof(CMS_SignerInfo, sid),
256 .field_name = "sid",
257 .item = &CMS_SignerIdentifier_it,
258 },
259 {
260 .flags = 0,
261 .tag = 0,
262 .offset = offsetof(CMS_SignerInfo, digestAlgorithm),
263 .field_name = "digestAlgorithm",
264 .item = &X509_ALGOR_it,
265 },
266 {
267 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
268 .tag = 0,
269 .offset = offsetof(CMS_SignerInfo, signedAttrs),
270 .field_name = "signedAttrs",
271 .item = &X509_ATTRIBUTE_it,
272 },
273 {
274 .flags = 0,
275 .tag = 0,
276 .offset = offsetof(CMS_SignerInfo, signatureAlgorithm),
277 .field_name = "signatureAlgorithm",
278 .item = &X509_ALGOR_it,
279 },
280 {
281 .flags = 0,
282 .tag = 0,
283 .offset = offsetof(CMS_SignerInfo, signature),
284 .field_name = "signature",
285 .item = &ASN1_OCTET_STRING_it,
286 },
287 {
288 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
289 .tag = 1,
290 .offset = offsetof(CMS_SignerInfo, unsignedAttrs),
291 .field_name = "unsignedAttrs",
292 .item = &X509_ATTRIBUTE_it,
293 },
294};
295
296const ASN1_ITEM CMS_SignerInfo_it = {
297 .itype = ASN1_ITYPE_SEQUENCE,
298 .utype = V_ASN1_SEQUENCE,
299 .templates = CMS_SignerInfo_seq_tt,
300 .tcount = sizeof(CMS_SignerInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
301 .funcs = &CMS_SignerInfo_aux,
302 .size = sizeof(CMS_SignerInfo),
303 .sname = "CMS_SignerInfo",
304};
305
306static const ASN1_TEMPLATE CMS_OtherRevocationInfoFormat_seq_tt[] = {
307 {
308 .flags = 0,
309 .tag = 0,
310 .offset = offsetof(CMS_OtherRevocationInfoFormat, otherRevInfoFormat),
311 .field_name = "otherRevInfoFormat",
312 .item = &ASN1_OBJECT_it,
313 },
314 {
315 .flags = ASN1_TFLG_OPTIONAL,
316 .tag = 0,
317 .offset = offsetof(CMS_OtherRevocationInfoFormat, otherRevInfo),
318 .field_name = "otherRevInfo",
319 .item = &ASN1_ANY_it,
320 },
321};
322
323static const ASN1_ITEM CMS_OtherRevocationInfoFormat_it = {
324 .itype = ASN1_ITYPE_SEQUENCE,
325 .utype = V_ASN1_SEQUENCE,
326 .templates = CMS_OtherRevocationInfoFormat_seq_tt,
327 .tcount = sizeof(CMS_OtherRevocationInfoFormat_seq_tt) / sizeof(ASN1_TEMPLATE),
328 .funcs = NULL,
329 .size = sizeof(CMS_OtherRevocationInfoFormat),
330 .sname = "CMS_OtherRevocationInfoFormat",
331};
332
333static const ASN1_TEMPLATE CMS_RevocationInfoChoice_ch_tt[] = {
334 {
335 .flags = 0,
336 .tag = 0,
337 .offset = offsetof(CMS_RevocationInfoChoice, d.crl),
338 .field_name = "d.crl",
339 .item = &X509_CRL_it,
340 },
341 {
342 .flags = ASN1_TFLG_IMPLICIT,
343 .tag = 1,
344 .offset = offsetof(CMS_RevocationInfoChoice, d.other),
345 .field_name = "d.other",
346 .item = &CMS_OtherRevocationInfoFormat_it,
347 },
348};
349
350const ASN1_ITEM CMS_RevocationInfoChoice_it = {
351 .itype = ASN1_ITYPE_CHOICE,
352 .utype = offsetof(CMS_RevocationInfoChoice, type),
353 .templates = CMS_RevocationInfoChoice_ch_tt,
354 .tcount = sizeof(CMS_RevocationInfoChoice_ch_tt) / sizeof(ASN1_TEMPLATE),
355 .funcs = NULL,
356 .size = sizeof(CMS_RevocationInfoChoice),
357 .sname = "CMS_RevocationInfoChoice",
358};
359
360static const ASN1_TEMPLATE CMS_SignedData_seq_tt[] = {
361 {
362 .flags = 0,
363 .tag = 0,
364 .offset = offsetof(CMS_SignedData, version),
365 .field_name = "version",
366 .item = &LONG_it,
367 },
368 {
369 .flags = ASN1_TFLG_SET_OF,
370 .tag = 0,
371 .offset = offsetof(CMS_SignedData, digestAlgorithms),
372 .field_name = "digestAlgorithms",
373 .item = &X509_ALGOR_it,
374 },
375 {
376 .flags = 0,
377 .tag = 0,
378 .offset = offsetof(CMS_SignedData, encapContentInfo),
379 .field_name = "encapContentInfo",
380 .item = &CMS_EncapsulatedContentInfo_it,
381 },
382 {
383 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
384 .tag = 0,
385 .offset = offsetof(CMS_SignedData, certificates),
386 .field_name = "certificates",
387 .item = &CMS_CertificateChoices_it,
388 },
389 {
390 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
391 .tag = 1,
392 .offset = offsetof(CMS_SignedData, crls),
393 .field_name = "crls",
394 .item = &CMS_RevocationInfoChoice_it,
395 },
396 {
397 .flags = ASN1_TFLG_SET_OF,
398 .tag = 0,
399 .offset = offsetof(CMS_SignedData, signerInfos),
400 .field_name = "signerInfos",
401 .item = &CMS_SignerInfo_it,
402 },
403};
404
405const ASN1_ITEM CMS_SignedData_it = {
406 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
407 .utype = V_ASN1_SEQUENCE,
408 .templates = CMS_SignedData_seq_tt,
409 .tcount = sizeof(CMS_SignedData_seq_tt) / sizeof(ASN1_TEMPLATE),
410 .funcs = NULL,
411 .size = sizeof(CMS_SignedData),
412 .sname = "CMS_SignedData",
413};
414
415static const ASN1_TEMPLATE CMS_OriginatorInfo_seq_tt[] = {
416 {
417 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
418 .tag = 0,
419 .offset = offsetof(CMS_OriginatorInfo, certificates),
420 .field_name = "certificates",
421 .item = &CMS_CertificateChoices_it,
422 },
423 {
424 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
425 .tag = 1,
426 .offset = offsetof(CMS_OriginatorInfo, crls),
427 .field_name = "crls",
428 .item = &CMS_RevocationInfoChoice_it,
429 },
430};
431
432static const ASN1_ITEM CMS_OriginatorInfo_it = {
433 .itype = ASN1_ITYPE_SEQUENCE,
434 .utype = V_ASN1_SEQUENCE,
435 .templates = CMS_OriginatorInfo_seq_tt,
436 .tcount = sizeof(CMS_OriginatorInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
437 .funcs = NULL,
438 .size = sizeof(CMS_OriginatorInfo),
439 .sname = "CMS_OriginatorInfo",
440};
441
442static const ASN1_TEMPLATE CMS_EncryptedContentInfo_seq_tt[] = {
443 {
444 .flags = 0,
445 .tag = 0,
446 .offset = offsetof(CMS_EncryptedContentInfo, contentType),
447 .field_name = "contentType",
448 .item = &ASN1_OBJECT_it,
449 },
450 {
451 .flags = 0,
452 .tag = 0,
453 .offset = offsetof(CMS_EncryptedContentInfo, contentEncryptionAlgorithm),
454 .field_name = "contentEncryptionAlgorithm",
455 .item = &X509_ALGOR_it,
456 },
457 {
458 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
459 .tag = 0,
460 .offset = offsetof(CMS_EncryptedContentInfo, encryptedContent),
461 .field_name = "encryptedContent",
462 .item = &ASN1_OCTET_STRING_NDEF_it,
463 },
464};
465
466static const ASN1_ITEM CMS_EncryptedContentInfo_it = {
467 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
468 .utype = V_ASN1_SEQUENCE,
469 .templates = CMS_EncryptedContentInfo_seq_tt,
470 .tcount = sizeof(CMS_EncryptedContentInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
471 .funcs = NULL,
472 .size = sizeof(CMS_EncryptedContentInfo),
473 .sname = "CMS_EncryptedContentInfo",
474};
475
476static const ASN1_TEMPLATE CMS_KeyTransRecipientInfo_seq_tt[] = {
477 {
478 .flags = 0,
479 .tag = 0,
480 .offset = offsetof(CMS_KeyTransRecipientInfo, version),
481 .field_name = "version",
482 .item = &LONG_it,
483 },
484 {
485 .flags = 0,
486 .tag = 0,
487 .offset = offsetof(CMS_KeyTransRecipientInfo, rid),
488 .field_name = "rid",
489 .item = &CMS_SignerIdentifier_it,
490 },
491 {
492 .flags = 0,
493 .tag = 0,
494 .offset = offsetof(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm),
495 .field_name = "keyEncryptionAlgorithm",
496 .item = &X509_ALGOR_it,
497 },
498 {
499 .flags = 0,
500 .tag = 0,
501 .offset = offsetof(CMS_KeyTransRecipientInfo, encryptedKey),
502 .field_name = "encryptedKey",
503 .item = &ASN1_OCTET_STRING_it,
504 },
505};
506
507const ASN1_ITEM CMS_KeyTransRecipientInfo_it = {
508 .itype = ASN1_ITYPE_SEQUENCE,
509 .utype = V_ASN1_SEQUENCE,
510 .templates = CMS_KeyTransRecipientInfo_seq_tt,
511 .tcount = sizeof(CMS_KeyTransRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
512 .funcs = NULL,
513 .size = sizeof(CMS_KeyTransRecipientInfo),
514 .sname = "CMS_KeyTransRecipientInfo",
515};
516
517static const ASN1_TEMPLATE CMS_OtherKeyAttribute_seq_tt[] = {
518 {
519 .flags = 0,
520 .tag = 0,
521 .offset = offsetof(CMS_OtherKeyAttribute, keyAttrId),
522 .field_name = "keyAttrId",
523 .item = &ASN1_OBJECT_it,
524 },
525 {
526 .flags = ASN1_TFLG_OPTIONAL,
527 .tag = 0,
528 .offset = offsetof(CMS_OtherKeyAttribute, keyAttr),
529 .field_name = "keyAttr",
530 .item = &ASN1_ANY_it,
531 },
532};
533
534const ASN1_ITEM CMS_OtherKeyAttribute_it = {
535 .itype = ASN1_ITYPE_SEQUENCE,
536 .utype = V_ASN1_SEQUENCE,
537 .templates = CMS_OtherKeyAttribute_seq_tt,
538 .tcount = sizeof(CMS_OtherKeyAttribute_seq_tt) / sizeof(ASN1_TEMPLATE),
539 .funcs = NULL,
540 .size = sizeof(CMS_OtherKeyAttribute),
541 .sname = "CMS_OtherKeyAttribute",
542};
543
544static const ASN1_TEMPLATE CMS_RecipientKeyIdentifier_seq_tt[] = {
545 {
546 .flags = 0,
547 .tag = 0,
548 .offset = offsetof(CMS_RecipientKeyIdentifier, subjectKeyIdentifier),
549 .field_name = "subjectKeyIdentifier",
550 .item = &ASN1_OCTET_STRING_it,
551 },
552 {
553 .flags = ASN1_TFLG_OPTIONAL,
554 .tag = 0,
555 .offset = offsetof(CMS_RecipientKeyIdentifier, date),
556 .field_name = "date",
557 .item = &ASN1_GENERALIZEDTIME_it,
558 },
559 {
560 .flags = ASN1_TFLG_OPTIONAL,
561 .tag = 0,
562 .offset = offsetof(CMS_RecipientKeyIdentifier, other),
563 .field_name = "other",
564 .item = &CMS_OtherKeyAttribute_it,
565 },
566};
567
568const ASN1_ITEM CMS_RecipientKeyIdentifier_it = {
569 .itype = ASN1_ITYPE_SEQUENCE,
570 .utype = V_ASN1_SEQUENCE,
571 .templates = CMS_RecipientKeyIdentifier_seq_tt,
572 .tcount = sizeof(CMS_RecipientKeyIdentifier_seq_tt) / sizeof(ASN1_TEMPLATE),
573 .funcs = NULL,
574 .size = sizeof(CMS_RecipientKeyIdentifier),
575 .sname = "CMS_RecipientKeyIdentifier",
576};
577
578static const ASN1_TEMPLATE CMS_KeyAgreeRecipientIdentifier_ch_tt[] = {
579 {
580 .flags = 0,
581 .tag = 0,
582 .offset = offsetof(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber),
583 .field_name = "d.issuerAndSerialNumber",
584 .item = &CMS_IssuerAndSerialNumber_it,
585 },
586 {
587 .flags = ASN1_TFLG_IMPLICIT,
588 .tag = 0,
589 .offset = offsetof(CMS_KeyAgreeRecipientIdentifier, d.rKeyId),
590 .field_name = "d.rKeyId",
591 .item = &CMS_RecipientKeyIdentifier_it,
592 },
593};
594
595static const ASN1_ITEM CMS_KeyAgreeRecipientIdentifier_it = {
596 .itype = ASN1_ITYPE_CHOICE,
597 .utype = offsetof(CMS_KeyAgreeRecipientIdentifier, type),
598 .templates = CMS_KeyAgreeRecipientIdentifier_ch_tt,
599 .tcount = sizeof(CMS_KeyAgreeRecipientIdentifier_ch_tt) / sizeof(ASN1_TEMPLATE),
600 .funcs = NULL,
601 .size = sizeof(CMS_KeyAgreeRecipientIdentifier),
602 .sname = "CMS_KeyAgreeRecipientIdentifier",
603};
604
605static int
606cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
607{
608 CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
609 if (operation == ASN1_OP_FREE_POST) {
610 EVP_PKEY_free(rek->pkey);
611 }
612 return 1;
613}
614
615static const ASN1_AUX CMS_RecipientEncryptedKey_aux = {
616 .app_data = NULL,
617 .flags = 0,
618 .ref_offset = 0,
619 .ref_lock = 0,
620 .asn1_cb = cms_rek_cb,
621 .enc_offset = 0,
622};
623static const ASN1_TEMPLATE CMS_RecipientEncryptedKey_seq_tt[] = {
624 {
625 .flags = 0,
626 .tag = 0,
627 .offset = offsetof(CMS_RecipientEncryptedKey, rid),
628 .field_name = "rid",
629 .item = &CMS_KeyAgreeRecipientIdentifier_it,
630 },
631 {
632 .flags = 0,
633 .tag = 0,
634 .offset = offsetof(CMS_RecipientEncryptedKey, encryptedKey),
635 .field_name = "encryptedKey",
636 .item = &ASN1_OCTET_STRING_it,
637 },
638};
639
640const ASN1_ITEM CMS_RecipientEncryptedKey_it = {
641 .itype = ASN1_ITYPE_SEQUENCE,
642 .utype = V_ASN1_SEQUENCE,
643 .templates = CMS_RecipientEncryptedKey_seq_tt,
644 .tcount = sizeof(CMS_RecipientEncryptedKey_seq_tt) / sizeof(ASN1_TEMPLATE),
645 .funcs = &CMS_RecipientEncryptedKey_aux,
646 .size = sizeof(CMS_RecipientEncryptedKey),
647 .sname = "CMS_RecipientEncryptedKey",
648};
649
650static const ASN1_TEMPLATE CMS_OriginatorPublicKey_seq_tt[] = {
651 {
652 .flags = 0,
653 .tag = 0,
654 .offset = offsetof(CMS_OriginatorPublicKey, algorithm),
655 .field_name = "algorithm",
656 .item = &X509_ALGOR_it,
657 },
658 {
659 .flags = 0,
660 .tag = 0,
661 .offset = offsetof(CMS_OriginatorPublicKey, publicKey),
662 .field_name = "publicKey",
663 .item = &ASN1_BIT_STRING_it,
664 },
665};
666
667const ASN1_ITEM CMS_OriginatorPublicKey_it = {
668 .itype = ASN1_ITYPE_SEQUENCE,
669 .utype = V_ASN1_SEQUENCE,
670 .templates = CMS_OriginatorPublicKey_seq_tt,
671 .tcount = sizeof(CMS_OriginatorPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE),
672 .funcs = NULL,
673 .size = sizeof(CMS_OriginatorPublicKey),
674 .sname = "CMS_OriginatorPublicKey",
675};
676
677static const ASN1_TEMPLATE CMS_OriginatorIdentifierOrKey_ch_tt[] = {
678 {
679 .flags = 0,
680 .tag = 0,
681 .offset = offsetof(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber),
682 .field_name = "d.issuerAndSerialNumber",
683 .item = &CMS_IssuerAndSerialNumber_it,
684 },
685 {
686 .flags = ASN1_TFLG_IMPLICIT,
687 .tag = 0,
688 .offset = offsetof(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier),
689 .field_name = "d.subjectKeyIdentifier",
690 .item = &ASN1_OCTET_STRING_it,
691 },
692 {
693 .flags = ASN1_TFLG_IMPLICIT,
694 .tag = 1,
695 .offset = offsetof(CMS_OriginatorIdentifierOrKey, d.originatorKey),
696 .field_name = "d.originatorKey",
697 .item = &CMS_OriginatorPublicKey_it,
698 },
699};
700
701static const ASN1_ITEM CMS_OriginatorIdentifierOrKey_it = {
702 .itype = ASN1_ITYPE_CHOICE,
703 .utype = offsetof(CMS_OriginatorIdentifierOrKey, type),
704 .templates = CMS_OriginatorIdentifierOrKey_ch_tt,
705 .tcount = sizeof(CMS_OriginatorIdentifierOrKey_ch_tt) / sizeof(ASN1_TEMPLATE),
706 .funcs = NULL,
707 .size = sizeof(CMS_OriginatorIdentifierOrKey),
708 .sname = "CMS_OriginatorIdentifierOrKey",
709};
710
711static int
712cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
713{
714 CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
715 if (operation == ASN1_OP_NEW_POST) {
716 kari->ctx = EVP_CIPHER_CTX_new();
717 if (kari->ctx == NULL)
718 return 0;
719 EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
720 kari->pctx = NULL;
721 } else if (operation == ASN1_OP_FREE_POST) {
722 EVP_PKEY_CTX_free(kari->pctx);
723 EVP_CIPHER_CTX_free(kari->ctx);
724 }
725 return 1;
726}
727
728static const ASN1_AUX CMS_KeyAgreeRecipientInfo_aux = {
729 .app_data = NULL,
730 .flags = 0,
731 .ref_offset = 0,
732 .ref_lock = 0,
733 .asn1_cb = cms_kari_cb,
734 .enc_offset = 0,
735};
736static const ASN1_TEMPLATE CMS_KeyAgreeRecipientInfo_seq_tt[] = {
737 {
738 .flags = 0,
739 .tag = 0,
740 .offset = offsetof(CMS_KeyAgreeRecipientInfo, version),
741 .field_name = "version",
742 .item = &LONG_it,
743 },
744 {
745 .flags = ASN1_TFLG_EXPLICIT,
746 .tag = 0,
747 .offset = offsetof(CMS_KeyAgreeRecipientInfo, originator),
748 .field_name = "originator",
749 .item = &CMS_OriginatorIdentifierOrKey_it,
750 },
751 {
752 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
753 .tag = 1,
754 .offset = offsetof(CMS_KeyAgreeRecipientInfo, ukm),
755 .field_name = "ukm",
756 .item = &ASN1_OCTET_STRING_it,
757 },
758 {
759 .flags = 0,
760 .tag = 0,
761 .offset = offsetof(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm),
762 .field_name = "keyEncryptionAlgorithm",
763 .item = &X509_ALGOR_it,
764 },
765 {
766 .flags = ASN1_TFLG_SEQUENCE_OF,
767 .tag = 0,
768 .offset = offsetof(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys),
769 .field_name = "recipientEncryptedKeys",
770 .item = &CMS_RecipientEncryptedKey_it,
771 },
772};
773
774const ASN1_ITEM CMS_KeyAgreeRecipientInfo_it = {
775 .itype = ASN1_ITYPE_SEQUENCE,
776 .utype = V_ASN1_SEQUENCE,
777 .templates = CMS_KeyAgreeRecipientInfo_seq_tt,
778 .tcount = sizeof(CMS_KeyAgreeRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
779 .funcs = &CMS_KeyAgreeRecipientInfo_aux,
780 .size = sizeof(CMS_KeyAgreeRecipientInfo),
781 .sname = "CMS_KeyAgreeRecipientInfo",
782};
783
784static const ASN1_TEMPLATE CMS_KEKIdentifier_seq_tt[] = {
785 {
786 .flags = 0,
787 .tag = 0,
788 .offset = offsetof(CMS_KEKIdentifier, keyIdentifier),
789 .field_name = "keyIdentifier",
790 .item = &ASN1_OCTET_STRING_it,
791 },
792 {
793 .flags = ASN1_TFLG_OPTIONAL,
794 .tag = 0,
795 .offset = offsetof(CMS_KEKIdentifier, date),
796 .field_name = "date",
797 .item = &ASN1_GENERALIZEDTIME_it,
798 },
799 {
800 .flags = ASN1_TFLG_OPTIONAL,
801 .tag = 0,
802 .offset = offsetof(CMS_KEKIdentifier, other),
803 .field_name = "other",
804 .item = &CMS_OtherKeyAttribute_it,
805 },
806};
807
808static const ASN1_ITEM CMS_KEKIdentifier_it = {
809 .itype = ASN1_ITYPE_SEQUENCE,
810 .utype = V_ASN1_SEQUENCE,
811 .templates = CMS_KEKIdentifier_seq_tt,
812 .tcount = sizeof(CMS_KEKIdentifier_seq_tt) / sizeof(ASN1_TEMPLATE),
813 .funcs = NULL,
814 .size = sizeof(CMS_KEKIdentifier),
815 .sname = "CMS_KEKIdentifier",
816};
817
818static const ASN1_TEMPLATE CMS_KEKRecipientInfo_seq_tt[] = {
819 {
820 .flags = 0,
821 .tag = 0,
822 .offset = offsetof(CMS_KEKRecipientInfo, version),
823 .field_name = "version",
824 .item = &LONG_it,
825 },
826 {
827 .flags = 0,
828 .tag = 0,
829 .offset = offsetof(CMS_KEKRecipientInfo, kekid),
830 .field_name = "kekid",
831 .item = &CMS_KEKIdentifier_it,
832 },
833 {
834 .flags = 0,
835 .tag = 0,
836 .offset = offsetof(CMS_KEKRecipientInfo, keyEncryptionAlgorithm),
837 .field_name = "keyEncryptionAlgorithm",
838 .item = &X509_ALGOR_it,
839 },
840 {
841 .flags = 0,
842 .tag = 0,
843 .offset = offsetof(CMS_KEKRecipientInfo, encryptedKey),
844 .field_name = "encryptedKey",
845 .item = &ASN1_OCTET_STRING_it,
846 },
847};
848
849const ASN1_ITEM CMS_KEKRecipientInfo_it = {
850 .itype = ASN1_ITYPE_SEQUENCE,
851 .utype = V_ASN1_SEQUENCE,
852 .templates = CMS_KEKRecipientInfo_seq_tt,
853 .tcount = sizeof(CMS_KEKRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
854 .funcs = NULL,
855 .size = sizeof(CMS_KEKRecipientInfo),
856 .sname = "CMS_KEKRecipientInfo",
857};
858
859static const ASN1_TEMPLATE CMS_PasswordRecipientInfo_seq_tt[] = {
860 {
861 .flags = 0,
862 .tag = 0,
863 .offset = offsetof(CMS_PasswordRecipientInfo, version),
864 .field_name = "version",
865 .item = &LONG_it,
866 },
867 {
868 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
869 .tag = 0,
870 .offset = offsetof(CMS_PasswordRecipientInfo, keyDerivationAlgorithm),
871 .field_name = "keyDerivationAlgorithm",
872 .item = &X509_ALGOR_it,
873 },
874 {
875 .flags = 0,
876 .tag = 0,
877 .offset = offsetof(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm),
878 .field_name = "keyEncryptionAlgorithm",
879 .item = &X509_ALGOR_it,
880 },
881 {
882 .flags = 0,
883 .tag = 0,
884 .offset = offsetof(CMS_PasswordRecipientInfo, encryptedKey),
885 .field_name = "encryptedKey",
886 .item = &ASN1_OCTET_STRING_it,
887 },
888};
889
890const ASN1_ITEM CMS_PasswordRecipientInfo_it = {
891 .itype = ASN1_ITYPE_SEQUENCE,
892 .utype = V_ASN1_SEQUENCE,
893 .templates = CMS_PasswordRecipientInfo_seq_tt,
894 .tcount = sizeof(CMS_PasswordRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
895 .funcs = NULL,
896 .size = sizeof(CMS_PasswordRecipientInfo),
897 .sname = "CMS_PasswordRecipientInfo",
898};
899
900static const ASN1_TEMPLATE CMS_OtherRecipientInfo_seq_tt[] = {
901 {
902 .flags = 0,
903 .tag = 0,
904 .offset = offsetof(CMS_OtherRecipientInfo, oriType),
905 .field_name = "oriType",
906 .item = &ASN1_OBJECT_it,
907 },
908 {
909 .flags = ASN1_TFLG_OPTIONAL,
910 .tag = 0,
911 .offset = offsetof(CMS_OtherRecipientInfo, oriValue),
912 .field_name = "oriValue",
913 .item = &ASN1_ANY_it,
914 },
915};
916
917static const ASN1_ITEM CMS_OtherRecipientInfo_it = {
918 .itype = ASN1_ITYPE_SEQUENCE,
919 .utype = V_ASN1_SEQUENCE,
920 .templates = CMS_OtherRecipientInfo_seq_tt,
921 .tcount = sizeof(CMS_OtherRecipientInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
922 .funcs = NULL,
923 .size = sizeof(CMS_OtherRecipientInfo),
924 .sname = "CMS_OtherRecipientInfo",
925};
926
927/* Free up RecipientInfo additional data */
928static int
929cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
930{
931 if (operation == ASN1_OP_FREE_PRE) {
932 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
933 if (ri->type == CMS_RECIPINFO_TRANS) {
934 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
935 EVP_PKEY_free(ktri->pkey);
936 X509_free(ktri->recip);
937 EVP_PKEY_CTX_free(ktri->pctx);
938 } else if (ri->type == CMS_RECIPINFO_KEK) {
939 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
940 freezero(kekri->key, kekri->keylen);
941 } else if (ri->type == CMS_RECIPINFO_PASS) {
942 CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
943 freezero(pwri->pass, pwri->passlen);
944 }
945 }
946 return 1;
947}
948
949static const ASN1_AUX CMS_RecipientInfo_aux = {
950 .app_data = NULL,
951 .flags = 0,
952 .ref_offset = 0,
953 .ref_lock = 0,
954 .asn1_cb = cms_ri_cb,
955 .enc_offset = 0,
956};
957static const ASN1_TEMPLATE CMS_RecipientInfo_ch_tt[] = {
958 {
959 .flags = 0,
960 .tag = 0,
961 .offset = offsetof(CMS_RecipientInfo, d.ktri),
962 .field_name = "d.ktri",
963 .item = &CMS_KeyTransRecipientInfo_it,
964 },
965 {
966 .flags = ASN1_TFLG_IMPLICIT,
967 .tag = 1,
968 .offset = offsetof(CMS_RecipientInfo, d.kari),
969 .field_name = "d.kari",
970 .item = &CMS_KeyAgreeRecipientInfo_it,
971 },
972 {
973 .flags = ASN1_TFLG_IMPLICIT,
974 .tag = 2,
975 .offset = offsetof(CMS_RecipientInfo, d.kekri),
976 .field_name = "d.kekri",
977 .item = &CMS_KEKRecipientInfo_it,
978 },
979 {
980 .flags = ASN1_TFLG_IMPLICIT,
981 .tag = 3,
982 .offset = offsetof(CMS_RecipientInfo, d.pwri),
983 .field_name = "d.pwri",
984 .item = &CMS_PasswordRecipientInfo_it,
985 },
986 {
987 .flags = ASN1_TFLG_IMPLICIT,
988 .tag = 4,
989 .offset = offsetof(CMS_RecipientInfo, d.ori),
990 .field_name = "d.ori",
991 .item = &CMS_OtherRecipientInfo_it,
992 },
993};
994
995const ASN1_ITEM CMS_RecipientInfo_it = {
996 .itype = ASN1_ITYPE_CHOICE,
997 .utype = offsetof(CMS_RecipientInfo, type),
998 .templates = CMS_RecipientInfo_ch_tt,
999 .tcount = sizeof(CMS_RecipientInfo_ch_tt) / sizeof(ASN1_TEMPLATE),
1000 .funcs = &CMS_RecipientInfo_aux,
1001 .size = sizeof(CMS_RecipientInfo),
1002 .sname = "CMS_RecipientInfo",
1003};
1004
1005static const ASN1_TEMPLATE CMS_EnvelopedData_seq_tt[] = {
1006 {
1007 .flags = 0,
1008 .tag = 0,
1009 .offset = offsetof(CMS_EnvelopedData, version),
1010 .field_name = "version",
1011 .item = &LONG_it,
1012 },
1013 {
1014 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
1015 .tag = 0,
1016 .offset = offsetof(CMS_EnvelopedData, originatorInfo),
1017 .field_name = "originatorInfo",
1018 .item = &CMS_OriginatorInfo_it,
1019 },
1020 {
1021 .flags = ASN1_TFLG_SET_OF,
1022 .tag = 0,
1023 .offset = offsetof(CMS_EnvelopedData, recipientInfos),
1024 .field_name = "recipientInfos",
1025 .item = &CMS_RecipientInfo_it,
1026 },
1027 {
1028 .flags = 0,
1029 .tag = 0,
1030 .offset = offsetof(CMS_EnvelopedData, encryptedContentInfo),
1031 .field_name = "encryptedContentInfo",
1032 .item = &CMS_EncryptedContentInfo_it,
1033 },
1034 {
1035 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
1036 .tag = 1,
1037 .offset = offsetof(CMS_EnvelopedData, unprotectedAttrs),
1038 .field_name = "unprotectedAttrs",
1039 .item = &X509_ATTRIBUTE_it,
1040 },
1041};
1042
1043const ASN1_ITEM CMS_EnvelopedData_it = {
1044 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
1045 .utype = V_ASN1_SEQUENCE,
1046 .templates = CMS_EnvelopedData_seq_tt,
1047 .tcount = sizeof(CMS_EnvelopedData_seq_tt) / sizeof(ASN1_TEMPLATE),
1048 .funcs = NULL,
1049 .size = sizeof(CMS_EnvelopedData),
1050 .sname = "CMS_EnvelopedData",
1051};
1052
1053static const ASN1_TEMPLATE CMS_DigestedData_seq_tt[] = {
1054 {
1055 .flags = 0,
1056 .tag = 0,
1057 .offset = offsetof(CMS_DigestedData, version),
1058 .field_name = "version",
1059 .item = &LONG_it,
1060 },
1061 {
1062 .flags = 0,
1063 .tag = 0,
1064 .offset = offsetof(CMS_DigestedData, digestAlgorithm),
1065 .field_name = "digestAlgorithm",
1066 .item = &X509_ALGOR_it,
1067 },
1068 {
1069 .flags = 0,
1070 .tag = 0,
1071 .offset = offsetof(CMS_DigestedData, encapContentInfo),
1072 .field_name = "encapContentInfo",
1073 .item = &CMS_EncapsulatedContentInfo_it,
1074 },
1075 {
1076 .flags = 0,
1077 .tag = 0,
1078 .offset = offsetof(CMS_DigestedData, digest),
1079 .field_name = "digest",
1080 .item = &ASN1_OCTET_STRING_it,
1081 },
1082};
1083
1084const ASN1_ITEM CMS_DigestedData_it = {
1085 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
1086 .utype = V_ASN1_SEQUENCE,
1087 .templates = CMS_DigestedData_seq_tt,
1088 .tcount = sizeof(CMS_DigestedData_seq_tt) / sizeof(ASN1_TEMPLATE),
1089 .funcs = NULL,
1090 .size = sizeof(CMS_DigestedData),
1091 .sname = "CMS_DigestedData",
1092};
1093
1094static const ASN1_TEMPLATE CMS_EncryptedData_seq_tt[] = {
1095 {
1096 .flags = 0,
1097 .tag = 0,
1098 .offset = offsetof(CMS_EncryptedData, version),
1099 .field_name = "version",
1100 .item = &LONG_it,
1101 },
1102 {
1103 .flags = 0,
1104 .tag = 0,
1105 .offset = offsetof(CMS_EncryptedData, encryptedContentInfo),
1106 .field_name = "encryptedContentInfo",
1107 .item = &CMS_EncryptedContentInfo_it,
1108 },
1109 {
1110 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
1111 .tag = 1,
1112 .offset = offsetof(CMS_EncryptedData, unprotectedAttrs),
1113 .field_name = "unprotectedAttrs",
1114 .item = &X509_ATTRIBUTE_it,
1115 },
1116};
1117
1118const ASN1_ITEM CMS_EncryptedData_it = {
1119 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
1120 .utype = V_ASN1_SEQUENCE,
1121 .templates = CMS_EncryptedData_seq_tt,
1122 .tcount = sizeof(CMS_EncryptedData_seq_tt) / sizeof(ASN1_TEMPLATE),
1123 .funcs = NULL,
1124 .size = sizeof(CMS_EncryptedData),
1125 .sname = "CMS_EncryptedData",
1126};
1127
1128static const ASN1_TEMPLATE CMS_AuthenticatedData_seq_tt[] = {
1129 {
1130 .flags = 0,
1131 .tag = 0,
1132 .offset = offsetof(CMS_AuthenticatedData, version),
1133 .field_name = "version",
1134 .item = &LONG_it,
1135 },
1136 {
1137 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
1138 .tag = 0,
1139 .offset = offsetof(CMS_AuthenticatedData, originatorInfo),
1140 .field_name = "originatorInfo",
1141 .item = &CMS_OriginatorInfo_it,
1142 },
1143 {
1144 .flags = ASN1_TFLG_SET_OF,
1145 .tag = 0,
1146 .offset = offsetof(CMS_AuthenticatedData, recipientInfos),
1147 .field_name = "recipientInfos",
1148 .item = &CMS_RecipientInfo_it,
1149 },
1150 {
1151 .flags = 0,
1152 .tag = 0,
1153 .offset = offsetof(CMS_AuthenticatedData, macAlgorithm),
1154 .field_name = "macAlgorithm",
1155 .item = &X509_ALGOR_it,
1156 },
1157 {
1158 .flags = ASN1_TFLG_IMPLICIT,
1159 .tag = 1,
1160 .offset = offsetof(CMS_AuthenticatedData, digestAlgorithm),
1161 .field_name = "digestAlgorithm",
1162 .item = &X509_ALGOR_it,
1163 },
1164 {
1165 .flags = 0,
1166 .tag = 0,
1167 .offset = offsetof(CMS_AuthenticatedData, encapContentInfo),
1168 .field_name = "encapContentInfo",
1169 .item = &CMS_EncapsulatedContentInfo_it,
1170 },
1171 {
1172 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
1173 .tag = 2,
1174 .offset = offsetof(CMS_AuthenticatedData, authAttrs),
1175 .field_name = "authAttrs",
1176 .item = &X509_ALGOR_it,
1177 },
1178 {
1179 .flags = 0,
1180 .tag = 0,
1181 .offset = offsetof(CMS_AuthenticatedData, mac),
1182 .field_name = "mac",
1183 .item = &ASN1_OCTET_STRING_it,
1184 },
1185 {
1186 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
1187 .tag = 3,
1188 .offset = offsetof(CMS_AuthenticatedData, unauthAttrs),
1189 .field_name = "unauthAttrs",
1190 .item = &X509_ALGOR_it,
1191 },
1192};
1193
1194static const ASN1_ITEM CMS_AuthenticatedData_it = {
1195 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
1196 .utype = V_ASN1_SEQUENCE,
1197 .templates = CMS_AuthenticatedData_seq_tt,
1198 .tcount = sizeof(CMS_AuthenticatedData_seq_tt) / sizeof(ASN1_TEMPLATE),
1199 .funcs = NULL,
1200 .size = sizeof(CMS_AuthenticatedData),
1201 .sname = "CMS_AuthenticatedData",
1202};
1203
1204static const ASN1_TEMPLATE CMS_CompressedData_seq_tt[] = {
1205 {
1206 .flags = 0,
1207 .tag = 0,
1208 .offset = offsetof(CMS_CompressedData, version),
1209 .field_name = "version",
1210 .item = &LONG_it,
1211 },
1212 {
1213 .flags = 0,
1214 .tag = 0,
1215 .offset = offsetof(CMS_CompressedData, compressionAlgorithm),
1216 .field_name = "compressionAlgorithm",
1217 .item = &X509_ALGOR_it,
1218 },
1219 {
1220 .flags = 0,
1221 .tag = 0,
1222 .offset = offsetof(CMS_CompressedData, encapContentInfo),
1223 .field_name = "encapContentInfo",
1224 .item = &CMS_EncapsulatedContentInfo_it,
1225 },
1226};
1227
1228const ASN1_ITEM CMS_CompressedData_it = {
1229 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
1230 .utype = V_ASN1_SEQUENCE,
1231 .templates = CMS_CompressedData_seq_tt,
1232 .tcount = sizeof(CMS_CompressedData_seq_tt) / sizeof(ASN1_TEMPLATE),
1233 .funcs = NULL,
1234 .size = sizeof(CMS_CompressedData),
1235 .sname = "CMS_CompressedData",
1236};
1237
1238/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
1239
1240static const ASN1_TEMPLATE cms_default_tt = {
1241 .flags = ASN1_TFLG_EXPLICIT,
1242 .tag = 0,
1243 .offset = offsetof(CMS_ContentInfo, d.other),
1244 .field_name = "d.other",
1245 .item = &ASN1_ANY_it,
1246};
1247
1248static const ASN1_ADB_TABLE CMS_ContentInfo_adbtbl[] = {
1249 {
1250 .value = NID_pkcs7_data,
1251 .tt = {
1252 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF,
1253 .tag = 0,
1254 .offset = offsetof(CMS_ContentInfo, d.data),
1255 .field_name = "d.data",
1256 .item = &ASN1_OCTET_STRING_NDEF_it,
1257 },
1258 },
1259 {
1260 .value = NID_pkcs7_signed,
1261 .tt = {
1262 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF,
1263 .tag = 0,
1264 .offset = offsetof(CMS_ContentInfo, d.signedData),
1265 .field_name = "d.signedData",
1266 .item = &CMS_SignedData_it,
1267 },
1268 },
1269 {
1270 .value = NID_pkcs7_enveloped,
1271 .tt = {
1272 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF,
1273 .tag = 0,
1274 .offset = offsetof(CMS_ContentInfo, d.envelopedData),
1275 .field_name = "d.envelopedData",
1276 .item = &CMS_EnvelopedData_it,
1277 },
1278 },
1279 {
1280 .value = NID_pkcs7_digest,
1281 .tt = {
1282 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF,
1283 .tag = 0,
1284 .offset = offsetof(CMS_ContentInfo, d.digestedData),
1285 .field_name = "d.digestedData",
1286 .item = &CMS_DigestedData_it,
1287 },
1288 },
1289 {
1290 .value = NID_pkcs7_encrypted,
1291 .tt = {
1292 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF,
1293 .tag = 0,
1294 .offset = offsetof(CMS_ContentInfo, d.encryptedData),
1295 .field_name = "d.encryptedData",
1296 .item = &CMS_EncryptedData_it,
1297 },
1298 },
1299 {
1300 .value = NID_id_smime_ct_authData,
1301 .tt = {
1302 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF,
1303 .tag = 0,
1304 .offset = offsetof(CMS_ContentInfo, d.authenticatedData),
1305 .field_name = "d.authenticatedData",
1306 .item = &CMS_AuthenticatedData_it,
1307 },
1308 },
1309 {
1310 .value = NID_id_smime_ct_compressedData,
1311 .tt = {
1312 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_NDEF,
1313 .tag = 0,
1314 .offset = offsetof(CMS_ContentInfo, d.compressedData),
1315 .field_name = "d.compressedData",
1316 .item = &CMS_CompressedData_it,
1317 },
1318 },
1319};
1320
1321static const ASN1_ADB CMS_ContentInfo_adb = {
1322 .flags = 0,
1323 .offset = offsetof(CMS_ContentInfo, contentType),
1324 .tbl = CMS_ContentInfo_adbtbl,
1325 .tblcount = sizeof(CMS_ContentInfo_adbtbl) / sizeof(ASN1_ADB_TABLE),
1326 .default_tt = &cms_default_tt,
1327 .null_tt = NULL,
1328};
1329
1330/* CMS streaming support */
1331static int
1332cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
1333{
1334 ASN1_STREAM_ARG *sarg = exarg;
1335 CMS_ContentInfo *cms = NULL;
1336
1337 if (pval)
1338 cms = (CMS_ContentInfo *)*pval;
1339 else
1340 return 1;
1341
1342 switch (operation) {
1343 case ASN1_OP_STREAM_PRE:
1344 if (CMS_stream(&sarg->boundary, cms) <= 0)
1345 return 0;
1346 /* FALLTHROUGH */
1347
1348 case ASN1_OP_DETACHED_PRE:
1349 sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
1350 if (!sarg->ndef_bio)
1351 return 0;
1352 break;
1353
1354 case ASN1_OP_STREAM_POST:
1355 case ASN1_OP_DETACHED_POST:
1356 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
1357 return 0;
1358 break;
1359 }
1360
1361 return 1;
1362}
1363
1364static const ASN1_AUX CMS_ContentInfo_aux = {
1365 .app_data = NULL,
1366 .flags = 0,
1367 .ref_offset = 0,
1368 .ref_lock = 0,
1369 .asn1_cb = cms_cb,
1370 .enc_offset = 0,
1371};
1372static const ASN1_TEMPLATE CMS_ContentInfo_seq_tt[] = {
1373 {
1374 .flags = 0,
1375 .tag = 0,
1376 .offset = offsetof(CMS_ContentInfo, contentType),
1377 .field_name = "contentType",
1378 .item = &ASN1_OBJECT_it,
1379 },
1380 {
1381 .flags = ASN1_TFLG_ADB_OID,
1382 .tag = -1,
1383 .offset = 0,
1384 .field_name = "CMS_ContentInfo",
1385 .item = (const ASN1_ITEM *)&CMS_ContentInfo_adb,
1386 },
1387};
1388
1389const ASN1_ITEM CMS_ContentInfo_it = {
1390 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
1391 .utype = V_ASN1_SEQUENCE,
1392 .templates = CMS_ContentInfo_seq_tt,
1393 .tcount = sizeof(CMS_ContentInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
1394 .funcs = &CMS_ContentInfo_aux,
1395 .size = sizeof(CMS_ContentInfo),
1396 .sname = "CMS_ContentInfo",
1397};
1398LCRYPTO_ALIAS(CMS_ContentInfo_it);
1399
1400/* Specials for signed attributes */
1401
1402/*
1403 * When signing attributes we want to reorder them to match the sorted
1404 * encoding.
1405 */
1406
1407static const ASN1_TEMPLATE CMS_Attributes_Sign_item_tt = {
1408 .flags = ASN1_TFLG_SET_ORDER,
1409 .tag = 0,
1410 .offset = 0,
1411 .field_name = "CMS_ATTRIBUTES",
1412 .item = &X509_ATTRIBUTE_it,
1413};
1414
1415const ASN1_ITEM CMS_Attributes_Sign_it = {
1416 .itype = ASN1_ITYPE_PRIMITIVE,
1417 .utype = -1,
1418 .templates = &CMS_Attributes_Sign_item_tt,
1419 .tcount = 0,
1420 .funcs = NULL,
1421 .size = 0,
1422 .sname = "CMS_Attributes_Sign",
1423};
1424
1425/*
1426 * When verifying attributes we need to use the received order. So we use
1427 * SEQUENCE OF and tag it to SET OF
1428 */
1429
1430static const ASN1_TEMPLATE CMS_Attributes_Verify_item_tt = {
1431 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
1432 .tag = V_ASN1_SET,
1433 .offset = 0,
1434 .field_name = "CMS_ATTRIBUTES",
1435 .item = &X509_ATTRIBUTE_it,
1436};
1437
1438const ASN1_ITEM CMS_Attributes_Verify_it = {
1439 .itype = ASN1_ITYPE_PRIMITIVE,
1440 .utype = -1,
1441 .templates = &CMS_Attributes_Verify_item_tt,
1442 .tcount = 0,
1443 .funcs = NULL,
1444 .size = 0,
1445 .sname = "CMS_Attributes_Verify",
1446};
1447
1448
1449
1450static const ASN1_TEMPLATE CMS_ReceiptsFrom_ch_tt[] = {
1451 {
1452 .flags = ASN1_TFLG_IMPLICIT,
1453 .tag = 0,
1454 .offset = offsetof(CMS_ReceiptsFrom, d.allOrFirstTier),
1455 .field_name = "d.allOrFirstTier",
1456 .item = &LONG_it,
1457 },
1458 {
1459 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF,
1460 .tag = 1,
1461 .offset = offsetof(CMS_ReceiptsFrom, d.receiptList),
1462 .field_name = "d.receiptList",
1463 .item = &GENERAL_NAMES_it,
1464 },
1465};
1466
1467static const ASN1_ITEM CMS_ReceiptsFrom_it = {
1468 .itype = ASN1_ITYPE_CHOICE,
1469 .utype = offsetof(CMS_ReceiptsFrom, type),
1470 .templates = CMS_ReceiptsFrom_ch_tt,
1471 .tcount = sizeof(CMS_ReceiptsFrom_ch_tt) / sizeof(ASN1_TEMPLATE),
1472 .funcs = NULL,
1473 .size = sizeof(CMS_ReceiptsFrom),
1474 .sname = "CMS_ReceiptsFrom",
1475};
1476
1477static const ASN1_TEMPLATE CMS_ReceiptRequest_seq_tt[] = {
1478 {
1479 .flags = 0,
1480 .tag = 0,
1481 .offset = offsetof(CMS_ReceiptRequest, signedContentIdentifier),
1482 .field_name = "signedContentIdentifier",
1483 .item = &ASN1_OCTET_STRING_it,
1484 },
1485 {
1486 .flags = 0,
1487 .tag = 0,
1488 .offset = offsetof(CMS_ReceiptRequest, receiptsFrom),
1489 .field_name = "receiptsFrom",
1490 .item = &CMS_ReceiptsFrom_it,
1491 },
1492 {
1493 .flags = ASN1_TFLG_SEQUENCE_OF,
1494 .tag = 0,
1495 .offset = offsetof(CMS_ReceiptRequest, receiptsTo),
1496 .field_name = "receiptsTo",
1497 .item = &GENERAL_NAMES_it,
1498 },
1499};
1500
1501const ASN1_ITEM CMS_ReceiptRequest_it = {
1502 .itype = ASN1_ITYPE_SEQUENCE,
1503 .utype = V_ASN1_SEQUENCE,
1504 .templates = CMS_ReceiptRequest_seq_tt,
1505 .tcount = sizeof(CMS_ReceiptRequest_seq_tt) / sizeof(ASN1_TEMPLATE),
1506 .funcs = NULL,
1507 .size = sizeof(CMS_ReceiptRequest),
1508 .sname = "CMS_ReceiptRequest",
1509};
1510LCRYPTO_ALIAS(CMS_ReceiptRequest_it);
1511
1512static const ASN1_TEMPLATE CMS_Receipt_seq_tt[] = {
1513 {
1514 .flags = 0,
1515 .tag = 0,
1516 .offset = offsetof(CMS_Receipt, version),
1517 .field_name = "version",
1518 .item = &LONG_it,
1519 },
1520 {
1521 .flags = 0,
1522 .tag = 0,
1523 .offset = offsetof(CMS_Receipt, contentType),
1524 .field_name = "contentType",
1525 .item = &ASN1_OBJECT_it,
1526 },
1527 {
1528 .flags = 0,
1529 .tag = 0,
1530 .offset = offsetof(CMS_Receipt, signedContentIdentifier),
1531 .field_name = "signedContentIdentifier",
1532 .item = &ASN1_OCTET_STRING_it,
1533 },
1534 {
1535 .flags = 0,
1536 .tag = 0,
1537 .offset = offsetof(CMS_Receipt, originatorSignatureValue),
1538 .field_name = "originatorSignatureValue",
1539 .item = &ASN1_OCTET_STRING_it,
1540 },
1541};
1542
1543const ASN1_ITEM CMS_Receipt_it = {
1544 .itype = ASN1_ITYPE_SEQUENCE,
1545 .utype = V_ASN1_SEQUENCE,
1546 .templates = CMS_Receipt_seq_tt,
1547 .tcount = sizeof(CMS_Receipt_seq_tt) / sizeof(ASN1_TEMPLATE),
1548 .funcs = NULL,
1549 .size = sizeof(CMS_Receipt),
1550 .sname = "CMS_Receipt",
1551};
1552
1553/*
1554 * Utilities to encode the CMS_SharedInfo structure used during key
1555 * derivation.
1556 */
1557
1558typedef struct {
1559 X509_ALGOR *keyInfo;
1560 ASN1_OCTET_STRING *entityUInfo;
1561 ASN1_OCTET_STRING *suppPubInfo;
1562} CMS_SharedInfo;
1563
1564static const ASN1_TEMPLATE CMS_SharedInfo_seq_tt[] = {
1565 {
1566 .flags = 0,
1567 .tag = 0,
1568 .offset = offsetof(CMS_SharedInfo, keyInfo),
1569 .field_name = "keyInfo",
1570 .item = &X509_ALGOR_it,
1571 },
1572 {
1573 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
1574 .tag = 0,
1575 .offset = offsetof(CMS_SharedInfo, entityUInfo),
1576 .field_name = "entityUInfo",
1577 .item = &ASN1_OCTET_STRING_it,
1578 },
1579 {
1580 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
1581 .tag = 2,
1582 .offset = offsetof(CMS_SharedInfo, suppPubInfo),
1583 .field_name = "suppPubInfo",
1584 .item = &ASN1_OCTET_STRING_it,
1585 },
1586};
1587
1588static const ASN1_ITEM CMS_SharedInfo_it = {
1589 .itype = ASN1_ITYPE_SEQUENCE,
1590 .utype = V_ASN1_SEQUENCE,
1591 .templates = CMS_SharedInfo_seq_tt,
1592 .tcount = sizeof(CMS_SharedInfo_seq_tt) / sizeof(ASN1_TEMPLATE),
1593 .funcs = NULL,
1594 .size = sizeof(CMS_SharedInfo),
1595 .sname = "CMS_SharedInfo",
1596};
1597
1598int
1599CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
1600 ASN1_OCTET_STRING *ukm, int keylen)
1601{
1602 union {
1603 CMS_SharedInfo *pecsi;
1604 ASN1_VALUE *a;
1605 } intsi = {
1606 NULL
1607 };
1608
1609 ASN1_OCTET_STRING oklen;
1610 unsigned char kl[4];
1611 CMS_SharedInfo ecsi;
1612
1613 keylen <<= 3;
1614 kl[0] = (keylen >> 24) & 0xff;
1615 kl[1] = (keylen >> 16) & 0xff;
1616 kl[2] = (keylen >> 8) & 0xff;
1617 kl[3] = keylen & 0xff;
1618 oklen.length = 4;
1619 oklen.data = kl;
1620 oklen.type = V_ASN1_OCTET_STRING;
1621 oklen.flags = 0;
1622 ecsi.keyInfo = kekalg;
1623 ecsi.entityUInfo = ukm;
1624 ecsi.suppPubInfo = &oklen;
1625 intsi.pecsi = &ecsi;
1626
1627 return ASN1_item_i2d(intsi.a, pder, &CMS_SharedInfo_it);
1628}
1629LCRYPTO_ALIAS(CMS_SharedInfo_encode);
diff --git a/src/lib/libcrypto/cms/cms_att.c b/src/lib/libcrypto/cms/cms_att.c
deleted file mode 100644
index 5dbaf3cb20..0000000000
--- a/src/lib/libcrypto/cms/cms_att.c
+++ /dev/null
@@ -1,231 +0,0 @@
1/* $OpenBSD: cms_att.c,v 1.13 2024/08/27 01:19:27 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <openssl/asn1.h>
56#include <openssl/cms.h>
57#include <openssl/x509.h>
58
59#include "cms_local.h"
60#include "x509_local.h"
61
62/* CMS SignedData Attribute utilities */
63
64int
65CMS_signed_get_attr_count(const CMS_SignerInfo *si)
66{
67 return sk_X509_ATTRIBUTE_num(si->signedAttrs);
68}
69LCRYPTO_ALIAS(CMS_signed_get_attr_count);
70
71int
72CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
73{
74 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
75}
76LCRYPTO_ALIAS(CMS_signed_get_attr_by_NID);
77
78int
79CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
80 int lastpos)
81{
82 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
83}
84LCRYPTO_ALIAS(CMS_signed_get_attr_by_OBJ);
85
86X509_ATTRIBUTE *
87CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
88{
89 return sk_X509_ATTRIBUTE_value(si->signedAttrs, loc);
90}
91LCRYPTO_ALIAS(CMS_signed_get_attr);
92
93X509_ATTRIBUTE *
94CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
95{
96 return sk_X509_ATTRIBUTE_delete(si->signedAttrs, loc);
97}
98LCRYPTO_ALIAS(CMS_signed_delete_attr);
99
100int
101CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
102{
103 if (X509at_add1_attr(&si->signedAttrs, attr))
104 return 1;
105 return 0;
106}
107LCRYPTO_ALIAS(CMS_signed_add1_attr);
108
109int
110CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, int type,
111 const void *bytes, int len)
112{
113 if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
114 return 1;
115 return 0;
116}
117LCRYPTO_ALIAS(CMS_signed_add1_attr_by_OBJ);
118
119int
120CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
121 const void *bytes, int len)
122{
123 if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
124 return 1;
125 return 0;
126}
127LCRYPTO_ALIAS(CMS_signed_add1_attr_by_NID);
128
129int
130CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type,
131 const void *bytes, int len)
132{
133 if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
134 return 1;
135 return 0;
136}
137LCRYPTO_ALIAS(CMS_signed_add1_attr_by_txt);
138
139void *
140CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
141 int lastpos, int type)
142{
143 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
144}
145LCRYPTO_ALIAS(CMS_signed_get0_data_by_OBJ);
146
147int
148CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
149{
150 return sk_X509_ATTRIBUTE_num(si->unsignedAttrs);
151}
152LCRYPTO_ALIAS(CMS_unsigned_get_attr_count);
153
154int
155CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
156{
157 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
158}
159LCRYPTO_ALIAS(CMS_unsigned_get_attr_by_NID);
160
161int
162CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
163 int lastpos)
164{
165 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
166}
167LCRYPTO_ALIAS(CMS_unsigned_get_attr_by_OBJ);
168
169X509_ATTRIBUTE *
170CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
171{
172 return sk_X509_ATTRIBUTE_value(si->unsignedAttrs, loc);
173}
174LCRYPTO_ALIAS(CMS_unsigned_get_attr);
175
176X509_ATTRIBUTE *
177CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
178{
179 return sk_X509_ATTRIBUTE_delete(si->unsignedAttrs, loc);
180}
181LCRYPTO_ALIAS(CMS_unsigned_delete_attr);
182
183int
184CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
185{
186 if (X509at_add1_attr(&si->unsignedAttrs, attr))
187 return 1;
188 return 0;
189}
190LCRYPTO_ALIAS(CMS_unsigned_add1_attr);
191
192int
193CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
194 int type, const void *bytes, int len)
195{
196 if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
197 return 1;
198 return 0;
199}
200LCRYPTO_ALIAS(CMS_unsigned_add1_attr_by_OBJ);
201
202int
203CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
204 const void *bytes, int len)
205{
206 if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
207 return 1;
208 return 0;
209}
210LCRYPTO_ALIAS(CMS_unsigned_add1_attr_by_NID);
211
212int
213CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
214 int type, const void *bytes, int len)
215{
216 if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, type,
217 bytes, len))
218 return 1;
219 return 0;
220}
221LCRYPTO_ALIAS(CMS_unsigned_add1_attr_by_txt);
222
223void *
224CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos,
225 int type)
226{
227 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
228}
229LCRYPTO_ALIAS(CMS_unsigned_get0_data_by_OBJ);
230
231/* Specific attribute cases */
diff --git a/src/lib/libcrypto/cms/cms_dd.c b/src/lib/libcrypto/cms/cms_dd.c
deleted file mode 100644
index 0a357094c5..0000000000
--- a/src/lib/libcrypto/cms/cms_dd.c
+++ /dev/null
@@ -1,152 +0,0 @@
1/* $OpenBSD: cms_dd.c,v 1.17 2023/10/26 09:08:57 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <string.h>
56
57#include <openssl/asn1.h>
58#include <openssl/cms.h>
59#include <openssl/err.h>
60#include <openssl/evp.h>
61#include <openssl/objects.h>
62
63#include "cms_local.h"
64#include "x509_local.h"
65
66/* CMS DigestedData Utilities */
67
68CMS_ContentInfo *
69cms_DigestedData_create(const EVP_MD *md)
70{
71 CMS_ContentInfo *cms;
72 CMS_DigestedData *dd;
73
74 cms = CMS_ContentInfo_new();
75 if (cms == NULL)
76 return NULL;
77
78 dd = (CMS_DigestedData *)ASN1_item_new(&CMS_DigestedData_it);
79
80 if (dd == NULL)
81 goto err;
82
83 cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
84 cms->d.digestedData = dd;
85
86 dd->version = 0;
87 dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
88
89 if (!X509_ALGOR_set_evp_md(dd->digestAlgorithm, md))
90 goto err;
91
92 return cms;
93
94 err:
95 CMS_ContentInfo_free(cms);
96
97 return NULL;
98}
99
100BIO *
101cms_DigestedData_init_bio(CMS_ContentInfo *cms)
102{
103 CMS_DigestedData *dd;
104
105 dd = cms->d.digestedData;
106
107 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
108}
109
110int
111cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
112{
113 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
114 unsigned char md[EVP_MAX_MD_SIZE];
115 unsigned int mdlen;
116 int r = 0;
117 CMS_DigestedData *dd;
118
119 if (mctx == NULL) {
120 CMSerror(ERR_R_MALLOC_FAILURE);
121 goto err;
122 }
123
124 dd = cms->d.digestedData;
125
126 if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
127 goto err;
128
129 if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
130 goto err;
131
132 if (verify) {
133 if (mdlen != (unsigned int)dd->digest->length) {
134 CMSerror(CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
135 goto err;
136 }
137
138 if (memcmp(md, dd->digest->data, mdlen))
139 CMSerror(CMS_R_VERIFICATION_FAILURE);
140 else
141 r = 1;
142 } else {
143 if (!ASN1_STRING_set(dd->digest, md, mdlen))
144 goto err;
145 r = 1;
146 }
147
148 err:
149 EVP_MD_CTX_free(mctx);
150
151 return r;
152}
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
deleted file mode 100644
index ef6925dbd6..0000000000
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ /dev/null
@@ -1,266 +0,0 @@
1/* $OpenBSD: cms_enc.c,v 1.25 2024/11/01 18:34:06 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <stdlib.h>
56#include <string.h>
57
58#include <openssl/asn1.h>
59#include <openssl/bio.h>
60#include <openssl/cms.h>
61#include <openssl/err.h>
62#include <openssl/evp.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65
66#include "cms_local.h"
67#include "evp_local.h"
68
69/* CMS EncryptedData Utilities */
70
71/* Return BIO based on EncryptedContentInfo and key */
72
73BIO *
74cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
75{
76 BIO *b;
77 EVP_CIPHER_CTX *ctx;
78 const EVP_CIPHER *ciph;
79 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
80 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
81 unsigned char *tkey = NULL;
82 size_t tkeylen = 0;
83
84 int ok = 0;
85
86 int enc, keep_key = 0;
87
88 enc = ec->cipher ? 1 : 0;
89
90 b = BIO_new(BIO_f_cipher());
91 if (b == NULL) {
92 CMSerror(ERR_R_MALLOC_FAILURE);
93 return NULL;
94 }
95
96 BIO_get_cipher_ctx(b, &ctx);
97
98 if (enc) {
99 ciph = ec->cipher;
100 /*
101 * If not keeping key set cipher to NULL so subsequent calls decrypt.
102 */
103 if (ec->key)
104 ec->cipher = NULL;
105 } else {
106 ciph = EVP_get_cipherbyobj(calg->algorithm);
107
108 if (!ciph) {
109 CMSerror(CMS_R_UNKNOWN_CIPHER);
110 goto err;
111 }
112 }
113
114 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
115 CMSerror(CMS_R_CIPHER_INITIALISATION_ERROR);
116 goto err;
117 }
118
119 if (enc) {
120 int ivlen;
121 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
122 /* Generate a random IV if we need one */
123 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
124 if (ivlen > 0) {
125 arc4random_buf(iv, ivlen);
126 piv = iv;
127 }
128 } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
129 CMSerror(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
130 goto err;
131 }
132 tkeylen = EVP_CIPHER_CTX_key_length(ctx);
133 /* Generate random session key */
134 if (!enc || !ec->key) {
135 tkey = malloc(tkeylen);
136 if (tkey == NULL) {
137 CMSerror(ERR_R_MALLOC_FAILURE);
138 goto err;
139 }
140 if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
141 goto err;
142 }
143
144 if (!ec->key) {
145 ec->key = tkey;
146 ec->keylen = tkeylen;
147 tkey = NULL;
148 if (enc)
149 keep_key = 1;
150 else
151 ERR_clear_error();
152
153 }
154
155 if (ec->keylen != tkeylen) {
156 /* If necessary set key length */
157 if (!EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen)) {
158 /*
159 * Only reveal failure if debugging so we don't leak information
160 * which may be useful in MMA.
161 */
162 if (enc || ec->debug) {
163 CMSerror(CMS_R_INVALID_KEY_LENGTH);
164 goto err;
165 } else {
166 /* Use random key */
167 freezero(ec->key, ec->keylen);
168 ec->key = tkey;
169 ec->keylen = tkeylen;
170 tkey = NULL;
171 ERR_clear_error();
172 }
173 }
174 }
175
176 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
177 CMSerror(CMS_R_CIPHER_INITIALISATION_ERROR);
178 goto err;
179 }
180 if (enc) {
181 calg->parameter = ASN1_TYPE_new();
182 if (calg->parameter == NULL) {
183 CMSerror(ERR_R_MALLOC_FAILURE);
184 goto err;
185 }
186 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
187 CMSerror(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
188 goto err;
189 }
190 /* If parameter type not set omit parameter */
191 if (calg->parameter->type == V_ASN1_UNDEF) {
192 ASN1_TYPE_free(calg->parameter);
193 calg->parameter = NULL;
194 }
195 }
196 ok = 1;
197
198 err:
199 if (!keep_key || !ok) {
200 freezero(ec->key, ec->keylen);
201 ec->key = NULL;
202 }
203 freezero(tkey, tkeylen);
204 if (ok)
205 return b;
206 BIO_free(b);
207 return NULL;
208}
209
210int
211cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
212 const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen)
213{
214 ec->cipher = cipher;
215 if (key) {
216 if ((ec->key = malloc(keylen)) == NULL) {
217 CMSerror(ERR_R_MALLOC_FAILURE);
218 return 0;
219 }
220 memcpy(ec->key, key, keylen);
221 }
222 ec->keylen = keylen;
223 if (cipher)
224 ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
225
226 return 1;
227}
228
229int
230CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
231 const unsigned char *key, size_t keylen)
232{
233 CMS_EncryptedContentInfo *ec;
234
235 if (!key || !keylen) {
236 CMSerror(CMS_R_NO_KEY);
237 return 0;
238 }
239 if (ciph) {
240 cms->d.encryptedData = (CMS_EncryptedData *)ASN1_item_new(&CMS_EncryptedData_it);
241 if (!cms->d.encryptedData) {
242 CMSerror(ERR_R_MALLOC_FAILURE);
243 return 0;
244 }
245 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
246 cms->d.encryptedData->version = 0;
247 } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
248 CMSerror(CMS_R_NOT_ENCRYPTED_DATA);
249 return 0;
250 }
251 ec = cms->d.encryptedData->encryptedContentInfo;
252
253 return cms_EncryptedContent_init(ec, ciph, key, keylen);
254}
255LCRYPTO_ALIAS(CMS_EncryptedData_set1_key);
256
257BIO *
258cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
259{
260 CMS_EncryptedData *enc = cms->d.encryptedData;
261
262 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
263 enc->version = 2;
264
265 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
266}
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
deleted file mode 100644
index 629d23215e..0000000000
--- a/src/lib/libcrypto/cms/cms_env.c
+++ /dev/null
@@ -1,996 +0,0 @@
1/* $OpenBSD: cms_env.c,v 1.28 2024/11/01 18:42:10 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <stdlib.h>
56#include <string.h>
57
58#include <openssl/aes.h>
59#include <openssl/asn1.h>
60#include <openssl/bio.h>
61#include <openssl/cms.h>
62#include <openssl/err.h>
63#include <openssl/evp.h>
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67#include "cms_local.h"
68#include "evp_local.h"
69
70/* CMS EnvelopedData Utilities */
71
72CMS_EnvelopedData *
73cms_get0_enveloped(CMS_ContentInfo *cms)
74{
75 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
76 CMSerror(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
77 return NULL;
78 }
79 return cms->d.envelopedData;
80}
81
82static CMS_EnvelopedData *
83cms_enveloped_data_init(CMS_ContentInfo *cms)
84{
85 if (cms->d.other == NULL) {
86 cms->d.envelopedData = (CMS_EnvelopedData *)ASN1_item_new(&CMS_EnvelopedData_it);
87 if (!cms->d.envelopedData) {
88 CMSerror(ERR_R_MALLOC_FAILURE);
89 return NULL;
90 }
91 cms->d.envelopedData->version = 0;
92 cms->d.envelopedData->encryptedContentInfo->contentType =
93 OBJ_nid2obj(NID_pkcs7_data);
94 ASN1_OBJECT_free(cms->contentType);
95 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
96 return cms->d.envelopedData;
97 }
98 return cms_get0_enveloped(cms);
99}
100
101int
102cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
103{
104 EVP_PKEY *pkey;
105 int i;
106
107 if (ri->type == CMS_RECIPINFO_TRANS)
108 pkey = ri->d.ktri->pkey;
109 else if (ri->type == CMS_RECIPINFO_AGREE) {
110 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
111 if (!pctx)
112 return 0;
113 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
114 if (!pkey)
115 return 0;
116 } else
117 return 0;
118 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
119 return 1;
120 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
121 if (i == -2) {
122 CMSerror(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
123 return 0;
124 }
125 if (i <= 0) {
126 CMSerror(CMS_R_CTRL_FAILURE);
127 return 0;
128 }
129
130 return 1;
131}
132
133STACK_OF(CMS_RecipientInfo) *
134CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
135{
136 CMS_EnvelopedData *env;
137
138 env = cms_get0_enveloped(cms);
139 if (!env)
140 return NULL;
141
142 return env->recipientInfos;
143}
144LCRYPTO_ALIAS(CMS_get0_RecipientInfos);
145
146int
147CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
148{
149 return ri->type;
150}
151LCRYPTO_ALIAS(CMS_RecipientInfo_type);
152
153EVP_PKEY_CTX *
154CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
155{
156 if (ri->type == CMS_RECIPINFO_TRANS)
157 return ri->d.ktri->pctx;
158 else if (ri->type == CMS_RECIPINFO_AGREE)
159 return ri->d.kari->pctx;
160
161 return NULL;
162}
163LCRYPTO_ALIAS(CMS_RecipientInfo_get0_pkey_ctx);
164
165CMS_ContentInfo *
166CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
167{
168 CMS_ContentInfo *cms;
169 CMS_EnvelopedData *env;
170
171 cms = CMS_ContentInfo_new();
172 if (cms == NULL)
173 goto merr;
174 env = cms_enveloped_data_init(cms);
175 if (env == NULL)
176 goto merr;
177 if (!cms_EncryptedContent_init(env->encryptedContentInfo, cipher,
178 NULL, 0))
179 goto merr;
180
181 return cms;
182
183 merr:
184 CMS_ContentInfo_free(cms);
185 CMSerror(ERR_R_MALLOC_FAILURE);
186 return NULL;
187}
188LCRYPTO_ALIAS(CMS_EnvelopedData_create);
189
190/* Key Transport Recipient Info (KTRI) routines */
191
192/* Initialise a ktri based on passed certificate and key */
193
194static int
195cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk,
196 unsigned int flags)
197{
198 CMS_KeyTransRecipientInfo *ktri;
199 int idtype;
200
201 ri->d.ktri = (CMS_KeyTransRecipientInfo *)ASN1_item_new(&CMS_KeyTransRecipientInfo_it);
202 if (!ri->d.ktri)
203 return 0;
204 ri->type = CMS_RECIPINFO_TRANS;
205
206 ktri = ri->d.ktri;
207
208 if (flags & CMS_USE_KEYID) {
209 ktri->version = 2;
210 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
211 } else {
212 ktri->version = 0;
213 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
214 }
215
216 /*
217 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
218 * structure.
219 */
220
221 if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
222 return 0;
223
224 X509_up_ref(recip);
225 EVP_PKEY_up_ref(pk);
226
227 ktri->pkey = pk;
228 ktri->recip = recip;
229
230 if (flags & CMS_KEY_PARAM) {
231 ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
232 if (ktri->pctx == NULL)
233 return 0;
234 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
235 return 0;
236 } else if (!cms_env_asn1_ctrl(ri, 0))
237 return 0;
238
239 return 1;
240}
241
242/*
243 * Add a recipient certificate using appropriate type of RecipientInfo
244 */
245
246CMS_RecipientInfo *
247CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags)
248{
249 CMS_RecipientInfo *ri = NULL;
250 CMS_EnvelopedData *env;
251 EVP_PKEY *pk = NULL;
252
253 env = cms_get0_enveloped(cms);
254 if (!env)
255 goto err;
256
257 /* Initialize recipient info */
258 ri = (CMS_RecipientInfo *)ASN1_item_new(&CMS_RecipientInfo_it);
259 if (!ri)
260 goto merr;
261
262 pk = X509_get0_pubkey(recip);
263 if (!pk) {
264 CMSerror(CMS_R_ERROR_GETTING_PUBLIC_KEY);
265 goto err;
266 }
267
268 switch (cms_pkey_get_ri_type(pk)) {
269
270 case CMS_RECIPINFO_TRANS:
271 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags))
272 goto err;
273 break;
274
275 case CMS_RECIPINFO_AGREE:
276 if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
277 goto err;
278 break;
279
280 default:
281 CMSerror(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
282 goto err;
283
284 }
285
286 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
287 goto merr;
288
289 return ri;
290
291 merr:
292 CMSerror(ERR_R_MALLOC_FAILURE);
293 err:
294 ASN1_item_free((ASN1_VALUE *)ri, &CMS_RecipientInfo_it);
295 return NULL;
296}
297LCRYPTO_ALIAS(CMS_add1_recipient_cert);
298
299int
300CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
301 X509 **recip, X509_ALGOR **palg)
302{
303 CMS_KeyTransRecipientInfo *ktri;
304
305 if (ri->type != CMS_RECIPINFO_TRANS) {
306 CMSerror(CMS_R_NOT_KEY_TRANSPORT);
307 return 0;
308 }
309
310 ktri = ri->d.ktri;
311
312 if (pk)
313 *pk = ktri->pkey;
314 if (recip)
315 *recip = ktri->recip;
316 if (palg)
317 *palg = ktri->keyEncryptionAlgorithm;
318
319 return 1;
320}
321LCRYPTO_ALIAS(CMS_RecipientInfo_ktri_get0_algs);
322
323int
324CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
325 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
326{
327 CMS_KeyTransRecipientInfo *ktri;
328
329 if (ri->type != CMS_RECIPINFO_TRANS) {
330 CMSerror(CMS_R_NOT_KEY_TRANSPORT);
331 return 0;
332 }
333 ktri = ri->d.ktri;
334
335 return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
336}
337LCRYPTO_ALIAS(CMS_RecipientInfo_ktri_get0_signer_id);
338
339int
340CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
341{
342 if (ri->type != CMS_RECIPINFO_TRANS) {
343 CMSerror(CMS_R_NOT_KEY_TRANSPORT);
344 return -2;
345 }
346
347 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
348}
349LCRYPTO_ALIAS(CMS_RecipientInfo_ktri_cert_cmp);
350
351int
352CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
353{
354 if (ri->type != CMS_RECIPINFO_TRANS) {
355 CMSerror(CMS_R_NOT_KEY_TRANSPORT);
356 return 0;
357 }
358 EVP_PKEY_free(ri->d.ktri->pkey);
359 ri->d.ktri->pkey = pkey;
360
361 return 1;
362}
363LCRYPTO_ALIAS(CMS_RecipientInfo_set0_pkey);
364
365/* Encrypt content key in key transport recipient info */
366
367static int
368cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
369{
370 CMS_KeyTransRecipientInfo *ktri;
371 CMS_EncryptedContentInfo *ec;
372 EVP_PKEY_CTX *pctx;
373 unsigned char *ek = NULL;
374 size_t eklen;
375
376 int ret = 0;
377
378 if (ri->type != CMS_RECIPINFO_TRANS) {
379 CMSerror(CMS_R_NOT_KEY_TRANSPORT);
380 return 0;
381 }
382 ktri = ri->d.ktri;
383 ec = cms->d.envelopedData->encryptedContentInfo;
384
385 pctx = ktri->pctx;
386
387 if (pctx) {
388 if (!cms_env_asn1_ctrl(ri, 0))
389 goto err;
390 } else {
391 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
392 if (pctx == NULL)
393 return 0;
394
395 if (EVP_PKEY_encrypt_init(pctx) <= 0)
396 goto err;
397 }
398
399 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
400 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
401 CMSerror(CMS_R_CTRL_ERROR);
402 goto err;
403 }
404
405 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
406 goto err;
407
408 ek = malloc(eklen);
409
410 if (ek == NULL) {
411 CMSerror(ERR_R_MALLOC_FAILURE);
412 goto err;
413 }
414
415 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
416 goto err;
417
418 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
419 ek = NULL;
420
421 ret = 1;
422
423 err:
424 EVP_PKEY_CTX_free(pctx);
425 ktri->pctx = NULL;
426 free(ek);
427
428 return ret;
429}
430
431/* Decrypt content key from KTRI */
432
433static int
434cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
435{
436 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
437 EVP_PKEY *pkey = ktri->pkey;
438 unsigned char *ek = NULL;
439 size_t eklen;
440 size_t fixlen = 0;
441 int ret = 0;
442 CMS_EncryptedContentInfo *ec;
443
444 ec = cms->d.envelopedData->encryptedContentInfo;
445
446 if (ktri->pkey == NULL) {
447 CMSerror(CMS_R_NO_PRIVATE_KEY);
448 return 0;
449 }
450
451 if (cms->d.envelopedData->encryptedContentInfo->havenocert &&
452 !cms->d.envelopedData->encryptedContentInfo->debug) {
453 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
454 const EVP_CIPHER *ciph;
455
456 if ((ciph = EVP_get_cipherbyobj(calg->algorithm)) == NULL) {
457 CMSerror(CMS_R_UNKNOWN_CIPHER);
458 return 0;
459 }
460
461 fixlen = EVP_CIPHER_key_length(ciph);
462 }
463
464 ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
465 if (ktri->pctx == NULL)
466 return 0;
467
468 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
469 goto err;
470
471 if (!cms_env_asn1_ctrl(ri, 1))
472 goto err;
473
474 if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
475 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
476 CMSerror(CMS_R_CTRL_ERROR);
477 goto err;
478 }
479
480 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, ktri->encryptedKey->data,
481 ktri->encryptedKey->length) <= 0 || eklen == 0 ||
482 (fixlen != 0 && eklen != fixlen)) {
483 CMSerror(CMS_R_CMS_LIB);
484 goto err;
485 }
486
487 ek = malloc(eklen);
488
489 if (ek == NULL) {
490 CMSerror(ERR_R_MALLOC_FAILURE);
491 goto err;
492 }
493
494 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data,
495 ktri->encryptedKey->length) <= 0) {
496 CMSerror(CMS_R_CMS_LIB);
497 goto err;
498 }
499
500 ret = 1;
501
502 freezero(ec->key, ec->keylen);
503 ec->key = ek;
504 ec->keylen = eklen;
505
506 err:
507 EVP_PKEY_CTX_free(ktri->pctx);
508 ktri->pctx = NULL;
509 if (!ret)
510 free(ek);
511
512 return ret;
513}
514
515/* Key Encrypted Key (KEK) RecipientInfo routines */
516
517int
518CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id,
519 size_t idlen)
520{
521 ASN1_OCTET_STRING tmp_os;
522 CMS_KEKRecipientInfo *kekri;
523
524 if (ri->type != CMS_RECIPINFO_KEK) {
525 CMSerror(CMS_R_NOT_KEK);
526 return -2;
527 }
528 kekri = ri->d.kekri;
529 tmp_os.type = V_ASN1_OCTET_STRING;
530 tmp_os.flags = 0;
531 tmp_os.data = (unsigned char *)id;
532 tmp_os.length = (int)idlen;
533
534 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
535}
536LCRYPTO_ALIAS(CMS_RecipientInfo_kekri_id_cmp);
537
538/* For now hard code AES key wrap info */
539
540static size_t
541aes_wrap_keylen(int nid)
542{
543 switch (nid) {
544 case NID_id_aes128_wrap:
545 return 16;
546
547 case NID_id_aes192_wrap:
548 return 24;
549
550 case NID_id_aes256_wrap:
551 return 32;
552
553 default:
554 return 0;
555 }
556}
557
558CMS_RecipientInfo *
559CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key,
560 size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date,
561 ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType)
562{
563 CMS_RecipientInfo *ri = NULL;
564 CMS_EnvelopedData *env;
565 CMS_KEKRecipientInfo *kekri;
566
567 env = cms_get0_enveloped(cms);
568 if (!env)
569 goto err;
570
571 if (nid == NID_undef) {
572 switch (keylen) {
573 case 16:
574 nid = NID_id_aes128_wrap;
575 break;
576
577 case 24:
578 nid = NID_id_aes192_wrap;
579 break;
580
581 case 32:
582 nid = NID_id_aes256_wrap;
583 break;
584
585 default:
586 CMSerror(CMS_R_INVALID_KEY_LENGTH);
587 goto err;
588 }
589
590 } else {
591
592 size_t exp_keylen = aes_wrap_keylen(nid);
593
594 if (!exp_keylen) {
595 CMSerror(CMS_R_UNSUPPORTED_KEK_ALGORITHM);
596 goto err;
597 }
598
599 if (keylen != exp_keylen) {
600 CMSerror(CMS_R_INVALID_KEY_LENGTH);
601 goto err;
602 }
603
604 }
605
606 /* Initialize recipient info */
607 ri = (CMS_RecipientInfo *)ASN1_item_new(&CMS_RecipientInfo_it);
608 if (!ri)
609 goto merr;
610
611 ri->d.kekri = (CMS_KEKRecipientInfo *)ASN1_item_new(&CMS_KEKRecipientInfo_it);
612 if (!ri->d.kekri)
613 goto merr;
614 ri->type = CMS_RECIPINFO_KEK;
615
616 kekri = ri->d.kekri;
617
618 if (otherTypeId) {
619 kekri->kekid->other = (CMS_OtherKeyAttribute *)ASN1_item_new(&CMS_OtherKeyAttribute_it);
620 if (kekri->kekid->other == NULL)
621 goto merr;
622 }
623
624 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
625 goto merr;
626
627 /* After this point no calls can fail */
628
629 kekri->version = 4;
630
631 kekri->key = key;
632 kekri->keylen = keylen;
633
634 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
635
636 kekri->kekid->date = date;
637
638 if (kekri->kekid->other) {
639 kekri->kekid->other->keyAttrId = otherTypeId;
640 kekri->kekid->other->keyAttr = otherType;
641 }
642
643 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
644 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
645
646 return ri;
647
648 merr:
649 CMSerror(ERR_R_MALLOC_FAILURE);
650 err:
651 ASN1_item_free((ASN1_VALUE *)ri, &CMS_RecipientInfo_it);
652 return NULL;
653}
654LCRYPTO_ALIAS(CMS_add0_recipient_key);
655
656int
657CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
658 ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
659 ASN1_OBJECT **potherid, ASN1_TYPE **pothertype)
660{
661 CMS_KEKIdentifier *rkid;
662
663 if (ri->type != CMS_RECIPINFO_KEK) {
664 CMSerror(CMS_R_NOT_KEK);
665 return 0;
666 }
667 rkid = ri->d.kekri->kekid;
668 if (palg)
669 *palg = ri->d.kekri->keyEncryptionAlgorithm;
670 if (pid)
671 *pid = rkid->keyIdentifier;
672 if (pdate)
673 *pdate = rkid->date;
674 if (potherid) {
675 if (rkid->other)
676 *potherid = rkid->other->keyAttrId;
677 else
678 *potherid = NULL;
679 }
680 if (pothertype) {
681 if (rkid->other)
682 *pothertype = rkid->other->keyAttr;
683 else
684 *pothertype = NULL;
685 }
686
687 return 1;
688}
689LCRYPTO_ALIAS(CMS_RecipientInfo_kekri_get0_id);
690
691int
692CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
693 size_t keylen)
694{
695 CMS_KEKRecipientInfo *kekri;
696
697 if (ri->type != CMS_RECIPINFO_KEK) {
698 CMSerror(CMS_R_NOT_KEK);
699 return 0;
700 }
701
702 kekri = ri->d.kekri;
703 kekri->key = key;
704 kekri->keylen = keylen;
705 return 1;
706}
707LCRYPTO_ALIAS(CMS_RecipientInfo_set0_key);
708
709/* Encrypt content key in KEK recipient info */
710
711static int
712cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
713{
714 CMS_EncryptedContentInfo *ec;
715 CMS_KEKRecipientInfo *kekri;
716 AES_KEY actx;
717 unsigned char *wkey = NULL;
718 int wkeylen;
719 int r = 0;
720
721 ec = cms->d.envelopedData->encryptedContentInfo;
722 kekri = ri->d.kekri;
723
724 if (!kekri->key) {
725 CMSerror(CMS_R_NO_KEY);
726 return 0;
727 }
728
729 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
730 CMSerror(CMS_R_ERROR_SETTING_KEY);
731 goto err;
732 }
733
734 wkey = malloc(ec->keylen + 8);
735 if (wkey == NULL) {
736 CMSerror(ERR_R_MALLOC_FAILURE);
737 goto err;
738 }
739
740 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
741 if (wkeylen <= 0) {
742 CMSerror(CMS_R_WRAP_ERROR);
743 goto err;
744 }
745
746 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
747
748 r = 1;
749
750 err:
751 if (!r)
752 free(wkey);
753 explicit_bzero(&actx, sizeof(actx));
754
755 return r;
756}
757
758/* Decrypt content key in KEK recipient info */
759
760static int
761cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
762{
763 CMS_EncryptedContentInfo *ec;
764 CMS_KEKRecipientInfo *kekri;
765 AES_KEY actx;
766 unsigned char *ukey = NULL;
767 int ukeylen;
768 int r = 0, wrap_nid;
769
770 ec = cms->d.envelopedData->encryptedContentInfo;
771 kekri = ri->d.kekri;
772
773 if (!kekri->key) {
774 CMSerror(CMS_R_NO_KEY);
775 return 0;
776 }
777
778 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
779 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
780 CMSerror(CMS_R_INVALID_KEY_LENGTH);
781 return 0;
782 }
783
784 /* If encrypted key length is invalid don't bother */
785
786 if (kekri->encryptedKey->length < 16) {
787 CMSerror(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
788 goto err;
789 }
790
791 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
792 CMSerror(CMS_R_ERROR_SETTING_KEY);
793 goto err;
794 }
795
796 ukey = malloc(kekri->encryptedKey->length - 8);
797 if (ukey == NULL) {
798 CMSerror(ERR_R_MALLOC_FAILURE);
799 goto err;
800 }
801
802 ukeylen = AES_unwrap_key(&actx, NULL, ukey, kekri->encryptedKey->data,
803 kekri->encryptedKey->length);
804
805 if (ukeylen <= 0) {
806 CMSerror(CMS_R_UNWRAP_ERROR);
807 goto err;
808 }
809
810 freezero(ec->key, ec->keylen);
811 ec->key = ukey;
812 ec->keylen = ukeylen;
813
814 r = 1;
815
816 err:
817
818 if (!r)
819 free(ukey);
820 explicit_bzero(&actx, sizeof(actx));
821
822 return r;
823}
824
825int
826CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
827{
828 switch (ri->type) {
829 case CMS_RECIPINFO_TRANS:
830 return cms_RecipientInfo_ktri_decrypt(cms, ri);
831
832 case CMS_RECIPINFO_KEK:
833 return cms_RecipientInfo_kekri_decrypt(cms, ri);
834
835 case CMS_RECIPINFO_PASS:
836 return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
837
838 default:
839 CMSerror(CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
840 return 0;
841 }
842}
843LCRYPTO_ALIAS(CMS_RecipientInfo_decrypt);
844
845int
846CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
847{
848 switch (ri->type) {
849 case CMS_RECIPINFO_TRANS:
850 return cms_RecipientInfo_ktri_encrypt(cms, ri);
851
852 case CMS_RECIPINFO_AGREE:
853 return cms_RecipientInfo_kari_encrypt(cms, ri);
854
855 case CMS_RECIPINFO_KEK:
856 return cms_RecipientInfo_kekri_encrypt(cms, ri);
857
858 case CMS_RECIPINFO_PASS:
859 return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
860
861 default:
862 CMSerror(CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
863 return 0;
864 }
865}
866LCRYPTO_ALIAS(CMS_RecipientInfo_encrypt);
867
868/* Check structures and fixup version numbers (if necessary) */
869
870static void
871cms_env_set_originfo_version(CMS_EnvelopedData *env)
872{
873 CMS_OriginatorInfo *org = env->originatorInfo;
874 int i;
875
876 if (org == NULL)
877 return;
878 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
879 CMS_CertificateChoices *cch;
880
881 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
882 if (cch->type == CMS_CERTCHOICE_OTHER) {
883 env->version = 4;
884 return;
885 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
886 if (env->version < 3)
887 env->version = 3;
888 }
889 }
890
891 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
892 CMS_RevocationInfoChoice *rch;
893
894 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
895 if (rch->type == CMS_REVCHOICE_OTHER) {
896 env->version = 4;
897 return;
898 }
899 }
900}
901
902static void
903cms_env_set_version(CMS_EnvelopedData *env)
904{
905 int i;
906 CMS_RecipientInfo *ri;
907
908 /*
909 * Can't set version higher than 4 so if 4 or more already nothing to do.
910 */
911 if (env->version >= 4)
912 return;
913
914 cms_env_set_originfo_version(env);
915
916 if (env->version >= 3)
917 return;
918
919 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
920 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
921 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
922 env->version = 3;
923 return;
924 } else if (ri->type != CMS_RECIPINFO_TRANS
925 || ri->d.ktri->version != 0) {
926 env->version = 2;
927 }
928 }
929 if (env->originatorInfo || env->unprotectedAttrs)
930 env->version = 2;
931 if (env->version == 2)
932 return;
933 env->version = 0;
934}
935
936BIO *
937cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
938{
939 CMS_EncryptedContentInfo *ec;
940 STACK_OF(CMS_RecipientInfo) *rinfos;
941 CMS_RecipientInfo *ri;
942 int i, ok = 0;
943 BIO *ret;
944
945 /* Get BIO first to set up key */
946
947 ec = cms->d.envelopedData->encryptedContentInfo;
948 ret = cms_EncryptedContent_init_bio(ec);
949
950 /* If error or no cipher end of processing */
951
952 if (!ret || !ec->cipher)
953 return ret;
954
955 /* Now encrypt content key according to each RecipientInfo type */
956
957 rinfos = cms->d.envelopedData->recipientInfos;
958
959 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
960 ri = sk_CMS_RecipientInfo_value(rinfos, i);
961 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) {
962 CMSerror(CMS_R_ERROR_SETTING_RECIPIENTINFO);
963 goto err;
964 }
965 }
966 cms_env_set_version(cms->d.envelopedData);
967
968 ok = 1;
969
970 err:
971 ec->cipher = NULL;
972 freezero(ec->key, ec->keylen);
973 ec->key = NULL;
974 ec->keylen = 0;
975 if (ok)
976 return ret;
977 BIO_free(ret);
978 return NULL;
979}
980
981/*
982 * Get RecipientInfo type (if any) supported by a key (public or private). To
983 * retain compatibility with previous behaviour if the ctrl value isn't
984 * supported we assume key transport.
985 */
986int
987cms_pkey_get_ri_type(EVP_PKEY *pk)
988{
989 if (pk->ameth && pk->ameth->pkey_ctrl) {
990 int i, r;
991 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
992 if (i > 0)
993 return r;
994 }
995 return CMS_RECIPINFO_TRANS;
996}
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
deleted file mode 100644
index 5431ab4bb8..0000000000
--- a/src/lib/libcrypto/cms/cms_err.c
+++ /dev/null
@@ -1,166 +0,0 @@
1/* $OpenBSD: cms_err.c,v 1.15 2024/06/24 06:43:22 tb Exp $ */
2/*
3 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
4 *
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11#include <openssl/cms.h>
12#include <openssl/err.h>
13
14#include "err_local.h"
15
16#ifndef OPENSSL_NO_ERR
17
18#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
19#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
20
21static const ERR_STRING_DATA CMS_str_functs[] = {
22 {ERR_FUNC(0xfff), "CRYPTO_internal"},
23 {0, NULL}
24};
25
26static const ERR_STRING_DATA CMS_str_reasons[] = {
27 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
28 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
29 "certificate already present"},
30 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
31 "certificate has no keyid"},
32 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR),
33 "certificate verify error"},
34 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR),
35 "cipher initialisation error"},
36 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
37 "cipher parameter initialisation error"},
38 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR),
39 "cms datafinal error"},
40 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"},
41 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH),
42 "contentidentifier mismatch"},
43 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"},
44 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH),
45 "content type mismatch"},
46 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
47 "content type not compressed data"},
48 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
49 "content type not enveloped data"},
50 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
51 "content type not signed data"},
52 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR),
53 "content verify error"},
54 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"},
55 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"},
56 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"},
57 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY),
58 "error getting public key"},
59 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
60 "error reading messagedigest attribute"},
61 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
62 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
63 "error setting recipientinfo"},
64 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
65 "invalid encrypted key length"},
66 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
67 "invalid key encryption parameter"},
68 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
69 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
70 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
71 "messagedigest attribute wrong length"},
72 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
73 "messagedigest wrong length"},
74 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
75 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
76 "msgsigdigest verification failure"},
77 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
78 "msgsigdigest wrong length"},
79 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"},
80 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT),
81 "not a signed receipt"},
82 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
83 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"},
84 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
85 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
86 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"},
87 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
88 "not supported for this key type"},
89 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"},
90 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"},
91 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"},
92 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
93 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"},
94 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"},
95 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"},
96 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
97 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT),
98 "no matching recipient"},
99 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE),
100 "no matching signature"},
101 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
102 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"},
103 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"},
104 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"},
105 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
106 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"},
107 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
108 "private key does not match certificate"},
109 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR),
110 "receipt decode error"},
111 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"},
112 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
113 "signer certificate not found"},
114 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"},
115 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"},
116 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"},
117 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA),
118 "type not compressed data"},
119 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"},
120 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA),
121 "type not digested data"},
122 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA),
123 "type not encrypted data"},
124 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA),
125 "type not enveloped data"},
126 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
127 "unable to finalize context"},
128 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
129 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM),
130 "unknown digest algorithm"},
131 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
132 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
133 "unsupported compression algorithm"},
134 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
135 "unsupported content type"},
136 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
137 "unsupported kek algorithm"},
138 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
139 "unsupported key encryption algorithm"},
140 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE),
141 "unsupported recipientinfo type"},
142 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
143 "unsupported recipient type"},
144 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
145 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
146 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
147 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE),
148 "verification failure"},
149 {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"},
150 {0, NULL}
151};
152
153#endif
154
155int
156ERR_load_CMS_strings(void)
157{
158#ifndef OPENSSL_NO_ERR
159 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
160 ERR_load_const_strings(CMS_str_functs);
161 ERR_load_const_strings(CMS_str_reasons);
162 }
163#endif
164 return 1;
165}
166LCRYPTO_ALIAS(ERR_load_CMS_strings);
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
deleted file mode 100644
index f01dcf73ed..0000000000
--- a/src/lib/libcrypto/cms/cms_ess.c
+++ /dev/null
@@ -1,413 +0,0 @@
1/* $OpenBSD: cms_ess.c,v 1.26 2024/11/01 18:53:35 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <stdlib.h>
56#include <string.h>
57
58#include <openssl/asn1.h>
59#include <openssl/cms.h>
60#include <openssl/err.h>
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66#include "cms_local.h"
67
68CMS_ReceiptRequest *
69d2i_CMS_ReceiptRequest(CMS_ReceiptRequest **a, const unsigned char **in, long len)
70{
71 return (CMS_ReceiptRequest *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
72 &CMS_ReceiptRequest_it);
73}
74LCRYPTO_ALIAS(d2i_CMS_ReceiptRequest);
75
76int
77i2d_CMS_ReceiptRequest(CMS_ReceiptRequest *a, unsigned char **out)
78{
79 return ASN1_item_i2d((ASN1_VALUE *)a, out, &CMS_ReceiptRequest_it);
80}
81LCRYPTO_ALIAS(i2d_CMS_ReceiptRequest);
82
83CMS_ReceiptRequest *
84CMS_ReceiptRequest_new(void)
85{
86 return (CMS_ReceiptRequest *)ASN1_item_new(&CMS_ReceiptRequest_it);
87}
88LCRYPTO_ALIAS(CMS_ReceiptRequest_new);
89
90void
91CMS_ReceiptRequest_free(CMS_ReceiptRequest *a)
92{
93 ASN1_item_free((ASN1_VALUE *)a, &CMS_ReceiptRequest_it);
94}
95LCRYPTO_ALIAS(CMS_ReceiptRequest_free);
96
97/* ESS services: for now just Signed Receipt related */
98
99int
100CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
101{
102 ASN1_STRING *str;
103 CMS_ReceiptRequest *rr = NULL;
104
105 if (prr)
106 *prr = NULL;
107 str = CMS_signed_get0_data_by_OBJ(si,
108 OBJ_nid2obj(NID_id_smime_aa_receiptRequest), -3, V_ASN1_SEQUENCE);
109 if (!str)
110 return 0;
111
112 rr = ASN1_item_unpack(str, &CMS_ReceiptRequest_it);
113 if (!rr)
114 return -1;
115 if (prr)
116 *prr = rr;
117 else
118 CMS_ReceiptRequest_free(rr);
119
120 return 1;
121}
122LCRYPTO_ALIAS(CMS_get1_ReceiptRequest);
123
124CMS_ReceiptRequest *
125CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
126 STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
127{
128 CMS_ReceiptRequest *rr = NULL;
129
130 rr = CMS_ReceiptRequest_new();
131 if (rr == NULL)
132 goto merr;
133 if (id)
134 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
135 else {
136 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
137 goto merr;
138 arc4random_buf(rr->signedContentIdentifier->data, 32);
139 }
140
141 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
142 rr->receiptsTo = receiptsTo;
143
144 if (receiptList) {
145 rr->receiptsFrom->type = 1;
146 rr->receiptsFrom->d.receiptList = receiptList;
147 } else {
148 rr->receiptsFrom->type = 0;
149 rr->receiptsFrom->d.allOrFirstTier = allorfirst;
150 }
151
152 return rr;
153
154 merr:
155 CMSerror(ERR_R_MALLOC_FAILURE);
156 CMS_ReceiptRequest_free(rr);
157
158 return NULL;
159}
160LCRYPTO_ALIAS(CMS_ReceiptRequest_create0);
161
162int
163CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
164{
165 unsigned char *rrder = NULL;
166 int rrderlen, r = 0;
167
168 rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
169 if (rrderlen < 0)
170 goto merr;
171
172 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
173 V_ASN1_SEQUENCE, rrder, rrderlen))
174 goto merr;
175
176 r = 1;
177
178 merr:
179 if (!r)
180 CMSerror(ERR_R_MALLOC_FAILURE);
181
182 free(rrder);
183
184 return r;
185}
186LCRYPTO_ALIAS(CMS_add1_ReceiptRequest);
187
188void
189CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
190 int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
191 STACK_OF(GENERAL_NAMES) **prto)
192{
193 if (pcid)
194 *pcid = rr->signedContentIdentifier;
195 if (rr->receiptsFrom->type == 0) {
196 if (pallorfirst)
197 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
198 if (plist)
199 *plist = NULL;
200 } else {
201 if (pallorfirst)
202 *pallorfirst = -1;
203 if (plist)
204 *plist = rr->receiptsFrom->d.receiptList;
205 }
206 if (prto)
207 *prto = rr->receiptsTo;
208}
209LCRYPTO_ALIAS(CMS_ReceiptRequest_get0_values);
210
211/* Digest a SignerInfo structure for msgSigDigest attribute processing */
212
213static int
214cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen)
215{
216 const EVP_MD *md;
217
218 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
219 if (md == NULL)
220 return 0;
221 if (!ASN1_item_digest(&CMS_Attributes_Verify_it, md,
222 si->signedAttrs, dig, diglen))
223 return 0;
224
225 return 1;
226}
227
228/* Add a msgSigDigest attribute to a SignerInfo */
229
230int
231cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
232{
233 unsigned char dig[EVP_MAX_MD_SIZE];
234 unsigned int diglen;
235
236 if (!cms_msgSigDigest(src, dig, &diglen)) {
237 CMSerror(CMS_R_MSGSIGDIGEST_ERROR);
238 return 0;
239 }
240 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
241 V_ASN1_OCTET_STRING, dig, diglen)) {
242 CMSerror(ERR_R_MALLOC_FAILURE);
243 return 0;
244 }
245
246 return 1;
247}
248
249/* Verify signed receipt after it has already passed normal CMS verify */
250
251int
252cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
253{
254 int r = 0, i;
255 CMS_ReceiptRequest *rr = NULL;
256 CMS_Receipt *rct = NULL;
257 STACK_OF(CMS_SignerInfo) *sis, *osis;
258 CMS_SignerInfo *si, *osi = NULL;
259 ASN1_OCTET_STRING *msig, **pcont;
260 ASN1_OBJECT *octype;
261 unsigned char dig[EVP_MAX_MD_SIZE];
262 unsigned int diglen;
263
264 /* Get SignerInfos, also checks SignedData content type */
265 osis = CMS_get0_SignerInfos(req_cms);
266 sis = CMS_get0_SignerInfos(cms);
267 if (!osis || !sis)
268 goto err;
269
270 if (sk_CMS_SignerInfo_num(sis) != 1) {
271 CMSerror(CMS_R_NEED_ONE_SIGNER);
272 goto err;
273 }
274
275 /* Check receipt content type */
276 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
277 CMSerror(CMS_R_NOT_A_SIGNED_RECEIPT);
278 goto err;
279 }
280
281 /* Extract and decode receipt content */
282 pcont = CMS_get0_content(cms);
283 if (!pcont || !*pcont) {
284 CMSerror(CMS_R_NO_CONTENT);
285 goto err;
286 }
287
288 rct = ASN1_item_unpack(*pcont, &CMS_Receipt_it);
289
290 if (!rct) {
291 CMSerror(CMS_R_RECEIPT_DECODE_ERROR);
292 goto err;
293 }
294
295 /* Locate original request */
296
297 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
298 osi = sk_CMS_SignerInfo_value(osis, i);
299 if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
300 break;
301 }
302
303 if (i == sk_CMS_SignerInfo_num(osis)) {
304 CMSerror(CMS_R_NO_MATCHING_SIGNATURE);
305 goto err;
306 }
307
308 si = sk_CMS_SignerInfo_value(sis, 0);
309
310 /* Get msgSigDigest value and compare */
311
312 msig = CMS_signed_get0_data_by_OBJ(si,
313 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, V_ASN1_OCTET_STRING);
314
315 if (!msig) {
316 CMSerror(CMS_R_NO_MSGSIGDIGEST);
317 goto err;
318 }
319
320 if (!cms_msgSigDigest(osi, dig, &diglen)) {
321 CMSerror(CMS_R_MSGSIGDIGEST_ERROR);
322 goto err;
323 }
324
325 if (diglen != (unsigned int)msig->length) {
326 CMSerror(CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
327 goto err;
328 }
329
330 if (memcmp(dig, msig->data, diglen)) {
331 CMSerror(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
332 goto err;
333 }
334
335 /* Compare content types */
336
337 octype = CMS_signed_get0_data_by_OBJ(osi,
338 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
339 if (!octype) {
340 CMSerror(CMS_R_NO_CONTENT_TYPE);
341 goto err;
342 }
343
344 /* Compare details in receipt request */
345
346 if (OBJ_cmp(octype, rct->contentType)) {
347 CMSerror(CMS_R_CONTENT_TYPE_MISMATCH);
348 goto err;
349 }
350
351 /* Get original receipt request details */
352
353 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
354 CMSerror(CMS_R_NO_RECEIPT_REQUEST);
355 goto err;
356 }
357
358 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
359 rct->signedContentIdentifier)) {
360 CMSerror(CMS_R_CONTENTIDENTIFIER_MISMATCH);
361 goto err;
362 }
363
364 r = 1;
365
366 err:
367 CMS_ReceiptRequest_free(rr);
368 ASN1_item_free((ASN1_VALUE *)rct, &CMS_Receipt_it);
369 return r;
370}
371
372/*
373 * Encode a Receipt into an OCTET STRING read for including into content of a
374 * SignedData ContentInfo.
375 */
376
377ASN1_OCTET_STRING *
378cms_encode_Receipt(CMS_SignerInfo *si)
379{
380 CMS_Receipt rct;
381 CMS_ReceiptRequest *rr = NULL;
382 ASN1_OBJECT *ctype;
383 ASN1_OCTET_STRING *os = NULL;
384
385 /* Get original receipt request */
386
387 /* Get original receipt request details */
388
389 if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
390 CMSerror(CMS_R_NO_RECEIPT_REQUEST);
391 goto err;
392 }
393
394 /* Get original content type */
395
396 ctype = CMS_signed_get0_data_by_OBJ(si,
397 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
398 if (!ctype) {
399 CMSerror(CMS_R_NO_CONTENT_TYPE);
400 goto err;
401 }
402
403 rct.version = 1;
404 rct.contentType = ctype;
405 rct.signedContentIdentifier = rr->signedContentIdentifier;
406 rct.originatorSignatureValue = si->signature;
407
408 os = ASN1_item_pack(&rct, &CMS_Receipt_it, NULL);
409
410 err:
411 CMS_ReceiptRequest_free(rr);
412 return os;
413}
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
deleted file mode 100644
index 84ada47c49..0000000000
--- a/src/lib/libcrypto/cms/cms_io.c
+++ /dev/null
@@ -1,180 +0,0 @@
1/* $OpenBSD: cms_io.c,v 1.21 2024/03/30 01:53:05 joshua Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <openssl/asn1t.h>
56#include <openssl/cms.h>
57#include <openssl/err.h>
58#include <openssl/pem.h>
59#include <openssl/x509.h>
60
61#include "asn1_local.h"
62#include "cms_local.h"
63
64int
65CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
66{
67 ASN1_OCTET_STRING **pos;
68
69 if ((pos = CMS_get0_content(cms)) == NULL)
70 return 0;
71
72 if (*pos == NULL)
73 *pos = ASN1_OCTET_STRING_new();
74 if (*pos == NULL) {
75 CMSerror(ERR_R_MALLOC_FAILURE);
76 return 0;
77 }
78
79 (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
80 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
81 *boundary = &(*pos)->data;
82
83 return 1;
84}
85LCRYPTO_ALIAS(CMS_stream);
86
87CMS_ContentInfo *
88d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
89{
90 return ASN1_item_d2i_bio(&CMS_ContentInfo_it, bp, cms);
91}
92LCRYPTO_ALIAS(d2i_CMS_bio);
93
94int
95i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
96{
97 return ASN1_item_i2d_bio(&CMS_ContentInfo_it, bp, cms);
98}
99LCRYPTO_ALIAS(i2d_CMS_bio);
100
101
102CMS_ContentInfo *
103PEM_read_bio_CMS(BIO *bp, CMS_ContentInfo **x, pem_password_cb *cb, void *u)
104{
105 return PEM_ASN1_read_bio((d2i_of_void *)d2i_CMS_ContentInfo,
106 PEM_STRING_CMS, bp, (void **)x, cb, u);
107}
108LCRYPTO_ALIAS(PEM_read_bio_CMS);
109
110CMS_ContentInfo *
111PEM_read_CMS(FILE *fp, CMS_ContentInfo **x, pem_password_cb *cb, void *u)
112{
113 return PEM_ASN1_read((d2i_of_void *)d2i_CMS_ContentInfo,
114 PEM_STRING_CMS, fp, (void **)x, cb, u);
115}
116LCRYPTO_ALIAS(PEM_read_CMS);
117
118int
119PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x)
120{
121 return PEM_ASN1_write_bio((i2d_of_void *)i2d_CMS_ContentInfo,
122 PEM_STRING_CMS, bp, (void *)x, NULL, NULL, 0, NULL, NULL);
123}
124LCRYPTO_ALIAS(PEM_write_bio_CMS);
125
126int
127PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x)
128{
129 return PEM_ASN1_write((i2d_of_void *)i2d_CMS_ContentInfo,
130 PEM_STRING_CMS, fp, (void *)x, NULL, NULL, 0, NULL, NULL);
131}
132LCRYPTO_ALIAS(PEM_write_CMS);
133
134BIO *
135BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
136{
137 return BIO_new_NDEF(out, (ASN1_VALUE *)cms, &CMS_ContentInfo_it);
138}
139LCRYPTO_ALIAS(BIO_new_CMS);
140
141/* CMS wrappers round generalised stream and MIME routines */
142
143int
144i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
145{
146 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
147 &CMS_ContentInfo_it);
148}
149LCRYPTO_ALIAS(i2d_CMS_bio_stream);
150
151int
152PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
153{
154 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags,
155 "CMS", &CMS_ContentInfo_it);
156}
157LCRYPTO_ALIAS(PEM_write_bio_CMS_stream);
158
159int
160SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
161{
162 STACK_OF(X509_ALGOR) *mdalgs = NULL;
163 int ctype_nid = OBJ_obj2nid(cms->contentType);
164 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
165
166 if (ctype_nid == NID_pkcs7_signed)
167 mdalgs = cms->d.signedData->digestAlgorithms;
168
169 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid,
170 econt_nid, mdalgs, &CMS_ContentInfo_it);
171}
172LCRYPTO_ALIAS(SMIME_write_CMS);
173
174CMS_ContentInfo *
175SMIME_read_CMS(BIO *bio, BIO **bcont)
176{
177 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
178 &CMS_ContentInfo_it);
179}
180LCRYPTO_ALIAS(SMIME_read_CMS);
diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
deleted file mode 100644
index 86b1ad9e83..0000000000
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ /dev/null
@@ -1,490 +0,0 @@
1/* $OpenBSD: cms_kari.c,v 1.17 2024/11/01 18:34:06 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <stdlib.h>
56#include <string.h>
57
58#include <openssl/asn1.h>
59#include <openssl/cms.h>
60#include <openssl/err.h>
61#include <openssl/evp.h>
62
63#include "cms_local.h"
64
65/* Key Agreement Recipient Info (KARI) routines */
66
67int
68CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
69 ASN1_OCTET_STRING **pukm)
70{
71 if (ri->type != CMS_RECIPINFO_AGREE) {
72 CMSerror(CMS_R_NOT_KEY_AGREEMENT);
73 return 0;
74 }
75 if (palg)
76 *palg = ri->d.kari->keyEncryptionAlgorithm;
77 if (pukm)
78 *pukm = ri->d.kari->ukm;
79
80 return 1;
81}
82LCRYPTO_ALIAS(CMS_RecipientInfo_kari_get0_alg);
83
84/* Retrieve recipient encrypted keys from a kari */
85
86STACK_OF(CMS_RecipientEncryptedKey) *
87CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
88{
89 if (ri->type != CMS_RECIPINFO_AGREE) {
90 CMSerror(CMS_R_NOT_KEY_AGREEMENT);
91 return NULL;
92 }
93 return ri->d.kari->recipientEncryptedKeys;
94}
95LCRYPTO_ALIAS(CMS_RecipientInfo_kari_get0_reks);
96
97int
98CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, X509_ALGOR **pubalg,
99 ASN1_BIT_STRING **pubkey, ASN1_OCTET_STRING **keyid, X509_NAME **issuer,
100 ASN1_INTEGER **sno)
101{
102 CMS_OriginatorIdentifierOrKey *oik;
103
104 if (ri->type != CMS_RECIPINFO_AGREE) {
105 CMSerror(CMS_R_NOT_KEY_AGREEMENT);
106 return 0;
107 }
108 oik = ri->d.kari->originator;
109 if (issuer)
110 *issuer = NULL;
111 if (sno)
112 *sno = NULL;
113 if (keyid)
114 *keyid = NULL;
115 if (pubalg)
116 *pubalg = NULL;
117 if (pubkey)
118 *pubkey = NULL;
119 if (oik->type == CMS_OIK_ISSUER_SERIAL) {
120 if (issuer)
121 *issuer = oik->d.issuerAndSerialNumber->issuer;
122 if (sno)
123 *sno = oik->d.issuerAndSerialNumber->serialNumber;
124 } else if (oik->type == CMS_OIK_KEYIDENTIFIER) {
125 if (keyid)
126 *keyid = oik->d.subjectKeyIdentifier;
127 } else if (oik->type == CMS_OIK_PUBKEY) {
128 if (pubalg)
129 *pubalg = oik->d.originatorKey->algorithm;
130 if (pubkey)
131 *pubkey = oik->d.originatorKey->publicKey;
132 } else
133 return 0;
134
135 return 1;
136}
137LCRYPTO_ALIAS(CMS_RecipientInfo_kari_get0_orig_id);
138
139int
140CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
141{
142 CMS_OriginatorIdentifierOrKey *oik;
143
144 if (ri->type != CMS_RECIPINFO_AGREE) {
145 CMSerror(CMS_R_NOT_KEY_AGREEMENT);
146 return -2;
147 }
148 oik = ri->d.kari->originator;
149 if (oik->type == CMS_OIK_ISSUER_SERIAL)
150 return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
151 else if (oik->type == CMS_OIK_KEYIDENTIFIER)
152 return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
153
154 return -1;
155}
156LCRYPTO_ALIAS(CMS_RecipientInfo_kari_orig_id_cmp);
157
158int
159CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
160 ASN1_OCTET_STRING **keyid, ASN1_GENERALIZEDTIME **tm,
161 CMS_OtherKeyAttribute **other, X509_NAME **issuer, ASN1_INTEGER **sno)
162{
163 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
164
165 if (rid->type == CMS_REK_ISSUER_SERIAL) {
166 if (issuer)
167 *issuer = rid->d.issuerAndSerialNumber->issuer;
168 if (sno)
169 *sno = rid->d.issuerAndSerialNumber->serialNumber;
170 if (keyid)
171 *keyid = NULL;
172 if (tm)
173 *tm = NULL;
174 if (other)
175 *other = NULL;
176 } else if (rid->type == CMS_REK_KEYIDENTIFIER) {
177 if (keyid)
178 *keyid = rid->d.rKeyId->subjectKeyIdentifier;
179 if (tm)
180 *tm = rid->d.rKeyId->date;
181 if (other)
182 *other = rid->d.rKeyId->other;
183 if (issuer)
184 *issuer = NULL;
185 if (sno)
186 *sno = NULL;
187 } else
188 return 0;
189
190 return 1;
191}
192LCRYPTO_ALIAS(CMS_RecipientEncryptedKey_get0_id);
193
194int
195CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, X509 *cert)
196{
197 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
198
199 if (rid->type == CMS_REK_ISSUER_SERIAL)
200 return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
201 else if (rid->type == CMS_REK_KEYIDENTIFIER)
202 return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert);
203 else
204 return -1;
205}
206LCRYPTO_ALIAS(CMS_RecipientEncryptedKey_cert_cmp);
207
208int
209CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
210{
211 EVP_PKEY_CTX *pctx;
212 CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
213
214 EVP_PKEY_CTX_free(kari->pctx);
215 kari->pctx = NULL;
216 if (!pk)
217 return 1;
218 pctx = EVP_PKEY_CTX_new(pk, NULL);
219 if (!pctx || !EVP_PKEY_derive_init(pctx))
220 goto err;
221 kari->pctx = pctx;
222 return 1;
223
224 err:
225 EVP_PKEY_CTX_free(pctx);
226 return 0;
227}
228LCRYPTO_ALIAS(CMS_RecipientInfo_kari_set0_pkey);
229
230EVP_CIPHER_CTX *
231CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
232{
233 if (ri->type == CMS_RECIPINFO_AGREE)
234 return ri->d.kari->ctx;
235 return NULL;
236}
237LCRYPTO_ALIAS(CMS_RecipientInfo_kari_get0_ctx);
238
239/*
240 * Derive KEK and decrypt/encrypt with it to produce either the original CEK
241 * or the encrypted CEK.
242 */
243
244static int
245cms_kek_cipher(unsigned char **pout, size_t *poutlen, const unsigned char *in,
246 size_t inlen, CMS_KeyAgreeRecipientInfo *kari, int enc)
247{
248 /* Key encryption key */
249 unsigned char kek[EVP_MAX_KEY_LENGTH];
250 size_t keklen;
251 int rv = 0;
252 unsigned char *out = NULL;
253 int outlen;
254
255 keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
256 if (keklen > EVP_MAX_KEY_LENGTH)
257 return 0;
258 /* Derive KEK */
259 if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
260 goto err;
261 /* Set KEK in context */
262 if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
263 goto err;
264 /* obtain output length of ciphered key */
265 if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
266 goto err;
267 out = malloc(outlen);
268 if (out == NULL)
269 goto err;
270 if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
271 goto err;
272 *pout = out;
273 *poutlen = (size_t)outlen;
274 rv = 1;
275
276 err:
277 explicit_bzero(kek, keklen);
278 if (!rv)
279 free(out);
280 (void)EVP_CIPHER_CTX_reset(kari->ctx);
281 /* FIXME: WHY IS kari->pctx freed here? /RL */
282 EVP_PKEY_CTX_free(kari->pctx);
283 kari->pctx = NULL;
284
285 return rv;
286}
287
288int
289CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
290 CMS_RecipientEncryptedKey *rek)
291{
292 int rv = 0;
293 unsigned char *enckey = NULL, *cek = NULL;
294 size_t enckeylen;
295 size_t ceklen;
296 CMS_EncryptedContentInfo *ec;
297
298 enckeylen = rek->encryptedKey->length;
299 enckey = rek->encryptedKey->data;
300 /* Setup all parameters to derive KEK */
301 if (!cms_env_asn1_ctrl(ri, 1))
302 goto err;
303 /* Attempt to decrypt CEK */
304 if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
305 goto err;
306 ec = cms->d.envelopedData->encryptedContentInfo;
307 freezero(ec->key, ec->keylen);
308 ec->key = cek;
309 ec->keylen = ceklen;
310 cek = NULL;
311 rv = 1;
312
313 err:
314 free(cek);
315
316 return rv;
317}
318LCRYPTO_ALIAS(CMS_RecipientInfo_kari_decrypt);
319
320/* Create ephemeral key and initialise context based on it */
321static int
322cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, EVP_PKEY *pk)
323{
324 EVP_PKEY_CTX *pctx = NULL;
325 EVP_PKEY *ekey = NULL;
326 int rv = 0;
327
328 pctx = EVP_PKEY_CTX_new(pk, NULL);
329 if (!pctx)
330 goto err;
331 if (EVP_PKEY_keygen_init(pctx) <= 0)
332 goto err;
333 if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
334 goto err;
335 EVP_PKEY_CTX_free(pctx);
336 pctx = EVP_PKEY_CTX_new(ekey, NULL);
337 if (!pctx)
338 goto err;
339 if (EVP_PKEY_derive_init(pctx) <= 0)
340 goto err;
341 kari->pctx = pctx;
342 rv = 1;
343
344 err:
345 if (!rv)
346 EVP_PKEY_CTX_free(pctx);
347 EVP_PKEY_free(ekey);
348
349 return rv;
350}
351
352/* Initialise a kari based on passed certificate and key */
353
354int
355cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk,
356 unsigned int flags)
357{
358 CMS_KeyAgreeRecipientInfo *kari;
359 CMS_RecipientEncryptedKey *rek = NULL;
360
361 ri->d.kari = (CMS_KeyAgreeRecipientInfo *)ASN1_item_new(&CMS_KeyAgreeRecipientInfo_it);
362 if (!ri->d.kari)
363 return 0;
364 ri->type = CMS_RECIPINFO_AGREE;
365
366 kari = ri->d.kari;
367 kari->version = 3;
368
369 rek = (CMS_RecipientEncryptedKey *)ASN1_item_new(&CMS_RecipientEncryptedKey_it);
370 if (rek == NULL)
371 return 0;
372
373 if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
374 ASN1_item_free((ASN1_VALUE *)rek, &CMS_RecipientEncryptedKey_it);
375 return 0;
376 }
377
378 if (flags & CMS_USE_KEYID) {
379 rek->rid->type = CMS_REK_KEYIDENTIFIER;
380 rek->rid->d.rKeyId = (CMS_RecipientKeyIdentifier *)ASN1_item_new(&CMS_RecipientKeyIdentifier_it);
381 if (rek->rid->d.rKeyId == NULL)
382 return 0;
383 if (!cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip))
384 return 0;
385 } else {
386 rek->rid->type = CMS_REK_ISSUER_SERIAL;
387 if (!cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip))
388 return 0;
389 }
390
391 /* Create ephemeral key */
392 if (!cms_kari_create_ephemeral_key(kari, pk))
393 return 0;
394
395 EVP_PKEY_up_ref(pk);
396 rek->pkey = pk;
397
398 return 1;
399}
400
401static int
402cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher)
403{
404 EVP_CIPHER_CTX *ctx = kari->ctx;
405 const EVP_CIPHER *kekcipher;
406 int keylen = EVP_CIPHER_key_length(cipher);
407
408 /* If a suitable wrap algorithm is already set nothing to do */
409 kekcipher = EVP_CIPHER_CTX_cipher(ctx);
410
411 if (kekcipher) {
412 if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
413 return 0;
414 return 1;
415 }
416 /*
417 * Pick a cipher based on content encryption cipher. If it is DES3 use
418 * DES3 wrap otherwise use AES wrap similar to key size.
419 */
420#ifndef OPENSSL_NO_DES
421#if 0
422 /*
423 * XXX - we do not currently support DES3 wrap and probably should just
424 * drop this code.
425 */
426 if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
427 kekcipher = EVP_des_ede3_wrap();
428 else
429#endif
430#endif
431 if (keylen <= 16)
432 kekcipher = EVP_aes_128_wrap();
433 else if (keylen <= 24)
434 kekcipher = EVP_aes_192_wrap();
435 else
436 kekcipher = EVP_aes_256_wrap();
437
438 return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
439}
440
441/* Encrypt content key in key agreement recipient info */
442
443int
444cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
445{
446 CMS_KeyAgreeRecipientInfo *kari;
447 CMS_EncryptedContentInfo *ec;
448 CMS_RecipientEncryptedKey *rek;
449 STACK_OF(CMS_RecipientEncryptedKey) *reks;
450 int i;
451
452 if (ri->type != CMS_RECIPINFO_AGREE) {
453 CMSerror(CMS_R_NOT_KEY_AGREEMENT);
454 return 0;
455 }
456 kari = ri->d.kari;
457 reks = kari->recipientEncryptedKeys;
458 ec = cms->d.envelopedData->encryptedContentInfo;
459 /* Initialise wrap algorithm parameters */
460 if (!cms_wrap_init(kari, ec->cipher))
461 return 0;
462 /*
463 * If no originator key set up initialise for ephemeral key the public key
464 * ASN1 structure will set the actual public key value.
465 */
466 if (kari->originator->type == -1) {
467 CMS_OriginatorIdentifierOrKey *oik = kari->originator;
468 oik->type = CMS_OIK_PUBKEY;
469 oik->d.originatorKey = (CMS_OriginatorPublicKey *)ASN1_item_new(&CMS_OriginatorPublicKey_it);
470 if (!oik->d.originatorKey)
471 return 0;
472 }
473 /* Initialise KDF algorithm */
474 if (!cms_env_asn1_ctrl(ri, 0))
475 return 0;
476 /* For each rek, derive KEK, encrypt CEK */
477 for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
478 unsigned char *enckey;
479 size_t enckeylen;
480 rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
481 if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0)
482 return 0;
483 if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
484 kari, 1))
485 return 0;
486 ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
487 }
488
489 return 1;
490}
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
deleted file mode 100644
index 2d7a8d9f21..0000000000
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ /dev/null
@@ -1,780 +0,0 @@
1/* $OpenBSD: cms_lib.c,v 1.26 2024/11/01 18:53:35 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <stddef.h>
56
57#include <openssl/asn1.h>
58#include <openssl/bio.h>
59#include <openssl/cms.h>
60#include <openssl/err.h>
61#include <openssl/evp.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66#include "cms_local.h"
67#include "x509_local.h"
68
69CMS_ContentInfo *
70d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len)
71{
72 return (CMS_ContentInfo *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
73 &CMS_ContentInfo_it);
74}
75LCRYPTO_ALIAS(d2i_CMS_ContentInfo);
76
77int
78i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **out)
79{
80 return ASN1_item_i2d((ASN1_VALUE *)a, out, &CMS_ContentInfo_it);
81}
82LCRYPTO_ALIAS(i2d_CMS_ContentInfo);
83
84CMS_ContentInfo *
85CMS_ContentInfo_new(void)
86{
87 return (CMS_ContentInfo *)ASN1_item_new(&CMS_ContentInfo_it);
88}
89LCRYPTO_ALIAS(CMS_ContentInfo_new);
90
91void
92CMS_ContentInfo_free(CMS_ContentInfo *a)
93{
94 ASN1_item_free((ASN1_VALUE *)a, &CMS_ContentInfo_it);
95}
96LCRYPTO_ALIAS(CMS_ContentInfo_free);
97
98int
99CMS_ContentInfo_print_ctx(BIO *out, CMS_ContentInfo *x, int indent, const ASN1_PCTX *pctx)
100{
101 return ASN1_item_print(out, (ASN1_VALUE *)x, indent,
102 &CMS_ContentInfo_it, pctx);
103}
104LCRYPTO_ALIAS(CMS_ContentInfo_print_ctx);
105
106const ASN1_OBJECT *
107CMS_get0_type(const CMS_ContentInfo *cms)
108{
109 return cms->contentType;
110}
111LCRYPTO_ALIAS(CMS_get0_type);
112
113CMS_ContentInfo *
114cms_Data_create(void)
115{
116 CMS_ContentInfo *cms;
117
118 cms = CMS_ContentInfo_new();
119 if (cms != NULL) {
120 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
121 /* Never detached */
122 CMS_set_detached(cms, 0);
123 }
124 return cms;
125}
126
127static BIO *
128cms_content_bio(CMS_ContentInfo *cms)
129{
130 ASN1_OCTET_STRING **pos;
131
132 if ((pos = CMS_get0_content(cms)) == NULL)
133 return NULL;
134
135 /* If content is detached, data goes nowhere: create null BIO. */
136 if (*pos == NULL)
137 return BIO_new(BIO_s_null());
138
139 /* If content is not detached and was created, return memory BIO. */
140 if ((*pos)->flags == ASN1_STRING_FLAG_CONT)
141 return BIO_new(BIO_s_mem());
142
143 /* Else content was read in: return read-only BIO for it. */
144 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
145}
146
147BIO *
148CMS_dataInit(CMS_ContentInfo *cms, BIO *in_content_bio)
149{
150 BIO *cms_bio = NULL, *content_bio = NULL;
151
152 if ((content_bio = in_content_bio) == NULL)
153 content_bio = cms_content_bio(cms);
154 if (content_bio == NULL) {
155 CMSerror(CMS_R_NO_CONTENT);
156 goto err;
157 }
158
159 switch (OBJ_obj2nid(cms->contentType)) {
160 case NID_pkcs7_data:
161 return content_bio;
162 case NID_pkcs7_signed:
163 if ((cms_bio = cms_SignedData_init_bio(cms)) == NULL)
164 goto err;
165 break;
166 case NID_pkcs7_digest:
167 if ((cms_bio = cms_DigestedData_init_bio(cms)) == NULL)
168 goto err;
169 break;
170 case NID_pkcs7_encrypted:
171 if ((cms_bio = cms_EncryptedData_init_bio(cms)) == NULL)
172 goto err;
173 break;
174 case NID_pkcs7_enveloped:
175 if ((cms_bio = cms_EnvelopedData_init_bio(cms)) == NULL)
176 goto err;
177 break;
178 default:
179 CMSerror(CMS_R_UNSUPPORTED_TYPE);
180 goto err;
181 }
182
183 return BIO_push(cms_bio, content_bio);
184
185 err:
186 if (content_bio != in_content_bio)
187 BIO_free(content_bio);
188
189 return NULL;
190}
191LCRYPTO_ALIAS(CMS_dataInit);
192
193int
194CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
195{
196 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
197
198 if (!pos)
199 return 0;
200 /* If embedded content find memory BIO and set content */
201 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
202 BIO *mbio;
203 unsigned char *cont;
204 long contlen;
205 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
206 if (!mbio) {
207 CMSerror(CMS_R_CONTENT_NOT_FOUND);
208 return 0;
209 }
210 contlen = BIO_get_mem_data(mbio, &cont);
211 /* Set bio as read only so its content can't be clobbered */
212 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
213 BIO_set_mem_eof_return(mbio, 0);
214 ASN1_STRING_set0(*pos, cont, contlen);
215 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
216 }
217
218 switch (OBJ_obj2nid(cms->contentType)) {
219
220 case NID_pkcs7_data:
221 case NID_pkcs7_enveloped:
222 case NID_pkcs7_encrypted:
223 case NID_id_smime_ct_compressedData:
224 /* Nothing to do */
225 return 1;
226
227 case NID_pkcs7_signed:
228 return cms_SignedData_final(cms, cmsbio);
229
230 case NID_pkcs7_digest:
231 return cms_DigestedData_do_final(cms, cmsbio, 0);
232
233 default:
234 CMSerror(CMS_R_UNSUPPORTED_TYPE);
235 return 0;
236 }
237}
238LCRYPTO_ALIAS(CMS_dataFinal);
239
240int
241CMS_get_version(const CMS_ContentInfo *cms, long *version)
242{
243 switch (OBJ_obj2nid(cms->contentType)) {
244 case NID_pkcs7_signed:
245 *version = cms->d.signedData->version;
246 return 1;
247
248 case NID_pkcs7_enveloped:
249 *version = cms->d.envelopedData->version;
250 return 1;
251
252 case NID_pkcs7_digest:
253 *version = cms->d.digestedData->version;
254 return 1;
255
256 case NID_pkcs7_encrypted:
257 *version = cms->d.encryptedData->version;
258 return 1;
259
260 case NID_id_smime_ct_authData:
261 *version = cms->d.authenticatedData->version;
262 return 1;
263
264 case NID_id_smime_ct_compressedData:
265 *version = cms->d.compressedData->version;
266 return 1;
267
268 default:
269 CMSerror(CMS_R_UNSUPPORTED_TYPE);
270 return 0;
271 }
272}
273LCRYPTO_ALIAS(CMS_get_version);
274
275int
276CMS_SignerInfo_get_version(const CMS_SignerInfo *si, long *version)
277{
278 *version = si->version;
279 return 1;
280}
281LCRYPTO_ALIAS(CMS_SignerInfo_get_version);
282
283/*
284 * Return an OCTET STRING pointer to content. This allows it to be accessed
285 * or set later.
286 */
287
288ASN1_OCTET_STRING **
289CMS_get0_content(CMS_ContentInfo *cms)
290{
291 switch (OBJ_obj2nid(cms->contentType)) {
292 case NID_pkcs7_data:
293 return &cms->d.data;
294
295 case NID_pkcs7_signed:
296 return &cms->d.signedData->encapContentInfo->eContent;
297
298 case NID_pkcs7_enveloped:
299 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
300
301 case NID_pkcs7_digest:
302 return &cms->d.digestedData->encapContentInfo->eContent;
303
304 case NID_pkcs7_encrypted:
305 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
306
307 case NID_id_smime_ct_authData:
308 return &cms->d.authenticatedData->encapContentInfo->eContent;
309
310 case NID_id_smime_ct_compressedData:
311 return &cms->d.compressedData->encapContentInfo->eContent;
312
313 default:
314 if (cms->d.other->type == V_ASN1_OCTET_STRING)
315 return &cms->d.other->value.octet_string;
316 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
317 return NULL;
318 }
319}
320LCRYPTO_ALIAS(CMS_get0_content);
321
322/*
323 * Return an ASN1_OBJECT pointer to content type. This allows it to be
324 * accessed or set later.
325 */
326
327static ASN1_OBJECT **
328cms_get0_econtent_type(CMS_ContentInfo *cms)
329{
330 switch (OBJ_obj2nid(cms->contentType)) {
331 case NID_pkcs7_signed:
332 return &cms->d.signedData->encapContentInfo->eContentType;
333
334 case NID_pkcs7_enveloped:
335 return &cms->d.envelopedData->encryptedContentInfo->contentType;
336
337 case NID_pkcs7_digest:
338 return &cms->d.digestedData->encapContentInfo->eContentType;
339
340 case NID_pkcs7_encrypted:
341 return &cms->d.encryptedData->encryptedContentInfo->contentType;
342
343 case NID_id_smime_ct_authData:
344 return &cms->d.authenticatedData->encapContentInfo->eContentType;
345
346 case NID_id_smime_ct_compressedData:
347 return &cms->d.compressedData->encapContentInfo->eContentType;
348
349 default:
350 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
351 return NULL;
352 }
353}
354
355const ASN1_OBJECT *
356CMS_get0_eContentType(CMS_ContentInfo *cms)
357{
358 ASN1_OBJECT **petype;
359
360 petype = cms_get0_econtent_type(cms);
361 if (petype)
362 return *petype;
363
364 return NULL;
365}
366LCRYPTO_ALIAS(CMS_get0_eContentType);
367
368int
369CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
370{
371 ASN1_OBJECT **petype, *etype;
372
373 petype = cms_get0_econtent_type(cms);
374 if (!petype)
375 return 0;
376 if (!oid)
377 return 1;
378 etype = OBJ_dup(oid);
379 if (!etype)
380 return 0;
381 ASN1_OBJECT_free(*petype);
382 *petype = etype;
383
384 return 1;
385}
386LCRYPTO_ALIAS(CMS_set1_eContentType);
387
388int
389CMS_is_detached(CMS_ContentInfo *cms)
390{
391 ASN1_OCTET_STRING **pos;
392
393 pos = CMS_get0_content(cms);
394 if (!pos)
395 return -1;
396 if (*pos)
397 return 0;
398
399 return 1;
400}
401LCRYPTO_ALIAS(CMS_is_detached);
402
403int
404CMS_set_detached(CMS_ContentInfo *cms, int detached)
405{
406 ASN1_OCTET_STRING **pos;
407
408 pos = CMS_get0_content(cms);
409 if (!pos)
410 return 0;
411 if (detached) {
412 ASN1_OCTET_STRING_free(*pos);
413 *pos = NULL;
414 return 1;
415 }
416 if (*pos == NULL)
417 *pos = ASN1_OCTET_STRING_new();
418 if (*pos != NULL) {
419 /*
420 * NB: special flag to show content is created and not read in.
421 */
422 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
423 return 1;
424 }
425 CMSerror(ERR_R_MALLOC_FAILURE);
426
427 return 0;
428}
429LCRYPTO_ALIAS(CMS_set_detached);
430
431/* Create a digest BIO from an X509_ALGOR structure */
432
433BIO *
434cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
435{
436 BIO *mdbio = NULL;
437 const ASN1_OBJECT *digestoid;
438 const EVP_MD *digest;
439
440 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
441 digest = EVP_get_digestbyobj(digestoid);
442 if (!digest) {
443 CMSerror(CMS_R_UNKNOWN_DIGEST_ALGORITHM);
444 goto err;
445 }
446 mdbio = BIO_new(BIO_f_md());
447 if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
448 CMSerror(CMS_R_MD_BIO_INIT_ERROR);
449 goto err;
450 }
451 return mdbio;
452
453 err:
454 BIO_free(mdbio);
455
456 return NULL;
457}
458
459/* Locate a message digest content from a BIO chain based on SignerInfo */
460
461int
462cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg)
463{
464 int nid;
465 const ASN1_OBJECT *mdoid;
466
467 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
468 nid = OBJ_obj2nid(mdoid);
469 /* Look for digest type to match signature */
470 for (;;) {
471 EVP_MD_CTX *mtmp;
472 chain = BIO_find_type(chain, BIO_TYPE_MD);
473 if (chain == NULL) {
474 CMSerror(CMS_R_NO_MATCHING_DIGEST);
475 return 0;
476 }
477 BIO_get_md_ctx(chain, &mtmp);
478 if (EVP_MD_CTX_type(mtmp) == nid
479 /*
480 * Workaround for broken implementations that use signature
481 * algorithm OID instead of digest.
482 */
483 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
484 return EVP_MD_CTX_copy_ex(mctx, mtmp);
485 chain = BIO_next(chain);
486 }
487}
488
489static STACK_OF(CMS_CertificateChoices) **
490cms_get0_certificate_choices(CMS_ContentInfo *cms)
491{
492 switch (OBJ_obj2nid(cms->contentType)) {
493 case NID_pkcs7_signed:
494 return &cms->d.signedData->certificates;
495
496 case NID_pkcs7_enveloped:
497 if (cms->d.envelopedData->originatorInfo == NULL)
498 return NULL;
499 return &cms->d.envelopedData->originatorInfo->certificates;
500
501 default:
502 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
503 return NULL;
504 }
505}
506
507CMS_CertificateChoices *
508CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
509{
510 STACK_OF(CMS_CertificateChoices) **pcerts;
511 CMS_CertificateChoices *cch;
512
513 pcerts = cms_get0_certificate_choices(cms);
514 if (!pcerts)
515 return NULL;
516 if (!*pcerts)
517 *pcerts = sk_CMS_CertificateChoices_new_null();
518 if (!*pcerts)
519 return NULL;
520 cch = (CMS_CertificateChoices *)ASN1_item_new(&CMS_CertificateChoices_it);
521 if (!cch)
522 return NULL;
523 if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
524 ASN1_item_free((ASN1_VALUE *)cch, &CMS_CertificateChoices_it);
525 return NULL;
526 }
527
528 return cch;
529}
530LCRYPTO_ALIAS(CMS_add0_CertificateChoices);
531
532int
533CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
534{
535 CMS_CertificateChoices *cch;
536 STACK_OF(CMS_CertificateChoices) **pcerts;
537 int i;
538
539 pcerts = cms_get0_certificate_choices(cms);
540 if (!pcerts)
541 return 0;
542 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
543 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
544 if (cch->type == CMS_CERTCHOICE_CERT) {
545 if (!X509_cmp(cch->d.certificate, cert)) {
546 CMSerror(CMS_R_CERTIFICATE_ALREADY_PRESENT);
547 return 0;
548 }
549 }
550 }
551 cch = CMS_add0_CertificateChoices(cms);
552 if (!cch)
553 return 0;
554 cch->type = CMS_CERTCHOICE_CERT;
555 cch->d.certificate = cert;
556
557 return 1;
558}
559LCRYPTO_ALIAS(CMS_add0_cert);
560
561int
562CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
563{
564 int r;
565
566 r = CMS_add0_cert(cms, cert);
567 if (r > 0)
568 X509_up_ref(cert);
569
570 return r;
571}
572LCRYPTO_ALIAS(CMS_add1_cert);
573
574static STACK_OF(CMS_RevocationInfoChoice) **
575cms_get0_revocation_choices(CMS_ContentInfo *cms)
576{
577 switch (OBJ_obj2nid(cms->contentType)) {
578 case NID_pkcs7_signed:
579 return &cms->d.signedData->crls;
580
581 case NID_pkcs7_enveloped:
582 if (cms->d.envelopedData->originatorInfo == NULL)
583 return NULL;
584 return &cms->d.envelopedData->originatorInfo->crls;
585
586 default:
587 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
588 return NULL;
589 }
590}
591
592CMS_RevocationInfoChoice *
593CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
594{
595 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
596 CMS_RevocationInfoChoice *rch;
597
598 pcrls = cms_get0_revocation_choices(cms);
599 if (!pcrls)
600 return NULL;
601 if (!*pcrls)
602 *pcrls = sk_CMS_RevocationInfoChoice_new_null();
603 if (!*pcrls)
604 return NULL;
605 rch = (CMS_RevocationInfoChoice *)ASN1_item_new(&CMS_RevocationInfoChoice_it);
606 if (!rch)
607 return NULL;
608 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
609 ASN1_item_free((ASN1_VALUE *)rch, &CMS_RevocationInfoChoice_it);
610 return NULL;
611 }
612
613 return rch;
614}
615LCRYPTO_ALIAS(CMS_add0_RevocationInfoChoice);
616
617int
618CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
619{
620 CMS_RevocationInfoChoice *rch;
621
622 rch = CMS_add0_RevocationInfoChoice(cms);
623 if (!rch)
624 return 0;
625 rch->type = CMS_REVCHOICE_CRL;
626 rch->d.crl = crl;
627
628 return 1;
629}
630LCRYPTO_ALIAS(CMS_add0_crl);
631
632int
633CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
634{
635 int r;
636
637 r = CMS_add0_crl(cms, crl);
638 if (r > 0)
639 X509_CRL_up_ref(crl);
640
641 return r;
642}
643LCRYPTO_ALIAS(CMS_add1_crl);
644
645STACK_OF(X509) *
646CMS_get1_certs(CMS_ContentInfo *cms)
647{
648 STACK_OF(X509) *certs = NULL;
649 CMS_CertificateChoices *cch;
650 STACK_OF(CMS_CertificateChoices) **pcerts;
651 int i;
652
653 pcerts = cms_get0_certificate_choices(cms);
654 if (!pcerts)
655 return NULL;
656 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
657 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
658 if (cch->type == 0) {
659 if (!certs) {
660 certs = sk_X509_new_null();
661 if (!certs)
662 return NULL;
663 }
664 if (!sk_X509_push(certs, cch->d.certificate)) {
665 sk_X509_pop_free(certs, X509_free);
666 return NULL;
667 }
668 X509_up_ref(cch->d.certificate);
669 }
670 }
671 return certs;
672}
673LCRYPTO_ALIAS(CMS_get1_certs);
674
675STACK_OF(X509_CRL) *
676CMS_get1_crls(CMS_ContentInfo *cms)
677{
678 STACK_OF(X509_CRL) *crls = NULL;
679 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
680 CMS_RevocationInfoChoice *rch;
681 int i;
682
683 pcrls = cms_get0_revocation_choices(cms);
684 if (!pcrls)
685 return NULL;
686 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
687 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
688 if (rch->type == 0) {
689 if (!crls) {
690 crls = sk_X509_CRL_new_null();
691 if (!crls)
692 return NULL;
693 }
694 if (!sk_X509_CRL_push(crls, rch->d.crl)) {
695 sk_X509_CRL_pop_free(crls, X509_CRL_free);
696 return NULL;
697 }
698 X509_CRL_up_ref(rch->d.crl);
699 }
700 }
701 return crls;
702}
703LCRYPTO_ALIAS(CMS_get1_crls);
704
705static const ASN1_OCTET_STRING *
706cms_X509_get0_subject_key_id(X509 *x)
707{
708 /* Call for side-effect of computing hash and caching extensions */
709 X509_check_purpose(x, -1, -1);
710 return x->skid;
711}
712
713int
714cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
715{
716 int ret;
717
718 ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
719 if (ret)
720 return ret;
721
722 return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
723}
724
725int
726cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
727{
728 const ASN1_OCTET_STRING *cert_keyid = cms_X509_get0_subject_key_id(cert);
729
730 if (cert_keyid == NULL)
731 return -1;
732
733 return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
734}
735
736int
737cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
738{
739 CMS_IssuerAndSerialNumber *ias;
740
741 ias = (CMS_IssuerAndSerialNumber *)ASN1_item_new(&CMS_IssuerAndSerialNumber_it);
742 if (!ias)
743 goto err;
744 if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
745 goto err;
746 if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
747 goto err;
748 ASN1_item_free((ASN1_VALUE *)*pias, &CMS_IssuerAndSerialNumber_it);
749 *pias = ias;
750
751 return 1;
752
753 err:
754 ASN1_item_free((ASN1_VALUE *)ias, &CMS_IssuerAndSerialNumber_it);
755 CMSerror(ERR_R_MALLOC_FAILURE);
756
757 return 0;
758}
759
760int
761cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
762{
763 ASN1_OCTET_STRING *keyid = NULL;
764 const ASN1_OCTET_STRING *cert_keyid;
765
766 cert_keyid = cms_X509_get0_subject_key_id(cert);
767 if (cert_keyid == NULL) {
768 CMSerror(CMS_R_CERTIFICATE_HAS_NO_KEYID);
769 return 0;
770 }
771 keyid = ASN1_STRING_dup(cert_keyid);
772 if (!keyid) {
773 CMSerror(ERR_R_MALLOC_FAILURE);
774 return 0;
775 }
776 ASN1_OCTET_STRING_free(*pkeyid);
777 *pkeyid = keyid;
778
779 return 1;
780}
diff --git a/src/lib/libcrypto/cms/cms_local.h b/src/lib/libcrypto/cms/cms_local.h
deleted file mode 100644
index 6be60e9047..0000000000
--- a/src/lib/libcrypto/cms/cms_local.h
+++ /dev/null
@@ -1,472 +0,0 @@
1/* $OpenBSD: cms_local.h,v 1.6 2024/05/19 07:12:50 jsg Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#ifndef HEADER_CMS_LOCAL_H
56#define HEADER_CMS_LOCAL_H
57
58#include <openssl/x509.h>
59
60/*
61 * Cryptographic message syntax (CMS) structures: taken from RFC3852
62 */
63
64/* Forward references */
65
66typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
67typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
68typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
69typedef struct CMS_SignedData_st CMS_SignedData;
70typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
71typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
72typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
73typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
74typedef struct CMS_DigestedData_st CMS_DigestedData;
75typedef struct CMS_EncryptedData_st CMS_EncryptedData;
76typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
77typedef struct CMS_CompressedData_st CMS_CompressedData;
78typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
79typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
80typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
81typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
82typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
83typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
84typedef struct CMS_KeyAgreeRecipientIdentifier_st
85 CMS_KeyAgreeRecipientIdentifier;
86typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
87typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
88typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
89typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
90typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
91
92struct CMS_ContentInfo_st {
93 ASN1_OBJECT *contentType;
94 union {
95 ASN1_OCTET_STRING *data;
96 CMS_SignedData *signedData;
97 CMS_EnvelopedData *envelopedData;
98 CMS_DigestedData *digestedData;
99 CMS_EncryptedData *encryptedData;
100 CMS_AuthenticatedData *authenticatedData;
101 CMS_CompressedData *compressedData;
102 ASN1_TYPE *other;
103 /* Other types ... */
104 void *otherData;
105 } d;
106};
107
108DECLARE_STACK_OF(CMS_CertificateChoices)
109
110struct CMS_SignedData_st {
111 long version;
112 STACK_OF(X509_ALGOR) *digestAlgorithms;
113 CMS_EncapsulatedContentInfo *encapContentInfo;
114 STACK_OF(CMS_CertificateChoices) *certificates;
115 STACK_OF(CMS_RevocationInfoChoice) *crls;
116 STACK_OF(CMS_SignerInfo) *signerInfos;
117};
118
119struct CMS_EncapsulatedContentInfo_st {
120 ASN1_OBJECT *eContentType;
121 ASN1_OCTET_STRING *eContent;
122 /* Set to 1 if incomplete structure only part set up */
123 int partial;
124};
125
126struct CMS_SignerInfo_st {
127 long version;
128 CMS_SignerIdentifier *sid;
129 X509_ALGOR *digestAlgorithm;
130 STACK_OF(X509_ATTRIBUTE) *signedAttrs;
131 X509_ALGOR *signatureAlgorithm;
132 ASN1_OCTET_STRING *signature;
133 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
134 /* Signing certificate and key */
135 X509 *signer;
136 EVP_PKEY *pkey;
137 /* Digest and public key context for alternative parameters */
138 EVP_MD_CTX *mctx;
139 EVP_PKEY_CTX *pctx;
140};
141
142struct CMS_SignerIdentifier_st {
143 int type;
144 union {
145 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
146 ASN1_OCTET_STRING *subjectKeyIdentifier;
147 } d;
148};
149
150struct CMS_EnvelopedData_st {
151 long version;
152 CMS_OriginatorInfo *originatorInfo;
153 STACK_OF(CMS_RecipientInfo) *recipientInfos;
154 CMS_EncryptedContentInfo *encryptedContentInfo;
155 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
156};
157
158struct CMS_OriginatorInfo_st {
159 STACK_OF(CMS_CertificateChoices) *certificates;
160 STACK_OF(CMS_RevocationInfoChoice) *crls;
161};
162
163struct CMS_EncryptedContentInfo_st {
164 ASN1_OBJECT *contentType;
165 X509_ALGOR *contentEncryptionAlgorithm;
166 ASN1_OCTET_STRING *encryptedContent;
167 /* Content encryption algorithm and key */
168 const EVP_CIPHER *cipher;
169 unsigned char *key;
170 size_t keylen;
171 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
172 int debug;
173 /* Set to 1 if we have no cert and need extra safety measures for MMA */
174 int havenocert;
175};
176
177struct CMS_RecipientInfo_st {
178 int type;
179 union {
180 CMS_KeyTransRecipientInfo *ktri;
181 CMS_KeyAgreeRecipientInfo *kari;
182 CMS_KEKRecipientInfo *kekri;
183 CMS_PasswordRecipientInfo *pwri;
184 CMS_OtherRecipientInfo *ori;
185 } d;
186};
187
188typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
189
190struct CMS_KeyTransRecipientInfo_st {
191 long version;
192 CMS_RecipientIdentifier *rid;
193 X509_ALGOR *keyEncryptionAlgorithm;
194 ASN1_OCTET_STRING *encryptedKey;
195 /* Recipient Key and cert */
196 X509 *recip;
197 EVP_PKEY *pkey;
198 /* Public key context for this operation */
199 EVP_PKEY_CTX *pctx;
200};
201
202struct CMS_KeyAgreeRecipientInfo_st {
203 long version;
204 CMS_OriginatorIdentifierOrKey *originator;
205 ASN1_OCTET_STRING *ukm;
206 X509_ALGOR *keyEncryptionAlgorithm;
207 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
208 /* Public key context associated with current operation */
209 EVP_PKEY_CTX *pctx;
210 /* Cipher context for CEK wrapping */
211 EVP_CIPHER_CTX *ctx;
212};
213
214struct CMS_OriginatorIdentifierOrKey_st {
215 int type;
216 union {
217 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
218 ASN1_OCTET_STRING *subjectKeyIdentifier;
219 CMS_OriginatorPublicKey *originatorKey;
220 } d;
221};
222
223struct CMS_OriginatorPublicKey_st {
224 X509_ALGOR *algorithm;
225 ASN1_BIT_STRING *publicKey;
226};
227
228struct CMS_RecipientEncryptedKey_st {
229 CMS_KeyAgreeRecipientIdentifier *rid;
230 ASN1_OCTET_STRING *encryptedKey;
231 /* Public key associated with this recipient */
232 EVP_PKEY *pkey;
233};
234
235struct CMS_KeyAgreeRecipientIdentifier_st {
236 int type;
237 union {
238 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
239 CMS_RecipientKeyIdentifier *rKeyId;
240 } d;
241};
242
243struct CMS_RecipientKeyIdentifier_st {
244 ASN1_OCTET_STRING *subjectKeyIdentifier;
245 ASN1_GENERALIZEDTIME *date;
246 CMS_OtherKeyAttribute *other;
247};
248
249struct CMS_KEKRecipientInfo_st {
250 long version;
251 CMS_KEKIdentifier *kekid;
252 X509_ALGOR *keyEncryptionAlgorithm;
253 ASN1_OCTET_STRING *encryptedKey;
254 /* Extra info: symmetric key to use */
255 unsigned char *key;
256 size_t keylen;
257};
258
259struct CMS_KEKIdentifier_st {
260 ASN1_OCTET_STRING *keyIdentifier;
261 ASN1_GENERALIZEDTIME *date;
262 CMS_OtherKeyAttribute *other;
263};
264
265struct CMS_PasswordRecipientInfo_st {
266 long version;
267 X509_ALGOR *keyDerivationAlgorithm;
268 X509_ALGOR *keyEncryptionAlgorithm;
269 ASN1_OCTET_STRING *encryptedKey;
270 /* Extra info: password to use */
271 unsigned char *pass;
272 size_t passlen;
273};
274
275struct CMS_OtherRecipientInfo_st {
276 ASN1_OBJECT *oriType;
277 ASN1_TYPE *oriValue;
278};
279
280struct CMS_DigestedData_st {
281 long version;
282 X509_ALGOR *digestAlgorithm;
283 CMS_EncapsulatedContentInfo *encapContentInfo;
284 ASN1_OCTET_STRING *digest;
285};
286
287struct CMS_EncryptedData_st {
288 long version;
289 CMS_EncryptedContentInfo *encryptedContentInfo;
290 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
291};
292
293struct CMS_AuthenticatedData_st {
294 long version;
295 CMS_OriginatorInfo *originatorInfo;
296 STACK_OF(CMS_RecipientInfo) *recipientInfos;
297 X509_ALGOR *macAlgorithm;
298 X509_ALGOR *digestAlgorithm;
299 CMS_EncapsulatedContentInfo *encapContentInfo;
300 STACK_OF(X509_ATTRIBUTE) *authAttrs;
301 ASN1_OCTET_STRING *mac;
302 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
303};
304
305struct CMS_CompressedData_st {
306 long version;
307 X509_ALGOR *compressionAlgorithm;
308 STACK_OF(CMS_RecipientInfo) *recipientInfos;
309 CMS_EncapsulatedContentInfo *encapContentInfo;
310};
311
312struct CMS_RevocationInfoChoice_st {
313 int type;
314 union {
315 X509_CRL *crl;
316 CMS_OtherRevocationInfoFormat *other;
317 } d;
318};
319
320#define CMS_REVCHOICE_CRL 0
321#define CMS_REVCHOICE_OTHER 1
322
323struct CMS_OtherRevocationInfoFormat_st {
324 ASN1_OBJECT *otherRevInfoFormat;
325 ASN1_TYPE *otherRevInfo;
326};
327
328struct CMS_CertificateChoices {
329 int type;
330 union {
331 X509 *certificate;
332 ASN1_STRING *extendedCertificate; /* Obsolete */
333 ASN1_STRING *v1AttrCert; /* Left encoded for now */
334 ASN1_STRING *v2AttrCert; /* Left encoded for now */
335 CMS_OtherCertificateFormat *other;
336 } d;
337};
338
339#define CMS_CERTCHOICE_CERT 0
340#define CMS_CERTCHOICE_EXCERT 1
341#define CMS_CERTCHOICE_V1ACERT 2
342#define CMS_CERTCHOICE_V2ACERT 3
343#define CMS_CERTCHOICE_OTHER 4
344
345struct CMS_OtherCertificateFormat_st {
346 ASN1_OBJECT *otherCertFormat;
347 ASN1_TYPE *otherCert;
348};
349
350/*
351 * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
352 * to be independent of PKCS#7
353 */
354
355struct CMS_IssuerAndSerialNumber_st {
356 X509_NAME *issuer;
357 ASN1_INTEGER *serialNumber;
358};
359
360struct CMS_OtherKeyAttribute_st {
361 ASN1_OBJECT *keyAttrId;
362 ASN1_TYPE *keyAttr;
363};
364
365/* ESS structures */
366
367#ifdef HEADER_X509V3_H
368
369struct CMS_ReceiptRequest_st {
370 ASN1_OCTET_STRING *signedContentIdentifier;
371 CMS_ReceiptsFrom *receiptsFrom;
372 STACK_OF(GENERAL_NAMES) *receiptsTo;
373};
374
375struct CMS_ReceiptsFrom_st {
376 int type;
377 union {
378 long allOrFirstTier;
379 STACK_OF(GENERAL_NAMES) *receiptList;
380 } d;
381};
382#endif
383
384struct CMS_Receipt_st {
385 long version;
386 ASN1_OBJECT *contentType;
387 ASN1_OCTET_STRING *signedContentIdentifier;
388 ASN1_OCTET_STRING *originatorSignatureValue;
389};
390
391extern const ASN1_ITEM CMS_SignerInfo_it;
392extern const ASN1_ITEM CMS_IssuerAndSerialNumber_it;
393extern const ASN1_ITEM CMS_Attributes_Sign_it;
394extern const ASN1_ITEM CMS_Attributes_Verify_it;
395extern const ASN1_ITEM CMS_RecipientInfo_it;
396extern const ASN1_ITEM CMS_PasswordRecipientInfo_it;
397
398#define CMS_SIGNERINFO_ISSUER_SERIAL 0
399#define CMS_SIGNERINFO_KEYIDENTIFIER 1
400
401#define CMS_RECIPINFO_ISSUER_SERIAL 0
402#define CMS_RECIPINFO_KEYIDENTIFIER 1
403
404#define CMS_REK_ISSUER_SERIAL 0
405#define CMS_REK_KEYIDENTIFIER 1
406
407#define CMS_OIK_ISSUER_SERIAL 0
408#define CMS_OIK_KEYIDENTIFIER 1
409#define CMS_OIK_PUBKEY 2
410
411CMS_ContentInfo *cms_Data_create(void);
412
413CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
414BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
415int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
416
417BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
418int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
419int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
420int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
421 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
422int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
423
424BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
425int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
426 X509_ALGOR *mdalg);
427
428int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
429int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
430int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
431int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
432
433BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
434BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
435int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
436 const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen);
437
438int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
439int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
440ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
441
442BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
443CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
444int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
445int cms_pkey_get_ri_type(EVP_PKEY *pk);
446/* KARI routines */
447int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
448 EVP_PKEY *pk, unsigned int flags);
449int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
450
451/* PWRI routines */
452int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
453 int en_de);
454
455extern const ASN1_ITEM CMS_CertificateChoices_it;
456extern const ASN1_ITEM CMS_DigestedData_it;
457extern const ASN1_ITEM CMS_EncryptedData_it;
458extern const ASN1_ITEM CMS_EnvelopedData_it;
459extern const ASN1_ITEM CMS_KEKRecipientInfo_it;
460extern const ASN1_ITEM CMS_KeyAgreeRecipientInfo_it;
461extern const ASN1_ITEM CMS_KeyTransRecipientInfo_it;
462extern const ASN1_ITEM CMS_OriginatorPublicKey_it;
463extern const ASN1_ITEM CMS_OtherKeyAttribute_it;
464extern const ASN1_ITEM CMS_Receipt_it;
465extern const ASN1_ITEM CMS_ReceiptRequest_it;
466extern const ASN1_ITEM CMS_RecipientEncryptedKey_it;
467extern const ASN1_ITEM CMS_RecipientKeyIdentifier_it;
468extern const ASN1_ITEM CMS_RevocationInfoChoice_it;
469extern const ASN1_ITEM CMS_SignedData_it;
470extern const ASN1_ITEM CMS_CompressedData_it;
471
472#endif /* !HEADER_CMS_LOCAL_H */
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
deleted file mode 100644
index b6fe5df961..0000000000
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ /dev/null
@@ -1,438 +0,0 @@
1/* $OpenBSD: cms_pwri.c,v 1.31 2024/01/14 18:40:24 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2009 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <sys/types.h>
56
57#include <stdlib.h>
58#include <string.h>
59
60#include <openssl/asn1.h>
61#include <openssl/err.h>
62#include <openssl/evp.h>
63#include <openssl/cms.h>
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67#include "cms_local.h"
68#include "evp_local.h"
69#include "x509_local.h"
70
71int
72CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
73 ssize_t passlen)
74{
75 CMS_PasswordRecipientInfo *pwri;
76
77 if (ri->type != CMS_RECIPINFO_PASS) {
78 CMSerror(CMS_R_NOT_PWRI);
79 return 0;
80 }
81
82 pwri = ri->d.pwri;
83 pwri->pass = pass;
84 if (pass && passlen < 0)
85 passlen = strlen((char *)pass);
86 pwri->passlen = passlen;
87
88 return 1;
89}
90LCRYPTO_ALIAS(CMS_RecipientInfo_set0_password);
91
92CMS_RecipientInfo *
93CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
94 int pbe_nid, unsigned char *pass, ssize_t passlen,
95 const EVP_CIPHER *kekciph)
96{
97 CMS_RecipientInfo *ri = NULL;
98 CMS_EnvelopedData *env;
99 CMS_PasswordRecipientInfo *pwri;
100 EVP_CIPHER_CTX *ctx = NULL;
101 X509_ALGOR *encalg = NULL;
102 unsigned char iv[EVP_MAX_IV_LENGTH];
103 int ivlen;
104
105 env = cms_get0_enveloped(cms);
106 if (!env)
107 return NULL;
108
109 if (wrap_nid <= 0)
110 wrap_nid = NID_id_alg_PWRI_KEK;
111
112 if (pbe_nid <= 0)
113 pbe_nid = NID_id_pbkdf2;
114
115 /* Get from enveloped data */
116 if (kekciph == NULL)
117 kekciph = env->encryptedContentInfo->cipher;
118
119 if (kekciph == NULL) {
120 CMSerror(CMS_R_NO_CIPHER);
121 return NULL;
122 }
123 if (wrap_nid != NID_id_alg_PWRI_KEK) {
124 CMSerror(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
125 return NULL;
126 }
127
128 /* Setup algorithm identifier for cipher */
129 encalg = X509_ALGOR_new();
130 if (encalg == NULL) {
131 goto merr;
132 }
133
134 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
135 goto merr;
136
137 if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
138 CMSerror(ERR_R_EVP_LIB);
139 goto err;
140 }
141
142 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
143
144 if (ivlen > 0) {
145 arc4random_buf(iv, ivlen);
146 if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
147 CMSerror(ERR_R_EVP_LIB);
148 goto err;
149 }
150 encalg->parameter = ASN1_TYPE_new();
151 if (!encalg->parameter) {
152 CMSerror(ERR_R_MALLOC_FAILURE);
153 goto err;
154 }
155 if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
156 CMSerror(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
157 goto err;
158 }
159 }
160
161 encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
162
163 EVP_CIPHER_CTX_free(ctx);
164 ctx = NULL;
165
166 /* Initialize recipient info */
167 ri = (CMS_RecipientInfo *)ASN1_item_new(&CMS_RecipientInfo_it);
168 if (ri == NULL)
169 goto merr;
170
171 ri->d.pwri = (CMS_PasswordRecipientInfo *)ASN1_item_new(&CMS_PasswordRecipientInfo_it);
172 if (ri->d.pwri == NULL)
173 goto merr;
174 ri->type = CMS_RECIPINFO_PASS;
175
176 pwri = ri->d.pwri;
177 /* Since this is overwritten, free up empty structure already there */
178 X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
179 pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
180 if (pwri->keyEncryptionAlgorithm == NULL)
181 goto merr;
182 pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
183 pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
184 if (pwri->keyEncryptionAlgorithm->parameter == NULL)
185 goto merr;
186
187 if (!ASN1_item_pack(encalg, &X509_ALGOR_it,
188 &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
189 goto merr;
190 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
191
192 X509_ALGOR_free(encalg);
193 encalg = NULL;
194
195 /* Setup PBE algorithm */
196
197 pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
198
199 if (!pwri->keyDerivationAlgorithm)
200 goto err;
201
202 CMS_RecipientInfo_set0_password(ri, pass, passlen);
203 pwri->version = 0;
204
205 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
206 goto merr;
207
208 return ri;
209
210 merr:
211 CMSerror(ERR_R_MALLOC_FAILURE);
212 err:
213 EVP_CIPHER_CTX_free(ctx);
214 if (ri)
215 ASN1_item_free((ASN1_VALUE *)ri, &CMS_RecipientInfo_it);
216 X509_ALGOR_free(encalg);
217
218 return NULL;
219}
220LCRYPTO_ALIAS(CMS_add0_recipient_password);
221
222/*
223 * This is an implementation of the key wrapping mechanism in RFC3211, at
224 * some point this should go into EVP.
225 */
226
227static int
228kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
229 size_t inlen, EVP_CIPHER_CTX *ctx)
230{
231 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
232 unsigned char *tmp;
233 int outl, rv = 0;
234
235 if (inlen < 2 * blocklen) {
236 /* too small */
237 return 0;
238 }
239 if (inlen % blocklen) {
240 /* Invalid size */
241 return 0;
242 }
243 if ((tmp = malloc(inlen)) == NULL) {
244 CMSerror(ERR_R_MALLOC_FAILURE);
245 return 0;
246 }
247
248 /* setup IV by decrypting last two blocks */
249 if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
250 in + inlen - 2 * blocklen, blocklen * 2)
251 /*
252 * Do a decrypt of last decrypted block to set IV to correct value
253 * output it to start of buffer so we don't corrupt decrypted block
254 * this works because buffer is at least two block lengths long.
255 */
256 || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen)
257 /* Can now decrypt first n - 1 blocks */
258 || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
259
260 /* Reset IV to original value */
261 || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
262 /* Decrypt again */
263 || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
264 goto err;
265 /* Check check bytes */
266 if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
267 /* Check byte failure */
268 goto err;
269 }
270 if (inlen < (size_t)(tmp[0] - 4)) {
271 /* Invalid length value */
272 goto err;
273 }
274 *outlen = (size_t)tmp[0];
275 memcpy(out, tmp + 4, *outlen);
276 rv = 1;
277
278 err:
279 freezero(tmp, inlen);
280
281 return rv;
282}
283
284static int
285kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
286 size_t inlen, EVP_CIPHER_CTX *ctx)
287{
288 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
289 size_t olen;
290 int dummy;
291
292 /*
293 * First decide length of output buffer: need header and round up to
294 * multiple of block length.
295 */
296 olen = (inlen + 4 + blocklen - 1) / blocklen;
297 olen *= blocklen;
298 if (olen < 2 * blocklen) {
299 /* Key too small */
300 return 0;
301 }
302 if (inlen > 0xFF) {
303 /* Key too large */
304 return 0;
305 }
306 if (out) {
307 /* Set header */
308 out[0] = (unsigned char)inlen;
309 out[1] = in[0] ^ 0xFF;
310 out[2] = in[1] ^ 0xFF;
311 out[3] = in[2] ^ 0xFF;
312 memcpy(out + 4, in, inlen);
313 /* Add random padding to end */
314 if (olen > inlen + 4)
315 arc4random_buf(out + 4 + inlen, olen - 4 - inlen);
316 /* Encrypt twice */
317 if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) ||
318 !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
319 return 0;
320 }
321
322 *outlen = olen;
323
324 return 1;
325}
326
327/* Encrypt/Decrypt content key in PWRI recipient info */
328
329int
330cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
331 int en_de)
332{
333 CMS_EncryptedContentInfo *ec;
334 CMS_PasswordRecipientInfo *pwri;
335 int r = 0;
336 X509_ALGOR *algtmp, *kekalg = NULL;
337 EVP_CIPHER_CTX *kekctx = NULL;
338 const EVP_CIPHER *kekcipher;
339 unsigned char *key = NULL;
340 size_t keylen;
341
342 ec = cms->d.envelopedData->encryptedContentInfo;
343
344 pwri = ri->d.pwri;
345
346 if (!pwri->pass) {
347 CMSerror(CMS_R_NO_PASSWORD);
348 return 0;
349 }
350 algtmp = pwri->keyEncryptionAlgorithm;
351
352 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
353 CMSerror(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
354 return 0;
355 }
356
357 if (algtmp->parameter != NULL &&
358 algtmp->parameter->type == V_ASN1_SEQUENCE &&
359 algtmp->parameter->value.sequence != NULL)
360 kekalg = ASN1_item_unpack(algtmp->parameter->value.sequence,
361 &X509_ALGOR_it);
362
363 if (kekalg == NULL) {
364 CMSerror(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
365 return 0;
366 }
367
368 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
369 if (!kekcipher) {
370 CMSerror(CMS_R_UNKNOWN_CIPHER);
371 return 0;
372 }
373
374 kekctx = EVP_CIPHER_CTX_new();
375 if (kekctx == NULL) {
376 CMSerror(ERR_R_MALLOC_FAILURE);
377 return 0;
378 }
379 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
380 if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
381 goto err;
382 EVP_CIPHER_CTX_set_padding(kekctx, 0);
383 if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
384 CMSerror(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
385 goto err;
386 }
387
388 algtmp = pwri->keyDerivationAlgorithm;
389
390 /* Finish password based key derivation to setup key in "ctx" */
391
392 if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,
393 pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) {
394 CMSerror(ERR_R_EVP_LIB);
395 goto err;
396 }
397
398 /* Finally wrap/unwrap the key */
399
400 if (en_de) {
401 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
402 goto err;
403
404 key = malloc(keylen);
405 if (key == NULL)
406 goto err;
407
408 if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
409 goto err;
410 pwri->encryptedKey->data = key;
411 pwri->encryptedKey->length = keylen;
412 } else {
413 key = malloc(pwri->encryptedKey->length);
414 if (key == NULL) {
415 CMSerror(ERR_R_MALLOC_FAILURE);
416 goto err;
417 }
418 if (!kek_unwrap_key(key, &keylen, pwri->encryptedKey->data,
419 pwri->encryptedKey->length, kekctx)) {
420 CMSerror(CMS_R_UNWRAP_FAILURE);
421 goto err;
422 }
423
424 freezero(ec->key, ec->keylen);
425 ec->key = key;
426 ec->keylen = keylen;
427 }
428
429 r = 1;
430
431 err:
432 EVP_CIPHER_CTX_free(kekctx);
433 if (!r)
434 free(key);
435 X509_ALGOR_free(kekalg);
436
437 return r;
438}
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
deleted file mode 100644
index 9cdd4ce143..0000000000
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ /dev/null
@@ -1,1088 +0,0 @@
1/* $OpenBSD: cms_sd.c,v 1.33 2024/04/20 10:11:55 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <stdlib.h>
56#include <string.h>
57
58#include <openssl/asn1.h>
59#include <openssl/bio.h>
60#include <openssl/err.h>
61#include <openssl/evp.h>
62#include <openssl/cms.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65#include <openssl/x509v3.h>
66
67#include "asn1_local.h"
68#include "cms_local.h"
69#include "evp_local.h"
70#include "x509_local.h"
71
72/* CMS SignedData Utilities */
73
74static CMS_SignedData *
75cms_get0_signed(CMS_ContentInfo *cms)
76{
77 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
78 CMSerror(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
79 return NULL;
80 }
81 return cms->d.signedData;
82}
83
84static CMS_SignedData *
85cms_signed_data_init(CMS_ContentInfo *cms)
86{
87 if (cms->d.other == NULL) {
88 cms->d.signedData = (CMS_SignedData *)ASN1_item_new(&CMS_SignedData_it);
89 if (!cms->d.signedData) {
90 CMSerror(ERR_R_MALLOC_FAILURE);
91 return NULL;
92 }
93 cms->d.signedData->version = 1;
94 cms->d.signedData->encapContentInfo->eContentType =
95 OBJ_nid2obj(NID_pkcs7_data);
96 cms->d.signedData->encapContentInfo->partial = 1;
97 ASN1_OBJECT_free(cms->contentType);
98 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
99 return cms->d.signedData;
100 }
101 return cms_get0_signed(cms);
102}
103
104/* Just initialise SignedData e.g. for certs only structure */
105
106int
107CMS_SignedData_init(CMS_ContentInfo *cms)
108{
109 if (cms_signed_data_init(cms))
110 return 1;
111 else
112 return 0;
113}
114LCRYPTO_ALIAS(CMS_SignedData_init);
115
116/* Check structures and fixup version numbers (if necessary) */
117
118static void
119cms_sd_set_version(CMS_SignedData *sd)
120{
121 int i;
122 CMS_CertificateChoices *cch;
123 CMS_RevocationInfoChoice *rch;
124 CMS_SignerInfo *si;
125
126 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
127 cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
128 if (cch->type == CMS_CERTCHOICE_OTHER) {
129 if (sd->version < 5)
130 sd->version = 5;
131 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
132 if (sd->version < 4)
133 sd->version = 4;
134 } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
135 if (sd->version < 3)
136 sd->version = 3;
137 }
138 }
139
140 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
141 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
142 if (rch->type == CMS_REVCHOICE_OTHER) {
143 if (sd->version < 5)
144 sd->version = 5;
145 }
146 }
147
148 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
149 && (sd->version < 3))
150 sd->version = 3;
151
152 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
153 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
154 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
155 if (si->version < 3)
156 si->version = 3;
157 if (sd->version < 3)
158 sd->version = 3;
159 } else if (si->version < 1)
160 si->version = 1;
161 }
162
163 if (sd->version < 1)
164 sd->version = 1;
165}
166
167/* Copy an existing messageDigest value */
168
169static int
170cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
171{
172 STACK_OF(CMS_SignerInfo) *sinfos;
173 CMS_SignerInfo *sitmp;
174 int i;
175
176 sinfos = CMS_get0_SignerInfos(cms);
177 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
178 ASN1_OCTET_STRING *messageDigest;
179 sitmp = sk_CMS_SignerInfo_value(sinfos, i);
180 if (sitmp == si)
181 continue;
182 if (CMS_signed_get_attr_count(sitmp) < 0)
183 continue;
184 if (OBJ_cmp(si->digestAlgorithm->algorithm,
185 sitmp->digestAlgorithm->algorithm))
186 continue;
187 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
188 OBJ_nid2obj(NID_pkcs9_messageDigest), -3, V_ASN1_OCTET_STRING);
189 if (!messageDigest) {
190 CMSerror(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
191 return 0;
192 }
193
194 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
195 V_ASN1_OCTET_STRING, messageDigest, -1))
196 return 1;
197 else
198 return 0;
199 }
200
201 CMSerror(CMS_R_NO_MATCHING_DIGEST);
202
203 return 0;
204}
205
206int
207cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
208{
209 switch (type) {
210 case CMS_SIGNERINFO_ISSUER_SERIAL:
211 if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
212 return 0;
213 break;
214
215 case CMS_SIGNERINFO_KEYIDENTIFIER:
216 if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
217 return 0;
218 break;
219
220 default:
221 CMSerror(CMS_R_UNKNOWN_ID);
222 return 0;
223 }
224
225 sid->type = type;
226
227 return 1;
228}
229
230int
231cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
232 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
233{
234 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
235 if (issuer)
236 *issuer = sid->d.issuerAndSerialNumber->issuer;
237 if (sno)
238 *sno = sid->d.issuerAndSerialNumber->serialNumber;
239 } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
240 if (keyid)
241 *keyid = sid->d.subjectKeyIdentifier;
242 } else
243 return 0;
244
245 return 1;
246}
247
248int
249cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
250{
251 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
252 return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
253 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
254 return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
255 else
256 return -1;
257}
258
259static int
260cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
261{
262 EVP_PKEY *pkey = si->pkey;
263 int ret;
264
265 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
266 return 1;
267 ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
268 if (ret == -2) {
269 CMSerror(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
270 return 0;
271 }
272 if (ret <= 0) {
273 CMSerror(CMS_R_CTRL_FAILURE);
274 return 0;
275 }
276
277 return 1;
278}
279
280static const EVP_MD *
281cms_SignerInfo_default_digest_md(const CMS_SignerInfo *si)
282{
283 int rv, nid;
284
285 if (si->pkey == NULL) {
286 CMSerror(CMS_R_NO_PUBLIC_KEY);
287 return NULL;
288 }
289
290 /* On failure or unsupported operation, give up. */
291 if ((rv = EVP_PKEY_get_default_digest_nid(si->pkey, &nid)) <= 0)
292 return NULL;
293 if (rv > 2)
294 return NULL;
295
296 /*
297 * XXX - we need to identify EdDSA in a better way. Figure out where
298 * and how. This mimics EdDSA checks in openssl/ca.c and openssl/req.c.
299 */
300
301 /* The digest md is required to be EVP_sha512() (EdDSA). */
302 if (rv == 2 && nid == NID_undef)
303 return EVP_sha512();
304
305 /* Use mandatory or default digest. */
306 return EVP_get_digestbynid(nid);
307}
308
309static const EVP_MD *
310cms_SignerInfo_signature_md(const CMS_SignerInfo *si)
311{
312 int rv, nid;
313
314 if (si->pkey == NULL) {
315 CMSerror(CMS_R_NO_PUBLIC_KEY);
316 return NULL;
317 }
318
319 /* Fall back to digestAlgorithm unless pkey has a mandatory digest. */
320 if ((rv = EVP_PKEY_get_default_digest_nid(si->pkey, &nid)) <= 1)
321 return EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
322 if (rv > 2)
323 return NULL;
324
325 /*
326 * XXX - we need to identify EdDSA in a better way. Figure out where
327 * and how. This mimics EdDSA checks in openssl/ca.c and openssl/req.c.
328 */
329
330 /* The signature md is required to be EVP_md_null() (EdDSA). */
331 if (nid == NID_undef)
332 return EVP_md_null();
333
334 /* Use mandatory digest. */
335 return EVP_get_digestbynid(nid);
336}
337
338CMS_SignerInfo *
339CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
340 const EVP_MD *md, unsigned int flags)
341{
342 CMS_SignedData *sd;
343 CMS_SignerInfo *si = NULL;
344 X509_ALGOR *alg = NULL;
345 int i, type;
346
347 if (!X509_check_private_key(signer, pk)) {
348 CMSerror(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
349 return NULL;
350 }
351 sd = cms_signed_data_init(cms);
352 if (!sd)
353 goto err;
354 si = (CMS_SignerInfo *)ASN1_item_new(&CMS_SignerInfo_it);
355 if (!si)
356 goto merr;
357 /* Call for side-effect of computing hash and caching extensions */
358 X509_check_purpose(signer, -1, -1);
359
360 X509_up_ref(signer);
361 EVP_PKEY_up_ref(pk);
362
363 si->pkey = pk;
364 si->signer = signer;
365 si->mctx = EVP_MD_CTX_new();
366 si->pctx = NULL;
367
368 if (si->mctx == NULL) {
369 CMSerror(ERR_R_MALLOC_FAILURE);
370 goto err;
371 }
372
373 if (flags & CMS_USE_KEYID) {
374 si->version = 3;
375 if (sd->version < 3)
376 sd->version = 3;
377 type = CMS_SIGNERINFO_KEYIDENTIFIER;
378 } else {
379 type = CMS_SIGNERINFO_ISSUER_SERIAL;
380 si->version = 1;
381 }
382
383 if (!cms_set1_SignerIdentifier(si->sid, signer, type))
384 goto err;
385
386 if (md == NULL)
387 md = cms_SignerInfo_default_digest_md(si);
388 if (md == NULL) {
389 CMSerror(CMS_R_NO_DEFAULT_DIGEST);
390 goto err;
391 }
392
393 if (!X509_ALGOR_set_evp_md(si->digestAlgorithm, md))
394 goto err;
395
396 /* See if digest is present in digestAlgorithms */
397 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
398 const X509_ALGOR *x509_alg;
399 const ASN1_OBJECT *aoid;
400
401 x509_alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
402 X509_ALGOR_get0(&aoid, NULL, NULL, x509_alg);
403 if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
404 break;
405 }
406
407 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
408 if ((alg = X509_ALGOR_new()) == NULL)
409 goto merr;
410 if (!X509_ALGOR_set_evp_md(alg, md))
411 goto merr;
412 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
413 goto merr;
414 }
415 alg = NULL;
416 }
417
418 if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
419 goto err;
420 if (!(flags & CMS_NOATTR)) {
421 /*
422 * Initialize signed attributes structure so other attributes
423 * such as signing time etc are added later even if we add none here.
424 */
425 if (!si->signedAttrs) {
426 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
427 if (!si->signedAttrs)
428 goto merr;
429 }
430
431 if (!(flags & CMS_NOSMIMECAP)) {
432 STACK_OF(X509_ALGOR) *smcap = NULL;
433
434 i = CMS_add_standard_smimecap(&smcap);
435 if (i)
436 i = CMS_add_smimecap(si, smcap);
437 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
438 if (!i)
439 goto merr;
440 }
441 if (flags & CMS_REUSE_DIGEST) {
442 if (!cms_copy_messageDigest(cms, si))
443 goto err;
444 if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
445 !CMS_SignerInfo_sign(si))
446 goto err;
447 }
448 }
449
450 if (!(flags & CMS_NOCERTS)) {
451 /* NB ignore -1 return for duplicate cert */
452 if (!CMS_add1_cert(cms, signer))
453 goto merr;
454 }
455
456 if (flags & CMS_KEY_PARAM) {
457 if (flags & CMS_NOATTR) {
458 si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
459 if (si->pctx == NULL)
460 goto err;
461 if (EVP_PKEY_sign_init(si->pctx) <= 0)
462 goto err;
463 if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
464 goto err;
465 } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md,
466 NULL, pk) <= 0)
467 goto err;
468 }
469
470 if (!sd->signerInfos)
471 sd->signerInfos = sk_CMS_SignerInfo_new_null();
472 if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
473 goto merr;
474
475 return si;
476
477 merr:
478 CMSerror(ERR_R_MALLOC_FAILURE);
479 err:
480 ASN1_item_free((ASN1_VALUE *)si, &CMS_SignerInfo_it);
481 X509_ALGOR_free(alg);
482
483 return NULL;
484}
485LCRYPTO_ALIAS(CMS_add1_signer);
486
487static int
488cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
489{
490 ASN1_TIME *tt;
491 int r = 0;
492
493 if (t)
494 tt = t;
495 else
496 tt = X509_gmtime_adj(NULL, 0);
497
498 if (!tt)
499 goto merr;
500
501 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
502 tt->type, tt, -1) <= 0)
503 goto merr;
504
505 r = 1;
506
507 merr:
508 if (!t)
509 ASN1_TIME_free(tt);
510 if (!r)
511 CMSerror(ERR_R_MALLOC_FAILURE);
512
513 return r;
514}
515
516EVP_PKEY_CTX *
517CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
518{
519 return si->pctx;
520}
521LCRYPTO_ALIAS(CMS_SignerInfo_get0_pkey_ctx);
522
523EVP_MD_CTX *
524CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
525{
526 return si->mctx;
527}
528LCRYPTO_ALIAS(CMS_SignerInfo_get0_md_ctx);
529
530STACK_OF(CMS_SignerInfo) *
531CMS_get0_SignerInfos(CMS_ContentInfo *cms)
532{
533 CMS_SignedData *sd;
534
535 sd = cms_get0_signed(cms);
536 if (!sd)
537 return NULL;
538
539 return sd->signerInfos;
540}
541LCRYPTO_ALIAS(CMS_get0_SignerInfos);
542
543STACK_OF(X509) *
544CMS_get0_signers(CMS_ContentInfo *cms)
545{
546 STACK_OF(X509) *signers = NULL;
547 STACK_OF(CMS_SignerInfo) *sinfos;
548 CMS_SignerInfo *si;
549 int i;
550
551 sinfos = CMS_get0_SignerInfos(cms);
552 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
553 si = sk_CMS_SignerInfo_value(sinfos, i);
554 if (si->signer) {
555 if (!signers) {
556 signers = sk_X509_new_null();
557 if (!signers)
558 return NULL;
559 }
560 if (!sk_X509_push(signers, si->signer)) {
561 sk_X509_free(signers);
562 return NULL;
563 }
564 }
565 }
566
567 return signers;
568}
569LCRYPTO_ALIAS(CMS_get0_signers);
570
571void
572CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
573{
574 if (signer) {
575 X509_up_ref(signer);
576 EVP_PKEY_free(si->pkey);
577 si->pkey = X509_get_pubkey(signer);
578 }
579 X509_free(si->signer);
580 si->signer = signer;
581}
582LCRYPTO_ALIAS(CMS_SignerInfo_set1_signer_cert);
583
584int
585CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
586 X509_NAME **issuer, ASN1_INTEGER **sno)
587{
588 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
589}
590LCRYPTO_ALIAS(CMS_SignerInfo_get0_signer_id);
591
592int
593CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
594{
595 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
596}
597LCRYPTO_ALIAS(CMS_SignerInfo_cert_cmp);
598
599int
600CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
601 unsigned int flags)
602{
603 CMS_SignedData *sd;
604 CMS_SignerInfo *si;
605 CMS_CertificateChoices *cch;
606 STACK_OF(CMS_CertificateChoices) *certs;
607 X509 *x;
608 int i, j;
609 int ret = 0;
610
611 sd = cms_get0_signed(cms);
612 if (!sd)
613 return -1;
614 certs = sd->certificates;
615 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
616 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
617 if (si->signer)
618 continue;
619
620 for (j = 0; j < sk_X509_num(scerts); j++) {
621 x = sk_X509_value(scerts, j);
622 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
623 CMS_SignerInfo_set1_signer_cert(si, x);
624 ret++;
625 break;
626 }
627 }
628
629 if (si->signer || (flags & CMS_NOINTERN))
630 continue;
631
632 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
633 cch = sk_CMS_CertificateChoices_value(certs, j);
634 if (cch->type != 0)
635 continue;
636 x = cch->d.certificate;
637 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
638 CMS_SignerInfo_set1_signer_cert(si, x);
639 ret++;
640 break;
641 }
642 }
643 }
644 return ret;
645}
646LCRYPTO_ALIAS(CMS_set1_signers_certs);
647
648void
649CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
650X509_ALGOR **pdig, X509_ALGOR **psig)
651{
652 if (pk)
653 *pk = si->pkey;
654 if (signer)
655 *signer = si->signer;
656 if (pdig)
657 *pdig = si->digestAlgorithm;
658 if (psig)
659 *psig = si->signatureAlgorithm;
660}
661LCRYPTO_ALIAS(CMS_SignerInfo_get0_algs);
662
663ASN1_OCTET_STRING *
664CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
665{
666 return si->signature;
667}
668LCRYPTO_ALIAS(CMS_SignerInfo_get0_signature);
669
670static int
671cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain)
672{
673 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
674 int r = 0;
675 EVP_PKEY_CTX *pctx = NULL;
676
677 if (mctx == NULL) {
678 CMSerror(ERR_R_MALLOC_FAILURE);
679 return 0;
680 }
681
682 if (!si->pkey) {
683 CMSerror(CMS_R_NO_PRIVATE_KEY);
684 goto err;
685 }
686
687 if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
688 goto err;
689 /* Set SignerInfo algorithm details if we used custom parameter */
690 if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
691 goto err;
692
693 /*
694 * If any signed attributes calculate and add messageDigest attribute
695 */
696
697 if (CMS_signed_get_attr_count(si) >= 0) {
698 ASN1_OBJECT *ctype =
699 cms->d.signedData->encapContentInfo->eContentType;
700 unsigned char md[EVP_MAX_MD_SIZE];
701 unsigned int mdlen;
702
703 if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
704 goto err;
705 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
706 V_ASN1_OCTET_STRING, md, mdlen))
707 goto err;
708 /* Copy content type across */
709 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
710 V_ASN1_OBJECT, ctype, -1) <= 0)
711 goto err;
712 if (!CMS_SignerInfo_sign(si))
713 goto err;
714 } else if (si->pctx) {
715 unsigned char *sig;
716 size_t siglen;
717 unsigned char md[EVP_MAX_MD_SIZE];
718 unsigned int mdlen;
719
720 pctx = si->pctx;
721 if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
722 goto err;
723 siglen = EVP_PKEY_size(si->pkey);
724 sig = malloc(siglen);
725 if (sig == NULL) {
726 CMSerror(ERR_R_MALLOC_FAILURE);
727 goto err;
728 }
729 if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
730 free(sig);
731 goto err;
732 }
733 ASN1_STRING_set0(si->signature, sig, siglen);
734 } else {
735 unsigned char *sig;
736 unsigned int siglen;
737
738 sig = malloc(EVP_PKEY_size(si->pkey));
739 if (sig == NULL) {
740 CMSerror(ERR_R_MALLOC_FAILURE);
741 goto err;
742 }
743 if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
744 CMSerror(CMS_R_SIGNFINAL_ERROR);
745 free(sig);
746 goto err;
747 }
748 ASN1_STRING_set0(si->signature, sig, siglen);
749 }
750
751 r = 1;
752
753 err:
754 EVP_MD_CTX_free(mctx);
755 EVP_PKEY_CTX_free(pctx);
756
757 return r;
758}
759
760int
761cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
762{
763 STACK_OF(CMS_SignerInfo) *sinfos;
764 CMS_SignerInfo *si;
765 int i;
766
767 sinfos = CMS_get0_SignerInfos(cms);
768 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
769 si = sk_CMS_SignerInfo_value(sinfos, i);
770 if (!cms_SignerInfo_content_sign(cms, si, chain))
771 return 0;
772 }
773 cms->d.signedData->encapContentInfo->partial = 0;
774
775 return 1;
776}
777
778int
779CMS_SignerInfo_sign(CMS_SignerInfo *si)
780{
781 const EVP_MD *md;
782 unsigned char *buf = NULL, *sig = NULL;
783 int buf_len = 0;
784 size_t sig_len = 0;
785 int ret = 0;
786
787 if ((md = cms_SignerInfo_signature_md(si)) == NULL)
788 goto err;
789
790 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
791 if (!cms_add1_signingTime(si, NULL))
792 goto err;
793 }
794
795 if (si->pctx == NULL) {
796 (void)EVP_MD_CTX_reset(si->mctx);
797 if (!EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, si->pkey))
798 goto err;
799 }
800
801 if (EVP_PKEY_CTX_ctrl(si->pctx, -1, EVP_PKEY_OP_SIGN,
802 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
803 CMSerror(CMS_R_CTRL_ERROR);
804 goto err;
805 }
806
807 if ((buf_len = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &buf,
808 &CMS_Attributes_Sign_it)) <= 0) {
809 buf_len = 0;
810 goto err;
811 }
812 if (!EVP_DigestSign(si->mctx, NULL, &sig_len, buf, buf_len))
813 goto err;
814 if ((sig = calloc(1, sig_len)) == NULL)
815 goto err;
816 if (!EVP_DigestSign(si->mctx, sig, &sig_len, buf, buf_len))
817 goto err;
818
819 if (EVP_PKEY_CTX_ctrl(si->pctx, -1, EVP_PKEY_OP_SIGN,
820 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
821 CMSerror(CMS_R_CTRL_ERROR);
822 goto err;
823 }
824
825 ASN1_STRING_set0(si->signature, sig, sig_len);
826 sig = NULL;
827
828 ret = 1;
829
830 err:
831 (void)EVP_MD_CTX_reset(si->mctx);
832 freezero(buf, buf_len);
833 freezero(sig, sig_len);
834
835 return ret;
836}
837LCRYPTO_ALIAS(CMS_SignerInfo_sign);
838
839int
840CMS_SignerInfo_verify(CMS_SignerInfo *si)
841{
842 const EVP_MD *md;
843 unsigned char *buf = NULL;
844 int buf_len = 0;
845 int ret = -1;
846
847 if ((md = cms_SignerInfo_signature_md(si)) == NULL)
848 goto err;
849
850 if (si->mctx == NULL)
851 si->mctx = EVP_MD_CTX_new();
852 if (si->mctx == NULL) {
853 CMSerror(ERR_R_MALLOC_FAILURE);
854 goto err;
855 }
856
857 if (EVP_DigestVerifyInit(si->mctx, &si->pctx, md, NULL, si->pkey) <= 0)
858 goto err;
859
860 if (!cms_sd_asn1_ctrl(si, 1))
861 goto err;
862
863 if ((buf_len = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &buf,
864 &CMS_Attributes_Verify_it)) <= 0) {
865 buf_len = 0;
866 goto err;
867 }
868
869 ret = EVP_DigestVerify(si->mctx, si->signature->data, si->signature->length,
870 buf, buf_len);
871 if (ret <= 0) {
872 CMSerror(CMS_R_VERIFICATION_FAILURE);
873 goto err;
874 }
875
876 err:
877 (void)EVP_MD_CTX_reset(si->mctx);
878 freezero(buf, buf_len);
879
880 return ret;
881}
882LCRYPTO_ALIAS(CMS_SignerInfo_verify);
883
884/* Create a chain of digest BIOs from a CMS ContentInfo */
885
886BIO *
887cms_SignedData_init_bio(CMS_ContentInfo *cms)
888{
889 int i;
890 CMS_SignedData *sd;
891 BIO *chain = NULL;
892
893 sd = cms_get0_signed(cms);
894 if (!sd)
895 return NULL;
896 if (cms->d.signedData->encapContentInfo->partial)
897 cms_sd_set_version(sd);
898 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
899 X509_ALGOR *digestAlgorithm;
900 BIO *mdbio;
901 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
902 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
903 if (!mdbio)
904 goto err;
905 if (chain)
906 BIO_push(chain, mdbio);
907 else
908 chain = mdbio;
909 }
910
911 return chain;
912
913 err:
914 BIO_free_all(chain);
915
916 return NULL;
917}
918
919int
920CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
921{
922 ASN1_OCTET_STRING *os = NULL;
923 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
924 EVP_PKEY_CTX *pkctx = NULL;
925 int r = -1;
926 unsigned char mval[EVP_MAX_MD_SIZE];
927 unsigned int mlen;
928
929 if (mctx == NULL) {
930 CMSerror(ERR_R_MALLOC_FAILURE);
931 goto err;
932 }
933 /* If we have any signed attributes look for messageDigest value */
934 if (CMS_signed_get_attr_count(si) >= 0) {
935 os = CMS_signed_get0_data_by_OBJ(si,
936 OBJ_nid2obj(NID_pkcs9_messageDigest), -3,
937 V_ASN1_OCTET_STRING);
938 if (!os) {
939 CMSerror(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
940 goto err;
941 }
942 }
943
944 if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
945 goto err;
946
947 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
948 CMSerror(CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
949 goto err;
950 }
951
952 /* If messageDigest found compare it */
953
954 if (os) {
955 if (mlen != (unsigned int)os->length) {
956 CMSerror(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
957 goto err;
958 }
959
960 if (memcmp(mval, os->data, mlen)) {
961 CMSerror(CMS_R_VERIFICATION_FAILURE);
962 r = 0;
963 } else
964 r = 1;
965 } else {
966 const EVP_MD *md = EVP_MD_CTX_md(mctx);
967
968 pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
969 if (pkctx == NULL)
970 goto err;
971 if (EVP_PKEY_verify_init(pkctx) <= 0)
972 goto err;
973 if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
974 goto err;
975 si->pctx = pkctx;
976 if (!cms_sd_asn1_ctrl(si, 1))
977 goto err;
978 r = EVP_PKEY_verify(pkctx, si->signature->data,
979 si->signature->length, mval, mlen);
980 if (r <= 0) {
981 CMSerror(CMS_R_VERIFICATION_FAILURE);
982 r = 0;
983 }
984 }
985
986 err:
987 EVP_PKEY_CTX_free(pkctx);
988 EVP_MD_CTX_free(mctx);
989
990 return r;
991}
992LCRYPTO_ALIAS(CMS_SignerInfo_verify_content);
993
994int
995CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
996{
997 unsigned char *smder = NULL;
998 int smderlen, r;
999
1000 smderlen = i2d_X509_ALGORS(algs, &smder);
1001 if (smderlen <= 0)
1002 return 0;
1003 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
1004 V_ASN1_SEQUENCE, smder, smderlen);
1005 free(smder);
1006
1007 return r;
1008}
1009LCRYPTO_ALIAS(CMS_add_smimecap);
1010
1011/*
1012 * Add AlgorithmIdentifier OID of type |nid| to the SMIMECapability attribute
1013 * set |*out_algs| (see RFC 3851, section 2.5.2). If keysize > 0, the OID has
1014 * an integer parameter of value |keysize|, otherwise parameters are omitted.
1015 */
1016int
1017CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **out_algs, int nid, int keysize)
1018{
1019 STACK_OF(X509_ALGOR) *algs;
1020 X509_ALGOR *alg = NULL;
1021 ASN1_INTEGER *parameter = NULL;
1022 int parameter_type = V_ASN1_UNDEF;
1023 int ret = 0;
1024
1025 if ((algs = *out_algs) == NULL)
1026 algs = sk_X509_ALGOR_new_null();
1027 if (algs == NULL)
1028 goto err;
1029
1030 if (keysize > 0) {
1031 if ((parameter = ASN1_INTEGER_new()) == NULL)
1032 goto err;
1033 if (!ASN1_INTEGER_set(parameter, keysize))
1034 goto err;
1035 parameter_type = V_ASN1_INTEGER;
1036 }
1037
1038 if ((alg = X509_ALGOR_new()) == NULL)
1039 goto err;
1040 if (!X509_ALGOR_set0_by_nid(alg, nid, parameter_type, parameter))
1041 goto err;
1042 parameter = NULL;
1043
1044 if (sk_X509_ALGOR_push(algs, alg) <= 0)
1045 goto err;
1046 alg = NULL;
1047
1048 *out_algs = algs;
1049 algs = NULL;
1050
1051 ret = 1;
1052
1053 err:
1054 if (algs != *out_algs)
1055 sk_X509_ALGOR_pop_free(algs, X509_ALGOR_free);
1056 X509_ALGOR_free(alg);
1057 ASN1_INTEGER_free(parameter);
1058
1059 return ret;
1060}
1061LCRYPTO_ALIAS(CMS_add_simple_smimecap);
1062
1063/* Check to see if a cipher exists and if so add S/MIME capabilities */
1064
1065static int
1066cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
1067{
1068 if (EVP_get_cipherbynid(nid))
1069 return CMS_add_simple_smimecap(sk, nid, arg);
1070 return 1;
1071}
1072
1073int
1074CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
1075{
1076 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
1077 !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
1078 !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
1079 !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
1080 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
1081 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
1082 !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) ||
1083 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
1084 return 0;
1085
1086 return 1;
1087}
1088LCRYPTO_ALIAS(CMS_add_standard_smimecap);
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
deleted file mode 100644
index 5a194748d9..0000000000
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ /dev/null
@@ -1,908 +0,0 @@
1/* $OpenBSD: cms_smime.c,v 1.28 2023/12/22 10:23:11 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#include <sys/types.h>
56
57#include <stddef.h>
58
59#include <openssl/asn1.h>
60#include <openssl/bio.h>
61#include <openssl/cms.h>
62#include <openssl/err.h>
63#include <openssl/evp.h>
64#include <openssl/objects.h>
65#include <openssl/pkcs7.h>
66#include <openssl/x509.h>
67#include <openssl/x509_vfy.h>
68
69#include "cms_local.h"
70
71static BIO *
72cms_get_text_bio(BIO *out, unsigned int flags)
73{
74 BIO *rbio;
75
76 if (out == NULL)
77 rbio = BIO_new(BIO_s_null());
78 else if (flags & CMS_TEXT) {
79 rbio = BIO_new(BIO_s_mem());
80 BIO_set_mem_eof_return(rbio, 0);
81 } else
82 rbio = out;
83
84 return rbio;
85}
86
87static int
88cms_copy_content(BIO *out, BIO *in, unsigned int flags)
89{
90 unsigned char buf[4096];
91 int r = 0, i;
92 BIO *tmpout;
93
94 tmpout = cms_get_text_bio(out, flags);
95
96 if (tmpout == NULL) {
97 CMSerror(ERR_R_MALLOC_FAILURE);
98 goto err;
99 }
100
101 /* Read all content through chain to process digest, decrypt etc */
102 for (;;) {
103 i = BIO_read(in, buf, sizeof(buf));
104 if (i <= 0) {
105 if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
106 if (!BIO_get_cipher_status(in))
107 goto err;
108 }
109 if (i < 0)
110 goto err;
111 break;
112 }
113
114 if (tmpout && (BIO_write(tmpout, buf, i) != i))
115 goto err;
116 }
117
118 if (flags & CMS_TEXT) {
119 if (!SMIME_text(tmpout, out)) {
120 CMSerror(CMS_R_SMIME_TEXT_ERROR);
121 goto err;
122 }
123 }
124
125 r = 1;
126
127 err:
128 if (tmpout != out)
129 BIO_free(tmpout);
130
131 return r;
132}
133
134static int
135check_content(CMS_ContentInfo *cms)
136{
137 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
138
139 if (!pos || !*pos) {
140 CMSerror(CMS_R_NO_CONTENT);
141 return 0;
142 }
143
144 return 1;
145}
146
147static void
148do_free_upto(BIO *f, BIO *upto)
149{
150 if (upto) {
151 BIO *tbio;
152 do {
153 tbio = BIO_pop(f);
154 BIO_free(f);
155 f = tbio;
156 }
157 while (f && f != upto);
158 } else
159 BIO_free_all(f);
160}
161
162int
163CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
164{
165 BIO *cont;
166 int r;
167
168 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
169 CMSerror(CMS_R_TYPE_NOT_DATA);
170 return 0;
171 }
172 cont = CMS_dataInit(cms, NULL);
173 if (!cont)
174 return 0;
175 r = cms_copy_content(out, cont, flags);
176 BIO_free_all(cont);
177
178 return r;
179}
180LCRYPTO_ALIAS(CMS_data);
181
182CMS_ContentInfo *
183CMS_data_create(BIO *in, unsigned int flags)
184{
185 CMS_ContentInfo *cms;
186
187 cms = cms_Data_create();
188 if (!cms)
189 return NULL;
190
191 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
192 return cms;
193
194 CMS_ContentInfo_free(cms);
195
196 return NULL;
197}
198LCRYPTO_ALIAS(CMS_data_create);
199
200int
201CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
202{
203 BIO *cont;
204 int r;
205
206 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
207 CMSerror(CMS_R_TYPE_NOT_DIGESTED_DATA);
208 return 0;
209 }
210
211 if (!dcont && !check_content(cms))
212 return 0;
213
214 cont = CMS_dataInit(cms, dcont);
215 if (!cont)
216 return 0;
217 r = cms_copy_content(out, cont, flags);
218 if (r)
219 r = cms_DigestedData_do_final(cms, cont, 1);
220 do_free_upto(cont, dcont);
221
222 return r;
223}
224LCRYPTO_ALIAS(CMS_digest_verify);
225
226CMS_ContentInfo *
227CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags)
228{
229 CMS_ContentInfo *cms;
230
231 if (!md)
232 md = EVP_sha1();
233 cms = cms_DigestedData_create(md);
234 if (!cms)
235 return NULL;
236
237 if (!(flags & CMS_DETACHED))
238 CMS_set_detached(cms, 0);
239
240 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
241 return cms;
242
243 CMS_ContentInfo_free(cms);
244
245 return NULL;
246}
247LCRYPTO_ALIAS(CMS_digest_create);
248
249int
250CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
251 size_t keylen, BIO *dcont, BIO *out, unsigned int flags)
252{
253 BIO *cont;
254 int r;
255
256 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
257 CMSerror(CMS_R_TYPE_NOT_ENCRYPTED_DATA);
258 return 0;
259 }
260
261 if (!dcont && !check_content(cms))
262 return 0;
263
264 if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
265 return 0;
266 cont = CMS_dataInit(cms, dcont);
267 if (!cont)
268 return 0;
269 r = cms_copy_content(out, cont, flags);
270 do_free_upto(cont, dcont);
271
272 return r;
273}
274LCRYPTO_ALIAS(CMS_EncryptedData_decrypt);
275
276CMS_ContentInfo *
277CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
278 const unsigned char *key, size_t keylen, unsigned int flags)
279{
280 CMS_ContentInfo *cms;
281
282 if (!cipher) {
283 CMSerror(CMS_R_NO_CIPHER);
284 return NULL;
285 }
286 cms = CMS_ContentInfo_new();
287 if (cms == NULL)
288 return NULL;
289 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
290 return NULL;
291
292 if (!(flags & CMS_DETACHED))
293 CMS_set_detached(cms, 0);
294
295 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
296 CMS_final(cms, in, NULL, flags))
297 return cms;
298
299 CMS_ContentInfo_free(cms);
300
301 return NULL;
302}
303LCRYPTO_ALIAS(CMS_EncryptedData_encrypt);
304
305static int
306cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store,
307 STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls)
308{
309 X509_STORE_CTX *ctx = X509_STORE_CTX_new();
310 X509 *signer;
311 int i, j, r = 0;
312
313 if (ctx == NULL) {
314 CMSerror(ERR_R_MALLOC_FAILURE);
315 goto err;
316 }
317 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
318 if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
319 CMSerror(CMS_R_STORE_INIT_ERROR);
320 goto err;
321 }
322 X509_STORE_CTX_set_default(ctx, "smime_sign");
323 if (crls)
324 X509_STORE_CTX_set0_crls(ctx, crls);
325
326 i = X509_verify_cert(ctx);
327 if (i <= 0) {
328 j = X509_STORE_CTX_get_error(ctx);
329 CMSerror(CMS_R_CERTIFICATE_VERIFY_ERROR);
330 ERR_asprintf_error_data("Verify error: %s",
331 X509_verify_cert_error_string(j));
332 goto err;
333 }
334 r = 1;
335
336 err:
337 X509_STORE_CTX_free(ctx);
338
339 return r;
340}
341
342int
343CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
344 BIO *dcont, BIO *out, unsigned int flags)
345{
346 CMS_SignerInfo *si;
347 STACK_OF(CMS_SignerInfo) *sinfos;
348 STACK_OF(X509) *cms_certs = NULL;
349 STACK_OF(X509_CRL) *crls = NULL;
350 X509 *signer;
351 int i, scount = 0, ret = 0;
352 BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
353
354 if (!dcont && !check_content(cms))
355 return 0;
356 if (dcont && !(flags & CMS_BINARY)) {
357 const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
358 if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
359 flags |= CMS_ASCIICRLF;
360 }
361
362 /* Attempt to find all signer certificates */
363
364 sinfos = CMS_get0_SignerInfos(cms);
365 if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
366 CMSerror(CMS_R_NO_SIGNERS);
367 goto err;
368 }
369
370 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
371 si = sk_CMS_SignerInfo_value(sinfos, i);
372 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
373 if (signer)
374 scount++;
375 }
376
377 if (scount != sk_CMS_SignerInfo_num(sinfos))
378 scount += CMS_set1_signers_certs(cms, certs, flags);
379
380 if (scount != sk_CMS_SignerInfo_num(sinfos)) {
381 CMSerror(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
382 goto err;
383 }
384
385 /* Attempt to verify all signers certs */
386
387 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
388 cms_certs = CMS_get1_certs(cms);
389 if (!(flags & CMS_NOCRL))
390 crls = CMS_get1_crls(cms);
391 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
392 si = sk_CMS_SignerInfo_value(sinfos, i);
393 if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
394 goto err;
395 }
396 }
397
398 /* Attempt to verify all SignerInfo signed attribute signatures */
399
400 if (!(flags & CMS_NO_ATTR_VERIFY)) {
401 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
402 si = sk_CMS_SignerInfo_value(sinfos, i);
403 if (CMS_signed_get_attr_count(si) < 0)
404 continue;
405 if (CMS_SignerInfo_verify(si) <= 0)
406 goto err;
407 }
408 }
409
410 /*
411 * Performance optimization: if the content is a memory BIO then store
412 * its contents in a temporary read only memory BIO. This avoids
413 * potentially large numbers of slow copies of data which will occur when
414 * reading from a read write memory BIO when signatures are calculated.
415 */
416
417 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
418 char *ptr;
419 long len;
420
421 len = BIO_get_mem_data(dcont, &ptr);
422 tmpin = BIO_new_mem_buf(ptr, len);
423 if (tmpin == NULL) {
424 CMSerror(ERR_R_MALLOC_FAILURE);
425 goto err2;
426 }
427 } else
428 tmpin = dcont;
429
430 /*
431 * If not binary mode and detached generate digests by *writing* through
432 * the BIO. That makes it possible to canonicalise the input.
433 */
434 if (!(flags & SMIME_BINARY) && dcont) {
435 /*
436 * Create output BIO so we can either handle text or to ensure
437 * included content doesn't override detached content.
438 */
439 tmpout = cms_get_text_bio(out, flags);
440 if (!tmpout) {
441 CMSerror(ERR_R_MALLOC_FAILURE);
442 goto err;
443 }
444 cmsbio = CMS_dataInit(cms, tmpout);
445 if (!cmsbio)
446 goto err;
447 /*
448 * Don't use SMIME_TEXT for verify: it adds headers and we want to
449 * remove them.
450 */
451 SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT);
452
453 if (flags & CMS_TEXT) {
454 if (!SMIME_text(tmpout, out)) {
455 CMSerror(CMS_R_SMIME_TEXT_ERROR);
456 goto err;
457 }
458 }
459 } else {
460 cmsbio = CMS_dataInit(cms, tmpin);
461 if (!cmsbio)
462 goto err;
463
464 if (!cms_copy_content(out, cmsbio, flags))
465 goto err;
466
467 }
468 if (!(flags & CMS_NO_CONTENT_VERIFY)) {
469 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
470 si = sk_CMS_SignerInfo_value(sinfos, i);
471 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
472 CMSerror(CMS_R_CONTENT_VERIFY_ERROR);
473 goto err;
474 }
475 }
476 }
477
478 ret = 1;
479
480 err:
481 if (!(flags & SMIME_BINARY) && dcont) {
482 do_free_upto(cmsbio, tmpout);
483 if (tmpin != dcont)
484 BIO_free(tmpin);
485 } else {
486 if (dcont && (tmpin == dcont))
487 do_free_upto(cmsbio, dcont);
488 else
489 BIO_free_all(cmsbio);
490 }
491
492 if (out != tmpout)
493 BIO_free_all(tmpout);
494
495 err2:
496 sk_X509_pop_free(cms_certs, X509_free);
497 sk_X509_CRL_pop_free(crls, X509_CRL_free);
498
499 return ret;
500}
501LCRYPTO_ALIAS(CMS_verify);
502
503int
504CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
505 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags)
506{
507 int r;
508
509 flags &= ~(CMS_DETACHED | CMS_TEXT);
510 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
511 if (r <= 0)
512 return r;
513
514 return cms_Receipt_verify(rcms, ocms);
515}
516LCRYPTO_ALIAS(CMS_verify_receipt);
517
518CMS_ContentInfo *
519CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
520 unsigned int flags)
521{
522 CMS_ContentInfo *cms;
523 int i;
524
525 cms = CMS_ContentInfo_new();
526 if (cms == NULL || !CMS_SignedData_init(cms))
527 goto merr;
528 if (flags & CMS_ASCIICRLF &&
529 !CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
530 goto err;
531
532 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
533 CMSerror(CMS_R_ADD_SIGNER_ERROR);
534 goto err;
535 }
536
537 for (i = 0; i < sk_X509_num(certs); i++) {
538 X509 *x = sk_X509_value(certs, i);
539 if (!CMS_add1_cert(cms, x))
540 goto merr;
541 }
542
543 if (!(flags & CMS_DETACHED))
544 CMS_set_detached(cms, 0);
545
546 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
547 CMS_final(cms, data, NULL, flags))
548 return cms;
549 else
550 goto err;
551
552 merr:
553 CMSerror(ERR_R_MALLOC_FAILURE);
554
555 err:
556 CMS_ContentInfo_free(cms);
557
558 return NULL;
559}
560LCRYPTO_ALIAS(CMS_sign);
561
562CMS_ContentInfo *
563CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey,
564 STACK_OF(X509) *certs, unsigned int flags)
565{
566 CMS_SignerInfo *rct_si;
567 CMS_ContentInfo *cms = NULL;
568 ASN1_OCTET_STRING **pos, *os;
569 BIO *rct_cont = NULL;
570 int r = 0;
571
572 flags &= ~(CMS_STREAM | CMS_TEXT);
573 /* Not really detached but avoids content being allocated */
574 flags |= CMS_PARTIAL | CMS_BINARY | CMS_DETACHED;
575 if (!pkey || !signcert) {
576 CMSerror(CMS_R_NO_KEY_OR_CERT);
577 return NULL;
578 }
579
580 /* Initialize signed data */
581
582 cms = CMS_sign(NULL, NULL, certs, NULL, flags);
583 if (!cms)
584 goto err;
585
586 /* Set inner content type to signed receipt */
587 if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
588 goto err;
589
590 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
591 if (!rct_si) {
592 CMSerror(CMS_R_ADD_SIGNER_ERROR);
593 goto err;
594 }
595
596 os = cms_encode_Receipt(si);
597 if (!os)
598 goto err;
599
600 /* Set content to digest */
601 rct_cont = BIO_new_mem_buf(os->data, os->length);
602 if (!rct_cont)
603 goto err;
604
605 /* Add msgSigDigest attribute */
606
607 if (!cms_msgSigDigest_add1(rct_si, si))
608 goto err;
609
610 /* Finalize structure */
611 if (!CMS_final(cms, rct_cont, NULL, flags))
612 goto err;
613
614 /* Set embedded content */
615 pos = CMS_get0_content(cms);
616 *pos = os;
617
618 r = 1;
619
620 err:
621 BIO_free(rct_cont);
622 if (r)
623 return cms;
624 CMS_ContentInfo_free(cms);
625
626 return NULL;
627}
628LCRYPTO_ALIAS(CMS_sign_receipt);
629
630CMS_ContentInfo *
631CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher,
632 unsigned int flags)
633{
634 CMS_ContentInfo *cms;
635 int i;
636 X509 *recip;
637
638 cms = CMS_EnvelopedData_create(cipher);
639 if (!cms)
640 goto merr;
641 for (i = 0; i < sk_X509_num(certs); i++) {
642 recip = sk_X509_value(certs, i);
643 if (!CMS_add1_recipient_cert(cms, recip, flags)) {
644 CMSerror(CMS_R_RECIPIENT_ERROR);
645 goto err;
646 }
647 }
648
649 if (!(flags & CMS_DETACHED))
650 CMS_set_detached(cms, 0);
651
652 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
653 CMS_final(cms, data, NULL, flags))
654 return cms;
655 else
656 goto err;
657
658 merr:
659 CMSerror(ERR_R_MALLOC_FAILURE);
660 err:
661 CMS_ContentInfo_free(cms);
662
663 return NULL;
664}
665LCRYPTO_ALIAS(CMS_encrypt);
666
667static int
668cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, EVP_PKEY *pk,
669 X509 *cert)
670{
671 int i;
672 STACK_OF(CMS_RecipientEncryptedKey) *reks;
673 CMS_RecipientEncryptedKey *rek;
674
675 reks = CMS_RecipientInfo_kari_get0_reks(ri);
676 for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
677 int rv;
678
679 rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
680 if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
681 continue;
682 CMS_RecipientInfo_kari_set0_pkey(ri, pk);
683 rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
684 CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
685 if (rv > 0)
686 return 1;
687 return cert == NULL ? 0 : -1;
688 }
689
690 return 0;
691}
692
693int
694CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
695{
696 STACK_OF(CMS_RecipientInfo) *ris;
697 CMS_RecipientInfo *ri;
698 int i, r, ri_type;
699 int debug = 0, match_ri = 0;
700
701 ris = CMS_get0_RecipientInfos(cms);
702 if (ris)
703 debug = cms->d.envelopedData->encryptedContentInfo->debug;
704 ri_type = cms_pkey_get_ri_type(pk);
705 if (ri_type == CMS_RECIPINFO_NONE) {
706 CMSerror(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
707 return 0;
708 }
709
710 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
711 ri = sk_CMS_RecipientInfo_value(ris, i);
712 if (CMS_RecipientInfo_type(ri) != ri_type)
713 continue;
714 match_ri = 1;
715 if (ri_type == CMS_RECIPINFO_AGREE) {
716 r = cms_kari_set1_pkey(cms, ri, pk, cert);
717 if (r > 0)
718 return 1;
719 if (r < 0)
720 return 0;
721 }
722 /*
723 * If we have a cert try matching RecipientInfo otherwise try them
724 * all.
725 */
726 else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
727 EVP_PKEY_up_ref(pk);
728 CMS_RecipientInfo_set0_pkey(ri, pk);
729 r = CMS_RecipientInfo_decrypt(cms, ri);
730 CMS_RecipientInfo_set0_pkey(ri, NULL);
731 if (cert) {
732 /*
733 * If not debugging clear any error and return success to
734 * avoid leaking of information useful to MMA
735 */
736 if (!debug) {
737 ERR_clear_error();
738 return 1;
739 }
740 if (r > 0)
741 return 1;
742 CMSerror(CMS_R_DECRYPT_ERROR);
743 return 0;
744 }
745 /*
746 * If no cert and not debugging don't leave loop after first
747 * successful decrypt. Always attempt to decrypt all recipients
748 * to avoid leaking timing of a successful decrypt.
749 */
750 else if (r > 0 && debug)
751 return 1;
752 }
753 }
754 /* If no cert, key transport and not debugging always return success */
755 if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
756 ERR_clear_error();
757 return 1;
758 }
759
760 CMSerror(CMS_R_NO_MATCHING_RECIPIENT);
761
762 return 0;
763}
764LCRYPTO_ALIAS(CMS_decrypt_set1_pkey);
765
766int
767CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen,
768 const unsigned char *id, size_t idlen)
769{
770 STACK_OF(CMS_RecipientInfo) *ris;
771 CMS_RecipientInfo *ri;
772 int i, r;
773
774 ris = CMS_get0_RecipientInfos(cms);
775 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
776 ri = sk_CMS_RecipientInfo_value(ris, i);
777 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
778 continue;
779
780 /*
781 * If we have an id try matching RecipientInfo otherwise try them
782 * all.
783 */
784 if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
785 CMS_RecipientInfo_set0_key(ri, key, keylen);
786 r = CMS_RecipientInfo_decrypt(cms, ri);
787 CMS_RecipientInfo_set0_key(ri, NULL, 0);
788 if (r > 0)
789 return 1;
790 if (id) {
791 CMSerror(CMS_R_DECRYPT_ERROR);
792 return 0;
793 }
794 ERR_clear_error();
795 }
796 }
797
798 CMSerror(CMS_R_NO_MATCHING_RECIPIENT);
799
800 return 0;
801}
802LCRYPTO_ALIAS(CMS_decrypt_set1_key);
803
804int
805CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
806 ssize_t passlen)
807{
808 STACK_OF(CMS_RecipientInfo) *ris;
809 CMS_RecipientInfo *ri;
810 int i, r;
811
812 ris = CMS_get0_RecipientInfos(cms);
813 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
814 ri = sk_CMS_RecipientInfo_value(ris, i);
815 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
816 continue;
817 CMS_RecipientInfo_set0_password(ri, pass, passlen);
818 r = CMS_RecipientInfo_decrypt(cms, ri);
819 CMS_RecipientInfo_set0_password(ri, NULL, 0);
820 if (r > 0)
821 return 1;
822 }
823
824 CMSerror(CMS_R_NO_MATCHING_RECIPIENT);
825
826 return 0;
827}
828LCRYPTO_ALIAS(CMS_decrypt_set1_password);
829
830int
831CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
832 BIO *out, unsigned int flags)
833{
834 int r;
835 BIO *cont;
836
837 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
838 CMSerror(CMS_R_TYPE_NOT_ENVELOPED_DATA);
839 return 0;
840 }
841 if (!dcont && !check_content(cms))
842 return 0;
843 if (flags & CMS_DEBUG_DECRYPT)
844 cms->d.envelopedData->encryptedContentInfo->debug = 1;
845 else
846 cms->d.envelopedData->encryptedContentInfo->debug = 0;
847 if (!cert)
848 cms->d.envelopedData->encryptedContentInfo->havenocert = 1;
849 else
850 cms->d.envelopedData->encryptedContentInfo->havenocert = 0;
851 if (!pk && !cert && !dcont && !out)
852 return 1;
853 if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
854 return 0;
855 cont = CMS_dataInit(cms, dcont);
856 if (!cont)
857 return 0;
858 r = cms_copy_content(out, cont, flags);
859 do_free_upto(cont, dcont);
860
861 return r;
862}
863LCRYPTO_ALIAS(CMS_decrypt);
864
865int
866CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
867{
868 BIO *cmsbio;
869 int ret = 0;
870
871 if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
872 CMSerror(CMS_R_CMS_LIB);
873 return 0;
874 }
875
876 SMIME_crlf_copy(data, cmsbio, flags);
877
878 (void)BIO_flush(cmsbio);
879
880 if (!CMS_dataFinal(cms, cmsbio)) {
881 CMSerror(CMS_R_CMS_DATAFINAL_ERROR);
882 goto err;
883 }
884
885 ret = 1;
886
887 err:
888 do_free_upto(cmsbio, dcont);
889
890 return ret;
891}
892LCRYPTO_ALIAS(CMS_final);
893
894int
895CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
896{
897 CMSerror(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
898 return 0;
899}
900LCRYPTO_ALIAS(CMS_uncompress);
901
902CMS_ContentInfo *
903CMS_compress(BIO *in, int comp_nid, unsigned int flags)
904{
905 CMSerror(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
906 return NULL;
907}
908LCRYPTO_ALIAS(CMS_compress);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-23 20:49:01 +0000