1 files changed, 262 insertions, 0 deletions
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
new file mode 100644
index 0000000000..bab26235bd
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -0,0 +1,262 @@
+/* crypto/cms/cms_enc.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_lcl.h"
+/* CMS EncryptedData Utilities */
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+/* Return BIO based on EncryptedContentInfo and key */
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+        {
+        BIO *b;
+        EVP_CIPHER_CTX *ctx;
+        const EVP_CIPHER *ciph;
+        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+        unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+        int ok = 0;
+        int enc, keep_key = 0;
+        enc = ec->cipher ? 1 : 0;
+        b = BIO_new(BIO_f_cipher());
+        if (!b)
+                {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        BIO_get_cipher_ctx(b, &ctx);
+        if (enc)
+                {
+                ciph = ec->cipher;
+                /* If not keeping key set cipher to NULL so subsequent calls
+                 * decrypt.
+                 */
+                if (ec->key)
+                        ec->cipher = NULL;
+                }
+        else
+                {
+                ciph = EVP_get_cipherbyobj(calg->algorithm);
+                if (!ciph)
+                        {
+                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                        CMS_R_UNKNOWN_CIPHER);
+                        goto err;
+                        }
+                }
+        if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
+                {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                CMS_R_CIPHER_INITIALISATION_ERROR);
+                goto err;
+                }
+        if (enc)
+                {
+                int ivlen;
+                calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+                /* Generate a random IV if we need one */
+                ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+                if (ivlen > 0)
+                        {
+                        if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+                                goto err;
+                        piv = iv;
+                        }
+                }
+        else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
+                {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+                goto err;
+                }
+        if (enc && !ec->key)
+                {
+                /* Generate random key */
+                if (!ec->keylen)
+                        ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
+                ec->key = OPENSSL_malloc(ec->keylen);
+                if (!ec->key)
+                        {
+                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
+                        goto err;
+                keep_key = 1;
+                }
+        else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
+                {
+                /* If necessary set key length */
+                if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
+                        {
+                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                CMS_R_INVALID_KEY_LENGTH);
+                        goto err;
+                        }
+                }
+        if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
+                {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                CMS_R_CIPHER_INITIALISATION_ERROR);
+                goto err;
+                }
+        if (piv)
+                {
+                calg->parameter = ASN1_TYPE_new();
+                if (!calg->parameter)
+                        {
+                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                                        ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
+                        {
+                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+                        goto err;
+                        }
+                }
+        ok = 1;
+        err:
+        if (ec->key && !keep_key)
+                {
+                OPENSSL_cleanse(ec->key, ec->keylen);
+                OPENSSL_free(ec->key);
+                ec->key = NULL;
+                }
+        if (ok)
+                return b;
+        BIO_free(b);
+        return NULL;
+        }
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
+                                const EVP_CIPHER *cipher,
+                                const unsigned char *key, size_t keylen)
+        {
+        ec->cipher = cipher;
+        if (key)
+                {
+                ec->key = OPENSSL_malloc(keylen);
+                if (!ec->key)
+                        return 0;
+                memcpy(ec->key, key, keylen);
+                }
+        ec->keylen = keylen;
+        if (cipher)
+                ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+        return 1;
+        }
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                                const unsigned char *key, size_t keylen)
+        {
+        CMS_EncryptedContentInfo *ec;
+        if (!key || !keylen)
+                {
+                CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+                return 0;
+                }
+        if (ciph)
+                {
+                cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+                if (!cms->d.encryptedData)
+                        {
+                        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
+                                ERR_R_MALLOC_FAILURE);
+                        return 0;
+                        }
+                cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+                cms->d.encryptedData->version = 0;
+                }
+        else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
+                {
+                CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
+                                                CMS_R_NOT_ENCRYPTED_DATA);
+                return 0;
+                }
+        ec = cms->d.encryptedData->encryptedContentInfo;
+        return cms_EncryptedContent_init(ec, ciph, key, keylen);
+        }
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+        {
+        CMS_EncryptedData *enc = cms->d.encryptedData;
+        if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+                enc->version = 2;
+        return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+        }

diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c new file mode 100644 index 0000000000..bab26235bd --- /dev/null +++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -0,0 +1,262 @@
	1	/* crypto/cms/cms_enc.c */
	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
	3	* project.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*/
	53
	54	#include "cryptlib.h"
	55	#include <openssl/asn1t.h>
	56	#include <openssl/pem.h>
	57	#include <openssl/x509v3.h>
	58	#include <openssl/err.h>
	59	#include <openssl/cms.h>
	60	#include <openssl/rand.h>
	61	#include "cms_lcl.h"
	62
	63	/* CMS EncryptedData Utilities */
	64
	65	DECLARE_ASN1_ITEM(CMS_EncryptedData)
	66
	67	/* Return BIO based on EncryptedContentInfo and key */
	68
	69	BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec)
	70	{
	71	BIO *b;
	72	EVP_CIPHER_CTX *ctx;
	73	const EVP_CIPHER *ciph;
	74	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
	75	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
	76
	77	int ok = 0;
	78
	79	int enc, keep_key = 0;
	80
	81	enc = ec->cipher ? 1 : 0;
	82
	83	b = BIO_new(BIO_f_cipher());
	84	if (!b)
	85	{
	86	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	87	ERR_R_MALLOC_FAILURE);
	88	return NULL;
	89	}
	90
	91	BIO_get_cipher_ctx(b, &ctx);
	92
	93	if (enc)
	94	{
	95	ciph = ec->cipher;
	96	/* If not keeping key set cipher to NULL so subsequent calls
	97	* decrypt.
	98	*/
	99	if (ec->key)
	100	ec->cipher = NULL;
	101	}
	102	else
	103	{
	104	ciph = EVP_get_cipherbyobj(calg->algorithm);
	105
	106	if (!ciph)
	107	{
	108	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	109	CMS_R_UNKNOWN_CIPHER);
	110	goto err;
	111	}
	112	}
	113
	114	if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
	115	{
	116	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	117	CMS_R_CIPHER_INITIALISATION_ERROR);
	118	goto err;
	119	}
	120
	121	if (enc)
	122	{
	123	int ivlen;
	124	calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
	125	/* Generate a random IV if we need one */
	126	ivlen = EVP_CIPHER_CTX_iv_length(ctx);
	127	if (ivlen > 0)
	128	{
	129	if (RAND_pseudo_bytes(iv, ivlen) <= 0)
	130	goto err;
	131	piv = iv;
	132	}
	133	}
	134	else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
	135	{
	136	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	137	CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
	138	goto err;
	139	}
	140
	141
	142	if (enc && !ec->key)
	143	{
	144	/* Generate random key */
	145	if (!ec->keylen)
	146	ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
	147	ec->key = OPENSSL_malloc(ec->keylen);
	148	if (!ec->key)
	149	{
	150	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	151	ERR_R_MALLOC_FAILURE);
	152	goto err;
	153	}
	154	if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
	155	goto err;
	156	keep_key = 1;
	157	}
	158	else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
	159	{
	160	/* If necessary set key length */
	161	if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
	162	{
	163	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	164	CMS_R_INVALID_KEY_LENGTH);
	165	goto err;
	166	}
	167	}
	168
	169	if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
	170	{
	171	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	172	CMS_R_CIPHER_INITIALISATION_ERROR);
	173	goto err;
	174	}
	175
	176	if (piv)
	177	{
	178	calg->parameter = ASN1_TYPE_new();
	179	if (!calg->parameter)
	180	{
	181	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	182	ERR_R_MALLOC_FAILURE);
	183	goto err;
	184	}
	185	if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
	186	{
	187	CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
	188	CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
	189	goto err;
	190	}
	191	}
	192	ok = 1;
	193
	194	err:
	195	if (ec->key && !keep_key)
	196	{
	197	OPENSSL_cleanse(ec->key, ec->keylen);
	198	OPENSSL_free(ec->key);
	199	ec->key = NULL;
	200	}
	201	if (ok)
	202	return b;
	203	BIO_free(b);
	204	return NULL;
	205	}
	206
	207	int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
	208	const EVP_CIPHER *cipher,
	209	const unsigned char *key, size_t keylen)
	210	{
	211	ec->cipher = cipher;
	212	if (key)
	213	{
	214	ec->key = OPENSSL_malloc(keylen);
	215	if (!ec->key)
	216	return 0;
	217	memcpy(ec->key, key, keylen);
	218	}
	219	ec->keylen = keylen;
	220	if (cipher)
	221	ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
	222	return 1;
	223	}
	224
	225	int CMS_EncryptedData_set1_key(CMS_ContentInfo cms, const EVP_CIPHER ciph,
	226	const unsigned char *key, size_t keylen)
	227	{
	228	CMS_EncryptedContentInfo *ec;
	229	if (!key \|\| !keylen)
	230	{
	231	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
	232	return 0;
	233	}
	234	if (ciph)
	235	{
	236	cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
	237	if (!cms->d.encryptedData)
	238	{
	239	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
	240	ERR_R_MALLOC_FAILURE);
	241	return 0;
	242	}
	243	cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
	244	cms->d.encryptedData->version = 0;
	245	}
	246	else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
	247	{
	248	CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
	249	CMS_R_NOT_ENCRYPTED_DATA);
	250	return 0;
	251	}
	252	ec = cms->d.encryptedData->encryptedContentInfo;
	253	return cms_EncryptedContent_init(ec, ciph, key, keylen);
	254	}
	255
	256	BIO cms_EncryptedData_init_bio(CMS_ContentInfo cms)
	257	{
	258	CMS_EncryptedData *enc = cms->d.encryptedData;
	259	if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
	260	enc->version = 2;
	261	return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
	262	}