diff options
Diffstat (limited to 'src/lib/libcrypto/cms/cms_env.c')
| -rw-r--r-- | src/lib/libcrypto/cms/cms_env.c | 85 |
1 files changed, 61 insertions, 24 deletions
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c index d499ae85b4..b3237d4b94 100644 --- a/src/lib/libcrypto/cms/cms_env.c +++ b/src/lib/libcrypto/cms/cms_env.c | |||
| @@ -60,6 +60,7 @@ | |||
| 60 | #include <openssl/rand.h> | 60 | #include <openssl/rand.h> |
| 61 | #include <openssl/aes.h> | 61 | #include <openssl/aes.h> |
| 62 | #include "cms_lcl.h" | 62 | #include "cms_lcl.h" |
| 63 | #include "asn1_locl.h" | ||
| 63 | 64 | ||
| 64 | /* CMS EnvelopedData Utilities */ | 65 | /* CMS EnvelopedData Utilities */ |
| 65 | 66 | ||
| @@ -151,7 +152,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, | |||
| 151 | CMS_KeyTransRecipientInfo *ktri; | 152 | CMS_KeyTransRecipientInfo *ktri; |
| 152 | CMS_EnvelopedData *env; | 153 | CMS_EnvelopedData *env; |
| 153 | EVP_PKEY *pk = NULL; | 154 | EVP_PKEY *pk = NULL; |
| 154 | int type; | 155 | int i, type; |
| 155 | env = cms_get0_enveloped(cms); | 156 | env = cms_get0_enveloped(cms); |
| 156 | if (!env) | 157 | if (!env) |
| 157 | goto err; | 158 | goto err; |
| @@ -200,21 +201,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, | |||
| 200 | if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) | 201 | if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) |
| 201 | goto err; | 202 | goto err; |
| 202 | 203 | ||
| 203 | /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, | 204 | if (pk->ameth && pk->ameth->pkey_ctrl) |
| 204 | * hard code algorithm parameters. | ||
| 205 | */ | ||
| 206 | |||
| 207 | if (pk->type == EVP_PKEY_RSA) | ||
| 208 | { | ||
| 209 | X509_ALGOR_set0(ktri->keyEncryptionAlgorithm, | ||
| 210 | OBJ_nid2obj(NID_rsaEncryption), | ||
| 211 | V_ASN1_NULL, 0); | ||
| 212 | } | ||
| 213 | else | ||
| 214 | { | 205 | { |
| 215 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | 206 | i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, |
| 207 | 0, ri); | ||
| 208 | if (i == -2) | ||
| 209 | { | ||
| 210 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | ||
| 216 | CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | 211 | CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); |
| 217 | goto err; | 212 | goto err; |
| 213 | } | ||
| 214 | if (i <= 0) | ||
| 215 | { | ||
| 216 | CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, | ||
| 217 | CMS_R_CTRL_FAILURE); | ||
| 218 | goto err; | ||
| 219 | } | ||
| 218 | } | 220 | } |
| 219 | 221 | ||
| 220 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) | 222 | if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) |
| @@ -301,8 +303,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, | |||
| 301 | { | 303 | { |
| 302 | CMS_KeyTransRecipientInfo *ktri; | 304 | CMS_KeyTransRecipientInfo *ktri; |
| 303 | CMS_EncryptedContentInfo *ec; | 305 | CMS_EncryptedContentInfo *ec; |
| 306 | EVP_PKEY_CTX *pctx = NULL; | ||
| 304 | unsigned char *ek = NULL; | 307 | unsigned char *ek = NULL; |
| 305 | int eklen; | 308 | size_t eklen; |
| 306 | 309 | ||
| 307 | int ret = 0; | 310 | int ret = 0; |
| 308 | 311 | ||
| @@ -315,7 +318,22 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, | |||
| 315 | ktri = ri->d.ktri; | 318 | ktri = ri->d.ktri; |
| 316 | ec = cms->d.envelopedData->encryptedContentInfo; | 319 | ec = cms->d.envelopedData->encryptedContentInfo; |
| 317 | 320 | ||
| 318 | eklen = EVP_PKEY_size(ktri->pkey); | 321 | pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); |
| 322 | if (!pctx) | ||
| 323 | return 0; | ||
| 324 | |||
| 325 | if (EVP_PKEY_encrypt_init(pctx) <= 0) | ||
| 326 | goto err; | ||
| 327 | |||
| 328 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, | ||
| 329 | EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) | ||
| 330 | { | ||
| 331 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); | ||
| 332 | goto err; | ||
| 333 | } | ||
| 334 | |||
| 335 | if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) | ||
| 336 | goto err; | ||
| 319 | 337 | ||
| 320 | ek = OPENSSL_malloc(eklen); | 338 | ek = OPENSSL_malloc(eklen); |
| 321 | 339 | ||
| @@ -326,9 +344,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, | |||
| 326 | goto err; | 344 | goto err; |
| 327 | } | 345 | } |
| 328 | 346 | ||
| 329 | eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey); | 347 | if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) |
| 330 | |||
| 331 | if (eklen <= 0) | ||
| 332 | goto err; | 348 | goto err; |
| 333 | 349 | ||
| 334 | ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); | 350 | ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); |
| @@ -337,6 +353,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, | |||
| 337 | ret = 1; | 353 | ret = 1; |
| 338 | 354 | ||
| 339 | err: | 355 | err: |
| 356 | if (pctx) | ||
| 357 | EVP_PKEY_CTX_free(pctx); | ||
| 340 | if (ek) | 358 | if (ek) |
| 341 | OPENSSL_free(ek); | 359 | OPENSSL_free(ek); |
| 342 | return ret; | 360 | return ret; |
| @@ -349,8 +367,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, | |||
| 349 | CMS_RecipientInfo *ri) | 367 | CMS_RecipientInfo *ri) |
| 350 | { | 368 | { |
| 351 | CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; | 369 | CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; |
| 370 | EVP_PKEY_CTX *pctx = NULL; | ||
| 352 | unsigned char *ek = NULL; | 371 | unsigned char *ek = NULL; |
| 353 | int eklen; | 372 | size_t eklen; |
| 354 | int ret = 0; | 373 | int ret = 0; |
| 355 | 374 | ||
| 356 | if (ktri->pkey == NULL) | 375 | if (ktri->pkey == NULL) |
| @@ -360,7 +379,24 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, | |||
| 360 | return 0; | 379 | return 0; |
| 361 | } | 380 | } |
| 362 | 381 | ||
| 363 | eklen = EVP_PKEY_size(ktri->pkey); | 382 | pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); |
| 383 | if (!pctx) | ||
| 384 | return 0; | ||
| 385 | |||
| 386 | if (EVP_PKEY_decrypt_init(pctx) <= 0) | ||
| 387 | goto err; | ||
| 388 | |||
| 389 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, | ||
| 390 | EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) | ||
| 391 | { | ||
| 392 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); | ||
| 393 | goto err; | ||
| 394 | } | ||
| 395 | |||
| 396 | if (EVP_PKEY_decrypt(pctx, NULL, &eklen, | ||
| 397 | ktri->encryptedKey->data, | ||
| 398 | ktri->encryptedKey->length) <= 0) | ||
| 399 | goto err; | ||
| 364 | 400 | ||
| 365 | ek = OPENSSL_malloc(eklen); | 401 | ek = OPENSSL_malloc(eklen); |
| 366 | 402 | ||
| @@ -371,10 +407,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, | |||
| 371 | goto err; | 407 | goto err; |
| 372 | } | 408 | } |
| 373 | 409 | ||
| 374 | eklen = EVP_PKEY_decrypt(ek, | 410 | if (EVP_PKEY_decrypt(pctx, ek, &eklen, |
| 375 | ktri->encryptedKey->data, | 411 | ktri->encryptedKey->data, |
| 376 | ktri->encryptedKey->length, ktri->pkey); | 412 | ktri->encryptedKey->length) <= 0) |
| 377 | if (eklen <= 0) | ||
| 378 | { | 413 | { |
| 379 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); | 414 | CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); |
| 380 | goto err; | 415 | goto err; |
| @@ -386,6 +421,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, | |||
| 386 | cms->d.envelopedData->encryptedContentInfo->keylen = eklen; | 421 | cms->d.envelopedData->encryptedContentInfo->keylen = eklen; |
| 387 | 422 | ||
| 388 | err: | 423 | err: |
| 424 | if (pctx) | ||
| 425 | EVP_PKEY_CTX_free(pctx); | ||
| 389 | if (!ret && ek) | 426 | if (!ret && ek) |
| 390 | OPENSSL_free(ek); | 427 | OPENSSL_free(ek); |
| 391 | 428 | ||