1 files changed, 437 insertions, 0 deletions
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
new file mode 100644
index 0000000000..916fcbfbe1
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -0,0 +1,437 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef HEADER_CMS_LCL_H
+# define HEADER_CMS_LCL_H
+# include <openssl/x509.h>
+/*
+ * Cryptographic message syntax (CMS) structures: taken from RFC3852
+ */
+/* Forward references */
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st
+    CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
+struct CMS_ContentInfo_st {
+    ASN1_OBJECT *contentType;
+    union {
+        ASN1_OCTET_STRING *data;
+        CMS_SignedData *signedData;
+        CMS_EnvelopedData *envelopedData;
+        CMS_DigestedData *digestedData;
+        CMS_EncryptedData *encryptedData;
+        CMS_AuthenticatedData *authenticatedData;
+        CMS_CompressedData *compressedData;
+        ASN1_TYPE *other;
+        /* Other types ... */
+        void *otherData;
+    } d;
+};
+DEFINE_STACK_OF(CMS_CertificateChoices)
+struct CMS_SignedData_st {
+    int32_t version;
+    STACK_OF(X509_ALGOR) *digestAlgorithms;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+    STACK_OF(CMS_SignerInfo) *signerInfos;
+};
+struct CMS_EncapsulatedContentInfo_st {
+    ASN1_OBJECT *eContentType;
+    ASN1_OCTET_STRING *eContent;
+    /* Set to 1 if incomplete structure only part set up */
+    int partial;
+};
+struct CMS_SignerInfo_st {
+    int32_t version;
+    CMS_SignerIdentifier *sid;
+    X509_ALGOR *digestAlgorithm;
+    STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+    X509_ALGOR *signatureAlgorithm;
+    ASN1_OCTET_STRING *signature;
+    STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+    /* Signing certificate and key */
+    X509 *signer;
+    EVP_PKEY *pkey;
+    /* Digest and public key context for alternative parameters */
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx;
+};
+struct CMS_SignerIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+    } d;
+};
+struct CMS_EnvelopedData_st {
+    int32_t version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+struct CMS_OriginatorInfo_st {
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+};
+struct CMS_EncryptedContentInfo_st {
+    ASN1_OBJECT *contentType;
+    X509_ALGOR *contentEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedContent;
+    /* Content encryption algorithm and key */
+    const EVP_CIPHER *cipher;
+    unsigned char *key;
+    size_t keylen;
+    /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+    int debug;
+};
+struct CMS_RecipientInfo_st {
+    int type;
+    union {
+        CMS_KeyTransRecipientInfo *ktri;
+        CMS_KeyAgreeRecipientInfo *kari;
+        CMS_KEKRecipientInfo *kekri;
+        CMS_PasswordRecipientInfo *pwri;
+        CMS_OtherRecipientInfo *ori;
+    } d;
+};
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+struct CMS_KeyTransRecipientInfo_st {
+    int32_t version;
+    CMS_RecipientIdentifier *rid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Recipient Key and cert */
+    X509 *recip;
+    EVP_PKEY *pkey;
+    /* Public key context for this operation */
+    EVP_PKEY_CTX *pctx;
+};
+struct CMS_KeyAgreeRecipientInfo_st {
+    int32_t version;
+    CMS_OriginatorIdentifierOrKey *originator;
+    ASN1_OCTET_STRING *ukm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+    /* Public key context associated with current operation */
+    EVP_PKEY_CTX *pctx;
+    /* Cipher context for CEK wrapping */
+    EVP_CIPHER_CTX *ctx;
+};
+struct CMS_OriginatorIdentifierOrKey_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+        CMS_OriginatorPublicKey *originatorKey;
+    } d;
+};
+struct CMS_OriginatorPublicKey_st {
+    X509_ALGOR *algorithm;
+    ASN1_BIT_STRING *publicKey;
+};
+struct CMS_RecipientEncryptedKey_st {
+    CMS_KeyAgreeRecipientIdentifier *rid;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Public key associated with this recipient */
+    EVP_PKEY *pkey;
+};
+struct CMS_KeyAgreeRecipientIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        CMS_RecipientKeyIdentifier *rKeyId;
+    } d;
+};
+struct CMS_RecipientKeyIdentifier_st {
+    ASN1_OCTET_STRING *subjectKeyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+struct CMS_KEKRecipientInfo_st {
+    int32_t version;
+    CMS_KEKIdentifier *kekid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: symmetric key to use */
+    unsigned char *key;
+    size_t keylen;
+};
+struct CMS_KEKIdentifier_st {
+    ASN1_OCTET_STRING *keyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+struct CMS_PasswordRecipientInfo_st {
+    int32_t version;
+    X509_ALGOR *keyDerivationAlgorithm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: password to use */
+    unsigned char *pass;
+    size_t passlen;
+};
+struct CMS_OtherRecipientInfo_st {
+    ASN1_OBJECT *oriType;
+    ASN1_TYPE *oriValue;
+};
+struct CMS_DigestedData_st {
+    int32_t version;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    ASN1_OCTET_STRING *digest;
+};
+struct CMS_EncryptedData_st {
+    int32_t version;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+struct CMS_AuthenticatedData_st {
+    int32_t version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    X509_ALGOR *macAlgorithm;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *authAttrs;
+    ASN1_OCTET_STRING *mac;
+    STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+};
+struct CMS_CompressedData_st {
+    int32_t version;
+    X509_ALGOR *compressionAlgorithm;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+};
+struct CMS_RevocationInfoChoice_st {
+    int type;
+    union {
+        X509_CRL *crl;
+        CMS_OtherRevocationInfoFormat *other;
+    } d;
+};
+# define CMS_REVCHOICE_CRL               0
+# define CMS_REVCHOICE_OTHER             1
+struct CMS_OtherRevocationInfoFormat_st {
+    ASN1_OBJECT *otherRevInfoFormat;
+    ASN1_TYPE *otherRevInfo;
+};
+struct CMS_CertificateChoices {
+    int type;
+    union {
+        X509 *certificate;
+        ASN1_STRING *extendedCertificate; /* Obsolete */
+        ASN1_STRING *v1AttrCert; /* Left encoded for now */
+        ASN1_STRING *v2AttrCert; /* Left encoded for now */
+        CMS_OtherCertificateFormat *other;
+    } d;
+};
+# define CMS_CERTCHOICE_CERT             0
+# define CMS_CERTCHOICE_EXCERT           1
+# define CMS_CERTCHOICE_V1ACERT          2
+# define CMS_CERTCHOICE_V2ACERT          3
+# define CMS_CERTCHOICE_OTHER            4
+struct CMS_OtherCertificateFormat_st {
+    ASN1_OBJECT *otherCertFormat;
+    ASN1_TYPE *otherCert;
+};
+/*
+ * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
+ * to be independent of PKCS#7
+ */
+struct CMS_IssuerAndSerialNumber_st {
+    X509_NAME *issuer;
+    ASN1_INTEGER *serialNumber;
+};
+struct CMS_OtherKeyAttribute_st {
+    ASN1_OBJECT *keyAttrId;
+    ASN1_TYPE *keyAttr;
+};
+/* ESS structures */
+# ifdef HEADER_X509V3_H
+struct CMS_ReceiptRequest_st {
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    CMS_ReceiptsFrom *receiptsFrom;
+    STACK_OF(GENERAL_NAMES) *receiptsTo;
+};
+struct CMS_ReceiptsFrom_st {
+    int type;
+    union {
+        int32_t allOrFirstTier;
+        STACK_OF(GENERAL_NAMES) *receiptList;
+    } d;
+};
+# endif
+struct CMS_Receipt_st {
+    int32_t version;
+    ASN1_OBJECT *contentType;
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    ASN1_OCTET_STRING *originatorSignatureValue;
+};
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+# define CMS_SIGNERINFO_ISSUER_SERIAL    0
+# define CMS_SIGNERINFO_KEYIDENTIFIER    1
+# define CMS_RECIPINFO_ISSUER_SERIAL     0
+# define CMS_RECIPINFO_KEYIDENTIFIER     1
+# define CMS_REK_ISSUER_SERIAL           0
+# define CMS_REK_KEYIDENTIFIER           1
+# define CMS_OIK_ISSUER_SERIAL           0
+# define CMS_OIK_KEYIDENTIFIER           1
+# define CMS_OIK_PUBKEY                  2
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+CMS_ContentInfo *cms_Data_create(void);
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
+                              int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                 X509_ALGOR *mdalg);
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen);
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
+int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
+int cms_pkey_get_ri_type(EVP_PKEY *pk);
+/* KARI routines */
+int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
+                                EVP_PKEY *pk, unsigned int flags);
+int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri);
+/* PWRI routines */
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de);
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
+DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_ASN1_ITEM(CMS_SignedData)
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+#endif

diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h new file mode 100644 index 0000000000..916fcbfbe1 --- /dev/null +++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -0,0 +1,437 @@
	1	/*
	2	* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#ifndef HEADER_CMS_LCL_H
	11	# define HEADER_CMS_LCL_H
	12
	13	# include <openssl/x509.h>
	14
	15	/*
	16	* Cryptographic message syntax (CMS) structures: taken from RFC3852
	17	*/
	18
	19	/* Forward references */
	20
	21	typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
	22	typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
	23	typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
	24	typedef struct CMS_SignedData_st CMS_SignedData;
	25	typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
	26	typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
	27	typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
	28	typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
	29	typedef struct CMS_DigestedData_st CMS_DigestedData;
	30	typedef struct CMS_EncryptedData_st CMS_EncryptedData;
	31	typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
	32	typedef struct CMS_CompressedData_st CMS_CompressedData;
	33	typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
	34	typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
	35	typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
	36	typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
	37	typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
	38	typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
	39	typedef struct CMS_KeyAgreeRecipientIdentifier_st
	40	CMS_KeyAgreeRecipientIdentifier;
	41	typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
	42	typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
	43	typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
	44	typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
	45	typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
	46
	47	struct CMS_ContentInfo_st {
	48	ASN1_OBJECT *contentType;
	49	union {
	50	ASN1_OCTET_STRING *data;
	51	CMS_SignedData *signedData;
	52	CMS_EnvelopedData *envelopedData;
	53	CMS_DigestedData *digestedData;
	54	CMS_EncryptedData *encryptedData;
	55	CMS_AuthenticatedData *authenticatedData;
	56	CMS_CompressedData *compressedData;
	57	ASN1_TYPE *other;
	58	/* Other types ... */
	59	void *otherData;
	60	} d;
	61	};
	62
	63	DEFINE_STACK_OF(CMS_CertificateChoices)
	64
	65	struct CMS_SignedData_st {
	66	int32_t version;
	67	STACK_OF(X509_ALGOR) *digestAlgorithms;
	68	CMS_EncapsulatedContentInfo *encapContentInfo;
	69	STACK_OF(CMS_CertificateChoices) *certificates;
	70	STACK_OF(CMS_RevocationInfoChoice) *crls;
	71	STACK_OF(CMS_SignerInfo) *signerInfos;
	72	};
	73
	74	struct CMS_EncapsulatedContentInfo_st {
	75	ASN1_OBJECT *eContentType;
	76	ASN1_OCTET_STRING *eContent;
	77	/* Set to 1 if incomplete structure only part set up */
	78	int partial;
	79	};
	80
	81	struct CMS_SignerInfo_st {
	82	int32_t version;
	83	CMS_SignerIdentifier *sid;
	84	X509_ALGOR *digestAlgorithm;
	85	STACK_OF(X509_ATTRIBUTE) *signedAttrs;
	86	X509_ALGOR *signatureAlgorithm;
	87	ASN1_OCTET_STRING *signature;
	88	STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
	89	/* Signing certificate and key */
	90	X509 *signer;
	91	EVP_PKEY *pkey;
	92	/* Digest and public key context for alternative parameters */
	93	EVP_MD_CTX *mctx;
	94	EVP_PKEY_CTX *pctx;
	95	};
	96
	97	struct CMS_SignerIdentifier_st {
	98	int type;
	99	union {
	100	CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
	101	ASN1_OCTET_STRING *subjectKeyIdentifier;
	102	} d;
	103	};
	104
	105	struct CMS_EnvelopedData_st {
	106	int32_t version;
	107	CMS_OriginatorInfo *originatorInfo;
	108	STACK_OF(CMS_RecipientInfo) *recipientInfos;
	109	CMS_EncryptedContentInfo *encryptedContentInfo;
	110	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
	111	};
	112
	113	struct CMS_OriginatorInfo_st {
	114	STACK_OF(CMS_CertificateChoices) *certificates;
	115	STACK_OF(CMS_RevocationInfoChoice) *crls;
	116	};
	117
	118	struct CMS_EncryptedContentInfo_st {
	119	ASN1_OBJECT *contentType;
	120	X509_ALGOR *contentEncryptionAlgorithm;
	121	ASN1_OCTET_STRING *encryptedContent;
	122	/* Content encryption algorithm and key */
	123	const EVP_CIPHER *cipher;
	124	unsigned char *key;
	125	size_t keylen;
	126	/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
	127	int debug;
	128	};
	129
	130	struct CMS_RecipientInfo_st {
	131	int type;
	132	union {
	133	CMS_KeyTransRecipientInfo *ktri;
	134	CMS_KeyAgreeRecipientInfo *kari;
	135	CMS_KEKRecipientInfo *kekri;
	136	CMS_PasswordRecipientInfo *pwri;
	137	CMS_OtherRecipientInfo *ori;
	138	} d;
	139	};
	140
	141	typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
	142
	143	struct CMS_KeyTransRecipientInfo_st {
	144	int32_t version;
	145	CMS_RecipientIdentifier *rid;
	146	X509_ALGOR *keyEncryptionAlgorithm;
	147	ASN1_OCTET_STRING *encryptedKey;
	148	/* Recipient Key and cert */
	149	X509 *recip;
	150	EVP_PKEY *pkey;
	151	/* Public key context for this operation */
	152	EVP_PKEY_CTX *pctx;
	153	};
	154
	155	struct CMS_KeyAgreeRecipientInfo_st {
	156	int32_t version;
	157	CMS_OriginatorIdentifierOrKey *originator;
	158	ASN1_OCTET_STRING *ukm;
	159	X509_ALGOR *keyEncryptionAlgorithm;
	160	STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
	161	/* Public key context associated with current operation */
	162	EVP_PKEY_CTX *pctx;
	163	/* Cipher context for CEK wrapping */
	164	EVP_CIPHER_CTX *ctx;
	165	};
	166
	167	struct CMS_OriginatorIdentifierOrKey_st {
	168	int type;
	169	union {
	170	CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
	171	ASN1_OCTET_STRING *subjectKeyIdentifier;
	172	CMS_OriginatorPublicKey *originatorKey;
	173	} d;
	174	};
	175
	176	struct CMS_OriginatorPublicKey_st {
	177	X509_ALGOR *algorithm;
	178	ASN1_BIT_STRING *publicKey;
	179	};
	180
	181	struct CMS_RecipientEncryptedKey_st {
	182	CMS_KeyAgreeRecipientIdentifier *rid;
	183	ASN1_OCTET_STRING *encryptedKey;
	184	/* Public key associated with this recipient */
	185	EVP_PKEY *pkey;
	186	};
	187
	188	struct CMS_KeyAgreeRecipientIdentifier_st {
	189	int type;
	190	union {
	191	CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
	192	CMS_RecipientKeyIdentifier *rKeyId;
	193	} d;
	194	};
	195
	196	struct CMS_RecipientKeyIdentifier_st {
	197	ASN1_OCTET_STRING *subjectKeyIdentifier;
	198	ASN1_GENERALIZEDTIME *date;
	199	CMS_OtherKeyAttribute *other;
	200	};
	201
	202	struct CMS_KEKRecipientInfo_st {
	203	int32_t version;
	204	CMS_KEKIdentifier *kekid;
	205	X509_ALGOR *keyEncryptionAlgorithm;
	206	ASN1_OCTET_STRING *encryptedKey;
	207	/* Extra info: symmetric key to use */
	208	unsigned char *key;
	209	size_t keylen;
	210	};
	211
	212	struct CMS_KEKIdentifier_st {
	213	ASN1_OCTET_STRING *keyIdentifier;
	214	ASN1_GENERALIZEDTIME *date;
	215	CMS_OtherKeyAttribute *other;
	216	};
	217
	218	struct CMS_PasswordRecipientInfo_st {
	219	int32_t version;
	220	X509_ALGOR *keyDerivationAlgorithm;
	221	X509_ALGOR *keyEncryptionAlgorithm;
	222	ASN1_OCTET_STRING *encryptedKey;
	223	/* Extra info: password to use */
	224	unsigned char *pass;
	225	size_t passlen;
	226	};
	227
	228	struct CMS_OtherRecipientInfo_st {
	229	ASN1_OBJECT *oriType;
	230	ASN1_TYPE *oriValue;
	231	};
	232
	233	struct CMS_DigestedData_st {
	234	int32_t version;
	235	X509_ALGOR *digestAlgorithm;
	236	CMS_EncapsulatedContentInfo *encapContentInfo;
	237	ASN1_OCTET_STRING *digest;
	238	};
	239
	240	struct CMS_EncryptedData_st {
	241	int32_t version;
	242	CMS_EncryptedContentInfo *encryptedContentInfo;
	243	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
	244	};
	245
	246	struct CMS_AuthenticatedData_st {
	247	int32_t version;
	248	CMS_OriginatorInfo *originatorInfo;
	249	STACK_OF(CMS_RecipientInfo) *recipientInfos;
	250	X509_ALGOR *macAlgorithm;
	251	X509_ALGOR *digestAlgorithm;
	252	CMS_EncapsulatedContentInfo *encapContentInfo;
	253	STACK_OF(X509_ATTRIBUTE) *authAttrs;
	254	ASN1_OCTET_STRING *mac;
	255	STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
	256	};
	257
	258	struct CMS_CompressedData_st {
	259	int32_t version;
	260	X509_ALGOR *compressionAlgorithm;
	261	STACK_OF(CMS_RecipientInfo) *recipientInfos;
	262	CMS_EncapsulatedContentInfo *encapContentInfo;
	263	};
	264
	265	struct CMS_RevocationInfoChoice_st {
	266	int type;
	267	union {
	268	X509_CRL *crl;
	269	CMS_OtherRevocationInfoFormat *other;
	270	} d;
	271	};
	272
	273	# define CMS_REVCHOICE_CRL 0
	274	# define CMS_REVCHOICE_OTHER 1
	275
	276	struct CMS_OtherRevocationInfoFormat_st {
	277	ASN1_OBJECT *otherRevInfoFormat;
	278	ASN1_TYPE *otherRevInfo;
	279	};
	280
	281	struct CMS_CertificateChoices {
	282	int type;
	283	union {
	284	X509 *certificate;
	285	ASN1_STRING extendedCertificate; / Obsolete */
	286	ASN1_STRING v1AttrCert; / Left encoded for now */
	287	ASN1_STRING v2AttrCert; / Left encoded for now */
	288	CMS_OtherCertificateFormat *other;
	289	} d;
	290	};
	291
	292	# define CMS_CERTCHOICE_CERT 0
	293	# define CMS_CERTCHOICE_EXCERT 1
	294	# define CMS_CERTCHOICE_V1ACERT 2
	295	# define CMS_CERTCHOICE_V2ACERT 3
	296	# define CMS_CERTCHOICE_OTHER 4
	297
	298	struct CMS_OtherCertificateFormat_st {
	299	ASN1_OBJECT *otherCertFormat;
	300	ASN1_TYPE *otherCert;
	301	};
	302
	303	/*
	304	* This is also defined in pkcs7.h but we duplicate it to allow the CMS code
	305	* to be independent of PKCS#7
	306	*/
	307
	308	struct CMS_IssuerAndSerialNumber_st {
	309	X509_NAME *issuer;
	310	ASN1_INTEGER *serialNumber;
	311	};
	312
	313	struct CMS_OtherKeyAttribute_st {
	314	ASN1_OBJECT *keyAttrId;
	315	ASN1_TYPE *keyAttr;
	316	};
	317
	318	/* ESS structures */
	319
	320	# ifdef HEADER_X509V3_H
	321
	322	struct CMS_ReceiptRequest_st {
	323	ASN1_OCTET_STRING *signedContentIdentifier;
	324	CMS_ReceiptsFrom *receiptsFrom;
	325	STACK_OF(GENERAL_NAMES) *receiptsTo;
	326	};
	327
	328	struct CMS_ReceiptsFrom_st {
	329	int type;
	330	union {
	331	int32_t allOrFirstTier;
	332	STACK_OF(GENERAL_NAMES) *receiptList;
	333	} d;
	334	};
	335	# endif
	336
	337	struct CMS_Receipt_st {
	338	int32_t version;
	339	ASN1_OBJECT *contentType;
	340	ASN1_OCTET_STRING *signedContentIdentifier;
	341	ASN1_OCTET_STRING *originatorSignatureValue;
	342	};
	343
	344	DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
	345	DECLARE_ASN1_ITEM(CMS_SignerInfo)
	346	DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
	347	DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
	348	DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
	349	DECLARE_ASN1_ITEM(CMS_RecipientInfo)
	350	DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
	351	DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
	352
	353	# define CMS_SIGNERINFO_ISSUER_SERIAL 0
	354	# define CMS_SIGNERINFO_KEYIDENTIFIER 1
	355
	356	# define CMS_RECIPINFO_ISSUER_SERIAL 0
	357	# define CMS_RECIPINFO_KEYIDENTIFIER 1
	358
	359	# define CMS_REK_ISSUER_SERIAL 0
	360	# define CMS_REK_KEYIDENTIFIER 1
	361
	362	# define CMS_OIK_ISSUER_SERIAL 0
	363	# define CMS_OIK_KEYIDENTIFIER 1
	364	# define CMS_OIK_PUBKEY 2
	365
	366	BIO cms_content_bio(CMS_ContentInfo cms);
	367
	368	CMS_ContentInfo *cms_Data_create(void);
	369
	370	CMS_ContentInfo cms_DigestedData_create(const EVP_MD md);
	371	BIO cms_DigestedData_init_bio(CMS_ContentInfo cms);
	372	int cms_DigestedData_do_final(CMS_ContentInfo cms, BIO chain, int verify);
	373
	374	BIO cms_SignedData_init_bio(CMS_ContentInfo cms);
	375	int cms_SignedData_final(CMS_ContentInfo cms, BIO chain);
	376	int cms_set1_SignerIdentifier(CMS_SignerIdentifier sid, X509 cert,
	377	int type);
	378	int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
	379	ASN1_OCTET_STRING **keyid,
	380	X509_NAME **issuer,
	381	ASN1_INTEGER **sno);
	382	int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier sid, X509 cert);
	383
	384	CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
	385	BIO cms_CompressedData_init_bio(CMS_ContentInfo cms);
	386
	387	BIO cms_DigestAlgorithm_init_bio(X509_ALGOR digestAlgorithm);
	388	int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX mctx, BIO chain,
	389	X509_ALGOR *mdalg);
	390
	391	int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber ias, X509 cert);
	392	int cms_keyid_cert_cmp(ASN1_OCTET_STRING keyid, X509 cert);
	393	int cms_set1_ias(CMS_IssuerAndSerialNumber *pias, X509 cert);
	394	int cms_set1_keyid(ASN1_OCTET_STRING *pkeyid, X509 cert);
	395
	396	BIO cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo ec);
	397	BIO cms_EncryptedData_init_bio(CMS_ContentInfo cms);
	398	int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
	399	const EVP_CIPHER *cipher,
	400	const unsigned char *key, size_t keylen);
	401
	402	int cms_Receipt_verify(CMS_ContentInfo cms, CMS_ContentInfo req_cms);
	403	int cms_msgSigDigest_add1(CMS_SignerInfo dest, CMS_SignerInfo src);
	404	ASN1_OCTET_STRING cms_encode_Receipt(CMS_SignerInfo si);
	405
	406	BIO cms_EnvelopedData_init_bio(CMS_ContentInfo cms);
	407	CMS_EnvelopedData cms_get0_enveloped(CMS_ContentInfo cms);
	408	int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
	409	int cms_pkey_get_ri_type(EVP_PKEY *pk);
	410	/* KARI routines */
	411	int cms_RecipientInfo_kari_init(CMS_RecipientInfo ri, X509 recip,
	412	EVP_PKEY *pk, unsigned int flags);
	413	int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
	414	CMS_RecipientInfo *ri);
	415
	416	/* PWRI routines */
	417	int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo cms, CMS_RecipientInfo ri,
	418	int en_de);
	419
	420	DECLARE_ASN1_ITEM(CMS_CertificateChoices)
	421	DECLARE_ASN1_ITEM(CMS_DigestedData)
	422	DECLARE_ASN1_ITEM(CMS_EncryptedData)
	423	DECLARE_ASN1_ITEM(CMS_EnvelopedData)
	424	DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
	425	DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
	426	DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
	427	DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
	428	DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
	429	DECLARE_ASN1_ITEM(CMS_Receipt)
	430	DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
	431	DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
	432	DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
	433	DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
	434	DECLARE_ASN1_ITEM(CMS_SignedData)
	435	DECLARE_ASN1_ITEM(CMS_CompressedData)
	436
	437	#endif