summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms/cms_lib.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c814
1 files changed, 407 insertions, 407 deletions
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index dd192f9775..baee32c398 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_lib.c,v 1.8 2019/08/10 16:03:54 jsing Exp $ */ 1/* $OpenBSD: cms_lib.c,v 1.9 2019/08/10 16:42:20 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -66,131 +66,131 @@ IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
66 66
67const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms) 67const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
68{ 68{
69 return cms->contentType; 69 return cms->contentType;
70} 70}
71 71
72CMS_ContentInfo *cms_Data_create(void) 72CMS_ContentInfo *cms_Data_create(void)
73{ 73{
74 CMS_ContentInfo *cms; 74 CMS_ContentInfo *cms;
75 cms = CMS_ContentInfo_new(); 75 cms = CMS_ContentInfo_new();
76 if (cms != NULL) { 76 if (cms != NULL) {
77 cms->contentType = OBJ_nid2obj(NID_pkcs7_data); 77 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
78 /* Never detached */ 78 /* Never detached */
79 CMS_set_detached(cms, 0); 79 CMS_set_detached(cms, 0);
80 } 80 }
81 return cms; 81 return cms;
82} 82}
83 83
84BIO *cms_content_bio(CMS_ContentInfo *cms) 84BIO *cms_content_bio(CMS_ContentInfo *cms)
85{ 85{
86 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 86 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
87 if (!pos) 87 if (!pos)
88 return NULL; 88 return NULL;
89 /* If content detached data goes nowhere: create NULL BIO */ 89 /* If content detached data goes nowhere: create NULL BIO */
90 if (!*pos) 90 if (!*pos)
91 return BIO_new(BIO_s_null()); 91 return BIO_new(BIO_s_null());
92 /* 92 /*
93 * If content not detached and created return memory BIO 93 * If content not detached and created return memory BIO
94 */ 94 */
95 if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT)) 95 if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
96 return BIO_new(BIO_s_mem()); 96 return BIO_new(BIO_s_mem());
97 /* Else content was read in: return read only BIO for it */ 97 /* Else content was read in: return read only BIO for it */
98 return BIO_new_mem_buf((*pos)->data, (*pos)->length); 98 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
99} 99}
100 100
101BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) 101BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
102{ 102{
103 BIO *cmsbio, *cont; 103 BIO *cmsbio, *cont;
104 if (icont) 104 if (icont)
105 cont = icont; 105 cont = icont;
106 else 106 else
107 cont = cms_content_bio(cms); 107 cont = cms_content_bio(cms);
108 if (!cont) { 108 if (!cont) {
109 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT); 109 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
110 return NULL; 110 return NULL;
111 } 111 }
112 switch (OBJ_obj2nid(cms->contentType)) { 112 switch (OBJ_obj2nid(cms->contentType)) {
113 113
114 case NID_pkcs7_data: 114 case NID_pkcs7_data:
115 return cont; 115 return cont;
116 116
117 case NID_pkcs7_signed: 117 case NID_pkcs7_signed:
118 cmsbio = cms_SignedData_init_bio(cms); 118 cmsbio = cms_SignedData_init_bio(cms);
119 break; 119 break;
120 120
121 case NID_pkcs7_digest: 121 case NID_pkcs7_digest:
122 cmsbio = cms_DigestedData_init_bio(cms); 122 cmsbio = cms_DigestedData_init_bio(cms);
123 break; 123 break;
124#ifdef ZLIB 124#ifdef ZLIB
125 case NID_id_smime_ct_compressedData: 125 case NID_id_smime_ct_compressedData:
126 cmsbio = cms_CompressedData_init_bio(cms); 126 cmsbio = cms_CompressedData_init_bio(cms);
127 break; 127 break;
128#endif 128#endif
129 129
130 case NID_pkcs7_encrypted: 130 case NID_pkcs7_encrypted:
131 cmsbio = cms_EncryptedData_init_bio(cms); 131 cmsbio = cms_EncryptedData_init_bio(cms);
132 break; 132 break;
133 133
134 case NID_pkcs7_enveloped: 134 case NID_pkcs7_enveloped:
135 cmsbio = cms_EnvelopedData_init_bio(cms); 135 cmsbio = cms_EnvelopedData_init_bio(cms);
136 break; 136 break;
137 137
138 default: 138 default:
139 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); 139 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
140 return NULL; 140 return NULL;
141 } 141 }
142 142
143 if (cmsbio) 143 if (cmsbio)
144 return BIO_push(cmsbio, cont); 144 return BIO_push(cmsbio, cont);
145 145
146 if (!icont) 146 if (!icont)
147 BIO_free(cont); 147 BIO_free(cont);
148 return NULL; 148 return NULL;
149 149
150} 150}
151 151
152int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) 152int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
153{ 153{
154 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 154 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
155 if (!pos) 155 if (!pos)
156 return 0; 156 return 0;
157 /* If embedded content find memory BIO and set content */ 157 /* If embedded content find memory BIO and set content */
158 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) { 158 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
159 BIO *mbio; 159 BIO *mbio;
160 unsigned char *cont; 160 unsigned char *cont;
161 long contlen; 161 long contlen;
162 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); 162 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
163 if (!mbio) { 163 if (!mbio) {
164 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND); 164 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
165 return 0; 165 return 0;
166 } 166 }
167 contlen = BIO_get_mem_data(mbio, &cont); 167 contlen = BIO_get_mem_data(mbio, &cont);
168 /* Set bio as read only so its content can't be clobbered */ 168 /* Set bio as read only so its content can't be clobbered */
169 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); 169 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
170 BIO_set_mem_eof_return(mbio, 0); 170 BIO_set_mem_eof_return(mbio, 0);
171 ASN1_STRING_set0(*pos, cont, contlen); 171 ASN1_STRING_set0(*pos, cont, contlen);
172 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; 172 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
173 } 173 }
174 174
175 switch (OBJ_obj2nid(cms->contentType)) { 175 switch (OBJ_obj2nid(cms->contentType)) {
176 176
177 case NID_pkcs7_data: 177 case NID_pkcs7_data:
178 case NID_pkcs7_enveloped: 178 case NID_pkcs7_enveloped:
179 case NID_pkcs7_encrypted: 179 case NID_pkcs7_encrypted:
180 case NID_id_smime_ct_compressedData: 180 case NID_id_smime_ct_compressedData:
181 /* Nothing to do */ 181 /* Nothing to do */
182 return 1; 182 return 1;
183 183
184 case NID_pkcs7_signed: 184 case NID_pkcs7_signed:
185 return cms_SignedData_final(cms, cmsbio); 185 return cms_SignedData_final(cms, cmsbio);
186 186
187 case NID_pkcs7_digest: 187 case NID_pkcs7_digest:
188 return cms_DigestedData_do_final(cms, cmsbio, 0); 188 return cms_DigestedData_do_final(cms, cmsbio, 0);
189 189
190 default: 190 default:
191 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE); 191 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
192 return 0; 192 return 0;
193 } 193 }
194} 194}
195 195
196/* 196/*
@@ -200,36 +200,36 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
200 200
201ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) 201ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
202{ 202{
203 switch (OBJ_obj2nid(cms->contentType)) { 203 switch (OBJ_obj2nid(cms->contentType)) {
204 204
205 case NID_pkcs7_data: 205 case NID_pkcs7_data:
206 return &cms->d.data; 206 return &cms->d.data;
207 207
208 case NID_pkcs7_signed: 208 case NID_pkcs7_signed:
209 return &cms->d.signedData->encapContentInfo->eContent; 209 return &cms->d.signedData->encapContentInfo->eContent;
210 210
211 case NID_pkcs7_enveloped: 211 case NID_pkcs7_enveloped:
212 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; 212 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
213 213
214 case NID_pkcs7_digest: 214 case NID_pkcs7_digest:
215 return &cms->d.digestedData->encapContentInfo->eContent; 215 return &cms->d.digestedData->encapContentInfo->eContent;
216 216
217 case NID_pkcs7_encrypted: 217 case NID_pkcs7_encrypted:
218 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; 218 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
219 219
220 case NID_id_smime_ct_authData: 220 case NID_id_smime_ct_authData:
221 return &cms->d.authenticatedData->encapContentInfo->eContent; 221 return &cms->d.authenticatedData->encapContentInfo->eContent;
222 222
223 case NID_id_smime_ct_compressedData: 223 case NID_id_smime_ct_compressedData:
224 return &cms->d.compressedData->encapContentInfo->eContent; 224 return &cms->d.compressedData->encapContentInfo->eContent;
225 225
226 default: 226 default:
227 if (cms->d.other->type == V_ASN1_OCTET_STRING) 227 if (cms->d.other->type == V_ASN1_OCTET_STRING)
228 return &cms->d.other->value.octet_string; 228 return &cms->d.other->value.octet_string;
229 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); 229 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
230 return NULL; 230 return NULL;
231 231
232 } 232 }
233} 233}
234 234
235/* 235/*
@@ -239,394 +239,394 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
239 239
240static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) 240static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
241{ 241{
242 switch (OBJ_obj2nid(cms->contentType)) { 242 switch (OBJ_obj2nid(cms->contentType)) {
243 243
244 case NID_pkcs7_signed: 244 case NID_pkcs7_signed:
245 return &cms->d.signedData->encapContentInfo->eContentType; 245 return &cms->d.signedData->encapContentInfo->eContentType;
246 246
247 case NID_pkcs7_enveloped: 247 case NID_pkcs7_enveloped:
248 return &cms->d.envelopedData->encryptedContentInfo->contentType; 248 return &cms->d.envelopedData->encryptedContentInfo->contentType;
249 249
250 case NID_pkcs7_digest: 250 case NID_pkcs7_digest:
251 return &cms->d.digestedData->encapContentInfo->eContentType; 251 return &cms->d.digestedData->encapContentInfo->eContentType;
252 252
253 case NID_pkcs7_encrypted: 253 case NID_pkcs7_encrypted:
254 return &cms->d.encryptedData->encryptedContentInfo->contentType; 254 return &cms->d.encryptedData->encryptedContentInfo->contentType;
255 255
256 case NID_id_smime_ct_authData: 256 case NID_id_smime_ct_authData:
257 return &cms->d.authenticatedData->encapContentInfo->eContentType; 257 return &cms->d.authenticatedData->encapContentInfo->eContentType;
258 258
259 case NID_id_smime_ct_compressedData: 259 case NID_id_smime_ct_compressedData:
260 return &cms->d.compressedData->encapContentInfo->eContentType; 260 return &cms->d.compressedData->encapContentInfo->eContentType;
261 261
262 default: 262 default:
263 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE); 263 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
264 return NULL; 264 return NULL;
265 265
266 } 266 }
267} 267}
268 268
269const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) 269const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
270{ 270{
271 ASN1_OBJECT **petype; 271 ASN1_OBJECT **petype;
272 petype = cms_get0_econtent_type(cms); 272 petype = cms_get0_econtent_type(cms);
273 if (petype) 273 if (petype)
274 return *petype; 274 return *petype;
275 return NULL; 275 return NULL;
276} 276}
277 277
278int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) 278int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
279{ 279{
280 ASN1_OBJECT **petype, *etype; 280 ASN1_OBJECT **petype, *etype;
281 petype = cms_get0_econtent_type(cms); 281 petype = cms_get0_econtent_type(cms);
282 if (!petype) 282 if (!petype)
283 return 0; 283 return 0;
284 if (!oid) 284 if (!oid)
285 return 1; 285 return 1;
286 etype = OBJ_dup(oid); 286 etype = OBJ_dup(oid);
287 if (!etype) 287 if (!etype)
288 return 0; 288 return 0;
289 ASN1_OBJECT_free(*petype); 289 ASN1_OBJECT_free(*petype);
290 *petype = etype; 290 *petype = etype;
291 return 1; 291 return 1;
292} 292}
293 293
294int CMS_is_detached(CMS_ContentInfo *cms) 294int CMS_is_detached(CMS_ContentInfo *cms)
295{ 295{
296 ASN1_OCTET_STRING **pos; 296 ASN1_OCTET_STRING **pos;
297 pos = CMS_get0_content(cms); 297 pos = CMS_get0_content(cms);
298 if (!pos) 298 if (!pos)
299 return -1; 299 return -1;
300 if (*pos) 300 if (*pos)
301 return 0; 301 return 0;
302 return 1; 302 return 1;
303} 303}
304 304
305int CMS_set_detached(CMS_ContentInfo *cms, int detached) 305int CMS_set_detached(CMS_ContentInfo *cms, int detached)
306{ 306{
307 ASN1_OCTET_STRING **pos; 307 ASN1_OCTET_STRING **pos;
308 pos = CMS_get0_content(cms); 308 pos = CMS_get0_content(cms);
309 if (!pos) 309 if (!pos)
310 return 0; 310 return 0;
311 if (detached) { 311 if (detached) {
312 ASN1_OCTET_STRING_free(*pos); 312 ASN1_OCTET_STRING_free(*pos);
313 *pos = NULL; 313 *pos = NULL;
314 return 1; 314 return 1;
315 } 315 }
316 if (*pos == NULL) 316 if (*pos == NULL)
317 *pos = ASN1_OCTET_STRING_new(); 317 *pos = ASN1_OCTET_STRING_new();
318 if (*pos != NULL) { 318 if (*pos != NULL) {
319 /* 319 /*
320 * NB: special flag to show content is created and not read in. 320 * NB: special flag to show content is created and not read in.
321 */ 321 */
322 (*pos)->flags |= ASN1_STRING_FLAG_CONT; 322 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
323 return 1; 323 return 1;
324 } 324 }
325 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); 325 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
326 return 0; 326 return 0;
327} 327}
328 328
329/* Create a digest BIO from an X509_ALGOR structure */ 329/* Create a digest BIO from an X509_ALGOR structure */
330 330
331BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) 331BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
332{ 332{
333 BIO *mdbio = NULL; 333 BIO *mdbio = NULL;
334 const ASN1_OBJECT *digestoid; 334 const ASN1_OBJECT *digestoid;
335 const EVP_MD *digest; 335 const EVP_MD *digest;
336 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); 336 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
337 digest = EVP_get_digestbyobj(digestoid); 337 digest = EVP_get_digestbyobj(digestoid);
338 if (!digest) { 338 if (!digest) {
339 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 339 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
340 CMS_R_UNKNOWN_DIGEST_ALGORITHM); 340 CMS_R_UNKNOWN_DIGEST_ALGORITHM);
341 goto err; 341 goto err;
342 } 342 }
343 mdbio = BIO_new(BIO_f_md()); 343 mdbio = BIO_new(BIO_f_md());
344 if (mdbio == NULL || !BIO_set_md(mdbio, digest)) { 344 if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
345 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR); 345 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
346 goto err; 346 goto err;
347 } 347 }
348 return mdbio; 348 return mdbio;
349 err: 349 err:
350 BIO_free(mdbio); 350 BIO_free(mdbio);
351 return NULL; 351 return NULL;
352} 352}
353 353
354/* Locate a message digest content from a BIO chain based on SignerInfo */ 354/* Locate a message digest content from a BIO chain based on SignerInfo */
355 355
356int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 356int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
357 X509_ALGOR *mdalg) 357 X509_ALGOR *mdalg)
358{ 358{
359 int nid; 359 int nid;
360 const ASN1_OBJECT *mdoid; 360 const ASN1_OBJECT *mdoid;
361 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); 361 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
362 nid = OBJ_obj2nid(mdoid); 362 nid = OBJ_obj2nid(mdoid);
363 /* Look for digest type to match signature */ 363 /* Look for digest type to match signature */
364 for (;;) { 364 for (;;) {
365 EVP_MD_CTX *mtmp; 365 EVP_MD_CTX *mtmp;
366 chain = BIO_find_type(chain, BIO_TYPE_MD); 366 chain = BIO_find_type(chain, BIO_TYPE_MD);
367 if (chain == NULL) { 367 if (chain == NULL) {
368 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 368 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
369 CMS_R_NO_MATCHING_DIGEST); 369 CMS_R_NO_MATCHING_DIGEST);
370 return 0; 370 return 0;
371 } 371 }
372 BIO_get_md_ctx(chain, &mtmp); 372 BIO_get_md_ctx(chain, &mtmp);
373 if (EVP_MD_CTX_type(mtmp) == nid 373 if (EVP_MD_CTX_type(mtmp) == nid
374 /* 374 /*
375 * Workaround for broken implementations that use signature 375 * Workaround for broken implementations that use signature
376 * algorithm OID instead of digest. 376 * algorithm OID instead of digest.
377 */ 377 */
378 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) 378 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
379 return EVP_MD_CTX_copy_ex(mctx, mtmp); 379 return EVP_MD_CTX_copy_ex(mctx, mtmp);
380 chain = BIO_next(chain); 380 chain = BIO_next(chain);
381 } 381 }
382} 382}
383 383
384static STACK_OF(CMS_CertificateChoices) 384static STACK_OF(CMS_CertificateChoices)
385**cms_get0_certificate_choices(CMS_ContentInfo *cms) 385**cms_get0_certificate_choices(CMS_ContentInfo *cms)
386{ 386{
387 switch (OBJ_obj2nid(cms->contentType)) { 387 switch (OBJ_obj2nid(cms->contentType)) {
388 388
389 case NID_pkcs7_signed: 389 case NID_pkcs7_signed:
390 return &cms->d.signedData->certificates; 390 return &cms->d.signedData->certificates;
391 391
392 case NID_pkcs7_enveloped: 392 case NID_pkcs7_enveloped:
393 if (cms->d.envelopedData->originatorInfo == NULL) 393 if (cms->d.envelopedData->originatorInfo == NULL)
394 return NULL; 394 return NULL;
395 return &cms->d.envelopedData->originatorInfo->certificates; 395 return &cms->d.envelopedData->originatorInfo->certificates;
396 396
397 default: 397 default:
398 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 398 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
399 CMS_R_UNSUPPORTED_CONTENT_TYPE); 399 CMS_R_UNSUPPORTED_CONTENT_TYPE);
400 return NULL; 400 return NULL;
401 401
402 } 402 }
403} 403}
404 404
405CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) 405CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
406{ 406{
407 STACK_OF(CMS_CertificateChoices) **pcerts; 407 STACK_OF(CMS_CertificateChoices) **pcerts;
408 CMS_CertificateChoices *cch; 408 CMS_CertificateChoices *cch;
409 pcerts = cms_get0_certificate_choices(cms); 409 pcerts = cms_get0_certificate_choices(cms);
410 if (!pcerts) 410 if (!pcerts)
411 return NULL; 411 return NULL;
412 if (!*pcerts) 412 if (!*pcerts)
413 *pcerts = sk_CMS_CertificateChoices_new_null(); 413 *pcerts = sk_CMS_CertificateChoices_new_null();
414 if (!*pcerts) 414 if (!*pcerts)
415 return NULL; 415 return NULL;
416 cch = M_ASN1_new_of(CMS_CertificateChoices); 416 cch = M_ASN1_new_of(CMS_CertificateChoices);
417 if (!cch) 417 if (!cch)
418 return NULL; 418 return NULL;
419 if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) { 419 if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
420 M_ASN1_free_of(cch, CMS_CertificateChoices); 420 M_ASN1_free_of(cch, CMS_CertificateChoices);
421 return NULL; 421 return NULL;
422 } 422 }
423 return cch; 423 return cch;
424} 424}
425 425
426int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) 426int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
427{ 427{
428 CMS_CertificateChoices *cch; 428 CMS_CertificateChoices *cch;
429 STACK_OF(CMS_CertificateChoices) **pcerts; 429 STACK_OF(CMS_CertificateChoices) **pcerts;
430 int i; 430 int i;
431 pcerts = cms_get0_certificate_choices(cms); 431 pcerts = cms_get0_certificate_choices(cms);
432 if (!pcerts) 432 if (!pcerts)
433 return 0; 433 return 0;
434 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { 434 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
435 cch = sk_CMS_CertificateChoices_value(*pcerts, i); 435 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
436 if (cch->type == CMS_CERTCHOICE_CERT) { 436 if (cch->type == CMS_CERTCHOICE_CERT) {
437 if (!X509_cmp(cch->d.certificate, cert)) { 437 if (!X509_cmp(cch->d.certificate, cert)) {
438 CMSerr(CMS_F_CMS_ADD0_CERT, 438 CMSerr(CMS_F_CMS_ADD0_CERT,
439 CMS_R_CERTIFICATE_ALREADY_PRESENT); 439 CMS_R_CERTIFICATE_ALREADY_PRESENT);
440 return 0; 440 return 0;
441 } 441 }
442 } 442 }
443 } 443 }
444 cch = CMS_add0_CertificateChoices(cms); 444 cch = CMS_add0_CertificateChoices(cms);
445 if (!cch) 445 if (!cch)
446 return 0; 446 return 0;
447 cch->type = CMS_CERTCHOICE_CERT; 447 cch->type = CMS_CERTCHOICE_CERT;
448 cch->d.certificate = cert; 448 cch->d.certificate = cert;
449 return 1; 449 return 1;
450} 450}
451 451
452int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) 452int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
453{ 453{
454 int r; 454 int r;
455 r = CMS_add0_cert(cms, cert); 455 r = CMS_add0_cert(cms, cert);
456 if (r > 0) 456 if (r > 0)
457 X509_up_ref(cert); 457 X509_up_ref(cert);
458 return r; 458 return r;
459} 459}
460 460
461static STACK_OF(CMS_RevocationInfoChoice) 461static STACK_OF(CMS_RevocationInfoChoice)
462**cms_get0_revocation_choices(CMS_ContentInfo *cms) 462**cms_get0_revocation_choices(CMS_ContentInfo *cms)
463{ 463{
464 switch (OBJ_obj2nid(cms->contentType)) { 464 switch (OBJ_obj2nid(cms->contentType)) {
465 465
466 case NID_pkcs7_signed: 466 case NID_pkcs7_signed:
467 return &cms->d.signedData->crls; 467 return &cms->d.signedData->crls;
468 468
469 case NID_pkcs7_enveloped: 469 case NID_pkcs7_enveloped:
470 if (cms->d.envelopedData->originatorInfo == NULL) 470 if (cms->d.envelopedData->originatorInfo == NULL)
471 return NULL; 471 return NULL;
472 return &cms->d.envelopedData->originatorInfo->crls; 472 return &cms->d.envelopedData->originatorInfo->crls;
473 473
474 default: 474 default:
475 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, 475 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
476 CMS_R_UNSUPPORTED_CONTENT_TYPE); 476 CMS_R_UNSUPPORTED_CONTENT_TYPE);
477 return NULL; 477 return NULL;
478 478
479 } 479 }
480} 480}
481 481
482CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) 482CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
483{ 483{
484 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 484 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
485 CMS_RevocationInfoChoice *rch; 485 CMS_RevocationInfoChoice *rch;
486 pcrls = cms_get0_revocation_choices(cms); 486 pcrls = cms_get0_revocation_choices(cms);
487 if (!pcrls) 487 if (!pcrls)
488 return NULL; 488 return NULL;
489 if (!*pcrls) 489 if (!*pcrls)
490 *pcrls = sk_CMS_RevocationInfoChoice_new_null(); 490 *pcrls = sk_CMS_RevocationInfoChoice_new_null();
491 if (!*pcrls) 491 if (!*pcrls)
492 return NULL; 492 return NULL;
493 rch = M_ASN1_new_of(CMS_RevocationInfoChoice); 493 rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
494 if (!rch) 494 if (!rch)
495 return NULL; 495 return NULL;
496 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) { 496 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
497 M_ASN1_free_of(rch, CMS_RevocationInfoChoice); 497 M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
498 return NULL; 498 return NULL;
499 } 499 }
500 return rch; 500 return rch;
501} 501}
502 502
503int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) 503int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
504{ 504{
505 CMS_RevocationInfoChoice *rch; 505 CMS_RevocationInfoChoice *rch;
506 rch = CMS_add0_RevocationInfoChoice(cms); 506 rch = CMS_add0_RevocationInfoChoice(cms);
507 if (!rch) 507 if (!rch)
508 return 0; 508 return 0;
509 rch->type = CMS_REVCHOICE_CRL; 509 rch->type = CMS_REVCHOICE_CRL;
510 rch->d.crl = crl; 510 rch->d.crl = crl;
511 return 1; 511 return 1;
512} 512}
513 513
514int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) 514int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
515{ 515{
516 int r; 516 int r;
517 r = CMS_add0_crl(cms, crl); 517 r = CMS_add0_crl(cms, crl);
518 if (r > 0) 518 if (r > 0)
519 X509_CRL_up_ref(crl); 519 X509_CRL_up_ref(crl);
520 return r; 520 return r;
521} 521}
522 522
523STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) 523STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
524{ 524{
525 STACK_OF(X509) *certs = NULL; 525 STACK_OF(X509) *certs = NULL;
526 CMS_CertificateChoices *cch; 526 CMS_CertificateChoices *cch;
527 STACK_OF(CMS_CertificateChoices) **pcerts; 527 STACK_OF(CMS_CertificateChoices) **pcerts;
528 int i; 528 int i;
529 pcerts = cms_get0_certificate_choices(cms); 529 pcerts = cms_get0_certificate_choices(cms);
530 if (!pcerts) 530 if (!pcerts)
531 return NULL; 531 return NULL;
532 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { 532 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
533 cch = sk_CMS_CertificateChoices_value(*pcerts, i); 533 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
534 if (cch->type == 0) { 534 if (cch->type == 0) {
535 if (!certs) { 535 if (!certs) {
536 certs = sk_X509_new_null(); 536 certs = sk_X509_new_null();
537 if (!certs) 537 if (!certs)
538 return NULL; 538 return NULL;
539 } 539 }
540 if (!sk_X509_push(certs, cch->d.certificate)) { 540 if (!sk_X509_push(certs, cch->d.certificate)) {
541 sk_X509_pop_free(certs, X509_free); 541 sk_X509_pop_free(certs, X509_free);
542 return NULL; 542 return NULL;
543 } 543 }
544 X509_up_ref(cch->d.certificate); 544 X509_up_ref(cch->d.certificate);
545 } 545 }
546 } 546 }
547 return certs; 547 return certs;
548 548
549} 549}
550 550
551STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) 551STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
552{ 552{
553 STACK_OF(X509_CRL) *crls = NULL; 553 STACK_OF(X509_CRL) *crls = NULL;
554 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 554 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
555 CMS_RevocationInfoChoice *rch; 555 CMS_RevocationInfoChoice *rch;
556 int i; 556 int i;
557 pcrls = cms_get0_revocation_choices(cms); 557 pcrls = cms_get0_revocation_choices(cms);
558 if (!pcrls) 558 if (!pcrls)
559 return NULL; 559 return NULL;
560 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) { 560 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
561 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); 561 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
562 if (rch->type == 0) { 562 if (rch->type == 0) {
563 if (!crls) { 563 if (!crls) {
564 crls = sk_X509_CRL_new_null(); 564 crls = sk_X509_CRL_new_null();
565 if (!crls) 565 if (!crls)
566 return NULL; 566 return NULL;
567 } 567 }
568 if (!sk_X509_CRL_push(crls, rch->d.crl)) { 568 if (!sk_X509_CRL_push(crls, rch->d.crl)) {
569 sk_X509_CRL_pop_free(crls, X509_CRL_free); 569 sk_X509_CRL_pop_free(crls, X509_CRL_free);
570 return NULL; 570 return NULL;
571 } 571 }
572 X509_CRL_up_ref(rch->d.crl); 572 X509_CRL_up_ref(rch->d.crl);
573 } 573 }
574 } 574 }
575 return crls; 575 return crls;
576} 576}
577 577
578int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) 578int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
579{ 579{
580 int ret; 580 int ret;
581 ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert)); 581 ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
582 if (ret) 582 if (ret)
583 return ret; 583 return ret;
584 return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert)); 584 return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
585} 585}
586 586
587int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) 587int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
588{ 588{
589 const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert); 589 const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
590 590
591 if (cert_keyid == NULL) 591 if (cert_keyid == NULL)
592 return -1; 592 return -1;
593 return ASN1_OCTET_STRING_cmp(keyid, cert_keyid); 593 return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
594} 594}
595 595
596int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) 596int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
597{ 597{
598 CMS_IssuerAndSerialNumber *ias; 598 CMS_IssuerAndSerialNumber *ias;
599 ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber); 599 ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
600 if (!ias) 600 if (!ias)
601 goto err; 601 goto err;
602 if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert))) 602 if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
603 goto err; 603 goto err;
604 if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert))) 604 if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
605 goto err; 605 goto err;
606 M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); 606 M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
607 *pias = ias; 607 *pias = ias;
608 return 1; 608 return 1;
609 err: 609 err:
610 M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); 610 M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
611 CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE); 611 CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
612 return 0; 612 return 0;
613} 613}
614 614
615int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) 615int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
616{ 616{
617 ASN1_OCTET_STRING *keyid = NULL; 617 ASN1_OCTET_STRING *keyid = NULL;
618 const ASN1_OCTET_STRING *cert_keyid; 618 const ASN1_OCTET_STRING *cert_keyid;
619 cert_keyid = X509_get0_subject_key_id(cert); 619 cert_keyid = X509_get0_subject_key_id(cert);
620 if (cert_keyid == NULL) { 620 if (cert_keyid == NULL) {
621 CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID); 621 CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
622 return 0; 622 return 0;
623 } 623 }
624 keyid = ASN1_STRING_dup(cert_keyid); 624 keyid = ASN1_STRING_dup(cert_keyid);
625 if (!keyid) { 625 if (!keyid) {
626 CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE); 626 CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
627 return 0; 627 return 0;
628 } 628 }
629 ASN1_OCTET_STRING_free(*pkeyid); 629 ASN1_OCTET_STRING_free(*pkeyid);
630 *pkeyid = keyid; 630 *pkeyid = keyid;
631 return 1; 631 return 1;
632} 632}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-02 16:47:46 +0000