summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms/cms_pwri.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/cms/cms_pwri.c')
-rw-r--r--src/lib/libcrypto/cms/cms_pwri.c43
1 files changed, 19 insertions, 24 deletions
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index a3251f58b7..dd66541409 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_pwri.c,v 1.19 2019/08/11 10:15:30 jsing Exp $ */ 1/* $OpenBSD: cms_pwri.c,v 1.20 2019/08/11 10:38:27 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -70,7 +70,7 @@ CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
70 CMS_PasswordRecipientInfo *pwri; 70 CMS_PasswordRecipientInfo *pwri;
71 71
72 if (ri->type != CMS_RECIPINFO_PASS) { 72 if (ri->type != CMS_RECIPINFO_PASS) {
73 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI); 73 CMSerror(CMS_R_NOT_PWRI);
74 return 0; 74 return 0;
75 } 75 }
76 76
@@ -111,12 +111,11 @@ CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
111 kekciph = env->encryptedContentInfo->cipher; 111 kekciph = env->encryptedContentInfo->cipher;
112 112
113 if (kekciph == NULL) { 113 if (kekciph == NULL) {
114 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER); 114 CMSerror(CMS_R_NO_CIPHER);
115 return NULL; 115 return NULL;
116 } 116 }
117 if (wrap_nid != NID_id_alg_PWRI_KEK) { 117 if (wrap_nid != NID_id_alg_PWRI_KEK) {
118 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 118 CMSerror(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
119 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
120 return NULL; 119 return NULL;
121 } 120 }
122 121
@@ -128,7 +127,7 @@ CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
128 ctx = EVP_CIPHER_CTX_new(); 127 ctx = EVP_CIPHER_CTX_new();
129 128
130 if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) { 129 if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
131 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); 130 CMSerror(ERR_R_EVP_LIB);
132 goto err; 131 goto err;
133 } 132 }
134 133
@@ -138,17 +137,16 @@ CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
138 if (RAND_bytes(iv, ivlen) <= 0) 137 if (RAND_bytes(iv, ivlen) <= 0)
139 goto err; 138 goto err;
140 if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) { 139 if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
141 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); 140 CMSerror(ERR_R_EVP_LIB);
142 goto err; 141 goto err;
143 } 142 }
144 encalg->parameter = ASN1_TYPE_new(); 143 encalg->parameter = ASN1_TYPE_new();
145 if (!encalg->parameter) { 144 if (!encalg->parameter) {
146 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE); 145 CMSerror(ERR_R_MALLOC_FAILURE);
147 goto err; 146 goto err;
148 } 147 }
149 if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) { 148 if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
150 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 149 CMSerror(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
151 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
152 goto err; 150 goto err;
153 } 151 }
154 } 152 }
@@ -203,7 +201,7 @@ CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
203 return ri; 201 return ri;
204 202
205 merr: 203 merr:
206 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE); 204 CMSerror(ERR_R_MALLOC_FAILURE);
207 err: 205 err:
208 EVP_CIPHER_CTX_free(ctx); 206 EVP_CIPHER_CTX_free(ctx);
209 if (ri) 207 if (ri)
@@ -235,7 +233,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
235 return 0; 233 return 0;
236 } 234 }
237 if ((tmp = OPENSSL_malloc(inlen)) == NULL) { 235 if ((tmp = OPENSSL_malloc(inlen)) == NULL) {
238 CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE); 236 CMSerror(ERR_R_MALLOC_FAILURE);
239 return 0; 237 return 0;
240 } 238 }
241 239
@@ -339,14 +337,13 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
339 pwri = ri->d.pwri; 337 pwri = ri->d.pwri;
340 338
341 if (!pwri->pass) { 339 if (!pwri->pass) {
342 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); 340 CMSerror(CMS_R_NO_PASSWORD);
343 return 0; 341 return 0;
344 } 342 }
345 algtmp = pwri->keyEncryptionAlgorithm; 343 algtmp = pwri->keyEncryptionAlgorithm;
346 344
347 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { 345 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
348 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 346 CMSerror(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
349 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
350 return 0; 347 return 0;
351 } 348 }
352 349
@@ -354,20 +351,19 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
354 algtmp->parameter); 351 algtmp->parameter);
355 352
356 if (kekalg == NULL) { 353 if (kekalg == NULL) {
357 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 354 CMSerror(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
358 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
359 return 0; 355 return 0;
360 } 356 }
361 357
362 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); 358 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
363 if (!kekcipher) { 359 if (!kekcipher) {
364 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER); 360 CMSerror(CMS_R_UNKNOWN_CIPHER);
365 return 0; 361 return 0;
366 } 362 }
367 363
368 kekctx = EVP_CIPHER_CTX_new(); 364 kekctx = EVP_CIPHER_CTX_new();
369 if (kekctx == NULL) { 365 if (kekctx == NULL) {
370 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); 366 CMSerror(ERR_R_MALLOC_FAILURE);
371 return 0; 367 return 0;
372 } 368 }
373 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ 369 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
@@ -375,8 +371,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
375 goto err; 371 goto err;
376 EVP_CIPHER_CTX_set_padding(kekctx, 0); 372 EVP_CIPHER_CTX_set_padding(kekctx, 0);
377 if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) { 373 if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
378 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 374 CMSerror(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
379 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
380 goto err; 375 goto err;
381 } 376 }
382 377
@@ -386,7 +381,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
386 381
387 if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass, 382 if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,
388 pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) { 383 pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) {
389 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB); 384 CMSerror(ERR_R_EVP_LIB);
390 goto err; 385 goto err;
391 } 386 }
392 387
@@ -407,12 +402,12 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
407 } else { 402 } else {
408 key = OPENSSL_malloc(pwri->encryptedKey->length); 403 key = OPENSSL_malloc(pwri->encryptedKey->length);
409 if (key == NULL) { 404 if (key == NULL) {
410 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); 405 CMSerror(ERR_R_MALLOC_FAILURE);
411 goto err; 406 goto err;
412 } 407 }
413 if (!kek_unwrap_key(key, &keylen, pwri->encryptedKey->data, 408 if (!kek_unwrap_key(key, &keylen, pwri->encryptedKey->data,
414 pwri->encryptedKey->length, kekctx)) { 409 pwri->encryptedKey->length, kekctx)) {
415 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE); 410 CMSerror(CMS_R_UNWRAP_FAILURE);
416 goto err; 411 goto err;
417 } 412 }
418 413
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 10:55:25 +0000