summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms/cms_smime.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/cms/cms_smime.c')
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c243
1 files changed, 144 insertions, 99 deletions
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index f3dcd05ee1..a4a77b916a 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_smime.c,v 1.19 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_smime.c,v 1.20 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -61,9 +61,11 @@
61#include "cms_lcl.h" 61#include "cms_lcl.h"
62#include "asn1/asn1_locl.h" 62#include "asn1/asn1_locl.h"
63 63
64static BIO *cms_get_text_bio(BIO *out, unsigned int flags) 64static BIO *
65cms_get_text_bio(BIO *out, unsigned int flags)
65{ 66{
66 BIO *rbio; 67 BIO *rbio;
68
67 if (out == NULL) 69 if (out == NULL)
68 rbio = BIO_new(BIO_s_null()); 70 rbio = BIO_new(BIO_s_null());
69 else if (flags & CMS_TEXT) { 71 else if (flags & CMS_TEXT) {
@@ -71,10 +73,12 @@ static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
71 BIO_set_mem_eof_return(rbio, 0); 73 BIO_set_mem_eof_return(rbio, 0);
72 } else 74 } else
73 rbio = out; 75 rbio = out;
76
74 return rbio; 77 return rbio;
75} 78}
76 79
77static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) 80static int
81cms_copy_content(BIO *out, BIO *in, unsigned int flags)
78{ 82{
79 unsigned char buf[4096]; 83 unsigned char buf[4096];
80 int r = 0, i; 84 int r = 0, i;
@@ -92,11 +96,11 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
92 i = BIO_read(in, buf, sizeof(buf)); 96 i = BIO_read(in, buf, sizeof(buf));
93 if (i <= 0) { 97 if (i <= 0) {
94 if (BIO_method_type(in) == BIO_TYPE_CIPHER) { 98 if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
95 if (!BIO_get_cipher_status(in)) 99 if (!BIO_get_cipher_status(in))
96 goto err; 100 goto err;
97 } 101 }
98 if (i < 0) 102 if (i < 0)
99 goto err; 103 goto err;
100 break; 104 break;
101 } 105 }
102 106
@@ -116,21 +120,25 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
116 err: 120 err:
117 if (tmpout != out) 121 if (tmpout != out)
118 BIO_free(tmpout); 122 BIO_free(tmpout);
119 return r;
120 123
124 return r;
121} 125}
122 126
123static int check_content(CMS_ContentInfo *cms) 127static int
128check_content(CMS_ContentInfo *cms)
124{ 129{
125 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 130 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
131
126 if (!pos || !*pos) { 132 if (!pos || !*pos) {
127 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); 133 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
128 return 0; 134 return 0;
129 } 135 }
136
130 return 1; 137 return 1;
131} 138}
132 139
133static void do_free_upto(BIO *f, BIO *upto) 140static void
141do_free_upto(BIO *f, BIO *upto)
134{ 142{
135 if (upto) { 143 if (upto) {
136 BIO *tbio; 144 BIO *tbio;
@@ -144,10 +152,12 @@ static void do_free_upto(BIO *f, BIO *upto)
144 BIO_free_all(f); 152 BIO_free_all(f);
145} 153}
146 154
147int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) 155int
156CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
148{ 157{
149 BIO *cont; 158 BIO *cont;
150 int r; 159 int r;
160
151 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) { 161 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
152 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); 162 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
153 return 0; 163 return 0;
@@ -157,12 +167,15 @@ int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
157 return 0; 167 return 0;
158 r = cms_copy_content(out, cont, flags); 168 r = cms_copy_content(out, cont, flags);
159 BIO_free_all(cont); 169 BIO_free_all(cont);
170
160 return r; 171 return r;
161} 172}
162 173
163CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) 174CMS_ContentInfo *
175CMS_data_create(BIO *in, unsigned int flags)
164{ 176{
165 CMS_ContentInfo *cms; 177 CMS_ContentInfo *cms;
178
166 cms = cms_Data_create(); 179 cms = cms_Data_create();
167 if (!cms) 180 if (!cms)
168 return NULL; 181 return NULL;
@@ -175,11 +188,12 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
175 return NULL; 188 return NULL;
176} 189}
177 190
178int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 191int
179 unsigned int flags) 192CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
180{ 193{
181 BIO *cont; 194 BIO *cont;
182 int r; 195 int r;
196
183 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) { 197 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
184 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); 198 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
185 return 0; 199 return 0;
@@ -195,13 +209,15 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
195 if (r) 209 if (r)
196 r = cms_DigestedData_do_final(cms, cont, 1); 210 r = cms_DigestedData_do_final(cms, cont, 1);
197 do_free_upto(cont, dcont); 211 do_free_upto(cont, dcont);
212
198 return r; 213 return r;
199} 214}
200 215
201CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, 216CMS_ContentInfo *
202 unsigned int flags) 217CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags)
203{ 218{
204 CMS_ContentInfo *cms; 219 CMS_ContentInfo *cms;
220
205 if (!md) 221 if (!md)
206 md = EVP_sha1(); 222 md = EVP_sha1();
207 cms = cms_DigestedData_create(md); 223 cms = cms_DigestedData_create(md);
@@ -215,18 +231,20 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
215 return cms; 231 return cms;
216 232
217 CMS_ContentInfo_free(cms); 233 CMS_ContentInfo_free(cms);
234
218 return NULL; 235 return NULL;
219} 236}
220 237
221int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, 238int
222 const unsigned char *key, size_t keylen, 239CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
223 BIO *dcont, BIO *out, unsigned int flags) 240 size_t keylen, BIO *dcont, BIO *out, unsigned int flags)
224{ 241{
225 BIO *cont; 242 BIO *cont;
226 int r; 243 int r;
244
227 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) { 245 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
228 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 246 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
229 CMS_R_TYPE_NOT_ENCRYPTED_DATA); 247 CMS_R_TYPE_NOT_ENCRYPTED_DATA);
230 return 0; 248 return 0;
231 } 249 }
232 250
@@ -240,14 +258,16 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
240 return 0; 258 return 0;
241 r = cms_copy_content(out, cont, flags); 259 r = cms_copy_content(out, cont, flags);
242 do_free_upto(cont, dcont); 260 do_free_upto(cont, dcont);
261
243 return r; 262 return r;
244} 263}
245 264
246CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, 265CMS_ContentInfo *
247 const unsigned char *key, 266CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
248 size_t keylen, unsigned int flags) 267 const unsigned char *key, size_t keylen, unsigned int flags)
249{ 268{
250 CMS_ContentInfo *cms; 269 CMS_ContentInfo *cms;
270
251 if (!cipher) { 271 if (!cipher) {
252 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); 272 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
253 return NULL; 273 return NULL;
@@ -261,18 +281,18 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
261 if (!(flags & CMS_DETACHED)) 281 if (!(flags & CMS_DETACHED))
262 CMS_set_detached(cms, 0); 282 CMS_set_detached(cms, 0);
263 283
264 if ((flags & (CMS_STREAM | CMS_PARTIAL)) 284 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
265 || CMS_final(cms, in, NULL, flags)) 285 CMS_final(cms, in, NULL, flags))
266 return cms; 286 return cms;
267 287
268 CMS_ContentInfo_free(cms); 288 CMS_ContentInfo_free(cms);
289
269 return NULL; 290 return NULL;
270} 291}
271 292
272static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, 293static int
273 X509_STORE *store, 294cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store,
274 STACK_OF(X509) *certs, 295 STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls)
275 STACK_OF(X509_CRL) *crls)
276{ 296{
277 X509_STORE_CTX *ctx = X509_STORE_CTX_new(); 297 X509_STORE_CTX *ctx = X509_STORE_CTX_new();
278 X509 *signer; 298 X509 *signer;
@@ -301,14 +321,16 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
301 goto err; 321 goto err;
302 } 322 }
303 r = 1; 323 r = 1;
324
304 err: 325 err:
305 X509_STORE_CTX_free(ctx); 326 X509_STORE_CTX_free(ctx);
306 return r;
307 327
328 return r;
308} 329}
309 330
310int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 331int
311 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) 332CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
333 BIO *dcont, BIO *out, unsigned int flags)
312{ 334{
313 CMS_SignerInfo *si; 335 CMS_SignerInfo *si;
314 STACK_OF(CMS_SignerInfo) *sinfos; 336 STACK_OF(CMS_SignerInfo) *sinfos;
@@ -329,7 +351,6 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
329 /* Attempt to find all signer certificates */ 351 /* Attempt to find all signer certificates */
330 352
331 sinfos = CMS_get0_SignerInfos(cms); 353 sinfos = CMS_get0_SignerInfos(cms);
332
333 if (sk_CMS_SignerInfo_num(sinfos) <= 0) { 354 if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
334 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); 355 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
335 goto err; 356 goto err;
@@ -359,7 +380,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
359 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 380 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
360 si = sk_CMS_SignerInfo_value(sinfos, i); 381 si = sk_CMS_SignerInfo_value(sinfos, i);
361 if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls)) 382 if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
362 goto err; 383 goto err;
363 } 384 }
364 } 385 }
365 386
@@ -369,9 +390,9 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
369 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 390 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
370 si = sk_CMS_SignerInfo_value(sinfos, i); 391 si = sk_CMS_SignerInfo_value(sinfos, i);
371 if (CMS_signed_get_attr_count(si) < 0) 392 if (CMS_signed_get_attr_count(si) < 0)
372 continue; 393 continue;
373 if (CMS_SignerInfo_verify(si) <= 0) 394 if (CMS_SignerInfo_verify(si) <= 0)
374 goto err; 395 goto err;
375 } 396 }
376 } 397 }
377 398
@@ -385,6 +406,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
385 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) { 406 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
386 char *ptr; 407 char *ptr;
387 long len; 408 long len;
409
388 len = BIO_get_mem_data(dcont, &ptr); 410 len = BIO_get_mem_data(dcont, &ptr);
389 tmpin = BIO_new_mem_buf(ptr, len); 411 tmpin = BIO_new_mem_buf(ptr, len);
390 if (tmpin == NULL) { 412 if (tmpin == NULL) {
@@ -393,6 +415,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
393 } 415 }
394 } else 416 } else
395 tmpin = dcont; 417 tmpin = dcont;
418
396 /* 419 /*
397 * If not binary mode and detached generate digests by *writing* through 420 * If not binary mode and detached generate digests by *writing* through
398 * the BIO. That makes it possible to canonicalise the input. 421 * the BIO. That makes it possible to canonicalise the input.
@@ -418,8 +441,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
418 441
419 if (flags & CMS_TEXT) { 442 if (flags & CMS_TEXT) {
420 if (!SMIME_text(tmpout, out)) { 443 if (!SMIME_text(tmpout, out)) {
421 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR); 444 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
422 goto err; 445 goto err;
423 } 446 }
424 } 447 }
425 } else { 448 } else {
@@ -435,8 +458,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
435 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 458 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
436 si = sk_CMS_SignerInfo_value(sinfos, i); 459 si = sk_CMS_SignerInfo_value(sinfos, i);
437 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { 460 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
438 CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR); 461 CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
439 goto err; 462 goto err;
440 } 463 }
441 } 464 }
442 } 465 }
@@ -465,21 +488,23 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
465 return ret; 488 return ret;
466} 489}
467 490
468int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, 491int
469 STACK_OF(X509) *certs, 492CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
470 X509_STORE *store, unsigned int flags) 493 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags)
471{ 494{
472 int r; 495 int r;
496
473 flags &= ~(CMS_DETACHED | CMS_TEXT); 497 flags &= ~(CMS_DETACHED | CMS_TEXT);
474 r = CMS_verify(rcms, certs, store, NULL, NULL, flags); 498 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
475 if (r <= 0) 499 if (r <= 0)
476 return r; 500 return r;
501
477 return cms_Receipt_verify(rcms, ocms); 502 return cms_Receipt_verify(rcms, ocms);
478} 503}
479 504
480CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, 505CMS_ContentInfo *
481 STACK_OF(X509) *certs, BIO *data, 506CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
482 unsigned int flags) 507 unsigned int flags)
483{ 508{
484 CMS_ContentInfo *cms; 509 CMS_ContentInfo *cms;
485 int i; 510 int i;
@@ -487,9 +512,8 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
487 cms = CMS_ContentInfo_new(); 512 cms = CMS_ContentInfo_new();
488 if (cms == NULL || !CMS_SignedData_init(cms)) 513 if (cms == NULL || !CMS_SignedData_init(cms))
489 goto merr; 514 goto merr;
490 if (flags & CMS_ASCIICRLF 515 if (flags & CMS_ASCIICRLF &&
491 && !CMS_set1_eContentType(cms, 516 !CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
492 OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
493 goto err; 517 goto err;
494 518
495 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) { 519 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
@@ -506,8 +530,8 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
506 if (!(flags & CMS_DETACHED)) 530 if (!(flags & CMS_DETACHED))
507 CMS_set_detached(cms, 0); 531 CMS_set_detached(cms, 0);
508 532
509 if ((flags & (CMS_STREAM | CMS_PARTIAL)) 533 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
510 || CMS_final(cms, data, NULL, flags)) 534 CMS_final(cms, data, NULL, flags))
511 return cms; 535 return cms;
512 else 536 else
513 goto err; 537 goto err;
@@ -517,12 +541,13 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
517 541
518 err: 542 err:
519 CMS_ContentInfo_free(cms); 543 CMS_ContentInfo_free(cms);
544
520 return NULL; 545 return NULL;
521} 546}
522 547
523CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, 548CMS_ContentInfo *
524 X509 *signcert, EVP_PKEY *pkey, 549CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey,
525 STACK_OF(X509) *certs, unsigned int flags) 550 STACK_OF(X509) *certs, unsigned int flags)
526{ 551{
527 CMS_SignerInfo *rct_si; 552 CMS_SignerInfo *rct_si;
528 CMS_ContentInfo *cms = NULL; 553 CMS_ContentInfo *cms = NULL;
@@ -555,7 +580,6 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
555 } 580 }
556 581
557 os = cms_encode_Receipt(si); 582 os = cms_encode_Receipt(si);
558
559 if (!os) 583 if (!os)
560 goto err; 584 goto err;
561 585
@@ -584,16 +608,18 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
584 if (r) 608 if (r)
585 return cms; 609 return cms;
586 CMS_ContentInfo_free(cms); 610 CMS_ContentInfo_free(cms);
587 return NULL;
588 611
612 return NULL;
589} 613}
590 614
591CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, 615CMS_ContentInfo *
592 const EVP_CIPHER *cipher, unsigned int flags) 616CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher,
617 unsigned int flags)
593{ 618{
594 CMS_ContentInfo *cms; 619 CMS_ContentInfo *cms;
595 int i; 620 int i;
596 X509 *recip; 621 X509 *recip;
622
597 cms = CMS_EnvelopedData_create(cipher); 623 cms = CMS_EnvelopedData_create(cipher);
598 if (!cms) 624 if (!cms)
599 goto merr; 625 goto merr;
@@ -608,8 +634,8 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
608 if (!(flags & CMS_DETACHED)) 634 if (!(flags & CMS_DETACHED))
609 CMS_set_detached(cms, 0); 635 CMS_set_detached(cms, 0);
610 636
611 if ((flags & (CMS_STREAM | CMS_PARTIAL)) 637 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
612 || CMS_final(cms, data, NULL, flags)) 638 CMS_final(cms, data, NULL, flags))
613 return cms; 639 return cms;
614 else 640 else
615 goto err; 641 goto err;
@@ -618,18 +644,22 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
618 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); 644 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
619 err: 645 err:
620 CMS_ContentInfo_free(cms); 646 CMS_ContentInfo_free(cms);
647
621 return NULL; 648 return NULL;
622} 649}
623 650
624static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 651static int
625 EVP_PKEY *pk, X509 *cert) 652cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, EVP_PKEY *pk,
653 X509 *cert)
626{ 654{
627 int i; 655 int i;
628 STACK_OF(CMS_RecipientEncryptedKey) *reks; 656 STACK_OF(CMS_RecipientEncryptedKey) *reks;
629 CMS_RecipientEncryptedKey *rek; 657 CMS_RecipientEncryptedKey *rek;
658
630 reks = CMS_RecipientInfo_kari_get0_reks(ri); 659 reks = CMS_RecipientInfo_kari_get0_reks(ri);
631 for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { 660 for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
632 int rv; 661 int rv;
662
633 rek = sk_CMS_RecipientEncryptedKey_value(reks, i); 663 rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
634 if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) 664 if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
635 continue; 665 continue;
@@ -640,22 +670,25 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
640 return 1; 670 return 1;
641 return cert == NULL ? 0 : -1; 671 return cert == NULL ? 0 : -1;
642 } 672 }
673
643 return 0; 674 return 0;
644} 675}
645 676
646int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 677int
678CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
647{ 679{
648 STACK_OF(CMS_RecipientInfo) *ris; 680 STACK_OF(CMS_RecipientInfo) *ris;
649 CMS_RecipientInfo *ri; 681 CMS_RecipientInfo *ri;
650 int i, r, ri_type; 682 int i, r, ri_type;
651 int debug = 0, match_ri = 0; 683 int debug = 0, match_ri = 0;
684
652 ris = CMS_get0_RecipientInfos(cms); 685 ris = CMS_get0_RecipientInfos(cms);
653 if (ris) 686 if (ris)
654 debug = cms->d.envelopedData->encryptedContentInfo->debug; 687 debug = cms->d.envelopedData->encryptedContentInfo->debug;
655 ri_type = cms_pkey_get_ri_type(pk); 688 ri_type = cms_pkey_get_ri_type(pk);
656 if (ri_type == CMS_RECIPINFO_NONE) { 689 if (ri_type == CMS_RECIPINFO_NONE) {
657 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, 690 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
658 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 691 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
659 return 0; 692 return 0;
660 } 693 }
661 694
@@ -667,9 +700,9 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
667 if (ri_type == CMS_RECIPINFO_AGREE) { 700 if (ri_type == CMS_RECIPINFO_AGREE) {
668 r = cms_kari_set1_pkey(cms, ri, pk, cert); 701 r = cms_kari_set1_pkey(cms, ri, pk, cert);
669 if (r > 0) 702 if (r > 0)
670 return 1; 703 return 1;
671 if (r < 0) 704 if (r < 0)
672 return 0; 705 return 0;
673 } 706 }
674 /* 707 /*
675 * If we have a cert try matching RecipientInfo otherwise try them 708 * If we have a cert try matching RecipientInfo otherwise try them
@@ -681,18 +714,18 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
681 r = CMS_RecipientInfo_decrypt(cms, ri); 714 r = CMS_RecipientInfo_decrypt(cms, ri);
682 CMS_RecipientInfo_set0_pkey(ri, NULL); 715 CMS_RecipientInfo_set0_pkey(ri, NULL);
683 if (cert) { 716 if (cert) {
684 /* 717 /*
685 * If not debugging clear any error and return success to 718 * If not debugging clear any error and return success to
686 * avoid leaking of information useful to MMA 719 * avoid leaking of information useful to MMA
687 */ 720 */
688 if (!debug) { 721 if (!debug) {
689 ERR_clear_error(); 722 ERR_clear_error();
690 return 1; 723 return 1;
691 } 724 }
692 if (r > 0) 725 if (r > 0)
693 return 1; 726 return 1;
694 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR); 727 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
695 return 0; 728 return 0;
696 } 729 }
697 /* 730 /*
698 * If no cert and not debugging don't leave loop after first 731 * If no cert and not debugging don't leave loop after first
@@ -700,7 +733,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
700 * to avoid leaking timing of a successful decrypt. 733 * to avoid leaking timing of a successful decrypt.
701 */ 734 */
702 else if (r > 0 && debug) 735 else if (r > 0 && debug)
703 return 1; 736 return 1;
704 } 737 }
705 } 738 }
706 /* If no cert, key transport and not debugging always return success */ 739 /* If no cert, key transport and not debugging always return success */
@@ -710,17 +743,18 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
710 } 743 }
711 744
712 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); 745 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
713 return 0;
714 746
747 return 0;
715} 748}
716 749
717int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 750int
718 unsigned char *key, size_t keylen, 751CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen,
719 const unsigned char *id, size_t idlen) 752 const unsigned char *id, size_t idlen)
720{ 753{
721 STACK_OF(CMS_RecipientInfo) *ris; 754 STACK_OF(CMS_RecipientInfo) *ris;
722 CMS_RecipientInfo *ri; 755 CMS_RecipientInfo *ri;
723 int i, r; 756 int i, r;
757
724 ris = CMS_get0_RecipientInfos(cms); 758 ris = CMS_get0_RecipientInfos(cms);
725 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { 759 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
726 ri = sk_CMS_RecipientInfo_value(ris, i); 760 ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -736,26 +770,28 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
736 r = CMS_RecipientInfo_decrypt(cms, ri); 770 r = CMS_RecipientInfo_decrypt(cms, ri);
737 CMS_RecipientInfo_set0_key(ri, NULL, 0); 771 CMS_RecipientInfo_set0_key(ri, NULL, 0);
738 if (r > 0) 772 if (r > 0)
739 return 1; 773 return 1;
740 if (id) { 774 if (id) {
741 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR); 775 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
742 return 0; 776 return 0;
743 } 777 }
744 ERR_clear_error(); 778 ERR_clear_error();
745 } 779 }
746 } 780 }
747 781
748 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); 782 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
749 return 0;
750 783
784 return 0;
751} 785}
752 786
753int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 787int
754 unsigned char *pass, ossl_ssize_t passlen) 788CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
789 ossl_ssize_t passlen)
755{ 790{
756 STACK_OF(CMS_RecipientInfo) *ris; 791 STACK_OF(CMS_RecipientInfo) *ris;
757 CMS_RecipientInfo *ri; 792 CMS_RecipientInfo *ri;
758 int i, r; 793 int i, r;
794
759 ris = CMS_get0_RecipientInfos(cms); 795 ris = CMS_get0_RecipientInfos(cms);
760 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { 796 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
761 ri = sk_CMS_RecipientInfo_value(ris, i); 797 ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -769,15 +805,17 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
769 } 805 }
770 806
771 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT); 807 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
772 return 0;
773 808
809 return 0;
774} 810}
775 811
776int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, 812int
777 BIO *dcont, BIO *out, unsigned int flags) 813CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
814 BIO *out, unsigned int flags)
778{ 815{
779 int r; 816 int r;
780 BIO *cont; 817 BIO *cont;
818
781 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) { 819 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
782 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); 820 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
783 return 0; 821 return 0;
@@ -797,10 +835,12 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
797 return 0; 835 return 0;
798 r = cms_copy_content(out, cont, flags); 836 r = cms_copy_content(out, cont, flags);
799 do_free_upto(cont, dcont); 837 do_free_upto(cont, dcont);
838
800 return r; 839 return r;
801} 840}
802 841
803int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) 842int
843CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
804{ 844{
805 BIO *cmsbio; 845 BIO *cmsbio;
806 int ret = 0; 846 int ret = 0;
@@ -825,16 +865,16 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
825 do_free_upto(cmsbio, dcont); 865 do_free_upto(cmsbio, dcont);
826 866
827 return ret; 867 return ret;
828
829} 868}
830 869
831#ifdef ZLIB 870#ifdef ZLIB
832 871
833int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 872int
834 unsigned int flags) 873CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
835{ 874{
836 BIO *cont; 875 BIO *cont;
837 int r; 876 int r;
877
838 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) { 878 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
839 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA); 879 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
840 return 0; 880 return 0;
@@ -848,12 +888,15 @@ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
848 return 0; 888 return 0;
849 r = cms_copy_content(out, cont, flags); 889 r = cms_copy_content(out, cont, flags);
850 do_free_upto(cont, dcont); 890 do_free_upto(cont, dcont);
891
851 return r; 892 return r;
852} 893}
853 894
854CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 895CMS_ContentInfo *
896CMS_compress(BIO *in, int comp_nid, unsigned int flags)
855{ 897{
856 CMS_ContentInfo *cms; 898 CMS_ContentInfo *cms;
899
857 if (comp_nid <= 0) 900 if (comp_nid <= 0)
858 comp_nid = NID_zlib_compression; 901 comp_nid = NID_zlib_compression;
859 cms = cms_CompressedData_create(comp_nid); 902 cms = cms_CompressedData_create(comp_nid);
@@ -867,19 +910,21 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
867 return cms; 910 return cms;
868 911
869 CMS_ContentInfo_free(cms); 912 CMS_ContentInfo_free(cms);
913
870 return NULL; 914 return NULL;
871} 915}
872 916
873#else 917#else
874 918
875int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 919int
876 unsigned int flags) 920CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
877{ 921{
878 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 922 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
879 return 0; 923 return 0;
880} 924}
881 925
882CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 926CMS_ContentInfo *
927CMS_compress(BIO *in, int comp_nid, unsigned int flags)
883{ 928{
884 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 929 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
885 return NULL; 930 return NULL;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 20:54:17 +0000