summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/cms')
-rw-r--r--src/lib/libcrypto/cms/Makefile284
-rw-r--r--src/lib/libcrypto/cms/cms.h501
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c389
-rw-r--r--src/lib/libcrypto/cms/cms_att.c195
-rw-r--r--src/lib/libcrypto/cms/cms_cd.c134
-rw-r--r--src/lib/libcrypto/cms/cms_dd.c148
-rw-r--r--src/lib/libcrypto/cms/cms_enc.c294
-rw-r--r--src/lib/libcrypto/cms/cms_env.c876
-rw-r--r--src/lib/libcrypto/cms/cms_err.c245
-rw-r--r--src/lib/libcrypto/cms/cms_ess.c420
-rw-r--r--src/lib/libcrypto/cms/cms_io.c133
-rw-r--r--src/lib/libcrypto/cms/cms_lcl.h473
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c626
-rw-r--r--src/lib/libcrypto/cms/cms_pwri.c454
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c985
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c797
16 files changed, 6954 insertions, 0 deletions
diff --git a/src/lib/libcrypto/cms/Makefile b/src/lib/libcrypto/cms/Makefile
new file mode 100644
index 0000000000..9820adb212
--- /dev/null
+++ b/src/lib/libcrypto/cms/Makefile
@@ -0,0 +1,284 @@
1#
2# OpenSSL/crypto/cms/Makefile
3#
4
5DIR= cms
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10MAKEFILE= Makefile
11AR= ar r
12
13CFLAGS= $(INCLUDES) $(CFLAG)
14
15GENERAL=Makefile
16TEST=
17APPS=
18
19LIB=$(TOP)/libcrypto.a
20LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
21 cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
22 cms_pwri.c
23LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
24 cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
25 cms_pwri.o
26
27SRC= $(LIBSRC)
28
29EXHEADER= cms.h
30HEADER= cms_lcl.h $(EXHEADER)
31
32ALL= $(GENERAL) $(SRC) $(HEADER)
33
34top:
35 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
36
37test:
38
39all: lib
40
41lib: $(LIBOBJ)
42 $(AR) $(LIB) $(LIBOBJ)
43 $(RANLIB) $(LIB) || echo Never mind.
44 @touch lib
45
46files:
47 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
48
49links:
50 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
51 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
52 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
53
54install:
55 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
56 @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
57 do \
58 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
59 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
60 done;
61
62tags:
63 ctags $(SRC)
64
65tests:
66
67lint:
68 lint -DLINT $(INCLUDES) $(SRC)>fluff
69
70depend:
71 @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
72 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
73
74dclean:
75 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
76 mv -f Makefile.new $(MAKEFILE)
77
78clean:
79 rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
80
81# DO NOT DELETE THIS LINE -- make depend depends on it.
82
83cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
84cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
85cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
86cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
87cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
88cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
89cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
90cms_asn1.o: ../../include/openssl/opensslconf.h
91cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
92cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
93cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
94cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
95cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
96cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
97cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
98cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
99cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
100cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
101cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
102cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
103cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
104cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
105cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
106cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
107cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
108cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
109cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
110cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
111cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
112cms_att.o: cms.h cms_att.c cms_lcl.h
113cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h
114cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
115cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
116cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h
117cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
118cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
119cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
120cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
121cms_cd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
122cms_cd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
123cms_cd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
124cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
125cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
126cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
127cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
128cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h
129cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h
130cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
131cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
132cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
133cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
134cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
135cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
136cms_dd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
137cms_dd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
138cms_dd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
139cms_dd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
140cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
141cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
142cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
143cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
144cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h
145cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h
146cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
147cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
148cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
149cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
150cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
151cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
152cms_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
153cms_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
154cms_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
155cms_enc.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
156cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
157cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
158cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
159cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
160cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h
161cms_env.o: ../../e_os.h ../../include/openssl/aes.h
162cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
163cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
164cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
165cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
166cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
167cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
168cms_env.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
169cms_env.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
170cms_env.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
171cms_env.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
172cms_env.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
173cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
174cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
175cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
176cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
177cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h
178cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
179cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
180cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
181cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
182cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
183cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
184cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
185cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
186cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
187cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
188cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
189cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
190cms_err.o: cms_err.c
191cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h
192cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
193cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
194cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
195cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
196cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
197cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h
198cms_ess.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
199cms_ess.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
200cms_ess.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
201cms_ess.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
202cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
203cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
204cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
205cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
206cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h
207cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
208cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
209cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
210cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
211cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
212cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
213cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
214cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
215cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
216cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
217cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
218cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
219cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
220cms_io.o: cms_io.c cms_lcl.h
221cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
222cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
223cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
224cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
225cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
226cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
227cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
228cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
229cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
230cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
231cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
232cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
233cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
234cms_lib.o: cms_lcl.h cms_lib.c
235cms_pwri.o: ../../e_os.h ../../include/openssl/aes.h
236cms_pwri.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
237cms_pwri.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
238cms_pwri.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
239cms_pwri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
240cms_pwri.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
241cms_pwri.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
242cms_pwri.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
243cms_pwri.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
244cms_pwri.o: ../../include/openssl/opensslconf.h
245cms_pwri.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
246cms_pwri.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
247cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
248cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
249cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
250cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
251cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
252cms_pwri.o: cms_lcl.h cms_pwri.c
253cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
254cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
255cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
256cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
257cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
258cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
259cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
260cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
261cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
262cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
263cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
264cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
265cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
266cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
267cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
268cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c
269cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
270cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
271cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
272cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
273cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
274cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
275cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
276cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
277cms_smime.o: ../../include/openssl/objects.h
278cms_smime.o: ../../include/openssl/opensslconf.h
279cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
280cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
281cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
282cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
283cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
284cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
new file mode 100644
index 0000000000..36994fa6a2
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms.h
@@ -0,0 +1,501 @@
1/* crypto/cms/cms.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54
55#ifndef HEADER_CMS_H
56#define HEADER_CMS_H
57
58#include <openssl/x509.h>
59
60#ifdef OPENSSL_NO_CMS
61#error CMS is disabled.
62#endif
63
64#ifdef __cplusplus
65extern "C" {
66#endif
67
68
69typedef struct CMS_ContentInfo_st CMS_ContentInfo;
70typedef struct CMS_SignerInfo_st CMS_SignerInfo;
71typedef struct CMS_CertificateChoices CMS_CertificateChoices;
72typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
73typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
74typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
75typedef struct CMS_Receipt_st CMS_Receipt;
76
77DECLARE_STACK_OF(CMS_SignerInfo)
78DECLARE_STACK_OF(GENERAL_NAMES)
79DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
80DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
81DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
82
83#define CMS_SIGNERINFO_ISSUER_SERIAL 0
84#define CMS_SIGNERINFO_KEYIDENTIFIER 1
85
86#define CMS_RECIPINFO_TRANS 0
87#define CMS_RECIPINFO_AGREE 1
88#define CMS_RECIPINFO_KEK 2
89#define CMS_RECIPINFO_PASS 3
90#define CMS_RECIPINFO_OTHER 4
91
92/* S/MIME related flags */
93
94#define CMS_TEXT 0x1
95#define CMS_NOCERTS 0x2
96#define CMS_NO_CONTENT_VERIFY 0x4
97#define CMS_NO_ATTR_VERIFY 0x8
98#define CMS_NOSIGS \
99 (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
100#define CMS_NOINTERN 0x10
101#define CMS_NO_SIGNER_CERT_VERIFY 0x20
102#define CMS_NOVERIFY 0x20
103#define CMS_DETACHED 0x40
104#define CMS_BINARY 0x80
105#define CMS_NOATTR 0x100
106#define CMS_NOSMIMECAP 0x200
107#define CMS_NOOLDMIMETYPE 0x400
108#define CMS_CRLFEOL 0x800
109#define CMS_STREAM 0x1000
110#define CMS_NOCRL 0x2000
111#define CMS_PARTIAL 0x4000
112#define CMS_REUSE_DIGEST 0x8000
113#define CMS_USE_KEYID 0x10000
114#define CMS_DEBUG_DECRYPT 0x20000
115
116const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
117
118BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
119int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
120
121ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
122int CMS_is_detached(CMS_ContentInfo *cms);
123int CMS_set_detached(CMS_ContentInfo *cms, int detached);
124
125#ifdef HEADER_PEM_H
126DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
127#endif
128
129int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
130CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
131int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
132
133BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
134int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
135int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
136CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
137int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
138
139int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
140
141CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
142 BIO *data, unsigned int flags);
143
144CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
145 X509 *signcert, EVP_PKEY *pkey,
146 STACK_OF(X509) *certs,
147 unsigned int flags);
148
149int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
150CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
151
152int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
153 unsigned int flags);
154CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
155 unsigned int flags);
156
157int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
158 const unsigned char *key, size_t keylen,
159 BIO *dcont, BIO *out, unsigned int flags);
160
161CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
162 const unsigned char *key, size_t keylen,
163 unsigned int flags);
164
165int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
166 const unsigned char *key, size_t keylen);
167
168int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
169 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
170
171int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
172 STACK_OF(X509) *certs,
173 X509_STORE *store, unsigned int flags);
174
175STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
176
177CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
178 const EVP_CIPHER *cipher, unsigned int flags);
179
180int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
181 BIO *dcont, BIO *out,
182 unsigned int flags);
183
184int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
185int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
186 unsigned char *key, size_t keylen,
187 unsigned char *id, size_t idlen);
188int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
189 unsigned char *pass, ossl_ssize_t passlen);
190
191STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
192int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
193CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
194CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
195 X509 *recip, unsigned int flags);
196int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
197int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
198int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
199 EVP_PKEY **pk, X509 **recip,
200 X509_ALGOR **palg);
201int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
202 ASN1_OCTET_STRING **keyid,
203 X509_NAME **issuer, ASN1_INTEGER **sno);
204
205CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
206 unsigned char *key, size_t keylen,
207 unsigned char *id, size_t idlen,
208 ASN1_GENERALIZEDTIME *date,
209 ASN1_OBJECT *otherTypeId,
210 ASN1_TYPE *otherType);
211
212int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
213 X509_ALGOR **palg,
214 ASN1_OCTET_STRING **pid,
215 ASN1_GENERALIZEDTIME **pdate,
216 ASN1_OBJECT **potherid,
217 ASN1_TYPE **pothertype);
218
219int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
220 unsigned char *key, size_t keylen);
221
222int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
223 const unsigned char *id, size_t idlen);
224
225int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
226 unsigned char *pass,
227 ossl_ssize_t passlen);
228
229CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
230 int iter, int wrap_nid, int pbe_nid,
231 unsigned char *pass,
232 ossl_ssize_t passlen,
233 const EVP_CIPHER *kekciph);
234
235int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
236
237int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
238 unsigned int flags);
239CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
240
241int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
242const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
243
244CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
245int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
246int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
247STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
248
249CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
250int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
251int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
252STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
253
254int CMS_SignedData_init(CMS_ContentInfo *cms);
255CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
256 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
257 unsigned int flags);
258STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
259
260void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
261int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
262 ASN1_OCTET_STRING **keyid,
263 X509_NAME **issuer, ASN1_INTEGER **sno);
264int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
265int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
266 unsigned int flags);
267void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
268 X509_ALGOR **pdig, X509_ALGOR **psig);
269int CMS_SignerInfo_sign(CMS_SignerInfo *si);
270int CMS_SignerInfo_verify(CMS_SignerInfo *si);
271int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
272
273int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
274int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
275 int algnid, int keysize);
276int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
277
278int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
279int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
280 int lastpos);
281int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
282 int lastpos);
283X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
284X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
285int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
286int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
287 const ASN1_OBJECT *obj, int type,
288 const void *bytes, int len);
289int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
290 int nid, int type,
291 const void *bytes, int len);
292int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
293 const char *attrname, int type,
294 const void *bytes, int len);
295void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
296 int lastpos, int type);
297
298int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
299int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
300 int lastpos);
301int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
302 int lastpos);
303X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
304X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
305int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
306int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
307 const ASN1_OBJECT *obj, int type,
308 const void *bytes, int len);
309int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
310 int nid, int type,
311 const void *bytes, int len);
312int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
313 const char *attrname, int type,
314 const void *bytes, int len);
315void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
316 int lastpos, int type);
317
318#ifdef HEADER_X509V3_H
319
320int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
321CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
322 int allorfirst,
323 STACK_OF(GENERAL_NAMES) *receiptList,
324 STACK_OF(GENERAL_NAMES) *receiptsTo);
325int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
326void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
327 ASN1_STRING **pcid,
328 int *pallorfirst,
329 STACK_OF(GENERAL_NAMES) **plist,
330 STACK_OF(GENERAL_NAMES) **prto);
331
332#endif
333
334/* BEGIN ERROR CODES */
335/* The following lines are auto generated by the script mkerr.pl. Any changes
336 * made after this point may be overwritten when the script is next run.
337 */
338void ERR_load_CMS_strings(void);
339
340/* Error codes for the CMS functions. */
341
342/* Function codes. */
343#define CMS_F_CHECK_CONTENT 99
344#define CMS_F_CMS_ADD0_CERT 164
345#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
346#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
347#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
348#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
349#define CMS_F_CMS_ADD1_SIGNER 102
350#define CMS_F_CMS_ADD1_SIGNINGTIME 103
351#define CMS_F_CMS_COMPRESS 104
352#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
353#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
354#define CMS_F_CMS_COPY_CONTENT 107
355#define CMS_F_CMS_COPY_MESSAGEDIGEST 108
356#define CMS_F_CMS_DATA 109
357#define CMS_F_CMS_DATAFINAL 110
358#define CMS_F_CMS_DATAINIT 111
359#define CMS_F_CMS_DECRYPT 112
360#define CMS_F_CMS_DECRYPT_SET1_KEY 113
361#define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
362#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
363#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
364#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
365#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
366#define CMS_F_CMS_DIGEST_VERIFY 118
367#define CMS_F_CMS_ENCODE_RECEIPT 161
368#define CMS_F_CMS_ENCRYPT 119
369#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
370#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
371#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
372#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
373#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
374#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
375#define CMS_F_CMS_ENVELOPED_DATA_INIT 126
376#define CMS_F_CMS_FINAL 127
377#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
378#define CMS_F_CMS_GET0_CONTENT 129
379#define CMS_F_CMS_GET0_ECONTENT_TYPE 130
380#define CMS_F_CMS_GET0_ENVELOPED 131
381#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
382#define CMS_F_CMS_GET0_SIGNED 133
383#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
384#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
385#define CMS_F_CMS_RECEIPT_VERIFY 160
386#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
387#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
388#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
389#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
390#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
391#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
392#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
393#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
394#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
395#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
396#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
397#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
398#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
399#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
400#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
401#define CMS_F_CMS_SET_DETACHED 147
402#define CMS_F_CMS_SIGN 148
403#define CMS_F_CMS_SIGNED_DATA_INIT 149
404#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
405#define CMS_F_CMS_SIGNERINFO_SIGN 151
406#define CMS_F_CMS_SIGNERINFO_VERIFY 152
407#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
408#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
409#define CMS_F_CMS_SIGN_RECEIPT 163
410#define CMS_F_CMS_STREAM 155
411#define CMS_F_CMS_UNCOMPRESS 156
412#define CMS_F_CMS_VERIFY 157
413
414/* Reason codes. */
415#define CMS_R_ADD_SIGNER_ERROR 99
416#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
417#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
418#define CMS_R_CERTIFICATE_VERIFY_ERROR 100
419#define CMS_R_CIPHER_INITIALISATION_ERROR 101
420#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
421#define CMS_R_CMS_DATAFINAL_ERROR 103
422#define CMS_R_CMS_LIB 104
423#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
424#define CMS_R_CONTENT_NOT_FOUND 105
425#define CMS_R_CONTENT_TYPE_MISMATCH 171
426#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
427#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
428#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
429#define CMS_R_CONTENT_VERIFY_ERROR 109
430#define CMS_R_CTRL_ERROR 110
431#define CMS_R_CTRL_FAILURE 111
432#define CMS_R_DECRYPT_ERROR 112
433#define CMS_R_DIGEST_ERROR 161
434#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
435#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
436#define CMS_R_ERROR_SETTING_KEY 115
437#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
438#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
439#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
440#define CMS_R_INVALID_KEY_LENGTH 118
441#define CMS_R_MD_BIO_INIT_ERROR 119
442#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
443#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
444#define CMS_R_MSGSIGDIGEST_ERROR 172
445#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
446#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
447#define CMS_R_NEED_ONE_SIGNER 164
448#define CMS_R_NOT_A_SIGNED_RECEIPT 165
449#define CMS_R_NOT_ENCRYPTED_DATA 122
450#define CMS_R_NOT_KEK 123
451#define CMS_R_NOT_KEY_TRANSPORT 124
452#define CMS_R_NOT_PWRI 177
453#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
454#define CMS_R_NO_CIPHER 126
455#define CMS_R_NO_CONTENT 127
456#define CMS_R_NO_CONTENT_TYPE 173
457#define CMS_R_NO_DEFAULT_DIGEST 128
458#define CMS_R_NO_DIGEST_SET 129
459#define CMS_R_NO_KEY 130
460#define CMS_R_NO_KEY_OR_CERT 174
461#define CMS_R_NO_MATCHING_DIGEST 131
462#define CMS_R_NO_MATCHING_RECIPIENT 132
463#define CMS_R_NO_MATCHING_SIGNATURE 166
464#define CMS_R_NO_MSGSIGDIGEST 167
465#define CMS_R_NO_PASSWORD 178
466#define CMS_R_NO_PRIVATE_KEY 133
467#define CMS_R_NO_PUBLIC_KEY 134
468#define CMS_R_NO_RECEIPT_REQUEST 168
469#define CMS_R_NO_SIGNERS 135
470#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
471#define CMS_R_RECEIPT_DECODE_ERROR 169
472#define CMS_R_RECIPIENT_ERROR 137
473#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
474#define CMS_R_SIGNFINAL_ERROR 139
475#define CMS_R_SMIME_TEXT_ERROR 140
476#define CMS_R_STORE_INIT_ERROR 141
477#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
478#define CMS_R_TYPE_NOT_DATA 143
479#define CMS_R_TYPE_NOT_DIGESTED_DATA 144
480#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
481#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
482#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
483#define CMS_R_UNKNOWN_CIPHER 148
484#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
485#define CMS_R_UNKNOWN_ID 150
486#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
487#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
488#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
489#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
490#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
491#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
492#define CMS_R_UNSUPPORTED_TYPE 156
493#define CMS_R_UNWRAP_ERROR 157
494#define CMS_R_UNWRAP_FAILURE 180
495#define CMS_R_VERIFICATION_FAILURE 158
496#define CMS_R_WRAP_ERROR 159
497
498#ifdef __cplusplus
499}
500#endif
501#endif
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
new file mode 100644
index 0000000000..cfe67fb6c1
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -0,0 +1,389 @@
1/* crypto/cms/cms_asn1.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/pem.h>
56#include <openssl/x509v3.h>
57#include "cms.h"
58#include "cms_lcl.h"
59
60
61ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
62 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
63 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
64} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
65
66ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
67 ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
68 ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
69} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
70
71ASN1_CHOICE(CMS_CertificateChoices) = {
72 ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
73 ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
74 ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
75 ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
76 ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
77} ASN1_CHOICE_END(CMS_CertificateChoices)
78
79ASN1_CHOICE(CMS_SignerIdentifier) = {
80 ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
81 ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
82} ASN1_CHOICE_END(CMS_SignerIdentifier)
83
84ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
85 ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
86 ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
87} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
88
89/* Minor tweak to operation: free up signer key, cert */
90static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
91 void *exarg)
92 {
93 if(operation == ASN1_OP_FREE_POST)
94 {
95 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
96 if (si->pkey)
97 EVP_PKEY_free(si->pkey);
98 if (si->signer)
99 X509_free(si->signer);
100 }
101 return 1;
102 }
103
104ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
105 ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
106 ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
107 ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
108 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
109 ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
110 ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
111 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
112} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
113
114ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
115 ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
116 ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
117} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
118
119ASN1_CHOICE(CMS_RevocationInfoChoice) = {
120 ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
121 ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
122} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
123
124ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
125 ASN1_SIMPLE(CMS_SignedData, version, LONG),
126 ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
127 ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
128 ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
129 ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
130 ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
131} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
132
133ASN1_SEQUENCE(CMS_OriginatorInfo) = {
134 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
135 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
136} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
137
138ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
139 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
140 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
141 ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
142} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
143
144ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
145 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
146 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
147 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
148 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
149} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
150
151ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
152 ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
153 ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
154} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
155
156ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
157 ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
158 ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
159 ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
160} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
161
162ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
163 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
164 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
165} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
166
167ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
168 ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
169 ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
170} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
171
172ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
173 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
174 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
175} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
176
177ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
178 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
179 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
180 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
181} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
182
183ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
184 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
185 ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
186 ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
187 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
188 ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
189} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
190
191ASN1_SEQUENCE(CMS_KEKIdentifier) = {
192 ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
193 ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
194 ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
195} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
196
197ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
198 ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
199 ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
200 ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
201 ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
202} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
203
204ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
205 ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
206 ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
207 ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
208 ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
209} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
210
211ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
212 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
213 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
214} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
215
216/* Free up RecipientInfo additional data */
217static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
218 void *exarg)
219 {
220 if(operation == ASN1_OP_FREE_PRE)
221 {
222 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
223 if (ri->type == CMS_RECIPINFO_TRANS)
224 {
225 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
226 if (ktri->pkey)
227 EVP_PKEY_free(ktri->pkey);
228 if (ktri->recip)
229 X509_free(ktri->recip);
230 }
231 else if (ri->type == CMS_RECIPINFO_KEK)
232 {
233 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
234 if (kekri->key)
235 {
236 OPENSSL_cleanse(kekri->key, kekri->keylen);
237 OPENSSL_free(kekri->key);
238 }
239 }
240 else if (ri->type == CMS_RECIPINFO_PASS)
241 {
242 CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
243 if (pwri->pass)
244 {
245 OPENSSL_cleanse(pwri->pass, pwri->passlen);
246 OPENSSL_free(pwri->pass);
247 }
248 }
249 }
250 return 1;
251 }
252
253ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
254 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
255 ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
256 ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
257 ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
258 ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
259} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
260
261ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
262 ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
263 ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
264 ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
265 ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
266 ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
267} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
268
269ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
270 ASN1_SIMPLE(CMS_DigestedData, version, LONG),
271 ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
272 ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
273 ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
274} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
275
276ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
277 ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
278 ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
279 ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
280} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
281
282ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
283 ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
284 ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
285 ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
286 ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
287 ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
288 ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
289 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
290 ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
291 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
292} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
293
294ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
295 ASN1_SIMPLE(CMS_CompressedData, version, LONG),
296 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
297 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
298} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
299
300/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
301
302ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
303
304ASN1_ADB(CMS_ContentInfo) = {
305 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
306 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
307 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
308 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
309 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
310 ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
311 ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
312} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
313
314/* CMS streaming support */
315static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
316 void *exarg)
317 {
318 ASN1_STREAM_ARG *sarg = exarg;
319 CMS_ContentInfo *cms = NULL;
320 if (pval)
321 cms = (CMS_ContentInfo *)*pval;
322 else
323 return 1;
324 switch(operation)
325 {
326
327 case ASN1_OP_STREAM_PRE:
328 if (CMS_stream(&sarg->boundary, cms) <= 0)
329 return 0;
330 case ASN1_OP_DETACHED_PRE:
331 sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
332 if (!sarg->ndef_bio)
333 return 0;
334 break;
335
336 case ASN1_OP_STREAM_POST:
337 case ASN1_OP_DETACHED_POST:
338 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
339 return 0;
340 break;
341
342 }
343 return 1;
344 }
345
346ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
347 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
348 ASN1_ADB_OBJECT(CMS_ContentInfo)
349} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
350
351/* Specials for signed attributes */
352
353/* When signing attributes we want to reorder them to match the sorted
354 * encoding.
355 */
356
357ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
358 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
359ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
360
361/* When verifying attributes we need to use the received order. So
362 * we use SEQUENCE OF and tag it to SET OF
363 */
364
365ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
366 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
367 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
368ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
369
370
371
372ASN1_CHOICE(CMS_ReceiptsFrom) = {
373 ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
374 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
375} ASN1_CHOICE_END(CMS_ReceiptsFrom)
376
377ASN1_SEQUENCE(CMS_ReceiptRequest) = {
378 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
379 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
380 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
381} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
382
383ASN1_SEQUENCE(CMS_Receipt) = {
384 ASN1_SIMPLE(CMS_Receipt, version, LONG),
385 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
386 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
387 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
388} ASN1_SEQUENCE_END(CMS_Receipt)
389
diff --git a/src/lib/libcrypto/cms/cms_att.c b/src/lib/libcrypto/cms/cms_att.c
new file mode 100644
index 0000000000..5b71722ebc
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_att.c
@@ -0,0 +1,195 @@
1/* crypto/cms/cms_att.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/pem.h>
56#include <openssl/x509v3.h>
57#include <openssl/err.h>
58#include "cms.h"
59#include "cms_lcl.h"
60
61/* CMS SignedData Attribute utilities */
62
63int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
64{
65 return X509at_get_attr_count(si->signedAttrs);
66}
67
68int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
69 int lastpos)
70{
71 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
72}
73
74int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
75 int lastpos)
76{
77 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
78}
79
80X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
81{
82 return X509at_get_attr(si->signedAttrs, loc);
83}
84
85X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
86{
87 return X509at_delete_attr(si->signedAttrs, loc);
88}
89
90int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
91{
92 if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
93 return 0;
94}
95
96int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
97 const ASN1_OBJECT *obj, int type,
98 const void *bytes, int len)
99{
100 if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
101 type, bytes, len)) return 1;
102 return 0;
103}
104
105int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
106 int nid, int type,
107 const void *bytes, int len)
108{
109 if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
110 type, bytes, len)) return 1;
111 return 0;
112}
113
114int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
115 const char *attrname, int type,
116 const void *bytes, int len)
117{
118 if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
119 type, bytes, len)) return 1;
120 return 0;
121}
122
123void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
124 int lastpos, int type)
125{
126 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
127}
128
129int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
130{
131 return X509at_get_attr_count(si->unsignedAttrs);
132}
133
134int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
135 int lastpos)
136{
137 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
138}
139
140int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
141 int lastpos)
142{
143 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
144}
145
146X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
147{
148 return X509at_get_attr(si->unsignedAttrs, loc);
149}
150
151X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
152{
153 return X509at_delete_attr(si->unsignedAttrs, loc);
154}
155
156int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
157{
158 if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
159 return 0;
160}
161
162int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
163 const ASN1_OBJECT *obj, int type,
164 const void *bytes, int len)
165{
166 if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
167 type, bytes, len)) return 1;
168 return 0;
169}
170
171int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
172 int nid, int type,
173 const void *bytes, int len)
174{
175 if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
176 type, bytes, len)) return 1;
177 return 0;
178}
179
180int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
181 const char *attrname, int type,
182 const void *bytes, int len)
183{
184 if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
185 type, bytes, len)) return 1;
186 return 0;
187}
188
189void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
190 int lastpos, int type)
191{
192 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
193}
194
195/* Specific attribute cases */
diff --git a/src/lib/libcrypto/cms/cms_cd.c b/src/lib/libcrypto/cms/cms_cd.c
new file mode 100644
index 0000000000..a5fc2c4e2b
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_cd.c
@@ -0,0 +1,134 @@
1/* crypto/cms/cms_cd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/bio.h>
61#include <openssl/comp.h>
62#include "cms_lcl.h"
63
64DECLARE_ASN1_ITEM(CMS_CompressedData)
65
66#ifdef ZLIB
67
68/* CMS CompressedData Utilities */
69
70CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
71 {
72 CMS_ContentInfo *cms;
73 CMS_CompressedData *cd;
74 /* Will need something cleverer if there is ever more than one
75 * compression algorithm or parameters have some meaning...
76 */
77 if (comp_nid != NID_zlib_compression)
78 {
79 CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
80 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
81 return NULL;
82 }
83 cms = CMS_ContentInfo_new();
84 if (!cms)
85 return NULL;
86
87 cd = M_ASN1_new_of(CMS_CompressedData);
88
89 if (!cd)
90 goto err;
91
92 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
93 cms->d.compressedData = cd;
94
95 cd->version = 0;
96
97 X509_ALGOR_set0(cd->compressionAlgorithm,
98 OBJ_nid2obj(NID_zlib_compression),
99 V_ASN1_UNDEF, NULL);
100
101 cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
102
103 return cms;
104
105 err:
106
107 if (cms)
108 CMS_ContentInfo_free(cms);
109
110 return NULL;
111 }
112
113BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
114 {
115 CMS_CompressedData *cd;
116 ASN1_OBJECT *compoid;
117 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
118 {
119 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
120 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
121 return NULL;
122 }
123 cd = cms->d.compressedData;
124 X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
125 if (OBJ_obj2nid(compoid) != NID_zlib_compression)
126 {
127 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
128 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
129 return NULL;
130 }
131 return BIO_new(BIO_f_zlib());
132 }
133
134#endif
diff --git a/src/lib/libcrypto/cms/cms_dd.c b/src/lib/libcrypto/cms/cms_dd.c
new file mode 100644
index 0000000000..8919c15be1
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_dd.c
@@ -0,0 +1,148 @@
1/* crypto/cms/cms_dd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61
62DECLARE_ASN1_ITEM(CMS_DigestedData)
63
64/* CMS DigestedData Utilities */
65
66CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
67 {
68 CMS_ContentInfo *cms;
69 CMS_DigestedData *dd;
70 cms = CMS_ContentInfo_new();
71 if (!cms)
72 return NULL;
73
74 dd = M_ASN1_new_of(CMS_DigestedData);
75
76 if (!dd)
77 goto err;
78
79 cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
80 cms->d.digestedData = dd;
81
82 dd->version = 0;
83 dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
84
85 cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
86
87 return cms;
88
89 err:
90
91 if (cms)
92 CMS_ContentInfo_free(cms);
93
94 return NULL;
95 }
96
97BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
98 {
99 CMS_DigestedData *dd;
100 dd = cms->d.digestedData;
101 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
102 }
103
104int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
105 {
106 EVP_MD_CTX mctx;
107 unsigned char md[EVP_MAX_MD_SIZE];
108 unsigned int mdlen;
109 int r = 0;
110 CMS_DigestedData *dd;
111 EVP_MD_CTX_init(&mctx);
112
113 dd = cms->d.digestedData;
114
115 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
116 goto err;
117
118 if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
119 goto err;
120
121 if (verify)
122 {
123 if (mdlen != (unsigned int)dd->digest->length)
124 {
125 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
126 CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
127 goto err;
128 }
129
130 if (memcmp(md, dd->digest->data, mdlen))
131 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
132 CMS_R_VERIFICATION_FAILURE);
133 else
134 r = 1;
135 }
136 else
137 {
138 if (!ASN1_STRING_set(dd->digest, md, mdlen))
139 goto err;
140 r = 1;
141 }
142
143 err:
144 EVP_MD_CTX_cleanup(&mctx);
145
146 return r;
147
148 }
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
new file mode 100644
index 0000000000..f873ce3794
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -0,0 +1,294 @@
1/* crypto/cms/cms_enc.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/rand.h>
61#include "cms_lcl.h"
62
63/* CMS EncryptedData Utilities */
64
65DECLARE_ASN1_ITEM(CMS_EncryptedData)
66
67/* Return BIO based on EncryptedContentInfo and key */
68
69BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
70 {
71 BIO *b;
72 EVP_CIPHER_CTX *ctx;
73 const EVP_CIPHER *ciph;
74 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
75 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
76 unsigned char *tkey = NULL;
77 size_t tkeylen;
78
79 int ok = 0;
80
81 int enc, keep_key = 0;
82
83 enc = ec->cipher ? 1 : 0;
84
85 b = BIO_new(BIO_f_cipher());
86 if (!b)
87 {
88 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
89 ERR_R_MALLOC_FAILURE);
90 return NULL;
91 }
92
93 BIO_get_cipher_ctx(b, &ctx);
94
95 if (enc)
96 {
97 ciph = ec->cipher;
98 /* If not keeping key set cipher to NULL so subsequent calls
99 * decrypt.
100 */
101 if (ec->key)
102 ec->cipher = NULL;
103 }
104 else
105 {
106 ciph = EVP_get_cipherbyobj(calg->algorithm);
107
108 if (!ciph)
109 {
110 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
111 CMS_R_UNKNOWN_CIPHER);
112 goto err;
113 }
114 }
115
116 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
117 {
118 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
119 CMS_R_CIPHER_INITIALISATION_ERROR);
120 goto err;
121 }
122
123 if (enc)
124 {
125 int ivlen;
126 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
127 /* Generate a random IV if we need one */
128 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
129 if (ivlen > 0)
130 {
131 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
132 goto err;
133 piv = iv;
134 }
135 }
136 else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
137 {
138 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
139 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
140 goto err;
141 }
142 tkeylen = EVP_CIPHER_CTX_key_length(ctx);
143 /* Generate random session key */
144 if (!enc || !ec->key)
145 {
146 tkey = OPENSSL_malloc(tkeylen);
147 if (!tkey)
148 {
149 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
150 ERR_R_MALLOC_FAILURE);
151 goto err;
152 }
153 if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
154 goto err;
155 }
156
157 if (!ec->key)
158 {
159 ec->key = tkey;
160 ec->keylen = tkeylen;
161 tkey = NULL;
162 if (enc)
163 keep_key = 1;
164 else
165 ERR_clear_error();
166
167 }
168
169 if (ec->keylen != tkeylen)
170 {
171 /* If necessary set key length */
172 if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
173 {
174 /* Only reveal failure if debugging so we don't
175 * leak information which may be useful in MMA.
176 */
177 if (enc || ec->debug)
178 {
179 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
180 CMS_R_INVALID_KEY_LENGTH);
181 goto err;
182 }
183 else
184 {
185 /* Use random key */
186 OPENSSL_cleanse(ec->key, ec->keylen);
187 OPENSSL_free(ec->key);
188 ec->key = tkey;
189 ec->keylen = tkeylen;
190 tkey = NULL;
191 ERR_clear_error();
192 }
193 }
194 }
195
196 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
197 {
198 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
199 CMS_R_CIPHER_INITIALISATION_ERROR);
200 goto err;
201 }
202
203 if (piv)
204 {
205 calg->parameter = ASN1_TYPE_new();
206 if (!calg->parameter)
207 {
208 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
209 ERR_R_MALLOC_FAILURE);
210 goto err;
211 }
212 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
213 {
214 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
215 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
216 goto err;
217 }
218 }
219 ok = 1;
220
221 err:
222 if (ec->key && !keep_key)
223 {
224 OPENSSL_cleanse(ec->key, ec->keylen);
225 OPENSSL_free(ec->key);
226 ec->key = NULL;
227 }
228 if (tkey)
229 {
230 OPENSSL_cleanse(tkey, tkeylen);
231 OPENSSL_free(tkey);
232 }
233 if (ok)
234 return b;
235 BIO_free(b);
236 return NULL;
237 }
238
239int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
240 const EVP_CIPHER *cipher,
241 const unsigned char *key, size_t keylen)
242 {
243 ec->cipher = cipher;
244 if (key)
245 {
246 ec->key = OPENSSL_malloc(keylen);
247 if (!ec->key)
248 return 0;
249 memcpy(ec->key, key, keylen);
250 }
251 ec->keylen = keylen;
252 if (cipher)
253 ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
254 return 1;
255 }
256
257int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
258 const unsigned char *key, size_t keylen)
259 {
260 CMS_EncryptedContentInfo *ec;
261 if (!key || !keylen)
262 {
263 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
264 return 0;
265 }
266 if (ciph)
267 {
268 cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
269 if (!cms->d.encryptedData)
270 {
271 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
272 ERR_R_MALLOC_FAILURE);
273 return 0;
274 }
275 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
276 cms->d.encryptedData->version = 0;
277 }
278 else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
279 {
280 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
281 CMS_R_NOT_ENCRYPTED_DATA);
282 return 0;
283 }
284 ec = cms->d.encryptedData->encryptedContentInfo;
285 return cms_EncryptedContent_init(ec, ciph, key, keylen);
286 }
287
288BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
289 {
290 CMS_EncryptedData *enc = cms->d.encryptedData;
291 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
292 enc->version = 2;
293 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
294 }
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
new file mode 100644
index 0000000000..be20b1c024
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -0,0 +1,876 @@
1/* crypto/cms/cms_env.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/rand.h>
61#include <openssl/aes.h>
62#include "cms_lcl.h"
63#include "asn1_locl.h"
64
65/* CMS EnvelopedData Utilities */
66
67DECLARE_ASN1_ITEM(CMS_EnvelopedData)
68DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
69DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
70DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
71
72DECLARE_STACK_OF(CMS_RecipientInfo)
73
74CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
75 {
76 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
77 {
78 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
79 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
80 return NULL;
81 }
82 return cms->d.envelopedData;
83 }
84
85static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
86 {
87 if (cms->d.other == NULL)
88 {
89 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
90 if (!cms->d.envelopedData)
91 {
92 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
93 ERR_R_MALLOC_FAILURE);
94 return NULL;
95 }
96 cms->d.envelopedData->version = 0;
97 cms->d.envelopedData->encryptedContentInfo->contentType =
98 OBJ_nid2obj(NID_pkcs7_data);
99 ASN1_OBJECT_free(cms->contentType);
100 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
101 return cms->d.envelopedData;
102 }
103 return cms_get0_enveloped(cms);
104 }
105
106STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
107 {
108 CMS_EnvelopedData *env;
109 env = cms_get0_enveloped(cms);
110 if (!env)
111 return NULL;
112 return env->recipientInfos;
113 }
114
115int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
116 {
117 return ri->type;
118 }
119
120CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
121 {
122 CMS_ContentInfo *cms;
123 CMS_EnvelopedData *env;
124 cms = CMS_ContentInfo_new();
125 if (!cms)
126 goto merr;
127 env = cms_enveloped_data_init(cms);
128 if (!env)
129 goto merr;
130 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
131 cipher, NULL, 0))
132 goto merr;
133 return cms;
134 merr:
135 if (cms)
136 CMS_ContentInfo_free(cms);
137 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140
141/* Key Transport Recipient Info (KTRI) routines */
142
143/* Add a recipient certificate. For now only handle key transport.
144 * If we ever handle key agreement will need updating.
145 */
146
147CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
148 X509 *recip, unsigned int flags)
149 {
150 CMS_RecipientInfo *ri = NULL;
151 CMS_KeyTransRecipientInfo *ktri;
152 CMS_EnvelopedData *env;
153 EVP_PKEY *pk = NULL;
154 int i, type;
155 env = cms_get0_enveloped(cms);
156 if (!env)
157 goto err;
158
159 /* Initialize recipient info */
160 ri = M_ASN1_new_of(CMS_RecipientInfo);
161 if (!ri)
162 goto merr;
163
164 /* Initialize and add key transport recipient info */
165
166 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
167 if (!ri->d.ktri)
168 goto merr;
169 ri->type = CMS_RECIPINFO_TRANS;
170
171 ktri = ri->d.ktri;
172
173 X509_check_purpose(recip, -1, -1);
174 pk = X509_get_pubkey(recip);
175 if (!pk)
176 {
177 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
178 CMS_R_ERROR_GETTING_PUBLIC_KEY);
179 goto err;
180 }
181 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
182 ktri->pkey = pk;
183 ktri->recip = recip;
184
185 if (flags & CMS_USE_KEYID)
186 {
187 ktri->version = 2;
188 type = CMS_RECIPINFO_KEYIDENTIFIER;
189 }
190 else
191 {
192 ktri->version = 0;
193 type = CMS_RECIPINFO_ISSUER_SERIAL;
194 }
195
196 /* Not a typo: RecipientIdentifier and SignerIdentifier are the
197 * same structure.
198 */
199
200 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
201 goto err;
202
203 if (pk->ameth && pk->ameth->pkey_ctrl)
204 {
205 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
206 0, ri);
207 if (i == -2)
208 {
209 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
210 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
211 goto err;
212 }
213 if (i <= 0)
214 {
215 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
216 CMS_R_CTRL_FAILURE);
217 goto err;
218 }
219 }
220
221 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
222 goto merr;
223
224 return ri;
225
226 merr:
227 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
228 err:
229 if (ri)
230 M_ASN1_free_of(ri, CMS_RecipientInfo);
231 return NULL;
232
233 }
234
235int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
236 EVP_PKEY **pk, X509 **recip,
237 X509_ALGOR **palg)
238 {
239 CMS_KeyTransRecipientInfo *ktri;
240 if (ri->type != CMS_RECIPINFO_TRANS)
241 {
242 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
243 CMS_R_NOT_KEY_TRANSPORT);
244 return 0;
245 }
246
247 ktri = ri->d.ktri;
248
249 if (pk)
250 *pk = ktri->pkey;
251 if (recip)
252 *recip = ktri->recip;
253 if (palg)
254 *palg = ktri->keyEncryptionAlgorithm;
255 return 1;
256 }
257
258int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
259 ASN1_OCTET_STRING **keyid,
260 X509_NAME **issuer, ASN1_INTEGER **sno)
261 {
262 CMS_KeyTransRecipientInfo *ktri;
263 if (ri->type != CMS_RECIPINFO_TRANS)
264 {
265 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
266 CMS_R_NOT_KEY_TRANSPORT);
267 return 0;
268 }
269 ktri = ri->d.ktri;
270
271 return cms_SignerIdentifier_get0_signer_id(ktri->rid,
272 keyid, issuer, sno);
273 }
274
275int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
276 {
277 if (ri->type != CMS_RECIPINFO_TRANS)
278 {
279 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
280 CMS_R_NOT_KEY_TRANSPORT);
281 return -2;
282 }
283 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
284 }
285
286int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
287 {
288 if (ri->type != CMS_RECIPINFO_TRANS)
289 {
290 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
291 CMS_R_NOT_KEY_TRANSPORT);
292 return 0;
293 }
294 ri->d.ktri->pkey = pkey;
295 return 1;
296 }
297
298/* Encrypt content key in key transport recipient info */
299
300static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
301 CMS_RecipientInfo *ri)
302 {
303 CMS_KeyTransRecipientInfo *ktri;
304 CMS_EncryptedContentInfo *ec;
305 EVP_PKEY_CTX *pctx = NULL;
306 unsigned char *ek = NULL;
307 size_t eklen;
308
309 int ret = 0;
310
311 if (ri->type != CMS_RECIPINFO_TRANS)
312 {
313 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
314 CMS_R_NOT_KEY_TRANSPORT);
315 return 0;
316 }
317 ktri = ri->d.ktri;
318 ec = cms->d.envelopedData->encryptedContentInfo;
319
320 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
321 if (!pctx)
322 return 0;
323
324 if (EVP_PKEY_encrypt_init(pctx) <= 0)
325 goto err;
326
327 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
328 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
329 {
330 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
331 goto err;
332 }
333
334 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
335 goto err;
336
337 ek = OPENSSL_malloc(eklen);
338
339 if (ek == NULL)
340 {
341 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
342 ERR_R_MALLOC_FAILURE);
343 goto err;
344 }
345
346 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
347 goto err;
348
349 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
350 ek = NULL;
351
352 ret = 1;
353
354 err:
355 if (pctx)
356 EVP_PKEY_CTX_free(pctx);
357 if (ek)
358 OPENSSL_free(ek);
359 return ret;
360
361 }
362
363/* Decrypt content key from KTRI */
364
365static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
366 CMS_RecipientInfo *ri)
367 {
368 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
369 EVP_PKEY_CTX *pctx = NULL;
370 unsigned char *ek = NULL;
371 size_t eklen;
372 int ret = 0;
373 CMS_EncryptedContentInfo *ec;
374 ec = cms->d.envelopedData->encryptedContentInfo;
375
376 if (ktri->pkey == NULL)
377 {
378 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
379 CMS_R_NO_PRIVATE_KEY);
380 return 0;
381 }
382
383 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
384 if (!pctx)
385 return 0;
386
387 if (EVP_PKEY_decrypt_init(pctx) <= 0)
388 goto err;
389
390 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
391 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
392 {
393 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
394 goto err;
395 }
396
397 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
398 ktri->encryptedKey->data,
399 ktri->encryptedKey->length) <= 0)
400 goto err;
401
402 ek = OPENSSL_malloc(eklen);
403
404 if (ek == NULL)
405 {
406 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
407 ERR_R_MALLOC_FAILURE);
408 goto err;
409 }
410
411 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
412 ktri->encryptedKey->data,
413 ktri->encryptedKey->length) <= 0)
414 {
415 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
416 goto err;
417 }
418
419 ret = 1;
420
421 if (ec->key)
422 {
423 OPENSSL_cleanse(ec->key, ec->keylen);
424 OPENSSL_free(ec->key);
425 }
426
427 ec->key = ek;
428 ec->keylen = eklen;
429
430 err:
431 if (pctx)
432 EVP_PKEY_CTX_free(pctx);
433 if (!ret && ek)
434 OPENSSL_free(ek);
435
436 return ret;
437 }
438
439/* Key Encrypted Key (KEK) RecipientInfo routines */
440
441int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
442 const unsigned char *id, size_t idlen)
443 {
444 ASN1_OCTET_STRING tmp_os;
445 CMS_KEKRecipientInfo *kekri;
446 if (ri->type != CMS_RECIPINFO_KEK)
447 {
448 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
449 return -2;
450 }
451 kekri = ri->d.kekri;
452 tmp_os.type = V_ASN1_OCTET_STRING;
453 tmp_os.flags = 0;
454 tmp_os.data = (unsigned char *)id;
455 tmp_os.length = (int)idlen;
456 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
457 }
458
459/* For now hard code AES key wrap info */
460
461static size_t aes_wrap_keylen(int nid)
462 {
463 switch (nid)
464 {
465 case NID_id_aes128_wrap:
466 return 16;
467
468 case NID_id_aes192_wrap:
469 return 24;
470
471 case NID_id_aes256_wrap:
472 return 32;
473
474 default:
475 return 0;
476 }
477 }
478
479CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
480 unsigned char *key, size_t keylen,
481 unsigned char *id, size_t idlen,
482 ASN1_GENERALIZEDTIME *date,
483 ASN1_OBJECT *otherTypeId,
484 ASN1_TYPE *otherType)
485 {
486 CMS_RecipientInfo *ri = NULL;
487 CMS_EnvelopedData *env;
488 CMS_KEKRecipientInfo *kekri;
489 env = cms_get0_enveloped(cms);
490 if (!env)
491 goto err;
492
493 if (nid == NID_undef)
494 {
495 switch (keylen)
496 {
497 case 16:
498 nid = NID_id_aes128_wrap;
499 break;
500
501 case 24:
502 nid = NID_id_aes192_wrap;
503 break;
504
505 case 32:
506 nid = NID_id_aes256_wrap;
507 break;
508
509 default:
510 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
511 CMS_R_INVALID_KEY_LENGTH);
512 goto err;
513 }
514
515 }
516 else
517 {
518
519 size_t exp_keylen = aes_wrap_keylen(nid);
520
521 if (!exp_keylen)
522 {
523 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
524 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
525 goto err;
526 }
527
528 if (keylen != exp_keylen)
529 {
530 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
531 CMS_R_INVALID_KEY_LENGTH);
532 goto err;
533 }
534
535 }
536
537 /* Initialize recipient info */
538 ri = M_ASN1_new_of(CMS_RecipientInfo);
539 if (!ri)
540 goto merr;
541
542 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
543 if (!ri->d.kekri)
544 goto merr;
545 ri->type = CMS_RECIPINFO_KEK;
546
547 kekri = ri->d.kekri;
548
549 if (otherTypeId)
550 {
551 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
552 if (kekri->kekid->other == NULL)
553 goto merr;
554 }
555
556 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
557 goto merr;
558
559
560 /* After this point no calls can fail */
561
562 kekri->version = 4;
563
564 kekri->key = key;
565 kekri->keylen = keylen;
566
567 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
568
569 kekri->kekid->date = date;
570
571 if (kekri->kekid->other)
572 {
573 kekri->kekid->other->keyAttrId = otherTypeId;
574 kekri->kekid->other->keyAttr = otherType;
575 }
576
577 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
578 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
579
580 return ri;
581
582 merr:
583 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
584 err:
585 if (ri)
586 M_ASN1_free_of(ri, CMS_RecipientInfo);
587 return NULL;
588
589 }
590
591int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
592 X509_ALGOR **palg,
593 ASN1_OCTET_STRING **pid,
594 ASN1_GENERALIZEDTIME **pdate,
595 ASN1_OBJECT **potherid,
596 ASN1_TYPE **pothertype)
597 {
598 CMS_KEKIdentifier *rkid;
599 if (ri->type != CMS_RECIPINFO_KEK)
600 {
601 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
602 return 0;
603 }
604 rkid = ri->d.kekri->kekid;
605 if (palg)
606 *palg = ri->d.kekri->keyEncryptionAlgorithm;
607 if (pid)
608 *pid = rkid->keyIdentifier;
609 if (pdate)
610 *pdate = rkid->date;
611 if (potherid)
612 {
613 if (rkid->other)
614 *potherid = rkid->other->keyAttrId;
615 else
616 *potherid = NULL;
617 }
618 if (pothertype)
619 {
620 if (rkid->other)
621 *pothertype = rkid->other->keyAttr;
622 else
623 *pothertype = NULL;
624 }
625 return 1;
626 }
627
628int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
629 unsigned char *key, size_t keylen)
630 {
631 CMS_KEKRecipientInfo *kekri;
632 if (ri->type != CMS_RECIPINFO_KEK)
633 {
634 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
635 return 0;
636 }
637
638 kekri = ri->d.kekri;
639 kekri->key = key;
640 kekri->keylen = keylen;
641 return 1;
642 }
643
644
645/* Encrypt content key in KEK recipient info */
646
647static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
648 CMS_RecipientInfo *ri)
649 {
650 CMS_EncryptedContentInfo *ec;
651 CMS_KEKRecipientInfo *kekri;
652 AES_KEY actx;
653 unsigned char *wkey = NULL;
654 int wkeylen;
655 int r = 0;
656
657 ec = cms->d.envelopedData->encryptedContentInfo;
658
659 kekri = ri->d.kekri;
660
661 if (!kekri->key)
662 {
663 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
664 return 0;
665 }
666
667 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
668 {
669 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
670 CMS_R_ERROR_SETTING_KEY);
671 goto err;
672 }
673
674 wkey = OPENSSL_malloc(ec->keylen + 8);
675
676 if (!wkey)
677 {
678 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
679 ERR_R_MALLOC_FAILURE);
680 goto err;
681 }
682
683 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
684
685 if (wkeylen <= 0)
686 {
687 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
688 goto err;
689 }
690
691 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
692
693 r = 1;
694
695 err:
696
697 if (!r && wkey)
698 OPENSSL_free(wkey);
699 OPENSSL_cleanse(&actx, sizeof(actx));
700
701 return r;
702
703 }
704
705/* Decrypt content key in KEK recipient info */
706
707static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
708 CMS_RecipientInfo *ri)
709 {
710 CMS_EncryptedContentInfo *ec;
711 CMS_KEKRecipientInfo *kekri;
712 AES_KEY actx;
713 unsigned char *ukey = NULL;
714 int ukeylen;
715 int r = 0, wrap_nid;
716
717 ec = cms->d.envelopedData->encryptedContentInfo;
718
719 kekri = ri->d.kekri;
720
721 if (!kekri->key)
722 {
723 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
724 return 0;
725 }
726
727 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
728 if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
729 {
730 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
731 CMS_R_INVALID_KEY_LENGTH);
732 return 0;
733 }
734
735 /* If encrypted key length is invalid don't bother */
736
737 if (kekri->encryptedKey->length < 16)
738 {
739 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
740 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
741 goto err;
742 }
743
744 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
745 {
746 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
747 CMS_R_ERROR_SETTING_KEY);
748 goto err;
749 }
750
751 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
752
753 if (!ukey)
754 {
755 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
756 ERR_R_MALLOC_FAILURE);
757 goto err;
758 }
759
760 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
761 kekri->encryptedKey->data,
762 kekri->encryptedKey->length);
763
764 if (ukeylen <= 0)
765 {
766 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
767 CMS_R_UNWRAP_ERROR);
768 goto err;
769 }
770
771 ec->key = ukey;
772 ec->keylen = ukeylen;
773
774 r = 1;
775
776 err:
777
778 if (!r && ukey)
779 OPENSSL_free(ukey);
780 OPENSSL_cleanse(&actx, sizeof(actx));
781
782 return r;
783
784 }
785
786int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
787 {
788 switch(ri->type)
789 {
790 case CMS_RECIPINFO_TRANS:
791 return cms_RecipientInfo_ktri_decrypt(cms, ri);
792
793 case CMS_RECIPINFO_KEK:
794 return cms_RecipientInfo_kekri_decrypt(cms, ri);
795
796 case CMS_RECIPINFO_PASS:
797 return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
798
799 default:
800 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
801 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
802 return 0;
803 }
804 }
805
806BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
807 {
808 CMS_EncryptedContentInfo *ec;
809 STACK_OF(CMS_RecipientInfo) *rinfos;
810 CMS_RecipientInfo *ri;
811 int i, r, ok = 0;
812 BIO *ret;
813
814 /* Get BIO first to set up key */
815
816 ec = cms->d.envelopedData->encryptedContentInfo;
817 ret = cms_EncryptedContent_init_bio(ec);
818
819 /* If error or no cipher end of processing */
820
821 if (!ret || !ec->cipher)
822 return ret;
823
824 /* Now encrypt content key according to each RecipientInfo type */
825
826 rinfos = cms->d.envelopedData->recipientInfos;
827
828 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
829 {
830 ri = sk_CMS_RecipientInfo_value(rinfos, i);
831
832 switch (ri->type)
833 {
834 case CMS_RECIPINFO_TRANS:
835 r = cms_RecipientInfo_ktri_encrypt(cms, ri);
836 break;
837
838 case CMS_RECIPINFO_KEK:
839 r = cms_RecipientInfo_kekri_encrypt(cms, ri);
840 break;
841
842 case CMS_RECIPINFO_PASS:
843 r = cms_RecipientInfo_pwri_crypt(cms, ri, 1);
844 break;
845
846 default:
847 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
848 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
849 goto err;
850 }
851
852 if (r <= 0)
853 {
854 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
855 CMS_R_ERROR_SETTING_RECIPIENTINFO);
856 goto err;
857 }
858 }
859
860 ok = 1;
861
862 err:
863 ec->cipher = NULL;
864 if (ec->key)
865 {
866 OPENSSL_cleanse(ec->key, ec->keylen);
867 OPENSSL_free(ec->key);
868 ec->key = NULL;
869 ec->keylen = 0;
870 }
871 if (ok)
872 return ret;
873 BIO_free(ret);
874 return NULL;
875
876 }
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
new file mode 100644
index 0000000000..8330ead7ed
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_err.c
@@ -0,0 +1,245 @@
1/* crypto/cms/cms_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/cms.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
70
71static ERR_STRING_DATA CMS_str_functs[]=
72 {
73{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
74{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
75{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
76{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), "CMS_add0_recipient_password"},
77{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
78{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
79{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
80{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
81{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
82{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
83{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"},
84{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
85{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
86{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
87{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
88{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
89{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
90{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
91{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
92{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
93{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
94{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
95{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
96{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
97{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
98{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
99{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"},
100{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
101{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
102{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"},
103{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
104{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"},
105{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
106{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
107{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
108{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
109{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
110{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
111{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
112{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
113{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
114{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
115{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
116{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
117{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
118{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
119{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"},
120{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"},
121{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"},
122{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
123{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
124{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
125{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
126{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"},
127{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
128{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), "CMS_RecipientInfo_set0_password"},
129{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
130{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
131{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
132{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
133{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
134{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"},
135{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
136{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
137{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
138{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
139{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
140{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
141{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
142{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
143{0,NULL}
144 };
145
146static ERR_STRING_DATA CMS_str_reasons[]=
147 {
148{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"},
149{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
150{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
151{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
152{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
153{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
154{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"},
155{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"},
156{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
157{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"},
158{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
159{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
160{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
161{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
162{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"},
163{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"},
164{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"},
165{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"},
166{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"},
167{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
168{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
169{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"},
170{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
171{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
172{ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),"invalid key encryption parameter"},
173{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
174{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"},
175{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
176{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
177{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"},
178{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
179{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
180{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"},
181{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"},
182{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"},
183{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"},
184{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"},
185{ERR_REASON(CMS_R_NOT_PWRI) ,"not pwri"},
186{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
187{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"},
188{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"},
189{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"},
190{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"},
191{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"},
192{ERR_REASON(CMS_R_NO_KEY) ,"no key"},
193{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"},
194{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"},
195{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
196{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
197{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"},
198{ERR_REASON(CMS_R_NO_PASSWORD) ,"no password"},
199{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"},
200{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"},
201{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"},
202{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"},
203{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
204{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"},
205{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"},
206{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
207{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"},
208{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"},
209{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"},
210{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
211{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"},
212{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
213{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
214{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
215{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
216{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"},
217{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
218{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"},
219{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
220{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
221{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
222{ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),"unsupported key encryption algorithm"},
223{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
224{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
225{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"},
226{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"},
227{ERR_REASON(CMS_R_UNWRAP_FAILURE) ,"unwrap failure"},
228{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"},
229{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"},
230{0,NULL}
231 };
232
233#endif
234
235void ERR_load_CMS_strings(void)
236 {
237#ifndef OPENSSL_NO_ERR
238
239 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
240 {
241 ERR_load_strings(0,CMS_str_functs);
242 ERR_load_strings(0,CMS_str_reasons);
243 }
244#endif
245 }
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
new file mode 100644
index 0000000000..90c0b82fb5
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_ess.c
@@ -0,0 +1,420 @@
1/* crypto/cms/cms_ess.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/rand.h>
58#include <openssl/x509v3.h>
59#include <openssl/err.h>
60#include <openssl/cms.h>
61#include "cms_lcl.h"
62
63DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
64DECLARE_ASN1_ITEM(CMS_Receipt)
65
66IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
67
68/* ESS services: for now just Signed Receipt related */
69
70int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
71 {
72 ASN1_STRING *str;
73 CMS_ReceiptRequest *rr = NULL;
74 if (prr)
75 *prr = NULL;
76 str = CMS_signed_get0_data_by_OBJ(si,
77 OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
78 -3, V_ASN1_SEQUENCE);
79 if (!str)
80 return 0;
81
82 rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
83 if (!rr)
84 return -1;
85 if (prr)
86 *prr = rr;
87 else
88 CMS_ReceiptRequest_free(rr);
89 return 1;
90 }
91
92CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
93 int allorfirst,
94 STACK_OF(GENERAL_NAMES) *receiptList,
95 STACK_OF(GENERAL_NAMES) *receiptsTo)
96 {
97 CMS_ReceiptRequest *rr = NULL;
98
99 rr = CMS_ReceiptRequest_new();
100 if (!rr)
101 goto merr;
102 if (id)
103 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
104 else
105 {
106 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
107 goto merr;
108 if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
109 <= 0)
110 goto err;
111 }
112
113 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
114 rr->receiptsTo = receiptsTo;
115
116 if (receiptList)
117 {
118 rr->receiptsFrom->type = 1;
119 rr->receiptsFrom->d.receiptList = receiptList;
120 }
121 else
122 {
123 rr->receiptsFrom->type = 0;
124 rr->receiptsFrom->d.allOrFirstTier = allorfirst;
125 }
126
127 return rr;
128
129 merr:
130 CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
131
132 err:
133 if (rr)
134 CMS_ReceiptRequest_free(rr);
135
136 return NULL;
137
138 }
139
140int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
141 {
142 unsigned char *rrder = NULL;
143 int rrderlen, r = 0;
144
145 rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
146 if (rrderlen < 0)
147 goto merr;
148
149 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
150 V_ASN1_SEQUENCE, rrder, rrderlen))
151 goto merr;
152
153 r = 1;
154
155 merr:
156 if (!r)
157 CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
158
159 if (rrder)
160 OPENSSL_free(rrder);
161
162 return r;
163
164 }
165
166void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
167 ASN1_STRING **pcid,
168 int *pallorfirst,
169 STACK_OF(GENERAL_NAMES) **plist,
170 STACK_OF(GENERAL_NAMES) **prto)
171 {
172 if (pcid)
173 *pcid = rr->signedContentIdentifier;
174 if (rr->receiptsFrom->type == 0)
175 {
176 if (pallorfirst)
177 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
178 if (plist)
179 *plist = NULL;
180 }
181 else
182 {
183 if (pallorfirst)
184 *pallorfirst = -1;
185 if (plist)
186 *plist = rr->receiptsFrom->d.receiptList;
187 }
188 if (prto)
189 *prto = rr->receiptsTo;
190 }
191
192/* Digest a SignerInfo structure for msgSigDigest attribute processing */
193
194static int cms_msgSigDigest(CMS_SignerInfo *si,
195 unsigned char *dig, unsigned int *diglen)
196 {
197 const EVP_MD *md;
198 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
199 if (md == NULL)
200 return 0;
201 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
202 si->signedAttrs, dig, diglen))
203 return 0;
204 return 1;
205 }
206
207/* Add a msgSigDigest attribute to a SignerInfo */
208
209int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
210 {
211 unsigned char dig[EVP_MAX_MD_SIZE];
212 unsigned int diglen;
213 if (!cms_msgSigDigest(src, dig, &diglen))
214 {
215 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
216 return 0;
217 }
218 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
219 V_ASN1_OCTET_STRING, dig, diglen))
220 {
221 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
222 return 0;
223 }
224 return 1;
225 }
226
227/* Verify signed receipt after it has already passed normal CMS verify */
228
229int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
230 {
231 int r = 0, i;
232 CMS_ReceiptRequest *rr = NULL;
233 CMS_Receipt *rct = NULL;
234 STACK_OF(CMS_SignerInfo) *sis, *osis;
235 CMS_SignerInfo *si, *osi = NULL;
236 ASN1_OCTET_STRING *msig, **pcont;
237 ASN1_OBJECT *octype;
238 unsigned char dig[EVP_MAX_MD_SIZE];
239 unsigned int diglen;
240
241 /* Get SignerInfos, also checks SignedData content type */
242 osis = CMS_get0_SignerInfos(req_cms);
243 sis = CMS_get0_SignerInfos(cms);
244 if (!osis || !sis)
245 goto err;
246
247 if (sk_CMS_SignerInfo_num(sis) != 1)
248 {
249 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
250 goto err;
251 }
252
253 /* Check receipt content type */
254 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
255 {
256 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
257 goto err;
258 }
259
260 /* Extract and decode receipt content */
261 pcont = CMS_get0_content(cms);
262 if (!pcont || !*pcont)
263 {
264 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
265 goto err;
266 }
267
268 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
269
270 if (!rct)
271 {
272 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
273 goto err;
274 }
275
276 /* Locate original request */
277
278 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
279 {
280 osi = sk_CMS_SignerInfo_value(osis, i);
281 if (!ASN1_STRING_cmp(osi->signature,
282 rct->originatorSignatureValue))
283 break;
284 }
285
286 if (i == sk_CMS_SignerInfo_num(osis))
287 {
288 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
289 goto err;
290 }
291
292 si = sk_CMS_SignerInfo_value(sis, 0);
293
294 /* Get msgSigDigest value and compare */
295
296 msig = CMS_signed_get0_data_by_OBJ(si,
297 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
298 -3, V_ASN1_OCTET_STRING);
299
300 if (!msig)
301 {
302 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
303 goto err;
304 }
305
306 if (!cms_msgSigDigest(osi, dig, &diglen))
307 {
308 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
309 goto err;
310 }
311
312 if (diglen != (unsigned int)msig->length)
313 {
314 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
315 CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
316 goto err;
317 }
318
319 if (memcmp(dig, msig->data, diglen))
320 {
321 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
322 CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
323 goto err;
324 }
325
326 /* Compare content types */
327
328 octype = CMS_signed_get0_data_by_OBJ(osi,
329 OBJ_nid2obj(NID_pkcs9_contentType),
330 -3, V_ASN1_OBJECT);
331 if (!octype)
332 {
333 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
334 goto err;
335 }
336
337 /* Compare details in receipt request */
338
339 if (OBJ_cmp(octype, rct->contentType))
340 {
341 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
342 goto err;
343 }
344
345 /* Get original receipt request details */
346
347 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
348 {
349 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
350 goto err;
351 }
352
353 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
354 rct->signedContentIdentifier))
355 {
356 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
357 CMS_R_CONTENTIDENTIFIER_MISMATCH);
358 goto err;
359 }
360
361 r = 1;
362
363 err:
364 if (rr)
365 CMS_ReceiptRequest_free(rr);
366 if (rct)
367 M_ASN1_free_of(rct, CMS_Receipt);
368
369 return r;
370
371 }
372
373/* Encode a Receipt into an OCTET STRING read for including into content of
374 * a SignedData ContentInfo.
375 */
376
377ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
378 {
379 CMS_Receipt rct;
380 CMS_ReceiptRequest *rr = NULL;
381 ASN1_OBJECT *ctype;
382 ASN1_OCTET_STRING *os = NULL;
383
384 /* Get original receipt request */
385
386 /* Get original receipt request details */
387
388 if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
389 {
390 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
391 goto err;
392 }
393
394 /* Get original content type */
395
396 ctype = CMS_signed_get0_data_by_OBJ(si,
397 OBJ_nid2obj(NID_pkcs9_contentType),
398 -3, V_ASN1_OBJECT);
399 if (!ctype)
400 {
401 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
402 goto err;
403 }
404
405 rct.version = 1;
406 rct.contentType = ctype;
407 rct.signedContentIdentifier = rr->signedContentIdentifier;
408 rct.originatorSignatureValue = si->signature;
409
410 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
411
412 err:
413 if (rr)
414 CMS_ReceiptRequest_free(rr);
415
416 return os;
417
418 }
419
420
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
new file mode 100644
index 0000000000..1cb0264cc5
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_io.c
@@ -0,0 +1,133 @@
1/* crypto/cms/cms_io.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/x509.h>
56#include <openssl/err.h>
57#include <openssl/pem.h>
58#include "cms.h"
59#include "cms_lcl.h"
60
61int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
62 {
63 ASN1_OCTET_STRING **pos;
64 pos = CMS_get0_content(cms);
65 if (!pos)
66 return 0;
67 if (!*pos)
68 *pos = ASN1_OCTET_STRING_new();
69 if (*pos)
70 {
71 (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
72 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
73 *boundary = &(*pos)->data;
74 return 1;
75 }
76 CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
77 return 0;
78 }
79
80CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
81 {
82 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
83 }
84
85int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
86 {
87 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
88 }
89
90IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
91
92BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
93 {
94 return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
95 ASN1_ITEM_rptr(CMS_ContentInfo));
96 }
97
98/* CMS wrappers round generalised stream and MIME routines */
99
100int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
101 {
102 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
103 ASN1_ITEM_rptr(CMS_ContentInfo));
104 }
105
106int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
107 {
108 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
109 "CMS",
110 ASN1_ITEM_rptr(CMS_ContentInfo));
111 }
112
113int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
114 {
115 STACK_OF(X509_ALGOR) *mdalgs;
116 int ctype_nid = OBJ_obj2nid(cms->contentType);
117 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
118 if (ctype_nid == NID_pkcs7_signed)
119 mdalgs = cms->d.signedData->digestAlgorithms;
120 else
121 mdalgs = NULL;
122
123 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
124 ctype_nid, econt_nid, mdalgs,
125 ASN1_ITEM_rptr(CMS_ContentInfo));
126 }
127
128CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
129 {
130 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
131 ASN1_ITEM_rptr(CMS_ContentInfo));
132 }
133
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
new file mode 100644
index 0000000000..a9f9730157
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -0,0 +1,473 @@
1/* crypto/cms/cms_lcl.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#ifndef HEADER_CMS_LCL_H
55#define HEADER_CMS_LCL_H
56
57#ifdef __cplusplus
58extern "C" {
59#endif
60
61#include <openssl/x509.h>
62
63/* Cryptographic message syntax (CMS) structures: taken
64 * from RFC3852
65 */
66
67/* Forward references */
68
69typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
70typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
71typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
72typedef struct CMS_SignedData_st CMS_SignedData;
73typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
74typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
75typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
76typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
77typedef struct CMS_DigestedData_st CMS_DigestedData;
78typedef struct CMS_EncryptedData_st CMS_EncryptedData;
79typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
80typedef struct CMS_CompressedData_st CMS_CompressedData;
81typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
82typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
83typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
84typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
85typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
86typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
87typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
88typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
89typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
90typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
91typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
92typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
95
96struct CMS_ContentInfo_st
97 {
98 ASN1_OBJECT *contentType;
99 union {
100 ASN1_OCTET_STRING *data;
101 CMS_SignedData *signedData;
102 CMS_EnvelopedData *envelopedData;
103 CMS_DigestedData *digestedData;
104 CMS_EncryptedData *encryptedData;
105 CMS_AuthenticatedData *authenticatedData;
106 CMS_CompressedData *compressedData;
107 ASN1_TYPE *other;
108 /* Other types ... */
109 void *otherData;
110 } d;
111 };
112
113struct CMS_SignedData_st
114 {
115 long version;
116 STACK_OF(X509_ALGOR) *digestAlgorithms;
117 CMS_EncapsulatedContentInfo *encapContentInfo;
118 STACK_OF(CMS_CertificateChoices) *certificates;
119 STACK_OF(CMS_RevocationInfoChoice) *crls;
120 STACK_OF(CMS_SignerInfo) *signerInfos;
121 };
122
123struct CMS_EncapsulatedContentInfo_st
124 {
125 ASN1_OBJECT *eContentType;
126 ASN1_OCTET_STRING *eContent;
127 /* Set to 1 if incomplete structure only part set up */
128 int partial;
129 };
130
131struct CMS_SignerInfo_st
132 {
133 long version;
134 CMS_SignerIdentifier *sid;
135 X509_ALGOR *digestAlgorithm;
136 STACK_OF(X509_ATTRIBUTE) *signedAttrs;
137 X509_ALGOR *signatureAlgorithm;
138 ASN1_OCTET_STRING *signature;
139 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
140 /* Signing certificate and key */
141 X509 *signer;
142 EVP_PKEY *pkey;
143 };
144
145struct CMS_SignerIdentifier_st
146 {
147 int type;
148 union {
149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
150 ASN1_OCTET_STRING *subjectKeyIdentifier;
151 } d;
152 };
153
154struct CMS_EnvelopedData_st
155 {
156 long version;
157 CMS_OriginatorInfo *originatorInfo;
158 STACK_OF(CMS_RecipientInfo) *recipientInfos;
159 CMS_EncryptedContentInfo *encryptedContentInfo;
160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
161 };
162
163struct CMS_OriginatorInfo_st
164 {
165 STACK_OF(CMS_CertificateChoices) *certificates;
166 STACK_OF(CMS_RevocationInfoChoice) *crls;
167 };
168
169struct CMS_EncryptedContentInfo_st
170 {
171 ASN1_OBJECT *contentType;
172 X509_ALGOR *contentEncryptionAlgorithm;
173 ASN1_OCTET_STRING *encryptedContent;
174 /* Content encryption algorithm and key */
175 const EVP_CIPHER *cipher;
176 unsigned char *key;
177 size_t keylen;
178 /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
179 int debug;
180 };
181
182struct CMS_RecipientInfo_st
183 {
184 int type;
185 union {
186 CMS_KeyTransRecipientInfo *ktri;
187 CMS_KeyAgreeRecipientInfo *kari;
188 CMS_KEKRecipientInfo *kekri;
189 CMS_PasswordRecipientInfo *pwri;
190 CMS_OtherRecipientInfo *ori;
191 } d;
192 };
193
194typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
195
196struct CMS_KeyTransRecipientInfo_st
197 {
198 long version;
199 CMS_RecipientIdentifier *rid;
200 X509_ALGOR *keyEncryptionAlgorithm;
201 ASN1_OCTET_STRING *encryptedKey;
202 /* Recipient Key and cert */
203 X509 *recip;
204 EVP_PKEY *pkey;
205 };
206
207struct CMS_KeyAgreeRecipientInfo_st
208 {
209 long version;
210 CMS_OriginatorIdentifierOrKey *originator;
211 ASN1_OCTET_STRING *ukm;
212 X509_ALGOR *keyEncryptionAlgorithm;
213 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
214 };
215
216struct CMS_OriginatorIdentifierOrKey_st
217 {
218 int type;
219 union {
220 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
221 ASN1_OCTET_STRING *subjectKeyIdentifier;
222 CMS_OriginatorPublicKey *originatorKey;
223 } d;
224 };
225
226struct CMS_OriginatorPublicKey_st
227 {
228 X509_ALGOR *algorithm;
229 ASN1_BIT_STRING *publicKey;
230 };
231
232struct CMS_RecipientEncryptedKey_st
233 {
234 CMS_KeyAgreeRecipientIdentifier *rid;
235 ASN1_OCTET_STRING *encryptedKey;
236 };
237
238struct CMS_KeyAgreeRecipientIdentifier_st
239 {
240 int type;
241 union {
242 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
243 CMS_RecipientKeyIdentifier *rKeyId;
244 } d;
245 };
246
247struct CMS_RecipientKeyIdentifier_st
248 {
249 ASN1_OCTET_STRING *subjectKeyIdentifier;
250 ASN1_GENERALIZEDTIME *date;
251 CMS_OtherKeyAttribute *other;
252 };
253
254struct CMS_KEKRecipientInfo_st
255 {
256 long version;
257 CMS_KEKIdentifier *kekid;
258 X509_ALGOR *keyEncryptionAlgorithm;
259 ASN1_OCTET_STRING *encryptedKey;
260 /* Extra info: symmetric key to use */
261 unsigned char *key;
262 size_t keylen;
263 };
264
265struct CMS_KEKIdentifier_st
266 {
267 ASN1_OCTET_STRING *keyIdentifier;
268 ASN1_GENERALIZEDTIME *date;
269 CMS_OtherKeyAttribute *other;
270 };
271
272struct CMS_PasswordRecipientInfo_st
273 {
274 long version;
275 X509_ALGOR *keyDerivationAlgorithm;
276 X509_ALGOR *keyEncryptionAlgorithm;
277 ASN1_OCTET_STRING *encryptedKey;
278 /* Extra info: password to use */
279 unsigned char *pass;
280 size_t passlen;
281 };
282
283struct CMS_OtherRecipientInfo_st
284 {
285 ASN1_OBJECT *oriType;
286 ASN1_TYPE *oriValue;
287 };
288
289struct CMS_DigestedData_st
290 {
291 long version;
292 X509_ALGOR *digestAlgorithm;
293 CMS_EncapsulatedContentInfo *encapContentInfo;
294 ASN1_OCTET_STRING *digest;
295 };
296
297struct CMS_EncryptedData_st
298 {
299 long version;
300 CMS_EncryptedContentInfo *encryptedContentInfo;
301 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
302 };
303
304struct CMS_AuthenticatedData_st
305 {
306 long version;
307 CMS_OriginatorInfo *originatorInfo;
308 STACK_OF(CMS_RecipientInfo) *recipientInfos;
309 X509_ALGOR *macAlgorithm;
310 X509_ALGOR *digestAlgorithm;
311 CMS_EncapsulatedContentInfo *encapContentInfo;
312 STACK_OF(X509_ATTRIBUTE) *authAttrs;
313 ASN1_OCTET_STRING *mac;
314 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
315 };
316
317struct CMS_CompressedData_st
318 {
319 long version;
320 X509_ALGOR *compressionAlgorithm;
321 STACK_OF(CMS_RecipientInfo) *recipientInfos;
322 CMS_EncapsulatedContentInfo *encapContentInfo;
323 };
324
325struct CMS_RevocationInfoChoice_st
326 {
327 int type;
328 union {
329 X509_CRL *crl;
330 CMS_OtherRevocationInfoFormat *other;
331 } d;
332 };
333
334#define CMS_REVCHOICE_CRL 0
335#define CMS_REVCHOICE_OTHER 1
336
337struct CMS_OtherRevocationInfoFormat_st
338 {
339 ASN1_OBJECT *otherRevInfoFormat;
340 ASN1_TYPE *otherRevInfo;
341 };
342
343struct CMS_CertificateChoices
344 {
345 int type;
346 union {
347 X509 *certificate;
348 ASN1_STRING *extendedCertificate; /* Obsolete */
349 ASN1_STRING *v1AttrCert; /* Left encoded for now */
350 ASN1_STRING *v2AttrCert; /* Left encoded for now */
351 CMS_OtherCertificateFormat *other;
352 } d;
353 };
354
355#define CMS_CERTCHOICE_CERT 0
356#define CMS_CERTCHOICE_EXCERT 1
357#define CMS_CERTCHOICE_V1ACERT 2
358#define CMS_CERTCHOICE_V2ACERT 3
359#define CMS_CERTCHOICE_OTHER 4
360
361struct CMS_OtherCertificateFormat_st
362 {
363 ASN1_OBJECT *otherCertFormat;
364 ASN1_TYPE *otherCert;
365 };
366
367/* This is also defined in pkcs7.h but we duplicate it
368 * to allow the CMS code to be independent of PKCS#7
369 */
370
371struct CMS_IssuerAndSerialNumber_st
372 {
373 X509_NAME *issuer;
374 ASN1_INTEGER *serialNumber;
375 };
376
377struct CMS_OtherKeyAttribute_st
378 {
379 ASN1_OBJECT *keyAttrId;
380 ASN1_TYPE *keyAttr;
381 };
382
383/* ESS structures */
384
385#ifdef HEADER_X509V3_H
386
387struct CMS_ReceiptRequest_st
388 {
389 ASN1_OCTET_STRING *signedContentIdentifier;
390 CMS_ReceiptsFrom *receiptsFrom;
391 STACK_OF(GENERAL_NAMES) *receiptsTo;
392 };
393
394
395struct CMS_ReceiptsFrom_st
396 {
397 int type;
398 union
399 {
400 long allOrFirstTier;
401 STACK_OF(GENERAL_NAMES) *receiptList;
402 } d;
403 };
404#endif
405
406struct CMS_Receipt_st
407 {
408 long version;
409 ASN1_OBJECT *contentType;
410 ASN1_OCTET_STRING *signedContentIdentifier;
411 ASN1_OCTET_STRING *originatorSignatureValue;
412 };
413
414DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
415DECLARE_ASN1_ITEM(CMS_SignerInfo)
416DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
417DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
418DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
419DECLARE_ASN1_ITEM(CMS_RecipientInfo)
420DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
421DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
422
423#define CMS_SIGNERINFO_ISSUER_SERIAL 0
424#define CMS_SIGNERINFO_KEYIDENTIFIER 1
425
426#define CMS_RECIPINFO_ISSUER_SERIAL 0
427#define CMS_RECIPINFO_KEYIDENTIFIER 1
428
429BIO *cms_content_bio(CMS_ContentInfo *cms);
430
431CMS_ContentInfo *cms_Data_create(void);
432
433CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
434BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
435int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
436
437BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
438int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
439int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
440int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
441 ASN1_OCTET_STRING **keyid,
442 X509_NAME **issuer, ASN1_INTEGER **sno);
443int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
444
445CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
446BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
447
448void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
449BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
450int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
451 X509_ALGOR *mdalg);
452
453BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
454BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
455int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
456 const EVP_CIPHER *cipher,
457 const unsigned char *key, size_t keylen);
458
459int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
460int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
461ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
462
463BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
464CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
465
466/* PWRI routines */
467int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
468 int en_de);
469
470#ifdef __cplusplus
471}
472#endif
473#endif
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
new file mode 100644
index 0000000000..f88e8f3b52
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -0,0 +1,626 @@
1/* crypto/cms/cms_lib.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/x509.h>
56#include <openssl/err.h>
57#include <openssl/pem.h>
58#include <openssl/bio.h>
59#include <openssl/asn1.h>
60#include "cms.h"
61#include "cms_lcl.h"
62
63IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
64IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
65
66DECLARE_ASN1_ITEM(CMS_CertificateChoices)
67DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
68DECLARE_STACK_OF(CMS_CertificateChoices)
69DECLARE_STACK_OF(CMS_RevocationInfoChoice)
70
71const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
72 {
73 return cms->contentType;
74 }
75
76CMS_ContentInfo *cms_Data_create(void)
77 {
78 CMS_ContentInfo *cms;
79 cms = CMS_ContentInfo_new();
80 if (cms)
81 {
82 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
83 /* Never detached */
84 CMS_set_detached(cms, 0);
85 }
86 return cms;
87 }
88
89BIO *cms_content_bio(CMS_ContentInfo *cms)
90 {
91 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
92 if (!pos)
93 return NULL;
94 /* If content detached data goes nowhere: create NULL BIO */
95 if (!*pos)
96 return BIO_new(BIO_s_null());
97 /* If content not detached and created return memory BIO
98 */
99 if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
100 return BIO_new(BIO_s_mem());
101 /* Else content was read in: return read only BIO for it */
102 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
103 }
104
105BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
106 {
107 BIO *cmsbio, *cont;
108 if (icont)
109 cont = icont;
110 else
111 cont = cms_content_bio(cms);
112 if (!cont)
113 {
114 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
115 return NULL;
116 }
117 switch (OBJ_obj2nid(cms->contentType))
118 {
119
120 case NID_pkcs7_data:
121 return cont;
122
123 case NID_pkcs7_signed:
124 cmsbio = cms_SignedData_init_bio(cms);
125 break;
126
127 case NID_pkcs7_digest:
128 cmsbio = cms_DigestedData_init_bio(cms);
129 break;
130#ifdef ZLIB
131 case NID_id_smime_ct_compressedData:
132 cmsbio = cms_CompressedData_init_bio(cms);
133 break;
134#endif
135
136 case NID_pkcs7_encrypted:
137 cmsbio = cms_EncryptedData_init_bio(cms);
138 break;
139
140 case NID_pkcs7_enveloped:
141 cmsbio = cms_EnvelopedData_init_bio(cms);
142 break;
143
144 default:
145 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
146 return NULL;
147 }
148
149 if (cmsbio)
150 return BIO_push(cmsbio, cont);
151
152 if (!icont)
153 BIO_free(cont);
154 return NULL;
155
156 }
157
158int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
159 {
160 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
161 if (!pos)
162 return 0;
163 /* If ebmedded content find memory BIO and set content */
164 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
165 {
166 BIO *mbio;
167 unsigned char *cont;
168 long contlen;
169 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
170 if (!mbio)
171 {
172 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
173 return 0;
174 }
175 contlen = BIO_get_mem_data(mbio, &cont);
176 /* Set bio as read only so its content can't be clobbered */
177 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
178 BIO_set_mem_eof_return(mbio, 0);
179 ASN1_STRING_set0(*pos, cont, contlen);
180 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
181 }
182
183 switch (OBJ_obj2nid(cms->contentType))
184 {
185
186 case NID_pkcs7_data:
187 case NID_pkcs7_enveloped:
188 case NID_pkcs7_encrypted:
189 case NID_id_smime_ct_compressedData:
190 /* Nothing to do */
191 return 1;
192
193 case NID_pkcs7_signed:
194 return cms_SignedData_final(cms, cmsbio);
195
196 case NID_pkcs7_digest:
197 return cms_DigestedData_do_final(cms, cmsbio, 0);
198
199 default:
200 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
201 return 0;
202 }
203 }
204
205/* Return an OCTET STRING pointer to content. This allows it to
206 * be accessed or set later.
207 */
208
209ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
210 {
211 switch (OBJ_obj2nid(cms->contentType))
212 {
213
214 case NID_pkcs7_data:
215 return &cms->d.data;
216
217 case NID_pkcs7_signed:
218 return &cms->d.signedData->encapContentInfo->eContent;
219
220 case NID_pkcs7_enveloped:
221 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
222
223 case NID_pkcs7_digest:
224 return &cms->d.digestedData->encapContentInfo->eContent;
225
226 case NID_pkcs7_encrypted:
227 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
228
229 case NID_id_smime_ct_authData:
230 return &cms->d.authenticatedData->encapContentInfo->eContent;
231
232 case NID_id_smime_ct_compressedData:
233 return &cms->d.compressedData->encapContentInfo->eContent;
234
235 default:
236 if (cms->d.other->type == V_ASN1_OCTET_STRING)
237 return &cms->d.other->value.octet_string;
238 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
239 return NULL;
240
241 }
242 }
243
244/* Return an ASN1_OBJECT pointer to content type. This allows it to
245 * be accessed or set later.
246 */
247
248static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
249 {
250 switch (OBJ_obj2nid(cms->contentType))
251 {
252
253 case NID_pkcs7_signed:
254 return &cms->d.signedData->encapContentInfo->eContentType;
255
256 case NID_pkcs7_enveloped:
257 return &cms->d.envelopedData->encryptedContentInfo->contentType;
258
259 case NID_pkcs7_digest:
260 return &cms->d.digestedData->encapContentInfo->eContentType;
261
262 case NID_pkcs7_encrypted:
263 return &cms->d.encryptedData->encryptedContentInfo->contentType;
264
265 case NID_id_smime_ct_authData:
266 return &cms->d.authenticatedData->encapContentInfo->eContentType;
267
268 case NID_id_smime_ct_compressedData:
269 return &cms->d.compressedData->encapContentInfo->eContentType;
270
271 default:
272 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
273 CMS_R_UNSUPPORTED_CONTENT_TYPE);
274 return NULL;
275
276 }
277 }
278
279const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
280 {
281 ASN1_OBJECT **petype;
282 petype = cms_get0_econtent_type(cms);
283 if (petype)
284 return *petype;
285 return NULL;
286 }
287
288int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
289 {
290 ASN1_OBJECT **petype, *etype;
291 petype = cms_get0_econtent_type(cms);
292 if (!petype)
293 return 0;
294 if (!oid)
295 return 1;
296 etype = OBJ_dup(oid);
297 if (!etype)
298 return 0;
299 ASN1_OBJECT_free(*petype);
300 *petype = etype;
301 return 1;
302 }
303
304int CMS_is_detached(CMS_ContentInfo *cms)
305 {
306 ASN1_OCTET_STRING **pos;
307 pos = CMS_get0_content(cms);
308 if (!pos)
309 return -1;
310 if (*pos)
311 return 0;
312 return 1;
313 }
314
315int CMS_set_detached(CMS_ContentInfo *cms, int detached)
316 {
317 ASN1_OCTET_STRING **pos;
318 pos = CMS_get0_content(cms);
319 if (!pos)
320 return 0;
321 if (detached)
322 {
323 if (*pos)
324 {
325 ASN1_OCTET_STRING_free(*pos);
326 *pos = NULL;
327 }
328 return 1;
329 }
330 if (!*pos)
331 *pos = ASN1_OCTET_STRING_new();
332 if (*pos)
333 {
334 /* NB: special flag to show content is created and not
335 * read in.
336 */
337 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
338 return 1;
339 }
340 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
341 return 0;
342 }
343
344/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
345
346void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
347 {
348 int param_type;
349
350 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
351 param_type = V_ASN1_UNDEF;
352 else
353 param_type = V_ASN1_NULL;
354
355 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
356
357 }
358
359/* Create a digest BIO from an X509_ALGOR structure */
360
361BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
362 {
363 BIO *mdbio = NULL;
364 ASN1_OBJECT *digestoid;
365 const EVP_MD *digest;
366 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
367 digest = EVP_get_digestbyobj(digestoid);
368 if (!digest)
369 {
370 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
371 CMS_R_UNKNOWN_DIGEST_ALGORIHM);
372 goto err;
373 }
374 mdbio = BIO_new(BIO_f_md());
375 if (!mdbio || !BIO_set_md(mdbio, digest))
376 {
377 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
378 CMS_R_MD_BIO_INIT_ERROR);
379 goto err;
380 }
381 return mdbio;
382 err:
383 if (mdbio)
384 BIO_free(mdbio);
385 return NULL;
386 }
387
388/* Locate a message digest content from a BIO chain based on SignerInfo */
389
390int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
391 X509_ALGOR *mdalg)
392 {
393 int nid;
394 ASN1_OBJECT *mdoid;
395 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
396 nid = OBJ_obj2nid(mdoid);
397 /* Look for digest type to match signature */
398 for (;;)
399 {
400 EVP_MD_CTX *mtmp;
401 chain = BIO_find_type(chain, BIO_TYPE_MD);
402 if (chain == NULL)
403 {
404 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
405 CMS_R_NO_MATCHING_DIGEST);
406 return 0;
407 }
408 BIO_get_md_ctx(chain, &mtmp);
409 if (EVP_MD_CTX_type(mtmp) == nid
410 /* Workaround for broken implementations that use signature
411 * algorithm OID instead of digest.
412 */
413 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
414 {
415 return EVP_MD_CTX_copy_ex(mctx, mtmp);
416 }
417 chain = BIO_next(chain);
418 }
419 }
420
421static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
422 {
423 switch (OBJ_obj2nid(cms->contentType))
424 {
425
426 case NID_pkcs7_signed:
427 return &cms->d.signedData->certificates;
428
429 case NID_pkcs7_enveloped:
430 return &cms->d.envelopedData->originatorInfo->certificates;
431
432 default:
433 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
434 CMS_R_UNSUPPORTED_CONTENT_TYPE);
435 return NULL;
436
437 }
438 }
439
440CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
441 {
442 STACK_OF(CMS_CertificateChoices) **pcerts;
443 CMS_CertificateChoices *cch;
444 pcerts = cms_get0_certificate_choices(cms);
445 if (!pcerts)
446 return NULL;
447 if (!*pcerts)
448 *pcerts = sk_CMS_CertificateChoices_new_null();
449 if (!*pcerts)
450 return NULL;
451 cch = M_ASN1_new_of(CMS_CertificateChoices);
452 if (!cch)
453 return NULL;
454 if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
455 {
456 M_ASN1_free_of(cch, CMS_CertificateChoices);
457 return NULL;
458 }
459 return cch;
460 }
461
462int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
463 {
464 CMS_CertificateChoices *cch;
465 STACK_OF(CMS_CertificateChoices) **pcerts;
466 int i;
467 pcerts = cms_get0_certificate_choices(cms);
468 if (!pcerts)
469 return 0;
470 if (!pcerts)
471 return 0;
472 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
473 {
474 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
475 if (cch->type == CMS_CERTCHOICE_CERT)
476 {
477 if (!X509_cmp(cch->d.certificate, cert))
478 {
479 CMSerr(CMS_F_CMS_ADD0_CERT,
480 CMS_R_CERTIFICATE_ALREADY_PRESENT);
481 return 0;
482 }
483 }
484 }
485 cch = CMS_add0_CertificateChoices(cms);
486 if (!cch)
487 return 0;
488 cch->type = CMS_CERTCHOICE_CERT;
489 cch->d.certificate = cert;
490 return 1;
491 }
492
493int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
494 {
495 int r;
496 r = CMS_add0_cert(cms, cert);
497 if (r > 0)
498 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
499 return r;
500 }
501
502static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
503 {
504 switch (OBJ_obj2nid(cms->contentType))
505 {
506
507 case NID_pkcs7_signed:
508 return &cms->d.signedData->crls;
509
510 case NID_pkcs7_enveloped:
511 return &cms->d.envelopedData->originatorInfo->crls;
512
513 default:
514 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
515 CMS_R_UNSUPPORTED_CONTENT_TYPE);
516 return NULL;
517
518 }
519 }
520
521CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
522 {
523 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
524 CMS_RevocationInfoChoice *rch;
525 pcrls = cms_get0_revocation_choices(cms);
526 if (!pcrls)
527 return NULL;
528 if (!*pcrls)
529 *pcrls = sk_CMS_RevocationInfoChoice_new_null();
530 if (!*pcrls)
531 return NULL;
532 rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
533 if (!rch)
534 return NULL;
535 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
536 {
537 M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
538 return NULL;
539 }
540 return rch;
541 }
542
543int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
544 {
545 CMS_RevocationInfoChoice *rch;
546 rch = CMS_add0_RevocationInfoChoice(cms);
547 if (!rch)
548 return 0;
549 rch->type = CMS_REVCHOICE_CRL;
550 rch->d.crl = crl;
551 return 1;
552 }
553
554int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
555 {
556 int r;
557 r = CMS_add0_crl(cms, crl);
558 if (r > 0)
559 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
560 return r;
561 }
562
563STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
564 {
565 STACK_OF(X509) *certs = NULL;
566 CMS_CertificateChoices *cch;
567 STACK_OF(CMS_CertificateChoices) **pcerts;
568 int i;
569 pcerts = cms_get0_certificate_choices(cms);
570 if (!pcerts)
571 return NULL;
572 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
573 {
574 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
575 if (cch->type == 0)
576 {
577 if (!certs)
578 {
579 certs = sk_X509_new_null();
580 if (!certs)
581 return NULL;
582 }
583 if (!sk_X509_push(certs, cch->d.certificate))
584 {
585 sk_X509_pop_free(certs, X509_free);
586 return NULL;
587 }
588 CRYPTO_add(&cch->d.certificate->references,
589 1, CRYPTO_LOCK_X509);
590 }
591 }
592 return certs;
593
594 }
595
596STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
597 {
598 STACK_OF(X509_CRL) *crls = NULL;
599 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
600 CMS_RevocationInfoChoice *rch;
601 int i;
602 pcrls = cms_get0_revocation_choices(cms);
603 if (!pcrls)
604 return NULL;
605 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
606 {
607 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
608 if (rch->type == 0)
609 {
610 if (!crls)
611 {
612 crls = sk_X509_CRL_new_null();
613 if (!crls)
614 return NULL;
615 }
616 if (!sk_X509_CRL_push(crls, rch->d.crl))
617 {
618 sk_X509_CRL_pop_free(crls, X509_CRL_free);
619 return NULL;
620 }
621 CRYPTO_add(&rch->d.crl->references,
622 1, CRYPTO_LOCK_X509_CRL);
623 }
624 }
625 return crls;
626 }
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
new file mode 100644
index 0000000000..b79612a12d
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -0,0 +1,454 @@
1/* crypto/cms/cms_pwri.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2009 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/rand.h>
61#include <openssl/aes.h>
62#include "cms_lcl.h"
63#include "asn1_locl.h"
64
65int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
66 unsigned char *pass, ossl_ssize_t passlen)
67 {
68 CMS_PasswordRecipientInfo *pwri;
69 if (ri->type != CMS_RECIPINFO_PASS)
70 {
71 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
72 return 0;
73 }
74
75 pwri = ri->d.pwri;
76 pwri->pass = pass;
77 if (pass && passlen < 0)
78 passlen = strlen((char *)pass);
79 pwri->passlen = passlen;
80 return 1;
81 }
82
83CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
84 int iter, int wrap_nid, int pbe_nid,
85 unsigned char *pass,
86 ossl_ssize_t passlen,
87 const EVP_CIPHER *kekciph)
88 {
89 CMS_RecipientInfo *ri = NULL;
90 CMS_EnvelopedData *env;
91 CMS_PasswordRecipientInfo *pwri;
92 EVP_CIPHER_CTX ctx;
93 X509_ALGOR *encalg = NULL;
94 unsigned char iv[EVP_MAX_IV_LENGTH];
95 int ivlen;
96 env = cms_get0_enveloped(cms);
97 if (!env)
98 goto err;
99
100 if (wrap_nid <= 0)
101 wrap_nid = NID_id_alg_PWRI_KEK;
102
103 if (pbe_nid <= 0)
104 pbe_nid = NID_id_pbkdf2;
105
106 /* Get from enveloped data */
107 if (kekciph == NULL)
108 kekciph = env->encryptedContentInfo->cipher;
109
110 if (kekciph == NULL)
111 {
112 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
113 return NULL;
114 }
115 if (wrap_nid != NID_id_alg_PWRI_KEK)
116 {
117 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
118 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
119 return NULL;
120 }
121
122 /* Setup algorithm identifier for cipher */
123 encalg = X509_ALGOR_new();
124 EVP_CIPHER_CTX_init(&ctx);
125
126 if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0)
127 {
128 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
129 goto err;
130 }
131
132 ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
133
134 if (ivlen > 0)
135 {
136 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
137 goto err;
138 if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0)
139 {
140 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
141 ERR_R_EVP_LIB);
142 goto err;
143 }
144 encalg->parameter = ASN1_TYPE_new();
145 if (!encalg->parameter)
146 {
147 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
148 ERR_R_MALLOC_FAILURE);
149 goto err;
150 }
151 if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0)
152 {
153 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
154 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
155 goto err;
156 }
157 }
158
159
160 encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
161
162 EVP_CIPHER_CTX_cleanup(&ctx);
163
164 /* Initialize recipient info */
165 ri = M_ASN1_new_of(CMS_RecipientInfo);
166 if (!ri)
167 goto merr;
168
169 ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
170 if (!ri->d.pwri)
171 goto merr;
172 ri->type = CMS_RECIPINFO_PASS;
173
174 pwri = ri->d.pwri;
175 /* Since this is overwritten, free up empty structure already there */
176 X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
177 pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
178 if (!pwri->keyEncryptionAlgorithm)
179 goto merr;
180 pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
181 pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
182 if (!pwri->keyEncryptionAlgorithm->parameter)
183 goto merr;
184
185 if(!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
186 &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
187 goto merr;
188 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
189
190 X509_ALGOR_free(encalg);
191 encalg = NULL;
192
193 /* Setup PBE algorithm */
194
195 pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
196
197 if (!pwri->keyDerivationAlgorithm)
198 goto err;
199
200 CMS_RecipientInfo_set0_password(ri, pass, passlen);
201 pwri->version = 0;
202
203 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
204 goto merr;
205
206 return ri;
207
208 merr:
209 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
210 err:
211 EVP_CIPHER_CTX_cleanup(&ctx);
212 if (ri)
213 M_ASN1_free_of(ri, CMS_RecipientInfo);
214 if (encalg)
215 X509_ALGOR_free(encalg);
216 return NULL;
217
218 }
219
220/* This is an implementation of the key wrapping mechanism in RFC3211,
221 * at some point this should go into EVP.
222 */
223
224static int kek_unwrap_key(unsigned char *out, size_t *outlen,
225 const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
226 {
227 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
228 unsigned char *tmp;
229 int outl, rv = 0;
230 if (inlen < 2 * blocklen)
231 {
232 /* too small */
233 return 0;
234 }
235 if (inlen % blocklen)
236 {
237 /* Invalid size */
238 return 0;
239 }
240 tmp = OPENSSL_malloc(inlen);
241 /* setup IV by decrypting last two blocks */
242 EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
243 in + inlen - 2 * blocklen, blocklen * 2);
244 /* Do a decrypt of last decrypted block to set IV to correct value
245 * output it to start of buffer so we don't corrupt decrypted block
246 * this works because buffer is at least two block lengths long.
247 */
248 EVP_DecryptUpdate(ctx, tmp, &outl,
249 tmp + inlen - blocklen, blocklen);
250 /* Can now decrypt first n - 1 blocks */
251 EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
252
253 /* Reset IV to original value */
254 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
255 /* Decrypt again */
256 EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
257 /* Check check bytes */
258 if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff)
259 {
260 /* Check byte failure */
261 goto err;
262 }
263 if (inlen < (size_t)(tmp[0] - 4 ))
264 {
265 /* Invalid length value */
266 goto err;
267 }
268 *outlen = (size_t)tmp[0];
269 memcpy(out, tmp + 4, *outlen);
270 rv = 1;
271 err:
272 OPENSSL_cleanse(tmp, inlen);
273 OPENSSL_free(tmp);
274 return rv;
275
276 }
277
278static int kek_wrap_key(unsigned char *out, size_t *outlen,
279 const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
280 {
281 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
282 size_t olen;
283 int dummy;
284 /* First decide length of output buffer: need header and round up to
285 * multiple of block length.
286 */
287 olen = (inlen + 4 + blocklen - 1)/blocklen;
288 olen *= blocklen;
289 if (olen < 2 * blocklen)
290 {
291 /* Key too small */
292 return 0;
293 }
294 if (inlen > 0xFF)
295 {
296 /* Key too large */
297 return 0;
298 }
299 if (out)
300 {
301 /* Set header */
302 out[0] = (unsigned char)inlen;
303 out[1] = in[0] ^ 0xFF;
304 out[2] = in[1] ^ 0xFF;
305 out[3] = in[2] ^ 0xFF;
306 memcpy(out + 4, in, inlen);
307 /* Add random padding to end */
308 if (olen > inlen + 4)
309 RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
310 /* Encrypt twice */
311 EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
312 EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
313 }
314
315 *outlen = olen;
316
317 return 1;
318 }
319
320/* Encrypt/Decrypt content key in PWRI recipient info */
321
322int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
323 int en_de)
324 {
325 CMS_EncryptedContentInfo *ec;
326 CMS_PasswordRecipientInfo *pwri;
327 const unsigned char *p = NULL;
328 int plen;
329 int r = 0;
330 X509_ALGOR *algtmp, *kekalg = NULL;
331 EVP_CIPHER_CTX kekctx;
332 const EVP_CIPHER *kekcipher;
333 unsigned char *key = NULL;
334 size_t keylen;
335
336 ec = cms->d.envelopedData->encryptedContentInfo;
337
338 pwri = ri->d.pwri;
339 EVP_CIPHER_CTX_init(&kekctx);
340
341 if (!pwri->pass)
342 {
343 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
344 return 0;
345 }
346 algtmp = pwri->keyEncryptionAlgorithm;
347
348 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK)
349 {
350 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
351 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
352 return 0;
353 }
354
355 if (algtmp->parameter->type == V_ASN1_SEQUENCE)
356 {
357 p = algtmp->parameter->value.sequence->data;
358 plen = algtmp->parameter->value.sequence->length;
359 kekalg = d2i_X509_ALGOR(NULL, &p, plen);
360 }
361 if (kekalg == NULL)
362 {
363 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
364 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
365 return 0;
366 }
367
368 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
369
370 if(!kekcipher)
371 {
372 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
373 CMS_R_UNKNOWN_CIPHER);
374 goto err;
375 }
376
377 /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
378 if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
379 goto err;
380 EVP_CIPHER_CTX_set_padding(&kekctx, 0);
381 if(EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0)
382 {
383 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
384 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
385 goto err;
386 }
387
388 algtmp = pwri->keyDerivationAlgorithm;
389
390 /* Finish password based key derivation to setup key in "ctx" */
391
392 if (EVP_PBE_CipherInit(algtmp->algorithm,
393 (char *)pwri->pass, pwri->passlen,
394 algtmp->parameter, &kekctx, en_de) < 0)
395 {
396 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
397 goto err;
398 }
399
400 /* Finally wrap/unwrap the key */
401
402 if (en_de)
403 {
404
405 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
406 goto err;
407
408 key = OPENSSL_malloc(keylen);
409
410 if (!key)
411 goto err;
412
413 if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
414 goto err;
415 pwri->encryptedKey->data = key;
416 pwri->encryptedKey->length = keylen;
417 }
418 else
419 {
420 key = OPENSSL_malloc(pwri->encryptedKey->length);
421
422 if (!key)
423 {
424 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
425 ERR_R_MALLOC_FAILURE);
426 goto err;
427 }
428 if (!kek_unwrap_key(key, &keylen,
429 pwri->encryptedKey->data,
430 pwri->encryptedKey->length, &kekctx))
431 {
432 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
433 CMS_R_UNWRAP_FAILURE);
434 goto err;
435 }
436
437 ec->key = key;
438 ec->keylen = keylen;
439
440 }
441
442 r = 1;
443
444 err:
445
446 EVP_CIPHER_CTX_cleanup(&kekctx);
447
448 if (!r && key)
449 OPENSSL_free(key);
450 X509_ALGOR_free(kekalg);
451
452 return r;
453
454 }
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
new file mode 100644
index 0000000000..77fbd13596
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -0,0 +1,985 @@
1/* crypto/cms/cms_sd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61#include "asn1_locl.h"
62
63/* CMS SignedData Utilities */
64
65DECLARE_ASN1_ITEM(CMS_SignedData)
66
67static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
68 {
69 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
70 {
71 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
72 return NULL;
73 }
74 return cms->d.signedData;
75 }
76
77static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
78 {
79 if (cms->d.other == NULL)
80 {
81 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
82 if (!cms->d.signedData)
83 {
84 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
85 return NULL;
86 }
87 cms->d.signedData->version = 1;
88 cms->d.signedData->encapContentInfo->eContentType =
89 OBJ_nid2obj(NID_pkcs7_data);
90 cms->d.signedData->encapContentInfo->partial = 1;
91 ASN1_OBJECT_free(cms->contentType);
92 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
93 return cms->d.signedData;
94 }
95 return cms_get0_signed(cms);
96 }
97
98/* Just initialize SignedData e.g. for certs only structure */
99
100int CMS_SignedData_init(CMS_ContentInfo *cms)
101 {
102 if (cms_signed_data_init(cms))
103 return 1;
104 else
105 return 0;
106 }
107
108/* Check structures and fixup version numbers (if necessary) */
109
110static void cms_sd_set_version(CMS_SignedData *sd)
111 {
112 int i;
113 CMS_CertificateChoices *cch;
114 CMS_RevocationInfoChoice *rch;
115 CMS_SignerInfo *si;
116
117 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
118 {
119 cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
120 if (cch->type == CMS_CERTCHOICE_OTHER)
121 {
122 if (sd->version < 5)
123 sd->version = 5;
124 }
125 else if (cch->type == CMS_CERTCHOICE_V2ACERT)
126 {
127 if (sd->version < 4)
128 sd->version = 4;
129 }
130 else if (cch->type == CMS_CERTCHOICE_V1ACERT)
131 {
132 if (sd->version < 3)
133 sd->version = 3;
134 }
135 }
136
137 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
138 {
139 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
140 if (rch->type == CMS_REVCHOICE_OTHER)
141 {
142 if (sd->version < 5)
143 sd->version = 5;
144 }
145 }
146
147 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
148 && (sd->version < 3))
149 sd->version = 3;
150
151 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
152 {
153 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
154 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
155 {
156 if (si->version < 3)
157 si->version = 3;
158 if (sd->version < 3)
159 sd->version = 3;
160 }
161 else
162 sd->version = 1;
163 }
164
165 if (sd->version < 1)
166 sd->version = 1;
167
168 }
169
170/* Copy an existing messageDigest value */
171
172static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
173 {
174 STACK_OF(CMS_SignerInfo) *sinfos;
175 CMS_SignerInfo *sitmp;
176 int i;
177 sinfos = CMS_get0_SignerInfos(cms);
178 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
179 {
180 ASN1_OCTET_STRING *messageDigest;
181 sitmp = sk_CMS_SignerInfo_value(sinfos, i);
182 if (sitmp == si)
183 continue;
184 if (CMS_signed_get_attr_count(sitmp) < 0)
185 continue;
186 if (OBJ_cmp(si->digestAlgorithm->algorithm,
187 sitmp->digestAlgorithm->algorithm))
188 continue;
189 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
190 OBJ_nid2obj(NID_pkcs9_messageDigest),
191 -3, V_ASN1_OCTET_STRING);
192 if (!messageDigest)
193 {
194 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
195 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
196 return 0;
197 }
198
199 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
200 V_ASN1_OCTET_STRING,
201 messageDigest, -1))
202 return 1;
203 else
204 return 0;
205 }
206 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
207 return 0;
208 }
209
210int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
211 {
212 switch(type)
213 {
214 case CMS_SIGNERINFO_ISSUER_SERIAL:
215 sid->d.issuerAndSerialNumber =
216 M_ASN1_new_of(CMS_IssuerAndSerialNumber);
217 if (!sid->d.issuerAndSerialNumber)
218 goto merr;
219 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
220 X509_get_issuer_name(cert)))
221 goto merr;
222 if (!ASN1_STRING_copy(
223 sid->d.issuerAndSerialNumber->serialNumber,
224 X509_get_serialNumber(cert)))
225 goto merr;
226 break;
227
228 case CMS_SIGNERINFO_KEYIDENTIFIER:
229 if (!cert->skid)
230 {
231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
232 CMS_R_CERTIFICATE_HAS_NO_KEYID);
233 return 0;
234 }
235 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
236 if (!sid->d.subjectKeyIdentifier)
237 goto merr;
238 break;
239
240 default:
241 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
242 return 0;
243 }
244
245 sid->type = type;
246
247 return 1;
248
249 merr:
250 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
251 return 0;
252
253 }
254
255int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
256 ASN1_OCTET_STRING **keyid,
257 X509_NAME **issuer, ASN1_INTEGER **sno)
258 {
259 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
260 {
261 if (issuer)
262 *issuer = sid->d.issuerAndSerialNumber->issuer;
263 if (sno)
264 *sno = sid->d.issuerAndSerialNumber->serialNumber;
265 }
266 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
267 {
268 if (keyid)
269 *keyid = sid->d.subjectKeyIdentifier;
270 }
271 else
272 return 0;
273 return 1;
274 }
275
276int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
277 {
278 int ret;
279 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
280 {
281 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
282 X509_get_issuer_name(cert));
283 if (ret)
284 return ret;
285 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
286 X509_get_serialNumber(cert));
287 }
288 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
289 {
290 X509_check_purpose(cert, -1, -1);
291 if (!cert->skid)
292 return -1;
293 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
294 cert->skid);
295 }
296 else
297 return -1;
298 }
299
300CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
301 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
302 unsigned int flags)
303 {
304 CMS_SignedData *sd;
305 CMS_SignerInfo *si = NULL;
306 X509_ALGOR *alg;
307 int i, type;
308 if(!X509_check_private_key(signer, pk))
309 {
310 CMSerr(CMS_F_CMS_ADD1_SIGNER,
311 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
312 return NULL;
313 }
314 sd = cms_signed_data_init(cms);
315 if (!sd)
316 goto err;
317 si = M_ASN1_new_of(CMS_SignerInfo);
318 if (!si)
319 goto merr;
320 X509_check_purpose(signer, -1, -1);
321
322 CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
323 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
324
325 si->pkey = pk;
326 si->signer = signer;
327
328 if (flags & CMS_USE_KEYID)
329 {
330 si->version = 3;
331 if (sd->version < 3)
332 sd->version = 3;
333 type = CMS_SIGNERINFO_KEYIDENTIFIER;
334 }
335 else
336 {
337 type = CMS_SIGNERINFO_ISSUER_SERIAL;
338 si->version = 1;
339 }
340
341 if (!cms_set1_SignerIdentifier(si->sid, signer, type))
342 goto err;
343
344 if (md == NULL)
345 {
346 int def_nid;
347 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
348 goto err;
349 md = EVP_get_digestbynid(def_nid);
350 if (md == NULL)
351 {
352 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
353 goto err;
354 }
355 }
356
357 if (!md)
358 {
359 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
360 goto err;
361 }
362
363 cms_DigestAlgorithm_set(si->digestAlgorithm, md);
364
365 /* See if digest is present in digestAlgorithms */
366 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
367 {
368 ASN1_OBJECT *aoid;
369 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
370 X509_ALGOR_get0(&aoid, NULL, NULL, alg);
371 if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
372 break;
373 }
374
375 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
376 {
377 alg = X509_ALGOR_new();
378 if (!alg)
379 goto merr;
380 cms_DigestAlgorithm_set(alg, md);
381 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
382 {
383 X509_ALGOR_free(alg);
384 goto merr;
385 }
386 }
387
388 if (pk->ameth && pk->ameth->pkey_ctrl)
389 {
390 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
391 0, si);
392 if (i == -2)
393 {
394 CMSerr(CMS_F_CMS_ADD1_SIGNER,
395 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
396 goto err;
397 }
398 if (i <= 0)
399 {
400 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
401 goto err;
402 }
403 }
404
405 if (!(flags & CMS_NOATTR))
406 {
407 /* Initialialize signed attributes strutucture so other
408 * attributes such as signing time etc are added later
409 * even if we add none here.
410 */
411 if (!si->signedAttrs)
412 {
413 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
414 if (!si->signedAttrs)
415 goto merr;
416 }
417
418 if (!(flags & CMS_NOSMIMECAP))
419 {
420 STACK_OF(X509_ALGOR) *smcap = NULL;
421 i = CMS_add_standard_smimecap(&smcap);
422 if (i)
423 i = CMS_add_smimecap(si, smcap);
424 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
425 if (!i)
426 goto merr;
427 }
428 if (flags & CMS_REUSE_DIGEST)
429 {
430 if (!cms_copy_messageDigest(cms, si))
431 goto err;
432 if (!(flags & CMS_PARTIAL) &&
433 !CMS_SignerInfo_sign(si))
434 goto err;
435 }
436 }
437
438 if (!(flags & CMS_NOCERTS))
439 {
440 /* NB ignore -1 return for duplicate cert */
441 if (!CMS_add1_cert(cms, signer))
442 goto merr;
443 }
444
445 if (!sd->signerInfos)
446 sd->signerInfos = sk_CMS_SignerInfo_new_null();
447 if (!sd->signerInfos ||
448 !sk_CMS_SignerInfo_push(sd->signerInfos, si))
449 goto merr;
450
451 return si;
452
453 merr:
454 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
455 err:
456 if (si)
457 M_ASN1_free_of(si, CMS_SignerInfo);
458 return NULL;
459
460 }
461
462static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
463 {
464 ASN1_TIME *tt;
465 int r = 0;
466 if (t)
467 tt = t;
468 else
469 tt = X509_gmtime_adj(NULL, 0);
470
471 if (!tt)
472 goto merr;
473
474 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
475 tt->type, tt, -1) <= 0)
476 goto merr;
477
478 r = 1;
479
480 merr:
481
482 if (!t)
483 ASN1_TIME_free(tt);
484
485 if (!r)
486 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
487
488 return r;
489
490 }
491
492STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
493 {
494 CMS_SignedData *sd;
495 sd = cms_get0_signed(cms);
496 if (!sd)
497 return NULL;
498 return sd->signerInfos;
499 }
500
501STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
502 {
503 STACK_OF(X509) *signers = NULL;
504 STACK_OF(CMS_SignerInfo) *sinfos;
505 CMS_SignerInfo *si;
506 int i;
507 sinfos = CMS_get0_SignerInfos(cms);
508 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
509 {
510 si = sk_CMS_SignerInfo_value(sinfos, i);
511 if (si->signer)
512 {
513 if (!signers)
514 {
515 signers = sk_X509_new_null();
516 if (!signers)
517 return NULL;
518 }
519 if (!sk_X509_push(signers, si->signer))
520 {
521 sk_X509_free(signers);
522 return NULL;
523 }
524 }
525 }
526 return signers;
527 }
528
529void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
530 {
531 if (signer)
532 {
533 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
534 if (si->pkey)
535 EVP_PKEY_free(si->pkey);
536 si->pkey = X509_get_pubkey(signer);
537 }
538 if (si->signer)
539 X509_free(si->signer);
540 si->signer = signer;
541 }
542
543int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
544 ASN1_OCTET_STRING **keyid,
545 X509_NAME **issuer, ASN1_INTEGER **sno)
546 {
547 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
548 }
549
550int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
551 {
552 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
553 }
554
555int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
556 unsigned int flags)
557 {
558 CMS_SignedData *sd;
559 CMS_SignerInfo *si;
560 CMS_CertificateChoices *cch;
561 STACK_OF(CMS_CertificateChoices) *certs;
562 X509 *x;
563 int i, j;
564 int ret = 0;
565 sd = cms_get0_signed(cms);
566 if (!sd)
567 return -1;
568 certs = sd->certificates;
569 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
570 {
571 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
572 if (si->signer)
573 continue;
574
575 for (j = 0; j < sk_X509_num(scerts); j++)
576 {
577 x = sk_X509_value(scerts, j);
578 if (CMS_SignerInfo_cert_cmp(si, x) == 0)
579 {
580 CMS_SignerInfo_set1_signer_cert(si, x);
581 ret++;
582 break;
583 }
584 }
585
586 if (si->signer || (flags & CMS_NOINTERN))
587 continue;
588
589 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
590 {
591 cch = sk_CMS_CertificateChoices_value(certs, j);
592 if (cch->type != 0)
593 continue;
594 x = cch->d.certificate;
595 if (CMS_SignerInfo_cert_cmp(si, x) == 0)
596 {
597 CMS_SignerInfo_set1_signer_cert(si, x);
598 ret++;
599 break;
600 }
601 }
602 }
603 return ret;
604 }
605
606void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
607 X509_ALGOR **pdig, X509_ALGOR **psig)
608 {
609 if (pk)
610 *pk = si->pkey;
611 if (signer)
612 *signer = si->signer;
613 if (pdig)
614 *pdig = si->digestAlgorithm;
615 if (psig)
616 *psig = si->signatureAlgorithm;
617 }
618
619static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
620 CMS_SignerInfo *si, BIO *chain)
621 {
622 EVP_MD_CTX mctx;
623 int r = 0;
624 EVP_MD_CTX_init(&mctx);
625
626
627 if (!si->pkey)
628 {
629 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
630 return 0;
631 }
632
633 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
634 goto err;
635
636 /* If any signed attributes calculate and add messageDigest attribute */
637
638 if (CMS_signed_get_attr_count(si) >= 0)
639 {
640 ASN1_OBJECT *ctype =
641 cms->d.signedData->encapContentInfo->eContentType;
642 unsigned char md[EVP_MAX_MD_SIZE];
643 unsigned int mdlen;
644 if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
645 goto err;
646 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
647 V_ASN1_OCTET_STRING,
648 md, mdlen))
649 goto err;
650 /* Copy content type across */
651 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
652 V_ASN1_OBJECT, ctype, -1) <= 0)
653 goto err;
654 if (!CMS_SignerInfo_sign(si))
655 goto err;
656 }
657 else
658 {
659 unsigned char *sig;
660 unsigned int siglen;
661 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
662 if (!sig)
663 {
664 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
665 ERR_R_MALLOC_FAILURE);
666 goto err;
667 }
668 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
669 {
670 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
671 CMS_R_SIGNFINAL_ERROR);
672 OPENSSL_free(sig);
673 goto err;
674 }
675 ASN1_STRING_set0(si->signature, sig, siglen);
676 }
677
678 r = 1;
679
680 err:
681 EVP_MD_CTX_cleanup(&mctx);
682 return r;
683
684 }
685
686int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
687 {
688 STACK_OF(CMS_SignerInfo) *sinfos;
689 CMS_SignerInfo *si;
690 int i;
691 sinfos = CMS_get0_SignerInfos(cms);
692 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
693 {
694 si = sk_CMS_SignerInfo_value(sinfos, i);
695 if (!cms_SignerInfo_content_sign(cms, si, chain))
696 return 0;
697 }
698 cms->d.signedData->encapContentInfo->partial = 0;
699 return 1;
700 }
701
702int CMS_SignerInfo_sign(CMS_SignerInfo *si)
703 {
704 EVP_MD_CTX mctx;
705 EVP_PKEY_CTX *pctx;
706 unsigned char *abuf = NULL;
707 int alen;
708 size_t siglen;
709 const EVP_MD *md = NULL;
710
711 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
712 if (md == NULL)
713 return 0;
714
715 EVP_MD_CTX_init(&mctx);
716
717 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
718 {
719 if (!cms_add1_signingTime(si, NULL))
720 goto err;
721 }
722
723 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
724 goto err;
725
726 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
727 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
728 {
729 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
730 goto err;
731 }
732
733 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
734 ASN1_ITEM_rptr(CMS_Attributes_Sign));
735 if(!abuf)
736 goto err;
737 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
738 goto err;
739 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
740 goto err;
741 OPENSSL_free(abuf);
742 abuf = OPENSSL_malloc(siglen);
743 if(!abuf)
744 goto err;
745 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
746 goto err;
747
748 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
749 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
750 {
751 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
752 goto err;
753 }
754
755 EVP_MD_CTX_cleanup(&mctx);
756
757 ASN1_STRING_set0(si->signature, abuf, siglen);
758
759 return 1;
760
761 err:
762 if (abuf)
763 OPENSSL_free(abuf);
764 EVP_MD_CTX_cleanup(&mctx);
765 return 0;
766
767 }
768
769int CMS_SignerInfo_verify(CMS_SignerInfo *si)
770 {
771 EVP_MD_CTX mctx;
772 EVP_PKEY_CTX *pctx;
773 unsigned char *abuf = NULL;
774 int alen, r = -1;
775 const EVP_MD *md = NULL;
776
777 if (!si->pkey)
778 {
779 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
780 return -1;
781 }
782
783 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
784 if (md == NULL)
785 return -1;
786 EVP_MD_CTX_init(&mctx);
787 if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
788 goto err;
789
790 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
791 ASN1_ITEM_rptr(CMS_Attributes_Verify));
792 if(!abuf)
793 goto err;
794 r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
795 OPENSSL_free(abuf);
796 if (r <= 0)
797 {
798 r = -1;
799 goto err;
800 }
801 r = EVP_DigestVerifyFinal(&mctx,
802 si->signature->data, si->signature->length);
803 if (r <= 0)
804 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
805 err:
806 EVP_MD_CTX_cleanup(&mctx);
807 return r;
808 }
809
810/* Create a chain of digest BIOs from a CMS ContentInfo */
811
812BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
813 {
814 int i;
815 CMS_SignedData *sd;
816 BIO *chain = NULL;
817 sd = cms_get0_signed(cms);
818 if (!sd)
819 return NULL;
820 if (cms->d.signedData->encapContentInfo->partial)
821 cms_sd_set_version(sd);
822 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
823 {
824 X509_ALGOR *digestAlgorithm;
825 BIO *mdbio;
826 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
827 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
828 if (!mdbio)
829 goto err;
830 if (chain)
831 BIO_push(chain, mdbio);
832 else
833 chain = mdbio;
834 }
835 return chain;
836 err:
837 if (chain)
838 BIO_free_all(chain);
839 return NULL;
840 }
841
842int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
843 {
844 ASN1_OCTET_STRING *os = NULL;
845 EVP_MD_CTX mctx;
846 int r = -1;
847 EVP_MD_CTX_init(&mctx);
848 /* If we have any signed attributes look for messageDigest value */
849 if (CMS_signed_get_attr_count(si) >= 0)
850 {
851 os = CMS_signed_get0_data_by_OBJ(si,
852 OBJ_nid2obj(NID_pkcs9_messageDigest),
853 -3, V_ASN1_OCTET_STRING);
854 if (!os)
855 {
856 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
857 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
858 goto err;
859 }
860 }
861
862 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
863 goto err;
864
865 /* If messageDigest found compare it */
866
867 if (os)
868 {
869 unsigned char mval[EVP_MAX_MD_SIZE];
870 unsigned int mlen;
871 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
872 {
873 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
874 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
875 goto err;
876 }
877 if (mlen != (unsigned int)os->length)
878 {
879 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
880 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
881 goto err;
882 }
883
884 if (memcmp(mval, os->data, mlen))
885 {
886 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
887 CMS_R_VERIFICATION_FAILURE);
888 r = 0;
889 }
890 else
891 r = 1;
892 }
893 else
894 {
895 r = EVP_VerifyFinal(&mctx, si->signature->data,
896 si->signature->length, si->pkey);
897 if (r <= 0)
898 {
899 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
900 CMS_R_VERIFICATION_FAILURE);
901 r = 0;
902 }
903 }
904
905 err:
906 EVP_MD_CTX_cleanup(&mctx);
907 return r;
908
909 }
910
911int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
912 {
913 unsigned char *smder = NULL;
914 int smderlen, r;
915 smderlen = i2d_X509_ALGORS(algs, &smder);
916 if (smderlen <= 0)
917 return 0;
918 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
919 V_ASN1_SEQUENCE, smder, smderlen);
920 OPENSSL_free(smder);
921 return r;
922 }
923
924int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
925 int algnid, int keysize)
926 {
927 X509_ALGOR *alg;
928 ASN1_INTEGER *key = NULL;
929 if (keysize > 0)
930 {
931 key = ASN1_INTEGER_new();
932 if (!key || !ASN1_INTEGER_set(key, keysize))
933 return 0;
934 }
935 alg = X509_ALGOR_new();
936 if (!alg)
937 {
938 if (key)
939 ASN1_INTEGER_free(key);
940 return 0;
941 }
942
943 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
944 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
945 if (!*algs)
946 *algs = sk_X509_ALGOR_new_null();
947 if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
948 {
949 X509_ALGOR_free(alg);
950 return 0;
951 }
952 return 1;
953 }
954
955/* Check to see if a cipher exists and if so add S/MIME capabilities */
956
957static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
958 {
959 if (EVP_get_cipherbynid(nid))
960 return CMS_add_simple_smimecap(sk, nid, arg);
961 return 1;
962 }
963
964static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
965 {
966 if (EVP_get_digestbynid(nid))
967 return CMS_add_simple_smimecap(sk, nid, arg);
968 return 1;
969 }
970
971int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
972 {
973 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
974 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
975 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
976 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
977 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
978 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
979 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
980 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
981 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
982 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
983 return 0;
984 return 1;
985 }
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
new file mode 100644
index 0000000000..4a799eb897
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -0,0 +1,797 @@
1/* crypto/cms/cms_smime.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/x509.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61
62static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
63 {
64 unsigned char buf[4096];
65 int r = 0, i;
66 BIO *tmpout = NULL;
67
68 if (out == NULL)
69 tmpout = BIO_new(BIO_s_null());
70 else if (flags & CMS_TEXT)
71 {
72 tmpout = BIO_new(BIO_s_mem());
73 BIO_set_mem_eof_return(tmpout, 0);
74 }
75 else
76 tmpout = out;
77
78 if(!tmpout)
79 {
80 CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
81 goto err;
82 }
83
84 /* Read all content through chain to process digest, decrypt etc */
85 for (;;)
86 {
87 i=BIO_read(in,buf,sizeof(buf));
88 if (i <= 0)
89 {
90 if (BIO_method_type(in) == BIO_TYPE_CIPHER)
91 {
92 if (!BIO_get_cipher_status(in))
93 goto err;
94 }
95 if (i < 0)
96 goto err;
97 break;
98 }
99
100 if (tmpout && (BIO_write(tmpout, buf, i) != i))
101 goto err;
102 }
103
104 if(flags & CMS_TEXT)
105 {
106 if(!SMIME_text(tmpout, out))
107 {
108 CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
109 goto err;
110 }
111 }
112
113 r = 1;
114
115 err:
116 if (tmpout && (tmpout != out))
117 BIO_free(tmpout);
118 return r;
119
120 }
121
122static int check_content(CMS_ContentInfo *cms)
123 {
124 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
125 if (!pos || !*pos)
126 {
127 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
128 return 0;
129 }
130 return 1;
131 }
132
133static void do_free_upto(BIO *f, BIO *upto)
134 {
135 if (upto)
136 {
137 BIO *tbio;
138 do
139 {
140 tbio = BIO_pop(f);
141 BIO_free(f);
142 f = tbio;
143 }
144 while (f != upto);
145 }
146 else
147 BIO_free_all(f);
148 }
149
150int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
151 {
152 BIO *cont;
153 int r;
154 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
155 {
156 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
157 return 0;
158 }
159 cont = CMS_dataInit(cms, NULL);
160 if (!cont)
161 return 0;
162 r = cms_copy_content(out, cont, flags);
163 BIO_free_all(cont);
164 return r;
165 }
166
167CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
168 {
169 CMS_ContentInfo *cms;
170 cms = cms_Data_create();
171 if (!cms)
172 return NULL;
173
174 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
175 return cms;
176
177 CMS_ContentInfo_free(cms);
178
179 return NULL;
180 }
181
182int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
183 unsigned int flags)
184 {
185 BIO *cont;
186 int r;
187 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
188 {
189 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
190 return 0;
191 }
192
193 if (!dcont && !check_content(cms))
194 return 0;
195
196 cont = CMS_dataInit(cms, dcont);
197 if (!cont)
198 return 0;
199 r = cms_copy_content(out, cont, flags);
200 if (r)
201 r = cms_DigestedData_do_final(cms, cont, 1);
202 do_free_upto(cont, dcont);
203 return r;
204 }
205
206CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
207 unsigned int flags)
208 {
209 CMS_ContentInfo *cms;
210 if (!md)
211 md = EVP_sha1();
212 cms = cms_DigestedData_create(md);
213 if (!cms)
214 return NULL;
215
216 if(!(flags & CMS_DETACHED))
217 CMS_set_detached(cms, 0);
218
219 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
220 return cms;
221
222 CMS_ContentInfo_free(cms);
223 return NULL;
224 }
225
226int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
227 const unsigned char *key, size_t keylen,
228 BIO *dcont, BIO *out, unsigned int flags)
229 {
230 BIO *cont;
231 int r;
232 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
233 {
234 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
235 CMS_R_TYPE_NOT_ENCRYPTED_DATA);
236 return 0;
237 }
238
239 if (!dcont && !check_content(cms))
240 return 0;
241
242 if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
243 return 0;
244 cont = CMS_dataInit(cms, dcont);
245 if (!cont)
246 return 0;
247 r = cms_copy_content(out, cont, flags);
248 do_free_upto(cont, dcont);
249 return r;
250 }
251
252CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
253 const unsigned char *key, size_t keylen,
254 unsigned int flags)
255 {
256 CMS_ContentInfo *cms;
257 if (!cipher)
258 {
259 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
260 return NULL;
261 }
262 cms = CMS_ContentInfo_new();
263 if (!cms)
264 return NULL;
265 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
266 return NULL;
267
268 if(!(flags & CMS_DETACHED))
269 CMS_set_detached(cms, 0);
270
271 if ((flags & (CMS_STREAM|CMS_PARTIAL))
272 || CMS_final(cms, in, NULL, flags))
273 return cms;
274
275 CMS_ContentInfo_free(cms);
276 return NULL;
277 }
278
279static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
280 X509_STORE *store,
281 STACK_OF(X509) *certs,
282 STACK_OF(X509_CRL) *crls,
283 unsigned int flags)
284 {
285 X509_STORE_CTX ctx;
286 X509 *signer;
287 int i, j, r = 0;
288 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
289 if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
290 {
291 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
292 CMS_R_STORE_INIT_ERROR);
293 goto err;
294 }
295 X509_STORE_CTX_set_default(&ctx, "smime_sign");
296 if (crls)
297 X509_STORE_CTX_set0_crls(&ctx, crls);
298
299 i = X509_verify_cert(&ctx);
300 if (i <= 0)
301 {
302 j = X509_STORE_CTX_get_error(&ctx);
303 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
304 CMS_R_CERTIFICATE_VERIFY_ERROR);
305 ERR_add_error_data(2, "Verify error:",
306 X509_verify_cert_error_string(j));
307 goto err;
308 }
309 r = 1;
310 err:
311 X509_STORE_CTX_cleanup(&ctx);
312 return r;
313
314 }
315
316int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
317 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
318 {
319 CMS_SignerInfo *si;
320 STACK_OF(CMS_SignerInfo) *sinfos;
321 STACK_OF(X509) *cms_certs = NULL;
322 STACK_OF(X509_CRL) *crls = NULL;
323 X509 *signer;
324 int i, scount = 0, ret = 0;
325 BIO *cmsbio = NULL, *tmpin = NULL;
326
327 if (!dcont && !check_content(cms))
328 return 0;
329
330 /* Attempt to find all signer certificates */
331
332 sinfos = CMS_get0_SignerInfos(cms);
333
334 if (sk_CMS_SignerInfo_num(sinfos) <= 0)
335 {
336 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
337 goto err;
338 }
339
340 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
341 {
342 si = sk_CMS_SignerInfo_value(sinfos, i);
343 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
344 if (signer)
345 scount++;
346 }
347
348 if (scount != sk_CMS_SignerInfo_num(sinfos))
349 scount += CMS_set1_signers_certs(cms, certs, flags);
350
351 if (scount != sk_CMS_SignerInfo_num(sinfos))
352 {
353 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
354 goto err;
355 }
356
357 /* Attempt to verify all signers certs */
358
359 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
360 {
361 cms_certs = CMS_get1_certs(cms);
362 if (!(flags & CMS_NOCRL))
363 crls = CMS_get1_crls(cms);
364 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
365 {
366 si = sk_CMS_SignerInfo_value(sinfos, i);
367 if (!cms_signerinfo_verify_cert(si, store,
368 cms_certs, crls, flags))
369 goto err;
370 }
371 }
372
373 /* Attempt to verify all SignerInfo signed attribute signatures */
374
375 if (!(flags & CMS_NO_ATTR_VERIFY))
376 {
377 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
378 {
379 si = sk_CMS_SignerInfo_value(sinfos, i);
380 if (CMS_signed_get_attr_count(si) < 0)
381 continue;
382 if (CMS_SignerInfo_verify(si) <= 0)
383 goto err;
384 }
385 }
386
387 /* Performance optimization: if the content is a memory BIO then
388 * store its contents in a temporary read only memory BIO. This
389 * avoids potentially large numbers of slow copies of data which will
390 * occur when reading from a read write memory BIO when signatures
391 * are calculated.
392 */
393
394 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
395 {
396 char *ptr;
397 long len;
398 len = BIO_get_mem_data(dcont, &ptr);
399 tmpin = BIO_new_mem_buf(ptr, len);
400 if (tmpin == NULL)
401 {
402 CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
403 return 0;
404 }
405 }
406 else
407 tmpin = dcont;
408
409
410 cmsbio=CMS_dataInit(cms, tmpin);
411 if (!cmsbio)
412 goto err;
413
414 if (!cms_copy_content(out, cmsbio, flags))
415 goto err;
416
417 if (!(flags & CMS_NO_CONTENT_VERIFY))
418 {
419 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
420 {
421 si = sk_CMS_SignerInfo_value(sinfos, i);
422 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
423 {
424 CMSerr(CMS_F_CMS_VERIFY,
425 CMS_R_CONTENT_VERIFY_ERROR);
426 goto err;
427 }
428 }
429 }
430
431 ret = 1;
432
433 err:
434
435 if (dcont && (tmpin == dcont))
436 do_free_upto(cmsbio, dcont);
437 else
438 BIO_free_all(cmsbio);
439
440 if (cms_certs)
441 sk_X509_pop_free(cms_certs, X509_free);
442 if (crls)
443 sk_X509_CRL_pop_free(crls, X509_CRL_free);
444
445 return ret;
446 }
447
448int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
449 STACK_OF(X509) *certs,
450 X509_STORE *store, unsigned int flags)
451 {
452 int r;
453 flags &= ~(CMS_DETACHED|CMS_TEXT);
454 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
455 if (r <= 0)
456 return r;
457 return cms_Receipt_verify(rcms, ocms);
458 }
459
460CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
461 BIO *data, unsigned int flags)
462 {
463 CMS_ContentInfo *cms;
464 int i;
465
466 cms = CMS_ContentInfo_new();
467 if (!cms || !CMS_SignedData_init(cms))
468 goto merr;
469
470 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
471 {
472 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
473 goto err;
474 }
475
476 for (i = 0; i < sk_X509_num(certs); i++)
477 {
478 X509 *x = sk_X509_value(certs, i);
479 if (!CMS_add1_cert(cms, x))
480 goto merr;
481 }
482
483 if(!(flags & CMS_DETACHED))
484 CMS_set_detached(cms, 0);
485
486 if ((flags & (CMS_STREAM|CMS_PARTIAL))
487 || CMS_final(cms, data, NULL, flags))
488 return cms;
489 else
490 goto err;
491
492 merr:
493 CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
494
495 err:
496 if (cms)
497 CMS_ContentInfo_free(cms);
498 return NULL;
499 }
500
501CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
502 X509 *signcert, EVP_PKEY *pkey,
503 STACK_OF(X509) *certs,
504 unsigned int flags)
505 {
506 CMS_SignerInfo *rct_si;
507 CMS_ContentInfo *cms = NULL;
508 ASN1_OCTET_STRING **pos, *os;
509 BIO *rct_cont = NULL;
510 int r = 0;
511
512 flags &= ~(CMS_STREAM|CMS_TEXT);
513 /* Not really detached but avoids content being allocated */
514 flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
515 if (!pkey || !signcert)
516 {
517 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
518 return NULL;
519 }
520
521 /* Initialize signed data */
522
523 cms = CMS_sign(NULL, NULL, certs, NULL, flags);
524 if (!cms)
525 goto err;
526
527 /* Set inner content type to signed receipt */
528 if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
529 goto err;
530
531 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
532 if (!rct_si)
533 {
534 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
535 goto err;
536 }
537
538 os = cms_encode_Receipt(si);
539
540 if (!os)
541 goto err;
542
543 /* Set content to digest */
544 rct_cont = BIO_new_mem_buf(os->data, os->length);
545 if (!rct_cont)
546 goto err;
547
548 /* Add msgSigDigest attribute */
549
550 if (!cms_msgSigDigest_add1(rct_si, si))
551 goto err;
552
553 /* Finalize structure */
554 if (!CMS_final(cms, rct_cont, NULL, flags))
555 goto err;
556
557 /* Set embedded content */
558 pos = CMS_get0_content(cms);
559 *pos = os;
560
561 r = 1;
562
563 err:
564 if (rct_cont)
565 BIO_free(rct_cont);
566 if (r)
567 return cms;
568 CMS_ContentInfo_free(cms);
569 return NULL;
570
571 }
572
573CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
574 const EVP_CIPHER *cipher, unsigned int flags)
575 {
576 CMS_ContentInfo *cms;
577 int i;
578 X509 *recip;
579 cms = CMS_EnvelopedData_create(cipher);
580 if (!cms)
581 goto merr;
582 for (i = 0; i < sk_X509_num(certs); i++)
583 {
584 recip = sk_X509_value(certs, i);
585 if (!CMS_add1_recipient_cert(cms, recip, flags))
586 {
587 CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
588 goto err;
589 }
590 }
591
592 if(!(flags & CMS_DETACHED))
593 CMS_set_detached(cms, 0);
594
595 if ((flags & (CMS_STREAM|CMS_PARTIAL))
596 || CMS_final(cms, data, NULL, flags))
597 return cms;
598 else
599 goto err;
600
601 merr:
602 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
603 err:
604 if (cms)
605 CMS_ContentInfo_free(cms);
606 return NULL;
607 }
608
609int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
610 {
611 STACK_OF(CMS_RecipientInfo) *ris;
612 CMS_RecipientInfo *ri;
613 int i, r;
614 ris = CMS_get0_RecipientInfos(cms);
615 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
616 {
617 ri = sk_CMS_RecipientInfo_value(ris, i);
618 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
619 continue;
620 /* If we have a cert try matching RecipientInfo
621 * otherwise try them all.
622 */
623 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
624 {
625 CMS_RecipientInfo_set0_pkey(ri, pk);
626 r = CMS_RecipientInfo_decrypt(cms, ri);
627 CMS_RecipientInfo_set0_pkey(ri, NULL);
628 if (r > 0)
629 return 1;
630 if (cert)
631 {
632 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
633 CMS_R_DECRYPT_ERROR);
634 return 0;
635 }
636 ERR_clear_error();
637 }
638 }
639
640 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
641 return 0;
642
643 }
644
645int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
646 unsigned char *key, size_t keylen,
647 unsigned char *id, size_t idlen)
648 {
649 STACK_OF(CMS_RecipientInfo) *ris;
650 CMS_RecipientInfo *ri;
651 int i, r;
652 ris = CMS_get0_RecipientInfos(cms);
653 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
654 {
655 ri = sk_CMS_RecipientInfo_value(ris, i);
656 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
657 continue;
658
659 /* If we have an id try matching RecipientInfo
660 * otherwise try them all.
661 */
662 if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
663 {
664 CMS_RecipientInfo_set0_key(ri, key, keylen);
665 r = CMS_RecipientInfo_decrypt(cms, ri);
666 CMS_RecipientInfo_set0_key(ri, NULL, 0);
667 if (r > 0)
668 return 1;
669 if (id)
670 {
671 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
672 CMS_R_DECRYPT_ERROR);
673 return 0;
674 }
675 ERR_clear_error();
676 }
677 }
678
679 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
680 return 0;
681
682 }
683
684int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
685 BIO *dcont, BIO *out,
686 unsigned int flags)
687 {
688 int r;
689 BIO *cont;
690 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
691 {
692 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
693 return 0;
694 }
695 if (!dcont && !check_content(cms))
696 return 0;
697 if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
698 return 0;
699
700 cont = CMS_dataInit(cms, dcont);
701 if (!cont)
702 return 0;
703 r = cms_copy_content(out, cont, flags);
704 do_free_upto(cont, dcont);
705 return r;
706 }
707
708int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
709 {
710 BIO *cmsbio;
711 int ret = 0;
712 if (!(cmsbio = CMS_dataInit(cms, dcont)))
713 {
714 CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
715 return 0;
716 }
717
718 SMIME_crlf_copy(data, cmsbio, flags);
719
720 (void)BIO_flush(cmsbio);
721
722
723 if (!CMS_dataFinal(cms, cmsbio))
724 {
725 CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
726 goto err;
727 }
728
729 ret = 1;
730
731 err:
732 do_free_upto(cmsbio, dcont);
733
734 return ret;
735
736 }
737
738#ifdef ZLIB
739
740int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
741 unsigned int flags)
742 {
743 BIO *cont;
744 int r;
745 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
746 {
747 CMSerr(CMS_F_CMS_UNCOMPRESS,
748 CMS_R_TYPE_NOT_COMPRESSED_DATA);
749 return 0;
750 }
751
752 if (!dcont && !check_content(cms))
753 return 0;
754
755 cont = CMS_dataInit(cms, dcont);
756 if (!cont)
757 return 0;
758 r = cms_copy_content(out, cont, flags);
759 do_free_upto(cont, dcont);
760 return r;
761 }
762
763CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
764 {
765 CMS_ContentInfo *cms;
766 if (comp_nid <= 0)
767 comp_nid = NID_zlib_compression;
768 cms = cms_CompressedData_create(comp_nid);
769 if (!cms)
770 return NULL;
771
772 if(!(flags & CMS_DETACHED))
773 CMS_set_detached(cms, 0);
774
775 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
776 return cms;
777
778 CMS_ContentInfo_free(cms);
779 return NULL;
780 }
781
782#else
783
784int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
785 unsigned int flags)
786 {
787 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
788 return 0;
789 }
790
791CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
792 {
793 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
794 return NULL;
795 }
796
797#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-04 03:28:49 +0000