summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/cms')
-rw-r--r--src/lib/libcrypto/cms/cms.h10
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c46
-rw-r--r--src/lib/libcrypto/cms/cms_env.c85
-rw-r--r--src/lib/libcrypto/cms/cms_err.c4
-rw-r--r--src/lib/libcrypto/cms/cms_ess.c6
-rw-r--r--src/lib/libcrypto/cms/cms_io.c79
-rw-r--r--src/lib/libcrypto/cms/cms_lcl.h1
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c32
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c126
9 files changed, 217 insertions, 172 deletions
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
index 25f88745f2..09c45d0412 100644
--- a/src/lib/libcrypto/cms/cms.h
+++ b/src/lib/libcrypto/cms/cms.h
@@ -76,8 +76,9 @@ typedef struct CMS_Receipt_st CMS_Receipt;
76 76
77DECLARE_STACK_OF(CMS_SignerInfo) 77DECLARE_STACK_OF(CMS_SignerInfo)
78DECLARE_STACK_OF(GENERAL_NAMES) 78DECLARE_STACK_OF(GENERAL_NAMES)
79DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo) 79DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
80DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) 80DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
81DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
81 82
82#define CMS_SIGNERINFO_ISSUER_SERIAL 0 83#define CMS_SIGNERINFO_ISSUER_SERIAL 0
83#define CMS_SIGNERINFO_KEYIDENTIFIER 1 84#define CMS_SIGNERINFO_KEYIDENTIFIER 1
@@ -124,9 +125,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached);
124DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) 125DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
125#endif 126#endif
126 127
128int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
127CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); 129CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
128int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); 130int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
129 131
132BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
133int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
134int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
130CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); 135CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
131int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); 136int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
132 137
@@ -230,6 +235,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
230 235
231CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); 236CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
232int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); 237int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
238int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
233STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); 239STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
234 240
235int CMS_SignedData_init(CMS_ContentInfo *cms); 241int CMS_SignedData_init(CMS_ContentInfo *cms);
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index 7664921861..fcba4dcbcc 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -87,7 +87,8 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
87} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) 87} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
88 88
89/* Minor tweak to operation: free up signer key, cert */ 89/* Minor tweak to operation: free up signer key, cert */
90static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 90static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
91 void *exarg)
91 { 92 {
92 if(operation == ASN1_OP_FREE_POST) 93 if(operation == ASN1_OP_FREE_POST)
93 { 94 {
@@ -130,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
130} ASN1_NDEF_SEQUENCE_END(CMS_SignedData) 131} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
131 132
132ASN1_SEQUENCE(CMS_OriginatorInfo) = { 133ASN1_SEQUENCE(CMS_OriginatorInfo) = {
133 ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), 134 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
134 ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) 135 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
135} ASN1_SEQUENCE_END(CMS_OriginatorInfo) 136} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
136 137
137ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { 138ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
@@ -213,7 +214,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
213} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) 214} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
214 215
215/* Free up RecipientInfo additional data */ 216/* Free up RecipientInfo additional data */
216static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 217static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
218 void *exarg)
217 { 219 {
218 if(operation == ASN1_OP_FREE_PRE) 220 if(operation == ASN1_OP_FREE_PRE)
219 { 221 {
@@ -300,10 +302,42 @@ ASN1_ADB(CMS_ContentInfo) = {
300 ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), 302 ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
301} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); 303} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
302 304
303ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = { 305/* CMS streaming support */
306static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
307 void *exarg)
308 {
309 ASN1_STREAM_ARG *sarg = exarg;
310 CMS_ContentInfo *cms = NULL;
311 if (pval)
312 cms = (CMS_ContentInfo *)*pval;
313 else
314 return 1;
315 switch(operation)
316 {
317
318 case ASN1_OP_STREAM_PRE:
319 if (CMS_stream(&sarg->boundary, cms) <= 0)
320 return 0;
321 case ASN1_OP_DETACHED_PRE:
322 sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
323 if (!sarg->ndef_bio)
324 return 0;
325 break;
326
327 case ASN1_OP_STREAM_POST:
328 case ASN1_OP_DETACHED_POST:
329 if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
330 return 0;
331 break;
332
333 }
334 return 1;
335 }
336
337ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
304 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), 338 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
305 ASN1_ADB_OBJECT(CMS_ContentInfo) 339 ASN1_ADB_OBJECT(CMS_ContentInfo)
306} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo) 340} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
307 341
308/* Specials for signed attributes */ 342/* Specials for signed attributes */
309 343
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index d499ae85b4..b3237d4b94 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -60,6 +60,7 @@
60#include <openssl/rand.h> 60#include <openssl/rand.h>
61#include <openssl/aes.h> 61#include <openssl/aes.h>
62#include "cms_lcl.h" 62#include "cms_lcl.h"
63#include "asn1_locl.h"
63 64
64/* CMS EnvelopedData Utilities */ 65/* CMS EnvelopedData Utilities */
65 66
@@ -151,7 +152,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
151 CMS_KeyTransRecipientInfo *ktri; 152 CMS_KeyTransRecipientInfo *ktri;
152 CMS_EnvelopedData *env; 153 CMS_EnvelopedData *env;
153 EVP_PKEY *pk = NULL; 154 EVP_PKEY *pk = NULL;
154 int type; 155 int i, type;
155 env = cms_get0_enveloped(cms); 156 env = cms_get0_enveloped(cms);
156 if (!env) 157 if (!env)
157 goto err; 158 goto err;
@@ -200,21 +201,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
200 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) 201 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
201 goto err; 202 goto err;
202 203
203 /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, 204 if (pk->ameth && pk->ameth->pkey_ctrl)
204 * hard code algorithm parameters.
205 */
206
207 if (pk->type == EVP_PKEY_RSA)
208 {
209 X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
210 OBJ_nid2obj(NID_rsaEncryption),
211 V_ASN1_NULL, 0);
212 }
213 else
214 { 205 {
215 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 206 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
207 0, ri);
208 if (i == -2)
209 {
210 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
216 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 211 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
217 goto err; 212 goto err;
213 }
214 if (i <= 0)
215 {
216 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
217 CMS_R_CTRL_FAILURE);
218 goto err;
219 }
218 } 220 }
219 221
220 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) 222 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
@@ -301,8 +303,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
301 { 303 {
302 CMS_KeyTransRecipientInfo *ktri; 304 CMS_KeyTransRecipientInfo *ktri;
303 CMS_EncryptedContentInfo *ec; 305 CMS_EncryptedContentInfo *ec;
306 EVP_PKEY_CTX *pctx = NULL;
304 unsigned char *ek = NULL; 307 unsigned char *ek = NULL;
305 int eklen; 308 size_t eklen;
306 309
307 int ret = 0; 310 int ret = 0;
308 311
@@ -315,7 +318,22 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
315 ktri = ri->d.ktri; 318 ktri = ri->d.ktri;
316 ec = cms->d.envelopedData->encryptedContentInfo; 319 ec = cms->d.envelopedData->encryptedContentInfo;
317 320
318 eklen = EVP_PKEY_size(ktri->pkey); 321 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
322 if (!pctx)
323 return 0;
324
325 if (EVP_PKEY_encrypt_init(pctx) <= 0)
326 goto err;
327
328 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
329 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
330 {
331 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
332 goto err;
333 }
334
335 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
336 goto err;
319 337
320 ek = OPENSSL_malloc(eklen); 338 ek = OPENSSL_malloc(eklen);
321 339
@@ -326,9 +344,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
326 goto err; 344 goto err;
327 } 345 }
328 346
329 eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey); 347 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
330
331 if (eklen <= 0)
332 goto err; 348 goto err;
333 349
334 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); 350 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
@@ -337,6 +353,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
337 ret = 1; 353 ret = 1;
338 354
339 err: 355 err:
356 if (pctx)
357 EVP_PKEY_CTX_free(pctx);
340 if (ek) 358 if (ek)
341 OPENSSL_free(ek); 359 OPENSSL_free(ek);
342 return ret; 360 return ret;
@@ -349,8 +367,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
349 CMS_RecipientInfo *ri) 367 CMS_RecipientInfo *ri)
350 { 368 {
351 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 369 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
370 EVP_PKEY_CTX *pctx = NULL;
352 unsigned char *ek = NULL; 371 unsigned char *ek = NULL;
353 int eklen; 372 size_t eklen;
354 int ret = 0; 373 int ret = 0;
355 374
356 if (ktri->pkey == NULL) 375 if (ktri->pkey == NULL)
@@ -360,7 +379,24 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
360 return 0; 379 return 0;
361 } 380 }
362 381
363 eklen = EVP_PKEY_size(ktri->pkey); 382 pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
383 if (!pctx)
384 return 0;
385
386 if (EVP_PKEY_decrypt_init(pctx) <= 0)
387 goto err;
388
389 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
390 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
391 {
392 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
393 goto err;
394 }
395
396 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
397 ktri->encryptedKey->data,
398 ktri->encryptedKey->length) <= 0)
399 goto err;
364 400
365 ek = OPENSSL_malloc(eklen); 401 ek = OPENSSL_malloc(eklen);
366 402
@@ -371,10 +407,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
371 goto err; 407 goto err;
372 } 408 }
373 409
374 eklen = EVP_PKEY_decrypt(ek, 410 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
375 ktri->encryptedKey->data, 411 ktri->encryptedKey->data,
376 ktri->encryptedKey->length, ktri->pkey); 412 ktri->encryptedKey->length) <= 0)
377 if (eklen <= 0)
378 { 413 {
379 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); 414 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
380 goto err; 415 goto err;
@@ -386,6 +421,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
386 cms->d.envelopedData->encryptedContentInfo->keylen = eklen; 421 cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
387 422
388 err: 423 err:
424 if (pctx)
425 EVP_PKEY_CTX_free(pctx);
389 if (!ret && ek) 426 if (!ret && ek)
390 OPENSSL_free(ek); 427 OPENSSL_free(ek);
391 428
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
index 52fa53954f..ff7b0309e5 100644
--- a/src/lib/libcrypto/cms/cms_err.c
+++ b/src/lib/libcrypto/cms/cms_err.c
@@ -1,6 +1,6 @@
1/* crypto/cms/cms_err.c */ 1/* crypto/cms/cms_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -133,7 +133,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
133{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, 133{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
134{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, 134{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
135{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, 135{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
136{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"}, 136{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
137{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, 137{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
138{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, 138{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
139{0,NULL} 139{0,NULL}
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
index ed34ff3228..90c0b82fb5 100644
--- a/src/lib/libcrypto/cms/cms_ess.c
+++ b/src/lib/libcrypto/cms/cms_ess.c
@@ -63,7 +63,7 @@
63DECLARE_ASN1_ITEM(CMS_ReceiptRequest) 63DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
64DECLARE_ASN1_ITEM(CMS_Receipt) 64DECLARE_ASN1_ITEM(CMS_Receipt)
65 65
66IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest) 66IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
67 67
68/* ESS services: for now just Signed Receipt related */ 68/* ESS services: for now just Signed Receipt related */
69 69
@@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
344 344
345 /* Get original receipt request details */ 345 /* Get original receipt request details */
346 346
347 if (!CMS_get1_ReceiptRequest(osi, &rr)) 347 if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
348 { 348 {
349 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); 349 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
350 goto err; 350 goto err;
@@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
385 385
386 /* Get original receipt request details */ 386 /* Get original receipt request details */
387 387
388 if (!CMS_get1_ReceiptRequest(si, &rr)) 388 if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
389 { 389 {
390 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); 390 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
391 goto err; 391 goto err;
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
index 30f5ddfe6d..1cb0264cc5 100644
--- a/src/lib/libcrypto/cms/cms_io.c
+++ b/src/lib/libcrypto/cms/cms_io.c
@@ -58,6 +58,25 @@
58#include "cms.h" 58#include "cms.h"
59#include "cms_lcl.h" 59#include "cms_lcl.h"
60 60
61int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
62 {
63 ASN1_OCTET_STRING **pos;
64 pos = CMS_get0_content(cms);
65 if (!pos)
66 return 0;
67 if (!*pos)
68 *pos = ASN1_OCTET_STRING_new();
69 if (*pos)
70 {
71 (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
72 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
73 *boundary = &(*pos)->data;
74 return 1;
75 }
76 CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
77 return 0;
78 }
79
61CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) 80CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
62 { 81 {
63 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); 82 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
@@ -70,52 +89,26 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
70 89
71IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) 90IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
72 91
73/* Callback for int_smime_write_ASN1 */ 92BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
74
75static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
76 const ASN1_ITEM *it)
77 { 93 {
78 CMS_ContentInfo *cms = (CMS_ContentInfo *)val; 94 return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
79 BIO *tmpbio, *cmsbio; 95 ASN1_ITEM_rptr(CMS_ContentInfo));
80 int r = 0; 96 }
81
82 if (!(flags & SMIME_DETACHED))
83 {
84 SMIME_crlf_copy(data, out, flags);
85 return 1;
86 }
87
88 /* Let CMS code prepend any needed BIOs */
89
90 cmsbio = CMS_dataInit(cms, out);
91
92 if (!cmsbio)
93 return 0;
94
95 /* Copy data across, passing through filter BIOs for processing */
96 SMIME_crlf_copy(data, cmsbio, flags);
97
98 /* Finalize structure */
99 if (CMS_dataFinal(cms, cmsbio) <= 0)
100 goto err;
101
102 r = 1;
103
104 err:
105
106 /* Now remove any digests prepended to the BIO */
107
108 while (cmsbio != out)
109 {
110 tmpbio = BIO_pop(cmsbio);
111 BIO_free(cmsbio);
112 cmsbio = tmpbio;
113 }
114 97
115 return 1; 98/* CMS wrappers round generalised stream and MIME routines */
116 99
100int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
101 {
102 return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
103 ASN1_ITEM_rptr(CMS_ContentInfo));
117 } 104 }
118 105
106int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
107 {
108 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
109 "CMS",
110 ASN1_ITEM_rptr(CMS_ContentInfo));
111 }
119 112
120int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) 113int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
121 { 114 {
@@ -127,9 +120,8 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
127 else 120 else
128 mdalgs = NULL; 121 mdalgs = NULL;
129 122
130 return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, 123 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
131 ctype_nid, econt_nid, mdalgs, 124 ctype_nid, econt_nid, mdalgs,
132 cms_output_data,
133 ASN1_ITEM_rptr(CMS_ContentInfo)); 125 ASN1_ITEM_rptr(CMS_ContentInfo));
134 } 126 }
135 127
@@ -138,3 +130,4 @@ CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
138 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, 130 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
139 ASN1_ITEM_rptr(CMS_ContentInfo)); 131 ASN1_ITEM_rptr(CMS_ContentInfo));
140 } 132 }
133
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
index 7d60fac67e..c8ecfa724a 100644
--- a/src/lib/libcrypto/cms/cms_lcl.h
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -406,6 +406,7 @@ struct CMS_Receipt_st
406 ASN1_OCTET_STRING *originatorSignatureValue; 406 ASN1_OCTET_STRING *originatorSignatureValue;
407 }; 407 };
408 408
409DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
409DECLARE_ASN1_ITEM(CMS_SignerInfo) 410DECLARE_ASN1_ITEM(CMS_SignerInfo)
410DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) 411DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
411DECLARE_ASN1_ITEM(CMS_Attributes_Sign) 412DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index 8e6c1d29a5..d00fe0f87b 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -60,7 +60,8 @@
60#include "cms.h" 60#include "cms.h"
61#include "cms_lcl.h" 61#include "cms_lcl.h"
62 62
63IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo) 63IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
64IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
64 65
65DECLARE_ASN1_ITEM(CMS_CertificateChoices) 66DECLARE_ASN1_ITEM(CMS_CertificateChoices)
66DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) 67DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
@@ -346,20 +347,10 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
346 { 347 {
347 int param_type; 348 int param_type;
348 349
349 switch (EVP_MD_type(md)) 350 if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
350 {
351 case NID_sha1:
352 case NID_sha224:
353 case NID_sha256:
354 case NID_sha384:
355 case NID_sha512:
356 param_type = V_ASN1_UNDEF; 351 param_type = V_ASN1_UNDEF;
357 break; 352 else
358
359 default:
360 param_type = V_ASN1_NULL; 353 param_type = V_ASN1_NULL;
361 break;
362 }
363 354
364 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); 355 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
365 356
@@ -415,7 +406,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
415 return 0; 406 return 0;
416 } 407 }
417 BIO_get_md_ctx(chain, &mtmp); 408 BIO_get_md_ctx(chain, &mtmp);
418 if (EVP_MD_CTX_type(mtmp) == nid) 409 if (EVP_MD_CTX_type(mtmp) == nid
410 /* Workaround for broken implementations that use signature
411 * algorithm OID instead of digest.
412 */
413 || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
419 { 414 {
420 EVP_MD_CTX_copy_ex(mctx, mtmp); 415 EVP_MD_CTX_copy_ex(mctx, mtmp);
421 return 1; 416 return 1;
@@ -557,6 +552,15 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
557 return 1; 552 return 1;
558 } 553 }
559 554
555int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
556 {
557 int r;
558 r = CMS_add0_crl(cms, crl);
559 if (r > 0)
560 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
561 return r;
562 }
563
560STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) 564STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
561 { 565 {
562 STACK_OF(X509) *certs = NULL; 566 STACK_OF(X509) *certs = NULL;
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index cdac3b870d..e3192b9c57 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -58,6 +58,7 @@
58#include <openssl/err.h> 58#include <openssl/err.h>
59#include <openssl/cms.h> 59#include <openssl/cms.h>
60#include "cms_lcl.h" 60#include "cms_lcl.h"
61#include "asn1_locl.h"
61 62
62/* CMS SignedData Utilities */ 63/* CMS SignedData Utilities */
63 64
@@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
218 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, 219 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
219 X509_get_issuer_name(cert))) 220 X509_get_issuer_name(cert)))
220 goto merr; 221 goto merr;
221 ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); 222 if (!ASN1_STRING_copy(
222 sid->d.issuerAndSerialNumber->serialNumber = 223 sid->d.issuerAndSerialNumber->serialNumber,
223 ASN1_STRING_dup(X509_get_serialNumber(cert)); 224 X509_get_serialNumber(cert)))
224 if(!sid->d.issuerAndSerialNumber->serialNumber)
225 goto merr; 225 goto merr;
226 break; 226 break;
227 227
@@ -341,16 +341,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
341 if (!cms_set1_SignerIdentifier(si->sid, signer, type)) 341 if (!cms_set1_SignerIdentifier(si->sid, signer, type))
342 goto err; 342 goto err;
343 343
344 /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
345 if (md == NULL) 344 if (md == NULL)
346 md = EVP_sha1(); 345 {
347 346 int def_nid;
348 /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */ 347 if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
348 goto err;
349 md = EVP_get_digestbynid(def_nid);
350 if (md == NULL)
351 {
352 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
353 goto err;
354 }
355 }
349 356
350 if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) 357 if (!md)
351 { 358 {
352 CMSerr(CMS_F_CMS_ADD1_SIGNER, 359 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
353 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
354 goto err; 360 goto err;
355 } 361 }
356 362
@@ -379,37 +385,21 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
379 } 385 }
380 } 386 }
381 387
382 /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, 388 if (pk->ameth && pk->ameth->pkey_ctrl)
383 * hard code algorithm parameters.
384 */
385
386 switch (pk->type)
387 { 389 {
388 390 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
389 case EVP_PKEY_RSA: 391 0, si);
390 X509_ALGOR_set0(si->signatureAlgorithm, 392 if (i == -2)
391 OBJ_nid2obj(NID_rsaEncryption), 393 {
392 V_ASN1_NULL, 0); 394 CMSerr(CMS_F_CMS_ADD1_SIGNER,
393 break;
394
395 case EVP_PKEY_DSA:
396 X509_ALGOR_set0(si->signatureAlgorithm,
397 OBJ_nid2obj(NID_dsaWithSHA1),
398 V_ASN1_UNDEF, 0);
399 break;
400
401
402 case EVP_PKEY_EC:
403 X509_ALGOR_set0(si->signatureAlgorithm,
404 OBJ_nid2obj(NID_ecdsa_with_SHA1),
405 V_ASN1_UNDEF, 0);
406 break;
407
408 default:
409 CMSerr(CMS_F_CMS_ADD1_SIGNER,
410 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 395 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
411 goto err; 396 goto err;
412 397 }
398 if (i <= 0)
399 {
400 CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
401 goto err;
402 }
413 } 403 }
414 404
415 if (!(flags & CMS_NOATTR)) 405 if (!(flags & CMS_NOATTR))
@@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
626 *psig = si->signatureAlgorithm; 616 *psig = si->signatureAlgorithm;
627 } 617 }
628 618
629/* In OpenSSL 0.9.8 we have the link between digest types and public
630 * key types so we need to fixup the digest type if the public key
631 * type is not appropriate.
632 */
633
634static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
635 {
636 if (EVP_MD_CTX_type(mctx) != NID_sha1)
637 return;
638#ifndef OPENSSL_NO_DSA
639 if (pkey->type == EVP_PKEY_DSA)
640 mctx->digest = EVP_dss1();
641#endif
642#ifndef OPENSSL_NO_ECDSA
643 if (pkey->type == EVP_PKEY_EC)
644 mctx->digest = EVP_ecdsa();
645#endif
646 }
647
648static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 619static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
649 CMS_SignerInfo *si, BIO *chain) 620 CMS_SignerInfo *si, BIO *chain)
650 { 621 {
@@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
693 ERR_R_MALLOC_FAILURE); 664 ERR_R_MALLOC_FAILURE);
694 goto err; 665 goto err;
695 } 666 }
696 cms_fixup_mctx(&mctx, si->pkey);
697 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) 667 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
698 { 668 {
699 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 669 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
@@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
731int CMS_SignerInfo_sign(CMS_SignerInfo *si) 701int CMS_SignerInfo_sign(CMS_SignerInfo *si)
732 { 702 {
733 EVP_MD_CTX mctx; 703 EVP_MD_CTX mctx;
704 EVP_PKEY_CTX *pctx;
734 unsigned char *abuf = NULL; 705 unsigned char *abuf = NULL;
735 int alen; 706 int alen;
736 unsigned int siglen; 707 size_t siglen;
737 const EVP_MD *md = NULL; 708 const EVP_MD *md = NULL;
738 709
739 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 710 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
@@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
748 goto err; 719 goto err;
749 } 720 }
750 721
751 if (EVP_SignInit_ex(&mctx, md, NULL) <= 0) 722 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
752 goto err; 723 goto err;
753 724
754#if 0
755 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 725 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
756 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) 726 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
757 { 727 {
758 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 728 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
759 goto err; 729 goto err;
760 } 730 }
761#endif
762 731
763 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 732 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
764 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 733 ASN1_ITEM_rptr(CMS_Attributes_Sign));
765 if(!abuf) 734 if(!abuf)
766 goto err; 735 goto err;
767 if (EVP_SignUpdate(&mctx, abuf, alen) <= 0) 736 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
737 goto err;
738 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
768 goto err; 739 goto err;
769 siglen = EVP_PKEY_size(si->pkey);
770 OPENSSL_free(abuf); 740 OPENSSL_free(abuf);
771 abuf = OPENSSL_malloc(siglen); 741 abuf = OPENSSL_malloc(siglen);
772 if(!abuf) 742 if(!abuf)
773 goto err; 743 goto err;
774 cms_fixup_mctx(&mctx, si->pkey); 744 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
775 if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
776 goto err; 745 goto err;
777#if 0 746
778 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 747 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
779 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) 748 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
780 { 749 {
781 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 750 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
782 goto err; 751 goto err;
783 } 752 }
784#endif 753
785 EVP_MD_CTX_cleanup(&mctx); 754 EVP_MD_CTX_cleanup(&mctx);
786 755
787 ASN1_STRING_set0(si->signature, abuf, siglen); 756 ASN1_STRING_set0(si->signature, abuf, siglen);
@@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
799int CMS_SignerInfo_verify(CMS_SignerInfo *si) 768int CMS_SignerInfo_verify(CMS_SignerInfo *si)
800 { 769 {
801 EVP_MD_CTX mctx; 770 EVP_MD_CTX mctx;
771 EVP_PKEY_CTX *pctx;
802 unsigned char *abuf = NULL; 772 unsigned char *abuf = NULL;
803 int alen, r = -1; 773 int alen, r = -1;
804 const EVP_MD *md = NULL; 774 const EVP_MD *md = NULL;
@@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
813 if (md == NULL) 783 if (md == NULL)
814 return -1; 784 return -1;
815 EVP_MD_CTX_init(&mctx); 785 EVP_MD_CTX_init(&mctx);
816 if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0) 786 if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
817 goto err; 787 goto err;
818 788
819 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, 789 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
820 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 790 ASN1_ITEM_rptr(CMS_Attributes_Verify));
821 if(!abuf) 791 if(!abuf)
822 goto err; 792 goto err;
823 r = EVP_VerifyUpdate(&mctx, abuf, alen); 793 r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
824 OPENSSL_free(abuf); 794 OPENSSL_free(abuf);
825 if (r <= 0) 795 if (r <= 0)
826 { 796 {
827 r = -1; 797 r = -1;
828 goto err; 798 goto err;
829 } 799 }
830 cms_fixup_mctx(&mctx, si->pkey); 800 r = EVP_DigestVerifyFinal(&mctx,
831 r = EVP_VerifyFinal(&mctx, 801 si->signature->data, si->signature->length);
832 si->signature->data, si->signature->length, si->pkey);
833 if (r <= 0) 802 if (r <= 0)
834 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); 803 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
835 err: 804 err:
@@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
922 } 891 }
923 else 892 else
924 { 893 {
925 cms_fixup_mctx(&mctx, si->pkey);
926 r = EVP_VerifyFinal(&mctx, si->signature->data, 894 r = EVP_VerifyFinal(&mctx, si->signature->data,
927 si->signature->length, si->pkey); 895 si->signature->length, si->pkey);
928 if (r <= 0) 896 if (r <= 0)
@@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
991 return CMS_add_simple_smimecap(sk, nid, arg); 959 return CMS_add_simple_smimecap(sk, nid, arg);
992 return 1; 960 return 1;
993 } 961 }
994#if 0 962
995static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 963static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
996 { 964 {
997 if (EVP_get_digestbynid(nid)) 965 if (EVP_get_digestbynid(nid))
998 return CMS_add_simple_smimecap(sk, nid, arg); 966 return CMS_add_simple_smimecap(sk, nid, arg);
999 return 1; 967 return 1;
1000 } 968 }
1001#endif 969
1002int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 970int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
1003 { 971 {
1004 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 972 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
973 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
974 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
1005 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 975 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
1006 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 976 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
1007 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 977 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-09 22:12:12 +0000