summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/cms
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/cms')
-rw-r--r--src/lib/libcrypto/cms/cms.h473
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c346
-rw-r--r--src/lib/libcrypto/cms/cms_att.c195
-rw-r--r--src/lib/libcrypto/cms/cms_cd.c134
-rw-r--r--src/lib/libcrypto/cms/cms_dd.c148
-rw-r--r--src/lib/libcrypto/cms/cms_enc.c262
-rw-r--r--src/lib/libcrypto/cms/cms_env.c825
-rw-r--r--src/lib/libcrypto/cms/cms_err.c236
-rw-r--r--src/lib/libcrypto/cms/cms_ess.c420
-rw-r--r--src/lib/libcrypto/cms/cms_io.c140
-rw-r--r--src/lib/libcrypto/cms/cms_lcl.h460
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c623
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c1014
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c808
14 files changed, 6084 insertions, 0 deletions
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
new file mode 100644
index 0000000000..25f88745f2
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms.h
@@ -0,0 +1,473 @@
1/* crypto/cms/cms.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54
55#ifndef HEADER_CMS_H
56#define HEADER_CMS_H
57
58#include <openssl/x509.h>
59
60#ifdef OPENSSL_NO_CMS
61#error CMS is disabled.
62#endif
63
64#ifdef __cplusplus
65extern "C" {
66#endif
67
68
69typedef struct CMS_ContentInfo_st CMS_ContentInfo;
70typedef struct CMS_SignerInfo_st CMS_SignerInfo;
71typedef struct CMS_CertificateChoices CMS_CertificateChoices;
72typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
73typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
74typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
75typedef struct CMS_Receipt_st CMS_Receipt;
76
77DECLARE_STACK_OF(CMS_SignerInfo)
78DECLARE_STACK_OF(GENERAL_NAMES)
79DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
80DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
81
82#define CMS_SIGNERINFO_ISSUER_SERIAL 0
83#define CMS_SIGNERINFO_KEYIDENTIFIER 1
84
85#define CMS_RECIPINFO_TRANS 0
86#define CMS_RECIPINFO_AGREE 1
87#define CMS_RECIPINFO_KEK 2
88#define CMS_RECIPINFO_PASS 3
89#define CMS_RECIPINFO_OTHER 4
90
91/* S/MIME related flags */
92
93#define CMS_TEXT 0x1
94#define CMS_NOCERTS 0x2
95#define CMS_NO_CONTENT_VERIFY 0x4
96#define CMS_NO_ATTR_VERIFY 0x8
97#define CMS_NOSIGS \
98 (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
99#define CMS_NOINTERN 0x10
100#define CMS_NO_SIGNER_CERT_VERIFY 0x20
101#define CMS_NOVERIFY 0x20
102#define CMS_DETACHED 0x40
103#define CMS_BINARY 0x80
104#define CMS_NOATTR 0x100
105#define CMS_NOSMIMECAP 0x200
106#define CMS_NOOLDMIMETYPE 0x400
107#define CMS_CRLFEOL 0x800
108#define CMS_STREAM 0x1000
109#define CMS_NOCRL 0x2000
110#define CMS_PARTIAL 0x4000
111#define CMS_REUSE_DIGEST 0x8000
112#define CMS_USE_KEYID 0x10000
113
114const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
115
116BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
117int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
118
119ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
120int CMS_is_detached(CMS_ContentInfo *cms);
121int CMS_set_detached(CMS_ContentInfo *cms, int detached);
122
123#ifdef HEADER_PEM_H
124DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
125#endif
126
127CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
128int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
129
130CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
131int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
132
133int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
134
135CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
136 BIO *data, unsigned int flags);
137
138CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
139 X509 *signcert, EVP_PKEY *pkey,
140 STACK_OF(X509) *certs,
141 unsigned int flags);
142
143int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
144CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
145
146int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
147 unsigned int flags);
148CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
149 unsigned int flags);
150
151int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
152 const unsigned char *key, size_t keylen,
153 BIO *dcont, BIO *out, unsigned int flags);
154
155CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
156 const unsigned char *key, size_t keylen,
157 unsigned int flags);
158
159int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
160 const unsigned char *key, size_t keylen);
161
162int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
163 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
164
165int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
166 STACK_OF(X509) *certs,
167 X509_STORE *store, unsigned int flags);
168
169STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
170
171CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
172 const EVP_CIPHER *cipher, unsigned int flags);
173
174int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
175 BIO *dcont, BIO *out,
176 unsigned int flags);
177
178int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
179int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
180 unsigned char *key, size_t keylen,
181 unsigned char *id, size_t idlen);
182
183STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
184int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
185CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
186CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
187 X509 *recip, unsigned int flags);
188int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
189int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
190int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
191 EVP_PKEY **pk, X509 **recip,
192 X509_ALGOR **palg);
193int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
194 ASN1_OCTET_STRING **keyid,
195 X509_NAME **issuer, ASN1_INTEGER **sno);
196
197CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
198 unsigned char *key, size_t keylen,
199 unsigned char *id, size_t idlen,
200 ASN1_GENERALIZEDTIME *date,
201 ASN1_OBJECT *otherTypeId,
202 ASN1_TYPE *otherType);
203
204int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
205 X509_ALGOR **palg,
206 ASN1_OCTET_STRING **pid,
207 ASN1_GENERALIZEDTIME **pdate,
208 ASN1_OBJECT **potherid,
209 ASN1_TYPE **pothertype);
210
211int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
212 unsigned char *key, size_t keylen);
213
214int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
215 const unsigned char *id, size_t idlen);
216
217int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
218
219int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
220 unsigned int flags);
221CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
222
223int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
224const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
225
226CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
227int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
228int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
229STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
230
231CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
232int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
233STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
234
235int CMS_SignedData_init(CMS_ContentInfo *cms);
236CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
237 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
238 unsigned int flags);
239STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
240
241void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
242int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
243 ASN1_OCTET_STRING **keyid,
244 X509_NAME **issuer, ASN1_INTEGER **sno);
245int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
246int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
247 unsigned int flags);
248void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
249 X509_ALGOR **pdig, X509_ALGOR **psig);
250int CMS_SignerInfo_sign(CMS_SignerInfo *si);
251int CMS_SignerInfo_verify(CMS_SignerInfo *si);
252int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
253
254int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
255int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
256 int algnid, int keysize);
257int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
258
259int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
260int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
261 int lastpos);
262int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
263 int lastpos);
264X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
265X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
266int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
267int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
268 const ASN1_OBJECT *obj, int type,
269 const void *bytes, int len);
270int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
271 int nid, int type,
272 const void *bytes, int len);
273int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
274 const char *attrname, int type,
275 const void *bytes, int len);
276void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
277 int lastpos, int type);
278
279int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
280int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
281 int lastpos);
282int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
283 int lastpos);
284X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
285X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
286int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
287int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
288 const ASN1_OBJECT *obj, int type,
289 const void *bytes, int len);
290int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
291 int nid, int type,
292 const void *bytes, int len);
293int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
294 const char *attrname, int type,
295 const void *bytes, int len);
296void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
297 int lastpos, int type);
298
299#ifdef HEADER_X509V3_H
300
301int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
302CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
303 int allorfirst,
304 STACK_OF(GENERAL_NAMES) *receiptList,
305 STACK_OF(GENERAL_NAMES) *receiptsTo);
306int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
307void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
308 ASN1_STRING **pcid,
309 int *pallorfirst,
310 STACK_OF(GENERAL_NAMES) **plist,
311 STACK_OF(GENERAL_NAMES) **prto);
312
313#endif
314
315/* BEGIN ERROR CODES */
316/* The following lines are auto generated by the script mkerr.pl. Any changes
317 * made after this point may be overwritten when the script is next run.
318 */
319void ERR_load_CMS_strings(void);
320
321/* Error codes for the CMS functions. */
322
323/* Function codes. */
324#define CMS_F_CHECK_CONTENT 99
325#define CMS_F_CMS_ADD0_CERT 164
326#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
327#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
328#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
329#define CMS_F_CMS_ADD1_SIGNER 102
330#define CMS_F_CMS_ADD1_SIGNINGTIME 103
331#define CMS_F_CMS_COMPRESS 104
332#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
333#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
334#define CMS_F_CMS_COPY_CONTENT 107
335#define CMS_F_CMS_COPY_MESSAGEDIGEST 108
336#define CMS_F_CMS_DATA 109
337#define CMS_F_CMS_DATAFINAL 110
338#define CMS_F_CMS_DATAINIT 111
339#define CMS_F_CMS_DECRYPT 112
340#define CMS_F_CMS_DECRYPT_SET1_KEY 113
341#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
342#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
343#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
344#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
345#define CMS_F_CMS_DIGEST_VERIFY 118
346#define CMS_F_CMS_ENCODE_RECEIPT 161
347#define CMS_F_CMS_ENCRYPT 119
348#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
349#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
350#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
351#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
352#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
353#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
354#define CMS_F_CMS_ENVELOPED_DATA_INIT 126
355#define CMS_F_CMS_FINAL 127
356#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
357#define CMS_F_CMS_GET0_CONTENT 129
358#define CMS_F_CMS_GET0_ECONTENT_TYPE 130
359#define CMS_F_CMS_GET0_ENVELOPED 131
360#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
361#define CMS_F_CMS_GET0_SIGNED 133
362#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
363#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
364#define CMS_F_CMS_RECEIPT_VERIFY 160
365#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
366#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
367#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
368#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
369#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
370#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
371#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
372#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
373#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
374#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
375#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
376#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
377#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
378#define CMS_F_CMS_SET_DETACHED 147
379#define CMS_F_CMS_SIGN 148
380#define CMS_F_CMS_SIGNED_DATA_INIT 149
381#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
382#define CMS_F_CMS_SIGNERINFO_SIGN 151
383#define CMS_F_CMS_SIGNERINFO_VERIFY 152
384#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
385#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
386#define CMS_F_CMS_SIGN_RECEIPT 163
387#define CMS_F_CMS_STREAM 155
388#define CMS_F_CMS_UNCOMPRESS 156
389#define CMS_F_CMS_VERIFY 157
390
391/* Reason codes. */
392#define CMS_R_ADD_SIGNER_ERROR 99
393#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
394#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
395#define CMS_R_CERTIFICATE_VERIFY_ERROR 100
396#define CMS_R_CIPHER_INITIALISATION_ERROR 101
397#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
398#define CMS_R_CMS_DATAFINAL_ERROR 103
399#define CMS_R_CMS_LIB 104
400#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
401#define CMS_R_CONTENT_NOT_FOUND 105
402#define CMS_R_CONTENT_TYPE_MISMATCH 171
403#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
404#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
405#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
406#define CMS_R_CONTENT_VERIFY_ERROR 109
407#define CMS_R_CTRL_ERROR 110
408#define CMS_R_CTRL_FAILURE 111
409#define CMS_R_DECRYPT_ERROR 112
410#define CMS_R_DIGEST_ERROR 161
411#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
412#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
413#define CMS_R_ERROR_SETTING_KEY 115
414#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
415#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
416#define CMS_R_INVALID_KEY_LENGTH 118
417#define CMS_R_MD_BIO_INIT_ERROR 119
418#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
419#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
420#define CMS_R_MSGSIGDIGEST_ERROR 172
421#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
422#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
423#define CMS_R_NEED_ONE_SIGNER 164
424#define CMS_R_NOT_A_SIGNED_RECEIPT 165
425#define CMS_R_NOT_ENCRYPTED_DATA 122
426#define CMS_R_NOT_KEK 123
427#define CMS_R_NOT_KEY_TRANSPORT 124
428#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
429#define CMS_R_NO_CIPHER 126
430#define CMS_R_NO_CONTENT 127
431#define CMS_R_NO_CONTENT_TYPE 173
432#define CMS_R_NO_DEFAULT_DIGEST 128
433#define CMS_R_NO_DIGEST_SET 129
434#define CMS_R_NO_KEY 130
435#define CMS_R_NO_KEY_OR_CERT 174
436#define CMS_R_NO_MATCHING_DIGEST 131
437#define CMS_R_NO_MATCHING_RECIPIENT 132
438#define CMS_R_NO_MATCHING_SIGNATURE 166
439#define CMS_R_NO_MSGSIGDIGEST 167
440#define CMS_R_NO_PRIVATE_KEY 133
441#define CMS_R_NO_PUBLIC_KEY 134
442#define CMS_R_NO_RECEIPT_REQUEST 168
443#define CMS_R_NO_SIGNERS 135
444#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
445#define CMS_R_RECEIPT_DECODE_ERROR 169
446#define CMS_R_RECIPIENT_ERROR 137
447#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
448#define CMS_R_SIGNFINAL_ERROR 139
449#define CMS_R_SMIME_TEXT_ERROR 140
450#define CMS_R_STORE_INIT_ERROR 141
451#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
452#define CMS_R_TYPE_NOT_DATA 143
453#define CMS_R_TYPE_NOT_DIGESTED_DATA 144
454#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
455#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
456#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
457#define CMS_R_UNKNOWN_CIPHER 148
458#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
459#define CMS_R_UNKNOWN_ID 150
460#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
461#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
462#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
463#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
464#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
465#define CMS_R_UNSUPPORTED_TYPE 156
466#define CMS_R_UNWRAP_ERROR 157
467#define CMS_R_VERIFICATION_FAILURE 158
468#define CMS_R_WRAP_ERROR 159
469
470#ifdef __cplusplus
471}
472#endif
473#endif
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
new file mode 100644
index 0000000000..7664921861
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -0,0 +1,346 @@
1/* crypto/cms/cms_asn1.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/pem.h>
56#include <openssl/x509v3.h>
57#include "cms.h"
58#include "cms_lcl.h"
59
60
61ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
62 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
63 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
64} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
65
66ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
67 ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
68 ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
69} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
70
71ASN1_CHOICE(CMS_CertificateChoices) = {
72 ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
73 ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
74 ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
75 ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
76 ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
77} ASN1_CHOICE_END(CMS_CertificateChoices)
78
79ASN1_CHOICE(CMS_SignerIdentifier) = {
80 ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
81 ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
82} ASN1_CHOICE_END(CMS_SignerIdentifier)
83
84ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
85 ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
86 ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
87} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
88
89/* Minor tweak to operation: free up signer key, cert */
90static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
91 {
92 if(operation == ASN1_OP_FREE_POST)
93 {
94 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
95 if (si->pkey)
96 EVP_PKEY_free(si->pkey);
97 if (si->signer)
98 X509_free(si->signer);
99 }
100 return 1;
101 }
102
103ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
104 ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
105 ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
106 ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
107 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
108 ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
109 ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
110 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
111} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
112
113ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
114 ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
115 ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
116} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
117
118ASN1_CHOICE(CMS_RevocationInfoChoice) = {
119 ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
120 ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
121} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
122
123ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
124 ASN1_SIMPLE(CMS_SignedData, version, LONG),
125 ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
126 ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
127 ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
128 ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
129 ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
130} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
131
132ASN1_SEQUENCE(CMS_OriginatorInfo) = {
133 ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
134 ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
135} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
136
137ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
138 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
139 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
140 ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
141} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
142
143ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
144 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
145 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
146 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
147 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
148} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
149
150ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
151 ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
152 ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
153} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
154
155ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
156 ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
157 ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
158 ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
159} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
160
161ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
162 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
163 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
164} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
165
166ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
167 ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
168 ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
169} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
170
171ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
172 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
173 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
174} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
175
176ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
177 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
178 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
179 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
180} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
181
182ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
183 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
184 ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
185 ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
186 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
187 ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
188} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
189
190ASN1_SEQUENCE(CMS_KEKIdentifier) = {
191 ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
192 ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
193 ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
194} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
195
196ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
197 ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
198 ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
199 ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
200 ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
201} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
202
203ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
204 ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
205 ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
206 ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
207 ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
208} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
209
210ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
211 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
212 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
213} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
214
215/* Free up RecipientInfo additional data */
216static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
217 {
218 if(operation == ASN1_OP_FREE_PRE)
219 {
220 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
221 if (ri->type == CMS_RECIPINFO_TRANS)
222 {
223 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
224 if (ktri->pkey)
225 EVP_PKEY_free(ktri->pkey);
226 if (ktri->recip)
227 X509_free(ktri->recip);
228 }
229 else if (ri->type == CMS_RECIPINFO_KEK)
230 {
231 CMS_KEKRecipientInfo *kekri = ri->d.kekri;
232 if (kekri->key)
233 {
234 OPENSSL_cleanse(kekri->key, kekri->keylen);
235 OPENSSL_free(kekri->key);
236 }
237 }
238 }
239 return 1;
240 }
241
242ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
243 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
244 ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
245 ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
246 ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
247 ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
248} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
249
250ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
251 ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
252 ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
253 ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
254 ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
255 ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
256} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
257
258ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
259 ASN1_SIMPLE(CMS_DigestedData, version, LONG),
260 ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
261 ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
262 ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
263} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
264
265ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
266 ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
267 ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
268 ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
269} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
270
271ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
272 ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
273 ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
274 ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
275 ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
276 ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
277 ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
278 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
279 ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
280 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
281} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
282
283ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
284 ASN1_SIMPLE(CMS_CompressedData, version, LONG),
285 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
286 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
287} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
288
289/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
290
291ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
292
293ASN1_ADB(CMS_ContentInfo) = {
294 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
295 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
296 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
297 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
298 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
299 ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
300 ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
301} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
302
303ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
304 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
305 ASN1_ADB_OBJECT(CMS_ContentInfo)
306} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
307
308/* Specials for signed attributes */
309
310/* When signing attributes we want to reorder them to match the sorted
311 * encoding.
312 */
313
314ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
315 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
316ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
317
318/* When verifying attributes we need to use the received order. So
319 * we use SEQUENCE OF and tag it to SET OF
320 */
321
322ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
323 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
324 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
325ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
326
327
328
329ASN1_CHOICE(CMS_ReceiptsFrom) = {
330 ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
331 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
332} ASN1_CHOICE_END(CMS_ReceiptsFrom)
333
334ASN1_SEQUENCE(CMS_ReceiptRequest) = {
335 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
336 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
337 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
338} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
339
340ASN1_SEQUENCE(CMS_Receipt) = {
341 ASN1_SIMPLE(CMS_Receipt, version, LONG),
342 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
343 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
344 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
345} ASN1_SEQUENCE_END(CMS_Receipt)
346
diff --git a/src/lib/libcrypto/cms/cms_att.c b/src/lib/libcrypto/cms/cms_att.c
new file mode 100644
index 0000000000..5b71722ebc
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_att.c
@@ -0,0 +1,195 @@
1/* crypto/cms/cms_att.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/pem.h>
56#include <openssl/x509v3.h>
57#include <openssl/err.h>
58#include "cms.h"
59#include "cms_lcl.h"
60
61/* CMS SignedData Attribute utilities */
62
63int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
64{
65 return X509at_get_attr_count(si->signedAttrs);
66}
67
68int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
69 int lastpos)
70{
71 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
72}
73
74int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
75 int lastpos)
76{
77 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
78}
79
80X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
81{
82 return X509at_get_attr(si->signedAttrs, loc);
83}
84
85X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
86{
87 return X509at_delete_attr(si->signedAttrs, loc);
88}
89
90int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
91{
92 if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
93 return 0;
94}
95
96int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
97 const ASN1_OBJECT *obj, int type,
98 const void *bytes, int len)
99{
100 if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
101 type, bytes, len)) return 1;
102 return 0;
103}
104
105int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
106 int nid, int type,
107 const void *bytes, int len)
108{
109 if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
110 type, bytes, len)) return 1;
111 return 0;
112}
113
114int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
115 const char *attrname, int type,
116 const void *bytes, int len)
117{
118 if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
119 type, bytes, len)) return 1;
120 return 0;
121}
122
123void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
124 int lastpos, int type)
125{
126 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
127}
128
129int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
130{
131 return X509at_get_attr_count(si->unsignedAttrs);
132}
133
134int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
135 int lastpos)
136{
137 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
138}
139
140int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
141 int lastpos)
142{
143 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
144}
145
146X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
147{
148 return X509at_get_attr(si->unsignedAttrs, loc);
149}
150
151X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
152{
153 return X509at_delete_attr(si->unsignedAttrs, loc);
154}
155
156int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
157{
158 if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
159 return 0;
160}
161
162int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
163 const ASN1_OBJECT *obj, int type,
164 const void *bytes, int len)
165{
166 if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
167 type, bytes, len)) return 1;
168 return 0;
169}
170
171int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
172 int nid, int type,
173 const void *bytes, int len)
174{
175 if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
176 type, bytes, len)) return 1;
177 return 0;
178}
179
180int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
181 const char *attrname, int type,
182 const void *bytes, int len)
183{
184 if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
185 type, bytes, len)) return 1;
186 return 0;
187}
188
189void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
190 int lastpos, int type)
191{
192 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
193}
194
195/* Specific attribute cases */
diff --git a/src/lib/libcrypto/cms/cms_cd.c b/src/lib/libcrypto/cms/cms_cd.c
new file mode 100644
index 0000000000..a5fc2c4e2b
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_cd.c
@@ -0,0 +1,134 @@
1/* crypto/cms/cms_cd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/bio.h>
61#include <openssl/comp.h>
62#include "cms_lcl.h"
63
64DECLARE_ASN1_ITEM(CMS_CompressedData)
65
66#ifdef ZLIB
67
68/* CMS CompressedData Utilities */
69
70CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
71 {
72 CMS_ContentInfo *cms;
73 CMS_CompressedData *cd;
74 /* Will need something cleverer if there is ever more than one
75 * compression algorithm or parameters have some meaning...
76 */
77 if (comp_nid != NID_zlib_compression)
78 {
79 CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
80 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
81 return NULL;
82 }
83 cms = CMS_ContentInfo_new();
84 if (!cms)
85 return NULL;
86
87 cd = M_ASN1_new_of(CMS_CompressedData);
88
89 if (!cd)
90 goto err;
91
92 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
93 cms->d.compressedData = cd;
94
95 cd->version = 0;
96
97 X509_ALGOR_set0(cd->compressionAlgorithm,
98 OBJ_nid2obj(NID_zlib_compression),
99 V_ASN1_UNDEF, NULL);
100
101 cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
102
103 return cms;
104
105 err:
106
107 if (cms)
108 CMS_ContentInfo_free(cms);
109
110 return NULL;
111 }
112
113BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
114 {
115 CMS_CompressedData *cd;
116 ASN1_OBJECT *compoid;
117 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
118 {
119 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
120 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
121 return NULL;
122 }
123 cd = cms->d.compressedData;
124 X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
125 if (OBJ_obj2nid(compoid) != NID_zlib_compression)
126 {
127 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
128 CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
129 return NULL;
130 }
131 return BIO_new(BIO_f_zlib());
132 }
133
134#endif
diff --git a/src/lib/libcrypto/cms/cms_dd.c b/src/lib/libcrypto/cms/cms_dd.c
new file mode 100644
index 0000000000..8919c15be1
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_dd.c
@@ -0,0 +1,148 @@
1/* crypto/cms/cms_dd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61
62DECLARE_ASN1_ITEM(CMS_DigestedData)
63
64/* CMS DigestedData Utilities */
65
66CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
67 {
68 CMS_ContentInfo *cms;
69 CMS_DigestedData *dd;
70 cms = CMS_ContentInfo_new();
71 if (!cms)
72 return NULL;
73
74 dd = M_ASN1_new_of(CMS_DigestedData);
75
76 if (!dd)
77 goto err;
78
79 cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
80 cms->d.digestedData = dd;
81
82 dd->version = 0;
83 dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
84
85 cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
86
87 return cms;
88
89 err:
90
91 if (cms)
92 CMS_ContentInfo_free(cms);
93
94 return NULL;
95 }
96
97BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
98 {
99 CMS_DigestedData *dd;
100 dd = cms->d.digestedData;
101 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
102 }
103
104int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
105 {
106 EVP_MD_CTX mctx;
107 unsigned char md[EVP_MAX_MD_SIZE];
108 unsigned int mdlen;
109 int r = 0;
110 CMS_DigestedData *dd;
111 EVP_MD_CTX_init(&mctx);
112
113 dd = cms->d.digestedData;
114
115 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
116 goto err;
117
118 if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
119 goto err;
120
121 if (verify)
122 {
123 if (mdlen != (unsigned int)dd->digest->length)
124 {
125 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
126 CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
127 goto err;
128 }
129
130 if (memcmp(md, dd->digest->data, mdlen))
131 CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
132 CMS_R_VERIFICATION_FAILURE);
133 else
134 r = 1;
135 }
136 else
137 {
138 if (!ASN1_STRING_set(dd->digest, md, mdlen))
139 goto err;
140 r = 1;
141 }
142
143 err:
144 EVP_MD_CTX_cleanup(&mctx);
145
146 return r;
147
148 }
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
new file mode 100644
index 0000000000..bab26235bd
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -0,0 +1,262 @@
1/* crypto/cms/cms_enc.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/rand.h>
61#include "cms_lcl.h"
62
63/* CMS EncryptedData Utilities */
64
65DECLARE_ASN1_ITEM(CMS_EncryptedData)
66
67/* Return BIO based on EncryptedContentInfo and key */
68
69BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
70 {
71 BIO *b;
72 EVP_CIPHER_CTX *ctx;
73 const EVP_CIPHER *ciph;
74 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
75 unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
76
77 int ok = 0;
78
79 int enc, keep_key = 0;
80
81 enc = ec->cipher ? 1 : 0;
82
83 b = BIO_new(BIO_f_cipher());
84 if (!b)
85 {
86 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
87 ERR_R_MALLOC_FAILURE);
88 return NULL;
89 }
90
91 BIO_get_cipher_ctx(b, &ctx);
92
93 if (enc)
94 {
95 ciph = ec->cipher;
96 /* If not keeping key set cipher to NULL so subsequent calls
97 * decrypt.
98 */
99 if (ec->key)
100 ec->cipher = NULL;
101 }
102 else
103 {
104 ciph = EVP_get_cipherbyobj(calg->algorithm);
105
106 if (!ciph)
107 {
108 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
109 CMS_R_UNKNOWN_CIPHER);
110 goto err;
111 }
112 }
113
114 if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
115 {
116 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
117 CMS_R_CIPHER_INITIALISATION_ERROR);
118 goto err;
119 }
120
121 if (enc)
122 {
123 int ivlen;
124 calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
125 /* Generate a random IV if we need one */
126 ivlen = EVP_CIPHER_CTX_iv_length(ctx);
127 if (ivlen > 0)
128 {
129 if (RAND_pseudo_bytes(iv, ivlen) <= 0)
130 goto err;
131 piv = iv;
132 }
133 }
134 else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
135 {
136 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
137 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
138 goto err;
139 }
140
141
142 if (enc && !ec->key)
143 {
144 /* Generate random key */
145 if (!ec->keylen)
146 ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
147 ec->key = OPENSSL_malloc(ec->keylen);
148 if (!ec->key)
149 {
150 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
151 ERR_R_MALLOC_FAILURE);
152 goto err;
153 }
154 if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
155 goto err;
156 keep_key = 1;
157 }
158 else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
159 {
160 /* If necessary set key length */
161 if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
162 {
163 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
164 CMS_R_INVALID_KEY_LENGTH);
165 goto err;
166 }
167 }
168
169 if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
170 {
171 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
172 CMS_R_CIPHER_INITIALISATION_ERROR);
173 goto err;
174 }
175
176 if (piv)
177 {
178 calg->parameter = ASN1_TYPE_new();
179 if (!calg->parameter)
180 {
181 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
182 ERR_R_MALLOC_FAILURE);
183 goto err;
184 }
185 if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
186 {
187 CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
188 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
189 goto err;
190 }
191 }
192 ok = 1;
193
194 err:
195 if (ec->key && !keep_key)
196 {
197 OPENSSL_cleanse(ec->key, ec->keylen);
198 OPENSSL_free(ec->key);
199 ec->key = NULL;
200 }
201 if (ok)
202 return b;
203 BIO_free(b);
204 return NULL;
205 }
206
207int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
208 const EVP_CIPHER *cipher,
209 const unsigned char *key, size_t keylen)
210 {
211 ec->cipher = cipher;
212 if (key)
213 {
214 ec->key = OPENSSL_malloc(keylen);
215 if (!ec->key)
216 return 0;
217 memcpy(ec->key, key, keylen);
218 }
219 ec->keylen = keylen;
220 if (cipher)
221 ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
222 return 1;
223 }
224
225int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
226 const unsigned char *key, size_t keylen)
227 {
228 CMS_EncryptedContentInfo *ec;
229 if (!key || !keylen)
230 {
231 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
232 return 0;
233 }
234 if (ciph)
235 {
236 cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
237 if (!cms->d.encryptedData)
238 {
239 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
240 ERR_R_MALLOC_FAILURE);
241 return 0;
242 }
243 cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
244 cms->d.encryptedData->version = 0;
245 }
246 else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
247 {
248 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
249 CMS_R_NOT_ENCRYPTED_DATA);
250 return 0;
251 }
252 ec = cms->d.encryptedData->encryptedContentInfo;
253 return cms_EncryptedContent_init(ec, ciph, key, keylen);
254 }
255
256BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
257 {
258 CMS_EncryptedData *enc = cms->d.encryptedData;
259 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
260 enc->version = 2;
261 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
262 }
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
new file mode 100644
index 0000000000..d499ae85b4
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -0,0 +1,825 @@
1/* crypto/cms/cms_env.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include <openssl/rand.h>
61#include <openssl/aes.h>
62#include "cms_lcl.h"
63
64/* CMS EnvelopedData Utilities */
65
66DECLARE_ASN1_ITEM(CMS_EnvelopedData)
67DECLARE_ASN1_ITEM(CMS_RecipientInfo)
68DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
69DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
70DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
71
72DECLARE_STACK_OF(CMS_RecipientInfo)
73
74static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
75 {
76 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
77 {
78 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
79 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
80 return NULL;
81 }
82 return cms->d.envelopedData;
83 }
84
85static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
86 {
87 if (cms->d.other == NULL)
88 {
89 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
90 if (!cms->d.envelopedData)
91 {
92 CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
93 ERR_R_MALLOC_FAILURE);
94 return NULL;
95 }
96 cms->d.envelopedData->version = 0;
97 cms->d.envelopedData->encryptedContentInfo->contentType =
98 OBJ_nid2obj(NID_pkcs7_data);
99 ASN1_OBJECT_free(cms->contentType);
100 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
101 return cms->d.envelopedData;
102 }
103 return cms_get0_enveloped(cms);
104 }
105
106STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
107 {
108 CMS_EnvelopedData *env;
109 env = cms_get0_enveloped(cms);
110 if (!env)
111 return NULL;
112 return env->recipientInfos;
113 }
114
115int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
116 {
117 return ri->type;
118 }
119
120CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
121 {
122 CMS_ContentInfo *cms;
123 CMS_EnvelopedData *env;
124 cms = CMS_ContentInfo_new();
125 if (!cms)
126 goto merr;
127 env = cms_enveloped_data_init(cms);
128 if (!env)
129 goto merr;
130 if (!cms_EncryptedContent_init(env->encryptedContentInfo,
131 cipher, NULL, 0))
132 goto merr;
133 return cms;
134 merr:
135 if (cms)
136 CMS_ContentInfo_free(cms);
137 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
138 return NULL;
139 }
140
141/* Key Transport Recipient Info (KTRI) routines */
142
143/* Add a recipient certificate. For now only handle key transport.
144 * If we ever handle key agreement will need updating.
145 */
146
147CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
148 X509 *recip, unsigned int flags)
149 {
150 CMS_RecipientInfo *ri = NULL;
151 CMS_KeyTransRecipientInfo *ktri;
152 CMS_EnvelopedData *env;
153 EVP_PKEY *pk = NULL;
154 int type;
155 env = cms_get0_enveloped(cms);
156 if (!env)
157 goto err;
158
159 /* Initialize recipient info */
160 ri = M_ASN1_new_of(CMS_RecipientInfo);
161 if (!ri)
162 goto merr;
163
164 /* Initialize and add key transport recipient info */
165
166 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
167 if (!ri->d.ktri)
168 goto merr;
169 ri->type = CMS_RECIPINFO_TRANS;
170
171 ktri = ri->d.ktri;
172
173 X509_check_purpose(recip, -1, -1);
174 pk = X509_get_pubkey(recip);
175 if (!pk)
176 {
177 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
178 CMS_R_ERROR_GETTING_PUBLIC_KEY);
179 goto err;
180 }
181 CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
182 ktri->pkey = pk;
183 ktri->recip = recip;
184
185 if (flags & CMS_USE_KEYID)
186 {
187 ktri->version = 2;
188 type = CMS_RECIPINFO_KEYIDENTIFIER;
189 }
190 else
191 {
192 ktri->version = 0;
193 type = CMS_RECIPINFO_ISSUER_SERIAL;
194 }
195
196 /* Not a typo: RecipientIdentifier and SignerIdentifier are the
197 * same structure.
198 */
199
200 if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
201 goto err;
202
203 /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
204 * hard code algorithm parameters.
205 */
206
207 if (pk->type == EVP_PKEY_RSA)
208 {
209 X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
210 OBJ_nid2obj(NID_rsaEncryption),
211 V_ASN1_NULL, 0);
212 }
213 else
214 {
215 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
216 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
217 goto err;
218 }
219
220 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
221 goto merr;
222
223 return ri;
224
225 merr:
226 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
227 err:
228 if (ri)
229 M_ASN1_free_of(ri, CMS_RecipientInfo);
230 return NULL;
231
232 }
233
234int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
235 EVP_PKEY **pk, X509 **recip,
236 X509_ALGOR **palg)
237 {
238 CMS_KeyTransRecipientInfo *ktri;
239 if (ri->type != CMS_RECIPINFO_TRANS)
240 {
241 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
242 CMS_R_NOT_KEY_TRANSPORT);
243 return 0;
244 }
245
246 ktri = ri->d.ktri;
247
248 if (pk)
249 *pk = ktri->pkey;
250 if (recip)
251 *recip = ktri->recip;
252 if (palg)
253 *palg = ktri->keyEncryptionAlgorithm;
254 return 1;
255 }
256
257int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
258 ASN1_OCTET_STRING **keyid,
259 X509_NAME **issuer, ASN1_INTEGER **sno)
260 {
261 CMS_KeyTransRecipientInfo *ktri;
262 if (ri->type != CMS_RECIPINFO_TRANS)
263 {
264 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
265 CMS_R_NOT_KEY_TRANSPORT);
266 return 0;
267 }
268 ktri = ri->d.ktri;
269
270 return cms_SignerIdentifier_get0_signer_id(ktri->rid,
271 keyid, issuer, sno);
272 }
273
274int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
275 {
276 if (ri->type != CMS_RECIPINFO_TRANS)
277 {
278 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
279 CMS_R_NOT_KEY_TRANSPORT);
280 return -2;
281 }
282 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
283 }
284
285int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
286 {
287 if (ri->type != CMS_RECIPINFO_TRANS)
288 {
289 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
290 CMS_R_NOT_KEY_TRANSPORT);
291 return 0;
292 }
293 ri->d.ktri->pkey = pkey;
294 return 1;
295 }
296
297/* Encrypt content key in key transport recipient info */
298
299static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
300 CMS_RecipientInfo *ri)
301 {
302 CMS_KeyTransRecipientInfo *ktri;
303 CMS_EncryptedContentInfo *ec;
304 unsigned char *ek = NULL;
305 int eklen;
306
307 int ret = 0;
308
309 if (ri->type != CMS_RECIPINFO_TRANS)
310 {
311 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
312 CMS_R_NOT_KEY_TRANSPORT);
313 return 0;
314 }
315 ktri = ri->d.ktri;
316 ec = cms->d.envelopedData->encryptedContentInfo;
317
318 eklen = EVP_PKEY_size(ktri->pkey);
319
320 ek = OPENSSL_malloc(eklen);
321
322 if (ek == NULL)
323 {
324 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
325 ERR_R_MALLOC_FAILURE);
326 goto err;
327 }
328
329 eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
330
331 if (eklen <= 0)
332 goto err;
333
334 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
335 ek = NULL;
336
337 ret = 1;
338
339 err:
340 if (ek)
341 OPENSSL_free(ek);
342 return ret;
343
344 }
345
346/* Decrypt content key from KTRI */
347
348static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
349 CMS_RecipientInfo *ri)
350 {
351 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
352 unsigned char *ek = NULL;
353 int eklen;
354 int ret = 0;
355
356 if (ktri->pkey == NULL)
357 {
358 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
359 CMS_R_NO_PRIVATE_KEY);
360 return 0;
361 }
362
363 eklen = EVP_PKEY_size(ktri->pkey);
364
365 ek = OPENSSL_malloc(eklen);
366
367 if (ek == NULL)
368 {
369 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
370 ERR_R_MALLOC_FAILURE);
371 goto err;
372 }
373
374 eklen = EVP_PKEY_decrypt(ek,
375 ktri->encryptedKey->data,
376 ktri->encryptedKey->length, ktri->pkey);
377 if (eklen <= 0)
378 {
379 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
380 goto err;
381 }
382
383 ret = 1;
384
385 cms->d.envelopedData->encryptedContentInfo->key = ek;
386 cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
387
388 err:
389 if (!ret && ek)
390 OPENSSL_free(ek);
391
392 return ret;
393 }
394
395/* Key Encrypted Key (KEK) RecipientInfo routines */
396
397int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
398 const unsigned char *id, size_t idlen)
399 {
400 ASN1_OCTET_STRING tmp_os;
401 CMS_KEKRecipientInfo *kekri;
402 if (ri->type != CMS_RECIPINFO_KEK)
403 {
404 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
405 return -2;
406 }
407 kekri = ri->d.kekri;
408 tmp_os.type = V_ASN1_OCTET_STRING;
409 tmp_os.flags = 0;
410 tmp_os.data = (unsigned char *)id;
411 tmp_os.length = (int)idlen;
412 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
413 }
414
415/* For now hard code AES key wrap info */
416
417static size_t aes_wrap_keylen(int nid)
418 {
419 switch (nid)
420 {
421 case NID_id_aes128_wrap:
422 return 16;
423
424 case NID_id_aes192_wrap:
425 return 24;
426
427 case NID_id_aes256_wrap:
428 return 32;
429
430 default:
431 return 0;
432 }
433 }
434
435CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
436 unsigned char *key, size_t keylen,
437 unsigned char *id, size_t idlen,
438 ASN1_GENERALIZEDTIME *date,
439 ASN1_OBJECT *otherTypeId,
440 ASN1_TYPE *otherType)
441 {
442 CMS_RecipientInfo *ri = NULL;
443 CMS_EnvelopedData *env;
444 CMS_KEKRecipientInfo *kekri;
445 env = cms_get0_enveloped(cms);
446 if (!env)
447 goto err;
448
449 if (nid == NID_undef)
450 {
451 switch (keylen)
452 {
453 case 16:
454 nid = NID_id_aes128_wrap;
455 break;
456
457 case 24:
458 nid = NID_id_aes192_wrap;
459 break;
460
461 case 32:
462 nid = NID_id_aes256_wrap;
463 break;
464
465 default:
466 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
467 CMS_R_INVALID_KEY_LENGTH);
468 goto err;
469 }
470
471 }
472 else
473 {
474
475 size_t exp_keylen = aes_wrap_keylen(nid);
476
477 if (!exp_keylen)
478 {
479 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
480 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
481 goto err;
482 }
483
484 if (keylen != exp_keylen)
485 {
486 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
487 CMS_R_INVALID_KEY_LENGTH);
488 goto err;
489 }
490
491 }
492
493 /* Initialize recipient info */
494 ri = M_ASN1_new_of(CMS_RecipientInfo);
495 if (!ri)
496 goto merr;
497
498 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
499 if (!ri->d.kekri)
500 goto merr;
501 ri->type = CMS_RECIPINFO_KEK;
502
503 kekri = ri->d.kekri;
504
505 if (otherTypeId)
506 {
507 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
508 if (kekri->kekid->other == NULL)
509 goto merr;
510 }
511
512 if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
513 goto merr;
514
515
516 /* After this point no calls can fail */
517
518 kekri->version = 4;
519
520 kekri->key = key;
521 kekri->keylen = keylen;
522
523 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
524
525 kekri->kekid->date = date;
526
527 if (kekri->kekid->other)
528 {
529 kekri->kekid->other->keyAttrId = otherTypeId;
530 kekri->kekid->other->keyAttr = otherType;
531 }
532
533 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
534 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
535
536 return ri;
537
538 merr:
539 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
540 err:
541 if (ri)
542 M_ASN1_free_of(ri, CMS_RecipientInfo);
543 return NULL;
544
545 }
546
547int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
548 X509_ALGOR **palg,
549 ASN1_OCTET_STRING **pid,
550 ASN1_GENERALIZEDTIME **pdate,
551 ASN1_OBJECT **potherid,
552 ASN1_TYPE **pothertype)
553 {
554 CMS_KEKIdentifier *rkid;
555 if (ri->type != CMS_RECIPINFO_KEK)
556 {
557 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
558 return 0;
559 }
560 rkid = ri->d.kekri->kekid;
561 if (palg)
562 *palg = ri->d.kekri->keyEncryptionAlgorithm;
563 if (pid)
564 *pid = rkid->keyIdentifier;
565 if (pdate)
566 *pdate = rkid->date;
567 if (potherid)
568 {
569 if (rkid->other)
570 *potherid = rkid->other->keyAttrId;
571 else
572 *potherid = NULL;
573 }
574 if (pothertype)
575 {
576 if (rkid->other)
577 *pothertype = rkid->other->keyAttr;
578 else
579 *pothertype = NULL;
580 }
581 return 1;
582 }
583
584int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
585 unsigned char *key, size_t keylen)
586 {
587 CMS_KEKRecipientInfo *kekri;
588 if (ri->type != CMS_RECIPINFO_KEK)
589 {
590 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
591 return 0;
592 }
593
594 kekri = ri->d.kekri;
595 kekri->key = key;
596 kekri->keylen = keylen;
597 return 1;
598 }
599
600
601/* Encrypt content key in KEK recipient info */
602
603static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
604 CMS_RecipientInfo *ri)
605 {
606 CMS_EncryptedContentInfo *ec;
607 CMS_KEKRecipientInfo *kekri;
608 AES_KEY actx;
609 unsigned char *wkey = NULL;
610 int wkeylen;
611 int r = 0;
612
613 ec = cms->d.envelopedData->encryptedContentInfo;
614
615 kekri = ri->d.kekri;
616
617 if (!kekri->key)
618 {
619 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
620 return 0;
621 }
622
623 if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
624 {
625 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
626 CMS_R_ERROR_SETTING_KEY);
627 goto err;
628 }
629
630 wkey = OPENSSL_malloc(ec->keylen + 8);
631
632 if (!wkey)
633 {
634 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
635 ERR_R_MALLOC_FAILURE);
636 goto err;
637 }
638
639 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
640
641 if (wkeylen <= 0)
642 {
643 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
644 goto err;
645 }
646
647 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
648
649 r = 1;
650
651 err:
652
653 if (!r && wkey)
654 OPENSSL_free(wkey);
655 OPENSSL_cleanse(&actx, sizeof(actx));
656
657 return r;
658
659 }
660
661/* Decrypt content key in KEK recipient info */
662
663static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
664 CMS_RecipientInfo *ri)
665 {
666 CMS_EncryptedContentInfo *ec;
667 CMS_KEKRecipientInfo *kekri;
668 AES_KEY actx;
669 unsigned char *ukey = NULL;
670 int ukeylen;
671 int r = 0, wrap_nid;
672
673 ec = cms->d.envelopedData->encryptedContentInfo;
674
675 kekri = ri->d.kekri;
676
677 if (!kekri->key)
678 {
679 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
680 return 0;
681 }
682
683 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
684 if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
685 {
686 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
687 CMS_R_INVALID_KEY_LENGTH);
688 return 0;
689 }
690
691 /* If encrypted key length is invalid don't bother */
692
693 if (kekri->encryptedKey->length < 16)
694 {
695 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
696 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
697 goto err;
698 }
699
700 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
701 {
702 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
703 CMS_R_ERROR_SETTING_KEY);
704 goto err;
705 }
706
707 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
708
709 if (!ukey)
710 {
711 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
712 ERR_R_MALLOC_FAILURE);
713 goto err;
714 }
715
716 ukeylen = AES_unwrap_key(&actx, NULL, ukey,
717 kekri->encryptedKey->data,
718 kekri->encryptedKey->length);
719
720 if (ukeylen <= 0)
721 {
722 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
723 CMS_R_UNWRAP_ERROR);
724 goto err;
725 }
726
727 ec->key = ukey;
728 ec->keylen = ukeylen;
729
730 r = 1;
731
732 err:
733
734 if (!r && ukey)
735 OPENSSL_free(ukey);
736 OPENSSL_cleanse(&actx, sizeof(actx));
737
738 return r;
739
740 }
741
742int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
743 {
744 switch(ri->type)
745 {
746 case CMS_RECIPINFO_TRANS:
747 return cms_RecipientInfo_ktri_decrypt(cms, ri);
748
749 case CMS_RECIPINFO_KEK:
750 return cms_RecipientInfo_kekri_decrypt(cms, ri);
751
752 default:
753 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
754 CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
755 return 0;
756 }
757 }
758
759BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
760 {
761 CMS_EncryptedContentInfo *ec;
762 STACK_OF(CMS_RecipientInfo) *rinfos;
763 CMS_RecipientInfo *ri;
764 int i, r, ok = 0;
765 BIO *ret;
766
767 /* Get BIO first to set up key */
768
769 ec = cms->d.envelopedData->encryptedContentInfo;
770 ret = cms_EncryptedContent_init_bio(ec);
771
772 /* If error or no cipher end of processing */
773
774 if (!ret || !ec->cipher)
775 return ret;
776
777 /* Now encrypt content key according to each RecipientInfo type */
778
779 rinfos = cms->d.envelopedData->recipientInfos;
780
781 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
782 {
783 ri = sk_CMS_RecipientInfo_value(rinfos, i);
784
785 switch (ri->type)
786 {
787 case CMS_RECIPINFO_TRANS:
788 r = cms_RecipientInfo_ktri_encrypt(cms, ri);
789 break;
790
791 case CMS_RECIPINFO_KEK:
792 r = cms_RecipientInfo_kekri_encrypt(cms, ri);
793 break;
794
795 default:
796 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
797 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
798 goto err;
799 }
800
801 if (r <= 0)
802 {
803 CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
804 CMS_R_ERROR_SETTING_RECIPIENTINFO);
805 goto err;
806 }
807 }
808
809 ok = 1;
810
811 err:
812 ec->cipher = NULL;
813 if (ec->key)
814 {
815 OPENSSL_cleanse(ec->key, ec->keylen);
816 OPENSSL_free(ec->key);
817 ec->key = NULL;
818 ec->keylen = 0;
819 }
820 if (ok)
821 return ret;
822 BIO_free(ret);
823 return NULL;
824
825 }
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
new file mode 100644
index 0000000000..52fa53954f
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_err.c
@@ -0,0 +1,236 @@
1/* crypto/cms/cms_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/cms.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
70
71static ERR_STRING_DATA CMS_str_functs[]=
72 {
73{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
74{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
75{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
76{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
77{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
78{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
79{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
80{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
81{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
82{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"},
83{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
84{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
85{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
86{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
87{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
88{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
89{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
90{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
91{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
92{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
93{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
94{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
95{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
96{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
97{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"},
98{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
99{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
100{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"},
101{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
102{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"},
103{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
104{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
105{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
106{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
107{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
108{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"},
109{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
110{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
111{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
112{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
113{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
114{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
115{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
116{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
117{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"},
118{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"},
119{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"},
120{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
121{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
122{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
123{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
124{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
125{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
126{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
127{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
128{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
129{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
130{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"},
131{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
132{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
133{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
134{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
135{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
136{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"},
137{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
138{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
139{0,NULL}
140 };
141
142static ERR_STRING_DATA CMS_str_reasons[]=
143 {
144{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"},
145{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
146{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
147{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
148{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
149{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
150{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"},
151{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"},
152{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
153{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"},
154{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
155{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
156{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
157{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
158{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"},
159{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"},
160{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"},
161{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"},
162{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"},
163{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
164{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
165{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"},
166{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
167{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
168{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
169{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"},
170{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
171{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
172{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"},
173{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
174{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
175{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"},
176{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"},
177{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"},
178{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"},
179{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"},
180{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
181{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"},
182{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"},
183{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"},
184{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"},
185{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"},
186{ERR_REASON(CMS_R_NO_KEY) ,"no key"},
187{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"},
188{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"},
189{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
190{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
191{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"},
192{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"},
193{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"},
194{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"},
195{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"},
196{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
197{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"},
198{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"},
199{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
200{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"},
201{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"},
202{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"},
203{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
204{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"},
205{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
206{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
207{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
208{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
209{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"},
210{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
211{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"},
212{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
213{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
214{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
215{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
216{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
217{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"},
218{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"},
219{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"},
220{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"},
221{0,NULL}
222 };
223
224#endif
225
226void ERR_load_CMS_strings(void)
227 {
228#ifndef OPENSSL_NO_ERR
229
230 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
231 {
232 ERR_load_strings(0,CMS_str_functs);
233 ERR_load_strings(0,CMS_str_reasons);
234 }
235#endif
236 }
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
new file mode 100644
index 0000000000..ed34ff3228
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_ess.c
@@ -0,0 +1,420 @@
1/* crypto/cms/cms_ess.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/rand.h>
58#include <openssl/x509v3.h>
59#include <openssl/err.h>
60#include <openssl/cms.h>
61#include "cms_lcl.h"
62
63DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
64DECLARE_ASN1_ITEM(CMS_Receipt)
65
66IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
67
68/* ESS services: for now just Signed Receipt related */
69
70int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
71 {
72 ASN1_STRING *str;
73 CMS_ReceiptRequest *rr = NULL;
74 if (prr)
75 *prr = NULL;
76 str = CMS_signed_get0_data_by_OBJ(si,
77 OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
78 -3, V_ASN1_SEQUENCE);
79 if (!str)
80 return 0;
81
82 rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
83 if (!rr)
84 return -1;
85 if (prr)
86 *prr = rr;
87 else
88 CMS_ReceiptRequest_free(rr);
89 return 1;
90 }
91
92CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
93 int allorfirst,
94 STACK_OF(GENERAL_NAMES) *receiptList,
95 STACK_OF(GENERAL_NAMES) *receiptsTo)
96 {
97 CMS_ReceiptRequest *rr = NULL;
98
99 rr = CMS_ReceiptRequest_new();
100 if (!rr)
101 goto merr;
102 if (id)
103 ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
104 else
105 {
106 if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
107 goto merr;
108 if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
109 <= 0)
110 goto err;
111 }
112
113 sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
114 rr->receiptsTo = receiptsTo;
115
116 if (receiptList)
117 {
118 rr->receiptsFrom->type = 1;
119 rr->receiptsFrom->d.receiptList = receiptList;
120 }
121 else
122 {
123 rr->receiptsFrom->type = 0;
124 rr->receiptsFrom->d.allOrFirstTier = allorfirst;
125 }
126
127 return rr;
128
129 merr:
130 CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
131
132 err:
133 if (rr)
134 CMS_ReceiptRequest_free(rr);
135
136 return NULL;
137
138 }
139
140int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
141 {
142 unsigned char *rrder = NULL;
143 int rrderlen, r = 0;
144
145 rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
146 if (rrderlen < 0)
147 goto merr;
148
149 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
150 V_ASN1_SEQUENCE, rrder, rrderlen))
151 goto merr;
152
153 r = 1;
154
155 merr:
156 if (!r)
157 CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
158
159 if (rrder)
160 OPENSSL_free(rrder);
161
162 return r;
163
164 }
165
166void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
167 ASN1_STRING **pcid,
168 int *pallorfirst,
169 STACK_OF(GENERAL_NAMES) **plist,
170 STACK_OF(GENERAL_NAMES) **prto)
171 {
172 if (pcid)
173 *pcid = rr->signedContentIdentifier;
174 if (rr->receiptsFrom->type == 0)
175 {
176 if (pallorfirst)
177 *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
178 if (plist)
179 *plist = NULL;
180 }
181 else
182 {
183 if (pallorfirst)
184 *pallorfirst = -1;
185 if (plist)
186 *plist = rr->receiptsFrom->d.receiptList;
187 }
188 if (prto)
189 *prto = rr->receiptsTo;
190 }
191
192/* Digest a SignerInfo structure for msgSigDigest attribute processing */
193
194static int cms_msgSigDigest(CMS_SignerInfo *si,
195 unsigned char *dig, unsigned int *diglen)
196 {
197 const EVP_MD *md;
198 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
199 if (md == NULL)
200 return 0;
201 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
202 si->signedAttrs, dig, diglen))
203 return 0;
204 return 1;
205 }
206
207/* Add a msgSigDigest attribute to a SignerInfo */
208
209int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
210 {
211 unsigned char dig[EVP_MAX_MD_SIZE];
212 unsigned int diglen;
213 if (!cms_msgSigDigest(src, dig, &diglen))
214 {
215 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
216 return 0;
217 }
218 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
219 V_ASN1_OCTET_STRING, dig, diglen))
220 {
221 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
222 return 0;
223 }
224 return 1;
225 }
226
227/* Verify signed receipt after it has already passed normal CMS verify */
228
229int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
230 {
231 int r = 0, i;
232 CMS_ReceiptRequest *rr = NULL;
233 CMS_Receipt *rct = NULL;
234 STACK_OF(CMS_SignerInfo) *sis, *osis;
235 CMS_SignerInfo *si, *osi = NULL;
236 ASN1_OCTET_STRING *msig, **pcont;
237 ASN1_OBJECT *octype;
238 unsigned char dig[EVP_MAX_MD_SIZE];
239 unsigned int diglen;
240
241 /* Get SignerInfos, also checks SignedData content type */
242 osis = CMS_get0_SignerInfos(req_cms);
243 sis = CMS_get0_SignerInfos(cms);
244 if (!osis || !sis)
245 goto err;
246
247 if (sk_CMS_SignerInfo_num(sis) != 1)
248 {
249 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
250 goto err;
251 }
252
253 /* Check receipt content type */
254 if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
255 {
256 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
257 goto err;
258 }
259
260 /* Extract and decode receipt content */
261 pcont = CMS_get0_content(cms);
262 if (!pcont || !*pcont)
263 {
264 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
265 goto err;
266 }
267
268 rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
269
270 if (!rct)
271 {
272 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
273 goto err;
274 }
275
276 /* Locate original request */
277
278 for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
279 {
280 osi = sk_CMS_SignerInfo_value(osis, i);
281 if (!ASN1_STRING_cmp(osi->signature,
282 rct->originatorSignatureValue))
283 break;
284 }
285
286 if (i == sk_CMS_SignerInfo_num(osis))
287 {
288 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
289 goto err;
290 }
291
292 si = sk_CMS_SignerInfo_value(sis, 0);
293
294 /* Get msgSigDigest value and compare */
295
296 msig = CMS_signed_get0_data_by_OBJ(si,
297 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
298 -3, V_ASN1_OCTET_STRING);
299
300 if (!msig)
301 {
302 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
303 goto err;
304 }
305
306 if (!cms_msgSigDigest(osi, dig, &diglen))
307 {
308 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
309 goto err;
310 }
311
312 if (diglen != (unsigned int)msig->length)
313 {
314 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
315 CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
316 goto err;
317 }
318
319 if (memcmp(dig, msig->data, diglen))
320 {
321 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
322 CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
323 goto err;
324 }
325
326 /* Compare content types */
327
328 octype = CMS_signed_get0_data_by_OBJ(osi,
329 OBJ_nid2obj(NID_pkcs9_contentType),
330 -3, V_ASN1_OBJECT);
331 if (!octype)
332 {
333 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
334 goto err;
335 }
336
337 /* Compare details in receipt request */
338
339 if (OBJ_cmp(octype, rct->contentType))
340 {
341 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
342 goto err;
343 }
344
345 /* Get original receipt request details */
346
347 if (!CMS_get1_ReceiptRequest(osi, &rr))
348 {
349 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
350 goto err;
351 }
352
353 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
354 rct->signedContentIdentifier))
355 {
356 CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
357 CMS_R_CONTENTIDENTIFIER_MISMATCH);
358 goto err;
359 }
360
361 r = 1;
362
363 err:
364 if (rr)
365 CMS_ReceiptRequest_free(rr);
366 if (rct)
367 M_ASN1_free_of(rct, CMS_Receipt);
368
369 return r;
370
371 }
372
373/* Encode a Receipt into an OCTET STRING read for including into content of
374 * a SignedData ContentInfo.
375 */
376
377ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
378 {
379 CMS_Receipt rct;
380 CMS_ReceiptRequest *rr = NULL;
381 ASN1_OBJECT *ctype;
382 ASN1_OCTET_STRING *os = NULL;
383
384 /* Get original receipt request */
385
386 /* Get original receipt request details */
387
388 if (!CMS_get1_ReceiptRequest(si, &rr))
389 {
390 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
391 goto err;
392 }
393
394 /* Get original content type */
395
396 ctype = CMS_signed_get0_data_by_OBJ(si,
397 OBJ_nid2obj(NID_pkcs9_contentType),
398 -3, V_ASN1_OBJECT);
399 if (!ctype)
400 {
401 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
402 goto err;
403 }
404
405 rct.version = 1;
406 rct.contentType = ctype;
407 rct.signedContentIdentifier = rr->signedContentIdentifier;
408 rct.originatorSignatureValue = si->signature;
409
410 os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
411
412 err:
413 if (rr)
414 CMS_ReceiptRequest_free(rr);
415
416 return os;
417
418 }
419
420
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
new file mode 100644
index 0000000000..30f5ddfe6d
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_io.c
@@ -0,0 +1,140 @@
1/* crypto/cms/cms_io.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/x509.h>
56#include <openssl/err.h>
57#include <openssl/pem.h>
58#include "cms.h"
59#include "cms_lcl.h"
60
61CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
62 {
63 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
64 }
65
66int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
67 {
68 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
69 }
70
71IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
72
73/* Callback for int_smime_write_ASN1 */
74
75static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
76 const ASN1_ITEM *it)
77 {
78 CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
79 BIO *tmpbio, *cmsbio;
80 int r = 0;
81
82 if (!(flags & SMIME_DETACHED))
83 {
84 SMIME_crlf_copy(data, out, flags);
85 return 1;
86 }
87
88 /* Let CMS code prepend any needed BIOs */
89
90 cmsbio = CMS_dataInit(cms, out);
91
92 if (!cmsbio)
93 return 0;
94
95 /* Copy data across, passing through filter BIOs for processing */
96 SMIME_crlf_copy(data, cmsbio, flags);
97
98 /* Finalize structure */
99 if (CMS_dataFinal(cms, cmsbio) <= 0)
100 goto err;
101
102 r = 1;
103
104 err:
105
106 /* Now remove any digests prepended to the BIO */
107
108 while (cmsbio != out)
109 {
110 tmpbio = BIO_pop(cmsbio);
111 BIO_free(cmsbio);
112 cmsbio = tmpbio;
113 }
114
115 return 1;
116
117 }
118
119
120int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
121 {
122 STACK_OF(X509_ALGOR) *mdalgs;
123 int ctype_nid = OBJ_obj2nid(cms->contentType);
124 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
125 if (ctype_nid == NID_pkcs7_signed)
126 mdalgs = cms->d.signedData->digestAlgorithms;
127 else
128 mdalgs = NULL;
129
130 return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
131 ctype_nid, econt_nid, mdalgs,
132 cms_output_data,
133 ASN1_ITEM_rptr(CMS_ContentInfo));
134 }
135
136CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
137 {
138 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
139 ASN1_ITEM_rptr(CMS_ContentInfo));
140 }
diff --git a/src/lib/libcrypto/cms/cms_lcl.h b/src/lib/libcrypto/cms/cms_lcl.h
new file mode 100644
index 0000000000..7d60fac67e
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_lcl.h
@@ -0,0 +1,460 @@
1/* crypto/cms/cms_lcl.h */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#ifndef HEADER_CMS_LCL_H
55#define HEADER_CMS_LCL_H
56
57#ifdef __cplusplus
58extern "C" {
59#endif
60
61#include <openssl/x509.h>
62
63/* Cryptographic message syntax (CMS) structures: taken
64 * from RFC3852
65 */
66
67/* Forward references */
68
69typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
70typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
71typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
72typedef struct CMS_SignedData_st CMS_SignedData;
73typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
74typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
75typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
76typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
77typedef struct CMS_DigestedData_st CMS_DigestedData;
78typedef struct CMS_EncryptedData_st CMS_EncryptedData;
79typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
80typedef struct CMS_CompressedData_st CMS_CompressedData;
81typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
82typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
83typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
84typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
85typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
86typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
87typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
88typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
89typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
90typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
91typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
92typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
93typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
94typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
95
96struct CMS_ContentInfo_st
97 {
98 ASN1_OBJECT *contentType;
99 union {
100 ASN1_OCTET_STRING *data;
101 CMS_SignedData *signedData;
102 CMS_EnvelopedData *envelopedData;
103 CMS_DigestedData *digestedData;
104 CMS_EncryptedData *encryptedData;
105 CMS_AuthenticatedData *authenticatedData;
106 CMS_CompressedData *compressedData;
107 ASN1_TYPE *other;
108 /* Other types ... */
109 void *otherData;
110 } d;
111 };
112
113struct CMS_SignedData_st
114 {
115 long version;
116 STACK_OF(X509_ALGOR) *digestAlgorithms;
117 CMS_EncapsulatedContentInfo *encapContentInfo;
118 STACK_OF(CMS_CertificateChoices) *certificates;
119 STACK_OF(CMS_RevocationInfoChoice) *crls;
120 STACK_OF(CMS_SignerInfo) *signerInfos;
121 };
122
123struct CMS_EncapsulatedContentInfo_st
124 {
125 ASN1_OBJECT *eContentType;
126 ASN1_OCTET_STRING *eContent;
127 /* Set to 1 if incomplete structure only part set up */
128 int partial;
129 };
130
131struct CMS_SignerInfo_st
132 {
133 long version;
134 CMS_SignerIdentifier *sid;
135 X509_ALGOR *digestAlgorithm;
136 STACK_OF(X509_ATTRIBUTE) *signedAttrs;
137 X509_ALGOR *signatureAlgorithm;
138 ASN1_OCTET_STRING *signature;
139 STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
140 /* Signing certificate and key */
141 X509 *signer;
142 EVP_PKEY *pkey;
143 };
144
145struct CMS_SignerIdentifier_st
146 {
147 int type;
148 union {
149 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
150 ASN1_OCTET_STRING *subjectKeyIdentifier;
151 } d;
152 };
153
154struct CMS_EnvelopedData_st
155 {
156 long version;
157 CMS_OriginatorInfo *originatorInfo;
158 STACK_OF(CMS_RecipientInfo) *recipientInfos;
159 CMS_EncryptedContentInfo *encryptedContentInfo;
160 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
161 };
162
163struct CMS_OriginatorInfo_st
164 {
165 STACK_OF(CMS_CertificateChoices) *certificates;
166 STACK_OF(CMS_RevocationInfoChoice) *crls;
167 };
168
169struct CMS_EncryptedContentInfo_st
170 {
171 ASN1_OBJECT *contentType;
172 X509_ALGOR *contentEncryptionAlgorithm;
173 ASN1_OCTET_STRING *encryptedContent;
174 /* Content encryption algorithm and key */
175 const EVP_CIPHER *cipher;
176 unsigned char *key;
177 size_t keylen;
178 };
179
180struct CMS_RecipientInfo_st
181 {
182 int type;
183 union {
184 CMS_KeyTransRecipientInfo *ktri;
185 CMS_KeyAgreeRecipientInfo *kari;
186 CMS_KEKRecipientInfo *kekri;
187 CMS_PasswordRecipientInfo *pwri;
188 CMS_OtherRecipientInfo *ori;
189 } d;
190 };
191
192typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
193
194struct CMS_KeyTransRecipientInfo_st
195 {
196 long version;
197 CMS_RecipientIdentifier *rid;
198 X509_ALGOR *keyEncryptionAlgorithm;
199 ASN1_OCTET_STRING *encryptedKey;
200 /* Recipient Key and cert */
201 X509 *recip;
202 EVP_PKEY *pkey;
203 };
204
205struct CMS_KeyAgreeRecipientInfo_st
206 {
207 long version;
208 CMS_OriginatorIdentifierOrKey *originator;
209 ASN1_OCTET_STRING *ukm;
210 X509_ALGOR *keyEncryptionAlgorithm;
211 STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
212 };
213
214struct CMS_OriginatorIdentifierOrKey_st
215 {
216 int type;
217 union {
218 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
219 ASN1_OCTET_STRING *subjectKeyIdentifier;
220 CMS_OriginatorPublicKey *originatorKey;
221 } d;
222 };
223
224struct CMS_OriginatorPublicKey_st
225 {
226 X509_ALGOR *algorithm;
227 ASN1_BIT_STRING *publicKey;
228 };
229
230struct CMS_RecipientEncryptedKey_st
231 {
232 CMS_KeyAgreeRecipientIdentifier *rid;
233 ASN1_OCTET_STRING *encryptedKey;
234 };
235
236struct CMS_KeyAgreeRecipientIdentifier_st
237 {
238 int type;
239 union {
240 CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
241 CMS_RecipientKeyIdentifier *rKeyId;
242 } d;
243 };
244
245struct CMS_RecipientKeyIdentifier_st
246 {
247 ASN1_OCTET_STRING *subjectKeyIdentifier;
248 ASN1_GENERALIZEDTIME *date;
249 CMS_OtherKeyAttribute *other;
250 };
251
252struct CMS_KEKRecipientInfo_st
253 {
254 long version;
255 CMS_KEKIdentifier *kekid;
256 X509_ALGOR *keyEncryptionAlgorithm;
257 ASN1_OCTET_STRING *encryptedKey;
258 /* Extra info: symmetric key to use */
259 unsigned char *key;
260 size_t keylen;
261 };
262
263struct CMS_KEKIdentifier_st
264 {
265 ASN1_OCTET_STRING *keyIdentifier;
266 ASN1_GENERALIZEDTIME *date;
267 CMS_OtherKeyAttribute *other;
268 };
269
270struct CMS_PasswordRecipientInfo_st
271 {
272 long version;
273 X509_ALGOR *keyDerivationAlgorithm;
274 X509_ALGOR *keyEncryptionAlgorithm;
275 ASN1_OCTET_STRING *encryptedKey;
276 };
277
278struct CMS_OtherRecipientInfo_st
279 {
280 ASN1_OBJECT *oriType;
281 ASN1_TYPE *oriValue;
282 };
283
284struct CMS_DigestedData_st
285 {
286 long version;
287 X509_ALGOR *digestAlgorithm;
288 CMS_EncapsulatedContentInfo *encapContentInfo;
289 ASN1_OCTET_STRING *digest;
290 };
291
292struct CMS_EncryptedData_st
293 {
294 long version;
295 CMS_EncryptedContentInfo *encryptedContentInfo;
296 STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
297 };
298
299struct CMS_AuthenticatedData_st
300 {
301 long version;
302 CMS_OriginatorInfo *originatorInfo;
303 STACK_OF(CMS_RecipientInfo) *recipientInfos;
304 X509_ALGOR *macAlgorithm;
305 X509_ALGOR *digestAlgorithm;
306 CMS_EncapsulatedContentInfo *encapContentInfo;
307 STACK_OF(X509_ATTRIBUTE) *authAttrs;
308 ASN1_OCTET_STRING *mac;
309 STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
310 };
311
312struct CMS_CompressedData_st
313 {
314 long version;
315 X509_ALGOR *compressionAlgorithm;
316 STACK_OF(CMS_RecipientInfo) *recipientInfos;
317 CMS_EncapsulatedContentInfo *encapContentInfo;
318 };
319
320struct CMS_RevocationInfoChoice_st
321 {
322 int type;
323 union {
324 X509_CRL *crl;
325 CMS_OtherRevocationInfoFormat *other;
326 } d;
327 };
328
329#define CMS_REVCHOICE_CRL 0
330#define CMS_REVCHOICE_OTHER 1
331
332struct CMS_OtherRevocationInfoFormat_st
333 {
334 ASN1_OBJECT *otherRevInfoFormat;
335 ASN1_TYPE *otherRevInfo;
336 };
337
338struct CMS_CertificateChoices
339 {
340 int type;
341 union {
342 X509 *certificate;
343 ASN1_STRING *extendedCertificate; /* Obsolete */
344 ASN1_STRING *v1AttrCert; /* Left encoded for now */
345 ASN1_STRING *v2AttrCert; /* Left encoded for now */
346 CMS_OtherCertificateFormat *other;
347 } d;
348 };
349
350#define CMS_CERTCHOICE_CERT 0
351#define CMS_CERTCHOICE_EXCERT 1
352#define CMS_CERTCHOICE_V1ACERT 2
353#define CMS_CERTCHOICE_V2ACERT 3
354#define CMS_CERTCHOICE_OTHER 4
355
356struct CMS_OtherCertificateFormat_st
357 {
358 ASN1_OBJECT *otherCertFormat;
359 ASN1_TYPE *otherCert;
360 };
361
362/* This is also defined in pkcs7.h but we duplicate it
363 * to allow the CMS code to be independent of PKCS#7
364 */
365
366struct CMS_IssuerAndSerialNumber_st
367 {
368 X509_NAME *issuer;
369 ASN1_INTEGER *serialNumber;
370 };
371
372struct CMS_OtherKeyAttribute_st
373 {
374 ASN1_OBJECT *keyAttrId;
375 ASN1_TYPE *keyAttr;
376 };
377
378/* ESS structures */
379
380#ifdef HEADER_X509V3_H
381
382struct CMS_ReceiptRequest_st
383 {
384 ASN1_OCTET_STRING *signedContentIdentifier;
385 CMS_ReceiptsFrom *receiptsFrom;
386 STACK_OF(GENERAL_NAMES) *receiptsTo;
387 };
388
389
390struct CMS_ReceiptsFrom_st
391 {
392 int type;
393 union
394 {
395 long allOrFirstTier;
396 STACK_OF(GENERAL_NAMES) *receiptList;
397 } d;
398 };
399#endif
400
401struct CMS_Receipt_st
402 {
403 long version;
404 ASN1_OBJECT *contentType;
405 ASN1_OCTET_STRING *signedContentIdentifier;
406 ASN1_OCTET_STRING *originatorSignatureValue;
407 };
408
409DECLARE_ASN1_ITEM(CMS_SignerInfo)
410DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
411DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
412DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
413DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
414
415#define CMS_SIGNERINFO_ISSUER_SERIAL 0
416#define CMS_SIGNERINFO_KEYIDENTIFIER 1
417
418#define CMS_RECIPINFO_ISSUER_SERIAL 0
419#define CMS_RECIPINFO_KEYIDENTIFIER 1
420
421BIO *cms_content_bio(CMS_ContentInfo *cms);
422
423CMS_ContentInfo *cms_Data_create(void);
424
425CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
426BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
427int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
428
429BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
430int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
431int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
432int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
433 ASN1_OCTET_STRING **keyid,
434 X509_NAME **issuer, ASN1_INTEGER **sno);
435int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
436
437CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
438BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
439
440void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
441BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
442int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
443 X509_ALGOR *mdalg);
444
445BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
446BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
447int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
448 const EVP_CIPHER *cipher,
449 const unsigned char *key, size_t keylen);
450
451int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
452int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
453ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
454
455BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
456
457#ifdef __cplusplus
458}
459#endif
460#endif
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
new file mode 100644
index 0000000000..8e6c1d29a5
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -0,0 +1,623 @@
1/* crypto/cms/cms_lib.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <openssl/asn1t.h>
55#include <openssl/x509.h>
56#include <openssl/err.h>
57#include <openssl/pem.h>
58#include <openssl/bio.h>
59#include <openssl/asn1.h>
60#include "cms.h"
61#include "cms_lcl.h"
62
63IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
64
65DECLARE_ASN1_ITEM(CMS_CertificateChoices)
66DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
67DECLARE_STACK_OF(CMS_CertificateChoices)
68DECLARE_STACK_OF(CMS_RevocationInfoChoice)
69
70const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
71 {
72 return cms->contentType;
73 }
74
75CMS_ContentInfo *cms_Data_create(void)
76 {
77 CMS_ContentInfo *cms;
78 cms = CMS_ContentInfo_new();
79 if (cms)
80 {
81 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
82 /* Never detached */
83 CMS_set_detached(cms, 0);
84 }
85 return cms;
86 }
87
88BIO *cms_content_bio(CMS_ContentInfo *cms)
89 {
90 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
91 if (!pos)
92 return NULL;
93 /* If content detached data goes nowhere: create NULL BIO */
94 if (!*pos)
95 return BIO_new(BIO_s_null());
96 /* If content not detached and created return memory BIO
97 */
98 if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
99 return BIO_new(BIO_s_mem());
100 /* Else content was read in: return read only BIO for it */
101 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
102 }
103
104BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
105 {
106 BIO *cmsbio, *cont;
107 if (icont)
108 cont = icont;
109 else
110 cont = cms_content_bio(cms);
111 if (!cont)
112 {
113 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
114 return NULL;
115 }
116 switch (OBJ_obj2nid(cms->contentType))
117 {
118
119 case NID_pkcs7_data:
120 return cont;
121
122 case NID_pkcs7_signed:
123 cmsbio = cms_SignedData_init_bio(cms);
124 break;
125
126 case NID_pkcs7_digest:
127 cmsbio = cms_DigestedData_init_bio(cms);
128 break;
129#ifdef ZLIB
130 case NID_id_smime_ct_compressedData:
131 cmsbio = cms_CompressedData_init_bio(cms);
132 break;
133#endif
134
135 case NID_pkcs7_encrypted:
136 cmsbio = cms_EncryptedData_init_bio(cms);
137 break;
138
139 case NID_pkcs7_enveloped:
140 cmsbio = cms_EnvelopedData_init_bio(cms);
141 break;
142
143 default:
144 CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
145 return NULL;
146 }
147
148 if (cmsbio)
149 return BIO_push(cmsbio, cont);
150
151 if (!icont)
152 BIO_free(cont);
153 return NULL;
154
155 }
156
157int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
158 {
159 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
160 if (!pos)
161 return 0;
162 /* If ebmedded content find memory BIO and set content */
163 if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
164 {
165 BIO *mbio;
166 unsigned char *cont;
167 long contlen;
168 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
169 if (!mbio)
170 {
171 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
172 return 0;
173 }
174 contlen = BIO_get_mem_data(mbio, &cont);
175 /* Set bio as read only so its content can't be clobbered */
176 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
177 BIO_set_mem_eof_return(mbio, 0);
178 ASN1_STRING_set0(*pos, cont, contlen);
179 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
180 }
181
182 switch (OBJ_obj2nid(cms->contentType))
183 {
184
185 case NID_pkcs7_data:
186 case NID_pkcs7_enveloped:
187 case NID_pkcs7_encrypted:
188 case NID_id_smime_ct_compressedData:
189 /* Nothing to do */
190 return 1;
191
192 case NID_pkcs7_signed:
193 return cms_SignedData_final(cms, cmsbio);
194
195 case NID_pkcs7_digest:
196 return cms_DigestedData_do_final(cms, cmsbio, 0);
197
198 default:
199 CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
200 return 0;
201 }
202 }
203
204/* Return an OCTET STRING pointer to content. This allows it to
205 * be accessed or set later.
206 */
207
208ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
209 {
210 switch (OBJ_obj2nid(cms->contentType))
211 {
212
213 case NID_pkcs7_data:
214 return &cms->d.data;
215
216 case NID_pkcs7_signed:
217 return &cms->d.signedData->encapContentInfo->eContent;
218
219 case NID_pkcs7_enveloped:
220 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
221
222 case NID_pkcs7_digest:
223 return &cms->d.digestedData->encapContentInfo->eContent;
224
225 case NID_pkcs7_encrypted:
226 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
227
228 case NID_id_smime_ct_authData:
229 return &cms->d.authenticatedData->encapContentInfo->eContent;
230
231 case NID_id_smime_ct_compressedData:
232 return &cms->d.compressedData->encapContentInfo->eContent;
233
234 default:
235 if (cms->d.other->type == V_ASN1_OCTET_STRING)
236 return &cms->d.other->value.octet_string;
237 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
238 return NULL;
239
240 }
241 }
242
243/* Return an ASN1_OBJECT pointer to content type. This allows it to
244 * be accessed or set later.
245 */
246
247static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
248 {
249 switch (OBJ_obj2nid(cms->contentType))
250 {
251
252 case NID_pkcs7_signed:
253 return &cms->d.signedData->encapContentInfo->eContentType;
254
255 case NID_pkcs7_enveloped:
256 return &cms->d.envelopedData->encryptedContentInfo->contentType;
257
258 case NID_pkcs7_digest:
259 return &cms->d.digestedData->encapContentInfo->eContentType;
260
261 case NID_pkcs7_encrypted:
262 return &cms->d.encryptedData->encryptedContentInfo->contentType;
263
264 case NID_id_smime_ct_authData:
265 return &cms->d.authenticatedData->encapContentInfo->eContentType;
266
267 case NID_id_smime_ct_compressedData:
268 return &cms->d.compressedData->encapContentInfo->eContentType;
269
270 default:
271 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
272 CMS_R_UNSUPPORTED_CONTENT_TYPE);
273 return NULL;
274
275 }
276 }
277
278const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
279 {
280 ASN1_OBJECT **petype;
281 petype = cms_get0_econtent_type(cms);
282 if (petype)
283 return *petype;
284 return NULL;
285 }
286
287int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
288 {
289 ASN1_OBJECT **petype, *etype;
290 petype = cms_get0_econtent_type(cms);
291 if (!petype)
292 return 0;
293 if (!oid)
294 return 1;
295 etype = OBJ_dup(oid);
296 if (!etype)
297 return 0;
298 ASN1_OBJECT_free(*petype);
299 *petype = etype;
300 return 1;
301 }
302
303int CMS_is_detached(CMS_ContentInfo *cms)
304 {
305 ASN1_OCTET_STRING **pos;
306 pos = CMS_get0_content(cms);
307 if (!pos)
308 return -1;
309 if (*pos)
310 return 0;
311 return 1;
312 }
313
314int CMS_set_detached(CMS_ContentInfo *cms, int detached)
315 {
316 ASN1_OCTET_STRING **pos;
317 pos = CMS_get0_content(cms);
318 if (!pos)
319 return 0;
320 if (detached)
321 {
322 if (*pos)
323 {
324 ASN1_OCTET_STRING_free(*pos);
325 *pos = NULL;
326 }
327 return 1;
328 }
329 if (!*pos)
330 *pos = ASN1_OCTET_STRING_new();
331 if (*pos)
332 {
333 /* NB: special flag to show content is created and not
334 * read in.
335 */
336 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
337 return 1;
338 }
339 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
340 return 0;
341 }
342
343/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
344
345void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
346 {
347 int param_type;
348
349 switch (EVP_MD_type(md))
350 {
351 case NID_sha1:
352 case NID_sha224:
353 case NID_sha256:
354 case NID_sha384:
355 case NID_sha512:
356 param_type = V_ASN1_UNDEF;
357 break;
358
359 default:
360 param_type = V_ASN1_NULL;
361 break;
362 }
363
364 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
365
366 }
367
368/* Create a digest BIO from an X509_ALGOR structure */
369
370BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
371 {
372 BIO *mdbio = NULL;
373 ASN1_OBJECT *digestoid;
374 const EVP_MD *digest;
375 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
376 digest = EVP_get_digestbyobj(digestoid);
377 if (!digest)
378 {
379 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
380 CMS_R_UNKNOWN_DIGEST_ALGORIHM);
381 goto err;
382 }
383 mdbio = BIO_new(BIO_f_md());
384 if (!mdbio || !BIO_set_md(mdbio, digest))
385 {
386 CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
387 CMS_R_MD_BIO_INIT_ERROR);
388 goto err;
389 }
390 return mdbio;
391 err:
392 if (mdbio)
393 BIO_free(mdbio);
394 return NULL;
395 }
396
397/* Locate a message digest content from a BIO chain based on SignerInfo */
398
399int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
400 X509_ALGOR *mdalg)
401 {
402 int nid;
403 ASN1_OBJECT *mdoid;
404 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
405 nid = OBJ_obj2nid(mdoid);
406 /* Look for digest type to match signature */
407 for (;;)
408 {
409 EVP_MD_CTX *mtmp;
410 chain = BIO_find_type(chain, BIO_TYPE_MD);
411 if (chain == NULL)
412 {
413 CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
414 CMS_R_NO_MATCHING_DIGEST);
415 return 0;
416 }
417 BIO_get_md_ctx(chain, &mtmp);
418 if (EVP_MD_CTX_type(mtmp) == nid)
419 {
420 EVP_MD_CTX_copy_ex(mctx, mtmp);
421 return 1;
422 }
423 chain = BIO_next(chain);
424 }
425 }
426
427static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
428 {
429 switch (OBJ_obj2nid(cms->contentType))
430 {
431
432 case NID_pkcs7_signed:
433 return &cms->d.signedData->certificates;
434
435 case NID_pkcs7_enveloped:
436 return &cms->d.envelopedData->originatorInfo->certificates;
437
438 default:
439 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
440 CMS_R_UNSUPPORTED_CONTENT_TYPE);
441 return NULL;
442
443 }
444 }
445
446CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
447 {
448 STACK_OF(CMS_CertificateChoices) **pcerts;
449 CMS_CertificateChoices *cch;
450 pcerts = cms_get0_certificate_choices(cms);
451 if (!pcerts)
452 return NULL;
453 if (!*pcerts)
454 *pcerts = sk_CMS_CertificateChoices_new_null();
455 if (!*pcerts)
456 return NULL;
457 cch = M_ASN1_new_of(CMS_CertificateChoices);
458 if (!cch)
459 return NULL;
460 if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
461 {
462 M_ASN1_free_of(cch, CMS_CertificateChoices);
463 return NULL;
464 }
465 return cch;
466 }
467
468int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
469 {
470 CMS_CertificateChoices *cch;
471 STACK_OF(CMS_CertificateChoices) **pcerts;
472 int i;
473 pcerts = cms_get0_certificate_choices(cms);
474 if (!pcerts)
475 return 0;
476 if (!pcerts)
477 return 0;
478 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
479 {
480 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
481 if (cch->type == CMS_CERTCHOICE_CERT)
482 {
483 if (!X509_cmp(cch->d.certificate, cert))
484 {
485 CMSerr(CMS_F_CMS_ADD0_CERT,
486 CMS_R_CERTIFICATE_ALREADY_PRESENT);
487 return 0;
488 }
489 }
490 }
491 cch = CMS_add0_CertificateChoices(cms);
492 if (!cch)
493 return 0;
494 cch->type = CMS_CERTCHOICE_CERT;
495 cch->d.certificate = cert;
496 return 1;
497 }
498
499int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
500 {
501 int r;
502 r = CMS_add0_cert(cms, cert);
503 if (r > 0)
504 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
505 return r;
506 }
507
508static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
509 {
510 switch (OBJ_obj2nid(cms->contentType))
511 {
512
513 case NID_pkcs7_signed:
514 return &cms->d.signedData->crls;
515
516 case NID_pkcs7_enveloped:
517 return &cms->d.envelopedData->originatorInfo->crls;
518
519 default:
520 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
521 CMS_R_UNSUPPORTED_CONTENT_TYPE);
522 return NULL;
523
524 }
525 }
526
527CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
528 {
529 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
530 CMS_RevocationInfoChoice *rch;
531 pcrls = cms_get0_revocation_choices(cms);
532 if (!pcrls)
533 return NULL;
534 if (!*pcrls)
535 *pcrls = sk_CMS_RevocationInfoChoice_new_null();
536 if (!*pcrls)
537 return NULL;
538 rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
539 if (!rch)
540 return NULL;
541 if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
542 {
543 M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
544 return NULL;
545 }
546 return rch;
547 }
548
549int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
550 {
551 CMS_RevocationInfoChoice *rch;
552 rch = CMS_add0_RevocationInfoChoice(cms);
553 if (!rch)
554 return 0;
555 rch->type = CMS_REVCHOICE_CRL;
556 rch->d.crl = crl;
557 return 1;
558 }
559
560STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
561 {
562 STACK_OF(X509) *certs = NULL;
563 CMS_CertificateChoices *cch;
564 STACK_OF(CMS_CertificateChoices) **pcerts;
565 int i;
566 pcerts = cms_get0_certificate_choices(cms);
567 if (!pcerts)
568 return NULL;
569 for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
570 {
571 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
572 if (cch->type == 0)
573 {
574 if (!certs)
575 {
576 certs = sk_X509_new_null();
577 if (!certs)
578 return NULL;
579 }
580 if (!sk_X509_push(certs, cch->d.certificate))
581 {
582 sk_X509_pop_free(certs, X509_free);
583 return NULL;
584 }
585 CRYPTO_add(&cch->d.certificate->references,
586 1, CRYPTO_LOCK_X509);
587 }
588 }
589 return certs;
590
591 }
592
593STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
594 {
595 STACK_OF(X509_CRL) *crls = NULL;
596 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
597 CMS_RevocationInfoChoice *rch;
598 int i;
599 pcrls = cms_get0_revocation_choices(cms);
600 if (!pcrls)
601 return NULL;
602 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
603 {
604 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
605 if (rch->type == 0)
606 {
607 if (!crls)
608 {
609 crls = sk_X509_CRL_new_null();
610 if (!crls)
611 return NULL;
612 }
613 if (!sk_X509_CRL_push(crls, rch->d.crl))
614 {
615 sk_X509_CRL_pop_free(crls, X509_CRL_free);
616 return NULL;
617 }
618 CRYPTO_add(&rch->d.crl->references,
619 1, CRYPTO_LOCK_X509_CRL);
620 }
621 }
622 return crls;
623 }
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
new file mode 100644
index 0000000000..591bfbec33
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -0,0 +1,1014 @@
1/* crypto/cms/cms_sd.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/pem.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61
62/* CMS SignedData Utilities */
63
64DECLARE_ASN1_ITEM(CMS_SignedData)
65
66static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
67 {
68 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
69 {
70 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
71 return NULL;
72 }
73 return cms->d.signedData;
74 }
75
76static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
77 {
78 if (cms->d.other == NULL)
79 {
80 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
81 if (!cms->d.signedData)
82 {
83 CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
84 return NULL;
85 }
86 cms->d.signedData->version = 1;
87 cms->d.signedData->encapContentInfo->eContentType =
88 OBJ_nid2obj(NID_pkcs7_data);
89 cms->d.signedData->encapContentInfo->partial = 1;
90 ASN1_OBJECT_free(cms->contentType);
91 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
92 return cms->d.signedData;
93 }
94 return cms_get0_signed(cms);
95 }
96
97/* Just initialize SignedData e.g. for certs only structure */
98
99int CMS_SignedData_init(CMS_ContentInfo *cms)
100 {
101 if (cms_signed_data_init(cms))
102 return 1;
103 else
104 return 0;
105 }
106
107/* Check structures and fixup version numbers (if necessary) */
108
109static void cms_sd_set_version(CMS_SignedData *sd)
110 {
111 int i;
112 CMS_CertificateChoices *cch;
113 CMS_RevocationInfoChoice *rch;
114 CMS_SignerInfo *si;
115
116 for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
117 {
118 cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
119 if (cch->type == CMS_CERTCHOICE_OTHER)
120 {
121 if (sd->version < 5)
122 sd->version = 5;
123 }
124 else if (cch->type == CMS_CERTCHOICE_V2ACERT)
125 {
126 if (sd->version < 4)
127 sd->version = 4;
128 }
129 else if (cch->type == CMS_CERTCHOICE_V1ACERT)
130 {
131 if (sd->version < 3)
132 sd->version = 3;
133 }
134 }
135
136 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
137 {
138 rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
139 if (rch->type == CMS_REVCHOICE_OTHER)
140 {
141 if (sd->version < 5)
142 sd->version = 5;
143 }
144 }
145
146 if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
147 && (sd->version < 3))
148 sd->version = 3;
149
150 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
151 {
152 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
153 if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
154 {
155 if (si->version < 3)
156 si->version = 3;
157 if (sd->version < 3)
158 sd->version = 3;
159 }
160 else
161 sd->version = 1;
162 }
163
164 if (sd->version < 1)
165 sd->version = 1;
166
167 }
168
169/* Copy an existing messageDigest value */
170
171static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
172 {
173 STACK_OF(CMS_SignerInfo) *sinfos;
174 CMS_SignerInfo *sitmp;
175 int i;
176 sinfos = CMS_get0_SignerInfos(cms);
177 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
178 {
179 ASN1_OCTET_STRING *messageDigest;
180 sitmp = sk_CMS_SignerInfo_value(sinfos, i);
181 if (sitmp == si)
182 continue;
183 if (CMS_signed_get_attr_count(sitmp) < 0)
184 continue;
185 if (OBJ_cmp(si->digestAlgorithm->algorithm,
186 sitmp->digestAlgorithm->algorithm))
187 continue;
188 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
189 OBJ_nid2obj(NID_pkcs9_messageDigest),
190 -3, V_ASN1_OCTET_STRING);
191 if (!messageDigest)
192 {
193 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
194 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
195 return 0;
196 }
197
198 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
199 V_ASN1_OCTET_STRING,
200 messageDigest, -1))
201 return 1;
202 else
203 return 0;
204 }
205 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
206 return 0;
207 }
208
209int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
210 {
211 switch(type)
212 {
213 case CMS_SIGNERINFO_ISSUER_SERIAL:
214 sid->d.issuerAndSerialNumber =
215 M_ASN1_new_of(CMS_IssuerAndSerialNumber);
216 if (!sid->d.issuerAndSerialNumber)
217 goto merr;
218 if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
219 X509_get_issuer_name(cert)))
220 goto merr;
221 ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
222 sid->d.issuerAndSerialNumber->serialNumber =
223 ASN1_STRING_dup(X509_get_serialNumber(cert));
224 if(!sid->d.issuerAndSerialNumber->serialNumber)
225 goto merr;
226 break;
227
228 case CMS_SIGNERINFO_KEYIDENTIFIER:
229 if (!cert->skid)
230 {
231 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
232 CMS_R_CERTIFICATE_HAS_NO_KEYID);
233 return 0;
234 }
235 sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
236 if (!sid->d.subjectKeyIdentifier)
237 goto merr;
238 break;
239
240 default:
241 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
242 return 0;
243 }
244
245 sid->type = type;
246
247 return 1;
248
249 merr:
250 CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
251 return 0;
252
253 }
254
255int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
256 ASN1_OCTET_STRING **keyid,
257 X509_NAME **issuer, ASN1_INTEGER **sno)
258 {
259 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
260 {
261 if (issuer)
262 *issuer = sid->d.issuerAndSerialNumber->issuer;
263 if (sno)
264 *sno = sid->d.issuerAndSerialNumber->serialNumber;
265 }
266 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
267 {
268 if (keyid)
269 *keyid = sid->d.subjectKeyIdentifier;
270 }
271 else
272 return 0;
273 return 1;
274 }
275
276int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
277 {
278 int ret;
279 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
280 {
281 ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
282 X509_get_issuer_name(cert));
283 if (ret)
284 return ret;
285 return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
286 X509_get_serialNumber(cert));
287 }
288 else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
289 {
290 X509_check_purpose(cert, -1, -1);
291 if (!cert->skid)
292 return -1;
293 return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
294 cert->skid);
295 }
296 else
297 return -1;
298 }
299
300CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
301 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
302 unsigned int flags)
303 {
304 CMS_SignedData *sd;
305 CMS_SignerInfo *si = NULL;
306 X509_ALGOR *alg;
307 int i, type;
308 if(!X509_check_private_key(signer, pk))
309 {
310 CMSerr(CMS_F_CMS_ADD1_SIGNER,
311 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
312 return NULL;
313 }
314 sd = cms_signed_data_init(cms);
315 if (!sd)
316 goto err;
317 si = M_ASN1_new_of(CMS_SignerInfo);
318 if (!si)
319 goto merr;
320 X509_check_purpose(signer, -1, -1);
321
322 CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
323 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
324
325 si->pkey = pk;
326 si->signer = signer;
327
328 if (flags & CMS_USE_KEYID)
329 {
330 si->version = 3;
331 if (sd->version < 3)
332 sd->version = 3;
333 type = CMS_SIGNERINFO_KEYIDENTIFIER;
334 }
335 else
336 {
337 type = CMS_SIGNERINFO_ISSUER_SERIAL;
338 si->version = 1;
339 }
340
341 if (!cms_set1_SignerIdentifier(si->sid, signer, type))
342 goto err;
343
344 /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
345 if (md == NULL)
346 md = EVP_sha1();
347
348 /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
349
350 if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
351 {
352 CMSerr(CMS_F_CMS_ADD1_SIGNER,
353 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
354 goto err;
355 }
356
357 cms_DigestAlgorithm_set(si->digestAlgorithm, md);
358
359 /* See if digest is present in digestAlgorithms */
360 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
361 {
362 ASN1_OBJECT *aoid;
363 alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
364 X509_ALGOR_get0(&aoid, NULL, NULL, alg);
365 if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
366 break;
367 }
368
369 if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
370 {
371 alg = X509_ALGOR_new();
372 if (!alg)
373 goto merr;
374 cms_DigestAlgorithm_set(alg, md);
375 if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
376 {
377 X509_ALGOR_free(alg);
378 goto merr;
379 }
380 }
381
382 /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
383 * hard code algorithm parameters.
384 */
385
386 switch (pk->type)
387 {
388
389 case EVP_PKEY_RSA:
390 X509_ALGOR_set0(si->signatureAlgorithm,
391 OBJ_nid2obj(NID_rsaEncryption),
392 V_ASN1_NULL, 0);
393 break;
394
395 case EVP_PKEY_DSA:
396 X509_ALGOR_set0(si->signatureAlgorithm,
397 OBJ_nid2obj(NID_dsaWithSHA1),
398 V_ASN1_UNDEF, 0);
399 break;
400
401
402 case EVP_PKEY_EC:
403 X509_ALGOR_set0(si->signatureAlgorithm,
404 OBJ_nid2obj(NID_ecdsa_with_SHA1),
405 V_ASN1_UNDEF, 0);
406 break;
407
408 default:
409 CMSerr(CMS_F_CMS_ADD1_SIGNER,
410 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
411 goto err;
412
413 }
414
415 if (!(flags & CMS_NOATTR))
416 {
417 /* Initialialize signed attributes strutucture so other
418 * attributes such as signing time etc are added later
419 * even if we add none here.
420 */
421 if (!si->signedAttrs)
422 {
423 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
424 if (!si->signedAttrs)
425 goto merr;
426 }
427
428 if (!(flags & CMS_NOSMIMECAP))
429 {
430 STACK_OF(X509_ALGOR) *smcap = NULL;
431 i = CMS_add_standard_smimecap(&smcap);
432 if (i)
433 i = CMS_add_smimecap(si, smcap);
434 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
435 if (!i)
436 goto merr;
437 }
438 if (flags & CMS_REUSE_DIGEST)
439 {
440 if (!cms_copy_messageDigest(cms, si))
441 goto err;
442 if (!(flags & CMS_PARTIAL) &&
443 !CMS_SignerInfo_sign(si))
444 goto err;
445 }
446 }
447
448 if (!(flags & CMS_NOCERTS))
449 {
450 /* NB ignore -1 return for duplicate cert */
451 if (!CMS_add1_cert(cms, signer))
452 goto merr;
453 }
454
455 if (!sd->signerInfos)
456 sd->signerInfos = sk_CMS_SignerInfo_new_null();
457 if (!sd->signerInfos ||
458 !sk_CMS_SignerInfo_push(sd->signerInfos, si))
459 goto merr;
460
461 return si;
462
463 merr:
464 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
465 err:
466 if (si)
467 M_ASN1_free_of(si, CMS_SignerInfo);
468 return NULL;
469
470 }
471
472static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
473 {
474 ASN1_TIME *tt;
475 int r = 0;
476 if (t)
477 tt = t;
478 else
479 tt = X509_gmtime_adj(NULL, 0);
480
481 if (!tt)
482 goto merr;
483
484 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
485 tt->type, tt, -1) <= 0)
486 goto merr;
487
488 r = 1;
489
490 merr:
491
492 if (!t)
493 ASN1_TIME_free(tt);
494
495 if (!r)
496 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
497
498 return r;
499
500 }
501
502STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
503 {
504 CMS_SignedData *sd;
505 sd = cms_get0_signed(cms);
506 if (!sd)
507 return NULL;
508 return sd->signerInfos;
509 }
510
511STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
512 {
513 STACK_OF(X509) *signers = NULL;
514 STACK_OF(CMS_SignerInfo) *sinfos;
515 CMS_SignerInfo *si;
516 int i;
517 sinfos = CMS_get0_SignerInfos(cms);
518 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
519 {
520 si = sk_CMS_SignerInfo_value(sinfos, i);
521 if (si->signer)
522 {
523 if (!signers)
524 {
525 signers = sk_X509_new_null();
526 if (!signers)
527 return NULL;
528 }
529 if (!sk_X509_push(signers, si->signer))
530 {
531 sk_X509_free(signers);
532 return NULL;
533 }
534 }
535 }
536 return signers;
537 }
538
539void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
540 {
541 if (signer)
542 {
543 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
544 if (si->pkey)
545 EVP_PKEY_free(si->pkey);
546 si->pkey = X509_get_pubkey(signer);
547 }
548 if (si->signer)
549 X509_free(si->signer);
550 si->signer = signer;
551 }
552
553int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
554 ASN1_OCTET_STRING **keyid,
555 X509_NAME **issuer, ASN1_INTEGER **sno)
556 {
557 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
558 }
559
560int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
561 {
562 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
563 }
564
565int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
566 unsigned int flags)
567 {
568 CMS_SignedData *sd;
569 CMS_SignerInfo *si;
570 CMS_CertificateChoices *cch;
571 STACK_OF(CMS_CertificateChoices) *certs;
572 X509 *x;
573 int i, j;
574 int ret = 0;
575 sd = cms_get0_signed(cms);
576 if (!sd)
577 return -1;
578 certs = sd->certificates;
579 for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
580 {
581 si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
582 if (si->signer)
583 continue;
584
585 for (j = 0; j < sk_X509_num(scerts); j++)
586 {
587 x = sk_X509_value(scerts, j);
588 if (CMS_SignerInfo_cert_cmp(si, x) == 0)
589 {
590 CMS_SignerInfo_set1_signer_cert(si, x);
591 ret++;
592 break;
593 }
594 }
595
596 if (si->signer || (flags & CMS_NOINTERN))
597 continue;
598
599 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
600 {
601 cch = sk_CMS_CertificateChoices_value(certs, j);
602 if (cch->type != 0)
603 continue;
604 x = cch->d.certificate;
605 if (CMS_SignerInfo_cert_cmp(si, x) == 0)
606 {
607 CMS_SignerInfo_set1_signer_cert(si, x);
608 ret++;
609 break;
610 }
611 }
612 }
613 return ret;
614 }
615
616void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
617 X509_ALGOR **pdig, X509_ALGOR **psig)
618 {
619 if (pk)
620 *pk = si->pkey;
621 if (signer)
622 *signer = si->signer;
623 if (pdig)
624 *pdig = si->digestAlgorithm;
625 if (psig)
626 *psig = si->signatureAlgorithm;
627 }
628
629/* In OpenSSL 0.9.8 we have the link between digest types and public
630 * key types so we need to fixup the digest type if the public key
631 * type is not appropriate.
632 */
633
634static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
635 {
636 if (EVP_MD_CTX_type(mctx) != NID_sha1)
637 return;
638#ifndef OPENSSL_NO_DSA
639 if (pkey->type == EVP_PKEY_DSA)
640 mctx->digest = EVP_dss1();
641#endif
642#ifndef OPENSSL_NO_ECDSA
643 if (pkey->type == EVP_PKEY_EC)
644 mctx->digest = EVP_ecdsa();
645#endif
646 }
647
648static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
649 CMS_SignerInfo *si, BIO *chain)
650 {
651 EVP_MD_CTX mctx;
652 int r = 0;
653 EVP_MD_CTX_init(&mctx);
654
655
656 if (!si->pkey)
657 {
658 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
659 return 0;
660 }
661
662 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
663 goto err;
664
665 /* If any signed attributes calculate and add messageDigest attribute */
666
667 if (CMS_signed_get_attr_count(si) >= 0)
668 {
669 ASN1_OBJECT *ctype =
670 cms->d.signedData->encapContentInfo->eContentType;
671 unsigned char md[EVP_MAX_MD_SIZE];
672 unsigned int mdlen;
673 EVP_DigestFinal_ex(&mctx, md, &mdlen);
674 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
675 V_ASN1_OCTET_STRING,
676 md, mdlen))
677 goto err;
678 /* Copy content type across */
679 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
680 V_ASN1_OBJECT, ctype, -1) <= 0)
681 goto err;
682 if (!CMS_SignerInfo_sign(si))
683 goto err;
684 }
685 else
686 {
687 unsigned char *sig;
688 unsigned int siglen;
689 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
690 if (!sig)
691 {
692 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
693 ERR_R_MALLOC_FAILURE);
694 goto err;
695 }
696 cms_fixup_mctx(&mctx, si->pkey);
697 if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
698 {
699 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
700 CMS_R_SIGNFINAL_ERROR);
701 OPENSSL_free(sig);
702 goto err;
703 }
704 ASN1_STRING_set0(si->signature, sig, siglen);
705 }
706
707 r = 1;
708
709 err:
710 EVP_MD_CTX_cleanup(&mctx);
711 return r;
712
713 }
714
715int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
716 {
717 STACK_OF(CMS_SignerInfo) *sinfos;
718 CMS_SignerInfo *si;
719 int i;
720 sinfos = CMS_get0_SignerInfos(cms);
721 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
722 {
723 si = sk_CMS_SignerInfo_value(sinfos, i);
724 if (!cms_SignerInfo_content_sign(cms, si, chain))
725 return 0;
726 }
727 cms->d.signedData->encapContentInfo->partial = 0;
728 return 1;
729 }
730
731int CMS_SignerInfo_sign(CMS_SignerInfo *si)
732 {
733 EVP_MD_CTX mctx;
734 unsigned char *abuf = NULL;
735 int alen;
736 unsigned int siglen;
737 const EVP_MD *md = NULL;
738
739 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
740 if (md == NULL)
741 return 0;
742
743 EVP_MD_CTX_init(&mctx);
744
745 if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
746 {
747 if (!cms_add1_signingTime(si, NULL))
748 goto err;
749 }
750
751 if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
752 goto err;
753
754#if 0
755 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
756 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
757 {
758 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
759 goto err;
760 }
761#endif
762
763 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
764 ASN1_ITEM_rptr(CMS_Attributes_Sign));
765 if(!abuf)
766 goto err;
767 if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
768 goto err;
769 siglen = EVP_PKEY_size(si->pkey);
770 OPENSSL_free(abuf);
771 abuf = OPENSSL_malloc(siglen);
772 if(!abuf)
773 goto err;
774 cms_fixup_mctx(&mctx, si->pkey);
775 if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
776 goto err;
777#if 0
778 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
779 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
780 {
781 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
782 goto err;
783 }
784#endif
785 EVP_MD_CTX_cleanup(&mctx);
786
787 ASN1_STRING_set0(si->signature, abuf, siglen);
788
789 return 1;
790
791 err:
792 if (abuf)
793 OPENSSL_free(abuf);
794 EVP_MD_CTX_cleanup(&mctx);
795 return 0;
796
797 }
798
799int CMS_SignerInfo_verify(CMS_SignerInfo *si)
800 {
801 EVP_MD_CTX mctx;
802 unsigned char *abuf = NULL;
803 int alen, r = -1;
804 const EVP_MD *md = NULL;
805
806 if (!si->pkey)
807 {
808 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
809 return -1;
810 }
811
812 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
813 if (md == NULL)
814 return -1;
815 EVP_MD_CTX_init(&mctx);
816 if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
817 goto err;
818
819 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
820 ASN1_ITEM_rptr(CMS_Attributes_Verify));
821 if(!abuf)
822 goto err;
823 r = EVP_VerifyUpdate(&mctx, abuf, alen);
824 OPENSSL_free(abuf);
825 if (r <= 0)
826 {
827 r = -1;
828 goto err;
829 }
830 cms_fixup_mctx(&mctx, si->pkey);
831 r = EVP_VerifyFinal(&mctx,
832 si->signature->data, si->signature->length, si->pkey);
833 if (!r)
834 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
835 err:
836 EVP_MD_CTX_cleanup(&mctx);
837 return r;
838 }
839
840/* Create a chain of digest BIOs from a CMS ContentInfo */
841
842BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
843 {
844 int i;
845 CMS_SignedData *sd;
846 BIO *chain = NULL;
847 sd = cms_get0_signed(cms);
848 if (!sd)
849 return NULL;
850 if (cms->d.signedData->encapContentInfo->partial)
851 cms_sd_set_version(sd);
852 for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
853 {
854 X509_ALGOR *digestAlgorithm;
855 BIO *mdbio;
856 digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
857 mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
858 if (!mdbio)
859 goto err;
860 if (chain)
861 BIO_push(chain, mdbio);
862 else
863 chain = mdbio;
864 }
865 return chain;
866 err:
867 if (chain)
868 BIO_free_all(chain);
869 return NULL;
870 }
871
872int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
873 {
874 ASN1_OCTET_STRING *os = NULL;
875 EVP_MD_CTX mctx;
876 int r = -1;
877 EVP_MD_CTX_init(&mctx);
878 /* If we have any signed attributes look for messageDigest value */
879 if (CMS_signed_get_attr_count(si) >= 0)
880 {
881 os = CMS_signed_get0_data_by_OBJ(si,
882 OBJ_nid2obj(NID_pkcs9_messageDigest),
883 -3, V_ASN1_OCTET_STRING);
884 if (!os)
885 {
886 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
887 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
888 goto err;
889 }
890 }
891
892 if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
893 goto err;
894
895 /* If messageDigest found compare it */
896
897 if (os)
898 {
899 unsigned char mval[EVP_MAX_MD_SIZE];
900 unsigned int mlen;
901 if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
902 {
903 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
904 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
905 goto err;
906 }
907 if (mlen != (unsigned int)os->length)
908 {
909 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
910 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
911 goto err;
912 }
913
914 if (memcmp(mval, os->data, mlen))
915 {
916 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
917 CMS_R_VERIFICATION_FAILURE);
918 r = 0;
919 }
920 else
921 r = 1;
922 }
923 else
924 {
925 cms_fixup_mctx(&mctx, si->pkey);
926 r = EVP_VerifyFinal(&mctx, si->signature->data,
927 si->signature->length, si->pkey);
928 if (r <= 0)
929 {
930 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
931 CMS_R_VERIFICATION_FAILURE);
932 r = 0;
933 }
934 }
935
936 err:
937 EVP_MD_CTX_cleanup(&mctx);
938 return r;
939
940 }
941
942int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
943 {
944 unsigned char *smder = NULL;
945 int smderlen, r;
946 smderlen = i2d_X509_ALGORS(algs, &smder);
947 if (smderlen <= 0)
948 return 0;
949 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
950 V_ASN1_SEQUENCE, smder, smderlen);
951 OPENSSL_free(smder);
952 return r;
953 }
954
955int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
956 int algnid, int keysize)
957 {
958 X509_ALGOR *alg;
959 ASN1_INTEGER *key = NULL;
960 if (keysize > 0)
961 {
962 key = ASN1_INTEGER_new();
963 if (!key || !ASN1_INTEGER_set(key, keysize))
964 return 0;
965 }
966 alg = X509_ALGOR_new();
967 if (!alg)
968 {
969 if (key)
970 ASN1_INTEGER_free(key);
971 return 0;
972 }
973
974 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
975 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
976 if (!*algs)
977 *algs = sk_X509_ALGOR_new_null();
978 if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
979 {
980 X509_ALGOR_free(alg);
981 return 0;
982 }
983 return 1;
984 }
985
986/* Check to see if a cipher exists and if so add S/MIME capabilities */
987
988static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
989 {
990 if (EVP_get_cipherbynid(nid))
991 return CMS_add_simple_smimecap(sk, nid, arg);
992 return 1;
993 }
994#if 0
995static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
996 {
997 if (EVP_get_digestbynid(nid))
998 return CMS_add_simple_smimecap(sk, nid, arg);
999 return 1;
1000 }
1001#endif
1002int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
1003 {
1004 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
1005 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
1006 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
1007 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
1008 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
1009 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
1010 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
1011 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
1012 return 0;
1013 return 1;
1014 }
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
new file mode 100644
index 0000000000..b35d28d411
--- /dev/null
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -0,0 +1,808 @@
1/* crypto/cms/cms_smime.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include "cryptlib.h"
55#include <openssl/asn1t.h>
56#include <openssl/x509.h>
57#include <openssl/x509v3.h>
58#include <openssl/err.h>
59#include <openssl/cms.h>
60#include "cms_lcl.h"
61
62static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
63 {
64 unsigned char buf[4096];
65 int r = 0, i;
66 BIO *tmpout = NULL;
67
68 if (out == NULL)
69 tmpout = BIO_new(BIO_s_null());
70 else if (flags & CMS_TEXT)
71 tmpout = BIO_new(BIO_s_mem());
72 else
73 tmpout = out;
74
75 if(!tmpout)
76 {
77 CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
78 goto err;
79 }
80
81 /* Read all content through chain to process digest, decrypt etc */
82 for (;;)
83 {
84 i=BIO_read(in,buf,sizeof(buf));
85 if (i <= 0)
86 {
87 if (BIO_method_type(in) == BIO_TYPE_CIPHER)
88 {
89 if (!BIO_get_cipher_status(in))
90 goto err;
91 }
92 if (i < 0)
93 goto err;
94 break;
95 }
96
97 if (tmpout && (BIO_write(tmpout, buf, i) != i))
98 goto err;
99 }
100
101 if(flags & CMS_TEXT)
102 {
103 if(!SMIME_text(tmpout, out))
104 {
105 CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
106 goto err;
107 }
108 }
109
110 r = 1;
111
112 err:
113 if (tmpout && (tmpout != out))
114 BIO_free(tmpout);
115 return r;
116
117 }
118
119static int check_content(CMS_ContentInfo *cms)
120 {
121 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
122 if (!pos || !*pos)
123 {
124 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
125 return 0;
126 }
127 return 1;
128 }
129
130static void do_free_upto(BIO *f, BIO *upto)
131 {
132 if (upto)
133 {
134 BIO *tbio;
135 do
136 {
137 tbio = BIO_pop(f);
138 BIO_free(f);
139 f = tbio;
140 }
141 while (f != upto);
142 }
143 else
144 BIO_free_all(f);
145 }
146
147int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
148 {
149 BIO *cont;
150 int r;
151 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
152 {
153 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
154 return 0;
155 }
156 cont = CMS_dataInit(cms, NULL);
157 if (!cont)
158 return 0;
159 r = cms_copy_content(out, cont, flags);
160 BIO_free_all(cont);
161 return r;
162 }
163
164CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
165 {
166 CMS_ContentInfo *cms;
167 cms = cms_Data_create();
168 if (!cms)
169 return NULL;
170
171 if (CMS_final(cms, in, NULL, flags))
172 return cms;
173
174 CMS_ContentInfo_free(cms);
175
176 return NULL;
177 }
178
179int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
180 unsigned int flags)
181 {
182 BIO *cont;
183 int r;
184 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
185 {
186 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
187 return 0;
188 }
189
190 if (!dcont && !check_content(cms))
191 return 0;
192
193 cont = CMS_dataInit(cms, dcont);
194 if (!cont)
195 return 0;
196 r = cms_copy_content(out, cont, flags);
197 if (r)
198 r = cms_DigestedData_do_final(cms, cont, 1);
199 do_free_upto(cont, dcont);
200 return r;
201 }
202
203CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
204 unsigned int flags)
205 {
206 CMS_ContentInfo *cms;
207 if (!md)
208 md = EVP_sha1();
209 cms = cms_DigestedData_create(md);
210 if (!cms)
211 return NULL;
212
213 if(!(flags & CMS_DETACHED))
214 {
215 flags &= ~CMS_STREAM;
216 CMS_set_detached(cms, 0);
217 }
218
219 if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
220 return cms;
221
222 CMS_ContentInfo_free(cms);
223 return NULL;
224 }
225
226int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
227 const unsigned char *key, size_t keylen,
228 BIO *dcont, BIO *out, unsigned int flags)
229 {
230 BIO *cont;
231 int r;
232 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
233 {
234 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
235 CMS_R_TYPE_NOT_ENCRYPTED_DATA);
236 return 0;
237 }
238
239 if (!dcont && !check_content(cms))
240 return 0;
241
242 if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
243 return 0;
244 cont = CMS_dataInit(cms, dcont);
245 if (!cont)
246 return 0;
247 r = cms_copy_content(out, cont, flags);
248 do_free_upto(cont, dcont);
249 return r;
250 }
251
252CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
253 const unsigned char *key, size_t keylen,
254 unsigned int flags)
255 {
256 CMS_ContentInfo *cms;
257 if (!cipher)
258 {
259 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
260 return NULL;
261 }
262 cms = CMS_ContentInfo_new();
263 if (!cms)
264 return NULL;
265 if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
266 return NULL;
267
268 if(!(flags & CMS_DETACHED))
269 {
270 flags &= ~CMS_STREAM;
271 CMS_set_detached(cms, 0);
272 }
273
274 if ((flags & (CMS_STREAM|CMS_PARTIAL))
275 || CMS_final(cms, in, NULL, flags))
276 return cms;
277
278 CMS_ContentInfo_free(cms);
279 return NULL;
280 }
281
282static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
283 X509_STORE *store,
284 STACK_OF(X509) *certs,
285 STACK_OF(X509_CRL) *crls,
286 unsigned int flags)
287 {
288 X509_STORE_CTX ctx;
289 X509 *signer;
290 int i, j, r = 0;
291 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
292 if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
293 {
294 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
295 CMS_R_STORE_INIT_ERROR);
296 goto err;
297 }
298 X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
299 if (crls)
300 X509_STORE_CTX_set0_crls(&ctx, crls);
301
302 i = X509_verify_cert(&ctx);
303 if (i <= 0)
304 {
305 j = X509_STORE_CTX_get_error(&ctx);
306 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
307 CMS_R_CERTIFICATE_VERIFY_ERROR);
308 ERR_add_error_data(2, "Verify error:",
309 X509_verify_cert_error_string(j));
310 goto err;
311 }
312 r = 1;
313 err:
314 X509_STORE_CTX_cleanup(&ctx);
315 return r;
316
317 }
318
319int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
320 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
321 {
322 CMS_SignerInfo *si;
323 STACK_OF(CMS_SignerInfo) *sinfos;
324 STACK_OF(X509) *cms_certs = NULL;
325 STACK_OF(X509_CRL) *crls = NULL;
326 X509 *signer;
327 int i, scount = 0, ret = 0;
328 BIO *cmsbio = NULL, *tmpin = NULL;
329
330 if (!dcont && !check_content(cms))
331 return 0;
332
333 /* Attempt to find all signer certificates */
334
335 sinfos = CMS_get0_SignerInfos(cms);
336
337 if (sk_CMS_SignerInfo_num(sinfos) <= 0)
338 {
339 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
340 goto err;
341 }
342
343 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
344 {
345 si = sk_CMS_SignerInfo_value(sinfos, i);
346 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
347 if (signer)
348 scount++;
349 }
350
351 if (scount != sk_CMS_SignerInfo_num(sinfos))
352 scount += CMS_set1_signers_certs(cms, certs, flags);
353
354 if (scount != sk_CMS_SignerInfo_num(sinfos))
355 {
356 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
357 goto err;
358 }
359
360 /* Attempt to verify all signers certs */
361
362 if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
363 {
364 cms_certs = CMS_get1_certs(cms);
365 if (!(flags & CMS_NOCRL))
366 crls = CMS_get1_crls(cms);
367 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
368 {
369 si = sk_CMS_SignerInfo_value(sinfos, i);
370 if (!cms_signerinfo_verify_cert(si, store,
371 cms_certs, crls, flags))
372 goto err;
373 }
374 }
375
376 /* Attempt to verify all SignerInfo signed attribute signatures */
377
378 if (!(flags & CMS_NO_ATTR_VERIFY))
379 {
380 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
381 {
382 si = sk_CMS_SignerInfo_value(sinfos, i);
383 if (CMS_signed_get_attr_count(si) < 0)
384 continue;
385 if (CMS_SignerInfo_verify(si) <= 0)
386 goto err;
387 }
388 }
389
390 /* Performance optimization: if the content is a memory BIO then
391 * store its contents in a temporary read only memory BIO. This
392 * avoids potentially large numbers of slow copies of data which will
393 * occur when reading from a read write memory BIO when signatures
394 * are calculated.
395 */
396
397 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
398 {
399 char *ptr;
400 long len;
401 len = BIO_get_mem_data(dcont, &ptr);
402 tmpin = BIO_new_mem_buf(ptr, len);
403 if (tmpin == NULL)
404 {
405 CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
406 return 0;
407 }
408 }
409 else
410 tmpin = dcont;
411
412
413 cmsbio=CMS_dataInit(cms, tmpin);
414 if (!cmsbio)
415 goto err;
416
417 if (!cms_copy_content(out, cmsbio, flags))
418 goto err;
419
420 if (!(flags & CMS_NO_CONTENT_VERIFY))
421 {
422 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
423 {
424 si = sk_CMS_SignerInfo_value(sinfos, i);
425 if (!CMS_SignerInfo_verify_content(si, cmsbio))
426 {
427 CMSerr(CMS_F_CMS_VERIFY,
428 CMS_R_CONTENT_VERIFY_ERROR);
429 goto err;
430 }
431 }
432 }
433
434 ret = 1;
435
436 err:
437
438 if (dcont && (tmpin == dcont))
439 do_free_upto(cmsbio, dcont);
440 else
441 BIO_free_all(cmsbio);
442
443 if (cms_certs)
444 sk_X509_pop_free(cms_certs, X509_free);
445 if (crls)
446 sk_X509_CRL_pop_free(crls, X509_CRL_free);
447
448 return ret;
449 }
450
451int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
452 STACK_OF(X509) *certs,
453 X509_STORE *store, unsigned int flags)
454 {
455 int r;
456 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
457 if (r <= 0)
458 return r;
459 return cms_Receipt_verify(rcms, ocms);
460 }
461
462CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
463 BIO *data, unsigned int flags)
464 {
465 CMS_ContentInfo *cms;
466 int i;
467
468 cms = CMS_ContentInfo_new();
469 if (!cms || !CMS_SignedData_init(cms))
470 goto merr;
471
472 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
473 {
474 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
475 goto err;
476 }
477
478 for (i = 0; i < sk_X509_num(certs); i++)
479 {
480 X509 *x = sk_X509_value(certs, i);
481 if (!CMS_add1_cert(cms, x))
482 goto merr;
483 }
484
485 if(!(flags & CMS_DETACHED))
486 {
487 flags &= ~CMS_STREAM;
488 CMS_set_detached(cms, 0);
489 }
490
491 if ((flags & (CMS_STREAM|CMS_PARTIAL))
492 || CMS_final(cms, data, NULL, flags))
493 return cms;
494 else
495 goto err;
496
497 merr:
498 CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
499
500 err:
501 if (cms)
502 CMS_ContentInfo_free(cms);
503 return NULL;
504 }
505
506CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
507 X509 *signcert, EVP_PKEY *pkey,
508 STACK_OF(X509) *certs,
509 unsigned int flags)
510 {
511 CMS_SignerInfo *rct_si;
512 CMS_ContentInfo *cms = NULL;
513 ASN1_OCTET_STRING **pos, *os;
514 BIO *rct_cont = NULL;
515 int r = 0;
516
517 flags &= ~CMS_STREAM;
518 /* Not really detached but avoids content being allocated */
519 flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
520 if (!pkey || !signcert)
521 {
522 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
523 return NULL;
524 }
525
526 /* Initialize signed data */
527
528 cms = CMS_sign(NULL, NULL, certs, NULL, flags);
529 if (!cms)
530 goto err;
531
532 /* Set inner content type to signed receipt */
533 if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
534 goto err;
535
536 rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
537 if (!rct_si)
538 {
539 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
540 goto err;
541 }
542
543 os = cms_encode_Receipt(si);
544
545 if (!os)
546 goto err;
547
548 /* Set content to digest */
549 rct_cont = BIO_new_mem_buf(os->data, os->length);
550 if (!rct_cont)
551 goto err;
552
553 /* Add msgSigDigest attribute */
554
555 if (!cms_msgSigDigest_add1(rct_si, si))
556 goto err;
557
558 /* Finalize structure */
559 if (!CMS_final(cms, rct_cont, NULL, flags))
560 goto err;
561
562 /* Set embedded content */
563 pos = CMS_get0_content(cms);
564 *pos = os;
565
566 r = 1;
567
568 err:
569 if (rct_cont)
570 BIO_free(rct_cont);
571 if (r)
572 return cms;
573 CMS_ContentInfo_free(cms);
574 return NULL;
575
576 }
577
578CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
579 const EVP_CIPHER *cipher, unsigned int flags)
580 {
581 CMS_ContentInfo *cms;
582 int i;
583 X509 *recip;
584 cms = CMS_EnvelopedData_create(cipher);
585 if (!cms)
586 goto merr;
587 for (i = 0; i < sk_X509_num(certs); i++)
588 {
589 recip = sk_X509_value(certs, i);
590 if (!CMS_add1_recipient_cert(cms, recip, flags))
591 {
592 CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
593 goto err;
594 }
595 }
596
597 if(!(flags & CMS_DETACHED))
598 {
599 flags &= ~CMS_STREAM;
600 CMS_set_detached(cms, 0);
601 }
602
603 if ((flags & (CMS_STREAM|CMS_PARTIAL))
604 || CMS_final(cms, data, NULL, flags))
605 return cms;
606 else
607 goto err;
608
609 merr:
610 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
611 err:
612 if (cms)
613 CMS_ContentInfo_free(cms);
614 return NULL;
615 }
616
617int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
618 {
619 STACK_OF(CMS_RecipientInfo) *ris;
620 CMS_RecipientInfo *ri;
621 int i, r;
622 ris = CMS_get0_RecipientInfos(cms);
623 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
624 {
625 ri = sk_CMS_RecipientInfo_value(ris, i);
626 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
627 continue;
628 /* If we have a cert try matching RecipientInfo
629 * otherwise try them all.
630 */
631 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
632 {
633 CMS_RecipientInfo_set0_pkey(ri, pk);
634 r = CMS_RecipientInfo_decrypt(cms, ri);
635 CMS_RecipientInfo_set0_pkey(ri, NULL);
636 if (r > 0)
637 return 1;
638 if (cert)
639 {
640 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
641 CMS_R_DECRYPT_ERROR);
642 return 0;
643 }
644 ERR_clear_error();
645 }
646 }
647
648 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
649 return 0;
650
651 }
652
653int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
654 unsigned char *key, size_t keylen,
655 unsigned char *id, size_t idlen)
656 {
657 STACK_OF(CMS_RecipientInfo) *ris;
658 CMS_RecipientInfo *ri;
659 int i, r;
660 ris = CMS_get0_RecipientInfos(cms);
661 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
662 {
663 ri = sk_CMS_RecipientInfo_value(ris, i);
664 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
665 continue;
666
667 /* If we have an id try matching RecipientInfo
668 * otherwise try them all.
669 */
670 if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
671 {
672 CMS_RecipientInfo_set0_key(ri, key, keylen);
673 r = CMS_RecipientInfo_decrypt(cms, ri);
674 CMS_RecipientInfo_set0_key(ri, NULL, 0);
675 if (r > 0)
676 return 1;
677 if (id)
678 {
679 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
680 CMS_R_DECRYPT_ERROR);
681 return 0;
682 }
683 ERR_clear_error();
684 }
685 }
686
687 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
688 return 0;
689
690 }
691
692int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
693 BIO *dcont, BIO *out,
694 unsigned int flags)
695 {
696 int r;
697 BIO *cont;
698 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
699 {
700 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
701 return 0;
702 }
703 if (!dcont && !check_content(cms))
704 return 0;
705 if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
706 return 0;
707
708 cont = CMS_dataInit(cms, dcont);
709 if (!cont)
710 return 0;
711 r = cms_copy_content(out, cont, flags);
712 do_free_upto(cont, dcont);
713 return r;
714 }
715
716int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
717 {
718 BIO *cmsbio;
719 int ret = 0;
720 if (!(cmsbio = CMS_dataInit(cms, dcont)))
721 {
722 CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
723 return 0;
724 }
725
726 SMIME_crlf_copy(data, cmsbio, flags);
727
728 (void)BIO_flush(cmsbio);
729
730
731 if (!CMS_dataFinal(cms, cmsbio))
732 {
733 CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
734 goto err;
735 }
736
737 ret = 1;
738
739 err:
740 do_free_upto(cmsbio, dcont);
741
742 return ret;
743
744 }
745
746#ifdef ZLIB
747
748int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
749 unsigned int flags)
750 {
751 BIO *cont;
752 int r;
753 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
754 {
755 CMSerr(CMS_F_CMS_UNCOMPRESS,
756 CMS_R_TYPE_NOT_COMPRESSED_DATA);
757 return 0;
758 }
759
760 if (!dcont && !check_content(cms))
761 return 0;
762
763 cont = CMS_dataInit(cms, dcont);
764 if (!cont)
765 return 0;
766 r = cms_copy_content(out, cont, flags);
767 do_free_upto(cont, dcont);
768 return r;
769 }
770
771CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
772 {
773 CMS_ContentInfo *cms;
774 if (comp_nid <= 0)
775 comp_nid = NID_zlib_compression;
776 cms = cms_CompressedData_create(comp_nid);
777 if (!cms)
778 return NULL;
779
780 if(!(flags & CMS_DETACHED))
781 {
782 flags &= ~CMS_STREAM;
783 CMS_set_detached(cms, 0);
784 }
785
786 if (CMS_final(cms, in, NULL, flags))
787 return cms;
788
789 CMS_ContentInfo_free(cms);
790 return NULL;
791 }
792
793#else
794
795int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
796 unsigned int flags)
797 {
798 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
799 return 0;
800 }
801
802CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
803 {
804 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
805 return NULL;
806 }
807
808#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 08:19:31 +0000