summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/cms/cms_asn1.c275
-rw-r--r--src/lib/libcrypto/cms/cms_att.c92
-rw-r--r--src/lib/libcrypto/cms/cms_cd.c10
-rw-r--r--src/lib/libcrypto/cms/cms_dd.c16
-rw-r--r--src/lib/libcrypto/cms/cms_enc.c24
-rw-r--r--src/lib/libcrypto/cms/cms_env.c203
-rw-r--r--src/lib/libcrypto/cms/cms_err.c5
-rw-r--r--src/lib/libcrypto/cms/cms_ess.c69
-rw-r--r--src/lib/libcrypto/cms/cms_io.c38
-rw-r--r--src/lib/libcrypto/cms/cms_kari.c96
-rw-r--r--src/lib/libcrypto/cms/cms_lib.c141
-rw-r--r--src/lib/libcrypto/cms/cms_pwri.c90
-rw-r--r--src/lib/libcrypto/cms/cms_sd.c276
-rw-r--r--src/lib/libcrypto/cms/cms_smime.c243
14 files changed, 903 insertions, 675 deletions
diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index fbe27892dc..43570930a0 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_asn1.c,v 1.13 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_asn1.c,v 1.14 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -60,36 +60,36 @@
60 60
61 61
62ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { 62ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
63 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), 63 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
64 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) 64 ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
65} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber) 65} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
66 66
67ASN1_SEQUENCE(CMS_OtherCertificateFormat) = { 67ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
68 ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), 68 ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
69 ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) 69 ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
70} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) 70} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
71 71
72ASN1_CHOICE(CMS_CertificateChoices) = { 72ASN1_CHOICE(CMS_CertificateChoices) = {
73 ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), 73 ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
74 ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), 74 ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
75 ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), 75 ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
76 ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), 76 ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
77 ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) 77 ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
78} ASN1_CHOICE_END(CMS_CertificateChoices) 78} ASN1_CHOICE_END(CMS_CertificateChoices)
79 79
80ASN1_CHOICE(CMS_SignerIdentifier) = { 80ASN1_CHOICE(CMS_SignerIdentifier) = {
81 ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), 81 ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
82 ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) 82 ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
83} static_ASN1_CHOICE_END(CMS_SignerIdentifier) 83} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
84 84
85ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { 85ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
86 ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), 86 ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
87 ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) 87 ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
88} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) 88} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
89 89
90/* Minor tweak to operation: free up signer key, cert */ 90/* Minor tweak to operation: free up signer key, cert */
91static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 91static int
92 void *exarg) 92cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
93{ 93{
94 if (operation == ASN1_OP_FREE_POST) { 94 if (operation == ASN1_OP_FREE_POST) {
95 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; 95 CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
@@ -101,70 +101,70 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
101} 101}
102 102
103ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { 103ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
104 ASN1_EMBED(CMS_SignerInfo, version, INT32), 104 ASN1_EMBED(CMS_SignerInfo, version, INT32),
105 ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier), 105 ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
106 ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR), 106 ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
107 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0), 107 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
108 ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR), 108 ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
109 ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING), 109 ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
110 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1) 110 ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
111} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo) 111} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
112 112
113ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = { 113ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
114 ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT), 114 ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
115 ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) 115 ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
116} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) 116} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
117 117
118ASN1_CHOICE(CMS_RevocationInfoChoice) = { 118ASN1_CHOICE(CMS_RevocationInfoChoice) = {
119 ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), 119 ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
120 ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) 120 ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
121} ASN1_CHOICE_END(CMS_RevocationInfoChoice) 121} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
122 122
123ASN1_NDEF_SEQUENCE(CMS_SignedData) = { 123ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
124 ASN1_EMBED(CMS_SignedData, version, INT32), 124 ASN1_EMBED(CMS_SignedData, version, INT32),
125 ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR), 125 ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
126 ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo), 126 ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
127 ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), 127 ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
128 ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1), 128 ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
129 ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo) 129 ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
130} ASN1_NDEF_SEQUENCE_END(CMS_SignedData) 130} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
131 131
132ASN1_SEQUENCE(CMS_OriginatorInfo) = { 132ASN1_SEQUENCE(CMS_OriginatorInfo) = {
133 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), 133 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
134 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) 134 ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
135} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) 135} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
136 136
137ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { 137ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
138 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), 138 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
139 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), 139 ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
140 ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) 140 ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
141} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) 141} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
142 142
143ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { 143ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
144 ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), 144 ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
145 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier), 145 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
146 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), 146 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
147 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING) 147 ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
148} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo) 148} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
149 149
150ASN1_SEQUENCE(CMS_OtherKeyAttribute) = { 150ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
151 ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT), 151 ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
152 ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY) 152 ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
153} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute) 153} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
154 154
155ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = { 155ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
156 ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING), 156 ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
157 ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME), 157 ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
158 ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute) 158 ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
159} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) 159} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
160 160
161ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { 161ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
162 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), 162 ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
163 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) 163 ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
164} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) 164} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
165 165
166static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 166static int
167 void *exarg) 167cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
168{ 168{
169 CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval; 169 CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
170 if (operation == ASN1_OP_FREE_POST) { 170 if (operation == ASN1_OP_FREE_POST) {
@@ -174,23 +174,23 @@ static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
174} 174}
175 175
176ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = { 176ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = {
177 ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier), 177 ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
178 ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING) 178 ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
179} ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey) 179} ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey)
180 180
181ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { 181ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
182 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), 182 ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
183 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) 183 ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
184} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) 184} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
185 185
186ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { 186ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
187 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), 187 ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
188 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), 188 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
189 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) 189 ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
190} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) 190} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
191 191
192static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 192static int
193 void *exarg) 193cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
194{ 194{
195 CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; 195 CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
196 if (operation == ASN1_OP_NEW_POST) { 196 if (operation == ASN1_OP_NEW_POST) {
@@ -207,41 +207,41 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
207} 207}
208 208
209ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = { 209ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
210 ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32), 210 ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
211 ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0), 211 ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
212 ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1), 212 ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
213 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), 213 ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
214 ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey) 214 ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
215} ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo) 215} ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo)
216 216
217ASN1_SEQUENCE(CMS_KEKIdentifier) = { 217ASN1_SEQUENCE(CMS_KEKIdentifier) = {
218 ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING), 218 ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
219 ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME), 219 ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
220 ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) 220 ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
221} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier) 221} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
222 222
223ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { 223ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
224 ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), 224 ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
225 ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), 225 ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
226 ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), 226 ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
227 ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) 227 ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
228} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) 228} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
229 229
230ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { 230ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
231 ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32), 231 ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
232 ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0), 232 ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
233 ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), 233 ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
234 ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING) 234 ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
235} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) 235} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
236 236
237ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { 237ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
238 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), 238 ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
239 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) 239 ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
240} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) 240} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
241 241
242/* Free up RecipientInfo additional data */ 242/* Free up RecipientInfo additional data */
243static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 243static int
244 void *exarg) 244cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
245{ 245{
246 if (operation == ASN1_OP_FREE_PRE) { 246 if (operation == ASN1_OP_FREE_PRE) {
247 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; 247 CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
@@ -262,50 +262,50 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
262} 262}
263 263
264ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { 264ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
265 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), 265 ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
266 ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1), 266 ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
267 ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2), 267 ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
268 ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3), 268 ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
269 ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4) 269 ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
270} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type) 270} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
271 271
272ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = { 272ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
273 ASN1_EMBED(CMS_EnvelopedData, version, INT32), 273 ASN1_EMBED(CMS_EnvelopedData, version, INT32),
274 ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), 274 ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
275 ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo), 275 ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
276 ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo), 276 ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
277 ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1) 277 ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
278} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData) 278} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
279 279
280ASN1_NDEF_SEQUENCE(CMS_DigestedData) = { 280ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
281 ASN1_EMBED(CMS_DigestedData, version, INT32), 281 ASN1_EMBED(CMS_DigestedData, version, INT32),
282 ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR), 282 ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
283 ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo), 283 ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
284 ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING) 284 ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
285} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData) 285} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
286 286
287ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = { 287ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
288 ASN1_EMBED(CMS_EncryptedData, version, INT32), 288 ASN1_EMBED(CMS_EncryptedData, version, INT32),
289 ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo), 289 ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
290 ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) 290 ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
291} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData) 291} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
292 292
293ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { 293ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
294 ASN1_EMBED(CMS_AuthenticatedData, version, INT32), 294 ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
295 ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), 295 ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
296 ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo), 296 ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
297 ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR), 297 ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
298 ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1), 298 ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
299 ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo), 299 ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
300 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2), 300 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
301 ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING), 301 ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
302 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) 302 ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
303} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) 303} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
304 304
305ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { 305ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
306 ASN1_EMBED(CMS_CompressedData, version, INT32), 306 ASN1_EMBED(CMS_CompressedData, version, INT32),
307 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), 307 ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
308 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), 308 ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
309} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) 309} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
310 310
311/* This is the ANY DEFINED BY table for the top level ContentInfo structure */ 311/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
@@ -313,18 +313,18 @@ ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
313ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0); 313ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
314 314
315ASN1_ADB(CMS_ContentInfo) = { 315ASN1_ADB(CMS_ContentInfo) = {
316 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)), 316 ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
317 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)), 317 ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
318 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)), 318 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
319 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)), 319 ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
320 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)), 320 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
321 ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)), 321 ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
322 ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), 322 ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
323} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); 323} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
324 324
325/* CMS streaming support */ 325/* CMS streaming support */
326static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 326static int
327 void *exarg) 327cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
328{ 328{
329 ASN1_STREAM_ARG *sarg = exarg; 329 ASN1_STREAM_ARG *sarg = exarg;
330 CMS_ContentInfo *cms = NULL; 330 CMS_ContentInfo *cms = NULL;
@@ -355,8 +355,8 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
355} 355}
356 356
357ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { 357ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
358 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), 358 ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
359 ASN1_ADB_OBJECT(CMS_ContentInfo) 359 ASN1_ADB_OBJECT(CMS_ContentInfo)
360} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo) 360} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
361 361
362/* Specials for signed attributes */ 362/* Specials for signed attributes */
@@ -367,7 +367,7 @@ ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
367 */ 367 */
368 368
369ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 369ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
370 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) 370 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
371ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) 371ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
372 372
373/* 373/*
@@ -376,28 +376,27 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
376 */ 376 */
377 377
378ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 378ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
379 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 379 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
380 V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
381ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) 380ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
382 381
383 382
384 383
385ASN1_CHOICE(CMS_ReceiptsFrom) = { 384ASN1_CHOICE(CMS_ReceiptsFrom) = {
386 ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0), 385 ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
387 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) 386 ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
388} static_ASN1_CHOICE_END(CMS_ReceiptsFrom) 387} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
389 388
390ASN1_SEQUENCE(CMS_ReceiptRequest) = { 389ASN1_SEQUENCE(CMS_ReceiptRequest) = {
391 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), 390 ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
392 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), 391 ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
393 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) 392 ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
394} ASN1_SEQUENCE_END(CMS_ReceiptRequest) 393} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
395 394
396ASN1_SEQUENCE(CMS_Receipt) = { 395ASN1_SEQUENCE(CMS_Receipt) = {
397 ASN1_EMBED(CMS_Receipt, version, INT32), 396 ASN1_EMBED(CMS_Receipt, version, INT32),
398 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), 397 ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
399 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), 398 ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
400 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) 399 ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
401} ASN1_SEQUENCE_END(CMS_Receipt) 400} ASN1_SEQUENCE_END(CMS_Receipt)
402 401
403/* 402/*
@@ -412,13 +411,14 @@ typedef struct {
412} CMS_SharedInfo; 411} CMS_SharedInfo;
413 412
414ASN1_SEQUENCE(CMS_SharedInfo) = { 413ASN1_SEQUENCE(CMS_SharedInfo) = {
415 ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR), 414 ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
416 ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0), 415 ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
417 ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2), 416 ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
418} static_ASN1_SEQUENCE_END(CMS_SharedInfo) 417} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
419 418
420int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, 419int
421 ASN1_OCTET_STRING *ukm, int keylen) 420CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
421 ASN1_OCTET_STRING *ukm, int keylen)
422{ 422{
423 union { 423 union {
424 CMS_SharedInfo *pecsi; 424 CMS_SharedInfo *pecsi;
@@ -444,5 +444,6 @@ int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
444 ecsi.entityUInfo = ukm; 444 ecsi.entityUInfo = ukm;
445 ecsi.suppPubInfo = &oklen; 445 ecsi.suppPubInfo = &oklen;
446 intsi.pecsi = &ecsi; 446 intsi.pecsi = &ecsi;
447
447 return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo)); 448 return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo));
448} 449}
diff --git a/src/lib/libcrypto/cms/cms_att.c b/src/lib/libcrypto/cms/cms_att.c
index b288262b81..b03c7437a4 100644
--- a/src/lib/libcrypto/cms/cms_att.c
+++ b/src/lib/libcrypto/cms/cms_att.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_att.c,v 1.8 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_att.c,v 1.9 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -61,135 +61,149 @@
61 61
62/* CMS SignedData Attribute utilities */ 62/* CMS SignedData Attribute utilities */
63 63
64int CMS_signed_get_attr_count(const CMS_SignerInfo *si) 64int
65CMS_signed_get_attr_count(const CMS_SignerInfo *si)
65{ 66{
66 return X509at_get_attr_count(si->signedAttrs); 67 return X509at_get_attr_count(si->signedAttrs);
67} 68}
68 69
69int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) 70int
71CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
70{ 72{
71 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); 73 return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
72} 74}
73 75
74int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, 76int
75 int lastpos) 77CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
78 int lastpos)
76{ 79{
77 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); 80 return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
78} 81}
79 82
80X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) 83X509_ATTRIBUTE *
84CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
81{ 85{
82 return X509at_get_attr(si->signedAttrs, loc); 86 return X509at_get_attr(si->signedAttrs, loc);
83} 87}
84 88
85X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) 89X509_ATTRIBUTE *
90CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
86{ 91{
87 return X509at_delete_attr(si->signedAttrs, loc); 92 return X509at_delete_attr(si->signedAttrs, loc);
88} 93}
89 94
90int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 95int
96CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
91{ 97{
92 if (X509at_add1_attr(&si->signedAttrs, attr)) 98 if (X509at_add1_attr(&si->signedAttrs, attr))
93 return 1; 99 return 1;
94 return 0; 100 return 0;
95} 101}
96 102
97int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, 103int
98 const ASN1_OBJECT *obj, int type, 104CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, int type,
99 const void *bytes, int len) 105 const void *bytes, int len)
100{ 106{
101 if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) 107 if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
102 return 1; 108 return 1;
103 return 0; 109 return 0;
104} 110}
105 111
106int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, 112int
107 int nid, int type, const void *bytes, int len) 113CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
114 const void *bytes, int len)
108{ 115{
109 if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) 116 if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
110 return 1; 117 return 1;
111 return 0; 118 return 0;
112} 119}
113 120
114int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, 121int
115 const char *attrname, int type, 122CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type,
116 const void *bytes, int len) 123 const void *bytes, int len)
117{ 124{
118 if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len)) 125 if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
119 return 1; 126 return 1;
120 return 0; 127 return 0;
121} 128}
122 129
123void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, 130void *
124 int lastpos, int type) 131CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
132 int lastpos, int type)
125{ 133{
126 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); 134 return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
127} 135}
128 136
129int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) 137int
138CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
130{ 139{
131 return X509at_get_attr_count(si->unsignedAttrs); 140 return X509at_get_attr_count(si->unsignedAttrs);
132} 141}
133 142
134int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, 143int
135 int lastpos) 144CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
136{ 145{
137 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); 146 return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
138} 147}
139 148
140int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, 149int
141 const ASN1_OBJECT *obj, int lastpos) 150CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
151 int lastpos)
142{ 152{
143 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); 153 return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
144} 154}
145 155
146X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) 156X509_ATTRIBUTE *
157CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
147{ 158{
148 return X509at_get_attr(si->unsignedAttrs, loc); 159 return X509at_get_attr(si->unsignedAttrs, loc);
149} 160}
150 161
151X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) 162X509_ATTRIBUTE *
163CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
152{ 164{
153 return X509at_delete_attr(si->unsignedAttrs, loc); 165 return X509at_delete_attr(si->unsignedAttrs, loc);
154} 166}
155 167
156int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) 168int
169CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
157{ 170{
158 if (X509at_add1_attr(&si->unsignedAttrs, attr)) 171 if (X509at_add1_attr(&si->unsignedAttrs, attr))
159 return 1; 172 return 1;
160 return 0; 173 return 0;
161} 174}
162 175
163int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, 176int
164 const ASN1_OBJECT *obj, int type, 177CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
165 const void *bytes, int len) 178 int type, const void *bytes, int len)
166{ 179{
167 if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) 180 if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
168 return 1; 181 return 1;
169 return 0; 182 return 0;
170} 183}
171 184
172int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, 185int
173 int nid, int type, 186CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
174 const void *bytes, int len) 187 const void *bytes, int len)
175{ 188{
176 if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) 189 if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
177 return 1; 190 return 1;
178 return 0; 191 return 0;
179} 192}
180 193
181int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, 194int
182 const char *attrname, int type, 195CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
183 const void *bytes, int len) 196 int type, const void *bytes, int len)
184{ 197{
185 if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, 198 if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, type,
186 type, bytes, len)) 199 bytes, len))
187 return 1; 200 return 1;
188 return 0; 201 return 0;
189} 202}
190 203
191void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, 204void *
192 int lastpos, int type) 205CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos,
206 int type)
193{ 207{
194 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); 208 return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
195} 209}
diff --git a/src/lib/libcrypto/cms/cms_cd.c b/src/lib/libcrypto/cms/cms_cd.c
index 55fff110d1..e3e9f78e5b 100644
--- a/src/lib/libcrypto/cms/cms_cd.c
+++ b/src/lib/libcrypto/cms/cms_cd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_cd.c,v 1.12 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_cd.c,v 1.13 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -66,10 +66,12 @@
66 66
67/* CMS CompressedData Utilities */ 67/* CMS CompressedData Utilities */
68 68
69CMS_ContentInfo *cms_CompressedData_create(int comp_nid) 69CMS_ContentInfo *
70cms_CompressedData_create(int comp_nid)
70{ 71{
71 CMS_ContentInfo *cms; 72 CMS_ContentInfo *cms;
72 CMS_CompressedData *cd; 73 CMS_CompressedData *cd;
74
73 /* 75 /*
74 * Will need something cleverer if there is ever more than one 76 * Will need something cleverer if there is ever more than one
75 * compression algorithm or parameters have some meaning... 77 * compression algorithm or parameters have some meaning...
@@ -105,10 +107,12 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
105 return NULL; 107 return NULL;
106} 108}
107 109
108BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms) 110BIO *
111cms_CompressedData_init_bio(CMS_ContentInfo *cms)
109{ 112{
110 CMS_CompressedData *cd; 113 CMS_CompressedData *cd;
111 const ASN1_OBJECT *compoid; 114 const ASN1_OBJECT *compoid;
115
112 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) { 116 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
113 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 117 CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
114 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); 118 CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
diff --git a/src/lib/libcrypto/cms/cms_dd.c b/src/lib/libcrypto/cms/cms_dd.c
index fcc446fa2e..b9422fab42 100644
--- a/src/lib/libcrypto/cms/cms_dd.c
+++ b/src/lib/libcrypto/cms/cms_dd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_dd.c,v 1.10 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_dd.c,v 1.11 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -62,10 +62,12 @@
62 62
63/* CMS DigestedData Utilities */ 63/* CMS DigestedData Utilities */
64 64
65CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) 65CMS_ContentInfo *
66cms_DigestedData_create(const EVP_MD *md)
66{ 67{
67 CMS_ContentInfo *cms; 68 CMS_ContentInfo *cms;
68 CMS_DigestedData *dd; 69 CMS_DigestedData *dd;
70
69 cms = CMS_ContentInfo_new(); 71 cms = CMS_ContentInfo_new();
70 if (cms == NULL) 72 if (cms == NULL)
71 return NULL; 73 return NULL;
@@ -87,17 +89,22 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
87 89
88 err: 90 err:
89 CMS_ContentInfo_free(cms); 91 CMS_ContentInfo_free(cms);
92
90 return NULL; 93 return NULL;
91} 94}
92 95
93BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) 96BIO *
97cms_DigestedData_init_bio(CMS_ContentInfo *cms)
94{ 98{
95 CMS_DigestedData *dd; 99 CMS_DigestedData *dd;
100
96 dd = cms->d.digestedData; 101 dd = cms->d.digestedData;
102
97 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm); 103 return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
98} 104}
99 105
100int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) 106int
107cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
101{ 108{
102 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 109 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
103 unsigned char md[EVP_MAX_MD_SIZE]; 110 unsigned char md[EVP_MAX_MD_SIZE];
@@ -140,5 +147,4 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
140 EVP_MD_CTX_free(mctx); 147 EVP_MD_CTX_free(mctx);
141 148
142 return r; 149 return r;
143
144} 150}
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
index b019d8e8e0..b3a00f67fa 100644
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_enc.c,v 1.13 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_enc.c,v 1.14 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -65,7 +65,8 @@
65 65
66/* Return BIO based on EncryptedContentInfo and key */ 66/* Return BIO based on EncryptedContentInfo and key */
67 67
68BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) 68BIO *
69cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
69{ 70{
70 BIO *b; 71 BIO *b;
71 EVP_CIPHER_CTX *ctx; 72 EVP_CIPHER_CTX *ctx;
@@ -207,9 +208,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
207 return NULL; 208 return NULL;
208} 209}
209 210
210int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 211int
211 const EVP_CIPHER *cipher, 212cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
212 const unsigned char *key, size_t keylen) 213 const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen)
213{ 214{
214 ec->cipher = cipher; 215 ec->cipher = cipher;
215 if (key) { 216 if (key) {
@@ -222,13 +223,16 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
222 ec->keylen = keylen; 223 ec->keylen = keylen;
223 if (cipher) 224 if (cipher)
224 ec->contentType = OBJ_nid2obj(NID_pkcs7_data); 225 ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
226
225 return 1; 227 return 1;
226} 228}
227 229
228int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, 230int
229 const unsigned char *key, size_t keylen) 231CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
232 const unsigned char *key, size_t keylen)
230{ 233{
231 CMS_EncryptedContentInfo *ec; 234 CMS_EncryptedContentInfo *ec;
235
232 if (!key || !keylen) { 236 if (!key || !keylen) {
233 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY); 237 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
234 return 0; 238 return 0;
@@ -246,13 +250,17 @@ int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
246 return 0; 250 return 0;
247 } 251 }
248 ec = cms->d.encryptedData->encryptedContentInfo; 252 ec = cms->d.encryptedData->encryptedContentInfo;
253
249 return cms_EncryptedContent_init(ec, ciph, key, keylen); 254 return cms_EncryptedContent_init(ec, ciph, key, keylen);
250} 255}
251 256
252BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms) 257BIO *
258cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
253{ 259{
254 CMS_EncryptedData *enc = cms->d.encryptedData; 260 CMS_EncryptedData *enc = cms->d.encryptedData;
261
255 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) 262 if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
256 enc->version = 2; 263 enc->version = 2;
264
257 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo); 265 return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
258} 266}
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index e137cadf34..fbfbdd98ca 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_env.c,v 1.15 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_env.c,v 1.16 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -65,17 +65,19 @@
65 65
66/* CMS EnvelopedData Utilities */ 66/* CMS EnvelopedData Utilities */
67 67
68CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) 68CMS_EnvelopedData *
69cms_get0_enveloped(CMS_ContentInfo *cms)
69{ 70{
70 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { 71 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
71 CMSerr(CMS_F_CMS_GET0_ENVELOPED, 72 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
72 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); 73 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
73 return NULL; 74 return NULL;
74 } 75 }
75 return cms->d.envelopedData; 76 return cms->d.envelopedData;
76} 77}
77 78
78static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) 79static CMS_EnvelopedData *
80cms_enveloped_data_init(CMS_ContentInfo *cms)
79{ 81{
80 if (cms->d.other == NULL) { 82 if (cms->d.other == NULL) {
81 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); 83 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
@@ -93,10 +95,12 @@ static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
93 return cms_get0_enveloped(cms); 95 return cms_get0_enveloped(cms);
94} 96}
95 97
96int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) 98int
99cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
97{ 100{
98 EVP_PKEY *pkey; 101 EVP_PKEY *pkey;
99 int i; 102 int i;
103
100 if (ri->type == CMS_RECIPINFO_TRANS) 104 if (ri->type == CMS_RECIPINFO_TRANS)
101 pkey = ri->d.ktri->pkey; 105 pkey = ri->d.ktri->pkey;
102 else if (ri->type == CMS_RECIPINFO_AGREE) { 106 else if (ri->type == CMS_RECIPINFO_AGREE) {
@@ -113,53 +117,64 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
113 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri); 117 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
114 if (i == -2) { 118 if (i == -2) {
115 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, 119 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
116 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 120 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
117 return 0; 121 return 0;
118 } 122 }
119 if (i <= 0) { 123 if (i <= 0) {
120 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE); 124 CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
121 return 0; 125 return 0;
122 } 126 }
127
123 return 1; 128 return 1;
124} 129}
125 130
126STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) 131STACK_OF(CMS_RecipientInfo) *
132CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
127{ 133{
128 CMS_EnvelopedData *env; 134 CMS_EnvelopedData *env;
135
129 env = cms_get0_enveloped(cms); 136 env = cms_get0_enveloped(cms);
130 if (!env) 137 if (!env)
131 return NULL; 138 return NULL;
139
132 return env->recipientInfos; 140 return env->recipientInfos;
133} 141}
134 142
135int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) 143int
144CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
136{ 145{
137 return ri->type; 146 return ri->type;
138} 147}
139 148
140EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri) 149EVP_PKEY_CTX *
150CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
141{ 151{
142 if (ri->type == CMS_RECIPINFO_TRANS) 152 if (ri->type == CMS_RECIPINFO_TRANS)
143 return ri->d.ktri->pctx; 153 return ri->d.ktri->pctx;
144 else if (ri->type == CMS_RECIPINFO_AGREE) 154 else if (ri->type == CMS_RECIPINFO_AGREE)
145 return ri->d.kari->pctx; 155 return ri->d.kari->pctx;
156
146 return NULL; 157 return NULL;
147} 158}
148 159
149CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) 160CMS_ContentInfo *
161CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
150{ 162{
151 CMS_ContentInfo *cms; 163 CMS_ContentInfo *cms;
152 CMS_EnvelopedData *env; 164 CMS_EnvelopedData *env;
165
153 cms = CMS_ContentInfo_new(); 166 cms = CMS_ContentInfo_new();
154 if (cms == NULL) 167 if (cms == NULL)
155 goto merr; 168 goto merr;
156 env = cms_enveloped_data_init(cms); 169 env = cms_enveloped_data_init(cms);
157 if (env == NULL) 170 if (env == NULL)
158 goto merr; 171 goto merr;
159 if (!cms_EncryptedContent_init(env->encryptedContentInfo, 172 if (!cms_EncryptedContent_init(env->encryptedContentInfo, cipher,
160 cipher, NULL, 0)) 173 NULL, 0))
161 goto merr; 174 goto merr;
175
162 return cms; 176 return cms;
177
163 merr: 178 merr:
164 CMS_ContentInfo_free(cms); 179 CMS_ContentInfo_free(cms);
165 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); 180 CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
@@ -170,8 +185,9 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
170 185
171/* Initialise a ktri based on passed certificate and key */ 186/* Initialise a ktri based on passed certificate and key */
172 187
173static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, 188static int
174 EVP_PKEY *pk, unsigned int flags) 189cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk,
190 unsigned int flags)
175{ 191{
176 CMS_KeyTransRecipientInfo *ktri; 192 CMS_KeyTransRecipientInfo *ktri;
177 int idtype; 193 int idtype;
@@ -213,6 +229,7 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
213 return 0; 229 return 0;
214 } else if (!cms_env_asn1_ctrl(ri, 0)) 230 } else if (!cms_env_asn1_ctrl(ri, 0))
215 return 0; 231 return 0;
232
216 return 1; 233 return 1;
217} 234}
218 235
@@ -220,12 +237,13 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
220 * Add a recipient certificate using appropriate type of RecipientInfo 237 * Add a recipient certificate using appropriate type of RecipientInfo
221 */ 238 */
222 239
223CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, 240CMS_RecipientInfo *
224 X509 *recip, unsigned int flags) 241CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags)
225{ 242{
226 CMS_RecipientInfo *ri = NULL; 243 CMS_RecipientInfo *ri = NULL;
227 CMS_EnvelopedData *env; 244 CMS_EnvelopedData *env;
228 EVP_PKEY *pk = NULL; 245 EVP_PKEY *pk = NULL;
246
229 env = cms_get0_enveloped(cms); 247 env = cms_get0_enveloped(cms);
230 if (!env) 248 if (!env)
231 goto err; 249 goto err;
@@ -237,7 +255,8 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
237 255
238 pk = X509_get0_pubkey(recip); 256 pk = X509_get0_pubkey(recip);
239 if (!pk) { 257 if (!pk) {
240 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY); 258 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
259 CMS_R_ERROR_GETTING_PUBLIC_KEY);
241 goto err; 260 goto err;
242 } 261 }
243 262
@@ -255,7 +274,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
255 274
256 default: 275 default:
257 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, 276 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
258 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 277 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
259 goto err; 278 goto err;
260 279
261 } 280 }
@@ -270,17 +289,16 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
270 err: 289 err:
271 M_ASN1_free_of(ri, CMS_RecipientInfo); 290 M_ASN1_free_of(ri, CMS_RecipientInfo);
272 return NULL; 291 return NULL;
273
274} 292}
275 293
276int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, 294int
277 EVP_PKEY **pk, X509 **recip, 295CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
278 X509_ALGOR **palg) 296 X509 **recip, X509_ALGOR **palg)
279{ 297{
280 CMS_KeyTransRecipientInfo *ktri; 298 CMS_KeyTransRecipientInfo *ktri;
299
281 if (ri->type != CMS_RECIPINFO_TRANS) { 300 if (ri->type != CMS_RECIPINFO_TRANS) {
282 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 301 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, CMS_R_NOT_KEY_TRANSPORT);
283 CMS_R_NOT_KEY_TRANSPORT);
284 return 0; 302 return 0;
285 } 303 }
286 304
@@ -292,18 +310,19 @@ int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
292 *recip = ktri->recip; 310 *recip = ktri->recip;
293 if (palg) 311 if (palg)
294 *palg = ktri->keyEncryptionAlgorithm; 312 *palg = ktri->keyEncryptionAlgorithm;
313
295 return 1; 314 return 1;
296} 315}
297 316
298int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, 317int
299 ASN1_OCTET_STRING **keyid, 318CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
300 X509_NAME **issuer, 319 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
301 ASN1_INTEGER **sno)
302{ 320{
303 CMS_KeyTransRecipientInfo *ktri; 321 CMS_KeyTransRecipientInfo *ktri;
322
304 if (ri->type != CMS_RECIPINFO_TRANS) { 323 if (ri->type != CMS_RECIPINFO_TRANS) {
305 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 324 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
306 CMS_R_NOT_KEY_TRANSPORT); 325 CMS_R_NOT_KEY_TRANSPORT);
307 return 0; 326 return 0;
308 } 327 }
309 ktri = ri->d.ktri; 328 ktri = ri->d.ktri;
@@ -311,17 +330,20 @@ int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
311 return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno); 330 return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
312} 331}
313 332
314int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) 333int
334CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
315{ 335{
316 if (ri->type != CMS_RECIPINFO_TRANS) { 336 if (ri->type != CMS_RECIPINFO_TRANS) {
317 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 337 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
318 CMS_R_NOT_KEY_TRANSPORT); 338 CMS_R_NOT_KEY_TRANSPORT);
319 return -2; 339 return -2;
320 } 340 }
341
321 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); 342 return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
322} 343}
323 344
324int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) 345int
346CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
325{ 347{
326 if (ri->type != CMS_RECIPINFO_TRANS) { 348 if (ri->type != CMS_RECIPINFO_TRANS) {
327 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); 349 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
@@ -329,13 +351,14 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
329 } 351 }
330 EVP_PKEY_free(ri->d.ktri->pkey); 352 EVP_PKEY_free(ri->d.ktri->pkey);
331 ri->d.ktri->pkey = pkey; 353 ri->d.ktri->pkey = pkey;
354
332 return 1; 355 return 1;
333} 356}
334 357
335/* Encrypt content key in key transport recipient info */ 358/* Encrypt content key in key transport recipient info */
336 359
337static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, 360static int
338 CMS_RecipientInfo *ri) 361cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
339{ 362{
340 CMS_KeyTransRecipientInfo *ktri; 363 CMS_KeyTransRecipientInfo *ktri;
341 CMS_EncryptedContentInfo *ec; 364 CMS_EncryptedContentInfo *ec;
@@ -394,14 +417,14 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
394 EVP_PKEY_CTX_free(pctx); 417 EVP_PKEY_CTX_free(pctx);
395 ktri->pctx = NULL; 418 ktri->pctx = NULL;
396 OPENSSL_free(ek); 419 OPENSSL_free(ek);
397 return ret;
398 420
421 return ret;
399} 422}
400 423
401/* Decrypt content key from KTRI */ 424/* Decrypt content key from KTRI */
402 425
403static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, 426static int
404 CMS_RecipientInfo *ri) 427cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
405{ 428{
406 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; 429 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
407 EVP_PKEY *pkey = ktri->pkey; 430 EVP_PKEY *pkey = ktri->pkey;
@@ -409,6 +432,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
409 size_t eklen; 432 size_t eklen;
410 int ret = 0; 433 int ret = 0;
411 CMS_EncryptedContentInfo *ec; 434 CMS_EncryptedContentInfo *ec;
435
412 ec = cms->d.envelopedData->encryptedContentInfo; 436 ec = cms->d.envelopedData->encryptedContentInfo;
413 437
414 if (ktri->pkey == NULL) { 438 if (ktri->pkey == NULL) {
@@ -427,14 +451,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
427 goto err; 451 goto err;
428 452
429 if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT, 453 if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
430 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) { 454 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
431 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); 455 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
432 goto err; 456 goto err;
433 } 457 }
434 458
435 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, 459 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, ktri->encryptedKey->data,
436 ktri->encryptedKey->data, 460 ktri->encryptedKey->length) <= 0)
437 ktri->encryptedKey->length) <= 0)
438 goto err; 461 goto err;
439 462
440 ek = OPENSSL_malloc(eklen); 463 ek = OPENSSL_malloc(eklen);
@@ -444,9 +467,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
444 goto err; 467 goto err;
445 } 468 }
446 469
447 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, 470 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data,
448 ktri->encryptedKey->data, 471 ktri->encryptedKey->length) <= 0) {
449 ktri->encryptedKey->length) <= 0) {
450 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); 472 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
451 goto err; 473 goto err;
452 } 474 }
@@ -468,11 +490,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
468 490
469/* Key Encrypted Key (KEK) RecipientInfo routines */ 491/* Key Encrypted Key (KEK) RecipientInfo routines */
470 492
471int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 493int
472 const unsigned char *id, size_t idlen) 494CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id,
495 size_t idlen)
473{ 496{
474 ASN1_OCTET_STRING tmp_os; 497 ASN1_OCTET_STRING tmp_os;
475 CMS_KEKRecipientInfo *kekri; 498 CMS_KEKRecipientInfo *kekri;
499
476 if (ri->type != CMS_RECIPINFO_KEK) { 500 if (ri->type != CMS_RECIPINFO_KEK) {
477 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); 501 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
478 return -2; 502 return -2;
@@ -482,12 +506,14 @@ int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
482 tmp_os.flags = 0; 506 tmp_os.flags = 0;
483 tmp_os.data = (unsigned char *)id; 507 tmp_os.data = (unsigned char *)id;
484 tmp_os.length = (int)idlen; 508 tmp_os.length = (int)idlen;
509
485 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); 510 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
486} 511}
487 512
488/* For now hard code AES key wrap info */ 513/* For now hard code AES key wrap info */
489 514
490static size_t aes_wrap_keylen(int nid) 515static size_t
516aes_wrap_keylen(int nid)
491{ 517{
492 switch (nid) { 518 switch (nid) {
493 case NID_id_aes128_wrap: 519 case NID_id_aes128_wrap:
@@ -504,16 +530,15 @@ static size_t aes_wrap_keylen(int nid)
504 } 530 }
505} 531}
506 532
507CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, 533CMS_RecipientInfo *
508 unsigned char *key, size_t keylen, 534CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key,
509 unsigned char *id, size_t idlen, 535 size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date,
510 ASN1_GENERALIZEDTIME *date, 536 ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType)
511 ASN1_OBJECT *otherTypeId,
512 ASN1_TYPE *otherType)
513{ 537{
514 CMS_RecipientInfo *ri = NULL; 538 CMS_RecipientInfo *ri = NULL;
515 CMS_EnvelopedData *env; 539 CMS_EnvelopedData *env;
516 CMS_KEKRecipientInfo *kekri; 540 CMS_KEKRecipientInfo *kekri;
541
517 env = cms_get0_enveloped(cms); 542 env = cms_get0_enveloped(cms);
518 if (!env) 543 if (!env)
519 goto err; 544 goto err;
@@ -601,17 +626,15 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
601 err: 626 err:
602 M_ASN1_free_of(ri, CMS_RecipientInfo); 627 M_ASN1_free_of(ri, CMS_RecipientInfo);
603 return NULL; 628 return NULL;
604
605} 629}
606 630
607int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, 631int
608 X509_ALGOR **palg, 632CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
609 ASN1_OCTET_STRING **pid, 633 ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
610 ASN1_GENERALIZEDTIME **pdate, 634 ASN1_OBJECT **potherid, ASN1_TYPE **pothertype)
611 ASN1_OBJECT **potherid,
612 ASN1_TYPE **pothertype)
613{ 635{
614 CMS_KEKIdentifier *rkid; 636 CMS_KEKIdentifier *rkid;
637
615 if (ri->type != CMS_RECIPINFO_KEK) { 638 if (ri->type != CMS_RECIPINFO_KEK) {
616 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); 639 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
617 return 0; 640 return 0;
@@ -635,13 +658,16 @@ int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
635 else 658 else
636 *pothertype = NULL; 659 *pothertype = NULL;
637 } 660 }
661
638 return 1; 662 return 1;
639} 663}
640 664
641int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 665int
642 unsigned char *key, size_t keylen) 666CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
667 size_t keylen)
643{ 668{
644 CMS_KEKRecipientInfo *kekri; 669 CMS_KEKRecipientInfo *kekri;
670
645 if (ri->type != CMS_RECIPINFO_KEK) { 671 if (ri->type != CMS_RECIPINFO_KEK) {
646 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); 672 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
647 return 0; 673 return 0;
@@ -655,8 +681,8 @@ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
655 681
656/* Encrypt content key in KEK recipient info */ 682/* Encrypt content key in KEK recipient info */
657 683
658static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, 684static int
659 CMS_RecipientInfo *ri) 685cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
660{ 686{
661 CMS_EncryptedContentInfo *ec; 687 CMS_EncryptedContentInfo *ec;
662 CMS_KEKRecipientInfo *kekri; 688 CMS_KEKRecipientInfo *kekri;
@@ -666,7 +692,6 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
666 int r = 0; 692 int r = 0;
667 693
668 ec = cms->d.envelopedData->encryptedContentInfo; 694 ec = cms->d.envelopedData->encryptedContentInfo;
669
670 kekri = ri->d.kekri; 695 kekri = ri->d.kekri;
671 696
672 if (!kekri->key) { 697 if (!kekri->key) {
@@ -681,14 +706,12 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
681 } 706 }
682 707
683 wkey = OPENSSL_malloc(ec->keylen + 8); 708 wkey = OPENSSL_malloc(ec->keylen + 8);
684
685 if (wkey == NULL) { 709 if (wkey == NULL) {
686 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE); 710 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
687 goto err; 711 goto err;
688 } 712 }
689 713
690 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); 714 wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
691
692 if (wkeylen <= 0) { 715 if (wkeylen <= 0) {
693 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); 716 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
694 goto err; 717 goto err;
@@ -699,19 +722,17 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
699 r = 1; 722 r = 1;
700 723
701 err: 724 err:
702
703 if (!r) 725 if (!r)
704 OPENSSL_free(wkey); 726 OPENSSL_free(wkey);
705 OPENSSL_cleanse(&actx, sizeof(actx)); 727 OPENSSL_cleanse(&actx, sizeof(actx));
706 728
707 return r; 729 return r;
708
709} 730}
710 731
711/* Decrypt content key in KEK recipient info */ 732/* Decrypt content key in KEK recipient info */
712 733
713static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, 734static int
714 CMS_RecipientInfo *ri) 735cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
715{ 736{
716 CMS_EncryptedContentInfo *ec; 737 CMS_EncryptedContentInfo *ec;
717 CMS_KEKRecipientInfo *kekri; 738 CMS_KEKRecipientInfo *kekri;
@@ -721,7 +742,6 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
721 int r = 0, wrap_nid; 742 int r = 0, wrap_nid;
722 743
723 ec = cms->d.envelopedData->encryptedContentInfo; 744 ec = cms->d.envelopedData->encryptedContentInfo;
724
725 kekri = ri->d.kekri; 745 kekri = ri->d.kekri;
726 746
727 if (!kekri->key) { 747 if (!kekri->key) {
@@ -732,7 +752,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
732 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); 752 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
733 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) { 753 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
734 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 754 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
735 CMS_R_INVALID_KEY_LENGTH); 755 CMS_R_INVALID_KEY_LENGTH);
736 return 0; 756 return 0;
737 } 757 }
738 758
@@ -740,26 +760,24 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
740 760
741 if (kekri->encryptedKey->length < 16) { 761 if (kekri->encryptedKey->length < 16) {
742 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 762 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
743 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); 763 CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
744 goto err; 764 goto err;
745 } 765 }
746 766
747 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) { 767 if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
748 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 768 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
749 CMS_R_ERROR_SETTING_KEY); 769 CMS_R_ERROR_SETTING_KEY);
750 goto err; 770 goto err;
751 } 771 }
752 772
753 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); 773 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
754
755 if (ukey == NULL) { 774 if (ukey == NULL) {
756 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE); 775 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
757 goto err; 776 goto err;
758 } 777 }
759 778
760 ukeylen = AES_unwrap_key(&actx, NULL, ukey, 779 ukeylen = AES_unwrap_key(&actx, NULL, ukey, kekri->encryptedKey->data,
761 kekri->encryptedKey->data, 780 kekri->encryptedKey->length);
762 kekri->encryptedKey->length);
763 781
764 if (ukeylen <= 0) { 782 if (ukeylen <= 0) {
765 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR); 783 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
@@ -778,10 +796,10 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
778 OPENSSL_cleanse(&actx, sizeof(actx)); 796 OPENSSL_cleanse(&actx, sizeof(actx));
779 797
780 return r; 798 return r;
781
782} 799}
783 800
784int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) 801int
802CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
785{ 803{
786 switch (ri->type) { 804 switch (ri->type) {
787 case CMS_RECIPINFO_TRANS: 805 case CMS_RECIPINFO_TRANS:
@@ -795,12 +813,13 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
795 813
796 default: 814 default:
797 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, 815 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
798 CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE); 816 CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
799 return 0; 817 return 0;
800 } 818 }
801} 819}
802 820
803int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) 821int
822CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
804{ 823{
805 switch (ri->type) { 824 switch (ri->type) {
806 case CMS_RECIPINFO_TRANS: 825 case CMS_RECIPINFO_TRANS:
@@ -817,21 +836,24 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
817 836
818 default: 837 default:
819 CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 838 CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
820 CMS_R_UNSUPPORTED_RECIPIENT_TYPE); 839 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
821 return 0; 840 return 0;
822 } 841 }
823} 842}
824 843
825/* Check structures and fixup version numbers (if necessary) */ 844/* Check structures and fixup version numbers (if necessary) */
826 845
827static void cms_env_set_originfo_version(CMS_EnvelopedData *env) 846static void
847cms_env_set_originfo_version(CMS_EnvelopedData *env)
828{ 848{
829 CMS_OriginatorInfo *org = env->originatorInfo; 849 CMS_OriginatorInfo *org = env->originatorInfo;
830 int i; 850 int i;
851
831 if (org == NULL) 852 if (org == NULL)
832 return; 853 return;
833 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) { 854 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
834 CMS_CertificateChoices *cch; 855 CMS_CertificateChoices *cch;
856
835 cch = sk_CMS_CertificateChoices_value(org->certificates, i); 857 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
836 if (cch->type == CMS_CERTCHOICE_OTHER) { 858 if (cch->type == CMS_CERTCHOICE_OTHER) {
837 env->version = 4; 859 env->version = 4;
@@ -844,6 +866,7 @@ static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
844 866
845 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) { 867 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
846 CMS_RevocationInfoChoice *rch; 868 CMS_RevocationInfoChoice *rch;
869
847 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i); 870 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
848 if (rch->type == CMS_REVCHOICE_OTHER) { 871 if (rch->type == CMS_REVCHOICE_OTHER) {
849 env->version = 4; 872 env->version = 4;
@@ -852,7 +875,8 @@ static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
852 } 875 }
853} 876}
854 877
855static void cms_env_set_version(CMS_EnvelopedData *env) 878static void
879cms_env_set_version(CMS_EnvelopedData *env)
856{ 880{
857 int i; 881 int i;
858 CMS_RecipientInfo *ri; 882 CMS_RecipientInfo *ri;
@@ -885,7 +909,8 @@ static void cms_env_set_version(CMS_EnvelopedData *env)
885 env->version = 0; 909 env->version = 0;
886} 910}
887 911
888BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) 912BIO *
913cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
889{ 914{
890 CMS_EncryptedContentInfo *ec; 915 CMS_EncryptedContentInfo *ec;
891 STACK_OF(CMS_RecipientInfo) *rinfos; 916 STACK_OF(CMS_RecipientInfo) *rinfos;
@@ -928,7 +953,6 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
928 return ret; 953 return ret;
929 BIO_free(ret); 954 BIO_free(ret);
930 return NULL; 955 return NULL;
931
932} 956}
933 957
934/* 958/*
@@ -936,7 +960,8 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
936 * retain compatibility with previous behaviour if the ctrl value isn't 960 * retain compatibility with previous behaviour if the ctrl value isn't
937 * supported we assume key transport. 961 * supported we assume key transport.
938 */ 962 */
939int cms_pkey_get_ri_type(EVP_PKEY *pk) 963int
964cms_pkey_get_ri_type(EVP_PKEY *pk)
940{ 965{
941 if (pk->ameth && pk->ameth->pkey_ctrl) { 966 if (pk->ameth && pk->ameth->pkey_ctrl) {
942 int i, r; 967 int i, r;
diff --git a/src/lib/libcrypto/cms/cms_err.c b/src/lib/libcrypto/cms/cms_err.c
index af0ef8c38a..de7c544a50 100644
--- a/src/lib/libcrypto/cms/cms_err.c
+++ b/src/lib/libcrypto/cms/cms_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_err.c,v 1.9 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_err.c,v 1.10 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Generated by util/mkerr.pl DO NOT EDIT 3 * Generated by util/mkerr.pl DO NOT EDIT
4 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 4 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -283,7 +283,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
283 283
284#endif 284#endif
285 285
286int ERR_load_CMS_strings(void) 286int
287ERR_load_CMS_strings(void)
287{ 288{
288#ifndef OPENSSL_NO_ERR 289#ifndef OPENSSL_NO_ERR
289 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) { 290 if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
diff --git a/src/lib/libcrypto/cms/cms_ess.c b/src/lib/libcrypto/cms/cms_ess.c
index bcc3e58368..abfd170bb4 100644
--- a/src/lib/libcrypto/cms/cms_ess.c
+++ b/src/lib/libcrypto/cms/cms_ess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_ess.c,v 1.13 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_ess.c,v 1.14 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -65,16 +65,16 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
65 65
66/* ESS services: for now just Signed Receipt related */ 66/* ESS services: for now just Signed Receipt related */
67 67
68int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) 68int
69CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
69{ 70{
70 ASN1_STRING *str; 71 ASN1_STRING *str;
71 CMS_ReceiptRequest *rr = NULL; 72 CMS_ReceiptRequest *rr = NULL;
73
72 if (prr) 74 if (prr)
73 *prr = NULL; 75 *prr = NULL;
74 str = CMS_signed_get0_data_by_OBJ(si, 76 str = CMS_signed_get0_data_by_OBJ(si,
75 OBJ_nid2obj 77 OBJ_nid2obj(NID_id_smime_aa_receiptRequest), -3, V_ASN1_SEQUENCE);
76 (NID_id_smime_aa_receiptRequest), -3,
77 V_ASN1_SEQUENCE);
78 if (!str) 78 if (!str)
79 return 0; 79 return 0;
80 80
@@ -85,14 +85,13 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
85 *prr = rr; 85 *prr = rr;
86 else 86 else
87 CMS_ReceiptRequest_free(rr); 87 CMS_ReceiptRequest_free(rr);
88
88 return 1; 89 return 1;
89} 90}
90 91
91CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, 92CMS_ReceiptRequest *
92 int allorfirst, 93CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
93 STACK_OF(GENERAL_NAMES) 94 STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
94 *receiptList, STACK_OF(GENERAL_NAMES)
95 *receiptsTo)
96{ 95{
97 CMS_ReceiptRequest *rr = NULL; 96 CMS_ReceiptRequest *rr = NULL;
98 97
@@ -127,10 +126,10 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
127 err: 126 err:
128 CMS_ReceiptRequest_free(rr); 127 CMS_ReceiptRequest_free(rr);
129 return NULL; 128 return NULL;
130
131} 129}
132 130
133int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) 131int
132CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
134{ 133{
135 unsigned char *rrder = NULL; 134 unsigned char *rrder = NULL;
136 int rrderlen, r = 0; 135 int rrderlen, r = 0;
@@ -140,7 +139,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
140 goto merr; 139 goto merr;
141 140
142 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, 141 if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
143 V_ASN1_SEQUENCE, rrder, rrderlen)) 142 V_ASN1_SEQUENCE, rrder, rrderlen))
144 goto merr; 143 goto merr;
145 144
146 r = 1; 145 r = 1;
@@ -152,14 +151,12 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
152 OPENSSL_free(rrder); 151 OPENSSL_free(rrder);
153 152
154 return r; 153 return r;
155
156} 154}
157 155
158void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, 156void
159 ASN1_STRING **pcid, 157CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
160 int *pallorfirst, 158 int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
161 STACK_OF(GENERAL_NAMES) **plist, 159 STACK_OF(GENERAL_NAMES) **prto)
162 STACK_OF(GENERAL_NAMES) **prto)
163{ 160{
164 if (pcid) 161 if (pcid)
165 *pcid = rr->signedContentIdentifier; 162 *pcid = rr->signedContentIdentifier;
@@ -180,40 +177,46 @@ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
180 177
181/* Digest a SignerInfo structure for msgSigDigest attribute processing */ 178/* Digest a SignerInfo structure for msgSigDigest attribute processing */
182 179
183static int cms_msgSigDigest(CMS_SignerInfo *si, 180static int
184 unsigned char *dig, unsigned int *diglen) 181cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen)
185{ 182{
186 const EVP_MD *md; 183 const EVP_MD *md;
184
187 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); 185 md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
188 if (md == NULL) 186 if (md == NULL)
189 return 0; 187 return 0;
190 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, 188 if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
191 si->signedAttrs, dig, diglen)) 189 si->signedAttrs, dig, diglen))
192 return 0; 190 return 0;
191
193 return 1; 192 return 1;
194} 193}
195 194
196/* Add a msgSigDigest attribute to a SignerInfo */ 195/* Add a msgSigDigest attribute to a SignerInfo */
197 196
198int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) 197int
198cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
199{ 199{
200 unsigned char dig[EVP_MAX_MD_SIZE]; 200 unsigned char dig[EVP_MAX_MD_SIZE];
201 unsigned int diglen; 201 unsigned int diglen;
202
202 if (!cms_msgSigDigest(src, dig, &diglen)) { 203 if (!cms_msgSigDigest(src, dig, &diglen)) {
203 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR); 204 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
204 return 0; 205 return 0;
205 } 206 }
206 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, 207 if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
207 V_ASN1_OCTET_STRING, dig, diglen)) { 208 V_ASN1_OCTET_STRING, dig, diglen)) {
208 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE); 209 CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
209 return 0; 210 return 0;
210 } 211 }
212
211 return 1; 213 return 1;
212} 214}
213 215
214/* Verify signed receipt after it has already passed normal CMS verify */ 216/* Verify signed receipt after it has already passed normal CMS verify */
215 217
216int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) 218int
219cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
217{ 220{
218 int r = 0, i; 221 int r = 0, i;
219 CMS_ReceiptRequest *rr = NULL; 222 CMS_ReceiptRequest *rr = NULL;
@@ -274,9 +277,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
274 /* Get msgSigDigest value and compare */ 277 /* Get msgSigDigest value and compare */
275 278
276 msig = CMS_signed_get0_data_by_OBJ(si, 279 msig = CMS_signed_get0_data_by_OBJ(si,
277 OBJ_nid2obj 280 OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, V_ASN1_OCTET_STRING);
278 (NID_id_smime_aa_msgSigDigest), -3,
279 V_ASN1_OCTET_STRING);
280 281
281 if (!msig) { 282 if (!msig) {
282 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST); 283 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
@@ -302,8 +303,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
302 /* Compare content types */ 303 /* Compare content types */
303 304
304 octype = CMS_signed_get0_data_by_OBJ(osi, 305 octype = CMS_signed_get0_data_by_OBJ(osi,
305 OBJ_nid2obj(NID_pkcs9_contentType), 306 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
306 -3, V_ASN1_OBJECT);
307 if (!octype) { 307 if (!octype) {
308 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE); 308 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
309 goto err; 309 goto err;
@@ -324,7 +324,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
324 } 324 }
325 325
326 if (ASN1_STRING_cmp(rr->signedContentIdentifier, 326 if (ASN1_STRING_cmp(rr->signedContentIdentifier,
327 rct->signedContentIdentifier)) { 327 rct->signedContentIdentifier)) {
328 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH); 328 CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
329 goto err; 329 goto err;
330 } 330 }
@@ -335,7 +335,6 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
335 CMS_ReceiptRequest_free(rr); 335 CMS_ReceiptRequest_free(rr);
336 M_ASN1_free_of(rct, CMS_Receipt); 336 M_ASN1_free_of(rct, CMS_Receipt);
337 return r; 337 return r;
338
339} 338}
340 339
341/* 340/*
@@ -343,7 +342,8 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
343 * SignedData ContentInfo. 342 * SignedData ContentInfo.
344 */ 343 */
345 344
346ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) 345ASN1_OCTET_STRING *
346cms_encode_Receipt(CMS_SignerInfo *si)
347{ 347{
348 CMS_Receipt rct; 348 CMS_Receipt rct;
349 CMS_ReceiptRequest *rr = NULL; 349 CMS_ReceiptRequest *rr = NULL;
@@ -362,8 +362,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
362 /* Get original content type */ 362 /* Get original content type */
363 363
364 ctype = CMS_signed_get0_data_by_OBJ(si, 364 ctype = CMS_signed_get0_data_by_OBJ(si,
365 OBJ_nid2obj(NID_pkcs9_contentType), 365 OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
366 -3, V_ASN1_OBJECT);
367 if (!ctype) { 366 if (!ctype) {
368 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE); 367 CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
369 goto err; 368 goto err;
diff --git a/src/lib/libcrypto/cms/cms_io.c b/src/lib/libcrypto/cms/cms_io.c
index 56d7cd68e1..5528ca04be 100644
--- a/src/lib/libcrypto/cms/cms_io.c
+++ b/src/lib/libcrypto/cms/cms_io.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_io.c,v 1.8 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_io.c,v 1.9 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -59,9 +59,11 @@
59#include <openssl/cms.h> 59#include <openssl/cms.h>
60#include "cms_lcl.h" 60#include "cms_lcl.h"
61 61
62int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) 62int
63CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
63{ 64{
64 ASN1_OCTET_STRING **pos; 65 ASN1_OCTET_STRING **pos;
66
65 pos = CMS_get0_content(cms); 67 pos = CMS_get0_content(cms);
66 if (pos == NULL) 68 if (pos == NULL)
67 return 0; 69 return 0;
@@ -77,22 +79,25 @@ int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
77 return 0; 79 return 0;
78} 80}
79 81
80CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) 82CMS_ContentInfo *
83d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
81{ 84{
82 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); 85 return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
83} 86}
84 87
85int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) 88int
89i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
86{ 90{
87 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); 91 return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
88} 92}
89 93
90IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) 94IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
91 95
92BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) 96BIO *
97BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
93{ 98{
94 return BIO_new_NDEF(out, (ASN1_VALUE *)cms, 99 return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
95 ASN1_ITEM_rptr(CMS_ContentInfo)); 100 ASN1_ITEM_rptr(CMS_ContentInfo));
96} 101}
97 102
98/* CMS wrappers round generalised stream and MIME routines */ 103/* CMS wrappers round generalised stream and MIME routines */
@@ -103,31 +108,32 @@ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
103 ASN1_ITEM_rptr(CMS_ContentInfo)); 108 ASN1_ITEM_rptr(CMS_ContentInfo));
104} 109}
105 110
106int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, 111int
107 int flags) 112PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
108{ 113{
109 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags, 114 return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags,
110 "CMS", ASN1_ITEM_rptr(CMS_ContentInfo)); 115 "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
111} 116}
112 117
113int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) 118int
119SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
114{ 120{
115 STACK_OF(X509_ALGOR) *mdalgs; 121 STACK_OF(X509_ALGOR) *mdalgs;
116 int ctype_nid = OBJ_obj2nid(cms->contentType); 122 int ctype_nid = OBJ_obj2nid(cms->contentType);
117 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); 123 int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
124
118 if (ctype_nid == NID_pkcs7_signed) 125 if (ctype_nid == NID_pkcs7_signed)
119 mdalgs = cms->d.signedData->digestAlgorithms; 126 mdalgs = cms->d.signedData->digestAlgorithms;
120 else 127 else
121 mdalgs = NULL; 128 mdalgs = NULL;
122 129
123 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, 130 return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid,
124 ctype_nid, econt_nid, mdalgs, 131 econt_nid, mdalgs, ASN1_ITEM_rptr(CMS_ContentInfo));
125 ASN1_ITEM_rptr(CMS_ContentInfo));
126} 132}
127 133
128CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) 134CMS_ContentInfo *
135SMIME_read_CMS(BIO *bio, BIO **bcont)
129{ 136{
130 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, 137 return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
131 ASN1_ITEM_rptr 138 ASN1_ITEM_rptr(CMS_ContentInfo));
132 (CMS_ContentInfo));
133} 139}
diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
index 7aad3c755b..3605baac41 100644
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_kari.c,v 1.5 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_kari.c,v 1.6 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -64,9 +64,9 @@
64 64
65/* Key Agreement Recipient Info (KARI) routines */ 65/* Key Agreement Recipient Info (KARI) routines */
66 66
67int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, 67int
68 X509_ALGOR **palg, 68CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
69 ASN1_OCTET_STRING **pukm) 69 ASN1_OCTET_STRING **pukm)
70{ 70{
71 if (ri->type != CMS_RECIPINFO_AGREE) { 71 if (ri->type != CMS_RECIPINFO_AGREE) {
72 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 72 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG,
@@ -77,13 +77,14 @@ int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
77 *palg = ri->d.kari->keyEncryptionAlgorithm; 77 *palg = ri->d.kari->keyEncryptionAlgorithm;
78 if (pukm) 78 if (pukm)
79 *pukm = ri->d.kari->ukm; 79 *pukm = ri->d.kari->ukm;
80
80 return 1; 81 return 1;
81} 82}
82 83
83/* Retrieve recipient encrypted keys from a kari */ 84/* Retrieve recipient encrypted keys from a kari */
84 85
85STACK_OF(CMS_RecipientEncryptedKey) 86STACK_OF(CMS_RecipientEncryptedKey) *
86*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri) 87CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
87{ 88{
88 if (ri->type != CMS_RECIPINFO_AGREE) { 89 if (ri->type != CMS_RECIPINFO_AGREE) {
89 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 90 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS,
@@ -93,14 +94,13 @@ STACK_OF(CMS_RecipientEncryptedKey)
93 return ri->d.kari->recipientEncryptedKeys; 94 return ri->d.kari->recipientEncryptedKeys;
94} 95}
95 96
96int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, 97int
97 X509_ALGOR **pubalg, 98CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, X509_ALGOR **pubalg,
98 ASN1_BIT_STRING **pubkey, 99 ASN1_BIT_STRING **pubkey, ASN1_OCTET_STRING **keyid, X509_NAME **issuer,
99 ASN1_OCTET_STRING **keyid, 100 ASN1_INTEGER **sno)
100 X509_NAME **issuer,
101 ASN1_INTEGER **sno)
102{ 101{
103 CMS_OriginatorIdentifierOrKey *oik; 102 CMS_OriginatorIdentifierOrKey *oik;
103
104 if (ri->type != CMS_RECIPINFO_AGREE) { 104 if (ri->type != CMS_RECIPINFO_AGREE) {
105 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 105 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID,
106 CMS_R_NOT_KEY_AGREEMENT); 106 CMS_R_NOT_KEY_AGREEMENT);
@@ -132,15 +132,18 @@ int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
132 *pubkey = oik->d.originatorKey->publicKey; 132 *pubkey = oik->d.originatorKey->publicKey;
133 } else 133 } else
134 return 0; 134 return 0;
135
135 return 1; 136 return 1;
136} 137}
137 138
138int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert) 139int
140CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
139{ 141{
140 CMS_OriginatorIdentifierOrKey *oik; 142 CMS_OriginatorIdentifierOrKey *oik;
143
141 if (ri->type != CMS_RECIPINFO_AGREE) { 144 if (ri->type != CMS_RECIPINFO_AGREE) {
142 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 145 CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP,
143 CMS_R_NOT_KEY_AGREEMENT); 146 CMS_R_NOT_KEY_AGREEMENT);
144 return -2; 147 return -2;
145 } 148 }
146 oik = ri->d.kari->originator; 149 oik = ri->d.kari->originator;
@@ -148,16 +151,17 @@ int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
148 return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert); 151 return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
149 else if (oik->type == CMS_OIK_KEYIDENTIFIER) 152 else if (oik->type == CMS_OIK_KEYIDENTIFIER)
150 return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert); 153 return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
154
151 return -1; 155 return -1;
152} 156}
153 157
154int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, 158int
155 ASN1_OCTET_STRING **keyid, 159CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
156 ASN1_GENERALIZEDTIME **tm, 160 ASN1_OCTET_STRING **keyid, ASN1_GENERALIZEDTIME **tm,
157 CMS_OtherKeyAttribute **other, 161 CMS_OtherKeyAttribute **other, X509_NAME **issuer, ASN1_INTEGER **sno)
158 X509_NAME **issuer, ASN1_INTEGER **sno)
159{ 162{
160 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid; 163 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
164
161 if (rid->type == CMS_REK_ISSUER_SERIAL) { 165 if (rid->type == CMS_REK_ISSUER_SERIAL) {
162 if (issuer) 166 if (issuer)
163 *issuer = rid->d.issuerAndSerialNumber->issuer; 167 *issuer = rid->d.issuerAndSerialNumber->issuer;
@@ -182,13 +186,15 @@ int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
182 *sno = NULL; 186 *sno = NULL;
183 } else 187 } else
184 return 0; 188 return 0;
189
185 return 1; 190 return 1;
186} 191}
187 192
188int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, 193int
189 X509 *cert) 194CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, X509 *cert)
190{ 195{
191 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid; 196 CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
197
192 if (rid->type == CMS_REK_ISSUER_SERIAL) 198 if (rid->type == CMS_REK_ISSUER_SERIAL)
193 return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert); 199 return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
194 else if (rid->type == CMS_REK_KEYIDENTIFIER) 200 else if (rid->type == CMS_REK_KEYIDENTIFIER)
@@ -197,7 +203,8 @@ int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
197 return -1; 203 return -1;
198} 204}
199 205
200int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) 206int
207CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
201{ 208{
202 EVP_PKEY_CTX *pctx; 209 EVP_PKEY_CTX *pctx;
203 CMS_KeyAgreeRecipientInfo *kari = ri->d.kari; 210 CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
@@ -211,12 +218,14 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
211 goto err; 218 goto err;
212 kari->pctx = pctx; 219 kari->pctx = pctx;
213 return 1; 220 return 1;
221
214 err: 222 err:
215 EVP_PKEY_CTX_free(pctx); 223 EVP_PKEY_CTX_free(pctx);
216 return 0; 224 return 0;
217} 225}
218 226
219EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri) 227EVP_CIPHER_CTX *
228CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
220{ 229{
221 if (ri->type == CMS_RECIPINFO_AGREE) 230 if (ri->type == CMS_RECIPINFO_AGREE)
222 return ri->d.kari->ctx; 231 return ri->d.kari->ctx;
@@ -228,9 +237,9 @@ EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
228 * or the encrypted CEK. 237 * or the encrypted CEK.
229 */ 238 */
230 239
231static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, 240static int
232 const unsigned char *in, size_t inlen, 241cms_kek_cipher(unsigned char **pout, size_t *poutlen, const unsigned char *in,
233 CMS_KeyAgreeRecipientInfo *kari, int enc) 242 size_t inlen, CMS_KeyAgreeRecipientInfo *kari, int enc)
234{ 243{
235 /* Key encryption key */ 244 /* Key encryption key */
236 unsigned char kek[EVP_MAX_KEY_LENGTH]; 245 unsigned char kek[EVP_MAX_KEY_LENGTH];
@@ -238,6 +247,7 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
238 int rv = 0; 247 int rv = 0;
239 unsigned char *out = NULL; 248 unsigned char *out = NULL;
240 int outlen; 249 int outlen;
250
241 keklen = EVP_CIPHER_CTX_key_length(kari->ctx); 251 keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
242 if (keklen > EVP_MAX_KEY_LENGTH) 252 if (keklen > EVP_MAX_KEY_LENGTH)
243 return 0; 253 return 0;
@@ -267,18 +277,20 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
267 /* FIXME: WHY IS kari->pctx freed here? /RL */ 277 /* FIXME: WHY IS kari->pctx freed here? /RL */
268 EVP_PKEY_CTX_free(kari->pctx); 278 EVP_PKEY_CTX_free(kari->pctx);
269 kari->pctx = NULL; 279 kari->pctx = NULL;
280
270 return rv; 281 return rv;
271} 282}
272 283
273int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, 284int
274 CMS_RecipientInfo *ri, 285CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
275 CMS_RecipientEncryptedKey *rek) 286 CMS_RecipientEncryptedKey *rek)
276{ 287{
277 int rv = 0; 288 int rv = 0;
278 unsigned char *enckey = NULL, *cek = NULL; 289 unsigned char *enckey = NULL, *cek = NULL;
279 size_t enckeylen; 290 size_t enckeylen;
280 size_t ceklen; 291 size_t ceklen;
281 CMS_EncryptedContentInfo *ec; 292 CMS_EncryptedContentInfo *ec;
293
282 enckeylen = rek->encryptedKey->length; 294 enckeylen = rek->encryptedKey->length;
283 enckey = rek->encryptedKey->data; 295 enckey = rek->encryptedKey->data;
284 /* Setup all parameters to derive KEK */ 296 /* Setup all parameters to derive KEK */
@@ -293,18 +305,21 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
293 ec->keylen = ceklen; 305 ec->keylen = ceklen;
294 cek = NULL; 306 cek = NULL;
295 rv = 1; 307 rv = 1;
308
296 err: 309 err:
297 OPENSSL_free(cek); 310 OPENSSL_free(cek);
311
298 return rv; 312 return rv;
299} 313}
300 314
301/* Create ephemeral key and initialise context based on it */ 315/* Create ephemeral key and initialise context based on it */
302static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, 316static int
303 EVP_PKEY *pk) 317cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, EVP_PKEY *pk)
304{ 318{
305 EVP_PKEY_CTX *pctx = NULL; 319 EVP_PKEY_CTX *pctx = NULL;
306 EVP_PKEY *ekey = NULL; 320 EVP_PKEY *ekey = NULL;
307 int rv = 0; 321 int rv = 0;
322
308 pctx = EVP_PKEY_CTX_new(pk, NULL); 323 pctx = EVP_PKEY_CTX_new(pk, NULL);
309 if (!pctx) 324 if (!pctx)
310 goto err; 325 goto err;
@@ -320,17 +335,20 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
320 goto err; 335 goto err;
321 kari->pctx = pctx; 336 kari->pctx = pctx;
322 rv = 1; 337 rv = 1;
338
323 err: 339 err:
324 if (!rv) 340 if (!rv)
325 EVP_PKEY_CTX_free(pctx); 341 EVP_PKEY_CTX_free(pctx);
326 EVP_PKEY_free(ekey); 342 EVP_PKEY_free(ekey);
343
327 return rv; 344 return rv;
328} 345}
329 346
330/* Initialise a kari based on passed certificate and key */ 347/* Initialise a kari based on passed certificate and key */
331 348
332int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, 349int
333 EVP_PKEY *pk, unsigned int flags) 350cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk,
351 unsigned int flags)
334{ 352{
335 CMS_KeyAgreeRecipientInfo *kari; 353 CMS_KeyAgreeRecipientInfo *kari;
336 CMS_RecipientEncryptedKey *rek = NULL; 354 CMS_RecipientEncryptedKey *rek = NULL;
@@ -371,15 +389,17 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
371 389
372 EVP_PKEY_up_ref(pk); 390 EVP_PKEY_up_ref(pk);
373 rek->pkey = pk; 391 rek->pkey = pk;
392
374 return 1; 393 return 1;
375} 394}
376 395
377static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, 396static int
378 const EVP_CIPHER *cipher) 397cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher)
379{ 398{
380 EVP_CIPHER_CTX *ctx = kari->ctx; 399 EVP_CIPHER_CTX *ctx = kari->ctx;
381 const EVP_CIPHER *kekcipher; 400 const EVP_CIPHER *kekcipher;
382 int keylen = EVP_CIPHER_key_length(cipher); 401 int keylen = EVP_CIPHER_key_length(cipher);
402
383 /* If a suitable wrap algorithm is already set nothing to do */ 403 /* If a suitable wrap algorithm is already set nothing to do */
384 kekcipher = EVP_CIPHER_CTX_cipher(ctx); 404 kekcipher = EVP_CIPHER_CTX_cipher(ctx);
385 405
@@ -403,13 +423,14 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
403 kekcipher = EVP_aes_192_wrap(); 423 kekcipher = EVP_aes_192_wrap();
404 else 424 else
405 kekcipher = EVP_aes_256_wrap(); 425 kekcipher = EVP_aes_256_wrap();
426
406 return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL); 427 return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
407} 428}
408 429
409/* Encrypt content key in key agreement recipient info */ 430/* Encrypt content key in key agreement recipient info */
410 431
411int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, 432int
412 CMS_RecipientInfo *ri) 433cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
413{ 434{
414 CMS_KeyAgreeRecipientInfo *kari; 435 CMS_KeyAgreeRecipientInfo *kari;
415 CMS_EncryptedContentInfo *ec; 436 CMS_EncryptedContentInfo *ec;
@@ -455,5 +476,4 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
455 } 476 }
456 477
457 return 1; 478 return 1;
458
459} 479}
diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index baee32c398..71c6796dbb 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_lib.c,v 1.9 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_lib.c,v 1.10 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -64,14 +64,17 @@
64IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) 64IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
65IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) 65IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
66 66
67const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms) 67const ASN1_OBJECT *
68CMS_get0_type(const CMS_ContentInfo *cms)
68{ 69{
69 return cms->contentType; 70 return cms->contentType;
70} 71}
71 72
72CMS_ContentInfo *cms_Data_create(void) 73CMS_ContentInfo *
74cms_Data_create(void)
73{ 75{
74 CMS_ContentInfo *cms; 76 CMS_ContentInfo *cms;
77
75 cms = CMS_ContentInfo_new(); 78 cms = CMS_ContentInfo_new();
76 if (cms != NULL) { 79 if (cms != NULL) {
77 cms->contentType = OBJ_nid2obj(NID_pkcs7_data); 80 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
@@ -81,9 +84,11 @@ CMS_ContentInfo *cms_Data_create(void)
81 return cms; 84 return cms;
82} 85}
83 86
84BIO *cms_content_bio(CMS_ContentInfo *cms) 87BIO *
88cms_content_bio(CMS_ContentInfo *cms)
85{ 89{
86 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 90 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
91
87 if (!pos) 92 if (!pos)
88 return NULL; 93 return NULL;
89 /* If content detached data goes nowhere: create NULL BIO */ 94 /* If content detached data goes nowhere: create NULL BIO */
@@ -94,13 +99,16 @@ BIO *cms_content_bio(CMS_ContentInfo *cms)
94 */ 99 */
95 if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT)) 100 if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
96 return BIO_new(BIO_s_mem()); 101 return BIO_new(BIO_s_mem());
102
97 /* Else content was read in: return read only BIO for it */ 103 /* Else content was read in: return read only BIO for it */
98 return BIO_new_mem_buf((*pos)->data, (*pos)->length); 104 return BIO_new_mem_buf((*pos)->data, (*pos)->length);
99} 105}
100 106
101BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) 107BIO *
108CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
102{ 109{
103 BIO *cmsbio, *cont; 110 BIO *cmsbio, *cont;
111
104 if (icont) 112 if (icont)
105 cont = icont; 113 cont = icont;
106 else 114 else
@@ -145,13 +153,15 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
145 153
146 if (!icont) 154 if (!icont)
147 BIO_free(cont); 155 BIO_free(cont);
148 return NULL;
149 156
157 return NULL;
150} 158}
151 159
152int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) 160int
161CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
153{ 162{
154 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 163 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
164
155 if (!pos) 165 if (!pos)
156 return 0; 166 return 0;
157 /* If embedded content find memory BIO and set content */ 167 /* If embedded content find memory BIO and set content */
@@ -198,10 +208,10 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
198 * or set later. 208 * or set later.
199 */ 209 */
200 210
201ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) 211ASN1_OCTET_STRING **
212CMS_get0_content(CMS_ContentInfo *cms)
202{ 213{
203 switch (OBJ_obj2nid(cms->contentType)) { 214 switch (OBJ_obj2nid(cms->contentType)) {
204
205 case NID_pkcs7_data: 215 case NID_pkcs7_data:
206 return &cms->d.data; 216 return &cms->d.data;
207 217
@@ -228,7 +238,6 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
228 return &cms->d.other->value.octet_string; 238 return &cms->d.other->value.octet_string;
229 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); 239 CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
230 return NULL; 240 return NULL;
231
232 } 241 }
233} 242}
234 243
@@ -237,10 +246,10 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
237 * accessed or set later. 246 * accessed or set later.
238 */ 247 */
239 248
240static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) 249static ASN1_OBJECT **
250cms_get0_econtent_type(CMS_ContentInfo *cms)
241{ 251{
242 switch (OBJ_obj2nid(cms->contentType)) { 252 switch (OBJ_obj2nid(cms->contentType)) {
243
244 case NID_pkcs7_signed: 253 case NID_pkcs7_signed:
245 return &cms->d.signedData->encapContentInfo->eContentType; 254 return &cms->d.signedData->encapContentInfo->eContentType;
246 255
@@ -262,22 +271,26 @@ static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
262 default: 271 default:
263 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE); 272 CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
264 return NULL; 273 return NULL;
265
266 } 274 }
267} 275}
268 276
269const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) 277const ASN1_OBJECT *
278CMS_get0_eContentType(CMS_ContentInfo *cms)
270{ 279{
271 ASN1_OBJECT **petype; 280 ASN1_OBJECT **petype;
281
272 petype = cms_get0_econtent_type(cms); 282 petype = cms_get0_econtent_type(cms);
273 if (petype) 283 if (petype)
274 return *petype; 284 return *petype;
285
275 return NULL; 286 return NULL;
276} 287}
277 288
278int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) 289int
290CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
279{ 291{
280 ASN1_OBJECT **petype, *etype; 292 ASN1_OBJECT **petype, *etype;
293
281 petype = cms_get0_econtent_type(cms); 294 petype = cms_get0_econtent_type(cms);
282 if (!petype) 295 if (!petype)
283 return 0; 296 return 0;
@@ -288,23 +301,29 @@ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
288 return 0; 301 return 0;
289 ASN1_OBJECT_free(*petype); 302 ASN1_OBJECT_free(*petype);
290 *petype = etype; 303 *petype = etype;
304
291 return 1; 305 return 1;
292} 306}
293 307
294int CMS_is_detached(CMS_ContentInfo *cms) 308int
309CMS_is_detached(CMS_ContentInfo *cms)
295{ 310{
296 ASN1_OCTET_STRING **pos; 311 ASN1_OCTET_STRING **pos;
312
297 pos = CMS_get0_content(cms); 313 pos = CMS_get0_content(cms);
298 if (!pos) 314 if (!pos)
299 return -1; 315 return -1;
300 if (*pos) 316 if (*pos)
301 return 0; 317 return 0;
318
302 return 1; 319 return 1;
303} 320}
304 321
305int CMS_set_detached(CMS_ContentInfo *cms, int detached) 322int
323CMS_set_detached(CMS_ContentInfo *cms, int detached)
306{ 324{
307 ASN1_OCTET_STRING **pos; 325 ASN1_OCTET_STRING **pos;
326
308 pos = CMS_get0_content(cms); 327 pos = CMS_get0_content(cms);
309 if (!pos) 328 if (!pos)
310 return 0; 329 return 0;
@@ -323,16 +342,19 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
323 return 1; 342 return 1;
324 } 343 }
325 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); 344 CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
345
326 return 0; 346 return 0;
327} 347}
328 348
329/* Create a digest BIO from an X509_ALGOR structure */ 349/* Create a digest BIO from an X509_ALGOR structure */
330 350
331BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) 351BIO *
352cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
332{ 353{
333 BIO *mdbio = NULL; 354 BIO *mdbio = NULL;
334 const ASN1_OBJECT *digestoid; 355 const ASN1_OBJECT *digestoid;
335 const EVP_MD *digest; 356 const EVP_MD *digest;
357
336 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); 358 X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
337 digest = EVP_get_digestbyobj(digestoid); 359 digest = EVP_get_digestbyobj(digestoid);
338 if (!digest) { 360 if (!digest) {
@@ -346,18 +368,21 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
346 goto err; 368 goto err;
347 } 369 }
348 return mdbio; 370 return mdbio;
371
349 err: 372 err:
350 BIO_free(mdbio); 373 BIO_free(mdbio);
374
351 return NULL; 375 return NULL;
352} 376}
353 377
354/* Locate a message digest content from a BIO chain based on SignerInfo */ 378/* Locate a message digest content from a BIO chain based on SignerInfo */
355 379
356int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, 380int
357 X509_ALGOR *mdalg) 381cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg)
358{ 382{
359 int nid; 383 int nid;
360 const ASN1_OBJECT *mdoid; 384 const ASN1_OBJECT *mdoid;
385
361 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); 386 X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
362 nid = OBJ_obj2nid(mdoid); 387 nid = OBJ_obj2nid(mdoid);
363 /* Look for digest type to match signature */ 388 /* Look for digest type to match signature */
@@ -381,11 +406,10 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
381 } 406 }
382} 407}
383 408
384static STACK_OF(CMS_CertificateChoices) 409static STACK_OF(CMS_CertificateChoices) **
385**cms_get0_certificate_choices(CMS_ContentInfo *cms) 410cms_get0_certificate_choices(CMS_ContentInfo *cms)
386{ 411{
387 switch (OBJ_obj2nid(cms->contentType)) { 412 switch (OBJ_obj2nid(cms->contentType)) {
388
389 case NID_pkcs7_signed: 413 case NID_pkcs7_signed:
390 return &cms->d.signedData->certificates; 414 return &cms->d.signedData->certificates;
391 415
@@ -396,16 +420,17 @@ static STACK_OF(CMS_CertificateChoices)
396 420
397 default: 421 default:
398 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 422 CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
399 CMS_R_UNSUPPORTED_CONTENT_TYPE); 423 CMS_R_UNSUPPORTED_CONTENT_TYPE);
400 return NULL; 424 return NULL;
401
402 } 425 }
403} 426}
404 427
405CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) 428CMS_CertificateChoices *
429CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
406{ 430{
407 STACK_OF(CMS_CertificateChoices) **pcerts; 431 STACK_OF(CMS_CertificateChoices) **pcerts;
408 CMS_CertificateChoices *cch; 432 CMS_CertificateChoices *cch;
433
409 pcerts = cms_get0_certificate_choices(cms); 434 pcerts = cms_get0_certificate_choices(cms);
410 if (!pcerts) 435 if (!pcerts)
411 return NULL; 436 return NULL;
@@ -420,14 +445,17 @@ CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
420 M_ASN1_free_of(cch, CMS_CertificateChoices); 445 M_ASN1_free_of(cch, CMS_CertificateChoices);
421 return NULL; 446 return NULL;
422 } 447 }
448
423 return cch; 449 return cch;
424} 450}
425 451
426int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) 452int
453CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
427{ 454{
428 CMS_CertificateChoices *cch; 455 CMS_CertificateChoices *cch;
429 STACK_OF(CMS_CertificateChoices) **pcerts; 456 STACK_OF(CMS_CertificateChoices) **pcerts;
430 int i; 457 int i;
458
431 pcerts = cms_get0_certificate_choices(cms); 459 pcerts = cms_get0_certificate_choices(cms);
432 if (!pcerts) 460 if (!pcerts)
433 return 0; 461 return 0;
@@ -446,23 +474,26 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
446 return 0; 474 return 0;
447 cch->type = CMS_CERTCHOICE_CERT; 475 cch->type = CMS_CERTCHOICE_CERT;
448 cch->d.certificate = cert; 476 cch->d.certificate = cert;
477
449 return 1; 478 return 1;
450} 479}
451 480
452int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) 481int
482CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
453{ 483{
454 int r; 484 int r;
485
455 r = CMS_add0_cert(cms, cert); 486 r = CMS_add0_cert(cms, cert);
456 if (r > 0) 487 if (r > 0)
457 X509_up_ref(cert); 488 X509_up_ref(cert);
489
458 return r; 490 return r;
459} 491}
460 492
461static STACK_OF(CMS_RevocationInfoChoice) 493static STACK_OF(CMS_RevocationInfoChoice) **
462**cms_get0_revocation_choices(CMS_ContentInfo *cms) 494cms_get0_revocation_choices(CMS_ContentInfo *cms)
463{ 495{
464 switch (OBJ_obj2nid(cms->contentType)) { 496 switch (OBJ_obj2nid(cms->contentType)) {
465
466 case NID_pkcs7_signed: 497 case NID_pkcs7_signed:
467 return &cms->d.signedData->crls; 498 return &cms->d.signedData->crls;
468 499
@@ -473,16 +504,17 @@ static STACK_OF(CMS_RevocationInfoChoice)
473 504
474 default: 505 default:
475 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, 506 CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
476 CMS_R_UNSUPPORTED_CONTENT_TYPE); 507 CMS_R_UNSUPPORTED_CONTENT_TYPE);
477 return NULL; 508 return NULL;
478
479 } 509 }
480} 510}
481 511
482CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) 512CMS_RevocationInfoChoice *
513CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
483{ 514{
484 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 515 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
485 CMS_RevocationInfoChoice *rch; 516 CMS_RevocationInfoChoice *rch;
517
486 pcrls = cms_get0_revocation_choices(cms); 518 pcrls = cms_get0_revocation_choices(cms);
487 if (!pcrls) 519 if (!pcrls)
488 return NULL; 520 return NULL;
@@ -497,35 +529,44 @@ CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
497 M_ASN1_free_of(rch, CMS_RevocationInfoChoice); 529 M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
498 return NULL; 530 return NULL;
499 } 531 }
532
500 return rch; 533 return rch;
501} 534}
502 535
503int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) 536int
537CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
504{ 538{
505 CMS_RevocationInfoChoice *rch; 539 CMS_RevocationInfoChoice *rch;
540
506 rch = CMS_add0_RevocationInfoChoice(cms); 541 rch = CMS_add0_RevocationInfoChoice(cms);
507 if (!rch) 542 if (!rch)
508 return 0; 543 return 0;
509 rch->type = CMS_REVCHOICE_CRL; 544 rch->type = CMS_REVCHOICE_CRL;
510 rch->d.crl = crl; 545 rch->d.crl = crl;
546
511 return 1; 547 return 1;
512} 548}
513 549
514int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) 550int
551CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
515{ 552{
516 int r; 553 int r;
554
517 r = CMS_add0_crl(cms, crl); 555 r = CMS_add0_crl(cms, crl);
518 if (r > 0) 556 if (r > 0)
519 X509_CRL_up_ref(crl); 557 X509_CRL_up_ref(crl);
558
520 return r; 559 return r;
521} 560}
522 561
523STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) 562STACK_OF(X509) *
563CMS_get1_certs(CMS_ContentInfo *cms)
524{ 564{
525 STACK_OF(X509) *certs = NULL; 565 STACK_OF(X509) *certs = NULL;
526 CMS_CertificateChoices *cch; 566 CMS_CertificateChoices *cch;
527 STACK_OF(CMS_CertificateChoices) **pcerts; 567 STACK_OF(CMS_CertificateChoices) **pcerts;
528 int i; 568 int i;
569
529 pcerts = cms_get0_certificate_choices(cms); 570 pcerts = cms_get0_certificate_choices(cms);
530 if (!pcerts) 571 if (!pcerts)
531 return NULL; 572 return NULL;
@@ -545,15 +586,16 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
545 } 586 }
546 } 587 }
547 return certs; 588 return certs;
548
549} 589}
550 590
551STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) 591STACK_OF(X509_CRL) *
592CMS_get1_crls(CMS_ContentInfo *cms)
552{ 593{
553 STACK_OF(X509_CRL) *crls = NULL; 594 STACK_OF(X509_CRL) *crls = NULL;
554 STACK_OF(CMS_RevocationInfoChoice) **pcrls; 595 STACK_OF(CMS_RevocationInfoChoice) **pcrls;
555 CMS_RevocationInfoChoice *rch; 596 CMS_RevocationInfoChoice *rch;
556 int i; 597 int i;
598
557 pcrls = cms_get0_revocation_choices(cms); 599 pcrls = cms_get0_revocation_choices(cms);
558 if (!pcrls) 600 if (!pcrls)
559 return NULL; 601 return NULL;
@@ -575,27 +617,34 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
575 return crls; 617 return crls;
576} 618}
577 619
578int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) 620int
621cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
579{ 622{
580 int ret; 623 int ret;
624
581 ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert)); 625 ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
582 if (ret) 626 if (ret)
583 return ret; 627 return ret;
628
584 return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert)); 629 return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
585} 630}
586 631
587int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) 632int
633cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
588{ 634{
589 const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert); 635 const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
590 636
591 if (cert_keyid == NULL) 637 if (cert_keyid == NULL)
592 return -1; 638 return -1;
639
593 return ASN1_OCTET_STRING_cmp(keyid, cert_keyid); 640 return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
594} 641}
595 642
596int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) 643int
644cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
597{ 645{
598 CMS_IssuerAndSerialNumber *ias; 646 CMS_IssuerAndSerialNumber *ias;
647
599 ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber); 648 ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
600 if (!ias) 649 if (!ias)
601 goto err; 650 goto err;
@@ -605,17 +654,22 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
605 goto err; 654 goto err;
606 M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); 655 M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
607 *pias = ias; 656 *pias = ias;
657
608 return 1; 658 return 1;
659
609 err: 660 err:
610 M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); 661 M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
611 CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE); 662 CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
663
612 return 0; 664 return 0;
613} 665}
614 666
615int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) 667int
668cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
616{ 669{
617 ASN1_OCTET_STRING *keyid = NULL; 670 ASN1_OCTET_STRING *keyid = NULL;
618 const ASN1_OCTET_STRING *cert_keyid; 671 const ASN1_OCTET_STRING *cert_keyid;
672
619 cert_keyid = X509_get0_subject_key_id(cert); 673 cert_keyid = X509_get0_subject_key_id(cert);
620 if (cert_keyid == NULL) { 674 if (cert_keyid == NULL) {
621 CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID); 675 CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
@@ -628,5 +682,6 @@ int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
628 } 682 }
629 ASN1_OCTET_STRING_free(*pkeyid); 683 ASN1_OCTET_STRING_free(*pkeyid);
630 *pkeyid = keyid; 684 *pkeyid = keyid;
685
631 return 1; 686 return 1;
632} 687}
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index d7f5697ff0..af237be98f 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_pwri.c,v 1.16 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_pwri.c,v 1.17 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -63,10 +63,12 @@
63#include "cms_lcl.h" 63#include "cms_lcl.h"
64#include "asn1/asn1_locl.h" 64#include "asn1/asn1_locl.h"
65 65
66int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 66int
67 unsigned char *pass, ossl_ssize_t passlen) 67CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
68 ossl_ssize_t passlen)
68{ 69{
69 CMS_PasswordRecipientInfo *pwri; 70 CMS_PasswordRecipientInfo *pwri;
71
70 if (ri->type != CMS_RECIPINFO_PASS) { 72 if (ri->type != CMS_RECIPINFO_PASS) {
71 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI); 73 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
72 return 0; 74 return 0;
@@ -77,15 +79,14 @@ int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
77 if (pass && passlen < 0) 79 if (pass && passlen < 0)
78 passlen = strlen((char *)pass); 80 passlen = strlen((char *)pass);
79 pwri->passlen = passlen; 81 pwri->passlen = passlen;
82
80 return 1; 83 return 1;
81} 84}
82 85
83CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, 86CMS_RecipientInfo *
84 int iter, int wrap_nid, 87CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
85 int pbe_nid, 88 int pbe_nid, unsigned char *pass, ossl_ssize_t passlen,
86 unsigned char *pass, 89 const EVP_CIPHER *kekciph)
87 ossl_ssize_t passlen,
88 const EVP_CIPHER *kekciph)
89{ 90{
90 CMS_RecipientInfo *ri = NULL; 91 CMS_RecipientInfo *ri = NULL;
91 CMS_EnvelopedData *env; 92 CMS_EnvelopedData *env;
@@ -115,7 +116,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
115 } 116 }
116 if (wrap_nid != NID_id_alg_PWRI_KEK) { 117 if (wrap_nid != NID_id_alg_PWRI_KEK) {
117 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 118 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
118 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 119 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
119 return NULL; 120 return NULL;
120 } 121 }
121 122
@@ -147,7 +148,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
147 } 148 }
148 if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) { 149 if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
149 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 150 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
150 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 151 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
151 goto err; 152 goto err;
152 } 153 }
153 } 154 }
@@ -179,8 +180,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
179 goto merr; 180 goto merr;
180 181
181 if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), 182 if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
182 &pwri->keyEncryptionAlgorithm->parameter-> 183 &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
183 value.sequence))
184 goto merr; 184 goto merr;
185 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE; 185 pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
186 186
@@ -209,8 +209,8 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
209 if (ri) 209 if (ri)
210 M_ASN1_free_of(ri, CMS_RecipientInfo); 210 M_ASN1_free_of(ri, CMS_RecipientInfo);
211 X509_ALGOR_free(encalg); 211 X509_ALGOR_free(encalg);
212 return NULL;
213 212
213 return NULL;
214} 214}
215 215
216/* 216/*
@@ -218,13 +218,14 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
218 * some point this should go into EVP. 218 * some point this should go into EVP.
219 */ 219 */
220 220
221static int kek_unwrap_key(unsigned char *out, size_t *outlen, 221static int
222 const unsigned char *in, size_t inlen, 222kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
223 EVP_CIPHER_CTX *ctx) 223 size_t inlen, EVP_CIPHER_CTX *ctx)
224{ 224{
225 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); 225 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
226 unsigned char *tmp; 226 unsigned char *tmp;
227 int outl, rv = 0; 227 int outl, rv = 0;
228
228 if (inlen < 2 * blocklen) { 229 if (inlen < 2 * blocklen) {
229 /* too small */ 230 /* too small */
230 return 0; 231 return 0;
@@ -237,16 +238,16 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
237 CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE); 238 CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE);
238 return 0; 239 return 0;
239 } 240 }
241
240 /* setup IV by decrypting last two blocks */ 242 /* setup IV by decrypting last two blocks */
241 if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, 243 if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
242 in + inlen - 2 * blocklen, blocklen * 2) 244 in + inlen - 2 * blocklen, blocklen * 2)
243 /* 245 /*
244 * Do a decrypt of last decrypted block to set IV to correct value 246 * Do a decrypt of last decrypted block to set IV to correct value
245 * output it to start of buffer so we don't corrupt decrypted block 247 * output it to start of buffer so we don't corrupt decrypted block
246 * this works because buffer is at least two block lengths long. 248 * this works because buffer is at least two block lengths long.
247 */ 249 */
248 || !EVP_DecryptUpdate(ctx, tmp, &outl, 250 || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen)
249 tmp + inlen - blocklen, blocklen)
250 /* Can now decrypt first n - 1 blocks */ 251 /* Can now decrypt first n - 1 blocks */
251 || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen) 252 || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
252 253
@@ -267,19 +268,21 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
267 *outlen = (size_t)tmp[0]; 268 *outlen = (size_t)tmp[0];
268 memcpy(out, tmp + 4, *outlen); 269 memcpy(out, tmp + 4, *outlen);
269 rv = 1; 270 rv = 1;
271
270 err: 272 err:
271 OPENSSL_clear_free(tmp, inlen); 273 OPENSSL_clear_free(tmp, inlen);
272 return rv;
273 274
275 return rv;
274} 276}
275 277
276static int kek_wrap_key(unsigned char *out, size_t *outlen, 278static int
277 const unsigned char *in, size_t inlen, 279kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
278 EVP_CIPHER_CTX *ctx) 280 size_t inlen, EVP_CIPHER_CTX *ctx)
279{ 281{
280 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); 282 size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
281 size_t olen; 283 size_t olen;
282 int dummy; 284 int dummy;
285
283 /* 286 /*
284 * First decide length of output buffer: need header and round up to 287 * First decide length of output buffer: need header and round up to
285 * multiple of block length. 288 * multiple of block length.
@@ -302,12 +305,12 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
302 out[3] = in[2] ^ 0xFF; 305 out[3] = in[2] ^ 0xFF;
303 memcpy(out + 4, in, inlen); 306 memcpy(out + 4, in, inlen);
304 /* Add random padding to end */ 307 /* Add random padding to end */
305 if (olen > inlen + 4 308 if (olen > inlen + 4 &&
306 && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0) 309 RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
307 return 0; 310 return 0;
308 /* Encrypt twice */ 311 /* Encrypt twice */
309 if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) 312 if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) ||
310 || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) 313 !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
311 return 0; 314 return 0;
312 } 315 }
313 316
@@ -318,8 +321,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
318 321
319/* Encrypt/Decrypt content key in PWRI recipient info */ 322/* Encrypt/Decrypt content key in PWRI recipient info */
320 323
321int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 324int
322 int en_de) 325cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
326 int en_de)
323{ 327{
324 CMS_EncryptedContentInfo *ec; 328 CMS_EncryptedContentInfo *ec;
325 CMS_PasswordRecipientInfo *pwri; 329 CMS_PasswordRecipientInfo *pwri;
@@ -342,21 +346,20 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
342 346
343 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { 347 if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
344 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 348 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
345 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); 349 CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
346 return 0; 350 return 0;
347 } 351 }
348 352
349 kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), 353 kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
350 algtmp->parameter); 354 algtmp->parameter);
351 355
352 if (kekalg == NULL) { 356 if (kekalg == NULL) {
353 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 357 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
354 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); 358 CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
355 return 0; 359 return 0;
356 } 360 }
357 361
358 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); 362 kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
359
360 if (!kekcipher) { 363 if (!kekcipher) {
361 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER); 364 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
362 return 0; 365 return 0;
@@ -373,7 +376,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
373 EVP_CIPHER_CTX_set_padding(kekctx, 0); 376 EVP_CIPHER_CTX_set_padding(kekctx, 0);
374 if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) { 377 if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
375 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 378 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
376 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); 379 CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
377 goto err; 380 goto err;
378 } 381 }
379 382
@@ -381,9 +384,8 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
381 384
382 /* Finish password based key derivation to setup key in "ctx" */ 385 /* Finish password based key derivation to setup key in "ctx" */
383 386
384 if (EVP_PBE_CipherInit(algtmp->algorithm, 387 if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,
385 (char *)pwri->pass, pwri->passlen, 388 pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) {
386 algtmp->parameter, kekctx, en_de) < 0) {
387 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB); 389 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
388 goto err; 390 goto err;
389 } 391 }
@@ -391,12 +393,10 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
391 /* Finally wrap/unwrap the key */ 393 /* Finally wrap/unwrap the key */
392 394
393 if (en_de) { 395 if (en_de) {
394
395 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx)) 396 if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
396 goto err; 397 goto err;
397 398
398 key = OPENSSL_malloc(keylen); 399 key = OPENSSL_malloc(keylen);
399
400 if (key == NULL) 400 if (key == NULL)
401 goto err; 401 goto err;
402 402
@@ -406,14 +406,12 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
406 pwri->encryptedKey->length = keylen; 406 pwri->encryptedKey->length = keylen;
407 } else { 407 } else {
408 key = OPENSSL_malloc(pwri->encryptedKey->length); 408 key = OPENSSL_malloc(pwri->encryptedKey->length);
409
410 if (key == NULL) { 409 if (key == NULL) {
411 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); 410 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
412 goto err; 411 goto err;
413 } 412 }
414 if (!kek_unwrap_key(key, &keylen, 413 if (!kek_unwrap_key(key, &keylen, pwri->encryptedKey->data,
415 pwri->encryptedKey->data, 414 pwri->encryptedKey->length, kekctx)) {
416 pwri->encryptedKey->length, kekctx)) {
417 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE); 415 CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
418 goto err; 416 goto err;
419 } 417 }
@@ -421,19 +419,15 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
421 OPENSSL_clear_free(ec->key, ec->keylen); 419 OPENSSL_clear_free(ec->key, ec->keylen);
422 ec->key = key; 420 ec->key = key;
423 ec->keylen = keylen; 421 ec->keylen = keylen;
424
425 } 422 }
426 423
427 r = 1; 424 r = 1;
428 425
429 err: 426 err:
430
431 EVP_CIPHER_CTX_free(kekctx); 427 EVP_CIPHER_CTX_free(kekctx);
432
433 if (!r) 428 if (!r)
434 OPENSSL_free(key); 429 OPENSSL_free(key);
435 X509_ALGOR_free(kekalg); 430 X509_ALGOR_free(kekalg);
436 431
437 return r; 432 return r;
438
439} 433}
diff --git a/src/lib/libcrypto/cms/cms_sd.c b/src/lib/libcrypto/cms/cms_sd.c
index 57a92b59e3..6c65844c93 100644
--- a/src/lib/libcrypto/cms/cms_sd.c
+++ b/src/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_sd.c,v 1.16 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_sd.c,v 1.17 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -65,7 +65,8 @@
65 65
66/* CMS SignedData Utilities */ 66/* CMS SignedData Utilities */
67 67
68static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) 68static CMS_SignedData *
69cms_get0_signed(CMS_ContentInfo *cms)
69{ 70{
70 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { 71 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
71 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); 72 CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
@@ -74,7 +75,8 @@ static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
74 return cms->d.signedData; 75 return cms->d.signedData;
75} 76}
76 77
77static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) 78static CMS_SignedData *
79cms_signed_data_init(CMS_ContentInfo *cms)
78{ 80{
79 if (cms->d.other == NULL) { 81 if (cms->d.other == NULL) {
80 cms->d.signedData = M_ASN1_new_of(CMS_SignedData); 82 cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
@@ -84,7 +86,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
84 } 86 }
85 cms->d.signedData->version = 1; 87 cms->d.signedData->version = 1;
86 cms->d.signedData->encapContentInfo->eContentType = 88 cms->d.signedData->encapContentInfo->eContentType =
87 OBJ_nid2obj(NID_pkcs7_data); 89 OBJ_nid2obj(NID_pkcs7_data);
88 cms->d.signedData->encapContentInfo->partial = 1; 90 cms->d.signedData->encapContentInfo->partial = 1;
89 ASN1_OBJECT_free(cms->contentType); 91 ASN1_OBJECT_free(cms->contentType);
90 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); 92 cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
@@ -95,7 +97,8 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
95 97
96/* Just initialise SignedData e.g. for certs only structure */ 98/* Just initialise SignedData e.g. for certs only structure */
97 99
98int CMS_SignedData_init(CMS_ContentInfo *cms) 100int
101CMS_SignedData_init(CMS_ContentInfo *cms)
99{ 102{
100 if (cms_signed_data_init(cms)) 103 if (cms_signed_data_init(cms))
101 return 1; 104 return 1;
@@ -105,7 +108,8 @@ int CMS_SignedData_init(CMS_ContentInfo *cms)
105 108
106/* Check structures and fixup version numbers (if necessary) */ 109/* Check structures and fixup version numbers (if necessary) */
107 110
108static void cms_sd_set_version(CMS_SignedData *sd) 111static void
112cms_sd_set_version(CMS_SignedData *sd)
109{ 113{
110 int i; 114 int i;
111 CMS_CertificateChoices *cch; 115 CMS_CertificateChoices *cch;
@@ -151,16 +155,17 @@ static void cms_sd_set_version(CMS_SignedData *sd)
151 155
152 if (sd->version < 1) 156 if (sd->version < 1)
153 sd->version = 1; 157 sd->version = 1;
154
155} 158}
156 159
157/* Copy an existing messageDigest value */ 160/* Copy an existing messageDigest value */
158 161
159static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) 162static int
163cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
160{ 164{
161 STACK_OF(CMS_SignerInfo) *sinfos; 165 STACK_OF(CMS_SignerInfo) *sinfos;
162 CMS_SignerInfo *sitmp; 166 CMS_SignerInfo *sitmp;
163 int i; 167 int i;
168
164 sinfos = CMS_get0_SignerInfos(cms); 169 sinfos = CMS_get0_SignerInfos(cms);
165 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 170 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
166 ASN1_OCTET_STRING *messageDigest; 171 ASN1_OCTET_STRING *messageDigest;
@@ -170,30 +175,30 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
170 if (CMS_signed_get_attr_count(sitmp) < 0) 175 if (CMS_signed_get_attr_count(sitmp) < 0)
171 continue; 176 continue;
172 if (OBJ_cmp(si->digestAlgorithm->algorithm, 177 if (OBJ_cmp(si->digestAlgorithm->algorithm,
173 sitmp->digestAlgorithm->algorithm)) 178 sitmp->digestAlgorithm->algorithm))
174 continue; 179 continue;
175 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, 180 messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
176 OBJ_nid2obj 181 OBJ_nid2obj(NID_pkcs9_messageDigest), -3, V_ASN1_OCTET_STRING);
177 (NID_pkcs9_messageDigest),
178 -3, V_ASN1_OCTET_STRING);
179 if (!messageDigest) { 182 if (!messageDigest) {
180 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, 183 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
181 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 184 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
182 return 0; 185 return 0;
183 } 186 }
184 187
185 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 188 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
186 V_ASN1_OCTET_STRING, 189 V_ASN1_OCTET_STRING, messageDigest, -1))
187 messageDigest, -1))
188 return 1; 190 return 1;
189 else 191 else
190 return 0; 192 return 0;
191 } 193 }
194
192 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); 195 CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
196
193 return 0; 197 return 0;
194} 198}
195 199
196int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) 200int
201cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
197{ 202{
198 switch (type) { 203 switch (type) {
199 case CMS_SIGNERINFO_ISSUER_SERIAL: 204 case CMS_SIGNERINFO_ISSUER_SERIAL:
@@ -216,10 +221,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
216 return 1; 221 return 1;
217} 222}
218 223
219int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, 224int
220 ASN1_OCTET_STRING **keyid, 225cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
221 X509_NAME **issuer, 226 ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
222 ASN1_INTEGER **sno)
223{ 227{
224 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { 228 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
225 if (issuer) 229 if (issuer)
@@ -231,10 +235,12 @@ int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
231 *keyid = sid->d.subjectKeyIdentifier; 235 *keyid = sid->d.subjectKeyIdentifier;
232 } else 236 } else
233 return 0; 237 return 0;
238
234 return 1; 239 return 1;
235} 240}
236 241
237int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) 242int
243cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
238{ 244{
239 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) 245 if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
240 return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); 246 return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
@@ -244,10 +250,12 @@ int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
244 return -1; 250 return -1;
245} 251}
246 252
247static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) 253static int
254cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
248{ 255{
249 EVP_PKEY *pkey = si->pkey; 256 EVP_PKEY *pkey = si->pkey;
250 int i; 257 int i;
258
251 if (!pkey->ameth || !pkey->ameth->pkey_ctrl) 259 if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
252 return 1; 260 return 1;
253 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si); 261 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
@@ -259,20 +267,22 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
259 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE); 267 CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE);
260 return 0; 268 return 0;
261 } 269 }
270
262 return 1; 271 return 1;
263} 272}
264 273
265CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, 274CMS_SignerInfo *
266 X509 *signer, EVP_PKEY *pk, const EVP_MD *md, 275CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
267 unsigned int flags) 276 const EVP_MD *md, unsigned int flags)
268{ 277{
269 CMS_SignedData *sd; 278 CMS_SignedData *sd;
270 CMS_SignerInfo *si = NULL; 279 CMS_SignerInfo *si = NULL;
271 X509_ALGOR *alg; 280 X509_ALGOR *alg;
272 int i, type; 281 int i, type;
282
273 if (!X509_check_private_key(signer, pk)) { 283 if (!X509_check_private_key(signer, pk)) {
274 CMSerr(CMS_F_CMS_ADD1_SIGNER, 284 CMSerr(CMS_F_CMS_ADD1_SIGNER,
275 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 285 CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
276 return NULL; 286 return NULL;
277 } 287 }
278 sd = cms_signed_data_init(cms); 288 sd = cms_signed_data_init(cms);
@@ -358,24 +368,25 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
358 if (!si->signedAttrs) { 368 if (!si->signedAttrs) {
359 si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); 369 si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
360 if (!si->signedAttrs) 370 if (!si->signedAttrs)
361 goto merr; 371 goto merr;
362 } 372 }
363 373
364 if (!(flags & CMS_NOSMIMECAP)) { 374 if (!(flags & CMS_NOSMIMECAP)) {
365 STACK_OF(X509_ALGOR) *smcap = NULL; 375 STACK_OF(X509_ALGOR) *smcap = NULL;
376
366 i = CMS_add_standard_smimecap(&smcap); 377 i = CMS_add_standard_smimecap(&smcap);
367 if (i) 378 if (i)
368 i = CMS_add_smimecap(si, smcap); 379 i = CMS_add_smimecap(si, smcap);
369 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); 380 sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
370 if (!i) 381 if (!i)
371 goto merr; 382 goto merr;
372 } 383 }
373 if (flags & CMS_REUSE_DIGEST) { 384 if (flags & CMS_REUSE_DIGEST) {
374 if (!cms_copy_messageDigest(cms, si)) 385 if (!cms_copy_messageDigest(cms, si))
375 goto err; 386 goto err;
376 if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && 387 if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
377 !CMS_SignerInfo_sign(si)) 388 !CMS_SignerInfo_sign(si))
378 goto err; 389 goto err;
379 } 390 }
380 } 391 }
381 392
@@ -389,13 +400,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
389 if (flags & CMS_NOATTR) { 400 if (flags & CMS_NOATTR) {
390 si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL); 401 si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
391 if (si->pctx == NULL) 402 if (si->pctx == NULL)
392 goto err; 403 goto err;
393 if (EVP_PKEY_sign_init(si->pctx) <= 0) 404 if (EVP_PKEY_sign_init(si->pctx) <= 0)
394 goto err; 405 goto err;
395 if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) 406 if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
396 goto err; 407 goto err;
397 } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 408 } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md,
398 0) 409 NULL, pk) <= 0)
399 goto err; 410 goto err;
400 } 411 }
401 412
@@ -410,14 +421,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
410 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); 421 CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
411 err: 422 err:
412 M_ASN1_free_of(si, CMS_SignerInfo); 423 M_ASN1_free_of(si, CMS_SignerInfo);
413 return NULL;
414 424
425 return NULL;
415} 426}
416 427
417static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) 428static int
429cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
418{ 430{
419 ASN1_TIME *tt; 431 ASN1_TIME *tt;
420 int r = 0; 432 int r = 0;
433
421 if (t) 434 if (t)
422 tt = t; 435 tt = t;
423 else 436 else
@@ -433,61 +446,67 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
433 r = 1; 446 r = 1;
434 447
435 merr: 448 merr:
436
437 if (!t) 449 if (!t)
438 ASN1_TIME_free(tt); 450 ASN1_TIME_free(tt);
439
440 if (!r) 451 if (!r)
441 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); 452 CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
442 453
443 return r; 454 return r;
444
445} 455}
446 456
447EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) 457EVP_PKEY_CTX *
458CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
448{ 459{
449 return si->pctx; 460 return si->pctx;
450} 461}
451 462
452EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) 463EVP_MD_CTX *
464CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
453{ 465{
454 return si->mctx; 466 return si->mctx;
455} 467}
456 468
457STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) 469STACK_OF(CMS_SignerInfo) *
470CMS_get0_SignerInfos(CMS_ContentInfo *cms)
458{ 471{
459 CMS_SignedData *sd; 472 CMS_SignedData *sd;
473
460 sd = cms_get0_signed(cms); 474 sd = cms_get0_signed(cms);
461 if (!sd) 475 if (!sd)
462 return NULL; 476 return NULL;
477
463 return sd->signerInfos; 478 return sd->signerInfos;
464} 479}
465 480
466STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) 481STACK_OF(X509) *
482CMS_get0_signers(CMS_ContentInfo *cms)
467{ 483{
468 STACK_OF(X509) *signers = NULL; 484 STACK_OF(X509) *signers = NULL;
469 STACK_OF(CMS_SignerInfo) *sinfos; 485 STACK_OF(CMS_SignerInfo) *sinfos;
470 CMS_SignerInfo *si; 486 CMS_SignerInfo *si;
471 int i; 487 int i;
488
472 sinfos = CMS_get0_SignerInfos(cms); 489 sinfos = CMS_get0_SignerInfos(cms);
473 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 490 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
474 si = sk_CMS_SignerInfo_value(sinfos, i); 491 si = sk_CMS_SignerInfo_value(sinfos, i);
475 if (si->signer) { 492 if (si->signer) {
476 if (!signers) { 493 if (!signers) {
477 signers = sk_X509_new_null(); 494 signers = sk_X509_new_null();
478 if (!signers) 495 if (!signers)
479 return NULL; 496 return NULL;
480 } 497 }
481 if (!sk_X509_push(signers, si->signer)) { 498 if (!sk_X509_push(signers, si->signer)) {
482 sk_X509_free(signers); 499 sk_X509_free(signers);
483 return NULL; 500 return NULL;
484 } 501 }
485 } 502 }
486 } 503 }
504
487 return signers; 505 return signers;
488} 506}
489 507
490void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) 508void
509CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
491{ 510{
492 if (signer) { 511 if (signer) {
493 X509_up_ref(signer); 512 X509_up_ref(signer);
@@ -498,20 +517,22 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
498 si->signer = signer; 517 si->signer = signer;
499} 518}
500 519
501int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, 520int
502 ASN1_OCTET_STRING **keyid, 521CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
503 X509_NAME **issuer, ASN1_INTEGER **sno) 522 X509_NAME **issuer, ASN1_INTEGER **sno)
504{ 523{
505 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); 524 return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
506} 525}
507 526
508int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) 527int
528CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
509{ 529{
510 return cms_SignerIdentifier_cert_cmp(si->sid, cert); 530 return cms_SignerIdentifier_cert_cmp(si->sid, cert);
511} 531}
512 532
513int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, 533int
514 unsigned int flags) 534CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
535 unsigned int flags)
515{ 536{
516 CMS_SignedData *sd; 537 CMS_SignedData *sd;
517 CMS_SignerInfo *si; 538 CMS_SignerInfo *si;
@@ -520,6 +541,7 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
520 X509 *x; 541 X509 *x;
521 int i, j; 542 int i, j;
522 int ret = 0; 543 int ret = 0;
544
523 sd = cms_get0_signed(cms); 545 sd = cms_get0_signed(cms);
524 if (!sd) 546 if (!sd)
525 return -1; 547 return -1;
@@ -532,9 +554,9 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
532 for (j = 0; j < sk_X509_num(scerts); j++) { 554 for (j = 0; j < sk_X509_num(scerts); j++) {
533 x = sk_X509_value(scerts, j); 555 x = sk_X509_value(scerts, j);
534 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 556 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
535 CMS_SignerInfo_set1_signer_cert(si, x); 557 CMS_SignerInfo_set1_signer_cert(si, x);
536 ret++; 558 ret++;
537 break; 559 break;
538 } 560 }
539 } 561 }
540 562
@@ -544,21 +566,21 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
544 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) { 566 for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
545 cch = sk_CMS_CertificateChoices_value(certs, j); 567 cch = sk_CMS_CertificateChoices_value(certs, j);
546 if (cch->type != 0) 568 if (cch->type != 0)
547 continue; 569 continue;
548 x = cch->d.certificate; 570 x = cch->d.certificate;
549 if (CMS_SignerInfo_cert_cmp(si, x) == 0) { 571 if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
550 CMS_SignerInfo_set1_signer_cert(si, x); 572 CMS_SignerInfo_set1_signer_cert(si, x);
551 ret++; 573 ret++;
552 break; 574 break;
553 } 575 }
554 } 576 }
555 } 577 }
556 return ret; 578 return ret;
557} 579}
558 580
559void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, 581void
560 X509 **signer, X509_ALGOR **pdig, 582CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
561 X509_ALGOR **psig) 583X509_ALGOR **pdig, X509_ALGOR **psig)
562{ 584{
563 if (pk) 585 if (pk)
564 *pk = si->pkey; 586 *pk = si->pkey;
@@ -570,13 +592,14 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
570 *psig = si->signatureAlgorithm; 592 *psig = si->signatureAlgorithm;
571} 593}
572 594
573ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) 595ASN1_OCTET_STRING *
596CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
574{ 597{
575 return si->signature; 598 return si->signature;
576} 599}
577 600
578static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, 601static int
579 CMS_SignerInfo *si, BIO *chain) 602cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain)
580{ 603{
581 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 604 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
582 int r = 0; 605 int r = 0;
@@ -604,17 +627,18 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
604 627
605 if (CMS_signed_get_attr_count(si) >= 0) { 628 if (CMS_signed_get_attr_count(si) >= 0) {
606 ASN1_OBJECT *ctype = 629 ASN1_OBJECT *ctype =
607 cms->d.signedData->encapContentInfo->eContentType; 630 cms->d.signedData->encapContentInfo->eContentType;
608 unsigned char md[EVP_MAX_MD_SIZE]; 631 unsigned char md[EVP_MAX_MD_SIZE];
609 unsigned int mdlen; 632 unsigned int mdlen;
633
610 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 634 if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
611 goto err; 635 goto err;
612 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, 636 if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
613 V_ASN1_OCTET_STRING, md, mdlen)) 637 V_ASN1_OCTET_STRING, md, mdlen))
614 goto err; 638 goto err;
615 /* Copy content type across */ 639 /* Copy content type across */
616 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, 640 if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
617 V_ASN1_OBJECT, ctype, -1) <= 0) 641 V_ASN1_OBJECT, ctype, -1) <= 0)
618 goto err; 642 goto err;
619 if (!CMS_SignerInfo_sign(si)) 643 if (!CMS_SignerInfo_sign(si))
620 goto err; 644 goto err;
@@ -623,6 +647,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
623 size_t siglen; 647 size_t siglen;
624 unsigned char md[EVP_MAX_MD_SIZE]; 648 unsigned char md[EVP_MAX_MD_SIZE];
625 unsigned int mdlen; 649 unsigned int mdlen;
650
626 pctx = si->pctx; 651 pctx = si->pctx;
627 if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) 652 if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
628 goto err; 653 goto err;
@@ -640,6 +665,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
640 } else { 665 } else {
641 unsigned char *sig; 666 unsigned char *sig;
642 unsigned int siglen; 667 unsigned int siglen;
668
643 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); 669 sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
644 if (sig == NULL) { 670 if (sig == NULL) {
645 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); 671 CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
@@ -658,15 +684,17 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
658 err: 684 err:
659 EVP_MD_CTX_free(mctx); 685 EVP_MD_CTX_free(mctx);
660 EVP_PKEY_CTX_free(pctx); 686 EVP_PKEY_CTX_free(pctx);
661 return r;
662 687
688 return r;
663} 689}
664 690
665int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) 691int
692cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
666{ 693{
667 STACK_OF(CMS_SignerInfo) *sinfos; 694 STACK_OF(CMS_SignerInfo) *sinfos;
668 CMS_SignerInfo *si; 695 CMS_SignerInfo *si;
669 int i; 696 int i;
697
670 sinfos = CMS_get0_SignerInfos(cms); 698 sinfos = CMS_get0_SignerInfos(cms);
671 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 699 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
672 si = sk_CMS_SignerInfo_value(sinfos, i); 700 si = sk_CMS_SignerInfo_value(sinfos, i);
@@ -674,10 +702,12 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
674 return 0; 702 return 0;
675 } 703 }
676 cms->d.signedData->encapContentInfo->partial = 0; 704 cms->d.signedData->encapContentInfo->partial = 0;
705
677 return 1; 706 return 1;
678} 707}
679 708
680int CMS_SignerInfo_sign(CMS_SignerInfo *si) 709int
710CMS_SignerInfo_sign(CMS_SignerInfo *si)
681{ 711{
682 EVP_MD_CTX *mctx = si->mctx; 712 EVP_MD_CTX *mctx = si->mctx;
683 EVP_PKEY_CTX *pctx = NULL; 713 EVP_PKEY_CTX *pctx = NULL;
@@ -705,13 +735,13 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
705 } 735 }
706 736
707 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 737 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
708 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { 738 EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
709 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 739 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
710 goto err; 740 goto err;
711 } 741 }
712 742
713 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 743 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
714 ASN1_ITEM_rptr(CMS_Attributes_Sign)); 744 ASN1_ITEM_rptr(CMS_Attributes_Sign));
715 if (!abuf) 745 if (!abuf)
716 goto err; 746 goto err;
717 if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) 747 if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
@@ -726,7 +756,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
726 goto err; 756 goto err;
727 757
728 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 758 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
729 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { 759 EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
730 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); 760 CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
731 goto err; 761 goto err;
732 } 762 }
@@ -740,11 +770,12 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
740 err: 770 err:
741 OPENSSL_free(abuf); 771 OPENSSL_free(abuf);
742 EVP_MD_CTX_reset(mctx); 772 EVP_MD_CTX_reset(mctx);
743 return 0;
744 773
774 return 0;
745} 775}
746 776
747int CMS_SignerInfo_verify(CMS_SignerInfo *si) 777int
778CMS_SignerInfo_verify(CMS_SignerInfo *si)
748{ 779{
749 EVP_MD_CTX *mctx = NULL; 780 EVP_MD_CTX *mctx = NULL;
750 unsigned char *abuf = NULL; 781 unsigned char *abuf = NULL;
@@ -771,7 +802,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
771 goto err; 802 goto err;
772 803
773 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, 804 alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
774 ASN1_ITEM_rptr(CMS_Attributes_Verify)); 805 ASN1_ITEM_rptr(CMS_Attributes_Verify));
775 if (!abuf) 806 if (!abuf)
776 goto err; 807 goto err;
777 r = EVP_DigestVerifyUpdate(mctx, abuf, alen); 808 r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
@@ -780,22 +811,27 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
780 r = -1; 811 r = -1;
781 goto err; 812 goto err;
782 } 813 }
783 r = EVP_DigestVerifyFinal(mctx, 814
784 si->signature->data, si->signature->length); 815 r = EVP_DigestVerifyFinal(mctx, si->signature->data,
816 si->signature->length);
785 if (r <= 0) 817 if (r <= 0)
786 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); 818 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
819
787 err: 820 err:
788 EVP_MD_CTX_reset(mctx); 821 EVP_MD_CTX_reset(mctx);
822
789 return r; 823 return r;
790} 824}
791 825
792/* Create a chain of digest BIOs from a CMS ContentInfo */ 826/* Create a chain of digest BIOs from a CMS ContentInfo */
793 827
794BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) 828BIO *
829cms_SignedData_init_bio(CMS_ContentInfo *cms)
795{ 830{
796 int i; 831 int i;
797 CMS_SignedData *sd; 832 CMS_SignedData *sd;
798 BIO *chain = NULL; 833 BIO *chain = NULL;
834
799 sd = cms_get0_signed(cms); 835 sd = cms_get0_signed(cms);
800 if (!sd) 836 if (!sd)
801 return NULL; 837 return NULL;
@@ -813,13 +849,17 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
813 else 849 else
814 chain = mdbio; 850 chain = mdbio;
815 } 851 }
852
816 return chain; 853 return chain;
854
817 err: 855 err:
818 BIO_free_all(chain); 856 BIO_free_all(chain);
857
819 return NULL; 858 return NULL;
820} 859}
821 860
822int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) 861int
862CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
823{ 863{
824 ASN1_OCTET_STRING *os = NULL; 864 ASN1_OCTET_STRING *os = NULL;
825 EVP_MD_CTX *mctx = EVP_MD_CTX_new(); 865 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
@@ -835,11 +875,11 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
835 /* If we have any signed attributes look for messageDigest value */ 875 /* If we have any signed attributes look for messageDigest value */
836 if (CMS_signed_get_attr_count(si) >= 0) { 876 if (CMS_signed_get_attr_count(si) >= 0) {
837 os = CMS_signed_get0_data_by_OBJ(si, 877 os = CMS_signed_get0_data_by_OBJ(si,
838 OBJ_nid2obj(NID_pkcs9_messageDigest), 878 OBJ_nid2obj(NID_pkcs9_messageDigest), -3,
839 -3, V_ASN1_OCTET_STRING); 879 V_ASN1_OCTET_STRING);
840 if (!os) { 880 if (!os) {
841 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 881 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
842 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); 882 CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
843 goto err; 883 goto err;
844 } 884 }
845 } 885 }
@@ -849,7 +889,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
849 889
850 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { 890 if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
851 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 891 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
852 CMS_R_UNABLE_TO_FINALIZE_CONTEXT); 892 CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
853 goto err; 893 goto err;
854 } 894 }
855 895
@@ -858,18 +898,19 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
858 if (os) { 898 if (os) {
859 if (mlen != (unsigned int)os->length) { 899 if (mlen != (unsigned int)os->length) {
860 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 900 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
861 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); 901 CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
862 goto err; 902 goto err;
863 } 903 }
864 904
865 if (memcmp(mval, os->data, mlen)) { 905 if (memcmp(mval, os->data, mlen)) {
866 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 906 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
867 CMS_R_VERIFICATION_FAILURE); 907 CMS_R_VERIFICATION_FAILURE);
868 r = 0; 908 r = 0;
869 } else 909 } else
870 r = 1; 910 r = 1;
871 } else { 911 } else {
872 const EVP_MD *md = EVP_MD_CTX_md(mctx); 912 const EVP_MD *md = EVP_MD_CTX_md(mctx);
913
873 pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); 914 pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
874 if (pkctx == NULL) 915 if (pkctx == NULL)
875 goto err; 916 goto err;
@@ -892,28 +933,32 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
892 err: 933 err:
893 EVP_PKEY_CTX_free(pkctx); 934 EVP_PKEY_CTX_free(pkctx);
894 EVP_MD_CTX_free(mctx); 935 EVP_MD_CTX_free(mctx);
895 return r;
896 936
937 return r;
897} 938}
898 939
899int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) 940int
941CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
900{ 942{
901 unsigned char *smder = NULL; 943 unsigned char *smder = NULL;
902 int smderlen, r; 944 int smderlen, r;
945
903 smderlen = i2d_X509_ALGORS(algs, &smder); 946 smderlen = i2d_X509_ALGORS(algs, &smder);
904 if (smderlen <= 0) 947 if (smderlen <= 0)
905 return 0; 948 return 0;
906 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, 949 r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
907 V_ASN1_SEQUENCE, smder, smderlen); 950 V_ASN1_SEQUENCE, smder, smderlen);
908 OPENSSL_free(smder); 951 OPENSSL_free(smder);
952
909 return r; 953 return r;
910} 954}
911 955
912int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, 956int
913 int algnid, int keysize) 957CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize)
914{ 958{
915 X509_ALGOR *alg; 959 X509_ALGOR *alg;
916 ASN1_INTEGER *key = NULL; 960 ASN1_INTEGER *key = NULL;
961
917 if (keysize > 0) { 962 if (keysize > 0) {
918 key = ASN1_INTEGER_new(); 963 key = ASN1_INTEGER_new();
919 if (key == NULL || !ASN1_INTEGER_set(key, keysize)) 964 if (key == NULL || !ASN1_INTEGER_set(key, keysize))
@@ -926,46 +971,51 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
926 } 971 }
927 972
928 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), 973 X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
929 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); 974 key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
930 if (*algs == NULL) 975 if (*algs == NULL)
931 *algs = sk_X509_ALGOR_new_null(); 976 *algs = sk_X509_ALGOR_new_null();
932 if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { 977 if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
933 X509_ALGOR_free(alg); 978 X509_ALGOR_free(alg);
934 return 0; 979 return 0;
935 } 980 }
981
936 return 1; 982 return 1;
937} 983}
938 984
939/* Check to see if a cipher exists and if so add S/MIME capabilities */ 985/* Check to see if a cipher exists and if so add S/MIME capabilities */
940 986
941static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 987static int
988cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
942{ 989{
943 if (EVP_get_cipherbynid(nid)) 990 if (EVP_get_cipherbynid(nid))
944 return CMS_add_simple_smimecap(sk, nid, arg); 991 return CMS_add_simple_smimecap(sk, nid, arg);
945 return 1; 992 return 1;
946} 993}
947 994
948static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) 995static int
996cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
949{ 997{
950 if (EVP_get_digestbynid(nid)) 998 if (EVP_get_digestbynid(nid))
951 return CMS_add_simple_smimecap(sk, nid, arg); 999 return CMS_add_simple_smimecap(sk, nid, arg);
952 return 1; 1000 return 1;
953} 1001}
954 1002
955int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) 1003int
956{ 1004CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
957 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) 1005{
958 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) 1006 if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
959 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) 1007 !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) ||
960 || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) 1008 !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) ||
961 || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) 1009 !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
962 || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) 1010 !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
963 || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) 1011 !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
964 || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) 1012 !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
965 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) 1013 !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
966 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) 1014 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
967 || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) 1015 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
968 || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) 1016 !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) ||
1017 !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
969 return 0; 1018 return 0;
1019
970 return 1; 1020 return 1;
971} 1021}
diff --git a/src/lib/libcrypto/cms/cms_smime.c b/src/lib/libcrypto/cms/cms_smime.c
index f3dcd05ee1..a4a77b916a 100644
--- a/src/lib/libcrypto/cms/cms_smime.c
+++ b/src/lib/libcrypto/cms/cms_smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms_smime.c,v 1.19 2019/08/10 16:42:20 jsing Exp $ */ 1/* $OpenBSD: cms_smime.c,v 1.20 2019/08/10 18:15:52 jsing Exp $ */
2/* 2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project. 4 * project.
@@ -61,9 +61,11 @@
61#include "cms_lcl.h" 61#include "cms_lcl.h"
62#include "asn1/asn1_locl.h" 62#include "asn1/asn1_locl.h"
63 63
64static BIO *cms_get_text_bio(BIO *out, unsigned int flags) 64static BIO *
65cms_get_text_bio(BIO *out, unsigned int flags)
65{ 66{
66 BIO *rbio; 67 BIO *rbio;
68
67 if (out == NULL) 69 if (out == NULL)
68 rbio = BIO_new(BIO_s_null()); 70 rbio = BIO_new(BIO_s_null());
69 else if (flags & CMS_TEXT) { 71 else if (flags & CMS_TEXT) {
@@ -71,10 +73,12 @@ static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
71 BIO_set_mem_eof_return(rbio, 0); 73 BIO_set_mem_eof_return(rbio, 0);
72 } else 74 } else
73 rbio = out; 75 rbio = out;
76
74 return rbio; 77 return rbio;
75} 78}
76 79
77static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) 80static int
81cms_copy_content(BIO *out, BIO *in, unsigned int flags)
78{ 82{
79 unsigned char buf[4096]; 83 unsigned char buf[4096];
80 int r = 0, i; 84 int r = 0, i;
@@ -92,11 +96,11 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
92 i = BIO_read(in, buf, sizeof(buf)); 96 i = BIO_read(in, buf, sizeof(buf));
93 if (i <= 0) { 97 if (i <= 0) {
94 if (BIO_method_type(in) == BIO_TYPE_CIPHER) { 98 if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
95 if (!BIO_get_cipher_status(in)) 99 if (!BIO_get_cipher_status(in))
96 goto err; 100 goto err;
97 } 101 }
98 if (i < 0) 102 if (i < 0)
99 goto err; 103 goto err;
100 break; 104 break;
101 } 105 }
102 106
@@ -116,21 +120,25 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
116 err: 120 err:
117 if (tmpout != out) 121 if (tmpout != out)
118 BIO_free(tmpout); 122 BIO_free(tmpout);
119 return r;
120 123
124 return r;
121} 125}
122 126
123static int check_content(CMS_ContentInfo *cms) 127static int
128check_content(CMS_ContentInfo *cms)
124{ 129{
125 ASN1_OCTET_STRING **pos = CMS_get0_content(cms); 130 ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
131
126 if (!pos || !*pos) { 132 if (!pos || !*pos) {
127 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); 133 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
128 return 0; 134 return 0;
129 } 135 }
136
130 return 1; 137 return 1;
131} 138}
132 139
133static void do_free_upto(BIO *f, BIO *upto) 140static void
141do_free_upto(BIO *f, BIO *upto)
134{ 142{
135 if (upto) { 143 if (upto) {
136 BIO *tbio; 144 BIO *tbio;
@@ -144,10 +152,12 @@ static void do_free_upto(BIO *f, BIO *upto)
144 BIO_free_all(f); 152 BIO_free_all(f);
145} 153}
146 154
147int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) 155int
156CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
148{ 157{
149 BIO *cont; 158 BIO *cont;
150 int r; 159 int r;
160
151 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) { 161 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
152 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); 162 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
153 return 0; 163 return 0;
@@ -157,12 +167,15 @@ int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
157 return 0; 167 return 0;
158 r = cms_copy_content(out, cont, flags); 168 r = cms_copy_content(out, cont, flags);
159 BIO_free_all(cont); 169 BIO_free_all(cont);
170
160 return r; 171 return r;
161} 172}
162 173
163CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) 174CMS_ContentInfo *
175CMS_data_create(BIO *in, unsigned int flags)
164{ 176{
165 CMS_ContentInfo *cms; 177 CMS_ContentInfo *cms;
178
166 cms = cms_Data_create(); 179 cms = cms_Data_create();
167 if (!cms) 180 if (!cms)
168 return NULL; 181 return NULL;
@@ -175,11 +188,12 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
175 return NULL; 188 return NULL;
176} 189}
177 190
178int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 191int
179 unsigned int flags) 192CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
180{ 193{
181 BIO *cont; 194 BIO *cont;
182 int r; 195 int r;
196
183 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) { 197 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
184 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); 198 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
185 return 0; 199 return 0;
@@ -195,13 +209,15 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
195 if (r) 209 if (r)
196 r = cms_DigestedData_do_final(cms, cont, 1); 210 r = cms_DigestedData_do_final(cms, cont, 1);
197 do_free_upto(cont, dcont); 211 do_free_upto(cont, dcont);
212
198 return r; 213 return r;
199} 214}
200 215
201CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, 216CMS_ContentInfo *
202 unsigned int flags) 217CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags)
203{ 218{
204 CMS_ContentInfo *cms; 219 CMS_ContentInfo *cms;
220
205 if (!md) 221 if (!md)
206 md = EVP_sha1(); 222 md = EVP_sha1();
207 cms = cms_DigestedData_create(md); 223 cms = cms_DigestedData_create(md);
@@ -215,18 +231,20 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
215 return cms; 231 return cms;
216 232
217 CMS_ContentInfo_free(cms); 233 CMS_ContentInfo_free(cms);
234
218 return NULL; 235 return NULL;
219} 236}
220 237
221int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, 238int
222 const unsigned char *key, size_t keylen, 239CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
223 BIO *dcont, BIO *out, unsigned int flags) 240 size_t keylen, BIO *dcont, BIO *out, unsigned int flags)
224{ 241{
225 BIO *cont; 242 BIO *cont;
226 int r; 243 int r;
244
227 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) { 245 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
228 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 246 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
229 CMS_R_TYPE_NOT_ENCRYPTED_DATA); 247 CMS_R_TYPE_NOT_ENCRYPTED_DATA);
230 return 0; 248 return 0;
231 } 249 }
232 250
@@ -240,14 +258,16 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
240 return 0; 258 return 0;
241 r = cms_copy_content(out, cont, flags); 259 r = cms_copy_content(out, cont, flags);
242 do_free_upto(cont, dcont); 260 do_free_upto(cont, dcont);
261
243 return r; 262 return r;
244} 263}
245 264
246CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, 265CMS_ContentInfo *
247 const unsigned char *key, 266CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
248 size_t keylen, unsigned int flags) 267 const unsigned char *key, size_t keylen, unsigned int flags)
249{ 268{
250 CMS_ContentInfo *cms; 269 CMS_ContentInfo *cms;
270
251 if (!cipher) { 271 if (!cipher) {
252 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); 272 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
253 return NULL; 273 return NULL;
@@ -261,18 +281,18 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
261 if (!(flags & CMS_DETACHED)) 281 if (!(flags & CMS_DETACHED))
262 CMS_set_detached(cms, 0); 282 CMS_set_detached(cms, 0);
263 283
264 if ((flags & (CMS_STREAM | CMS_PARTIAL)) 284 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
265 || CMS_final(cms, in, NULL, flags)) 285 CMS_final(cms, in, NULL, flags))
266 return cms; 286 return cms;
267 287
268 CMS_ContentInfo_free(cms); 288 CMS_ContentInfo_free(cms);
289
269 return NULL; 290 return NULL;
270} 291}
271 292
272static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, 293static int
273 X509_STORE *store, 294cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store,
274 STACK_OF(X509) *certs, 295 STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls)
275 STACK_OF(X509_CRL) *crls)
276{ 296{
277 X509_STORE_CTX *ctx = X509_STORE_CTX_new(); 297 X509_STORE_CTX *ctx = X509_STORE_CTX_new();
278 X509 *signer; 298 X509 *signer;
@@ -301,14 +321,16 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
301 goto err; 321 goto err;
302 } 322 }
303 r = 1; 323 r = 1;
324
304 err: 325 err:
305 X509_STORE_CTX_free(ctx); 326 X509_STORE_CTX_free(ctx);
306 return r;
307 327
328 return r;
308} 329}
309 330
310int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, 331int
311 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) 332CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
333 BIO *dcont, BIO *out, unsigned int flags)
312{ 334{
313 CMS_SignerInfo *si; 335 CMS_SignerInfo *si;
314 STACK_OF(CMS_SignerInfo) *sinfos; 336 STACK_OF(CMS_SignerInfo) *sinfos;
@@ -329,7 +351,6 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
329 /* Attempt to find all signer certificates */ 351 /* Attempt to find all signer certificates */
330 352
331 sinfos = CMS_get0_SignerInfos(cms); 353 sinfos = CMS_get0_SignerInfos(cms);
332
333 if (sk_CMS_SignerInfo_num(sinfos) <= 0) { 354 if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
334 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); 355 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
335 goto err; 356 goto err;
@@ -359,7 +380,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
359 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 380 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
360 si = sk_CMS_SignerInfo_value(sinfos, i); 381 si = sk_CMS_SignerInfo_value(sinfos, i);
361 if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls)) 382 if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
362 goto err; 383 goto err;
363 } 384 }
364 } 385 }
365 386
@@ -369,9 +390,9 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
369 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 390 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
370 si = sk_CMS_SignerInfo_value(sinfos, i); 391 si = sk_CMS_SignerInfo_value(sinfos, i);
371 if (CMS_signed_get_attr_count(si) < 0) 392 if (CMS_signed_get_attr_count(si) < 0)
372 continue; 393 continue;
373 if (CMS_SignerInfo_verify(si) <= 0) 394 if (CMS_SignerInfo_verify(si) <= 0)
374 goto err; 395 goto err;
375 } 396 }
376 } 397 }
377 398
@@ -385,6 +406,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
385 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) { 406 if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
386 char *ptr; 407 char *ptr;
387 long len; 408 long len;
409
388 len = BIO_get_mem_data(dcont, &ptr); 410 len = BIO_get_mem_data(dcont, &ptr);
389 tmpin = BIO_new_mem_buf(ptr, len); 411 tmpin = BIO_new_mem_buf(ptr, len);
390 if (tmpin == NULL) { 412 if (tmpin == NULL) {
@@ -393,6 +415,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
393 } 415 }
394 } else 416 } else
395 tmpin = dcont; 417 tmpin = dcont;
418
396 /* 419 /*
397 * If not binary mode and detached generate digests by *writing* through 420 * If not binary mode and detached generate digests by *writing* through
398 * the BIO. That makes it possible to canonicalise the input. 421 * the BIO. That makes it possible to canonicalise the input.
@@ -418,8 +441,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
418 441
419 if (flags & CMS_TEXT) { 442 if (flags & CMS_TEXT) {
420 if (!SMIME_text(tmpout, out)) { 443 if (!SMIME_text(tmpout, out)) {
421 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR); 444 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
422 goto err; 445 goto err;
423 } 446 }
424 } 447 }
425 } else { 448 } else {
@@ -435,8 +458,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
435 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { 458 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
436 si = sk_CMS_SignerInfo_value(sinfos, i); 459 si = sk_CMS_SignerInfo_value(sinfos, i);
437 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { 460 if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
438 CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR); 461 CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
439 goto err; 462 goto err;
440 } 463 }
441 } 464 }
442 } 465 }
@@ -465,21 +488,23 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
465 return ret; 488 return ret;
466} 489}
467 490
468int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, 491int
469 STACK_OF(X509) *certs, 492CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
470 X509_STORE *store, unsigned int flags) 493 STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags)
471{ 494{
472 int r; 495 int r;
496
473 flags &= ~(CMS_DETACHED | CMS_TEXT); 497 flags &= ~(CMS_DETACHED | CMS_TEXT);
474 r = CMS_verify(rcms, certs, store, NULL, NULL, flags); 498 r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
475 if (r <= 0) 499 if (r <= 0)
476 return r; 500 return r;
501
477 return cms_Receipt_verify(rcms, ocms); 502 return cms_Receipt_verify(rcms, ocms);
478} 503}
479 504
480CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, 505CMS_ContentInfo *
481 STACK_OF(X509) *certs, BIO *data, 506CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
482 unsigned int flags) 507 unsigned int flags)
483{ 508{
484 CMS_ContentInfo *cms; 509 CMS_ContentInfo *cms;
485 int i; 510 int i;
@@ -487,9 +512,8 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
487 cms = CMS_ContentInfo_new(); 512 cms = CMS_ContentInfo_new();
488 if (cms == NULL || !CMS_SignedData_init(cms)) 513 if (cms == NULL || !CMS_SignedData_init(cms))
489 goto merr; 514 goto merr;
490 if (flags & CMS_ASCIICRLF 515 if (flags & CMS_ASCIICRLF &&
491 && !CMS_set1_eContentType(cms, 516 !CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
492 OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
493 goto err; 517 goto err;
494 518
495 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) { 519 if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
@@ -506,8 +530,8 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
506 if (!(flags & CMS_DETACHED)) 530 if (!(flags & CMS_DETACHED))
507 CMS_set_detached(cms, 0); 531 CMS_set_detached(cms, 0);
508 532
509 if ((flags & (CMS_STREAM | CMS_PARTIAL)) 533 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
510 || CMS_final(cms, data, NULL, flags)) 534 CMS_final(cms, data, NULL, flags))
511 return cms; 535 return cms;
512 else 536 else
513 goto err; 537 goto err;
@@ -517,12 +541,13 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
517 541
518 err: 542 err:
519 CMS_ContentInfo_free(cms); 543 CMS_ContentInfo_free(cms);
544
520 return NULL; 545 return NULL;
521} 546}
522 547
523CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, 548CMS_ContentInfo *
524 X509 *signcert, EVP_PKEY *pkey, 549CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey,
525 STACK_OF(X509) *certs, unsigned int flags) 550 STACK_OF(X509) *certs, unsigned int flags)
526{ 551{
527 CMS_SignerInfo *rct_si; 552 CMS_SignerInfo *rct_si;
528 CMS_ContentInfo *cms = NULL; 553 CMS_ContentInfo *cms = NULL;
@@ -555,7 +580,6 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
555 } 580 }
556 581
557 os = cms_encode_Receipt(si); 582 os = cms_encode_Receipt(si);
558
559 if (!os) 583 if (!os)
560 goto err; 584 goto err;
561 585
@@ -584,16 +608,18 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
584 if (r) 608 if (r)
585 return cms; 609 return cms;
586 CMS_ContentInfo_free(cms); 610 CMS_ContentInfo_free(cms);
587 return NULL;
588 611
612 return NULL;
589} 613}
590 614
591CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, 615CMS_ContentInfo *
592 const EVP_CIPHER *cipher, unsigned int flags) 616CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher,
617 unsigned int flags)
593{ 618{
594 CMS_ContentInfo *cms; 619 CMS_ContentInfo *cms;
595 int i; 620 int i;
596 X509 *recip; 621 X509 *recip;
622
597 cms = CMS_EnvelopedData_create(cipher); 623 cms = CMS_EnvelopedData_create(cipher);
598 if (!cms) 624 if (!cms)
599 goto merr; 625 goto merr;
@@ -608,8 +634,8 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
608 if (!(flags & CMS_DETACHED)) 634 if (!(flags & CMS_DETACHED))
609 CMS_set_detached(cms, 0); 635 CMS_set_detached(cms, 0);
610 636
611 if ((flags & (CMS_STREAM | CMS_PARTIAL)) 637 if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
612 || CMS_final(cms, data, NULL, flags)) 638 CMS_final(cms, data, NULL, flags))
613 return cms; 639 return cms;
614 else 640 else
615 goto err; 641 goto err;
@@ -618,18 +644,22 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
618 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); 644 CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
619 err: 645 err:
620 CMS_ContentInfo_free(cms); 646 CMS_ContentInfo_free(cms);
647
621 return NULL; 648 return NULL;
622} 649}
623 650
624static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 651static int
625 EVP_PKEY *pk, X509 *cert) 652cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, EVP_PKEY *pk,
653 X509 *cert)
626{ 654{
627 int i; 655 int i;
628 STACK_OF(CMS_RecipientEncryptedKey) *reks; 656 STACK_OF(CMS_RecipientEncryptedKey) *reks;
629 CMS_RecipientEncryptedKey *rek; 657 CMS_RecipientEncryptedKey *rek;
658
630 reks = CMS_RecipientInfo_kari_get0_reks(ri); 659 reks = CMS_RecipientInfo_kari_get0_reks(ri);
631 for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { 660 for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
632 int rv; 661 int rv;
662
633 rek = sk_CMS_RecipientEncryptedKey_value(reks, i); 663 rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
634 if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) 664 if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
635 continue; 665 continue;
@@ -640,22 +670,25 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
640 return 1; 670 return 1;
641 return cert == NULL ? 0 : -1; 671 return cert == NULL ? 0 : -1;
642 } 672 }
673
643 return 0; 674 return 0;
644} 675}
645 676
646int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 677int
678CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
647{ 679{
648 STACK_OF(CMS_RecipientInfo) *ris; 680 STACK_OF(CMS_RecipientInfo) *ris;
649 CMS_RecipientInfo *ri; 681 CMS_RecipientInfo *ri;
650 int i, r, ri_type; 682 int i, r, ri_type;
651 int debug = 0, match_ri = 0; 683 int debug = 0, match_ri = 0;
684
652 ris = CMS_get0_RecipientInfos(cms); 685 ris = CMS_get0_RecipientInfos(cms);
653 if (ris) 686 if (ris)
654 debug = cms->d.envelopedData->encryptedContentInfo->debug; 687 debug = cms->d.envelopedData->encryptedContentInfo->debug;
655 ri_type = cms_pkey_get_ri_type(pk); 688 ri_type = cms_pkey_get_ri_type(pk);
656 if (ri_type == CMS_RECIPINFO_NONE) { 689 if (ri_type == CMS_RECIPINFO_NONE) {
657 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, 690 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
658 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); 691 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
659 return 0; 692 return 0;
660 } 693 }
661 694
@@ -667,9 +700,9 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
667 if (ri_type == CMS_RECIPINFO_AGREE) { 700 if (ri_type == CMS_RECIPINFO_AGREE) {
668 r = cms_kari_set1_pkey(cms, ri, pk, cert); 701 r = cms_kari_set1_pkey(cms, ri, pk, cert);
669 if (r > 0) 702 if (r > 0)
670 return 1; 703 return 1;
671 if (r < 0) 704 if (r < 0)
672 return 0; 705 return 0;
673 } 706 }
674 /* 707 /*
675 * If we have a cert try matching RecipientInfo otherwise try them 708 * If we have a cert try matching RecipientInfo otherwise try them
@@ -681,18 +714,18 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
681 r = CMS_RecipientInfo_decrypt(cms, ri); 714 r = CMS_RecipientInfo_decrypt(cms, ri);
682 CMS_RecipientInfo_set0_pkey(ri, NULL); 715 CMS_RecipientInfo_set0_pkey(ri, NULL);
683 if (cert) { 716 if (cert) {
684 /* 717 /*
685 * If not debugging clear any error and return success to 718 * If not debugging clear any error and return success to
686 * avoid leaking of information useful to MMA 719 * avoid leaking of information useful to MMA
687 */ 720 */
688 if (!debug) { 721 if (!debug) {
689 ERR_clear_error(); 722 ERR_clear_error();
690 return 1; 723 return 1;
691 } 724 }
692 if (r > 0) 725 if (r > 0)
693 return 1; 726 return 1;
694 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR); 727 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
695 return 0; 728 return 0;
696 } 729 }
697 /* 730 /*
698 * If no cert and not debugging don't leave loop after first 731 * If no cert and not debugging don't leave loop after first
@@ -700,7 +733,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
700 * to avoid leaking timing of a successful decrypt. 733 * to avoid leaking timing of a successful decrypt.
701 */ 734 */
702 else if (r > 0 && debug) 735 else if (r > 0 && debug)
703 return 1; 736 return 1;
704 } 737 }
705 } 738 }
706 /* If no cert, key transport and not debugging always return success */ 739 /* If no cert, key transport and not debugging always return success */
@@ -710,17 +743,18 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
710 } 743 }
711 744
712 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); 745 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
713 return 0;
714 746
747 return 0;
715} 748}
716 749
717int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 750int
718 unsigned char *key, size_t keylen, 751CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen,
719 const unsigned char *id, size_t idlen) 752 const unsigned char *id, size_t idlen)
720{ 753{
721 STACK_OF(CMS_RecipientInfo) *ris; 754 STACK_OF(CMS_RecipientInfo) *ris;
722 CMS_RecipientInfo *ri; 755 CMS_RecipientInfo *ri;
723 int i, r; 756 int i, r;
757
724 ris = CMS_get0_RecipientInfos(cms); 758 ris = CMS_get0_RecipientInfos(cms);
725 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { 759 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
726 ri = sk_CMS_RecipientInfo_value(ris, i); 760 ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -736,26 +770,28 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
736 r = CMS_RecipientInfo_decrypt(cms, ri); 770 r = CMS_RecipientInfo_decrypt(cms, ri);
737 CMS_RecipientInfo_set0_key(ri, NULL, 0); 771 CMS_RecipientInfo_set0_key(ri, NULL, 0);
738 if (r > 0) 772 if (r > 0)
739 return 1; 773 return 1;
740 if (id) { 774 if (id) {
741 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR); 775 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
742 return 0; 776 return 0;
743 } 777 }
744 ERR_clear_error(); 778 ERR_clear_error();
745 } 779 }
746 } 780 }
747 781
748 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); 782 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
749 return 0;
750 783
784 return 0;
751} 785}
752 786
753int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 787int
754 unsigned char *pass, ossl_ssize_t passlen) 788CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
789 ossl_ssize_t passlen)
755{ 790{
756 STACK_OF(CMS_RecipientInfo) *ris; 791 STACK_OF(CMS_RecipientInfo) *ris;
757 CMS_RecipientInfo *ri; 792 CMS_RecipientInfo *ri;
758 int i, r; 793 int i, r;
794
759 ris = CMS_get0_RecipientInfos(cms); 795 ris = CMS_get0_RecipientInfos(cms);
760 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { 796 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
761 ri = sk_CMS_RecipientInfo_value(ris, i); 797 ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -769,15 +805,17 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
769 } 805 }
770 806
771 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT); 807 CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
772 return 0;
773 808
809 return 0;
774} 810}
775 811
776int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, 812int
777 BIO *dcont, BIO *out, unsigned int flags) 813CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
814 BIO *out, unsigned int flags)
778{ 815{
779 int r; 816 int r;
780 BIO *cont; 817 BIO *cont;
818
781 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) { 819 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
782 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); 820 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
783 return 0; 821 return 0;
@@ -797,10 +835,12 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
797 return 0; 835 return 0;
798 r = cms_copy_content(out, cont, flags); 836 r = cms_copy_content(out, cont, flags);
799 do_free_upto(cont, dcont); 837 do_free_upto(cont, dcont);
838
800 return r; 839 return r;
801} 840}
802 841
803int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) 842int
843CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
804{ 844{
805 BIO *cmsbio; 845 BIO *cmsbio;
806 int ret = 0; 846 int ret = 0;
@@ -825,16 +865,16 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
825 do_free_upto(cmsbio, dcont); 865 do_free_upto(cmsbio, dcont);
826 866
827 return ret; 867 return ret;
828
829} 868}
830 869
831#ifdef ZLIB 870#ifdef ZLIB
832 871
833int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 872int
834 unsigned int flags) 873CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
835{ 874{
836 BIO *cont; 875 BIO *cont;
837 int r; 876 int r;
877
838 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) { 878 if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
839 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA); 879 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
840 return 0; 880 return 0;
@@ -848,12 +888,15 @@ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
848 return 0; 888 return 0;
849 r = cms_copy_content(out, cont, flags); 889 r = cms_copy_content(out, cont, flags);
850 do_free_upto(cont, dcont); 890 do_free_upto(cont, dcont);
891
851 return r; 892 return r;
852} 893}
853 894
854CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 895CMS_ContentInfo *
896CMS_compress(BIO *in, int comp_nid, unsigned int flags)
855{ 897{
856 CMS_ContentInfo *cms; 898 CMS_ContentInfo *cms;
899
857 if (comp_nid <= 0) 900 if (comp_nid <= 0)
858 comp_nid = NID_zlib_compression; 901 comp_nid = NID_zlib_compression;
859 cms = cms_CompressedData_create(comp_nid); 902 cms = cms_CompressedData_create(comp_nid);
@@ -867,19 +910,21 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
867 return cms; 910 return cms;
868 911
869 CMS_ContentInfo_free(cms); 912 CMS_ContentInfo_free(cms);
913
870 return NULL; 914 return NULL;
871} 915}
872 916
873#else 917#else
874 918
875int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, 919int
876 unsigned int flags) 920CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
877{ 921{
878 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 922 CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
879 return 0; 923 return 0;
880} 924}
881 925
882CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) 926CMS_ContentInfo *
927CMS_compress(BIO *in, int comp_nid, unsigned int flags)
883{ 928{
884 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); 929 CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
885 return NULL; 930 return NULL;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-22 17:39:43 +0000