Guenther has plans for OPENSSL_NO_CMS, so revert this for the moment.

9 files changed, 123 insertions, 12 deletions

diff --git a/lib/libssl/src/crypto/cms/cms.h b/lib/libssl/src/crypto/cms/cms.h
index f08e2f84574..9a5aae52996 100644
--- a/lib/libssl/src/crypto/cms/cms.h
+++ b/lib/libssl/src/crypto/cms/cms.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.h,v 1.6 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: cms.h,v 1.7 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -58,7 +58,9 @@
 
 #include <openssl/x509.h>
 
+#ifdef OPENSSL_NO_CMS
 #error CMS is disabled.
+#endif
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/lib/libssl/src/crypto/dsa/dsa_ameth.c b/lib/libssl/src/crypto/dsa/dsa_ameth.c
index 8f7a73a4813..d4c8b111a88 100644
--- a/lib/libssl/src/crypto/dsa/dsa_ameth.c
+++ b/lib/libssl/src/crypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -66,6 +66,9 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -592,6 +595,26 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 			    0);
 		}
 		return 1;
+#ifndef OPENSSL_NO_CMS
+	case ASN1_PKEY_CTRL_CMS_SIGN:
+		if (arg1 == 0) {
+			int snid, hnid;
+			X509_ALGOR *alg1, *alg2;
+
+			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+			if (alg1 == NULL || alg1->algorithm == NULL)
+				return -1;
+			hnid = OBJ_obj2nid(alg1->algorithm);
+			if (hnid == NID_undef)
+				return -1;
+			if (!OBJ_find_sigid_by_algs(&snid, hnid,
+			    EVP_PKEY_id(pkey)))
+				return -1; 
+			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF,
+			    0);
+		}
+		return 1;
+#endif
 
 	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
 		*(int *)arg2 = NID_sha1;
diff --git a/lib/libssl/src/crypto/ec/ec_ameth.c b/lib/libssl/src/crypto/ec/ec_ameth.c
index 567d16e307f..dd1c31883e1 100644
--- a/lib/libssl/src/crypto/ec/ec_ameth.c
+++ b/lib/libssl/src/crypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -65,6 +65,9 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -570,6 +573,24 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2)
 			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
 		}
 		return 1;
+#ifndef OPENSSL_NO_CMS
+	case ASN1_PKEY_CTRL_CMS_SIGN:
+		if (arg1 == 0) {
+			int snid, hnid;
+			X509_ALGOR *alg1, *alg2;
+			CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
+			    &alg1, &alg2);
+			if (alg1 == NULL || alg1->algorithm == NULL)
+				return -1;
+			hnid = OBJ_obj2nid(alg1->algorithm);
+			if (hnid == NID_undef)
+				return -1;
+			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+				return -1;
+			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+		}
+		return 1;
+#endif
 
 	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
 		*(int *) arg2 = NID_sha1;
diff --git a/lib/libssl/src/crypto/err/err_all.c b/lib/libssl/src/crypto/err/err_all.c
index 296c1a5ba3a..58adce64e75 100644
--- a/lib/libssl/src/crypto/err/err_all.c
+++ b/lib/libssl/src/crypto/err/err_all.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err_all.c,v 1.21 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: err_all.c,v 1.22 2015/02/11 04:05:14 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -115,9 +115,6 @@ ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_RSA
 	ERR_load_RSA_strings();
 #endif
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
 #ifndef OPENSSL_NO_DH
 	ERR_load_DH_strings();
 #endif
@@ -154,6 +151,9 @@ ERR_load_crypto_strings(void)
 #endif
 	ERR_load_OCSP_strings();
 	ERR_load_UI_strings();
+#ifndef OPENSSL_NO_CMS
+	ERR_load_CMS_strings();
+#endif
 #ifndef OPENSSL_NO_GOST
 	ERR_load_GOST_strings();
 #endif
diff --git a/lib/libssl/src/crypto/gost/gostr341001_ameth.c b/lib/libssl/src/crypto/gost/gostr341001_ameth.c
index fb1d57ad6d8..45ddd44e42b 100644
--- a/lib/libssl/src/crypto/gost/gostr341001_ameth.c
+++ b/lib/libssl/src/crypto/gost/gostr341001_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_ameth.c,v 1.7 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: gostr341001_ameth.c,v 1.8 2015/02/11 04:05:14 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -61,6 +61,9 @@
 #include <openssl/x509.h>
 #include <openssl/gost.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 #include "gost_locl.h"
@@ -653,6 +656,17 @@ pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 		if (arg1 == 0)
 			PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
 		break;
+#ifndef OPENSSL_NO_CMS
+	case ASN1_PKEY_CTRL_CMS_SIGN:
+		if (arg1 == 0)
+			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+		break;
+
+	case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+		if (arg1 == 0)
+			CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
+		break;
+#endif
 	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
 		*(int *)arg2 = GostR3410_get_md_digest(digest);
 		return 2;
diff --git a/lib/libssl/src/crypto/gost/gostr341001_pmeth.c b/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
index 89e1ae62cdc..0157996a40e 100644
--- a/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
+++ b/lib/libssl/src/crypto/gost/gostr341001_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001_pmeth.c,v 1.9 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: gostr341001_pmeth.c,v 1.10 2015/02/11 04:05:14 beck Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -597,6 +597,11 @@ pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
 	case EVP_PKEY_CTRL_PKCS7_SIGN:
 	case EVP_PKEY_CTRL_DIGESTINIT:
+#ifndef OPENSSL_NO_CMS
+	case EVP_PKEY_CTRL_CMS_ENCRYPT:
+	case EVP_PKEY_CTRL_CMS_DECRYPT:
+	case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
 		return 1;
 
 	case EVP_PKEY_CTRL_GOST_PARAMSET:
diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c
index 9107e9c225a..48768a4467d 100644
--- a/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/lib/libssl/src/crypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.38 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.39 2015/02/11 04:05:14 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -264,6 +264,15 @@ check_pem(const char *nm, const char *name)
 	    !strcmp(name, PEM_STRING_PKCS7))
 		return 1;
 
+#ifndef OPENSSL_NO_CMS
+	if (!strcmp(nm, PEM_STRING_X509) &&
+	    !strcmp(name, PEM_STRING_CMS))
+		return 1;
+	/* Allow CMS to be read from PKCS#7 headers */
+	if (!strcmp(nm, PEM_STRING_PKCS7) &&
+	    !strcmp(name, PEM_STRING_CMS))
+		return 1;
+#endif
 
 	return 0;
 }
diff --git a/lib/libssl/src/crypto/rsa/rsa_ameth.c b/lib/libssl/src/crypto/rsa/rsa_ameth.c
index a68fcbeb11b..528b72b4b90 100644
--- a/lib/libssl/src/crypto/rsa/rsa_ameth.c
+++ b/lib/libssl/src/crypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.13 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -66,6 +66,9 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "asn1_locl.h"
 
@@ -417,6 +420,17 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 		if (arg1 == 0)
 			PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
 		break;
+#ifndef OPENSSL_NO_CMS
+	case ASN1_PKEY_CTRL_CMS_SIGN:
+		if (arg1 == 0)
+			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
+		break;
+
+	case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+		if (arg1 == 0)
+			CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
+		break;
+#endif
 
 	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
 		*(int *)arg2 = NID_sha1;
diff --git a/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 6d38a7c923c..09166e105b7 100644
--- a/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.15 2015/02/11 03:55:42 beck Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.16 2015/02/11 04:05:14 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -69,6 +69,9 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 
 #include "evp_locl.h"
 #include "rsa_locl.h"
@@ -459,6 +462,26 @@ bad_pad:
 	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
 	case EVP_PKEY_CTRL_PKCS7_SIGN:
 		return 1;
+#ifndef OPENSSL_NO_CMS
+	case EVP_PKEY_CTRL_CMS_DECRYPT:
+		{
+			X509_ALGOR *alg = NULL;
+			ASN1_OBJECT *encalg = NULL;
+
+			if (p2)
+				CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
+				    NULL, &alg);
+			if (alg)
+				X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+			if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+				rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+		}
+		/* FALLTHROUGH */
+
+	case EVP_PKEY_CTRL_CMS_ENCRYPT:
+	case EVP_PKEY_CTRL_CMS_SIGN:
+		return 1;
+#endif
 	case EVP_PKEY_CTRL_PEER_KEY:
 		RSAerr(RSA_F_PKEY_RSA_CTRL,
 		    RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);