diff options
Diffstat (limited to 'lib/libcrypto')
-rw-r--r-- | lib/libcrypto/cms/cms.h | 188 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_asn1.c | 123 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_att.c | 122 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_cd.c | 49 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_dd.c | 51 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_enc.c | 181 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_env.c | 572 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_err.c | 330 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_ess.c | 243 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_io.c | 129 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_lcl.h | 278 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_lib.c | 474 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_pwri.c | 231 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_sd.c | 710 | ||||
-rw-r--r-- | lib/libcrypto/cms/cms_smime.c | 536 |
15 files changed, 1964 insertions, 2253 deletions
diff --git a/lib/libcrypto/cms/cms.h b/lib/libcrypto/cms/cms.h index 150607469dd..0a782d31635 100644 --- a/lib/libcrypto/cms/cms.h +++ b/lib/libcrypto/cms/cms.h @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -132,110 +132,94 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); -int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); -CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, unsigned int flags); +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, BIO *data, unsigned int flags); -CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, - X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, - unsigned int flags); +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, + EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags); int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, - unsigned int flags); + unsigned int flags); -int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, - const unsigned char *key, size_t keylen, - BIO *dcont, BIO *out, unsigned int flags); +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, + size_t keylen, BIO *dcont, BIO *out, unsigned int flags); CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - unsigned int flags); + const unsigned char *key, size_t keylen, unsigned int flags); int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen); int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, - STACK_OF(X509) *certs, - X509_STORE *store, unsigned int flags); + STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags); STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, unsigned int flags); + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, + BIO *out, unsigned int flags); -int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, - BIO *dcont, BIO *out, - unsigned int flags); - int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); -int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen); -int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ssize_t passlen); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, + size_t keylen, unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass, + ssize_t passlen); STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); -CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, - X509 *recip, unsigned int flags); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, + unsigned int flags); int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); -int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, - EVP_PKEY **pk, X509 **recip, - X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk, + X509 **recip, X509_ALGOR **palg); int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen, - ASN1_GENERALIZEDTIME *date, - ASN1_OBJECT *otherTypeId, - ASN1_TYPE *otherType); - -int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pid, - ASN1_GENERALIZEDTIME **pdate, - ASN1_OBJECT **potherid, - ASN1_TYPE **pothertype); - -int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, - unsigned char *key, size_t keylen); - -int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, - const unsigned char *id, size_t idlen); - -int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, - unsigned char *pass, - ssize_t passlen); - -CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - int iter, int wrap_nid, int pbe_nid, - unsigned char *pass, - ssize_t passlen, - const EVP_CIPHER *kekciph); + unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, + ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, + size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, + ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, + int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen, + const EVP_CIPHER *kekciph); int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); - + int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); + unsigned int flags); CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); @@ -252,82 +236,70 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); int CMS_SignedData_init(CMS_ContentInfo *cms); -CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, + EVP_PKEY *pk, const EVP_MD *md, unsigned int flags); STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - unsigned int flags); + unsigned int flags); void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, - X509_ALGOR **pdig, X509_ALGOR **psig); + X509_ALGOR **pdig, X509_ALGOR **psig); int CMS_SignerInfo_sign(CMS_SignerInfo *si); int CMS_SignerInfo_verify(CMS_SignerInfo *si); int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); -int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, + int keysize); int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); int CMS_signed_get_attr_count(const CMS_SignerInfo *si); -int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos); int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); -int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); -int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); -int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int type, const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, + int type, const void *bytes, int len); void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type); + int lastpos, int type); int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); + int lastpos); int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos); + int lastpos); X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); -int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); -int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); -int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int type, const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, + int type, const void *bytes, int len); void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type); + int lastpos, int type); #ifdef HEADER_X509V3_H int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, - int allorfirst, - STACK_OF(GENERAL_NAMES) *receiptList, - STACK_OF(GENERAL_NAMES) *receiptsTo); + int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo); int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); -void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, - ASN1_STRING **pcid, - int *pallorfirst, - STACK_OF(GENERAL_NAMES) **plist, - STACK_OF(GENERAL_NAMES) **prto); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, + int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); #endif diff --git a/lib/libcrypto/cms/cms_asn1.c b/lib/libcrypto/cms/cms_asn1.c index bd7466cc1d3..a2b0217a930 100644 --- a/lib/libcrypto/cms/cms_asn1.c +++ b/lib/libcrypto/cms/cms_asn1.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,7 +57,6 @@ #include "cms.h" #include "cms_lcl.h" - ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) @@ -87,19 +86,18 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { } ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) /* Minor tweak to operation: free up signer key, cert */ -static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) - { - if(operation == ASN1_OP_FREE_POST) - { +static int +cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ + if (operation == ASN1_OP_FREE_POST) { CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; if (si->pkey) EVP_PKEY_free(si->pkey); if (si->signer) X509_free(si->signer); - } - return 1; } + return 1; +} ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { ASN1_SIMPLE(CMS_SignerInfo, version, LONG), @@ -160,8 +158,8 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = { } ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { - ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) + ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) } ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = { @@ -170,14 +168,14 @@ ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = { } ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey) ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { - ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) + ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), + ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { - ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), - ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) + ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), + ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) } ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = { @@ -209,46 +207,38 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { } ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { - ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), - ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) + ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), + ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) } ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) /* Free up RecipientInfo additional data */ -static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) - { - if(operation == ASN1_OP_FREE_PRE) - { +static int +cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ + if (operation == ASN1_OP_FREE_PRE) { CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; - if (ri->type == CMS_RECIPINFO_TRANS) - { + if (ri->type == CMS_RECIPINFO_TRANS) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; if (ktri->pkey) EVP_PKEY_free(ktri->pkey); if (ktri->recip) X509_free(ktri->recip); - } - else if (ri->type == CMS_RECIPINFO_KEK) - { + } else if (ri->type == CMS_RECIPINFO_KEK) { CMS_KEKRecipientInfo *kekri = ri->d.kekri; - if (kekri->key) - { + if (kekri->key) { OPENSSL_cleanse(kekri->key, kekri->keylen); free(kekri->key); - } } - else if (ri->type == CMS_RECIPINFO_PASS) - { + } else if (ri->type == CMS_RECIPINFO_PASS) { CMS_PasswordRecipientInfo *pwri = ri->d.pwri; - if (pwri->pass) - { + if (pwri->pass) { OPENSSL_cleanse(pwri->pass, pwri->passlen); free(pwri->pass); - } } } - return 1; } + return 1; +} ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), @@ -295,7 +285,7 @@ ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { ASN1_SIMPLE(CMS_CompressedData, version, LONG), ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), -} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) + } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) /* This is the ANY DEFINED BY table for the top level ContentInfo structure */ @@ -312,36 +302,34 @@ ASN1_ADB(CMS_ContentInfo) = { } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); /* CMS streaming support */ -static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) - { +static int +cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ ASN1_STREAM_ARG *sarg = exarg; CMS_ContentInfo *cms = NULL; + if (pval) cms = (CMS_ContentInfo *)*pval; else return 1; - switch(operation) - { - case ASN1_OP_STREAM_PRE: + switch (operation) { + case ASN1_OP_STREAM_PRE: if (CMS_stream(&sarg->boundary, cms) <= 0) return 0; - case ASN1_OP_DETACHED_PRE: + case ASN1_OP_DETACHED_PRE: sarg->ndef_bio = CMS_dataInit(cms, sarg->out); if (!sarg->ndef_bio) return 0; break; - - case ASN1_OP_STREAM_POST: - case ASN1_OP_DETACHED_POST: + case ASN1_OP_STREAM_POST: + case ASN1_OP_DETACHED_POST: if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0) return 0; break; - - } - return 1; } + return 1; +} ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), @@ -354,36 +342,33 @@ ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { * encoding. */ -ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = +ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) -/* When verifying attributes we need to use the received order. So +/* When verifying attributes we need to use the received order. So * we use SEQUENCE OF and tag it to SET OF */ -ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) +ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = +ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) - - ASN1_CHOICE(CMS_ReceiptsFrom) = { - ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), - ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) + ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), + ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) } ASN1_CHOICE_END(CMS_ReceiptsFrom) ASN1_SEQUENCE(CMS_ReceiptRequest) = { - ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), - ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), - ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) + ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), + ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest) ASN1_SEQUENCE(CMS_Receipt) = { - ASN1_SIMPLE(CMS_Receipt, version, LONG), - ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), - ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), - ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) + ASN1_SIMPLE(CMS_Receipt, version, LONG), + ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), + ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_Receipt) - diff --git a/lib/libcrypto/cms/cms_att.c b/lib/libcrypto/cms/cms_att.c index 5b71722ebc8..c6bc784fb8b 100644 --- a/lib/libcrypto/cms/cms_att.c +++ b/lib/libcrypto/cms/cms_att.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,134 +60,150 @@ /* CMS SignedData Attribute utilities */ -int CMS_signed_get_attr_count(const CMS_SignerInfo *si) +int +CMS_signed_get_attr_count(const CMS_SignerInfo *si) { return X509at_get_attr_count(si->signedAttrs); } -int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos) +int +CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) { return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); } -int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos) +int +CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos) { return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); } -X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) +X509_ATTRIBUTE * +CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) { return X509at_get_attr(si->signedAttrs, loc); } -X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) +X509_ATTRIBUTE * +CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) { return X509at_delete_attr(si->signedAttrs, loc); } -int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) +int +CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) { - if(X509at_add1_attr(&si->signedAttrs, attr)) return 1; + if (X509at_add1_attr(&si->signedAttrs, attr)) + return 1; return 0; } -int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len) +int +CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int type, const void *bytes, int len) { - if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) + return 1; return 0; } -int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len) +int +CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, + const void *bytes, int len) { - if(X509at_add1_attr_by_NID(&si->signedAttrs, nid, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) + return 1; return 0; } -int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len) +int +CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type, + const void *bytes, int len) { - if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, + bytes, len)) + return 1; return 0; } -void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type) +void * +CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos, + int type) { return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); } -int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) +int +CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) { return X509at_get_attr_count(si->unsignedAttrs); } -int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos) +int +CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) { return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); } -int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos) +int +CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos) { return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); } -X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) +X509_ATTRIBUTE * +CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) { return X509at_get_attr(si->unsignedAttrs, loc); } -X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) +X509_ATTRIBUTE * +CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) { return X509at_delete_attr(si->unsignedAttrs, loc); } -int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) +int +CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) { - if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1; + if (X509at_add1_attr(&si->unsignedAttrs, attr)) + return 1; return 0; } -int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len) +int +CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int type, const void *bytes, int len) { - if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) + return 1; return 0; } -int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len) +int +CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, + const void *bytes, int len) { - if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) + return 1; return 0; } -int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len) +int +CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, + int type, const void *bytes, int len) { - if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, type, + bytes, len)) + return 1; return 0; } -void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type) +void * +CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type) { return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); } diff --git a/lib/libcrypto/cms/cms_cd.c b/lib/libcrypto/cms/cms_cd.c index a5fc2c4e2b4..ec48471df26 100644 --- a/lib/libcrypto/cms/cms_cd.c +++ b/lib/libcrypto/cms/cms_cd.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,7 +58,9 @@ #include <openssl/err.h> #include <openssl/cms.h> #include <openssl/bio.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include "cms_lcl.h" DECLARE_ASN1_ITEM(CMS_CompressedData) @@ -67,19 +69,20 @@ DECLARE_ASN1_ITEM(CMS_CompressedData) /* CMS CompressedData Utilities */ -CMS_ContentInfo *cms_CompressedData_create(int comp_nid) - { +CMS_ContentInfo * +cms_CompressedData_create(int comp_nid) +{ CMS_ContentInfo *cms; CMS_CompressedData *cd; + /* Will need something cleverer if there is ever more than one * compression algorithm or parameters have some meaning... */ - if (comp_nid != NID_zlib_compression) - { + if (comp_nid != NID_zlib_compression) { CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE, - CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); return NULL; - } + } cms = CMS_ContentInfo_new(); if (!cms) return NULL; @@ -95,40 +98,38 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid) cd->version = 0; X509_ALGOR_set0(cd->compressionAlgorithm, - OBJ_nid2obj(NID_zlib_compression), - V_ASN1_UNDEF, NULL); + OBJ_nid2obj(NID_zlib_compression), + V_ASN1_UNDEF, NULL); cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); return cms; - err: - +err: if (cms) CMS_ContentInfo_free(cms); - return NULL; - } +} -BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms) - { +BIO * +cms_CompressedData_init_bio(CMS_ContentInfo *cms) +{ CMS_CompressedData *cd; ASN1_OBJECT *compoid; - if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) - { + + if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) { CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, - CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); + CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); return NULL; - } + } cd = cms->d.compressedData; X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm); - if (OBJ_obj2nid(compoid) != NID_zlib_compression) - { + if (OBJ_obj2nid(compoid) != NID_zlib_compression) { CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, - CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); + CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); return NULL; - } - return BIO_new(BIO_f_zlib()); } + return BIO_new(BIO_f_zlib()); +} #endif diff --git a/lib/libcrypto/cms/cms_dd.c b/lib/libcrypto/cms/cms_dd.c index 8919c15be12..f115d2274b0 100644 --- a/lib/libcrypto/cms/cms_dd.c +++ b/lib/libcrypto/cms/cms_dd.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,10 +63,12 @@ DECLARE_ASN1_ITEM(CMS_DigestedData) /* CMS DigestedData Utilities */ -CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) - { +CMS_ContentInfo * +cms_DigestedData_create(const EVP_MD *md) +{ CMS_ContentInfo *cms; CMS_DigestedData *dd; + cms = CMS_ContentInfo_new(); if (!cms) return NULL; @@ -86,28 +88,30 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) return cms; - err: - +err: if (cms) CMS_ContentInfo_free(cms); - return NULL; - } +} -BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) - { +BIO * +cms_DigestedData_init_bio(CMS_ContentInfo *cms) +{ CMS_DigestedData *dd; + dd = cms->d.digestedData; return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm); - } +} -int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) - { +int +cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) +{ EVP_MD_CTX mctx; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; int r = 0; CMS_DigestedData *dd; + EVP_MD_CTX_init(&mctx); dd = cms->d.digestedData; @@ -118,31 +122,26 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) goto err; - if (verify) - { - if (mdlen != (unsigned int)dd->digest->length) - { + if (verify) { + if (mdlen != (unsigned int)dd->digest->length) { CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, - CMS_R_MESSAGEDIGEST_WRONG_LENGTH); + CMS_R_MESSAGEDIGEST_WRONG_LENGTH); goto err; - } + } if (memcmp(md, dd->digest->data, mdlen)) CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, - CMS_R_VERIFICATION_FAILURE); + CMS_R_VERIFICATION_FAILURE); else r = 1; - } - else - { + } else { if (!ASN1_STRING_set(dd->digest, md, mdlen)) goto err; r = 1; - } + } - err: +err: EVP_MD_CTX_cleanup(&mctx); return r; - - } +} diff --git a/lib/libcrypto/cms/cms_enc.c b/lib/libcrypto/cms/cms_enc.c index 612fce6dde8..75e08cdb1d6 100644 --- a/lib/libcrypto/cms/cms_enc.c +++ b/lib/libcrypto/cms/cms_enc.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,8 +66,9 @@ DECLARE_ASN1_ITEM(CMS_EncryptedData) /* Return BIO based on EncryptedContentInfo and key */ -BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) - { +BIO * +cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) +{ BIO *b; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *ciph; @@ -75,87 +76,72 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; unsigned char *tkey = NULL; size_t tkeylen = 0; - int ok = 0; - int enc, keep_key = 0; enc = ec->cipher ? 1 : 0; b = BIO_new(BIO_f_cipher()); - if (!b) - { + if (!b) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); return NULL; - } + } BIO_get_cipher_ctx(b, &ctx); - if (enc) - { + if (enc) { ciph = ec->cipher; /* If not keeping key set cipher to NULL so subsequent calls * decrypt. */ if (ec->key) ec->cipher = NULL; - } - else - { + } else { ciph = EVP_get_cipherbyobj(calg->algorithm); - if (!ciph) - { + if (!ciph) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - CMS_R_UNKNOWN_CIPHER); + CMS_R_UNKNOWN_CIPHER); goto err; - } } + } - if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) - { + if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - CMS_R_CIPHER_INITIALISATION_ERROR); + CMS_R_CIPHER_INITIALISATION_ERROR); goto err; - } + } - if (enc) - { + if (enc) { int ivlen; calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_iv_length(ctx); - if (ivlen > 0) - { + if (ivlen > 0) { if (RAND_pseudo_bytes(iv, ivlen) <= 0) goto err; piv = iv; - } } - else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) - { + } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; - } + } tkeylen = EVP_CIPHER_CTX_key_length(ctx); /* Generate random session key */ - if (!enc || !ec->key) - { + if (!enc || !ec->key) { tkey = malloc(tkeylen); - if (!tkey) - { + if (!tkey) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } + } if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0) goto err; - } + } - if (!ec->key) - { + if (!ec->key) { ec->key = tkey; ec->keylen = tkeylen; tkey = NULL; @@ -163,25 +149,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) keep_key = 1; else ERR_clear_error(); - - } - if (ec->keylen != tkeylen) - { + } + + if (ec->keylen != tkeylen) { /* If necessary set key length */ - if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) - { + if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) { /* Only reveal failure if debugging so we don't * leak information which may be useful in MMA. */ - if (enc || ec->debug) - { + if (enc || ec->debug) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - CMS_R_INVALID_KEY_LENGTH); + CMS_R_INVALID_KEY_LENGTH); goto err; - } - else - { + } else { /* Use random key */ OPENSSL_cleanse(ec->key, ec->keylen); free(ec->key); @@ -189,106 +170,98 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) ec->keylen = tkeylen; tkey = NULL; ERR_clear_error(); - } } } + } - if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) - { + if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - CMS_R_CIPHER_INITIALISATION_ERROR); + CMS_R_CIPHER_INITIALISATION_ERROR); goto err; - } + } - if (piv) - { + if (piv) { calg->parameter = ASN1_TYPE_new(); - if (!calg->parameter) - { + if (!calg->parameter) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } - if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) - { + } + if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, - CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; - } } + } ok = 1; - err: - if (ec->key && !keep_key) - { +err: + if (ec->key && !keep_key) { OPENSSL_cleanse(ec->key, ec->keylen); free(ec->key); ec->key = NULL; - } - if (tkey) - { + } + if (tkey) { OPENSSL_cleanse(tkey, tkeylen); free(tkey); - } + } if (ok) return b; BIO_free(b); return NULL; - } +} -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen) - { +int +cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen) +{ ec->cipher = cipher; - if (key) - { + if (key) { ec->key = malloc(keylen); if (!ec->key) return 0; memcpy(ec->key, key, keylen); - } + } ec->keylen = keylen; if (cipher) ec->contentType = OBJ_nid2obj(NID_pkcs7_data); return 1; - } +} -int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, - const unsigned char *key, size_t keylen) - { +int +CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen) +{ CMS_EncryptedContentInfo *ec; - if (!key || !keylen) - { + + if (!key || !keylen) { CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY); return 0; - } - if (ciph) - { + } + if (ciph) { cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData); - if (!cms->d.encryptedData) - { + if (!cms->d.encryptedData) { CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); return 0; - } + } cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted); cms->d.encryptedData->version = 0; - } - else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) - { + } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) { CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, - CMS_R_NOT_ENCRYPTED_DATA); + CMS_R_NOT_ENCRYPTED_DATA); return 0; - } + } ec = cms->d.encryptedData->encryptedContentInfo; return cms_EncryptedContent_init(ec, ciph, key, keylen); - } +} -BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms) - { +BIO * +cms_EncryptedData_init_bio(CMS_ContentInfo *cms) +{ CMS_EncryptedData *enc = cms->d.encryptedData; + if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) enc->version = 2; return cms_EncryptedContent_init_bio(enc->encryptedContentInfo); - } +} diff --git a/lib/libcrypto/cms/cms_env.c b/lib/libcrypto/cms/cms_env.c index 5e6e7033b24..a274e26226a 100644 --- a/lib/libcrypto/cms/cms_env.c +++ b/lib/libcrypto/cms/cms_env.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -71,56 +71,59 @@ DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) DECLARE_STACK_OF(CMS_RecipientInfo) -CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) - { - if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) - { +CMS_EnvelopedData * +cms_get0_enveloped(CMS_ContentInfo *cms) +{ + if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { CMSerr(CMS_F_CMS_GET0_ENVELOPED, - CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); + CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); return NULL; - } - return cms->d.envelopedData; } + return cms->d.envelopedData; +} -static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) - { - if (cms->d.other == NULL) - { +static CMS_EnvelopedData * +cms_enveloped_data_init(CMS_ContentInfo *cms) +{ + if (cms->d.other == NULL) { cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); - if (!cms->d.envelopedData) - { + if (!cms->d.envelopedData) { CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); return NULL; - } + } cms->d.envelopedData->version = 0; cms->d.envelopedData->encryptedContentInfo->contentType = - OBJ_nid2obj(NID_pkcs7_data); + OBJ_nid2obj(NID_pkcs7_data); ASN1_OBJECT_free(cms->contentType); cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); return cms->d.envelopedData; - } - return cms_get0_enveloped(cms); } + return cms_get0_enveloped(cms); +} STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) - { +{ CMS_EnvelopedData *env; + env = cms_get0_enveloped(cms); if (!env) return NULL; return env->recipientInfos; - } +} -int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) - { +int +CMS_RecipientInfo_type(CMS_RecipientInfo *ri) +{ return ri->type; - } +} -CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) - { +CMS_ContentInfo * +CMS_EnvelopedData_create(const EVP_CIPHER *cipher) +{ CMS_ContentInfo *cms; CMS_EnvelopedData *env; + cms = CMS_ContentInfo_new(); if (!cms) goto merr; @@ -128,15 +131,16 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) if (!env) goto merr; if (!cms_EncryptedContent_init(env->encryptedContentInfo, - cipher, NULL, 0)) + cipher, NULL, 0)) goto merr; return cms; - merr: + +merr: if (cms) CMS_ContentInfo_free(cms); CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); return NULL; - } +} /* Key Transport Recipient Info (KTRI) routines */ @@ -144,14 +148,15 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) * If we ever handle key agreement will need updating. */ -CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, - X509 *recip, unsigned int flags) - { +CMS_RecipientInfo * +CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags) +{ CMS_RecipientInfo *ri = NULL; CMS_KeyTransRecipientInfo *ktri; CMS_EnvelopedData *env; EVP_PKEY *pk = NULL; int i, type; + env = cms_get0_enveloped(cms); if (!env) goto err; @@ -172,26 +177,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509_check_purpose(recip, -1, -1); pk = X509_get_pubkey(recip); - if (!pk) - { + if (!pk) { CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, - CMS_R_ERROR_GETTING_PUBLIC_KEY); + CMS_R_ERROR_GETTING_PUBLIC_KEY); goto err; - } + } CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); ktri->pkey = pk; ktri->recip = recip; - if (flags & CMS_USE_KEYID) - { + if (flags & CMS_USE_KEYID) { ktri->version = 2; type = CMS_RECIPINFO_KEYIDENTIFIER; - } - else - { + } else { ktri->version = 0; type = CMS_RECIPINFO_ISSUER_SERIAL; - } + } /* Not a typo: RecipientIdentifier and SignerIdentifier are the * same structure. @@ -200,49 +201,45 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, if (!cms_set1_SignerIdentifier(ktri->rid, recip, type)) goto err; - if (pk->ameth && pk->ameth->pkey_ctrl) - { + if (pk->ameth && pk->ameth->pkey_ctrl) { i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE, - 0, ri); - if (i == -2) - { + 0, ri); + if (i == -2) { CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, - CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; - } - if (i <= 0) - { + } + if (i <= 0) { CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, - CMS_R_CTRL_FAILURE); + CMS_R_CTRL_FAILURE); goto err; - } } + } if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) goto merr; return ri; - merr: +merr: CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); - err: +err: if (ri) M_ASN1_free_of(ri, CMS_RecipientInfo); return NULL; +} - } - -int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, - EVP_PKEY **pk, X509 **recip, - X509_ALGOR **palg) - { +int +CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk, + X509 **recip, X509_ALGOR **palg) +{ CMS_KeyTransRecipientInfo *ktri; - if (ri->type != CMS_RECIPINFO_TRANS) - { + + if (ri->type != CMS_RECIPINFO_TRANS) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, - CMS_R_NOT_KEY_TRANSPORT); + CMS_R_NOT_KEY_TRANSPORT); return 0; - } + } ktri = ri->d.ktri; @@ -253,53 +250,53 @@ int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, if (palg) *palg = ktri->keyEncryptionAlgorithm; return 1; - } +} -int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno) - { +int +CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno) +{ CMS_KeyTransRecipientInfo *ktri; - if (ri->type != CMS_RECIPINFO_TRANS) - { + + if (ri->type != CMS_RECIPINFO_TRANS) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, - CMS_R_NOT_KEY_TRANSPORT); + CMS_R_NOT_KEY_TRANSPORT); return 0; - } + } ktri = ri->d.ktri; - return cms_SignerIdentifier_get0_signer_id(ktri->rid, - keyid, issuer, sno); - } + return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, + issuer, sno); +} -int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) - { - if (ri->type != CMS_RECIPINFO_TRANS) - { +int +CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) +{ + if (ri->type != CMS_RECIPINFO_TRANS) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, - CMS_R_NOT_KEY_TRANSPORT); + CMS_R_NOT_KEY_TRANSPORT); return -2; - } - return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); } + return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); +} -int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) - { - if (ri->type != CMS_RECIPINFO_TRANS) - { +int +CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) +{ + if (ri->type != CMS_RECIPINFO_TRANS) { CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, - CMS_R_NOT_KEY_TRANSPORT); + CMS_R_NOT_KEY_TRANSPORT); return 0; - } + } ri->d.ktri->pkey = pkey; return 1; - } +} /* Encrypt content key in key transport recipient info */ -static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) - { +static int +cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) +{ CMS_KeyTransRecipientInfo *ktri; CMS_EncryptedContentInfo *ec; EVP_PKEY_CTX *pctx = NULL; @@ -308,12 +305,11 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, int ret = 0; - if (ri->type != CMS_RECIPINFO_TRANS) - { + if (ri->type != CMS_RECIPINFO_TRANS) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, - CMS_R_NOT_KEY_TRANSPORT); + CMS_R_NOT_KEY_TRANSPORT); return 0; - } + } ktri = ri->d.ktri; ec = cms->d.envelopedData->encryptedContentInfo; @@ -325,23 +321,21 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) - { + EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR); goto err; - } + } if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) goto err; ek = malloc(eklen); - if (ek == NULL) - { + if (ek == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } + } if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) goto err; @@ -351,33 +345,32 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, ret = 1; - err: +err: if (pctx) EVP_PKEY_CTX_free(pctx); free(ek); return ret; - - } +} /* Decrypt content key from KTRI */ -static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) - { +static int +cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) +{ CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; EVP_PKEY_CTX *pctx = NULL; unsigned char *ek = NULL; size_t eklen; int ret = 0; CMS_EncryptedContentInfo *ec; + ec = cms->d.envelopedData->encryptedContentInfo; - if (ktri->pkey == NULL) - { + if (ktri->pkey == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, - CMS_R_NO_PRIVATE_KEY); + CMS_R_NO_PRIVATE_KEY); return 0; - } + } pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); if (!pctx) @@ -387,152 +380,134 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) - { + EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR); goto err; - } + } if (EVP_PKEY_decrypt(pctx, NULL, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) + ktri->encryptedKey->data, + ktri->encryptedKey->length) <= 0) goto err; ek = malloc(eklen); - if (ek == NULL) - { + if (ek == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } + } if (EVP_PKEY_decrypt(pctx, ek, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) - { + ktri->encryptedKey->data, + ktri->encryptedKey->length) <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB); goto err; - } + } ret = 1; - if (ec->key) - { + if (ec->key) { OPENSSL_cleanse(ec->key, ec->keylen); free(ec->key); - } + } ec->key = ek; ec->keylen = eklen; - err: +err: if (pctx) EVP_PKEY_CTX_free(pctx); if (!ret && ek) free(ek); return ret; - } +} /* Key Encrypted Key (KEK) RecipientInfo routines */ -int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, - const unsigned char *id, size_t idlen) - { +int +CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, + size_t idlen) +{ ASN1_OCTET_STRING tmp_os; CMS_KEKRecipientInfo *kekri; - if (ri->type != CMS_RECIPINFO_KEK) - { + + if (ri->type != CMS_RECIPINFO_KEK) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK); return -2; - } + } kekri = ri->d.kekri; tmp_os.type = V_ASN1_OCTET_STRING; tmp_os.flags = 0; tmp_os.data = (unsigned char *)id; tmp_os.length = (int)idlen; return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); - } +} /* For now hard code AES key wrap info */ -static size_t aes_wrap_keylen(int nid) - { - switch (nid) - { - case NID_id_aes128_wrap: +static size_t +aes_wrap_keylen(int nid) +{ + switch (nid) { + case NID_id_aes128_wrap: return 16; - - case NID_id_aes192_wrap: - return 24; - - case NID_id_aes256_wrap: - return 32; - - default: + case NID_id_aes192_wrap: + return 24; + case NID_id_aes256_wrap: + return 32; + default: return 0; - } } +} -CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen, - ASN1_GENERALIZEDTIME *date, - ASN1_OBJECT *otherTypeId, - ASN1_TYPE *otherType) - { +CMS_RecipientInfo * +CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key, + size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date, + ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType) +{ CMS_RecipientInfo *ri = NULL; CMS_EnvelopedData *env; CMS_KEKRecipientInfo *kekri; + env = cms_get0_enveloped(cms); if (!env) goto err; - if (nid == NID_undef) - { - switch (keylen) - { - case 16: + if (nid == NID_undef) { + switch (keylen) { + case 16: nid = NID_id_aes128_wrap; break; - - case 24: + case 24: nid = NID_id_aes192_wrap; break; - - case 32: + case 32: nid = NID_id_aes256_wrap; break; - - default: + default: CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, - CMS_R_INVALID_KEY_LENGTH); + CMS_R_INVALID_KEY_LENGTH); goto err; - } - } - else - { - + } else { size_t exp_keylen = aes_wrap_keylen(nid); - if (!exp_keylen) - { + if (!exp_keylen) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, - CMS_R_UNSUPPORTED_KEK_ALGORITHM); + CMS_R_UNSUPPORTED_KEK_ALGORITHM); goto err; - } + } - if (keylen != exp_keylen) - { + if (keylen != exp_keylen) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, - CMS_R_INVALID_KEY_LENGTH); + CMS_R_INVALID_KEY_LENGTH); goto err; - } - } + } + /* Initialize recipient info */ ri = M_ASN1_new_of(CMS_RecipientInfo); if (!ri) @@ -545,17 +520,15 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, kekri = ri->d.kekri; - if (otherTypeId) - { + if (otherTypeId) { kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); if (kekri->kekid->other == NULL) goto merr; - } + } if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) goto merr; - /* After this point no calls can fail */ kekri->version = 4; @@ -567,85 +540,79 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, kekri->kekid->date = date; - if (kekri->kekid->other) - { + if (kekri->kekid->other) { kekri->kekid->other->keyAttrId = otherTypeId; kekri->kekid->other->keyAttr = otherType; - } + } X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, - OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); + OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); return ri; - merr: +merr: CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); - err: +err: if (ri) M_ASN1_free_of(ri, CMS_RecipientInfo); return NULL; +} - } - -int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pid, - ASN1_GENERALIZEDTIME **pdate, - ASN1_OBJECT **potherid, - ASN1_TYPE **pothertype) - { +int +CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, ASN1_TYPE **pothertype) +{ CMS_KEKIdentifier *rkid; - if (ri->type != CMS_RECIPINFO_KEK) - { + + if (ri->type != CMS_RECIPINFO_KEK) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK); return 0; - } - rkid = ri->d.kekri->kekid; + } + rkid = ri->d.kekri->kekid; if (palg) *palg = ri->d.kekri->keyEncryptionAlgorithm; if (pid) *pid = rkid->keyIdentifier; if (pdate) *pdate = rkid->date; - if (potherid) - { + if (potherid) { if (rkid->other) *potherid = rkid->other->keyAttrId; else *potherid = NULL; - } - if (pothertype) - { + } + if (pothertype) { if (rkid->other) *pothertype = rkid->other->keyAttr; else *pothertype = NULL; - } - return 1; } + return 1; +} -int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, - unsigned char *key, size_t keylen) - { +int +CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, + size_t keylen) +{ CMS_KEKRecipientInfo *kekri; - if (ri->type != CMS_RECIPINFO_KEK) - { + + if (ri->type != CMS_RECIPINFO_KEK) { CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK); return 0; - } + } kekri = ri->d.kekri; kekri->key = key; kekri->keylen = keylen; return 1; - } - +} /* Encrypt content key in KEK recipient info */ -static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) - { +static int +cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) +{ CMS_EncryptedContentInfo *ec; CMS_KEKRecipientInfo *kekri; AES_KEY actx; @@ -657,55 +624,49 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, kekri = ri->d.kekri; - if (!kekri->key) - { + if (!kekri->key) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY); return 0; - } + } - if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) - { + if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, - CMS_R_ERROR_SETTING_KEY); + CMS_R_ERROR_SETTING_KEY); goto err; - } + } wkey = malloc(ec->keylen + 8); - if (!wkey) - { + if (!wkey) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } + } wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen); - if (wkeylen <= 0) - { + if (wkeylen <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR); goto err; - } + } ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); r = 1; - err: - +err: if (!r && wkey) free(wkey); OPENSSL_cleanse(&actx, sizeof(actx)); return r; - - } +} /* Decrypt content key in KEK recipient info */ -static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) - { +static int +cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) +{ CMS_EncryptedContentInfo *ec; CMS_KEKRecipientInfo *kekri; AES_KEY actx; @@ -717,93 +678,83 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, kekri = ri->d.kekri; - if (!kekri->key) - { + if (!kekri->key) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY); return 0; - } + } wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); - if (aes_wrap_keylen(wrap_nid) != kekri->keylen) - { + if (aes_wrap_keylen(wrap_nid) != kekri->keylen) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, - CMS_R_INVALID_KEY_LENGTH); + CMS_R_INVALID_KEY_LENGTH); return 0; - } + } /* If encrypted key length is invalid don't bother */ - if (kekri->encryptedKey->length < 16) - { + if (kekri->encryptedKey->length < 16) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, - CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); + CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); goto err; - } + } - if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) - { + if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, - CMS_R_ERROR_SETTING_KEY); + CMS_R_ERROR_SETTING_KEY); goto err; - } + } ukey = malloc(kekri->encryptedKey->length - 8); - if (!ukey) - { + if (!ukey) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } + } ukeylen = AES_unwrap_key(&actx, NULL, ukey, - kekri->encryptedKey->data, - kekri->encryptedKey->length); + kekri->encryptedKey->data, + kekri->encryptedKey->length); - if (ukeylen <= 0) - { + if (ukeylen <= 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, - CMS_R_UNWRAP_ERROR); + CMS_R_UNWRAP_ERROR); goto err; - } + } ec->key = ukey; ec->keylen = ukeylen; r = 1; - err: - +err: if (!r && ukey) free(ukey); OPENSSL_cleanse(&actx, sizeof(actx)); return r; +} - } - -int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) - { - switch(ri->type) - { - case CMS_RECIPINFO_TRANS: +int +CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) +{ + switch (ri->type) { + case CMS_RECIPINFO_TRANS: return cms_RecipientInfo_ktri_decrypt(cms, ri); - - case CMS_RECIPINFO_KEK: + case CMS_RECIPINFO_KEK: return cms_RecipientInfo_kekri_decrypt(cms, ri); - - case CMS_RECIPINFO_PASS: + case CMS_RECIPINFO_PASS: return cms_RecipientInfo_pwri_crypt(cms, ri, 0); - - default: + default: CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT, - CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); + CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE); return 0; - } } +} -BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) - { +BIO * +cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) +{ CMS_EncryptedContentInfo *ec; STACK_OF(CMS_RecipientInfo) *rinfos; CMS_RecipientInfo *ri; @@ -824,52 +775,47 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) rinfos = cms->d.envelopedData->recipientInfos; - for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) - { + for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) { ri = sk_CMS_RecipientInfo_value(rinfos, i); - switch (ri->type) - { - case CMS_RECIPINFO_TRANS: + switch (ri->type) { + case CMS_RECIPINFO_TRANS: r = cms_RecipientInfo_ktri_encrypt(cms, ri); break; - case CMS_RECIPINFO_KEK: + case CMS_RECIPINFO_KEK: r = cms_RecipientInfo_kekri_encrypt(cms, ri); break; - case CMS_RECIPINFO_PASS: + case CMS_RECIPINFO_PASS: r = cms_RecipientInfo_pwri_crypt(cms, ri, 1); break; - default: + default: CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, - CMS_R_UNSUPPORTED_RECIPIENT_TYPE); + CMS_R_UNSUPPORTED_RECIPIENT_TYPE); goto err; - } + } - if (r <= 0) - { + if (r <= 0) { CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, - CMS_R_ERROR_SETTING_RECIPIENTINFO); + CMS_R_ERROR_SETTING_RECIPIENTINFO); goto err; - } } + } ok = 1; - err: +err: ec->cipher = NULL; - if (ec->key) - { + if (ec->key) { OPENSSL_cleanse(ec->key, ec->keylen); free(ec->key); ec->key = NULL; ec->keylen = 0; - } + } if (ok) return ret; BIO_free(ret); return NULL; - - } +} diff --git a/lib/libcrypto/cms/cms_err.c b/lib/libcrypto/cms/cms_err.c index 52fa53954f3..313354691a3 100644 --- a/lib/libcrypto/cms/cms_err.c +++ b/lib/libcrypto/cms/cms_err.c @@ -1,13 +1,13 @@ /* crypto/cms/cms_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,169 +68,175 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) -static ERR_STRING_DATA CMS_str_functs[]= - { -{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, -{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, -{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, -{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, -{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, -{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, -{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, -{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, -{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, -{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, -{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, -{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, -{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, -{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, -{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, -{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"}, -{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"}, -{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"}, -{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"}, -{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"}, -{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"}, -{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"}, -{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"}, -{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"}, -{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"}, -{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"}, -{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"}, -{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"}, -{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, -{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, -{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, -{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, -{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"}, -{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, -{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, -{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"}, -{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"}, -{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, -{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, -{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, -{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"}, -{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, -{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, -{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, -{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, -{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, -{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"}, -{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, -{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, -{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, -{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, -{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, -{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"}, -{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, -{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, -{0,NULL} - }; +static ERR_STRING_DATA CMS_str_functs[]= { + {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, + {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, + {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, + {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), "CMS_add0_recipient_password"}, + {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, + {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, + {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, + {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, + {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, + {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, + {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, + {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, + {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, + {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, + {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, + {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, + {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"}, + {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"}, + {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"}, + {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"}, + {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"}, + {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"}, + {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"}, + {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"}, + {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"}, + {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"}, + {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"}, + {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"}, + {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"}, + {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"}, + {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, + {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, + {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, + {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, + {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"}, + {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, + {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, + {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"}, + {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"}, + {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, + {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, + {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, + {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD), "CMS_RecipientInfo_set0_password"}, + {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, + {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, + {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, + {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, + {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, + {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"}, + {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, + {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, + {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"}, + {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, + {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, + {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"}, + {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"}, + {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"}, + {0, NULL} +}; -static ERR_STRING_DATA CMS_str_reasons[]= - { -{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"}, -{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"}, -{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"}, -{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, -{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"}, -{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"}, -{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"}, -{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"}, -{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"}, -{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"}, -{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"}, -{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"}, -{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"}, -{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"}, -{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"}, -{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"}, -{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"}, -{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"}, -{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"}, -{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"}, -{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"}, -{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"}, -{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"}, -{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"}, -{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, -{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"}, -{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"}, -{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"}, -{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"}, -{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"}, -{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"}, -{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"}, -{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"}, -{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"}, -{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"}, -{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"}, -{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"}, -{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"}, -{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"}, -{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"}, -{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"}, -{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"}, -{ERR_REASON(CMS_R_NO_KEY) ,"no key"}, -{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"}, -{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"}, -{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"}, -{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"}, -{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"}, -{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"}, -{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"}, -{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"}, -{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"}, -{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, -{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"}, -{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"}, -{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, -{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"}, -{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"}, -{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"}, -{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"}, -{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"}, -{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"}, -{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"}, -{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"}, -{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"}, -{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"}, -{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"}, -{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"}, -{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"}, -{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, -{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"}, -{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"}, -{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"}, -{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"}, -{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"}, -{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"}, -{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"}, -{0,NULL} - }; +static ERR_STRING_DATA CMS_str_reasons[]= { + {ERR_REASON(CMS_R_ADD_SIGNER_ERROR) , "add signer error"}, + {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT), "certificate already present"}, + {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"}, + {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR), "cipher initialisation error"}, + {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), "cipher parameter initialisation error"}, + {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) , "cms datafinal error"}, + {ERR_REASON(CMS_R_CMS_LIB) , "cms lib"}, + {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH), "contentidentifier mismatch"}, + {ERR_REASON(CMS_R_CONTENT_NOT_FOUND) , "content not found"}, + {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) , "content type mismatch"}, + {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), "content type not compressed data"}, + {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), "content type not enveloped data"}, + {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), "content type not signed data"}, + {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) , "content verify error"}, + {ERR_REASON(CMS_R_CTRL_ERROR) , "ctrl error"}, + {ERR_REASON(CMS_R_CTRL_FAILURE) , "ctrl failure"}, + {ERR_REASON(CMS_R_DECRYPT_ERROR) , "decrypt error"}, + {ERR_REASON(CMS_R_DIGEST_ERROR) , "digest error"}, + {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"}, + {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), "error reading messagedigest attribute"}, + {ERR_REASON(CMS_R_ERROR_SETTING_KEY) , "error setting key"}, + {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO), "error setting recipientinfo"}, + {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), "invalid encrypted key length"}, + {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), "invalid key encryption parameter"}, + {ERR_REASON(CMS_R_INVALID_KEY_LENGTH) , "invalid key length"}, + {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) , "md bio init error"}, + {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), "messagedigest attribute wrong length"}, + {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH), "messagedigest wrong length"}, + {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) , "msgsigdigest error"}, + {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), "msgsigdigest verification failure"}, + {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH), "msgsigdigest wrong length"}, + {ERR_REASON(CMS_R_NEED_ONE_SIGNER) , "need one signer"}, + {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) , "not a signed receipt"}, + {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) , "not encrypted data"}, + {ERR_REASON(CMS_R_NOT_KEK) , "not kek"}, + {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) , "not key transport"}, + {ERR_REASON(CMS_R_NOT_PWRI) , "not pwri"}, + {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "not supported for this key type"}, + {ERR_REASON(CMS_R_NO_CIPHER) , "no cipher"}, + {ERR_REASON(CMS_R_NO_CONTENT) , "no content"}, + {ERR_REASON(CMS_R_NO_CONTENT_TYPE) , "no content type"}, + {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) , "no default digest"}, + {ERR_REASON(CMS_R_NO_DIGEST_SET) , "no digest set"}, + {ERR_REASON(CMS_R_NO_KEY) , "no key"}, + {ERR_REASON(CMS_R_NO_KEY_OR_CERT) , "no key or cert"}, + {ERR_REASON(CMS_R_NO_MATCHING_DIGEST) , "no matching digest"}, + {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) , "no matching recipient"}, + {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) , "no matching signature"}, + {ERR_REASON(CMS_R_NO_MSGSIGDIGEST) , "no msgsigdigest"}, + {ERR_REASON(CMS_R_NO_PASSWORD) , "no password"}, + {ERR_REASON(CMS_R_NO_PRIVATE_KEY) , "no private key"}, + {ERR_REASON(CMS_R_NO_PUBLIC_KEY) , "no public key"}, + {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) , "no receipt request"}, + {ERR_REASON(CMS_R_NO_SIGNERS) , "no signers"}, + {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, + {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) , "receipt decode error"}, + {ERR_REASON(CMS_R_RECIPIENT_ERROR) , "recipient error"}, + {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, + {ERR_REASON(CMS_R_SIGNFINAL_ERROR) , "signfinal error"}, + {ERR_REASON(CMS_R_SMIME_TEXT_ERROR) , "smime text error"}, + {ERR_REASON(CMS_R_STORE_INIT_ERROR) , "store init error"}, + {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"}, + {ERR_REASON(CMS_R_TYPE_NOT_DATA) , "type not data"}, + {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"}, + {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"}, + {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"}, + {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT), "unable to finalize context"}, + {ERR_REASON(CMS_R_UNKNOWN_CIPHER) , "unknown cipher"}, + {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"}, + {ERR_REASON(CMS_R_UNKNOWN_ID) , "unknown id"}, + {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, + {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, + {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM), "unsupported kek algorithm"}, + {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), "unsupported key encryption algorithm"}, + {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"}, + {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE), "unsupported recpientinfo type"}, + {ERR_REASON(CMS_R_UNSUPPORTED_TYPE) , "unsupported type"}, + {ERR_REASON(CMS_R_UNWRAP_ERROR) , "unwrap error"}, + {ERR_REASON(CMS_R_UNWRAP_FAILURE) , "unwrap failure"}, + {ERR_REASON(CMS_R_VERIFICATION_FAILURE) , "verification failure"}, + {ERR_REASON(CMS_R_WRAP_ERROR) , "wrap error"}, + {0, NULL} +}; #endif -void ERR_load_CMS_strings(void) - { +void +ERR_load_CMS_strings(void) +{ #ifndef OPENSSL_NO_ERR - - if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) - { - ERR_load_strings(0,CMS_str_functs); - ERR_load_strings(0,CMS_str_reasons); - } -#endif + if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) { + ERR_load_strings(0, CMS_str_functs); + ERR_load_strings(0, CMS_str_reasons); } +#endif +} diff --git a/lib/libcrypto/cms/cms_ess.c b/lib/libcrypto/cms/cms_ess.c index 8dbd56ef2b6..6868edaaedc 100644 --- a/lib/libcrypto/cms/cms_ess.c +++ b/lib/libcrypto/cms/cms_ess.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -67,15 +67,17 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) /* ESS services: for now just Signed Receipt related */ -int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) - { +int +CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) +{ ASN1_STRING *str; CMS_ReceiptRequest *rr = NULL; + if (prr) *prr = NULL; str = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_id_smime_aa_receiptRequest), - -3, V_ASN1_SEQUENCE); + OBJ_nid2obj(NID_id_smime_aa_receiptRequest), + -3, V_ASN1_SEQUENCE); if (!str) return 0; @@ -87,13 +89,12 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) else CMS_ReceiptRequest_free(rr); return 1; - } +} -CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, - int allorfirst, - STACK_OF(GENERAL_NAMES) *receiptList, - STACK_OF(GENERAL_NAMES) *receiptsTo) - { +CMS_ReceiptRequest * +CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst, + STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo) +{ CMS_ReceiptRequest *rr = NULL; rr = CMS_ReceiptRequest_new(); @@ -101,44 +102,38 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, goto merr; if (id) ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); - else - { + else { if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) goto merr; - if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) - <= 0) + if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) + <= 0) goto err; - } + } sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free); rr->receiptsTo = receiptsTo; - if (receiptList) - { + if (receiptList) { rr->receiptsFrom->type = 1; rr->receiptsFrom->d.receiptList = receiptList; - } - else - { + } else { rr->receiptsFrom->type = 0; rr->receiptsFrom->d.allOrFirstTier = allorfirst; - } + } return rr; - merr: +merr: CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE); - - err: +err: if (rr) CMS_ReceiptRequest_free(rr); - return NULL; - - } +} -int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) - { +int +CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) +{ unsigned char *rrder = NULL; int rrderlen, r = 0; @@ -147,86 +142,81 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) goto merr; if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, - V_ASN1_SEQUENCE, rrder, rrderlen)) + V_ASN1_SEQUENCE, rrder, rrderlen)) goto merr; r = 1; - merr: +merr: if (!r) CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); - free(rrder); - return r; - - } +} -void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, - ASN1_STRING **pcid, - int *pallorfirst, - STACK_OF(GENERAL_NAMES) **plist, - STACK_OF(GENERAL_NAMES) **prto) - { +void +CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, + int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto) +{ if (pcid) *pcid = rr->signedContentIdentifier; - if (rr->receiptsFrom->type == 0) - { + if (rr->receiptsFrom->type == 0) { if (pallorfirst) *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier; if (plist) *plist = NULL; - } - else - { + } else { if (pallorfirst) *pallorfirst = -1; if (plist) *plist = rr->receiptsFrom->d.receiptList; - } + } if (prto) *prto = rr->receiptsTo; - } +} /* Digest a SignerInfo structure for msgSigDigest attribute processing */ -static int cms_msgSigDigest(CMS_SignerInfo *si, - unsigned char *dig, unsigned int *diglen) - { +static int +cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen) +{ const EVP_MD *md; + md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return 0; if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, - si->signedAttrs, dig, diglen)) + si->signedAttrs, dig, diglen)) return 0; return 1; - } +} /* Add a msgSigDigest attribute to a SignerInfo */ -int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) - { +int +cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) +{ unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int diglen; - if (!cms_msgSigDigest(src, dig, &diglen)) - { + + if (!cms_msgSigDigest(src, dig, &diglen)) { CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR); return 0; - } + } if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, - V_ASN1_OCTET_STRING, dig, diglen)) - { + V_ASN1_OCTET_STRING, dig, diglen)) { CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE); return 0; - } - return 1; } + return 1; +} /* Verify signed receipt after it has already passed normal CMS verify */ -int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) - { +int +cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) +{ int r = 0, i; CMS_ReceiptRequest *rr = NULL; CMS_Receipt *rct = NULL; @@ -243,138 +233,122 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) if (!osis || !sis) goto err; - if (sk_CMS_SignerInfo_num(sis) != 1) - { + if (sk_CMS_SignerInfo_num(sis) != 1) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER); goto err; - } + } /* Check receipt content type */ - if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) - { + if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT); goto err; - } + } /* Extract and decode receipt content */ pcont = CMS_get0_content(cms); - if (!pcont || !*pcont) - { + if (!pcont || !*pcont) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT); goto err; - } + } rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt)); - if (!rct) - { + if (!rct) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR); goto err; - } + } /* Locate original request */ - for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) { osi = sk_CMS_SignerInfo_value(osis, i); if (!ASN1_STRING_cmp(osi->signature, - rct->originatorSignatureValue)) + rct->originatorSignatureValue)) break; - } + } - if (i == sk_CMS_SignerInfo_num(osis)) - { + if (i == sk_CMS_SignerInfo_num(osis)) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE); goto err; - } + } si = sk_CMS_SignerInfo_value(sis, 0); /* Get msgSigDigest value and compare */ msig = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), - -3, V_ASN1_OCTET_STRING); + OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, V_ASN1_OCTET_STRING); - if (!msig) - { + if (!msig) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST); goto err; - } + } - if (!cms_msgSigDigest(osi, dig, &diglen)) - { + if (!cms_msgSigDigest(osi, dig, &diglen)) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR); goto err; - } + } - if (diglen != (unsigned int)msig->length) - { - CMSerr(CMS_F_CMS_RECEIPT_VERIFY, - CMS_R_MSGSIGDIGEST_WRONG_LENGTH); - goto err; - } + if (diglen != (unsigned int)msig->length) { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_MSGSIGDIGEST_WRONG_LENGTH); + goto err; + } - if (memcmp(dig, msig->data, diglen)) - { - CMSerr(CMS_F_CMS_RECEIPT_VERIFY, - CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE); - goto err; - } + if (memcmp(dig, msig->data, diglen)) { + CMSerr(CMS_F_CMS_RECEIPT_VERIFY, + CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE); + goto err; + } /* Compare content types */ octype = CMS_signed_get0_data_by_OBJ(osi, - OBJ_nid2obj(NID_pkcs9_contentType), - -3, V_ASN1_OBJECT); - if (!octype) - { + OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT); + if (!octype) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE); goto err; - } + } /* Compare details in receipt request */ - if (OBJ_cmp(octype, rct->contentType)) - { + if (OBJ_cmp(octype, rct->contentType)) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH); goto err; - } + } /* Get original receipt request details */ - if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) - { + if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST); goto err; - } + } if (ASN1_STRING_cmp(rr->signedContentIdentifier, - rct->signedContentIdentifier)) - { + rct->signedContentIdentifier)) { CMSerr(CMS_F_CMS_RECEIPT_VERIFY, - CMS_R_CONTENTIDENTIFIER_MISMATCH); + CMS_R_CONTENTIDENTIFIER_MISMATCH); goto err; - } + } r = 1; - err: +err: if (rr) CMS_ReceiptRequest_free(rr); if (rct) M_ASN1_free_of(rct, CMS_Receipt); return r; - - } +} /* Encode a Receipt into an OCTET STRING read for including into content of * a SignedData ContentInfo. */ -ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) - { +ASN1_OCTET_STRING * +cms_encode_Receipt(CMS_SignerInfo *si) +{ CMS_Receipt rct; CMS_ReceiptRequest *rr = NULL; ASN1_OBJECT *ctype; @@ -384,22 +358,19 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) /* Get original receipt request details */ - if (CMS_get1_ReceiptRequest(si, &rr) <= 0) - { + if (CMS_get1_ReceiptRequest(si, &rr) <= 0) { CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST); goto err; - } + } /* Get original content type */ ctype = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_pkcs9_contentType), - -3, V_ASN1_OBJECT); - if (!ctype) - { + OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT); + if (!ctype) { CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE); goto err; - } + } rct.version = 1; rct.contentType = ctype; @@ -408,12 +379,8 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); - err: +err: if (rr) CMS_ReceiptRequest_free(rr); - return os; - - } - - +} diff --git a/lib/libcrypto/cms/cms_io.c b/lib/libcrypto/cms/cms_io.c index 30f5ddfe6d2..f8c1d451526 100644 --- a/lib/libcrypto/cms/cms_io.c +++ b/lib/libcrypto/cms/cms_io.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,83 +58,82 @@ #include "cms.h" #include "cms_lcl.h" -CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) - { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); - } - -int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); - } - -IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) +int +CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) +{ + ASN1_OCTET_STRING **pos; -/* Callback for int_smime_write_ASN1 */ - -static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it) - { - CMS_ContentInfo *cms = (CMS_ContentInfo *)val; - BIO *tmpbio, *cmsbio; - int r = 0; - - if (!(flags & SMIME_DETACHED)) - { - SMIME_crlf_copy(data, out, flags); - return 1; - } - - /* Let CMS code prepend any needed BIOs */ - - cmsbio = CMS_dataInit(cms, out); - - if (!cmsbio) + pos = CMS_get0_content(cms); + if (!pos) return 0; + if (!*pos) + *pos = ASN1_OCTET_STRING_new(); + if (*pos) { + (*pos)->flags |= ASN1_STRING_FLAG_NDEF; + (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; + *boundary = &(*pos)->data; + return 1; + } + CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE); + return 0; +} - /* Copy data across, passing through filter BIOs for processing */ - SMIME_crlf_copy(data, cmsbio, flags); - - /* Finalize structure */ - if (CMS_dataFinal(cms, cmsbio) <= 0) - goto err; - - r = 1; - - err: - - /* Now remove any digests prepended to the BIO */ - - while (cmsbio != out) - { - tmpbio = BIO_pop(cmsbio); - BIO_free(cmsbio); - cmsbio = tmpbio; - } - - return 1; +CMS_ContentInfo * +d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) +{ + return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); +} - } +int +i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) +{ + return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); +} +IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) -int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) - { +BIO * +BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) +{ + return BIO_new_NDEF(out, (ASN1_VALUE *)cms, + ASN1_ITEM_rptr(CMS_ContentInfo)); +} + +/* CMS wrappers round generalised stream and MIME routines */ + +int +i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) +{ + return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags, + ASN1_ITEM_rptr(CMS_ContentInfo)); +} + +int +PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) +{ + return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags, + "CMS", ASN1_ITEM_rptr(CMS_ContentInfo)); +} + +int +SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) +{ STACK_OF(X509_ALGOR) *mdalgs; int ctype_nid = OBJ_obj2nid(cms->contentType); int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); + if (ctype_nid == NID_pkcs7_signed) mdalgs = cms->d.signedData->digestAlgorithms; else mdalgs = NULL; - return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, - ctype_nid, econt_nid, mdalgs, - cms_output_data, - ASN1_ITEM_rptr(CMS_ContentInfo)); - } + return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, + ctype_nid, econt_nid, mdalgs, ASN1_ITEM_rptr(CMS_ContentInfo)); +} -CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) - { +CMS_ContentInfo * +SMIME_read_CMS(BIO *bio, BIO **bcont) +{ return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont, - ASN1_ITEM_rptr(CMS_ContentInfo)); - } + ASN1_ITEM_rptr(CMS_ContentInfo)); +} diff --git a/lib/libcrypto/cms/cms_lcl.h b/lib/libcrypto/cms/cms_lcl.h index 7d60fac67eb..3c905342f43 100644 --- a/lib/libcrypto/cms/cms_lcl.h +++ b/lib/libcrypto/cms/cms_lcl.h @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -93,10 +93,9 @@ typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; -struct CMS_ContentInfo_st - { +struct CMS_ContentInfo_st { ASN1_OBJECT *contentType; - union { + union { ASN1_OCTET_STRING *data; CMS_SignedData *signedData; CMS_EnvelopedData *envelopedData; @@ -107,29 +106,26 @@ struct CMS_ContentInfo_st ASN1_TYPE *other; /* Other types ... */ void *otherData; - } d; - }; + } d; +}; -struct CMS_SignedData_st - { +struct CMS_SignedData_st { long version; STACK_OF(X509_ALGOR) *digestAlgorithms; CMS_EncapsulatedContentInfo *encapContentInfo; STACK_OF(CMS_CertificateChoices) *certificates; STACK_OF(CMS_RevocationInfoChoice) *crls; STACK_OF(CMS_SignerInfo) *signerInfos; - }; - -struct CMS_EncapsulatedContentInfo_st - { +}; + +struct CMS_EncapsulatedContentInfo_st { ASN1_OBJECT *eContentType; ASN1_OCTET_STRING *eContent; /* Set to 1 if incomplete structure only part set up */ int partial; - }; +}; -struct CMS_SignerInfo_st - { +struct CMS_SignerInfo_st { long version; CMS_SignerIdentifier *sid; X509_ALGOR *digestAlgorithm; @@ -140,34 +136,30 @@ struct CMS_SignerInfo_st /* Signing certificate and key */ X509 *signer; EVP_PKEY *pkey; - }; +}; -struct CMS_SignerIdentifier_st - { +struct CMS_SignerIdentifier_st { int type; - union { + union { CMS_IssuerAndSerialNumber *issuerAndSerialNumber; ASN1_OCTET_STRING *subjectKeyIdentifier; - } d; - }; + } d; +}; -struct CMS_EnvelopedData_st - { +struct CMS_EnvelopedData_st { long version; CMS_OriginatorInfo *originatorInfo; STACK_OF(CMS_RecipientInfo) *recipientInfos; CMS_EncryptedContentInfo *encryptedContentInfo; STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; - }; +}; -struct CMS_OriginatorInfo_st - { +struct CMS_OriginatorInfo_st { STACK_OF(CMS_CertificateChoices) *certificates; STACK_OF(CMS_RevocationInfoChoice) *crls; - }; +}; -struct CMS_EncryptedContentInfo_st - { +struct CMS_EncryptedContentInfo_st { ASN1_OBJECT *contentType; X509_ALGOR *contentEncryptionAlgorithm; ASN1_OCTET_STRING *encryptedContent; @@ -175,24 +167,24 @@ struct CMS_EncryptedContentInfo_st const EVP_CIPHER *cipher; unsigned char *key; size_t keylen; - }; + /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ + int debug; +}; -struct CMS_RecipientInfo_st - { - int type; - union { - CMS_KeyTransRecipientInfo *ktri; - CMS_KeyAgreeRecipientInfo *kari; - CMS_KEKRecipientInfo *kekri; +struct CMS_RecipientInfo_st { + int type; + union { + CMS_KeyTransRecipientInfo *ktri; + CMS_KeyAgreeRecipientInfo *kari; + CMS_KEKRecipientInfo *kekri; CMS_PasswordRecipientInfo *pwri; CMS_OtherRecipientInfo *ori; - } d; - }; + } d; +}; typedef CMS_SignerIdentifier CMS_RecipientIdentifier; -struct CMS_KeyTransRecipientInfo_st - { +struct CMS_KeyTransRecipientInfo_st { long version; CMS_RecipientIdentifier *rid; X509_ALGOR *keyEncryptionAlgorithm; @@ -200,104 +192,94 @@ struct CMS_KeyTransRecipientInfo_st /* Recipient Key and cert */ X509 *recip; EVP_PKEY *pkey; - }; +}; -struct CMS_KeyAgreeRecipientInfo_st - { +struct CMS_KeyAgreeRecipientInfo_st { long version; CMS_OriginatorIdentifierOrKey *originator; ASN1_OCTET_STRING *ukm; - X509_ALGOR *keyEncryptionAlgorithm; + X509_ALGOR *keyEncryptionAlgorithm; STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; - }; +}; -struct CMS_OriginatorIdentifierOrKey_st - { +struct CMS_OriginatorIdentifierOrKey_st { int type; - union { + union { CMS_IssuerAndSerialNumber *issuerAndSerialNumber; ASN1_OCTET_STRING *subjectKeyIdentifier; CMS_OriginatorPublicKey *originatorKey; - } d; - }; + } d; +}; -struct CMS_OriginatorPublicKey_st - { +struct CMS_OriginatorPublicKey_st { X509_ALGOR *algorithm; ASN1_BIT_STRING *publicKey; - }; +}; -struct CMS_RecipientEncryptedKey_st - { - CMS_KeyAgreeRecipientIdentifier *rid; - ASN1_OCTET_STRING *encryptedKey; - }; +struct CMS_RecipientEncryptedKey_st { + CMS_KeyAgreeRecipientIdentifier *rid; + ASN1_OCTET_STRING *encryptedKey; +}; -struct CMS_KeyAgreeRecipientIdentifier_st - { +struct CMS_KeyAgreeRecipientIdentifier_st { int type; - union { + union { CMS_IssuerAndSerialNumber *issuerAndSerialNumber; CMS_RecipientKeyIdentifier *rKeyId; - } d; - }; + } d; +}; -struct CMS_RecipientKeyIdentifier_st - { - ASN1_OCTET_STRING *subjectKeyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; - }; +struct CMS_RecipientKeyIdentifier_st { + ASN1_OCTET_STRING *subjectKeyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; +}; -struct CMS_KEKRecipientInfo_st - { - long version; - CMS_KEKIdentifier *kekid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; +struct CMS_KEKRecipientInfo_st { + long version; + CMS_KEKIdentifier *kekid; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; /* Extra info: symmetric key to use */ unsigned char *key; size_t keylen; - }; +}; -struct CMS_KEKIdentifier_st - { - ASN1_OCTET_STRING *keyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; - }; +struct CMS_KEKIdentifier_st { + ASN1_OCTET_STRING *keyIdentifier; + ASN1_GENERALIZEDTIME *date; + CMS_OtherKeyAttribute *other; +}; -struct CMS_PasswordRecipientInfo_st - { - long version; - X509_ALGOR *keyDerivationAlgorithm; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - }; +struct CMS_PasswordRecipientInfo_st { + long version; + X509_ALGOR *keyDerivationAlgorithm; + X509_ALGOR *keyEncryptionAlgorithm; + ASN1_OCTET_STRING *encryptedKey; + /* Extra info: password to use */ + unsigned char *pass; + size_t passlen; +}; -struct CMS_OtherRecipientInfo_st - { - ASN1_OBJECT *oriType; - ASN1_TYPE *oriValue; - }; +struct CMS_OtherRecipientInfo_st { + ASN1_OBJECT *oriType; + ASN1_TYPE *oriValue; +}; -struct CMS_DigestedData_st - { +struct CMS_DigestedData_st { long version; X509_ALGOR *digestAlgorithm; CMS_EncapsulatedContentInfo *encapContentInfo; ASN1_OCTET_STRING *digest; - }; +}; -struct CMS_EncryptedData_st - { +struct CMS_EncryptedData_st { long version; CMS_EncryptedContentInfo *encryptedContentInfo; STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; - }; +}; -struct CMS_AuthenticatedData_st - { +struct CMS_AuthenticatedData_st { long version; CMS_OriginatorInfo *originatorInfo; STACK_OF(CMS_RecipientInfo) *recipientInfos; @@ -307,45 +289,41 @@ struct CMS_AuthenticatedData_st STACK_OF(X509_ATTRIBUTE) *authAttrs; ASN1_OCTET_STRING *mac; STACK_OF(X509_ATTRIBUTE) *unauthAttrs; - }; +}; -struct CMS_CompressedData_st - { +struct CMS_CompressedData_st { long version; X509_ALGOR *compressionAlgorithm; STACK_OF(CMS_RecipientInfo) *recipientInfos; CMS_EncapsulatedContentInfo *encapContentInfo; - }; +}; -struct CMS_RevocationInfoChoice_st - { +struct CMS_RevocationInfoChoice_st { int type; - union { + union { X509_CRL *crl; CMS_OtherRevocationInfoFormat *other; - } d; - }; + } d; +}; #define CMS_REVCHOICE_CRL 0 #define CMS_REVCHOICE_OTHER 1 -struct CMS_OtherRevocationInfoFormat_st - { +struct CMS_OtherRevocationInfoFormat_st { ASN1_OBJECT *otherRevInfoFormat; - ASN1_TYPE *otherRevInfo; - }; + ASN1_TYPE *otherRevInfo; +}; -struct CMS_CertificateChoices - { +struct CMS_CertificateChoices { int type; - union { + union { X509 *certificate; ASN1_STRING *extendedCertificate; /* Obsolete */ ASN1_STRING *v1AttrCert; /* Left encoded for now */ ASN1_STRING *v2AttrCert; /* Left encoded for now */ CMS_OtherCertificateFormat *other; - } d; - }; + } d; +}; #define CMS_CERTCHOICE_CERT 0 #define CMS_CERTCHOICE_EXCERT 1 @@ -353,63 +331,60 @@ struct CMS_CertificateChoices #define CMS_CERTCHOICE_V2ACERT 3 #define CMS_CERTCHOICE_OTHER 4 -struct CMS_OtherCertificateFormat_st - { +struct CMS_OtherCertificateFormat_st { ASN1_OBJECT *otherCertFormat; - ASN1_TYPE *otherCert; - }; + ASN1_TYPE *otherCert; +}; /* This is also defined in pkcs7.h but we duplicate it * to allow the CMS code to be independent of PKCS#7 */ -struct CMS_IssuerAndSerialNumber_st - { +struct CMS_IssuerAndSerialNumber_st { X509_NAME *issuer; ASN1_INTEGER *serialNumber; - }; +}; -struct CMS_OtherKeyAttribute_st - { +struct CMS_OtherKeyAttribute_st { ASN1_OBJECT *keyAttrId; - ASN1_TYPE *keyAttr; - }; + ASN1_TYPE *keyAttr; +}; /* ESS structures */ #ifdef HEADER_X509V3_H -struct CMS_ReceiptRequest_st - { +struct CMS_ReceiptRequest_st { ASN1_OCTET_STRING *signedContentIdentifier; CMS_ReceiptsFrom *receiptsFrom; STACK_OF(GENERAL_NAMES) *receiptsTo; - }; +}; -struct CMS_ReceiptsFrom_st - { +struct CMS_ReceiptsFrom_st { int type; union - { + { long allOrFirstTier; STACK_OF(GENERAL_NAMES) *receiptList; - } d; - }; + } d; +}; #endif -struct CMS_Receipt_st - { +struct CMS_Receipt_st { long version; ASN1_OBJECT *contentType; ASN1_OCTET_STRING *signedContentIdentifier; ASN1_OCTET_STRING *originatorSignatureValue; - }; +}; +DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_SignerInfo) DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) DECLARE_ASN1_ITEM(CMS_Attributes_Sign) DECLARE_ASN1_ITEM(CMS_Attributes_Verify) +DECLARE_ASN1_ITEM(CMS_RecipientInfo) +DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) #define CMS_SIGNERINFO_ISSUER_SERIAL 0 @@ -430,8 +405,7 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type); int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); CMS_ContentInfo *cms_CompressedData_create(int comp_nid); @@ -440,20 +414,24 @@ BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); + X509_ALGOR *mdalg); BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec); BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms); -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen); +int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen); int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); - +CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); + +/* PWRI routines */ +int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, + int en_de); + #ifdef __cplusplus } #endif diff --git a/lib/libcrypto/cms/cms_lib.c b/lib/libcrypto/cms/cms_lib.c index 8e6c1d29a52..66bd73c86ce 100644 --- a/lib/libcrypto/cms/cms_lib.c +++ b/lib/libcrypto/cms/cms_lib.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,34 +60,39 @@ #include "cms.h" #include "cms_lcl.h" -IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo) +IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) +IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) DECLARE_STACK_OF(CMS_CertificateChoices) DECLARE_STACK_OF(CMS_RevocationInfoChoice) -const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms) - { +const ASN1_OBJECT * +CMS_get0_type(CMS_ContentInfo *cms) +{ return cms->contentType; - } +} -CMS_ContentInfo *cms_Data_create(void) - { +CMS_ContentInfo * +cms_Data_create(void) +{ CMS_ContentInfo *cms; + cms = CMS_ContentInfo_new(); - if (cms) - { + if (cms) { cms->contentType = OBJ_nid2obj(NID_pkcs7_data); /* Never detached */ CMS_set_detached(cms, 0); - } - return cms; } + return cms; +} -BIO *cms_content_bio(CMS_ContentInfo *cms) - { +BIO * +cms_content_bio(CMS_ContentInfo *cms) +{ ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos) return NULL; /* If content detached data goes nowhere: create NULL BIO */ @@ -99,51 +104,45 @@ BIO *cms_content_bio(CMS_ContentInfo *cms) return BIO_new(BIO_s_mem()); /* Else content was read in: return read only BIO for it */ return BIO_new_mem_buf((*pos)->data, (*pos)->length); - } +} -BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) - { +BIO * +CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) +{ BIO *cmsbio, *cont; + if (icont) cont = icont; else cont = cms_content_bio(cms); - if (!cont) - { + if (!cont) { CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT); return NULL; - } - switch (OBJ_obj2nid(cms->contentType)) - { - - case NID_pkcs7_data: + } + switch (OBJ_obj2nid(cms->contentType)) { + case NID_pkcs7_data: return cont; - - case NID_pkcs7_signed: + case NID_pkcs7_signed: cmsbio = cms_SignedData_init_bio(cms); break; - - case NID_pkcs7_digest: + case NID_pkcs7_digest: cmsbio = cms_DigestedData_init_bio(cms); break; #ifdef ZLIB - case NID_id_smime_ct_compressedData: + case NID_id_smime_ct_compressedData: cmsbio = cms_CompressedData_init_bio(cms); break; #endif - - case NID_pkcs7_encrypted: + case NID_pkcs7_encrypted: cmsbio = cms_EncryptedData_init_bio(cms); break; - - case NID_pkcs7_enveloped: + case NID_pkcs7_enveloped: cmsbio = cms_EnvelopedData_init_bio(cms); break; - - default: + default: CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); return NULL; - } + } if (cmsbio) return BIO_push(cmsbio, cont); @@ -151,142 +150,121 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) if (!icont) BIO_free(cont); return NULL; +} - } - -int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) - { +int +CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) +{ ASN1_OCTET_STRING **pos = CMS_get0_content(cms); + if (!pos) return 0; /* If ebmedded content find memory BIO and set content */ - if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) - { + if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) { BIO *mbio; unsigned char *cont; long contlen; mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); - if (!mbio) - { + if (!mbio) { CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND); return 0; - } + } contlen = BIO_get_mem_data(mbio, &cont); /* Set bio as read only so its content can't be clobbered */ BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); BIO_set_mem_eof_return(mbio, 0); ASN1_STRING_set0(*pos, cont, contlen); (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; - } - - switch (OBJ_obj2nid(cms->contentType)) - { + } - case NID_pkcs7_data: - case NID_pkcs7_enveloped: - case NID_pkcs7_encrypted: - case NID_id_smime_ct_compressedData: + switch (OBJ_obj2nid(cms->contentType)) { + case NID_pkcs7_data: + case NID_pkcs7_enveloped: + case NID_pkcs7_encrypted: + case NID_id_smime_ct_compressedData: /* Nothing to do */ return 1; - - case NID_pkcs7_signed: + case NID_pkcs7_signed: return cms_SignedData_final(cms, cmsbio); - - case NID_pkcs7_digest: + case NID_pkcs7_digest: return cms_DigestedData_do_final(cms, cmsbio, 0); - - default: + default: CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE); return 0; - } } +} /* Return an OCTET STRING pointer to content. This allows it to * be accessed or set later. */ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) - { - switch (OBJ_obj2nid(cms->contentType)) - { - - case NID_pkcs7_data: +{ + switch (OBJ_obj2nid(cms->contentType)) { + case NID_pkcs7_data: return &cms->d.data; - - case NID_pkcs7_signed: + case NID_pkcs7_signed: return &cms->d.signedData->encapContentInfo->eContent; - - case NID_pkcs7_enveloped: + case NID_pkcs7_enveloped: return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; - - case NID_pkcs7_digest: + case NID_pkcs7_digest: return &cms->d.digestedData->encapContentInfo->eContent; - - case NID_pkcs7_encrypted: + case NID_pkcs7_encrypted: return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; - - case NID_id_smime_ct_authData: + case NID_id_smime_ct_authData: return &cms->d.authenticatedData->encapContentInfo->eContent; - - case NID_id_smime_ct_compressedData: + case NID_id_smime_ct_compressedData: return &cms->d.compressedData->encapContentInfo->eContent; - - default: + default: if (cms->d.other->type == V_ASN1_OCTET_STRING) return &cms->d.other->value.octet_string; CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - - } } +} /* Return an ASN1_OBJECT pointer to content type. This allows it to * be accessed or set later. */ static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) - { - switch (OBJ_obj2nid(cms->contentType)) - { - - case NID_pkcs7_signed: +{ + switch (OBJ_obj2nid(cms->contentType)) { + case NID_pkcs7_signed: return &cms->d.signedData->encapContentInfo->eContentType; - - case NID_pkcs7_enveloped: + case NID_pkcs7_enveloped: return &cms->d.envelopedData->encryptedContentInfo->contentType; - - case NID_pkcs7_digest: + case NID_pkcs7_digest: return &cms->d.digestedData->encapContentInfo->eContentType; - - case NID_pkcs7_encrypted: + case NID_pkcs7_encrypted: return &cms->d.encryptedData->encryptedContentInfo->contentType; - - case NID_id_smime_ct_authData: + case NID_id_smime_ct_authData: return &cms->d.authenticatedData->encapContentInfo->eContentType; - - case NID_id_smime_ct_compressedData: + case NID_id_smime_ct_compressedData: return &cms->d.compressedData->encapContentInfo->eContentType; - - default: + default: CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, - CMS_R_UNSUPPORTED_CONTENT_TYPE); + CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - - } } +} -const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) - { +const ASN1_OBJECT * +CMS_get0_eContentType(CMS_ContentInfo *cms) +{ ASN1_OBJECT **petype; + petype = cms_get0_econtent_type(cms); if (petype) return *petype; return NULL; - } +} -int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) - { +int +CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) +{ ASN1_OBJECT **petype, *etype; + petype = cms_get0_econtent_type(cms); if (!petype) return 0; @@ -298,155 +276,147 @@ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) ASN1_OBJECT_free(*petype); *petype = etype; return 1; - } +} -int CMS_is_detached(CMS_ContentInfo *cms) - { +int +CMS_is_detached(CMS_ContentInfo *cms) +{ ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); if (!pos) return -1; if (*pos) return 0; return 1; - } +} -int CMS_set_detached(CMS_ContentInfo *cms, int detached) - { +int +CMS_set_detached(CMS_ContentInfo *cms, int detached) +{ ASN1_OCTET_STRING **pos; + pos = CMS_get0_content(cms); if (!pos) return 0; - if (detached) - { - if (*pos) - { + if (detached) { + if (*pos) { ASN1_OCTET_STRING_free(*pos); *pos = NULL; - } - return 1; } + return 1; + } if (!*pos) *pos = ASN1_OCTET_STRING_new(); - if (*pos) - { + if (*pos) { /* NB: special flag to show content is created and not * read in. */ (*pos)->flags |= ASN1_STRING_FLAG_CONT; return 1; - } + } CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE); return 0; - } +} /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ -void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) - { +void +cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) +{ int param_type; - switch (EVP_MD_type(md)) - { - case NID_sha1: - case NID_sha224: - case NID_sha256: - case NID_sha384: - case NID_sha512: + if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) param_type = V_ASN1_UNDEF; - break; - - default: + else param_type = V_ASN1_NULL; - break; - } X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); - } +} /* Create a digest BIO from an X509_ALGOR structure */ -BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) - { +BIO * +cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) +{ BIO *mdbio = NULL; ASN1_OBJECT *digestoid; const EVP_MD *digest; + X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); digest = EVP_get_digestbyobj(digestoid); - if (!digest) - { + if (!digest) { CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, - CMS_R_UNKNOWN_DIGEST_ALGORIHM); - goto err; - } + CMS_R_UNKNOWN_DIGEST_ALGORIHM); + goto err; + } mdbio = BIO_new(BIO_f_md()); - if (!mdbio || !BIO_set_md(mdbio, digest)) - { + if (!mdbio || !BIO_set_md(mdbio, digest)) { CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, - CMS_R_MD_BIO_INIT_ERROR); - goto err; - } + CMS_R_MD_BIO_INIT_ERROR); + goto err; + } return mdbio; - err: + +err: if (mdbio) BIO_free(mdbio); return NULL; - } +} /* Locate a message digest content from a BIO chain based on SignerInfo */ -int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg) - { +int +cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg) +{ int nid; ASN1_OBJECT *mdoid; + X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); nid = OBJ_obj2nid(mdoid); + /* Look for digest type to match signature */ - for (;;) - { + for (;;) { EVP_MD_CTX *mtmp; chain = BIO_find_type(chain, BIO_TYPE_MD); - if (chain == NULL) - { + if (chain == NULL) { CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, - CMS_R_NO_MATCHING_DIGEST); + CMS_R_NO_MATCHING_DIGEST); return 0; - } + } BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_type(mtmp) == nid) - { - EVP_MD_CTX_copy_ex(mctx, mtmp); - return 1; - } + if (EVP_MD_CTX_type(mtmp) == nid + /* Workaround for broken implementations that use signature + * algorithm OID instead of digest. + */ || + EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) + return EVP_MD_CTX_copy_ex(mctx, mtmp); chain = BIO_next(chain); - } } +} -static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms) - { - switch (OBJ_obj2nid(cms->contentType)) - { - - case NID_pkcs7_signed: +static STACK_OF(CMS_CertificateChoices) ** +cms_get0_certificate_choices(CMS_ContentInfo *cms) +{ + switch (OBJ_obj2nid(cms->contentType)) { + case NID_pkcs7_signed: return &cms->d.signedData->certificates; - - case NID_pkcs7_enveloped: + case NID_pkcs7_enveloped: return &cms->d.envelopedData->originatorInfo->certificates; - - default: + default: CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES, - CMS_R_UNSUPPORTED_CONTENT_TYPE); + CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - - } } +} -CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) - { +CMS_CertificateChoices * +CMS_add0_CertificateChoices(CMS_ContentInfo *cms) +{ STACK_OF(CMS_CertificateChoices) **pcerts; CMS_CertificateChoices *cch; + pcerts = cms_get0_certificate_choices(cms); if (!pcerts) return NULL; @@ -457,77 +427,73 @@ CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) cch = M_ASN1_new_of(CMS_CertificateChoices); if (!cch) return NULL; - if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) - { + if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) { M_ASN1_free_of(cch, CMS_CertificateChoices); return NULL; - } - return cch; } + return cch; +} -int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) - { +int +CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) +{ CMS_CertificateChoices *cch; STACK_OF(CMS_CertificateChoices) **pcerts; int i; + pcerts = cms_get0_certificate_choices(cms); if (!pcerts) return 0; - if (!pcerts) - return 0; - for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) - { + for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { cch = sk_CMS_CertificateChoices_value(*pcerts, i); - if (cch->type == CMS_CERTCHOICE_CERT) - { - if (!X509_cmp(cch->d.certificate, cert)) - { - CMSerr(CMS_F_CMS_ADD0_CERT, - CMS_R_CERTIFICATE_ALREADY_PRESENT); + if (cch->type == CMS_CERTCHOICE_CERT) { + if (!X509_cmp(cch->d.certificate, cert)) { + CMSerr(CMS_F_CMS_ADD0_CERT, + CMS_R_CERTIFICATE_ALREADY_PRESENT); return 0; - } } } + } cch = CMS_add0_CertificateChoices(cms); if (!cch) return 0; cch->type = CMS_CERTCHOICE_CERT; cch->d.certificate = cert; return 1; - } +} -int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) - { +int +CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) +{ int r; + r = CMS_add0_cert(cms, cert); if (r > 0) CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); return r; - } - -static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms) - { - switch (OBJ_obj2nid(cms->contentType)) - { +} - case NID_pkcs7_signed: +static STACK_OF(CMS_RevocationInfoChoice) ** +cms_get0_revocation_choices(CMS_ContentInfo *cms) +{ + switch (OBJ_obj2nid(cms->contentType)) { + case NID_pkcs7_signed: return &cms->d.signedData->crls; - - case NID_pkcs7_enveloped: + case NID_pkcs7_enveloped: return &cms->d.envelopedData->originatorInfo->crls; - - default: + default: CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES, - CMS_R_UNSUPPORTED_CONTENT_TYPE); + CMS_R_UNSUPPORTED_CONTENT_TYPE); return NULL; - - } } +} -CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) - { +CMS_RevocationInfoChoice * +CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) +{ STACK_OF(CMS_RevocationInfoChoice) **pcrls; CMS_RevocationInfoChoice *rch; + pcrls = cms_get0_revocation_choices(cms); if (!pcrls) return NULL; @@ -538,86 +504,92 @@ CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) rch = M_ASN1_new_of(CMS_RevocationInfoChoice); if (!rch) return NULL; - if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) - { + if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) { M_ASN1_free_of(rch, CMS_RevocationInfoChoice); return NULL; - } - return rch; } + return rch; +} -int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) - { +int +CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) +{ CMS_RevocationInfoChoice *rch; + rch = CMS_add0_RevocationInfoChoice(cms); if (!rch) return 0; rch->type = CMS_REVCHOICE_CRL; rch->d.crl = crl; return 1; - } +} + +int +CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) +{ + int r; + + r = CMS_add0_crl(cms, crl); + if (r > 0) + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + return r; +} STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) - { +{ STACK_OF(X509) *certs = NULL; CMS_CertificateChoices *cch; STACK_OF(CMS_CertificateChoices) **pcerts; int i; + pcerts = cms_get0_certificate_choices(cms); if (!pcerts) return NULL; - for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) - { + for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { cch = sk_CMS_CertificateChoices_value(*pcerts, i); - if (cch->type == 0) - { - if (!certs) - { + if (cch->type == 0) { + if (!certs) { certs = sk_X509_new_null(); if (!certs) return NULL; - } - if (!sk_X509_push(certs, cch->d.certificate)) - { + } + if (!sk_X509_push(certs, cch->d.certificate)) { sk_X509_pop_free(certs, X509_free); return NULL; - } - CRYPTO_add(&cch->d.certificate->references, - 1, CRYPTO_LOCK_X509); } + CRYPTO_add(&cch->d.certificate->references, + 1, CRYPTO_LOCK_X509); } + } return certs; - } +} STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) - { +{ STACK_OF(X509_CRL) *crls = NULL; STACK_OF(CMS_RevocationInfoChoice) **pcrls; CMS_RevocationInfoChoice *rch; int i; + pcrls = cms_get0_revocation_choices(cms); if (!pcrls) return NULL; - for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) - { + for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) { rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); - if (rch->type == 0) - { - if (!crls) - { + if (rch->type == 0) { + if (!crls) { crls = sk_X509_CRL_new_null(); if (!crls) return NULL; - } - if (!sk_X509_CRL_push(crls, rch->d.crl)) - { + } + if (!sk_X509_CRL_push(crls, rch->d.crl)) { sk_X509_CRL_pop_free(crls, X509_CRL_free); return NULL; - } - CRYPTO_add(&rch->d.crl->references, - 1, CRYPTO_LOCK_X509_CRL); } + CRYPTO_add(&rch->d.crl->references, + 1, CRYPTO_LOCK_X509_CRL); } - return crls; } + return crls; +} diff --git a/lib/libcrypto/cms/cms_pwri.c b/lib/libcrypto/cms/cms_pwri.c index 36d50f1797b..1399cbd606e 100644 --- a/lib/libcrypto/cms/cms_pwri.c +++ b/lib/libcrypto/cms/cms_pwri.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,15 +62,16 @@ #include "cms_lcl.h" #include "asn1_locl.h" -int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, - unsigned char *pass, ssize_t passlen) - { +int +CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, + ssize_t passlen) +{ CMS_PasswordRecipientInfo *pwri; - if (ri->type != CMS_RECIPINFO_PASS) - { + + if (ri->type != CMS_RECIPINFO_PASS) { CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI); return 0; - } + } pwri = ri->d.pwri; pwri->pass = pass; @@ -78,14 +79,13 @@ int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, passlen = strlen((char *)pass); pwri->passlen = passlen; return 1; - } +} -CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - int iter, int wrap_nid, int pbe_nid, - unsigned char *pass, - ssize_t passlen, - const EVP_CIPHER *kekciph) - { +CMS_RecipientInfo * +CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid, + int pbe_nid, unsigned char *pass, ssize_t passlen, + const EVP_CIPHER *kekciph) +{ CMS_RecipientInfo *ri = NULL; CMS_EnvelopedData *env; CMS_PasswordRecipientInfo *pwri; @@ -93,6 +93,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, X509_ALGOR *encalg = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; + env = cms_get0_enveloped(cms); if (!env) goto err; @@ -107,54 +108,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, if (kekciph == NULL) kekciph = env->encryptedContentInfo->cipher; - if (kekciph == NULL) - { + if (kekciph == NULL) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER); return NULL; - } - if (wrap_nid != NID_id_alg_PWRI_KEK) - { + } + if (wrap_nid != NID_id_alg_PWRI_KEK) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, - CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); + CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); return NULL; - } + } /* Setup algorithm identifier for cipher */ encalg = X509_ALGOR_new(); EVP_CIPHER_CTX_init(&ctx); - if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) - { + if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); goto err; - } + } ivlen = EVP_CIPHER_CTX_iv_length(&ctx); - if (ivlen > 0) - { + if (ivlen > 0) { if (RAND_pseudo_bytes(iv, ivlen) <= 0) goto err; - if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) - { + if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, - ERR_R_EVP_LIB); + ERR_R_EVP_LIB); goto err; - } + } encalg->parameter = ASN1_TYPE_new(); - if (!encalg->parameter) - { + if (!encalg->parameter) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } - if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) - { + } + if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, - CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; - } } + } encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx)); @@ -182,10 +176,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, if (!pwri->keyEncryptionAlgorithm->parameter) goto merr; - if(!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), + if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), &pwri->keyEncryptionAlgorithm->parameter->value.sequence)) goto merr; - pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE; + pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE; X509_ALGOR_free(encalg); encalg = NULL; @@ -205,48 +199,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, return ri; - merr: +merr: CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE); - err: +err: EVP_CIPHER_CTX_cleanup(&ctx); if (ri) M_ASN1_free_of(ri, CMS_RecipientInfo); if (encalg) X509_ALGOR_free(encalg); return NULL; - - } +} /* This is an implementation of the key wrapping mechanism in RFC3211, * at some point this should go into EVP. */ -static int kek_unwrap_key(unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) - { +static int +kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, + size_t inlen, EVP_CIPHER_CTX *ctx) +{ size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); unsigned char *tmp; int outl, rv = 0; - if (inlen < 2 * blocklen) - { + + if (inlen < 2 * blocklen) { /* too small */ return 0; - } - if (inlen % blocklen) - { + } + if (inlen % blocklen) { /* Invalid size */ return 0; - } + } tmp = malloc(inlen); /* setup IV by decrypting last two blocks */ EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, - in + inlen - 2 * blocklen, blocklen * 2); + in + inlen - 2 * blocklen, blocklen * 2); /* Do a decrypt of last decrypted block to set IV to correct value * output it to start of buffer so we don't corrupt decrypted block * this works because buffer is at least two block lengths long. */ EVP_DecryptUpdate(ctx, tmp, &outl, - tmp + inlen - blocklen, blocklen); + tmp + inlen - blocklen, blocklen); /* Can now decrypt first n - 1 blocks */ EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen); @@ -255,49 +248,47 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, /* Decrypt again */ EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen); /* Check check bytes */ - if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) - { + if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & + (tmp[3] ^ tmp[6])) != 0xff) { /* Check byte failure */ goto err; - } - if (inlen < (size_t)(tmp[0] - 4 )) - { + } + if (inlen < (size_t)(tmp[0] - 4 )) { /* Invalid length value */ goto err; - } + } *outlen = (size_t)tmp[0]; memcpy(out, tmp + 4, *outlen); rv = 1; - err: + +err: OPENSSL_cleanse(tmp, inlen); free(tmp); return rv; +} - } - -static int kek_wrap_key(unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx) - { +static int +kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in, + size_t inlen, EVP_CIPHER_CTX *ctx) +{ size_t blocklen = EVP_CIPHER_CTX_block_size(ctx); size_t olen; int dummy; + /* First decide length of output buffer: need header and round up to * multiple of block length. */ olen = (inlen + 4 + blocklen - 1)/blocklen; olen *= blocklen; - if (olen < 2 * blocklen) - { + if (olen < 2 * blocklen) { /* Key too small */ return 0; - } - if (inlen > 0xFF) - { + } + if (inlen > 0xFF) { /* Key too large */ return 0; - } - if (out) - { + } + if (out) { /* Set header */ out[0] = (unsigned char)inlen; out[1] = in[0] ^ 0xFF; @@ -310,18 +301,19 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, /* Encrypt twice */ EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen); - } + } *outlen = olen; return 1; - } +} /* Encrypt/Decrypt content key in PWRI recipient info */ -int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, - int en_de) - { +int +cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, + int en_de) +{ CMS_EncryptedContentInfo *ec; CMS_PasswordRecipientInfo *pwri; const unsigned char *p = NULL; @@ -338,69 +330,61 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, pwri = ri->d.pwri; EVP_CIPHER_CTX_init(&kekctx); - if (!pwri->pass) - { + if (!pwri->pass) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); return 0; - } + } algtmp = pwri->keyEncryptionAlgorithm; - if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) - { + if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, - CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); + CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); return 0; - } + } - if (algtmp->parameter->type == V_ASN1_SEQUENCE) - { + if (algtmp->parameter->type == V_ASN1_SEQUENCE) { p = algtmp->parameter->value.sequence->data; plen = algtmp->parameter->value.sequence->length; kekalg = d2i_X509_ALGOR(NULL, &p, plen); - } - if (kekalg == NULL) - { + } + if (kekalg == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, - CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); + CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); return 0; - } + } kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); - - if(!kekcipher) - { + + if (!kekcipher) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, - CMS_R_UNKNOWN_CIPHER); + CMS_R_UNKNOWN_CIPHER); goto err; - } + } /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de)) goto err; EVP_CIPHER_CTX_set_padding(&kekctx, 0); - if(EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) - { + if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, - CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); + CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; - } + } algtmp = pwri->keyDerivationAlgorithm; /* Finish password based key derivation to setup key in "ctx" */ if (EVP_PBE_CipherInit(algtmp->algorithm, - (char *)pwri->pass, pwri->passlen, - algtmp->parameter, &kekctx, en_de) < 0) - { + (char *)pwri->pass, pwri->passlen, + algtmp->parameter, &kekctx, en_de) < 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB); goto err; - } + } /* Finally wrap/unwrap the key */ - if (en_de) - { + if (en_de) { if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx)) goto err; @@ -414,41 +398,34 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, goto err; pwri->encryptedKey->data = key; pwri->encryptedKey->length = keylen; - } - else - { + } else { key = malloc(pwri->encryptedKey->length); - if (!key) - { + if (!key) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } + } if (!kek_unwrap_key(key, &keylen, - pwri->encryptedKey->data, - pwri->encryptedKey->length, &kekctx)) - { + pwri->encryptedKey->data, + pwri->encryptedKey->length, &kekctx)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, - CMS_R_UNWRAP_FAILURE); + CMS_R_UNWRAP_FAILURE); goto err; - } + } ec->key = key; ec->keylen = keylen; - } + } r = 1; - err: - +err: EVP_CIPHER_CTX_cleanup(&kekctx); - if (!r && key) free(key); X509_ALGOR_free(kekalg); return r; - - } +} diff --git a/lib/libcrypto/cms/cms_sd.c b/lib/libcrypto/cms/cms_sd.c index 976881743bc..7fbc0490bac 100644 --- a/lib/libcrypto/cms/cms_sd.c +++ b/lib/libcrypto/cms/cms_sd.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,119 +64,111 @@ DECLARE_ASN1_ITEM(CMS_SignedData) -static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) - { - if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) - { - CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); +static CMS_SignedData * +cms_get0_signed(CMS_ContentInfo *cms) +{ + if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { + CMSerr(CMS_F_CMS_GET0_SIGNED, + CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); return NULL; - } - return cms->d.signedData; } + return cms->d.signedData; +} -static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) - { - if (cms->d.other == NULL) - { +static CMS_SignedData * +cms_signed_data_init(CMS_ContentInfo *cms) +{ + if (cms->d.other == NULL) { cms->d.signedData = M_ASN1_new_of(CMS_SignedData); - if (!cms->d.signedData) - { - CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); + if (!cms->d.signedData) { + CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, + ERR_R_MALLOC_FAILURE); return NULL; - } + } cms->d.signedData->version = 1; cms->d.signedData->encapContentInfo->eContentType = - OBJ_nid2obj(NID_pkcs7_data); + OBJ_nid2obj(NID_pkcs7_data); cms->d.signedData->encapContentInfo->partial = 1; ASN1_OBJECT_free(cms->contentType); cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); return cms->d.signedData; - } - return cms_get0_signed(cms); } + return cms_get0_signed(cms); +} /* Just initialize SignedData e.g. for certs only structure */ -int CMS_SignedData_init(CMS_ContentInfo *cms) - { +int +CMS_SignedData_init(CMS_ContentInfo *cms) +{ if (cms_signed_data_init(cms)) return 1; else return 0; - } +} /* Check structures and fixup version numbers (if necessary) */ -static void cms_sd_set_version(CMS_SignedData *sd) - { +static void +cms_sd_set_version(CMS_SignedData *sd) +{ int i; CMS_CertificateChoices *cch; CMS_RevocationInfoChoice *rch; CMS_SignerInfo *si; - for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) - { + for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) { cch = sk_CMS_CertificateChoices_value(sd->certificates, i); - if (cch->type == CMS_CERTCHOICE_OTHER) - { + if (cch->type == CMS_CERTCHOICE_OTHER) { if (sd->version < 5) sd->version = 5; - } - else if (cch->type == CMS_CERTCHOICE_V2ACERT) - { + } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { if (sd->version < 4) sd->version = 4; - } - else if (cch->type == CMS_CERTCHOICE_V1ACERT) - { + } else if (cch->type == CMS_CERTCHOICE_V1ACERT) { if (sd->version < 3) sd->version = 3; - } } + } - for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) - { + for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) { rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); - if (rch->type == CMS_REVCHOICE_OTHER) - { + if (rch->type == CMS_REVCHOICE_OTHER) { if (sd->version < 5) sd->version = 5; - } } + } - if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) - && (sd->version < 3)) + if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != + NID_pkcs7_data) && (sd->version < 3)) sd->version = 3; - for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { si = sk_CMS_SignerInfo_value(sd->signerInfos, i); - if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) - { + if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { if (si->version < 3) si->version = 3; if (sd->version < 3) sd->version = 3; - } - else + } else sd->version = 1; - } + } if (sd->version < 1) sd->version = 1; +} - } - /* Copy an existing messageDigest value */ -static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) - { +static int +cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) +{ STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *sitmp; int i; + sinfos = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { ASN1_OCTET_STRING *messageDigest; sitmp = sk_CMS_SignerInfo_value(sinfos, i); if (sitmp == si) @@ -184,133 +176,124 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) if (CMS_signed_get_attr_count(sitmp) < 0) continue; if (OBJ_cmp(si->digestAlgorithm->algorithm, - sitmp->digestAlgorithm->algorithm)) + sitmp->digestAlgorithm->algorithm)) continue; messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, - OBJ_nid2obj(NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); - if (!messageDigest) - { + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); + if (!messageDigest) { CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, - CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); + CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); return 0; - } + } if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, - messageDigest, -1)) + V_ASN1_OCTET_STRING, + messageDigest, -1)) return 1; else return 0; - } - CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); - return 0; } + CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); + return 0; +} -int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) - { - switch(type) - { - case CMS_SIGNERINFO_ISSUER_SERIAL: +int +cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) +{ + switch (type) { + case CMS_SIGNERINFO_ISSUER_SERIAL: sid->d.issuerAndSerialNumber = - M_ASN1_new_of(CMS_IssuerAndSerialNumber); + M_ASN1_new_of(CMS_IssuerAndSerialNumber); if (!sid->d.issuerAndSerialNumber) goto merr; if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, - X509_get_issuer_name(cert))) + X509_get_issuer_name(cert))) goto merr; if (!ASN1_STRING_copy( - sid->d.issuerAndSerialNumber->serialNumber, - X509_get_serialNumber(cert))) + sid->d.issuerAndSerialNumber->serialNumber, + X509_get_serialNumber(cert))) goto merr; break; - case CMS_SIGNERINFO_KEYIDENTIFIER: - if (!cert->skid) - { + case CMS_SIGNERINFO_KEYIDENTIFIER: + if (!cert->skid) { CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, - CMS_R_CERTIFICATE_HAS_NO_KEYID); + CMS_R_CERTIFICATE_HAS_NO_KEYID); return 0; - } + } sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); if (!sid->d.subjectKeyIdentifier) goto merr; break; - default: + default: CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); return 0; - } + } sid->type = type; return 1; - merr: +merr: CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); return 0; +} - } - -int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno) - { - if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) - { +int +cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno) +{ + if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { if (issuer) *issuer = sid->d.issuerAndSerialNumber->issuer; if (sno) *sno = sid->d.issuerAndSerialNumber->serialNumber; - } - else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) - { + } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { if (keyid) *keyid = sid->d.subjectKeyIdentifier; - } - else + } else return 0; return 1; - } +} -int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) - { +int +cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) +{ int ret; - if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) - { + + if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer, - X509_get_issuer_name(cert)); + X509_get_issuer_name(cert)); if (ret) return ret; return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber, - X509_get_serialNumber(cert)); - } - else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) - { + X509_get_serialNumber(cert)); + } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { X509_check_purpose(cert, -1, -1); if (!cert->skid) return -1; return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier, - cert->skid); - } - else + cert->skid); + } else return -1; - } +} -CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags) - { +CMS_SignerInfo * +CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, + const EVP_MD *md, unsigned int flags) +{ CMS_SignedData *sd; CMS_SignerInfo *si = NULL; X509_ALGOR *alg; int i, type; - if(!X509_check_private_key(signer, pk)) - { + + if (!X509_check_private_key(signer, pk)) { CMSerr(CMS_F_CMS_ADD1_SIGNER, - CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; - } + CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } sd = cms_signed_data_init(cms); if (!sd) goto err; @@ -325,98 +308,83 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si->pkey = pk; si->signer = signer; - if (flags & CMS_USE_KEYID) - { + if (flags & CMS_USE_KEYID) { si->version = 3; if (sd->version < 3) sd->version = 3; type = CMS_SIGNERINFO_KEYIDENTIFIER; - } - else - { + } else { type = CMS_SIGNERINFO_ISSUER_SERIAL; si->version = 1; - } + } if (!cms_set1_SignerIdentifier(si->sid, signer, type)) goto err; - if (md == NULL) - { + if (md == NULL) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) goto err; md = EVP_get_digestbynid(def_nid); - if (md == NULL) - { + if (md == NULL) { CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); goto err; - } } + } - if (!md) - { + if (!md) { CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); goto err; - } + } cms_DigestAlgorithm_set(si->digestAlgorithm, md); /* See if digest is present in digestAlgorithms */ - for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) - { + for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { ASN1_OBJECT *aoid; alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); X509_ALGOR_get0(&aoid, NULL, NULL, alg); if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) break; - } + } - if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) - { + if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { alg = X509_ALGOR_new(); if (!alg) goto merr; cms_DigestAlgorithm_set(alg, md); - if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) - { + if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { X509_ALGOR_free(alg); goto merr; - } } + } - if (pk->ameth && pk->ameth->pkey_ctrl) - { + if (pk->ameth && pk->ameth->pkey_ctrl) { i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN, - 0, si); - if (i == -2) - { + 0, si); + if (i == -2) { CMSerr(CMS_F_CMS_ADD1_SIGNER, - CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); goto err; - } - if (i <= 0) - { + } + if (i <= 0) { CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE); goto err; - } } + } - if (!(flags & CMS_NOATTR)) - { + if (!(flags & CMS_NOATTR)) { /* Initialialize signed attributes strutucture so other * attributes such as signing time etc are added later * even if we add none here. */ - if (!si->signedAttrs) - { + if (!si->signedAttrs) { si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); if (!si->signedAttrs) goto merr; - } + } - if (!(flags & CMS_NOSMIMECAP)) - { + if (!(flags & CMS_NOSMIMECAP)) { STACK_OF(X509_ALGOR) *smcap = NULL; i = CMS_add_standard_smimecap(&smcap); if (i) @@ -424,45 +392,44 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); if (!i) goto merr; - } - if (flags & CMS_REUSE_DIGEST) - { + } + if (flags & CMS_REUSE_DIGEST) { if (!cms_copy_messageDigest(cms, si)) goto err; if (!(flags & CMS_PARTIAL) && - !CMS_SignerInfo_sign(si)) + !CMS_SignerInfo_sign(si)) goto err; - } } + } - if (!(flags & CMS_NOCERTS)) - { + if (!(flags & CMS_NOCERTS)) { /* NB ignore -1 return for duplicate cert */ if (!CMS_add1_cert(cms, signer)) goto merr; - } + } if (!sd->signerInfos) sd->signerInfos = sk_CMS_SignerInfo_new_null(); if (!sd->signerInfos || - !sk_CMS_SignerInfo_push(sd->signerInfos, si)) + !sk_CMS_SignerInfo_push(sd->signerInfos, si)) goto merr; return si; - merr: +merr: CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); - err: +err: if (si) M_ASN1_free_of(si, CMS_SignerInfo); return NULL; +} - } - -static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) - { +static int +cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) +{ ASN1_TIME *tt; int r = 0; + if (t) tt = t; else @@ -472,89 +439,88 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) goto merr; if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, - tt->type, tt, -1) <= 0) + tt->type, tt, -1) <= 0) goto merr; r = 1; - merr: - +merr: if (!t) ASN1_TIME_free(tt); - if (!r) CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); return r; +} - } - -STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) - { +STACK_OF(CMS_SignerInfo) * +CMS_get0_SignerInfos(CMS_ContentInfo *cms) +{ CMS_SignedData *sd; + sd = cms_get0_signed(cms); if (!sd) return NULL; return sd->signerInfos; - } +} -STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) - { +STACK_OF(X509) * +CMS_get0_signers(CMS_ContentInfo *cms) +{ STACK_OF(X509) *signers = NULL; STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *si; int i; + sinfos = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (si->signer) - { - if (!signers) - { + if (si->signer) { + if (!signers) { signers = sk_X509_new_null(); if (!signers) return NULL; - } - if (!sk_X509_push(signers, si->signer)) - { + } + if (!sk_X509_push(signers, si->signer)) { sk_X509_free(signers); return NULL; - } } } - return signers; } + return signers; +} -void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) - { - if (signer) - { +void +CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) +{ + if (signer) { CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); if (si->pkey) EVP_PKEY_free(si->pkey); si->pkey = X509_get_pubkey(signer); - } + } if (si->signer) X509_free(si->signer); si->signer = signer; - } +} -int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno) - { +int +CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno) +{ return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); - } +} -int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) - { +int +CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) +{ return cms_SignerIdentifier_cert_cmp(si->sid, cert); - } +} -int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, - unsigned int flags) - { +int +CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, + unsigned int flags) +{ CMS_SignedData *sd; CMS_SignerInfo *si; CMS_CertificateChoices *cch; @@ -562,50 +528,47 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, X509 *x; int i, j; int ret = 0; + sd = cms_get0_signed(cms); if (!sd) return -1; certs = sd->certificates; - for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { si = sk_CMS_SignerInfo_value(sd->signerInfos, i); if (si->signer) continue; - for (j = 0; j < sk_X509_num(scerts); j++) - { + for (j = 0; j < sk_X509_num(scerts); j++) { x = sk_X509_value(scerts, j); - if (CMS_SignerInfo_cert_cmp(si, x) == 0) - { + if (CMS_SignerInfo_cert_cmp(si, x) == 0) { CMS_SignerInfo_set1_signer_cert(si, x); ret++; break; - } } + } if (si->signer || (flags & CMS_NOINTERN)) continue; - for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) - { + for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) { cch = sk_CMS_CertificateChoices_value(certs, j); if (cch->type != 0) continue; x = cch->d.certificate; - if (CMS_SignerInfo_cert_cmp(si, x) == 0) - { + if (CMS_SignerInfo_cert_cmp(si, x) == 0) { CMS_SignerInfo_set1_signer_cert(si, x); ret++; break; - } } } - return ret; } + return ret; +} -void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, - X509_ALGOR **pdig, X509_ALGOR **psig) - { +void +CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, + X509_ALGOR **pdig, X509_ALGOR **psig) +{ if (pk) *pk = si->pkey; if (signer) @@ -614,93 +577,88 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, *pdig = si->digestAlgorithm; if (psig) *psig = si->signatureAlgorithm; - } +} -static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, - CMS_SignerInfo *si, BIO *chain) - { +static int +cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, + BIO *chain) +{ EVP_MD_CTX mctx; int r = 0; EVP_MD_CTX_init(&mctx); - - if (!si->pkey) - { + if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); return 0; - } + } if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) goto err; /* If any signed attributes calculate and add messageDigest attribute */ - if (CMS_signed_get_attr_count(si) >= 0) - { + if (CMS_signed_get_attr_count(si) >= 0) { ASN1_OBJECT *ctype = - cms->d.signedData->encapContentInfo->eContentType; + cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, - md, mdlen)) + V_ASN1_OCTET_STRING, + md, mdlen)) goto err; /* Copy content type across */ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, ctype, -1) <= 0) + V_ASN1_OBJECT, ctype, -1) <= 0) goto err; if (!CMS_SignerInfo_sign(si)) goto err; - } - else - { + } else { unsigned char *sig; unsigned int siglen; sig = malloc(EVP_PKEY_size(si->pkey)); - if (!sig) - { + if (!sig) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, - ERR_R_MALLOC_FAILURE); + ERR_R_MALLOC_FAILURE); goto err; - } - if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) - { + } + if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, - CMS_R_SIGNFINAL_ERROR); + CMS_R_SIGNFINAL_ERROR); free(sig); goto err; - } - ASN1_STRING_set0(si->signature, sig, siglen); } + ASN1_STRING_set0(si->signature, sig, siglen); + } r = 1; - err: +err: EVP_MD_CTX_cleanup(&mctx); return r; +} - } - -int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) - { +int +cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) +{ STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *si; int i; + sinfos = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); if (!cms_SignerInfo_content_sign(cms, si, chain)) return 0; - } + } cms->d.signedData->encapContentInfo->partial = 0; return 1; - } +} -int CMS_SignerInfo_sign(CMS_SignerInfo *si) - { +int +CMS_SignerInfo_sign(CMS_SignerInfo *si) +{ EVP_MD_CTX mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; @@ -714,25 +672,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) EVP_MD_CTX_init(&mctx); - if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) - { + if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { if (!cms_add1_signingTime(si, NULL)) goto err; - } + } if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) - { + EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; - } + } - alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, - ASN1_ITEM_rptr(CMS_Attributes_Sign)); - if(!abuf) + alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, + ASN1_ITEM_rptr(CMS_Attributes_Sign)); + if (!abuf) goto err; if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) goto err; @@ -740,17 +696,16 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; free(abuf); abuf = malloc(siglen); - if(!abuf) + if (!abuf) goto err; if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) goto err; if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) - { + EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); goto err; - } + } EVP_MD_CTX_cleanup(&mctx); @@ -758,26 +713,25 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) return 1; - err: +err: free(abuf); EVP_MD_CTX_cleanup(&mctx); return 0; +} - } - -int CMS_SignerInfo_verify(CMS_SignerInfo *si) - { +int +CMS_SignerInfo_verify(CMS_SignerInfo *si) +{ EVP_MD_CTX mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; - if (!si->pkey) - { + if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); return -1; - } + } md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) @@ -786,199 +740,195 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; - alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf, - ASN1_ITEM_rptr(CMS_Attributes_Verify)); - if(!abuf) + alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, + ASN1_ITEM_rptr(CMS_Attributes_Verify)); + if (!abuf) goto err; r = EVP_DigestVerifyUpdate(&mctx, abuf, alen); free(abuf); - if (r <= 0) - { + if (r <= 0) { r = -1; goto err; - } + } r = EVP_DigestVerifyFinal(&mctx, - si->signature->data, si->signature->length); + si->signature->data, si->signature->length); if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); - err: + +err: EVP_MD_CTX_cleanup(&mctx); return r; - } +} /* Create a chain of digest BIOs from a CMS ContentInfo */ -BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) - { +BIO * +cms_SignedData_init_bio(CMS_ContentInfo *cms) +{ int i; CMS_SignedData *sd; BIO *chain = NULL; + sd = cms_get0_signed(cms); if (!sd) return NULL; if (cms->d.signedData->encapContentInfo->partial) cms_sd_set_version(sd); - for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) - { + for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { X509_ALGOR *digestAlgorithm; BIO *mdbio; digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); if (!mdbio) - goto err; + goto err; if (chain) - BIO_push(chain, mdbio); + BIO_push(chain, mdbio); else chain = mdbio; - } + } return chain; - err: + +err: if (chain) BIO_free_all(chain); return NULL; - } +} -int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) - { +int +CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) +{ ASN1_OCTET_STRING *os = NULL; EVP_MD_CTX mctx; int r = -1; + EVP_MD_CTX_init(&mctx); /* If we have any signed attributes look for messageDigest value */ - if (CMS_signed_get_attr_count(si) >= 0) - { + if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); - if (!os) - { + OBJ_nid2obj(NID_pkcs9_messageDigest), + -3, V_ASN1_OCTET_STRING); + if (!os) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, - CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); + CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); goto err; - } } + } if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) goto err; /* If messageDigest found compare it */ - if (os) - { + if (os) { unsigned char mval[EVP_MAX_MD_SIZE]; unsigned int mlen; - if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) - { + if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, - CMS_R_UNABLE_TO_FINALIZE_CONTEXT); + CMS_R_UNABLE_TO_FINALIZE_CONTEXT); goto err; - } - if (mlen != (unsigned int)os->length) - { + } + if (mlen != (unsigned int)os->length) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, - CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); + CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); goto err; - } + } - if (memcmp(mval, os->data, mlen)) - { + if (memcmp(mval, os->data, mlen)) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, - CMS_R_VERIFICATION_FAILURE); + CMS_R_VERIFICATION_FAILURE); r = 0; - } - else + } else r = 1; - } - else - { + } else { r = EVP_VerifyFinal(&mctx, si->signature->data, - si->signature->length, si->pkey); - if (r <= 0) - { + si->signature->length, si->pkey); + if (r <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, - CMS_R_VERIFICATION_FAILURE); + CMS_R_VERIFICATION_FAILURE); r = 0; - } } + } - err: +err: EVP_MD_CTX_cleanup(&mctx); return r; +} - } - -int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) - { +int +CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) +{ unsigned char *smder = NULL; int smderlen, r; + smderlen = i2d_X509_ALGORS(algs, &smder); if (smderlen <= 0) return 0; r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, smder, smderlen); + V_ASN1_SEQUENCE, smder, smderlen); free(smder); return r; - } +} -int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize) - { +int +CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize) +{ X509_ALGOR *alg; ASN1_INTEGER *key = NULL; - if (keysize > 0) - { + + if (keysize > 0) { key = ASN1_INTEGER_new(); if (!key || !ASN1_INTEGER_set(key, keysize)) return 0; - } + } alg = X509_ALGOR_new(); - if (!alg) - { + if (!alg) { if (key) ASN1_INTEGER_free(key); return 0; - } - + } + X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), - key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); + key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); if (!*algs) *algs = sk_X509_ALGOR_new_null(); - if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) - { + if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) { X509_ALGOR_free(alg); return 0; - } - return 1; } + return 1; +} /* Check to see if a cipher exists and if so add S/MIME capabilities */ -static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) - { +static int +cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) +{ if (EVP_get_cipherbynid(nid)) return CMS_add_simple_smimecap(sk, nid, arg); return 1; - } +} -static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) - { +static int +cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) +{ if (EVP_get_digestbynid(nid)) return CMS_add_simple_smimecap(sk, nid, arg); return 1; - } - -int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) - { - if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) - || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) - || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) - || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) +} + +int +CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) +{ + if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) || + !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) || + !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) || + !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) || + !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) || + !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) || + !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) || + !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) || + !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) || + !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) return 0; return 1; - } +} diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c index 94f60c1b5c9..e32a58b3bc5 100644 --- a/lib/libcrypto/cms/cms_smime.c +++ b/lib/libcrypto/cms/cms_smime.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,114 +59,107 @@ #include <openssl/cms.h> #include "cms_lcl.h" -static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) - { +static int +cms_copy_content(BIO *out, BIO *in, unsigned int flags) +{ unsigned char buf[4096]; int r = 0, i; BIO *tmpout = NULL; if (out == NULL) tmpout = BIO_new(BIO_s_null()); - else if (flags & CMS_TEXT) - { + else if (flags & CMS_TEXT) { tmpout = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(tmpout, 0); - } - else + } else tmpout = out; - if(!tmpout) - { - CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE); + if (!tmpout) { + CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE); goto err; - } + } /* Read all content through chain to process digest, decrypt etc */ - for (;;) - { - i=BIO_read(in,buf,sizeof(buf)); - if (i <= 0) - { - if (BIO_method_type(in) == BIO_TYPE_CIPHER) - { + for (;;) { + i = BIO_read(in, buf, sizeof(buf)); + if (i <= 0) { + if (BIO_method_type(in) == BIO_TYPE_CIPHER) { if (!BIO_get_cipher_status(in)) goto err; - } + } if (i < 0) goto err; break; - } - + } + if (tmpout && (BIO_write(tmpout, buf, i) != i)) goto err; } - if(flags & CMS_TEXT) - { - if(!SMIME_text(tmpout, out)) - { - CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR); + if (flags & CMS_TEXT) { + if (!SMIME_text(tmpout, out)) { + CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR); goto err; - } } + } r = 1; - err: +err: if (tmpout && (tmpout != out)) BIO_free(tmpout); return r; +} - } - -static int check_content(CMS_ContentInfo *cms) - { +static int +check_content(CMS_ContentInfo *cms) +{ ASN1_OCTET_STRING **pos = CMS_get0_content(cms); - if (!pos || !*pos) - { + + if (!pos || !*pos) { CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); return 0; - } - return 1; } + return 1; +} -static void do_free_upto(BIO *f, BIO *upto) - { - if (upto) - { +static void +do_free_upto(BIO *f, BIO *upto) +{ + if (upto) { BIO *tbio; - do - { + do { tbio = BIO_pop(f); BIO_free(f); f = tbio; - } - while (f != upto); - } - else + } while (f != upto); + } else BIO_free_all(f); - } +} -int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) - { +int +CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) +{ BIO *cont; int r; - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) - { + + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) { CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); return 0; - } + } cont = CMS_dataInit(cms, NULL); if (!cont) return 0; r = cms_copy_content(out, cont, flags); BIO_free_all(cont); return r; - } +} -CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) - { +CMS_ContentInfo * +CMS_data_create(BIO *in, unsigned int flags) +{ CMS_ContentInfo *cms; + cms = cms_Data_create(); if (!cms) return NULL; @@ -177,18 +170,19 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) CMS_ContentInfo_free(cms); return NULL; - } +} -int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) - { +int +CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags) +{ BIO *cont; int r; - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) - { + + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) { CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); return 0; - } + } if (!dcont && !check_content(cms)) return 0; @@ -201,19 +195,20 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, r = cms_DigestedData_do_final(cms, cont, 1); do_free_upto(cont, dcont); return r; - } +} -CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, - unsigned int flags) - { +CMS_ContentInfo * +CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags) +{ CMS_ContentInfo *cms; + if (!md) md = EVP_sha1(); cms = cms_DigestedData_create(md); if (!cms) return NULL; - if(!(flags & CMS_DETACHED)) + if (!(flags & CMS_DETACHED)) CMS_set_detached(cms, 0); if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) @@ -221,20 +216,20 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, CMS_ContentInfo_free(cms); return NULL; - } +} -int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, - const unsigned char *key, size_t keylen, - BIO *dcont, BIO *out, unsigned int flags) - { +int +CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, + size_t keylen, BIO *dcont, BIO *out, unsigned int flags) +{ BIO *cont; int r; - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) - { + + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) { CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, - CMS_R_TYPE_NOT_ENCRYPTED_DATA); + CMS_R_TYPE_NOT_ENCRYPTED_DATA); return 0; - } + } if (!dcont && !check_content(cms)) return 0; @@ -247,75 +242,73 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, r = cms_copy_content(out, cont, flags); do_free_upto(cont, dcont); return r; - } +} -CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - unsigned int flags) - { +CMS_ContentInfo * +CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, unsigned int flags) +{ CMS_ContentInfo *cms; - if (!cipher) - { + + if (!cipher) { CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); return NULL; - } + } cms = CMS_ContentInfo_new(); if (!cms) return NULL; if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) return NULL; - if(!(flags & CMS_DETACHED)) + if (!(flags & CMS_DETACHED)) CMS_set_detached(cms, 0); - if ((flags & (CMS_STREAM|CMS_PARTIAL)) - || CMS_final(cms, in, NULL, flags)) + if ((flags & (CMS_STREAM|CMS_PARTIAL)) || + CMS_final(cms, in, NULL, flags)) return cms; CMS_ContentInfo_free(cms); return NULL; - } +} -static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, - X509_STORE *store, - STACK_OF(X509) *certs, - STACK_OF(X509_CRL) *crls, - unsigned int flags) - { +static int +cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store, + STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls, unsigned int flags) +{ X509_STORE_CTX ctx; X509 *signer; int i, j, r = 0; + CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); - if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) - { + if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, - CMS_R_STORE_INIT_ERROR); + CMS_R_STORE_INIT_ERROR); goto err; - } + } X509_STORE_CTX_set_default(&ctx, "smime_sign"); if (crls) X509_STORE_CTX_set0_crls(&ctx, crls); i = X509_verify_cert(&ctx); - if (i <= 0) - { + if (i <= 0) { j = X509_STORE_CTX_get_error(&ctx); CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, - CMS_R_CERTIFICATE_VERIFY_ERROR); + CMS_R_CERTIFICATE_VERIFY_ERROR); ERR_asprintf_error_data("Verify error:%s", - X509_verify_cert_error_string(j)); + X509_verify_cert_error_string(j)); goto err; - } + } r = 1; - err: + +err: X509_STORE_CTX_cleanup(&ctx); return r; +} - } - -int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) - { +int +CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, + BIO *dcont, BIO *out, unsigned int flags) +{ CMS_SignerInfo *si; STACK_OF(CMS_SignerInfo) *sinfos; STACK_OF(X509) *cms_certs = NULL; @@ -331,58 +324,51 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, sinfos = CMS_get0_SignerInfos(cms); - if (sk_CMS_SignerInfo_num(sinfos) <= 0) - { + if (sk_CMS_SignerInfo_num(sinfos) <= 0) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); goto err; - } + } - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); if (signer) scount++; - } + } if (scount != sk_CMS_SignerInfo_num(sinfos)) scount += CMS_set1_signers_certs(cms, certs, flags); - if (scount != sk_CMS_SignerInfo_num(sinfos)) - { + if (scount != sk_CMS_SignerInfo_num(sinfos)) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); goto err; - } + } /* Attempt to verify all signers certs */ - if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) - { + if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) { cms_certs = CMS_get1_certs(cms); if (!(flags & CMS_NOCRL)) crls = CMS_get1_crls(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); if (!cms_signerinfo_verify_cert(si, store, - cms_certs, crls, flags)) + cms_certs, crls, flags)) goto err; - } } + } /* Attempt to verify all SignerInfo signed attribute signatures */ - if (!(flags & CMS_NO_ATTR_VERIFY)) - { - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) - { + if (!(flags & CMS_NO_ATTR_VERIFY)) { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); if (CMS_signed_get_attr_count(si) < 0) continue; if (CMS_SignerInfo_verify(si) <= 0) goto err; - } } + } /* Performance optimization: if the content is a memory BIO then * store its contents in a temporary read only memory BIO. This @@ -391,47 +377,40 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, * are calculated. */ - if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) - { + if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) { char *ptr; long len; len = BIO_get_mem_data(dcont, &ptr); tmpin = BIO_new_mem_buf(ptr, len); - if (tmpin == NULL) - { - CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE); + if (tmpin == NULL) { + CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE); return 0; - } } - else + } else tmpin = dcont; - - cmsbio=CMS_dataInit(cms, tmpin); + + cmsbio = CMS_dataInit(cms, tmpin); if (!cmsbio) goto err; if (!cms_copy_content(out, cmsbio, flags)) goto err; - if (!(flags & CMS_NO_CONTENT_VERIFY)) - { - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) - { + if (!(flags & CMS_NO_CONTENT_VERIFY)) { + for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) - { + if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { CMSerr(CMS_F_CMS_VERIFY, - CMS_R_CONTENT_VERIFY_ERROR); + CMS_R_CONTENT_VERIFY_ERROR); goto err; - } } } + } ret = 1; - err: - +err: if (dcont && (tmpin == dcont)) do_free_upto(cmsbio, dcont); else @@ -443,23 +422,25 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, sk_X509_CRL_pop_free(crls, X509_CRL_free); return ret; - } +} -int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, - STACK_OF(X509) *certs, - X509_STORE *store, unsigned int flags) - { +int +CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags) +{ int r; + flags &= ~(CMS_DETACHED|CMS_TEXT); r = CMS_verify(rcms, certs, store, NULL, NULL, flags); if (r <= 0) return r; return cms_Receipt_verify(rcms, ocms); - } +} -CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, unsigned int flags) - { +CMS_ContentInfo * +CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, + unsigned int flags) +{ CMS_ContentInfo *cms; int i; @@ -467,42 +448,38 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, if (!cms || !CMS_SignedData_init(cms)) goto merr; - if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) - { + if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) { CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR); goto err; - } + } - for (i = 0; i < sk_X509_num(certs); i++) - { + for (i = 0; i < sk_X509_num(certs); i++) { X509 *x = sk_X509_value(certs, i); if (!CMS_add1_cert(cms, x)) goto merr; - } + } - if(!(flags & CMS_DETACHED)) + if (!(flags & CMS_DETACHED)) CMS_set_detached(cms, 0); - if ((flags & (CMS_STREAM|CMS_PARTIAL)) - || CMS_final(cms, data, NULL, flags)) + if ((flags & (CMS_STREAM|CMS_PARTIAL)) || + CMS_final(cms, data, NULL, flags)) return cms; else goto err; - merr: +merr: CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); - - err: +err: if (cms) CMS_ContentInfo_free(cms); return NULL; - } +} -CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, - X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, - unsigned int flags) - { +CMS_ContentInfo * +CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey, + STACK_OF(X509) *certs, unsigned int flags) +{ CMS_SignerInfo *rct_si; CMS_ContentInfo *cms = NULL; ASN1_OCTET_STRING **pos, *os; @@ -512,11 +489,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, flags &= ~(CMS_STREAM|CMS_TEXT); /* Not really detached but avoids content being allocated */ flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED; - if (!pkey || !signcert) - { + if (!pkey || !signcert) { CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT); return NULL; - } + } /* Initialize signed data */ @@ -529,11 +505,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, goto err; rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags); - if (!rct_si) - { + if (!rct_si) { CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR); goto err; - } + } os = cms_encode_Receipt(si); @@ -560,91 +535,88 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, r = 1; - err: +err: if (rct_cont) BIO_free(rct_cont); if (r) return cms; CMS_ContentInfo_free(cms); return NULL; +} - } - -CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, - const EVP_CIPHER *cipher, unsigned int flags) - { +CMS_ContentInfo * +CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher, + unsigned int flags) +{ CMS_ContentInfo *cms; int i; X509 *recip; + cms = CMS_EnvelopedData_create(cipher); if (!cms) goto merr; - for (i = 0; i < sk_X509_num(certs); i++) - { + for (i = 0; i < sk_X509_num(certs); i++) { recip = sk_X509_value(certs, i); - if (!CMS_add1_recipient_cert(cms, recip, flags)) - { + if (!CMS_add1_recipient_cert(cms, recip, flags)) { CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR); goto err; - } } + } - if(!(flags & CMS_DETACHED)) + if (!(flags & CMS_DETACHED)) CMS_set_detached(cms, 0); - if ((flags & (CMS_STREAM|CMS_PARTIAL)) - || CMS_final(cms, data, NULL, flags)) + if ((flags & (CMS_STREAM|CMS_PARTIAL)) || + CMS_final(cms, data, NULL, flags)) return cms; else goto err; - merr: +merr: CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); - err: +err: if (cms) CMS_ContentInfo_free(cms); return NULL; - } +} -int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) - { +int +CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) +{ STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; int i, r; int debug = 0; + ris = CMS_get0_RecipientInfos(cms); if (ris) debug = cms->d.envelopedData->encryptedContentInfo->debug; - for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) - { + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { ri = sk_CMS_RecipientInfo_value(ris, i); if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) - continue; + continue; /* If we have a cert try matching RecipientInfo * otherwise try them all. */ - if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) - { + if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) { CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); - if (cert) - { + if (cert) { /* If not debugging clear any error and * return success to avoid leaking of * information useful to MMA */ - if (!debug) - { + if (!debug) { ERR_clear_error(); return 1; - } + } if (r > 0) return 1; CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, - CMS_R_DECRYPT_ERROR); + CMS_R_DECRYPT_ERROR); return 0; - } + } /* If no cert and not debugging don't leave loop * after first successful decrypt. Always attempt * to decrypt all recipients to avoid leaking timing @@ -652,94 +624,90 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) */ else if (r > 0 && debug) return 1; - } } + } /* If no cert and not debugging always return success */ - if (!cert && !debug) - { + if (!cert && !debug) { ERR_clear_error(); return 1; - } + } CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); return 0; +} - } - -int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen) - { +int +CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen, + unsigned char *id, size_t idlen) +{ STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; int i, r; + ris = CMS_get0_RecipientInfos(cms); - for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) - { + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { ri = sk_CMS_RecipientInfo_value(ris, i); if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) - continue; + continue; /* If we have an id try matching RecipientInfo * otherwise try them all. */ - if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) - { + if (!id || + (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) { CMS_RecipientInfo_set0_key(ri, key, keylen); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_key(ri, NULL, 0); if (r > 0) return 1; - if (id) - { + if (id) { CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, - CMS_R_DECRYPT_ERROR); + CMS_R_DECRYPT_ERROR); return 0; - } - ERR_clear_error(); } + ERR_clear_error(); } + } CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); return 0; +} - } - -int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ssize_t passlen) - { +int +CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass, + ssize_t passlen) +{ STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; int i, r; + ris = CMS_get0_RecipientInfos(cms); - for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) - { + for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { ri = sk_CMS_RecipientInfo_value(ris, i); if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS) - continue; + continue; CMS_RecipientInfo_set0_password(ri, pass, passlen); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_password(ri, NULL, 0); if (r > 0) return 1; - } + } CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT); return 0; +} - } - -int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, - BIO *dcont, BIO *out, - unsigned int flags) - { +int +CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont, + BIO *out, unsigned int flags) +{ int r; BIO *cont; - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) - { + + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) { CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); return 0; - } + } if (!dcont && !check_content(cms)) return 0; if (flags & CMS_DEBUG_DECRYPT) @@ -756,51 +724,50 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, r = cms_copy_content(out, cont, flags); do_free_upto(cont, dcont); return r; - } +} -int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) - { +int +CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) +{ BIO *cmsbio; int ret = 0; - if (!(cmsbio = CMS_dataInit(cms, dcont))) - { - CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE); + + if (!(cmsbio = CMS_dataInit(cms, dcont))) { + CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE); return 0; - } + } SMIME_crlf_copy(data, cmsbio, flags); (void)BIO_flush(cmsbio); - if (!CMS_dataFinal(cms, cmsbio)) - { - CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR); + if (!CMS_dataFinal(cms, cmsbio)) { + CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR); goto err; - } + } ret = 1; - err: +err: do_free_upto(cmsbio, dcont); return ret; - - } +} #ifdef ZLIB -int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) - { +int +CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags) +{ BIO *cont; int r; - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) - { + + if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) { CMSerr(CMS_F_CMS_UNCOMPRESS, - CMS_R_TYPE_NOT_COMPRESSED_DATA); + CMS_R_TYPE_NOT_COMPRESSED_DATA); return 0; - } + } if (!dcont && !check_content(cms)) return 0; @@ -811,18 +778,20 @@ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, r = cms_copy_content(out, cont, flags); do_free_upto(cont, dcont); return r; - } +} -CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) - { +CMS_ContentInfo * +CMS_compress(BIO *in, int comp_nid, unsigned int flags) +{ CMS_ContentInfo *cms; + if (comp_nid <= 0) comp_nid = NID_zlib_compression; cms = cms_CompressedData_create(comp_nid); if (!cms) return NULL; - if(!(flags & CMS_DETACHED)) + if (!(flags & CMS_DETACHED)) CMS_set_detached(cms, 0); if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) @@ -830,21 +799,22 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) CMS_ContentInfo_free(cms); return NULL; - } +} #else -int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) - { +int +CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags) +{ CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); return 0; - } +} -CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) - { +CMS_ContentInfo * +CMS_compress(BIO *in, int comp_nid, unsigned int flags) +{ CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); return NULL; - } +} #endif |