]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
b1322259 | 2 | * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. |
8931b30d | 3 | * |
08ddd302 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
b1322259 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8931b30d DSH |
8 | */ |
9 | ||
b39fc560 | 10 | #include "internal/cryptlib.h" |
8931b30d DSH |
11 | #include <openssl/asn1t.h> |
12 | #include <openssl/pem.h> | |
17c2764d | 13 | #include <openssl/x509.h> |
8931b30d DSH |
14 | #include <openssl/x509v3.h> |
15 | #include <openssl/err.h> | |
16 | #include <openssl/cms.h> | |
8c00f267 | 17 | #include <openssl/ess.h> |
706457b7 | 18 | #include "cms_local.h" |
25f2138b DMSP |
19 | #include "crypto/asn1.h" |
20 | #include "crypto/evp.h" | |
21 | #include "crypto/cms.h" | |
22 | #include "crypto/ess.h" | |
8931b30d | 23 | |
852c2ed2 RS |
24 | DEFINE_STACK_OF(CMS_RevocationInfoChoice) |
25 | DEFINE_STACK_OF(CMS_SignerInfo) | |
26 | DEFINE_STACK_OF(X509) | |
27 | DEFINE_STACK_OF(X509_ALGOR) | |
28 | DEFINE_STACK_OF(X509_ATTRIBUTE) | |
29 | ||
8931b30d DSH |
30 | /* CMS SignedData Utilities */ |
31 | ||
8931b30d | 32 | static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) |
0f113f3e MC |
33 | { |
34 | if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { | |
35 | CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); | |
36 | return NULL; | |
37 | } | |
38 | return cms->d.signedData; | |
39 | } | |
8931b30d DSH |
40 | |
41 | static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) | |
0f113f3e MC |
42 | { |
43 | if (cms->d.other == NULL) { | |
44 | cms->d.signedData = M_ASN1_new_of(CMS_SignedData); | |
45 | if (!cms->d.signedData) { | |
46 | CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE); | |
47 | return NULL; | |
48 | } | |
49 | cms->d.signedData->version = 1; | |
50 | cms->d.signedData->encapContentInfo->eContentType = | |
51 | OBJ_nid2obj(NID_pkcs7_data); | |
52 | cms->d.signedData->encapContentInfo->partial = 1; | |
53 | ASN1_OBJECT_free(cms->contentType); | |
54 | cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); | |
55 | return cms->d.signedData; | |
56 | } | |
57 | return cms_get0_signed(cms); | |
58 | } | |
8931b30d | 59 | |
0d4fb843 | 60 | /* Just initialise SignedData e.g. for certs only structure */ |
8931b30d DSH |
61 | |
62 | int CMS_SignedData_init(CMS_ContentInfo *cms) | |
0f113f3e MC |
63 | { |
64 | if (cms_signed_data_init(cms)) | |
65 | return 1; | |
66 | else | |
67 | return 0; | |
68 | } | |
8931b30d DSH |
69 | |
70 | /* Check structures and fixup version numbers (if necessary) */ | |
71 | ||
72 | static void cms_sd_set_version(CMS_SignedData *sd) | |
0f113f3e MC |
73 | { |
74 | int i; | |
75 | CMS_CertificateChoices *cch; | |
76 | CMS_RevocationInfoChoice *rch; | |
77 | CMS_SignerInfo *si; | |
78 | ||
79 | for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) { | |
80 | cch = sk_CMS_CertificateChoices_value(sd->certificates, i); | |
81 | if (cch->type == CMS_CERTCHOICE_OTHER) { | |
82 | if (sd->version < 5) | |
83 | sd->version = 5; | |
84 | } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { | |
85 | if (sd->version < 4) | |
86 | sd->version = 4; | |
87 | } else if (cch->type == CMS_CERTCHOICE_V1ACERT) { | |
88 | if (sd->version < 3) | |
89 | sd->version = 3; | |
90 | } | |
91 | } | |
92 | ||
93 | for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) { | |
94 | rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); | |
95 | if (rch->type == CMS_REVCHOICE_OTHER) { | |
96 | if (sd->version < 5) | |
97 | sd->version = 5; | |
98 | } | |
99 | } | |
100 | ||
101 | if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) | |
102 | && (sd->version < 3)) | |
103 | sd->version = 3; | |
104 | ||
105 | for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { | |
106 | si = sk_CMS_SignerInfo_value(sd->signerInfos, i); | |
107 | if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { | |
108 | if (si->version < 3) | |
109 | si->version = 3; | |
110 | if (sd->version < 3) | |
111 | sd->version = 3; | |
112 | } else if (si->version < 1) | |
113 | si->version = 1; | |
114 | } | |
115 | ||
116 | if (sd->version < 1) | |
117 | sd->version = 1; | |
118 | ||
119 | } | |
120 | ||
19e512a8 SL |
121 | /* |
122 | * RFC 5652 Section 11.1 Content Type | |
123 | * The content-type attribute within signed-data MUST | |
124 | * 1) be present if there are signed attributes | |
125 | * 2) match the content type in the signed-data, | |
126 | * 3) be a signed attribute. | |
127 | * 4) not have more than one copy of the attribute. | |
128 | * | |
129 | * Note that since the CMS_SignerInfo_sign() always adds the "signing time" | |
130 | * attribute, the content type attribute MUST be added also. | |
131 | * Assumptions: This assumes that the attribute does not already exist. | |
132 | */ | |
133 | static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si) | |
134 | { | |
135 | ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType; | |
136 | ||
137 | /* Add the contentType attribute */ | |
138 | return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, | |
139 | V_ASN1_OBJECT, ctype, -1) > 0; | |
140 | } | |
141 | ||
8931b30d DSH |
142 | /* Copy an existing messageDigest value */ |
143 | ||
144 | static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) | |
0f113f3e MC |
145 | { |
146 | STACK_OF(CMS_SignerInfo) *sinfos; | |
147 | CMS_SignerInfo *sitmp; | |
148 | int i; | |
149 | sinfos = CMS_get0_SignerInfos(cms); | |
150 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { | |
151 | ASN1_OCTET_STRING *messageDigest; | |
152 | sitmp = sk_CMS_SignerInfo_value(sinfos, i); | |
153 | if (sitmp == si) | |
154 | continue; | |
155 | if (CMS_signed_get_attr_count(sitmp) < 0) | |
156 | continue; | |
157 | if (OBJ_cmp(si->digestAlgorithm->algorithm, | |
158 | sitmp->digestAlgorithm->algorithm)) | |
159 | continue; | |
160 | messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, | |
161 | OBJ_nid2obj | |
162 | (NID_pkcs9_messageDigest), | |
163 | -3, V_ASN1_OCTET_STRING); | |
164 | if (!messageDigest) { | |
165 | CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, | |
166 | CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); | |
167 | return 0; | |
168 | } | |
169 | ||
170 | if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, | |
171 | V_ASN1_OCTET_STRING, | |
172 | messageDigest, -1)) | |
173 | return 1; | |
174 | else | |
175 | return 0; | |
176 | } | |
177 | CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST); | |
178 | return 0; | |
179 | } | |
8931b30d DSH |
180 | |
181 | int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) | |
0f113f3e MC |
182 | { |
183 | switch (type) { | |
184 | case CMS_SIGNERINFO_ISSUER_SERIAL: | |
185 | if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert)) | |
186 | return 0; | |
187 | break; | |
8931b30d | 188 | |
0f113f3e MC |
189 | case CMS_SIGNERINFO_KEYIDENTIFIER: |
190 | if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert)) | |
191 | return 0; | |
192 | break; | |
8931b30d | 193 | |
0f113f3e MC |
194 | default: |
195 | CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); | |
196 | return 0; | |
197 | } | |
8931b30d | 198 | |
0f113f3e | 199 | sid->type = type; |
8931b30d | 200 | |
0f113f3e MC |
201 | return 1; |
202 | } | |
8931b30d DSH |
203 | |
204 | int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, | |
0f113f3e MC |
205 | ASN1_OCTET_STRING **keyid, |
206 | X509_NAME **issuer, | |
207 | ASN1_INTEGER **sno) | |
208 | { | |
209 | if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { | |
210 | if (issuer) | |
211 | *issuer = sid->d.issuerAndSerialNumber->issuer; | |
212 | if (sno) | |
213 | *sno = sid->d.issuerAndSerialNumber->serialNumber; | |
214 | } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { | |
215 | if (keyid) | |
216 | *keyid = sid->d.subjectKeyIdentifier; | |
217 | } else | |
218 | return 0; | |
219 | return 1; | |
220 | } | |
8931b30d DSH |
221 | |
222 | int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) | |
0f113f3e MC |
223 | { |
224 | if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) | |
225 | return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); | |
226 | else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) | |
227 | return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert); | |
228 | else | |
229 | return -1; | |
230 | } | |
8931b30d | 231 | |
e365352d | 232 | static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) |
0f113f3e MC |
233 | { |
234 | EVP_PKEY *pkey = si->pkey; | |
235 | int i; | |
12a765a5 | 236 | if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) |
0f113f3e MC |
237 | return 1; |
238 | i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si); | |
239 | if (i == -2) { | |
240 | CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); | |
241 | return 0; | |
242 | } | |
243 | if (i <= 0) { | |
244 | CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE); | |
245 | return 0; | |
246 | } | |
247 | return 1; | |
248 | } | |
e365352d | 249 | |
8931b30d | 250 | CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, |
0f113f3e MC |
251 | X509 *signer, EVP_PKEY *pk, const EVP_MD *md, |
252 | unsigned int flags) | |
253 | { | |
254 | CMS_SignedData *sd; | |
255 | CMS_SignerInfo *si = NULL; | |
256 | X509_ALGOR *alg; | |
257 | int i, type; | |
258 | if (!X509_check_private_key(signer, pk)) { | |
259 | CMSerr(CMS_F_CMS_ADD1_SIGNER, | |
260 | CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); | |
261 | return NULL; | |
262 | } | |
263 | sd = cms_signed_data_init(cms); | |
264 | if (!sd) | |
265 | goto err; | |
266 | si = M_ASN1_new_of(CMS_SignerInfo); | |
267 | if (!si) | |
268 | goto merr; | |
109f8b5d | 269 | /* Call for side-effect of computing hash and caching extensions */ |
0f113f3e MC |
270 | X509_check_purpose(signer, -1, -1); |
271 | ||
05f0fb9f | 272 | X509_up_ref(signer); |
03273d61 | 273 | EVP_PKEY_up_ref(pk); |
0f113f3e MC |
274 | |
275 | si->pkey = pk; | |
276 | si->signer = signer; | |
bfb0641f | 277 | si->mctx = EVP_MD_CTX_new(); |
0f113f3e MC |
278 | si->pctx = NULL; |
279 | ||
6e59a892 RL |
280 | if (si->mctx == NULL) { |
281 | CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); | |
282 | goto err; | |
283 | } | |
284 | ||
0f113f3e MC |
285 | if (flags & CMS_USE_KEYID) { |
286 | si->version = 3; | |
287 | if (sd->version < 3) | |
288 | sd->version = 3; | |
289 | type = CMS_SIGNERINFO_KEYIDENTIFIER; | |
290 | } else { | |
291 | type = CMS_SIGNERINFO_ISSUER_SERIAL; | |
292 | si->version = 1; | |
293 | } | |
294 | ||
295 | if (!cms_set1_SignerIdentifier(si->sid, signer, type)) | |
296 | goto err; | |
297 | ||
298 | if (md == NULL) { | |
299 | int def_nid; | |
300 | if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) | |
301 | goto err; | |
302 | md = EVP_get_digestbynid(def_nid); | |
303 | if (md == NULL) { | |
304 | CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST); | |
305 | goto err; | |
306 | } | |
307 | } | |
308 | ||
309 | if (!md) { | |
310 | CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET); | |
311 | goto err; | |
312 | } | |
313 | ||
314 | X509_ALGOR_set_md(si->digestAlgorithm, md); | |
315 | ||
316 | /* See if digest is present in digestAlgorithms */ | |
317 | for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { | |
ac4e2577 | 318 | const ASN1_OBJECT *aoid; |
0f113f3e MC |
319 | alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); |
320 | X509_ALGOR_get0(&aoid, NULL, NULL, alg); | |
321 | if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) | |
322 | break; | |
323 | } | |
324 | ||
325 | if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { | |
326 | alg = X509_ALGOR_new(); | |
90945fa3 | 327 | if (alg == NULL) |
0f113f3e MC |
328 | goto merr; |
329 | X509_ALGOR_set_md(alg, md); | |
330 | if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { | |
331 | X509_ALGOR_free(alg); | |
332 | goto merr; | |
333 | } | |
334 | } | |
335 | ||
336 | if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) | |
337 | goto err; | |
338 | if (!(flags & CMS_NOATTR)) { | |
339 | /* | |
0d4fb843 | 340 | * Initialize signed attributes structure so other attributes |
0f113f3e MC |
341 | * such as signing time etc are added later even if we add none here. |
342 | */ | |
343 | if (!si->signedAttrs) { | |
344 | si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); | |
345 | if (!si->signedAttrs) | |
346 | goto merr; | |
347 | } | |
348 | ||
349 | if (!(flags & CMS_NOSMIMECAP)) { | |
350 | STACK_OF(X509_ALGOR) *smcap = NULL; | |
351 | i = CMS_add_standard_smimecap(&smcap); | |
352 | if (i) | |
353 | i = CMS_add_smimecap(si, smcap); | |
354 | sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); | |
355 | if (!i) | |
356 | goto merr; | |
357 | } | |
e85d19c6 AI |
358 | if (flags & CMS_CADES) { |
359 | ESS_SIGNING_CERT *sc = NULL; | |
360 | ESS_SIGNING_CERT_V2 *sc2 = NULL; | |
361 | int add_sc; | |
362 | ||
363 | if (md == EVP_sha1() || md == NULL) { | |
364 | if ((sc = ESS_SIGNING_CERT_new_init(signer, | |
365 | NULL, 1)) == NULL) | |
366 | goto err; | |
8c00f267 | 367 | add_sc = cms_add1_signing_cert(si, sc); |
e85d19c6 AI |
368 | ESS_SIGNING_CERT_free(sc); |
369 | } else { | |
370 | if ((sc2 = ESS_SIGNING_CERT_V2_new_init(md, signer, | |
371 | NULL, 1)) == NULL) | |
372 | goto err; | |
8c00f267 | 373 | add_sc = cms_add1_signing_cert_v2(si, sc2); |
e85d19c6 AI |
374 | ESS_SIGNING_CERT_V2_free(sc2); |
375 | } | |
376 | if (!add_sc) | |
377 | goto err; | |
378 | } | |
8c89c80a F |
379 | if (flags & CMS_REUSE_DIGEST) { |
380 | if (!cms_copy_messageDigest(cms, si)) | |
381 | goto err; | |
19e512a8 SL |
382 | if (!cms_set_si_contentType_attr(cms, si)) |
383 | goto err; | |
8c89c80a F |
384 | if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && |
385 | !CMS_SignerInfo_sign(si)) | |
386 | goto err; | |
387 | } | |
0f113f3e MC |
388 | } |
389 | ||
390 | if (!(flags & CMS_NOCERTS)) { | |
391 | /* NB ignore -1 return for duplicate cert */ | |
392 | if (!CMS_add1_cert(cms, signer)) | |
393 | goto merr; | |
394 | } | |
395 | ||
396 | if (flags & CMS_KEY_PARAM) { | |
397 | if (flags & CMS_NOATTR) { | |
398 | si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL); | |
90945fa3 | 399 | if (si->pctx == NULL) |
0f113f3e MC |
400 | goto err; |
401 | if (EVP_PKEY_sign_init(si->pctx) <= 0) | |
402 | goto err; | |
403 | if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) | |
404 | goto err; | |
8c89c80a | 405 | } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) |
0f113f3e MC |
406 | goto err; |
407 | } | |
408 | ||
409 | if (!sd->signerInfos) | |
410 | sd->signerInfos = sk_CMS_SignerInfo_new_null(); | |
411 | if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si)) | |
412 | goto merr; | |
413 | ||
414 | return si; | |
415 | ||
416 | merr: | |
417 | CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); | |
418 | err: | |
2ace7450 | 419 | M_ASN1_free_of(si, CMS_SignerInfo); |
0f113f3e MC |
420 | return NULL; |
421 | ||
422 | } | |
8931b30d | 423 | |
1e26a8ba | 424 | static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) |
0f113f3e MC |
425 | { |
426 | ASN1_TIME *tt; | |
427 | int r = 0; | |
428 | if (t) | |
429 | tt = t; | |
430 | else | |
431 | tt = X509_gmtime_adj(NULL, 0); | |
8931b30d | 432 | |
0f113f3e MC |
433 | if (!tt) |
434 | goto merr; | |
8931b30d | 435 | |
0f113f3e MC |
436 | if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, |
437 | tt->type, tt, -1) <= 0) | |
438 | goto merr; | |
8931b30d | 439 | |
0f113f3e | 440 | r = 1; |
8931b30d | 441 | |
0f113f3e | 442 | merr: |
8931b30d | 443 | |
0f113f3e MC |
444 | if (!t) |
445 | ASN1_TIME_free(tt); | |
8931b30d | 446 | |
0f113f3e MC |
447 | if (!r) |
448 | CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE); | |
8931b30d | 449 | |
0f113f3e | 450 | return r; |
8931b30d | 451 | |
0f113f3e | 452 | } |
8931b30d | 453 | |
e365352d | 454 | EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) |
0f113f3e MC |
455 | { |
456 | return si->pctx; | |
457 | } | |
e365352d DSH |
458 | |
459 | EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) | |
0f113f3e | 460 | { |
6e59a892 | 461 | return si->mctx; |
0f113f3e | 462 | } |
e365352d | 463 | |
8931b30d | 464 | STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) |
0f113f3e MC |
465 | { |
466 | CMS_SignedData *sd; | |
467 | sd = cms_get0_signed(cms); | |
468 | if (!sd) | |
469 | return NULL; | |
470 | return sd->signerInfos; | |
471 | } | |
8931b30d DSH |
472 | |
473 | STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) | |
0f113f3e MC |
474 | { |
475 | STACK_OF(X509) *signers = NULL; | |
476 | STACK_OF(CMS_SignerInfo) *sinfos; | |
477 | CMS_SignerInfo *si; | |
478 | int i; | |
479 | sinfos = CMS_get0_SignerInfos(cms); | |
480 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { | |
481 | si = sk_CMS_SignerInfo_value(sinfos, i); | |
482 | if (si->signer) { | |
483 | if (!signers) { | |
484 | signers = sk_X509_new_null(); | |
485 | if (!signers) | |
486 | return NULL; | |
487 | } | |
488 | if (!sk_X509_push(signers, si->signer)) { | |
489 | sk_X509_free(signers); | |
490 | return NULL; | |
491 | } | |
492 | } | |
493 | } | |
494 | return signers; | |
495 | } | |
8931b30d DSH |
496 | |
497 | void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) | |
0f113f3e MC |
498 | { |
499 | if (signer) { | |
05f0fb9f | 500 | X509_up_ref(signer); |
c5ba2d99 | 501 | EVP_PKEY_free(si->pkey); |
0f113f3e MC |
502 | si->pkey = X509_get_pubkey(signer); |
503 | } | |
222561fe | 504 | X509_free(si->signer); |
0f113f3e MC |
505 | si->signer = signer; |
506 | } | |
8931b30d DSH |
507 | |
508 | int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, | |
0f113f3e MC |
509 | ASN1_OCTET_STRING **keyid, |
510 | X509_NAME **issuer, ASN1_INTEGER **sno) | |
511 | { | |
512 | return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); | |
513 | } | |
8931b30d DSH |
514 | |
515 | int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) | |
0f113f3e MC |
516 | { |
517 | return cms_SignerIdentifier_cert_cmp(si->sid, cert); | |
518 | } | |
8931b30d DSH |
519 | |
520 | int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, | |
0f113f3e MC |
521 | unsigned int flags) |
522 | { | |
523 | CMS_SignedData *sd; | |
524 | CMS_SignerInfo *si; | |
525 | CMS_CertificateChoices *cch; | |
526 | STACK_OF(CMS_CertificateChoices) *certs; | |
527 | X509 *x; | |
528 | int i, j; | |
529 | int ret = 0; | |
530 | sd = cms_get0_signed(cms); | |
531 | if (!sd) | |
532 | return -1; | |
533 | certs = sd->certificates; | |
534 | for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { | |
535 | si = sk_CMS_SignerInfo_value(sd->signerInfos, i); | |
536 | if (si->signer) | |
537 | continue; | |
538 | ||
539 | for (j = 0; j < sk_X509_num(scerts); j++) { | |
540 | x = sk_X509_value(scerts, j); | |
541 | if (CMS_SignerInfo_cert_cmp(si, x) == 0) { | |
542 | CMS_SignerInfo_set1_signer_cert(si, x); | |
543 | ret++; | |
544 | break; | |
545 | } | |
546 | } | |
547 | ||
548 | if (si->signer || (flags & CMS_NOINTERN)) | |
549 | continue; | |
550 | ||
551 | for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) { | |
552 | cch = sk_CMS_CertificateChoices_value(certs, j); | |
553 | if (cch->type != 0) | |
554 | continue; | |
555 | x = cch->d.certificate; | |
556 | if (CMS_SignerInfo_cert_cmp(si, x) == 0) { | |
557 | CMS_SignerInfo_set1_signer_cert(si, x); | |
558 | ret++; | |
559 | break; | |
560 | } | |
561 | } | |
562 | } | |
563 | return ret; | |
564 | } | |
565 | ||
566 | void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, | |
567 | X509 **signer, X509_ALGOR **pdig, | |
568 | X509_ALGOR **psig) | |
569 | { | |
570 | if (pk) | |
571 | *pk = si->pkey; | |
572 | if (signer) | |
573 | *signer = si->signer; | |
574 | if (pdig) | |
575 | *pdig = si->digestAlgorithm; | |
576 | if (psig) | |
577 | *psig = si->signatureAlgorithm; | |
578 | } | |
8931b30d | 579 | |
da15c616 | 580 | ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) |
0f113f3e MC |
581 | { |
582 | return si->signature; | |
583 | } | |
da15c616 | 584 | |
ff80280b | 585 | static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, |
0f113f3e MC |
586 | CMS_SignerInfo *si, BIO *chain) |
587 | { | |
bfb0641f | 588 | EVP_MD_CTX *mctx = EVP_MD_CTX_new(); |
0f113f3e MC |
589 | int r = 0; |
590 | EVP_PKEY_CTX *pctx = NULL; | |
6e59a892 RL |
591 | |
592 | if (mctx == NULL) { | |
593 | CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); | |
594 | return 0; | |
595 | } | |
0f113f3e MC |
596 | |
597 | if (!si->pkey) { | |
598 | CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); | |
22803581 | 599 | goto err; |
0f113f3e MC |
600 | } |
601 | ||
6e59a892 | 602 | if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) |
0f113f3e | 603 | goto err; |
0d4fb843 | 604 | /* Set SignerInfo algorithm details if we used custom parameter */ |
0f113f3e MC |
605 | if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) |
606 | goto err; | |
607 | ||
608 | /* | |
609 | * If any signed attributes calculate and add messageDigest attribute | |
610 | */ | |
611 | ||
612 | if (CMS_signed_get_attr_count(si) >= 0) { | |
0f113f3e MC |
613 | unsigned char md[EVP_MAX_MD_SIZE]; |
614 | unsigned int mdlen; | |
6e59a892 | 615 | if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) |
0f113f3e MC |
616 | goto err; |
617 | if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, | |
618 | V_ASN1_OCTET_STRING, md, mdlen)) | |
619 | goto err; | |
620 | /* Copy content type across */ | |
19e512a8 | 621 | if (!cms_set_si_contentType_attr(cms, si)) |
0f113f3e | 622 | goto err; |
19e512a8 | 623 | |
0f113f3e MC |
624 | if (!CMS_SignerInfo_sign(si)) |
625 | goto err; | |
626 | } else if (si->pctx) { | |
627 | unsigned char *sig; | |
628 | size_t siglen; | |
629 | unsigned char md[EVP_MAX_MD_SIZE]; | |
630 | unsigned int mdlen; | |
631 | pctx = si->pctx; | |
6e59a892 | 632 | if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) |
0f113f3e MC |
633 | goto err; |
634 | siglen = EVP_PKEY_size(si->pkey); | |
635 | sig = OPENSSL_malloc(siglen); | |
90945fa3 | 636 | if (sig == NULL) { |
0f113f3e MC |
637 | CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); |
638 | goto err; | |
639 | } | |
640 | if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { | |
641 | OPENSSL_free(sig); | |
642 | goto err; | |
643 | } | |
644 | ASN1_STRING_set0(si->signature, sig, siglen); | |
645 | } else { | |
646 | unsigned char *sig; | |
647 | unsigned int siglen; | |
648 | sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); | |
90945fa3 | 649 | if (sig == NULL) { |
0f113f3e MC |
650 | CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); |
651 | goto err; | |
652 | } | |
6e59a892 | 653 | if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { |
0f113f3e MC |
654 | CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); |
655 | OPENSSL_free(sig); | |
656 | goto err; | |
657 | } | |
658 | ASN1_STRING_set0(si->signature, sig, siglen); | |
659 | } | |
660 | ||
661 | r = 1; | |
662 | ||
663 | err: | |
bfb0641f | 664 | EVP_MD_CTX_free(mctx); |
c5ba2d99 | 665 | EVP_PKEY_CTX_free(pctx); |
0f113f3e MC |
666 | return r; |
667 | ||
668 | } | |
8931b30d DSH |
669 | |
670 | int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) | |
0f113f3e MC |
671 | { |
672 | STACK_OF(CMS_SignerInfo) *sinfos; | |
673 | CMS_SignerInfo *si; | |
674 | int i; | |
675 | sinfos = CMS_get0_SignerInfos(cms); | |
676 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { | |
677 | si = sk_CMS_SignerInfo_value(sinfos, i); | |
678 | if (!cms_SignerInfo_content_sign(cms, si, chain)) | |
679 | return 0; | |
680 | } | |
681 | cms->d.signedData->encapContentInfo->partial = 0; | |
682 | return 1; | |
683 | } | |
8931b30d DSH |
684 | |
685 | int CMS_SignerInfo_sign(CMS_SignerInfo *si) | |
0f113f3e | 686 | { |
6e59a892 | 687 | EVP_MD_CTX *mctx = si->mctx; |
e6803117 | 688 | EVP_PKEY_CTX *pctx = NULL; |
0f113f3e MC |
689 | unsigned char *abuf = NULL; |
690 | int alen; | |
691 | size_t siglen; | |
692 | const EVP_MD *md = NULL; | |
693 | ||
694 | md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); | |
695 | if (md == NULL) | |
696 | return 0; | |
697 | ||
698 | if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { | |
699 | if (!cms_add1_signingTime(si, NULL)) | |
700 | goto err; | |
701 | } | |
702 | ||
19e512a8 SL |
703 | if (!CMS_si_check_attributes(si)) |
704 | goto err; | |
705 | ||
0f113f3e MC |
706 | if (si->pctx) |
707 | pctx = si->pctx; | |
708 | else { | |
bfb0641f | 709 | EVP_MD_CTX_reset(mctx); |
0f113f3e MC |
710 | if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) |
711 | goto err; | |
f7a21d85 | 712 | si->pctx = pctx; |
0f113f3e MC |
713 | } |
714 | ||
dfcb5d29 MC |
715 | /* |
716 | * TODO(3.0): This causes problems when providers are in use, so disabled | |
717 | * for now. Can we get rid of this completely? AFAICT this ctrl has been | |
718 | * present since CMS was first put in - but has never been used to do | |
719 | * anything. All internal implementations just return 1 and ignore this ctrl | |
720 | * and have always done so by the looks of things. To fix this we could | |
721 | * convert this ctrl into a param, which would require us to send all the | |
722 | * signer info data as a set of params...but that is non-trivial and since | |
723 | * this isn't used by anything it may be better just to remove it. | |
724 | */ | |
725 | #if 0 | |
0f113f3e MC |
726 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, |
727 | EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) { | |
728 | CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); | |
729 | goto err; | |
730 | } | |
dfcb5d29 | 731 | #endif |
0f113f3e MC |
732 | |
733 | alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, | |
734 | ASN1_ITEM_rptr(CMS_Attributes_Sign)); | |
735 | if (!abuf) | |
736 | goto err; | |
737 | if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) | |
738 | goto err; | |
739 | if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) | |
740 | goto err; | |
741 | OPENSSL_free(abuf); | |
742 | abuf = OPENSSL_malloc(siglen); | |
90945fa3 | 743 | if (abuf == NULL) |
0f113f3e MC |
744 | goto err; |
745 | if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) | |
746 | goto err; | |
747 | ||
dfcb5d29 MC |
748 | /* |
749 | * TODO(3.0): This causes problems when providers are in use, so disabled | |
750 | * for now. Can we get rid of this completely? AFAICT this ctrl has been | |
751 | * present since CMS was first put in - but has never been used to do | |
752 | * anything. All internal implementations just return 1 and ignore this ctrl | |
753 | * and have always done so by the looks of things. To fix this we could | |
754 | * convert this ctrl into a param, which would require us to send all the | |
755 | * signer info data as a set of params...but that is non-trivial and since | |
756 | * this isn't used by anything it may be better just to remove it. | |
757 | */ | |
758 | #if 0 | |
0f113f3e MC |
759 | if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, |
760 | EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) { | |
761 | CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR); | |
762 | goto err; | |
763 | } | |
dfcb5d29 | 764 | #endif |
0f113f3e | 765 | |
bfb0641f | 766 | EVP_MD_CTX_reset(mctx); |
0f113f3e MC |
767 | |
768 | ASN1_STRING_set0(si->signature, abuf, siglen); | |
769 | ||
770 | return 1; | |
771 | ||
772 | err: | |
b548a1f1 | 773 | OPENSSL_free(abuf); |
bfb0641f | 774 | EVP_MD_CTX_reset(mctx); |
0f113f3e | 775 | return 0; |
0f113f3e | 776 | } |
8931b30d DSH |
777 | |
778 | int CMS_SignerInfo_verify(CMS_SignerInfo *si) | |
0f113f3e | 779 | { |
6e59a892 | 780 | EVP_MD_CTX *mctx = NULL; |
0f113f3e MC |
781 | unsigned char *abuf = NULL; |
782 | int alen, r = -1; | |
783 | const EVP_MD *md = NULL; | |
784 | ||
785 | if (!si->pkey) { | |
786 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY); | |
787 | return -1; | |
788 | } | |
789 | ||
19e512a8 SL |
790 | if (!CMS_si_check_attributes(si)) |
791 | return -1; | |
792 | ||
0f113f3e MC |
793 | md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); |
794 | if (md == NULL) | |
795 | return -1; | |
378db52b RS |
796 | if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { |
797 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE); | |
798 | return -1; | |
799 | } | |
6e59a892 | 800 | mctx = si->mctx; |
0f113f3e MC |
801 | if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) |
802 | goto err; | |
803 | ||
804 | if (!cms_sd_asn1_ctrl(si, 1)) | |
805 | goto err; | |
806 | ||
807 | alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, | |
808 | ASN1_ITEM_rptr(CMS_Attributes_Verify)); | |
809 | if (!abuf) | |
810 | goto err; | |
811 | r = EVP_DigestVerifyUpdate(mctx, abuf, alen); | |
812 | OPENSSL_free(abuf); | |
813 | if (r <= 0) { | |
814 | r = -1; | |
815 | goto err; | |
816 | } | |
817 | r = EVP_DigestVerifyFinal(mctx, | |
818 | si->signature->data, si->signature->length); | |
819 | if (r <= 0) | |
820 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); | |
821 | err: | |
bfb0641f | 822 | EVP_MD_CTX_reset(mctx); |
0f113f3e MC |
823 | return r; |
824 | } | |
8931b30d DSH |
825 | |
826 | /* Create a chain of digest BIOs from a CMS ContentInfo */ | |
827 | ||
828 | BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) | |
0f113f3e MC |
829 | { |
830 | int i; | |
831 | CMS_SignedData *sd; | |
832 | BIO *chain = NULL; | |
833 | sd = cms_get0_signed(cms); | |
834 | if (!sd) | |
835 | return NULL; | |
836 | if (cms->d.signedData->encapContentInfo->partial) | |
837 | cms_sd_set_version(sd); | |
838 | for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { | |
839 | X509_ALGOR *digestAlgorithm; | |
840 | BIO *mdbio; | |
841 | digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); | |
842 | mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm); | |
843 | if (!mdbio) | |
844 | goto err; | |
845 | if (chain) | |
846 | BIO_push(chain, mdbio); | |
847 | else | |
848 | chain = mdbio; | |
849 | } | |
850 | return chain; | |
851 | err: | |
ca3a82c3 | 852 | BIO_free_all(chain); |
0f113f3e MC |
853 | return NULL; |
854 | } | |
8931b30d DSH |
855 | |
856 | int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) | |
0f113f3e MC |
857 | { |
858 | ASN1_OCTET_STRING *os = NULL; | |
bfb0641f | 859 | EVP_MD_CTX *mctx = EVP_MD_CTX_new(); |
0f113f3e MC |
860 | EVP_PKEY_CTX *pkctx = NULL; |
861 | int r = -1; | |
862 | unsigned char mval[EVP_MAX_MD_SIZE]; | |
863 | unsigned int mlen; | |
6e59a892 RL |
864 | |
865 | if (mctx == NULL) { | |
866 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); | |
867 | goto err; | |
868 | } | |
0f113f3e MC |
869 | /* If we have any signed attributes look for messageDigest value */ |
870 | if (CMS_signed_get_attr_count(si) >= 0) { | |
871 | os = CMS_signed_get0_data_by_OBJ(si, | |
872 | OBJ_nid2obj(NID_pkcs9_messageDigest), | |
873 | -3, V_ASN1_OCTET_STRING); | |
874 | if (!os) { | |
875 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | |
876 | CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); | |
877 | goto err; | |
878 | } | |
879 | } | |
880 | ||
6e59a892 | 881 | if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) |
0f113f3e MC |
882 | goto err; |
883 | ||
6e59a892 | 884 | if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { |
0f113f3e MC |
885 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, |
886 | CMS_R_UNABLE_TO_FINALIZE_CONTEXT); | |
887 | goto err; | |
888 | } | |
889 | ||
890 | /* If messageDigest found compare it */ | |
891 | ||
892 | if (os) { | |
893 | if (mlen != (unsigned int)os->length) { | |
894 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | |
895 | CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); | |
896 | goto err; | |
897 | } | |
898 | ||
899 | if (memcmp(mval, os->data, mlen)) { | |
900 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | |
901 | CMS_R_VERIFICATION_FAILURE); | |
902 | r = 0; | |
903 | } else | |
904 | r = 1; | |
905 | } else { | |
6e59a892 | 906 | const EVP_MD *md = EVP_MD_CTX_md(mctx); |
0f113f3e | 907 | pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); |
90945fa3 MC |
908 | if (pkctx == NULL) |
909 | goto err; | |
0f113f3e MC |
910 | if (EVP_PKEY_verify_init(pkctx) <= 0) |
911 | goto err; | |
912 | if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) | |
913 | goto err; | |
914 | si->pctx = pkctx; | |
915 | if (!cms_sd_asn1_ctrl(si, 1)) | |
916 | goto err; | |
917 | r = EVP_PKEY_verify(pkctx, si->signature->data, | |
918 | si->signature->length, mval, mlen); | |
919 | if (r <= 0) { | |
920 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, | |
921 | CMS_R_VERIFICATION_FAILURE); | |
922 | r = 0; | |
923 | } | |
924 | } | |
925 | ||
926 | err: | |
c5ba2d99 | 927 | EVP_PKEY_CTX_free(pkctx); |
bfb0641f | 928 | EVP_MD_CTX_free(mctx); |
0f113f3e MC |
929 | return r; |
930 | ||
931 | } | |
8931b30d DSH |
932 | |
933 | int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) | |
0f113f3e MC |
934 | { |
935 | unsigned char *smder = NULL; | |
936 | int smderlen, r; | |
937 | smderlen = i2d_X509_ALGORS(algs, &smder); | |
938 | if (smderlen <= 0) | |
939 | return 0; | |
940 | r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, | |
941 | V_ASN1_SEQUENCE, smder, smderlen); | |
942 | OPENSSL_free(smder); | |
943 | return r; | |
944 | } | |
8931b30d DSH |
945 | |
946 | int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, | |
0f113f3e MC |
947 | int algnid, int keysize) |
948 | { | |
949 | X509_ALGOR *alg; | |
950 | ASN1_INTEGER *key = NULL; | |
951 | if (keysize > 0) { | |
952 | key = ASN1_INTEGER_new(); | |
90945fa3 | 953 | if (key == NULL || !ASN1_INTEGER_set(key, keysize)) |
0f113f3e MC |
954 | return 0; |
955 | } | |
956 | alg = X509_ALGOR_new(); | |
90945fa3 | 957 | if (alg == NULL) { |
2ace7450 | 958 | ASN1_INTEGER_free(key); |
0f113f3e MC |
959 | return 0; |
960 | } | |
961 | ||
962 | X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), | |
963 | key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); | |
90945fa3 | 964 | if (*algs == NULL) |
0f113f3e | 965 | *algs = sk_X509_ALGOR_new_null(); |
90945fa3 | 966 | if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { |
0f113f3e MC |
967 | X509_ALGOR_free(alg); |
968 | return 0; | |
969 | } | |
970 | return 1; | |
971 | } | |
8931b30d DSH |
972 | |
973 | /* Check to see if a cipher exists and if so add S/MIME capabilities */ | |
974 | ||
975 | static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) | |
0f113f3e MC |
976 | { |
977 | if (EVP_get_cipherbynid(nid)) | |
978 | return CMS_add_simple_smimecap(sk, nid, arg); | |
979 | return 1; | |
980 | } | |
8931b30d DSH |
981 | |
982 | static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) | |
0f113f3e MC |
983 | { |
984 | if (EVP_get_digestbynid(nid)) | |
985 | return CMS_add_simple_smimecap(sk, nid, arg); | |
986 | return 1; | |
987 | } | |
8931b30d DSH |
988 | |
989 | int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) | |
0f113f3e MC |
990 | { |
991 | if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) | |
c58f3e42 MC |
992 | || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) |
993 | || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) | |
0f113f3e MC |
994 | || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) |
995 | || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) | |
996 | || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) | |
997 | || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) | |
998 | || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) | |
999 | || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) | |
1000 | || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) | |
1001 | || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) | |
1002 | || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) | |
1003 | return 0; | |
1004 | return 1; | |
1005 | } |