]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cms/cms_env.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Copyright year updates
[thirdparty/openssl.git] / crypto / cms / cms_env.c
1 /*
2 * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/cryptlib.h"
11 #include <openssl/asn1t.h>
12 #include <openssl/pem.h>
13 #include <openssl/x509v3.h>
14 #include <openssl/err.h>
15 #include <openssl/cms.h>
16 #include <openssl/evp.h>
17 #include "internal/sizes.h"
18 #include "crypto/asn1.h"
19 #include "crypto/evp.h"
20 #include "crypto/x509.h"
21 #include "cms_local.h"
22
23 /* CMS EnvelopedData Utilities */
24 static void cms_env_set_version(CMS_EnvelopedData *env);
25
26 #define CMS_ENVELOPED_STANDARD 1
27 #define CMS_ENVELOPED_AUTH 2
28
29 static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms)
30 {
31 int nid = OBJ_obj2nid(cms->contentType);
32
33 switch (nid) {
34 case NID_pkcs7_enveloped:
35 return CMS_ENVELOPED_STANDARD;
36
37 case NID_id_smime_ct_authEnvelopedData:
38 return CMS_ENVELOPED_AUTH;
39
40 default:
41 return 0;
42 }
43 }
44
45 static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
46 {
47 int ret = cms_get_enveloped_type_simple(cms);
48
49 if (ret == 0)
50 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
51 return ret;
52 }
53
54 void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf)
55 {
56 if (cms_get_enveloped_type_simple(cinf) != 0) {
57 CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf);
58 if (ec != NULL)
59 OPENSSL_clear_free(ec->key, ec->keylen);
60 }
61 }
62
63 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
64 {
65 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
66 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
67 return NULL;
68 }
69 return cms->d.envelopedData;
70 }
71
72 CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms)
73 {
74 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) {
75 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
76 return NULL;
77 }
78 return cms->d.authEnvelopedData;
79 }
80
81 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
82 {
83 if (cms->d.other == NULL) {
84 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
85 if (cms->d.envelopedData == NULL) {
86 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
87 return NULL;
88 }
89 cms->d.envelopedData->version = 0;
90 cms->d.envelopedData->encryptedContentInfo->contentType =
91 OBJ_nid2obj(NID_pkcs7_data);
92 ASN1_OBJECT_free(cms->contentType);
93 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
94 return cms->d.envelopedData;
95 }
96 return ossl_cms_get0_enveloped(cms);
97 }
98
99 static CMS_AuthEnvelopedData *
100 cms_auth_enveloped_data_init(CMS_ContentInfo *cms)
101 {
102 if (cms->d.other == NULL) {
103 cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData);
104 if (cms->d.authEnvelopedData == NULL) {
105 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
106 return NULL;
107 }
108 /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */
109 cms->d.authEnvelopedData->version = 0;
110 cms->d.authEnvelopedData->authEncryptedContentInfo->contentType =
111 OBJ_nid2obj(NID_pkcs7_data);
112 ASN1_OBJECT_free(cms->contentType);
113 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData);
114 return cms->d.authEnvelopedData;
115 }
116 return ossl_cms_get0_auth_enveloped(cms);
117 }
118
119 int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
120 {
121 EVP_PKEY *pkey;
122 int i;
123 if (ri->type == CMS_RECIPINFO_TRANS)
124 pkey = ri->d.ktri->pkey;
125 else if (ri->type == CMS_RECIPINFO_AGREE) {
126 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
127
128 if (pctx == NULL)
129 return 0;
130 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
131 if (pkey == NULL)
132 return 0;
133 } else
134 return 0;
135
136 if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH"))
137 return ossl_cms_dh_envelope(ri, cmd);
138 else if (EVP_PKEY_is_a(pkey, "EC"))
139 return ossl_cms_ecdh_envelope(ri, cmd);
140 else if (EVP_PKEY_is_a(pkey, "RSA"))
141 return ossl_cms_rsa_envelope(ri, cmd);
142
143 /* Something else? We'll give engines etc a chance to handle this */
144 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
145 return 1;
146 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
147 if (i == -2) {
148 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
149 return 0;
150 }
151 if (i <= 0) {
152 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
153 return 0;
154 }
155 return 1;
156 }
157
158 CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
159 {
160 switch (cms_get_enveloped_type(cms)) {
161 case CMS_ENVELOPED_STANDARD:
162 return cms->d.envelopedData == NULL ? NULL
163 : cms->d.envelopedData->encryptedContentInfo;
164
165 case CMS_ENVELOPED_AUTH:
166 return cms->d.authEnvelopedData == NULL ? NULL
167 : cms->d.authEnvelopedData->authEncryptedContentInfo;
168
169 default:
170 return NULL;
171 }
172 }
173
174 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
175 {
176 switch (cms_get_enveloped_type(cms)) {
177 case CMS_ENVELOPED_STANDARD:
178 return cms->d.envelopedData->recipientInfos;
179
180 case CMS_ENVELOPED_AUTH:
181 return cms->d.authEnvelopedData->recipientInfos;
182
183 default:
184 return NULL;
185 }
186 }
187
188 void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
189 {
190 int i;
191 CMS_RecipientInfo *ri;
192 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
193 STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms);
194
195 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
196 ri = sk_CMS_RecipientInfo_value(rinfos, i);
197 if (ri != NULL) {
198 switch (ri->type) {
199 case CMS_RECIPINFO_AGREE:
200 ri->d.kari->cms_ctx = ctx;
201 break;
202 case CMS_RECIPINFO_TRANS:
203 ri->d.ktri->cms_ctx = ctx;
204 ossl_x509_set0_libctx(ri->d.ktri->recip,
205 ossl_cms_ctx_get0_libctx(ctx),
206 ossl_cms_ctx_get0_propq(ctx));
207 break;
208 case CMS_RECIPINFO_KEK:
209 ri->d.kekri->cms_ctx = ctx;
210 break;
211 case CMS_RECIPINFO_PASS:
212 ri->d.pwri->cms_ctx = ctx;
213 break;
214 default:
215 break;
216 }
217 }
218 }
219 }
220
221 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
222 {
223 return ri->type;
224 }
225
226 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
227 {
228 if (ri->type == CMS_RECIPINFO_TRANS)
229 return ri->d.ktri->pctx;
230 else if (ri->type == CMS_RECIPINFO_AGREE)
231 return ri->d.kari->pctx;
232 return NULL;
233 }
234
235 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
236 OSSL_LIB_CTX *libctx,
237 const char *propq)
238 {
239 CMS_ContentInfo *cms;
240 CMS_EnvelopedData *env;
241
242 cms = CMS_ContentInfo_new_ex(libctx, propq);
243 if (cms == NULL)
244 goto err;
245 env = cms_enveloped_data_init(cms);
246 if (env == NULL)
247 goto err;
248
249 if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL,
250 0, ossl_cms_get0_cmsctx(cms)))
251 goto err;
252 return cms;
253 err:
254 CMS_ContentInfo_free(cms);
255 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
256 return NULL;
257 }
258
259 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
260 {
261 return CMS_EnvelopedData_create_ex(cipher, NULL, NULL);
262 }
263
264 BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
265 EVP_PKEY *pkey, X509 *cert,
266 ASN1_OCTET_STRING *secret, unsigned int flags,
267 OSSL_LIB_CTX *libctx, const char *propq)
268 {
269 CMS_ContentInfo *ci;
270 BIO *bio = NULL;
271 int res = 0;
272
273 if (env == NULL) {
274 ERR_raise(ERR_LIB_CMS, ERR_R_PASSED_NULL_PARAMETER);
275 return NULL;
276 }
277
278 if ((ci = CMS_ContentInfo_new_ex(libctx, propq)) == NULL
279 || (bio = BIO_new(BIO_s_mem())) == NULL)
280 goto end;
281 ci->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
282 ci->d.envelopedData = env;
283 if (secret != NULL
284 && CMS_decrypt_set1_password(ci, (unsigned char *)
285 ASN1_STRING_get0_data(secret),
286 ASN1_STRING_length(secret)) != 1)
287 goto end;
288 res = CMS_decrypt(ci, secret == NULL ? pkey : NULL,
289 secret == NULL ? cert : NULL, detached_data, bio, flags);
290
291 end:
292 if (ci != NULL)
293 ci->d.envelopedData = NULL; /* do not indirectly free |env| */
294 CMS_ContentInfo_free(ci);
295 if (!res) {
296 BIO_free(bio);
297 bio = NULL;
298 }
299 return bio;
300 }
301
302 CMS_ContentInfo *
303 CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
304 const char *propq)
305 {
306 CMS_ContentInfo *cms;
307 CMS_AuthEnvelopedData *aenv;
308
309 cms = CMS_ContentInfo_new_ex(libctx, propq);
310 if (cms == NULL)
311 goto merr;
312 aenv = cms_auth_enveloped_data_init(cms);
313 if (aenv == NULL)
314 goto merr;
315 if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo,
316 cipher, NULL, 0,
317 ossl_cms_get0_cmsctx(cms)))
318 goto merr;
319 return cms;
320 merr:
321 CMS_ContentInfo_free(cms);
322 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
323 return NULL;
324 }
325
326
327 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher)
328 {
329 return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL);
330 }
331
332 /* Key Transport Recipient Info (KTRI) routines */
333
334 /* Initialise a ktri based on passed certificate and key */
335
336 static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
337 EVP_PKEY *pk, unsigned int flags,
338 const CMS_CTX *ctx)
339 {
340 CMS_KeyTransRecipientInfo *ktri;
341 int idtype;
342
343 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
344 if (!ri->d.ktri)
345 return 0;
346 ri->type = CMS_RECIPINFO_TRANS;
347
348 ktri = ri->d.ktri;
349 ktri->cms_ctx = ctx;
350
351 if (flags & CMS_USE_KEYID) {
352 ktri->version = 2;
353 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
354 } else {
355 ktri->version = 0;
356 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
357 }
358
359 /*
360 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
361 * structure.
362 */
363
364 if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx))
365 return 0;
366
367 X509_up_ref(recip);
368 EVP_PKEY_up_ref(pk);
369
370 ktri->pkey = pk;
371 ktri->recip = recip;
372
373 if (flags & CMS_KEY_PARAM) {
374 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
375 ktri->pkey,
376 ossl_cms_ctx_get0_propq(ctx));
377 if (ktri->pctx == NULL)
378 return 0;
379 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
380 return 0;
381 } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
382 return 0;
383 return 1;
384 }
385
386 /*
387 * Add a recipient certificate using appropriate type of RecipientInfo
388 */
389
390 CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
391 EVP_PKEY *originatorPrivKey,
392 X509 *originator, unsigned int flags)
393 {
394 CMS_RecipientInfo *ri = NULL;
395 STACK_OF(CMS_RecipientInfo) *ris;
396 EVP_PKEY *pk = NULL;
397 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
398
399 ris = CMS_get0_RecipientInfos(cms);
400 if (ris == NULL)
401 goto err;
402
403 /* Initialize recipient info */
404 ri = M_ASN1_new_of(CMS_RecipientInfo);
405 if (ri == NULL) {
406 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
407 goto err;
408 }
409
410 pk = X509_get0_pubkey(recip);
411 if (pk == NULL) {
412 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY);
413 goto err;
414 }
415
416 switch (ossl_cms_pkey_get_ri_type(pk)) {
417
418 case CMS_RECIPINFO_TRANS:
419 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx))
420 goto err;
421 break;
422
423 case CMS_RECIPINFO_AGREE:
424 if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator,
425 originatorPrivKey, flags, ctx))
426 goto err;
427 break;
428
429 default:
430 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
431 goto err;
432
433 }
434
435 if (!sk_CMS_RecipientInfo_push(ris, ri)) {
436 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
437 goto err;
438 }
439
440 return ri;
441
442 err:
443 M_ASN1_free_of(ri, CMS_RecipientInfo);
444 return NULL;
445
446 }
447
448 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
449 unsigned int flags)
450 {
451 return CMS_add1_recipient(cms, recip, NULL, NULL, flags);
452 }
453
454 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
455 EVP_PKEY **pk, X509 **recip,
456 X509_ALGOR **palg)
457 {
458 CMS_KeyTransRecipientInfo *ktri;
459 if (ri->type != CMS_RECIPINFO_TRANS) {
460 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
461 return 0;
462 }
463
464 ktri = ri->d.ktri;
465
466 if (pk)
467 *pk = ktri->pkey;
468 if (recip)
469 *recip = ktri->recip;
470 if (palg)
471 *palg = ktri->keyEncryptionAlgorithm;
472 return 1;
473 }
474
475 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
476 ASN1_OCTET_STRING **keyid,
477 X509_NAME **issuer,
478 ASN1_INTEGER **sno)
479 {
480 CMS_KeyTransRecipientInfo *ktri;
481 if (ri->type != CMS_RECIPINFO_TRANS) {
482 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
483 return 0;
484 }
485 ktri = ri->d.ktri;
486
487 return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer,
488 sno);
489 }
490
491 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
492 {
493 if (ri->type != CMS_RECIPINFO_TRANS) {
494 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
495 return -2;
496 }
497 return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
498 }
499
500 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
501 {
502 if (ri->type != CMS_RECIPINFO_TRANS) {
503 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
504 return 0;
505 }
506 EVP_PKEY_free(ri->d.ktri->pkey);
507 ri->d.ktri->pkey = pkey;
508 return 1;
509 }
510
511 /* Encrypt content key in key transport recipient info */
512
513 static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
514 CMS_RecipientInfo *ri)
515 {
516 CMS_KeyTransRecipientInfo *ktri;
517 CMS_EncryptedContentInfo *ec;
518 EVP_PKEY_CTX *pctx;
519 unsigned char *ek = NULL;
520 size_t eklen;
521 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
522
523 int ret = 0;
524
525 if (ri->type != CMS_RECIPINFO_TRANS) {
526 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
527 return 0;
528 }
529 ktri = ri->d.ktri;
530 ec = ossl_cms_get0_env_enc_content(cms);
531
532 pctx = ktri->pctx;
533
534 if (pctx) {
535 if (!ossl_cms_env_asn1_ctrl(ri, 0))
536 goto err;
537 } else {
538 pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
539 ktri->pkey,
540 ossl_cms_ctx_get0_propq(ctx));
541 if (pctx == NULL)
542 return 0;
543
544 if (EVP_PKEY_encrypt_init(pctx) <= 0)
545 goto err;
546 }
547
548 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
549 goto err;
550
551 ek = OPENSSL_malloc(eklen);
552 if (ek == NULL)
553 goto err;
554
555 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
556 goto err;
557
558 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
559 ek = NULL;
560
561 ret = 1;
562
563 err:
564 EVP_PKEY_CTX_free(pctx);
565 ktri->pctx = NULL;
566 OPENSSL_free(ek);
567 return ret;
568 }
569
570 /* Decrypt content key from KTRI */
571
572 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
573 CMS_RecipientInfo *ri)
574 {
575 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
576 EVP_PKEY *pkey = ktri->pkey;
577 unsigned char *ek = NULL;
578 size_t eklen;
579 int ret = 0;
580 size_t fixlen = 0;
581 const EVP_CIPHER *cipher = NULL;
582 EVP_CIPHER *fetched_cipher = NULL;
583 CMS_EncryptedContentInfo *ec;
584 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
585 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
586 const char *propq = ossl_cms_ctx_get0_propq(ctx);
587
588 ec = ossl_cms_get0_env_enc_content(cms);
589
590 if (ktri->pkey == NULL) {
591 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY);
592 return 0;
593 }
594
595 if (cms->d.envelopedData->encryptedContentInfo->havenocert
596 && !cms->d.envelopedData->encryptedContentInfo->debug) {
597 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
598 char name[OSSL_MAX_NAME_SIZE];
599
600 OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0);
601
602 (void)ERR_set_mark();
603 fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq);
604
605 if (fetched_cipher != NULL)
606 cipher = fetched_cipher;
607 else
608 cipher = EVP_get_cipherbyobj(calg->algorithm);
609 if (cipher == NULL) {
610 (void)ERR_clear_last_mark();
611 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER);
612 return 0;
613 }
614 (void)ERR_pop_to_mark();
615
616 fixlen = EVP_CIPHER_get_key_length(cipher);
617 EVP_CIPHER_free(fetched_cipher);
618 }
619
620 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
621 if (ktri->pctx == NULL)
622 goto err;
623
624 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
625 goto err;
626
627 if (!ossl_cms_env_asn1_ctrl(ri, 1))
628 goto err;
629
630 if (EVP_PKEY_is_a(pkey, "RSA"))
631 /* upper layer CMS code incorrectly assumes that a successful RSA
632 * decryption means that the key matches ciphertext (which never
633 * was the case, implicit rejection or not), so to make it work
634 * disable implicit rejection for RSA keys */
635 EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0");
636
637 if (evp_pkey_decrypt_alloc(ktri->pctx, &ek, &eklen, fixlen,
638 ktri->encryptedKey->data,
639 ktri->encryptedKey->length) <= 0)
640 goto err;
641
642 ret = 1;
643
644 OPENSSL_clear_free(ec->key, ec->keylen);
645 ec->key = ek;
646 ec->keylen = eklen;
647
648 err:
649 EVP_PKEY_CTX_free(ktri->pctx);
650 ktri->pctx = NULL;
651 if (!ret)
652 OPENSSL_free(ek);
653
654 return ret;
655 }
656
657 /* Key Encrypted Key (KEK) RecipientInfo routines */
658
659 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
660 const unsigned char *id, size_t idlen)
661 {
662 ASN1_OCTET_STRING tmp_os;
663 CMS_KEKRecipientInfo *kekri;
664 if (ri->type != CMS_RECIPINFO_KEK) {
665 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
666 return -2;
667 }
668 kekri = ri->d.kekri;
669 tmp_os.type = V_ASN1_OCTET_STRING;
670 tmp_os.flags = 0;
671 tmp_os.data = (unsigned char *)id;
672 tmp_os.length = (int)idlen;
673 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
674 }
675
676 /* For now hard code AES key wrap info */
677
678 static size_t aes_wrap_keylen(int nid)
679 {
680 switch (nid) {
681 case NID_id_aes128_wrap:
682 return 16;
683
684 case NID_id_aes192_wrap:
685 return 24;
686
687 case NID_id_aes256_wrap:
688 return 32;
689
690 default:
691 return 0;
692 }
693 }
694
695 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
696 unsigned char *key, size_t keylen,
697 unsigned char *id, size_t idlen,
698 ASN1_GENERALIZEDTIME *date,
699 ASN1_OBJECT *otherTypeId,
700 ASN1_TYPE *otherType)
701 {
702 CMS_RecipientInfo *ri = NULL;
703 CMS_KEKRecipientInfo *kekri;
704 STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
705
706 if (ris == NULL)
707 goto err;
708
709 if (nid == NID_undef) {
710 switch (keylen) {
711 case 16:
712 nid = NID_id_aes128_wrap;
713 break;
714
715 case 24:
716 nid = NID_id_aes192_wrap;
717 break;
718
719 case 32:
720 nid = NID_id_aes256_wrap;
721 break;
722
723 default:
724 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
725 goto err;
726 }
727
728 } else {
729
730 size_t exp_keylen = aes_wrap_keylen(nid);
731
732 if (!exp_keylen) {
733 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM);
734 goto err;
735 }
736
737 if (keylen != exp_keylen) {
738 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
739 goto err;
740 }
741
742 }
743
744 /* Initialize recipient info */
745 ri = M_ASN1_new_of(CMS_RecipientInfo);
746 if (!ri) {
747 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
748 goto err;
749 }
750
751 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
752 if (!ri->d.kekri) {
753 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
754 goto err;
755 }
756 ri->type = CMS_RECIPINFO_KEK;
757
758 kekri = ri->d.kekri;
759
760 if (otherTypeId) {
761 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
762 if (kekri->kekid->other == NULL) {
763 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
764 goto err;
765 }
766 }
767
768 if (!sk_CMS_RecipientInfo_push(ris, ri)) {
769 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
770 goto err;
771 }
772
773 /* After this point no calls can fail */
774
775 kekri->version = 4;
776
777 kekri->key = key;
778 kekri->keylen = keylen;
779
780 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
781
782 kekri->kekid->date = date;
783
784 if (kekri->kekid->other) {
785 kekri->kekid->other->keyAttrId = otherTypeId;
786 kekri->kekid->other->keyAttr = otherType;
787 }
788
789 (void)X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, OBJ_nid2obj(nid),
790 V_ASN1_UNDEF, NULL); /* cannot fail */
791
792 return ri;
793
794 err:
795 M_ASN1_free_of(ri, CMS_RecipientInfo);
796 return NULL;
797 }
798
799 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
800 X509_ALGOR **palg,
801 ASN1_OCTET_STRING **pid,
802 ASN1_GENERALIZEDTIME **pdate,
803 ASN1_OBJECT **potherid,
804 ASN1_TYPE **pothertype)
805 {
806 CMS_KEKIdentifier *rkid;
807 if (ri->type != CMS_RECIPINFO_KEK) {
808 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
809 return 0;
810 }
811 rkid = ri->d.kekri->kekid;
812 if (palg)
813 *palg = ri->d.kekri->keyEncryptionAlgorithm;
814 if (pid)
815 *pid = rkid->keyIdentifier;
816 if (pdate)
817 *pdate = rkid->date;
818 if (potherid) {
819 if (rkid->other)
820 *potherid = rkid->other->keyAttrId;
821 else
822 *potherid = NULL;
823 }
824 if (pothertype) {
825 if (rkid->other)
826 *pothertype = rkid->other->keyAttr;
827 else
828 *pothertype = NULL;
829 }
830 return 1;
831 }
832
833 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
834 unsigned char *key, size_t keylen)
835 {
836 CMS_KEKRecipientInfo *kekri;
837 if (ri->type != CMS_RECIPINFO_KEK) {
838 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
839 return 0;
840 }
841
842 kekri = ri->d.kekri;
843 kekri->key = key;
844 kekri->keylen = keylen;
845 return 1;
846 }
847
848 static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx)
849 {
850 const char *alg = NULL;
851
852 switch (keylen) {
853 case 16:
854 alg = "AES-128-WRAP";
855 break;
856 case 24:
857 alg = "AES-192-WRAP";
858 break;
859 case 32:
860 alg = "AES-256-WRAP";
861 break;
862 default:
863 return NULL;
864 }
865 return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
866 ossl_cms_ctx_get0_propq(ctx));
867 }
868
869
870 /* Encrypt content key in KEK recipient info */
871
872 static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms,
873 CMS_RecipientInfo *ri)
874 {
875 CMS_EncryptedContentInfo *ec;
876 CMS_KEKRecipientInfo *kekri;
877 unsigned char *wkey = NULL;
878 int wkeylen;
879 int r = 0;
880 EVP_CIPHER *cipher = NULL;
881 int outlen = 0;
882 EVP_CIPHER_CTX *ctx = NULL;
883 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
884
885 ec = ossl_cms_get0_env_enc_content(cms);
886 if (ec == NULL)
887 return 0;
888
889 kekri = ri->d.kekri;
890
891 if (kekri->key == NULL) {
892 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
893 return 0;
894 }
895
896 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
897 if (cipher == NULL) {
898 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
899 goto err;
900 }
901
902 /* 8 byte prefix for AES wrap ciphers */
903 wkey = OPENSSL_malloc(ec->keylen + 8);
904 if (wkey == NULL)
905 goto err;
906
907 ctx = EVP_CIPHER_CTX_new();
908 if (ctx == NULL) {
909 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
910 goto err;
911 }
912
913 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
914 if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
915 || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen)
916 || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) {
917 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
918 goto err;
919 }
920 wkeylen += outlen;
921 if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) {
922 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
923 goto err;
924 }
925
926 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
927
928 r = 1;
929
930 err:
931 EVP_CIPHER_free(cipher);
932 if (!r)
933 OPENSSL_free(wkey);
934 EVP_CIPHER_CTX_free(ctx);
935
936 return r;
937 }
938
939 /* Decrypt content key in KEK recipient info */
940
941 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
942 CMS_RecipientInfo *ri)
943 {
944 CMS_EncryptedContentInfo *ec;
945 CMS_KEKRecipientInfo *kekri;
946 unsigned char *ukey = NULL;
947 int ukeylen;
948 int r = 0, wrap_nid;
949 EVP_CIPHER *cipher = NULL;
950 int outlen = 0;
951 EVP_CIPHER_CTX *ctx = NULL;
952 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
953
954 ec = ossl_cms_get0_env_enc_content(cms);
955 if (ec == NULL)
956 return 0;
957
958 kekri = ri->d.kekri;
959
960 if (!kekri->key) {
961 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
962 return 0;
963 }
964
965 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
966 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
967 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
968 return 0;
969 }
970
971 /* If encrypted key length is invalid don't bother */
972
973 if (kekri->encryptedKey->length < 16) {
974 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
975 goto err;
976 }
977
978 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
979 if (cipher == NULL) {
980 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
981 goto err;
982 }
983
984 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
985 if (ukey == NULL)
986 goto err;
987
988 ctx = EVP_CIPHER_CTX_new();
989 if (ctx == NULL) {
990 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
991 goto err;
992 }
993
994 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
995 || !EVP_DecryptUpdate(ctx, ukey, &ukeylen,
996 kekri->encryptedKey->data,
997 kekri->encryptedKey->length)
998 || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) {
999 ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR);
1000 goto err;
1001 }
1002 ukeylen += outlen;
1003
1004 OPENSSL_clear_free(ec->key, ec->keylen);
1005 ec->key = ukey;
1006 ec->keylen = ukeylen;
1007
1008 r = 1;
1009
1010 err:
1011 EVP_CIPHER_free(cipher);
1012 if (!r)
1013 OPENSSL_free(ukey);
1014 EVP_CIPHER_CTX_free(ctx);
1015
1016 return r;
1017 }
1018
1019 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1020 {
1021 switch (ri->type) {
1022 case CMS_RECIPINFO_TRANS:
1023 return cms_RecipientInfo_ktri_decrypt(cms, ri);
1024
1025 case CMS_RECIPINFO_KEK:
1026 return cms_RecipientInfo_kekri_decrypt(cms, ri);
1027
1028 case CMS_RECIPINFO_PASS:
1029 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0);
1030
1031 default:
1032 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
1033 return 0;
1034 }
1035 }
1036
1037 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1038 {
1039 switch (ri->type) {
1040 case CMS_RECIPINFO_TRANS:
1041 return cms_RecipientInfo_ktri_encrypt(cms, ri);
1042
1043 case CMS_RECIPINFO_AGREE:
1044 return ossl_cms_RecipientInfo_kari_encrypt(cms, ri);
1045
1046 case CMS_RECIPINFO_KEK:
1047 return cms_RecipientInfo_kekri_encrypt(cms, ri);
1048
1049 case CMS_RECIPINFO_PASS:
1050 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1);
1051
1052 default:
1053 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
1054 return 0;
1055 }
1056 }
1057
1058 /* Check structures and fixup version numbers (if necessary) */
1059
1060 static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
1061 {
1062 CMS_OriginatorInfo *org = env->originatorInfo;
1063 int i;
1064 if (org == NULL)
1065 return;
1066 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
1067 CMS_CertificateChoices *cch;
1068 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
1069 if (cch->type == CMS_CERTCHOICE_OTHER) {
1070 env->version = 4;
1071 return;
1072 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
1073 if (env->version < 3)
1074 env->version = 3;
1075 }
1076 }
1077
1078 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
1079 CMS_RevocationInfoChoice *rch;
1080 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
1081 if (rch->type == CMS_REVCHOICE_OTHER) {
1082 env->version = 4;
1083 return;
1084 }
1085 }
1086 }
1087
1088 static void cms_env_set_version(CMS_EnvelopedData *env)
1089 {
1090 int i;
1091 CMS_RecipientInfo *ri;
1092
1093 /*
1094 * Can't set version higher than 4 so if 4 or more already nothing to do.
1095 */
1096 if (env->version >= 4)
1097 return;
1098
1099 cms_env_set_originfo_version(env);
1100
1101 if (env->version >= 3)
1102 return;
1103
1104 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
1105 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
1106 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
1107 env->version = 3;
1108 return;
1109 } else if (ri->type != CMS_RECIPINFO_TRANS
1110 || ri->d.ktri->version != 0) {
1111 env->version = 2;
1112 }
1113 }
1114 if (env->originatorInfo || env->unprotectedAttrs)
1115 env->version = 2;
1116 if (env->version == 2)
1117 return;
1118 env->version = 0;
1119 }
1120
1121 static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms,
1122 STACK_OF(CMS_RecipientInfo) *ris)
1123 {
1124 int i;
1125 CMS_RecipientInfo *ri;
1126
1127 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
1128 ri = sk_CMS_RecipientInfo_value(ris, i);
1129 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0)
1130 return -1;
1131 }
1132 return 1;
1133 }
1134
1135 static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec)
1136 {
1137 ec->cipher = NULL;
1138 OPENSSL_clear_free(ec->key, ec->keylen);
1139 ec->key = NULL;
1140 ec->keylen = 0;
1141 }
1142
1143 static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms)
1144 {
1145 CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo;
1146 BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec,
1147 ossl_cms_get0_cmsctx(cms));
1148 EVP_CIPHER_CTX *ctx = NULL;
1149
1150 if (contentBio == NULL)
1151 return NULL;
1152
1153 BIO_get_cipher_ctx(contentBio, &ctx);
1154 if (ctx == NULL) {
1155 BIO_free(contentBio);
1156 return NULL;
1157 }
1158 /*
1159 * If the selected cipher supports unprotected attributes,
1160 * deal with it using special ctrl function
1161 */
1162 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1163 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
1164 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
1165 cms->d.envelopedData->unprotectedAttrs) <= 0) {
1166 BIO_free(contentBio);
1167 return NULL;
1168 }
1169 return contentBio;
1170 }
1171
1172 static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms)
1173 {
1174 CMS_EncryptedContentInfo *ec;
1175 STACK_OF(CMS_RecipientInfo) *rinfos;
1176 int ok = 0;
1177 BIO *ret;
1178 CMS_EnvelopedData *env = cms->d.envelopedData;
1179
1180 /* Get BIO first to set up key */
1181
1182 ec = env->encryptedContentInfo;
1183 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
1184
1185 /* If error end of processing */
1186 if (!ret)
1187 return ret;
1188
1189 /* Now encrypt content key according to each RecipientInfo type */
1190 rinfos = env->recipientInfos;
1191 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1192 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1193 goto err;
1194 }
1195
1196 /* And finally set the version */
1197 cms_env_set_version(env);
1198
1199 ok = 1;
1200
1201 err:
1202 cms_env_clear_ec(ec);
1203 if (ok)
1204 return ret;
1205 BIO_free(ret);
1206 return NULL;
1207 }
1208
1209 BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
1210 {
1211 if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) {
1212 /* If cipher is set it's encryption */
1213 return cms_EnvelopedData_Encryption_init_bio(cms);
1214 }
1215
1216 /* If cipher is not set it's decryption */
1217 return cms_EnvelopedData_Decryption_init_bio(cms);
1218 }
1219
1220 BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms)
1221 {
1222 CMS_EncryptedContentInfo *ec;
1223 STACK_OF(CMS_RecipientInfo) *rinfos;
1224 int ok = 0;
1225 BIO *ret;
1226 CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData;
1227
1228 /* Get BIO first to set up key */
1229 ec = aenv->authEncryptedContentInfo;
1230 /* Set tag for decryption */
1231 if (ec->cipher == NULL) {
1232 ec->tag = aenv->mac->data;
1233 ec->taglen = aenv->mac->length;
1234 }
1235 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
1236
1237 /* If error or no cipher end of processing */
1238 if (ret == NULL || ec->cipher == NULL)
1239 return ret;
1240
1241 /* Now encrypt content key according to each RecipientInfo type */
1242 rinfos = aenv->recipientInfos;
1243 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1244 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1245 goto err;
1246 }
1247
1248 /* And finally set the version */
1249 aenv->version = 0;
1250
1251 ok = 1;
1252
1253 err:
1254 cms_env_clear_ec(ec);
1255 if (ok)
1256 return ret;
1257 BIO_free(ret);
1258 return NULL;
1259 }
1260
1261 int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain)
1262 {
1263 CMS_EnvelopedData *env = NULL;
1264 EVP_CIPHER_CTX *ctx = NULL;
1265 BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER);
1266
1267 env = ossl_cms_get0_enveloped(cms);
1268 if (env == NULL)
1269 return 0;
1270
1271 if (mbio == NULL) {
1272 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND);
1273 return 0;
1274 }
1275
1276 BIO_get_cipher_ctx(mbio, &ctx);
1277
1278 /*
1279 * If the selected cipher supports unprotected attributes,
1280 * deal with it using special ctrl function
1281 */
1282 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1283 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
1284 if (env->unprotectedAttrs == NULL)
1285 env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
1286
1287 if (env->unprotectedAttrs == NULL) {
1288 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
1289 return 0;
1290 }
1291
1292 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED,
1293 1, env->unprotectedAttrs) <= 0) {
1294 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
1295 return 0;
1296 }
1297 }
1298
1299 cms_env_set_version(cms->d.envelopedData);
1300 return 1;
1301 }
1302
1303 int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio)
1304 {
1305 EVP_CIPHER_CTX *ctx;
1306 unsigned char *tag = NULL;
1307 int taglen, ok = 0;
1308
1309 BIO_get_cipher_ctx(cmsbio, &ctx);
1310
1311 /*
1312 * The tag is set only for encryption. There is nothing to do for
1313 * decryption.
1314 */
1315 if (!EVP_CIPHER_CTX_is_encrypting(ctx))
1316 return 1;
1317
1318 taglen = EVP_CIPHER_CTX_get_tag_length(ctx);
1319 if (taglen <= 0
1320 || (tag = OPENSSL_malloc(taglen)) == NULL
1321 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
1322 tag) <= 0) {
1323 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG);
1324 goto err;
1325 }
1326
1327 if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen))
1328 goto err;
1329
1330 ok = 1;
1331 err:
1332 OPENSSL_free(tag);
1333 return ok;
1334 }
1335
1336 /*
1337 * Get RecipientInfo type (if any) supported by a key (public or private). To
1338 * retain compatibility with previous behaviour if the ctrl value isn't
1339 * supported we assume key transport.
1340 */
1341 int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk)
1342 {
1343 /* Check types that we know about */
1344 if (EVP_PKEY_is_a(pk, "DH"))
1345 return CMS_RECIPINFO_AGREE;
1346 else if (EVP_PKEY_is_a(pk, "DHX"))
1347 return CMS_RECIPINFO_AGREE;
1348 else if (EVP_PKEY_is_a(pk, "DSA"))
1349 return CMS_RECIPINFO_NONE;
1350 else if (EVP_PKEY_is_a(pk, "EC"))
1351 return CMS_RECIPINFO_AGREE;
1352 else if (EVP_PKEY_is_a(pk, "RSA"))
1353 return CMS_RECIPINFO_TRANS;
1354
1355 /*
1356 * Otherwise this might ben an engine implementation, so see if we can get
1357 * the type from the ameth.
1358 */
1359 if (pk->ameth && pk->ameth->pkey_ctrl) {
1360 int i, r;
1361 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
1362 if (i > 0)
1363 return r;
1364 }
1365 return CMS_RECIPINFO_TRANS;
1366 }
1367
1368 int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type)
1369 {
1370 int supportedRiType;
1371
1372 if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) {
1373 int i, r;
1374
1375 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED,
1376 ri_type, &r);
1377 if (i > 0)
1378 return r;
1379 }
1380
1381 supportedRiType = ossl_cms_pkey_get_ri_type(pk);
1382 if (supportedRiType < 0)
1383 return 0;
1384
1385 return (supportedRiType == ri_type);
1386 }
A mirror of the official openssl repository