[thirdparty/openssl.git] / crypto / cms / cms_lib.c

/*
 * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>
#include <openssl/cms.h>
#include "cms_local.h"

DEFINE_STACK_OF(CMS_RevocationInfoChoice)
DEFINE_STACK_OF(X509)
DEFINE_STACK_OF(X509_CRL)

IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)

const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
{
    return cms->contentType;
}

CMS_ContentInfo *cms_Data_create(void)
{
    CMS_ContentInfo *cms;
    cms = CMS_ContentInfo_new();
    if (cms != NULL) {
        cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
        /* Never detached */
        CMS_set_detached(cms, 0);
    }
    return cms;
}

BIO *cms_content_bio(CMS_ContentInfo *cms)
{
    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);

    if (pos == NULL)
        return NULL;
    /* If content detached data goes nowhere: create NULL BIO */
    if (*pos == NULL)
        return BIO_new(BIO_s_null());
    /*
     * If content not detached and created return memory BIO
     */
    if (*pos == NULL || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
        return BIO_new(BIO_s_mem());
    /* Else content was read in: return read only BIO for it */
    return BIO_new_mem_buf((*pos)->data, (*pos)->length);
}

BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
{
    BIO *cmsbio, *cont;
    if (icont)
        cont = icont;
    else
        cont = cms_content_bio(cms);
    if (!cont) {
        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
        return NULL;
    }
    switch (OBJ_obj2nid(cms->contentType)) {

    case NID_pkcs7_data:
        return cont;

    case NID_pkcs7_signed:
        cmsbio = cms_SignedData_init_bio(cms);
        break;

    case NID_pkcs7_digest:
        cmsbio = cms_DigestedData_init_bio(cms);
        break;
#ifdef ZLIB
    case NID_id_smime_ct_compressedData:
        cmsbio = cms_CompressedData_init_bio(cms);
        break;
#endif

    case NID_pkcs7_encrypted:
        cmsbio = cms_EncryptedData_init_bio(cms);
        break;

    case NID_pkcs7_enveloped:
        cmsbio = cms_EnvelopedData_init_bio(cms);
        break;

    default:
        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
        return NULL;
    }

    if (cmsbio)
        return BIO_push(cmsbio, cont);

    if (!icont)
        BIO_free(cont);
    return NULL;

}

/* unfortunately cannot constify SMIME_write_ASN1() due to this function */
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
{
    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);

    if (pos == NULL)
        return 0;
    /* If embedded content find memory BIO and set content */
    if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
        BIO *mbio;
        unsigned char *cont;
        long contlen;
        mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
        if (!mbio) {
            CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
            return 0;
        }
        contlen = BIO_get_mem_data(mbio, &cont);
        /* Set bio as read only so its content can't be clobbered */
        BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
        BIO_set_mem_eof_return(mbio, 0);
        ASN1_STRING_set0(*pos, cont, contlen);
        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
    }

    switch (OBJ_obj2nid(cms->contentType)) {

    case NID_pkcs7_data:
    case NID_pkcs7_encrypted:
    case NID_id_smime_ct_compressedData:
        /* Nothing to do */
        return 1;

    case NID_pkcs7_enveloped:
        return cms_EnvelopedData_final(cms, cmsbio);

    case NID_pkcs7_signed:
        return cms_SignedData_final(cms, cmsbio);

    case NID_pkcs7_digest:
        return cms_DigestedData_do_final(cms, cmsbio, 0);

    default:
        CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
        return 0;
    }
}

/*
 * Return an OCTET STRING pointer to content. This allows it to be accessed
 * or set later.
 */

ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
{
    switch (OBJ_obj2nid(cms->contentType)) {

    case NID_pkcs7_data:
        return &cms->d.data;

    case NID_pkcs7_signed:
        return &cms->d.signedData->encapContentInfo->eContent;

    case NID_pkcs7_enveloped:
        return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;

    case NID_pkcs7_digest:
        return &cms->d.digestedData->encapContentInfo->eContent;

    case NID_pkcs7_encrypted:
        return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;

    case NID_id_smime_ct_authData:
        return &cms->d.authenticatedData->encapContentInfo->eContent;

    case NID_id_smime_ct_compressedData:
        return &cms->d.compressedData->encapContentInfo->eContent;

    default:
        if (cms->d.other->type == V_ASN1_OCTET_STRING)
            return &cms->d.other->value.octet_string;
        CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
        return NULL;

    }
}

/*
 * Return an ASN1_OBJECT pointer to content type. This allows it to be
 * accessed or set later.
 */

static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
{
    switch (OBJ_obj2nid(cms->contentType)) {

    case NID_pkcs7_signed:
        return &cms->d.signedData->encapContentInfo->eContentType;

    case NID_pkcs7_enveloped:
        return &cms->d.envelopedData->encryptedContentInfo->contentType;

    case NID_pkcs7_digest:
        return &cms->d.digestedData->encapContentInfo->eContentType;

    case NID_pkcs7_encrypted:
        return &cms->d.encryptedData->encryptedContentInfo->contentType;

    case NID_id_smime_ct_authData:
        return &cms->d.authenticatedData->encapContentInfo->eContentType;

    case NID_id_smime_ct_compressedData:
        return &cms->d.compressedData->encapContentInfo->eContentType;

    default:
        CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
        return NULL;

    }
}

const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
{
    ASN1_OBJECT **petype;
    petype = cms_get0_econtent_type(cms);
    if (petype)
        return *petype;
    return NULL;
}

int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
{
    ASN1_OBJECT **petype, *etype;

    petype = cms_get0_econtent_type(cms);
    if (petype == NULL)
        return 0;
    if (oid == NULL)
        return 1;
    etype = OBJ_dup(oid);
    if (etype == NULL)
        return 0;
    ASN1_OBJECT_free(*petype);
    *petype = etype;
    return 1;
}

int CMS_is_detached(CMS_ContentInfo *cms)
{
    ASN1_OCTET_STRING **pos;

    pos = CMS_get0_content(cms);
    if (pos == NULL)
        return -1;
    if (*pos != NULL)
        return 0;
    return 1;
}

int CMS_set_detached(CMS_ContentInfo *cms, int detached)
{
    ASN1_OCTET_STRING **pos;

    pos = CMS_get0_content(cms);
    if (pos == NULL)
        return 0;
    if (detached) {
        ASN1_OCTET_STRING_free(*pos);
        *pos = NULL;
        return 1;
    }
    if (*pos == NULL)
        *pos = ASN1_OCTET_STRING_new();
    if (*pos != NULL) {
        /*
         * NB: special flag to show content is created and not read in.
         */
        (*pos)->flags |= ASN1_STRING_FLAG_CONT;
        return 1;
    }
    CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
    return 0;
}

/* Create a digest BIO from an X509_ALGOR structure */

BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
{
    BIO *mdbio = NULL;
    const ASN1_OBJECT *digestoid;
    const EVP_MD *digest;
    X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
    digest = EVP_get_digestbyobj(digestoid);
    if (!digest) {
        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
               CMS_R_UNKNOWN_DIGEST_ALGORITHM);
        goto err;
    }
    mdbio = BIO_new(BIO_f_md());
    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
        goto err;
    }
    return mdbio;
 err:
    BIO_free(mdbio);
    return NULL;
}

/* Locate a message digest content from a BIO chain based on SignerInfo */

int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                                 X509_ALGOR *mdalg)
{
    int nid;
    const ASN1_OBJECT *mdoid;
    X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
    nid = OBJ_obj2nid(mdoid);
    /* Look for digest type to match signature */
    for (;;) {
        EVP_MD_CTX *mtmp;
        chain = BIO_find_type(chain, BIO_TYPE_MD);
        if (chain == NULL) {
            CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
                   CMS_R_NO_MATCHING_DIGEST);
            return 0;
        }
        BIO_get_md_ctx(chain, &mtmp);
        if (EVP_MD_CTX_type(mtmp) == nid
            /*
             * Workaround for broken implementations that use signature
             * algorithm OID instead of digest.
             */
            || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
            return EVP_MD_CTX_copy_ex(mctx, mtmp);
        chain = BIO_next(chain);
    }
}

static STACK_OF(CMS_CertificateChoices)
**cms_get0_certificate_choices(CMS_ContentInfo *cms)
{
    switch (OBJ_obj2nid(cms->contentType)) {

    case NID_pkcs7_signed:
        return &cms->d.signedData->certificates;

    case NID_pkcs7_enveloped:
        if (cms->d.envelopedData->originatorInfo == NULL)
            return NULL;
        return &cms->d.envelopedData->originatorInfo->certificates;

    default:
        CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
               CMS_R_UNSUPPORTED_CONTENT_TYPE);
        return NULL;

    }
}

CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
{
    STACK_OF(CMS_CertificateChoices) **pcerts;
    CMS_CertificateChoices *cch;

    pcerts = cms_get0_certificate_choices(cms);
    if (pcerts == NULL)
        return NULL;
    if (*pcerts == NULL)
        *pcerts = sk_CMS_CertificateChoices_new_null();
    if (*pcerts == NULL)
        return NULL;
    cch = M_ASN1_new_of(CMS_CertificateChoices);
    if (!cch)
        return NULL;
    if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
        M_ASN1_free_of(cch, CMS_CertificateChoices);
        return NULL;
    }
    return cch;
}

int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
{
    CMS_CertificateChoices *cch;
    STACK_OF(CMS_CertificateChoices) **pcerts;
    int i;

    pcerts = cms_get0_certificate_choices(cms);
    if (pcerts == NULL)
        return 0;
    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
        if (cch->type == CMS_CERTCHOICE_CERT) {
            if (!X509_cmp(cch->d.certificate, cert)) {
                CMSerr(CMS_F_CMS_ADD0_CERT,
                       CMS_R_CERTIFICATE_ALREADY_PRESENT);
                return 0;
            }
        }
    }
    cch = CMS_add0_CertificateChoices(cms);
    if (!cch)
        return 0;
    cch->type = CMS_CERTCHOICE_CERT;
    cch->d.certificate = cert;
    return 1;
}

int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
{
    int r;
    r = CMS_add0_cert(cms, cert);
    if (r > 0)
        X509_up_ref(cert);
    return r;
}

static STACK_OF(CMS_RevocationInfoChoice)
**cms_get0_revocation_choices(CMS_ContentInfo *cms)
{
    switch (OBJ_obj2nid(cms->contentType)) {

    case NID_pkcs7_signed:
        return &cms->d.signedData->crls;

    case NID_pkcs7_enveloped:
        if (cms->d.envelopedData->originatorInfo == NULL)
            return NULL;
        return &cms->d.envelopedData->originatorInfo->crls;

    default:
        CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
               CMS_R_UNSUPPORTED_CONTENT_TYPE);
        return NULL;

    }
}

CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
{
    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
    CMS_RevocationInfoChoice *rch;

    pcrls = cms_get0_revocation_choices(cms);
    if (pcrls == NULL)
        return NULL;
    if (*pcrls == NULL)
        *pcrls = sk_CMS_RevocationInfoChoice_new_null();
    if (*pcrls == NULL)
        return NULL;
    rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
    if (rch == NULL)
        return NULL;
    if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
        M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
        return NULL;
    }
    return rch;
}

int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
{
    CMS_RevocationInfoChoice *rch;
    rch = CMS_add0_RevocationInfoChoice(cms);
    if (!rch)
        return 0;
    rch->type = CMS_REVCHOICE_CRL;
    rch->d.crl = crl;
    return 1;
}

int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
{
    int r;
    r = CMS_add0_crl(cms, crl);
    if (r > 0)
        X509_CRL_up_ref(crl);
    return r;
}

STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
{
    STACK_OF(X509) *certs = NULL;
    CMS_CertificateChoices *cch;
    STACK_OF(CMS_CertificateChoices) **pcerts;
    int i;

    pcerts = cms_get0_certificate_choices(cms);
    if (pcerts == NULL)
        return NULL;
    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
        if (cch->type == 0) {
            if (!certs) {
                certs = sk_X509_new_null();
                if (!certs)
                    return NULL;
            }
            if (!sk_X509_push(certs, cch->d.certificate)) {
                sk_X509_pop_free(certs, X509_free);
                return NULL;
            }
            X509_up_ref(cch->d.certificate);
        }
    }
    return certs;

}

STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
{
    STACK_OF(X509_CRL) *crls = NULL;
    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
    CMS_RevocationInfoChoice *rch;
    int i;

    pcrls = cms_get0_revocation_choices(cms);
    if (pcrls == NULL)
        return NULL;
    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
        rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
        if (rch->type == 0) {
            if (!crls) {
                crls = sk_X509_CRL_new_null();
                if (!crls)
                    return NULL;
            }
            if (!sk_X509_CRL_push(crls, rch->d.crl)) {
                sk_X509_CRL_pop_free(crls, X509_CRL_free);
                return NULL;
            }
            X509_CRL_up_ref(rch->d.crl);
        }
    }
    return crls;
}

int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
{
    int ret;
    ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
    if (ret)
        return ret;
    return ASN1_INTEGER_cmp(ias->serialNumber, X509_get0_serialNumber(cert));
}

int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
{
    const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);

    if (cert_keyid == NULL)
        return -1;
    return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
}

int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
{
    CMS_IssuerAndSerialNumber *ias;
    ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
    if (!ias)
        goto err;
    if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
        goto err;
    if (!ASN1_STRING_copy(ias->serialNumber, X509_get0_serialNumber(cert)))
        goto err;
    M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
    *pias = ias;
    return 1;
 err:
    M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
    CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
    return 0;
}

int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
{
    ASN1_OCTET_STRING *keyid = NULL;
    const ASN1_OCTET_STRING *cert_keyid;
    cert_keyid = X509_get0_subject_key_id(cert);
    if (cert_keyid == NULL) {
        CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
        return 0;
    }
    keyid = ASN1_STRING_dup(cert_keyid);
    if (!keyid) {
        CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    ASN1_OCTET_STRING_free(*pkeyid);
    *pkeyid = keyid;
    return 1;
}
Commit	Line	Data
0f113f3e	1	/*
33388b44	2	* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
8931b30d	3	*
08ddd302	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
b1322259 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
8931b30d DSH	8	*/
	9
	10	#include <openssl/asn1t.h>
17c2764d	11	#include <openssl/x509v3.h>
8931b30d DSH	12	#include <openssl/err.h>
	13	#include <openssl/pem.h>
	14	#include <openssl/bio.h>
	15	#include <openssl/asn1.h>
e52a3c3d	16	#include <openssl/cms.h>
706457b7	17	#include "cms_local.h"
8931b30d	18
852c2ed2 RS	19	DEFINE_STACK_OF(CMS_RevocationInfoChoice)
	20	DEFINE_STACK_OF(X509)
	21	DEFINE_STACK_OF(X509_CRL)
	22
8931b30d DSH	23	IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
	24	IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
	25
dc423f89	26	const ASN1_OBJECT CMS_get0_type(const CMS_ContentInfo cms)
0f113f3e MC	27	{
	28	return cms->contentType;
	29	}
8931b30d DSH	30
8931b30d DSH	31	CMS_ContentInfo *cms_Data_create(void)
0f113f3e MC	32	{
	33	CMS_ContentInfo *cms;
	34	cms = CMS_ContentInfo_new();
90945fa3	35	if (cms != NULL) {
0f113f3e MC	36	cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
	37	/* Never detached */
	38	CMS_set_detached(cms, 0);
	39	}
	40	return cms;
	41	}
8931b30d DSH	42
8931b30d DSH	43	BIO cms_content_bio(CMS_ContentInfo cms)
0f113f3e MC	44	{
0f113f3e MC	45	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
12a765a5 RS	46
12a765a5 RS	47	if (pos == NULL)
0f113f3e MC	48	return NULL;
0f113f3e MC	49	/* If content detached data goes nowhere: create NULL BIO */
12a765a5	50	if (*pos == NULL)
0f113f3e MC	51	return BIO_new(BIO_s_null());
	52	/*
	53	* If content not detached and created return memory BIO
	54	*/
12a765a5	55	if (pos == NULL \|\| ((pos)->flags == ASN1_STRING_FLAG_CONT))
0f113f3e MC	56	return BIO_new(BIO_s_mem());
	57	/* Else content was read in: return read only BIO for it */
	58	return BIO_new_mem_buf((pos)->data, (pos)->length);
	59	}
8931b30d DSH	60
8931b30d DSH	61	BIO CMS_dataInit(CMS_ContentInfo cms, BIO *icont)
0f113f3e MC	62	{
	63	BIO cmsbio, cont;
	64	if (icont)
	65	cont = icont;
	66	else
	67	cont = cms_content_bio(cms);
	68	if (!cont) {
	69	CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
	70	return NULL;
	71	}
	72	switch (OBJ_obj2nid(cms->contentType)) {
	73
	74	case NID_pkcs7_data:
	75	return cont;
	76
	77	case NID_pkcs7_signed:
	78	cmsbio = cms_SignedData_init_bio(cms);
	79	break;
	80
	81	case NID_pkcs7_digest:
	82	cmsbio = cms_DigestedData_init_bio(cms);
	83	break;
8931b30d	84	#ifdef ZLIB
0f113f3e MC	85	case NID_id_smime_ct_compressedData:
	86	cmsbio = cms_CompressedData_init_bio(cms);
	87	break;
8931b30d DSH	88	#endif
8931b30d DSH	89
0f113f3e MC	90	case NID_pkcs7_encrypted:
	91	cmsbio = cms_EncryptedData_init_bio(cms);
	92	break;
b820455c	93
0f113f3e MC	94	case NID_pkcs7_enveloped:
	95	cmsbio = cms_EnvelopedData_init_bio(cms);
	96	break;
4f1aa191	97
0f113f3e MC	98	default:
	99	CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
	100	return NULL;
	101	}
8931b30d	102
0f113f3e MC	103	if (cmsbio)
0f113f3e MC	104	return BIO_push(cmsbio, cont);
8931b30d	105
0f113f3e MC	106	if (!icont)
	107	BIO_free(cont);
	108	return NULL;
8931b30d	109
0f113f3e	110	}
b820455c	111
9fdcc21f	112	/* unfortunately cannot constify SMIME_write_ASN1() due to this function */
8931b30d	113	int CMS_dataFinal(CMS_ContentInfo cms, BIO cmsbio)
0f113f3e MC	114	{
0f113f3e MC	115	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
12a765a5 RS	116
12a765a5 RS	117	if (pos == NULL)
0f113f3e	118	return 0;
0d4fb843	119	/* If embedded content find memory BIO and set content */
0f113f3e MC	120	if (pos && ((pos)->flags & ASN1_STRING_FLAG_CONT)) {
	121	BIO *mbio;
	122	unsigned char *cont;
	123	long contlen;
	124	mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
	125	if (!mbio) {
	126	CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
	127	return 0;
	128	}
	129	contlen = BIO_get_mem_data(mbio, &cont);
	130	/* Set bio as read only so its content can't be clobbered */
	131	BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
	132	BIO_set_mem_eof_return(mbio, 0);
	133	ASN1_STRING_set0(*pos, cont, contlen);
	134	(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
	135	}
	136
	137	switch (OBJ_obj2nid(cms->contentType)) {
	138
	139	case NID_pkcs7_data:
0f113f3e MC	140	case NID_pkcs7_encrypted:
	141	case NID_id_smime_ct_compressedData:
	142	/* Nothing to do */
	143	return 1;
	144
71434aed DB	145	case NID_pkcs7_enveloped:
	146	return cms_EnvelopedData_final(cms, cmsbio);
	147
0f113f3e MC	148	case NID_pkcs7_signed:
	149	return cms_SignedData_final(cms, cmsbio);
	150
	151	case NID_pkcs7_digest:
	152	return cms_DigestedData_do_final(cms, cmsbio, 0);
	153
	154	default:
	155	CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
	156	return 0;
	157	}
	158	}
	159
	160	/*
	161	* Return an OCTET STRING pointer to content. This allows it to be accessed
	162	* or set later.
8931b30d DSH	163	*/
	164
	165	ASN1_OCTET_STRING *CMS_get0_content(CMS_ContentInfo cms)
0f113f3e MC	166	{
0f113f3e MC	167	switch (OBJ_obj2nid(cms->contentType)) {
8931b30d	168
0f113f3e MC	169	case NID_pkcs7_data:
0f113f3e MC	170	return &cms->d.data;
8931b30d	171
0f113f3e MC	172	case NID_pkcs7_signed:
0f113f3e MC	173	return &cms->d.signedData->encapContentInfo->eContent;
8931b30d	174
0f113f3e MC	175	case NID_pkcs7_enveloped:
0f113f3e MC	176	return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
8931b30d	177
0f113f3e MC	178	case NID_pkcs7_digest:
0f113f3e MC	179	return &cms->d.digestedData->encapContentInfo->eContent;
8931b30d	180
0f113f3e MC	181	case NID_pkcs7_encrypted:
0f113f3e MC	182	return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
8931b30d	183
0f113f3e MC	184	case NID_id_smime_ct_authData:
0f113f3e MC	185	return &cms->d.authenticatedData->encapContentInfo->eContent;
8931b30d	186
0f113f3e MC	187	case NID_id_smime_ct_compressedData:
0f113f3e MC	188	return &cms->d.compressedData->encapContentInfo->eContent;
8931b30d	189
0f113f3e MC	190	default:
	191	if (cms->d.other->type == V_ASN1_OCTET_STRING)
	192	return &cms->d.other->value.octet_string;
	193	CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
	194	return NULL;
8931b30d	195
0f113f3e MC	196	}
0f113f3e MC	197	}
8931b30d	198
0f113f3e MC	199	/*
	200	* Return an ASN1_OBJECT pointer to content type. This allows it to be
	201	* accessed or set later.
8931b30d DSH	202	*/
	203
	204	static ASN1_OBJECT *cms_get0_econtent_type(CMS_ContentInfo cms)
0f113f3e MC	205	{
0f113f3e MC	206	switch (OBJ_obj2nid(cms->contentType)) {
8931b30d	207
0f113f3e MC	208	case NID_pkcs7_signed:
0f113f3e MC	209	return &cms->d.signedData->encapContentInfo->eContentType;
8931b30d	210
0f113f3e MC	211	case NID_pkcs7_enveloped:
0f113f3e MC	212	return &cms->d.envelopedData->encryptedContentInfo->contentType;
8931b30d	213
0f113f3e MC	214	case NID_pkcs7_digest:
0f113f3e MC	215	return &cms->d.digestedData->encapContentInfo->eContentType;
8931b30d	216
0f113f3e MC	217	case NID_pkcs7_encrypted:
0f113f3e MC	218	return &cms->d.encryptedData->encryptedContentInfo->contentType;
8931b30d	219
0f113f3e MC	220	case NID_id_smime_ct_authData:
0f113f3e MC	221	return &cms->d.authenticatedData->encapContentInfo->eContentType;
8931b30d	222
0f113f3e MC	223	case NID_id_smime_ct_compressedData:
0f113f3e MC	224	return &cms->d.compressedData->encapContentInfo->eContentType;
8931b30d	225
0f113f3e MC	226	default:
	227	CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
	228	return NULL;
8931b30d	229
0f113f3e MC	230	}
0f113f3e MC	231	}
8931b30d DSH	232
8931b30d DSH	233	const ASN1_OBJECT CMS_get0_eContentType(CMS_ContentInfo cms)
0f113f3e MC	234	{
	235	ASN1_OBJECT **petype;
	236	petype = cms_get0_econtent_type(cms);
	237	if (petype)
	238	return *petype;
	239	return NULL;
	240	}
8931b30d DSH	241
8931b30d DSH	242	int CMS_set1_eContentType(CMS_ContentInfo cms, const ASN1_OBJECT oid)
0f113f3e MC	243	{
0f113f3e MC	244	ASN1_OBJECT *petype, etype;
12a765a5	245
0f113f3e	246	petype = cms_get0_econtent_type(cms);
12a765a5	247	if (petype == NULL)
0f113f3e	248	return 0;
12a765a5	249	if (oid == NULL)
0f113f3e MC	250	return 1;
0f113f3e MC	251	etype = OBJ_dup(oid);
12a765a5	252	if (etype == NULL)
0f113f3e MC	253	return 0;
	254	ASN1_OBJECT_free(*petype);
	255	*petype = etype;
	256	return 1;
	257	}
8931b30d DSH	258
8931b30d DSH	259	int CMS_is_detached(CMS_ContentInfo *cms)
0f113f3e MC	260	{
0f113f3e MC	261	ASN1_OCTET_STRING **pos;
12a765a5	262
0f113f3e	263	pos = CMS_get0_content(cms);
12a765a5	264	if (pos == NULL)
0f113f3e	265	return -1;
12a765a5	266	if (*pos != NULL)
0f113f3e MC	267	return 0;
	268	return 1;
	269	}
8931b30d DSH	270
8931b30d DSH	271	int CMS_set_detached(CMS_ContentInfo *cms, int detached)
0f113f3e MC	272	{
0f113f3e MC	273	ASN1_OCTET_STRING **pos;
12a765a5	274
0f113f3e	275	pos = CMS_get0_content(cms);
12a765a5	276	if (pos == NULL)
0f113f3e MC	277	return 0;
0f113f3e MC	278	if (detached) {
2ace7450 RS	279	ASN1_OCTET_STRING_free(*pos);
2ace7450 RS	280	*pos = NULL;
0f113f3e MC	281	return 1;
0f113f3e MC	282	}
90945fa3	283	if (*pos == NULL)
0f113f3e	284	*pos = ASN1_OCTET_STRING_new();
90945fa3	285	if (*pos != NULL) {
0f113f3e MC	286	/*
	287	* NB: special flag to show content is created and not read in.
	288	*/
	289	(*pos)->flags \|= ASN1_STRING_FLAG_CONT;
	290	return 1;
	291	}
	292	CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
	293	return 0;
	294	}
8931b30d	295
8931b30d DSH	296	/* Create a digest BIO from an X509_ALGOR structure */
	297
	298	BIO cms_DigestAlgorithm_init_bio(X509_ALGOR digestAlgorithm)
0f113f3e MC	299	{
0f113f3e MC	300	BIO *mdbio = NULL;
ac4e2577	301	const ASN1_OBJECT *digestoid;
0f113f3e MC	302	const EVP_MD *digest;
	303	X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
	304	digest = EVP_get_digestbyobj(digestoid);
	305	if (!digest) {
	306	CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
df578aa0	307	CMS_R_UNKNOWN_DIGEST_ALGORITHM);
0f113f3e MC	308	goto err;
	309	}
	310	mdbio = BIO_new(BIO_f_md());
90945fa3	311	if (mdbio == NULL \|\| !BIO_set_md(mdbio, digest)) {
0f113f3e MC	312	CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
	313	goto err;
	314	}
	315	return mdbio;
	316	err:
ca3a82c3	317	BIO_free(mdbio);
0f113f3e MC	318	return NULL;
0f113f3e MC	319	}
8931b30d DSH	320
	321	/* Locate a message digest content from a BIO chain based on SignerInfo */
	322
	323	int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX mctx, BIO chain,
0f113f3e MC	324	X509_ALGOR *mdalg)
	325	{
	326	int nid;
ac4e2577	327	const ASN1_OBJECT *mdoid;
0f113f3e MC	328	X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
	329	nid = OBJ_obj2nid(mdoid);
	330	/* Look for digest type to match signature */
	331	for (;;) {
	332	EVP_MD_CTX *mtmp;
	333	chain = BIO_find_type(chain, BIO_TYPE_MD);
	334	if (chain == NULL) {
	335	CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
	336	CMS_R_NO_MATCHING_DIGEST);
	337	return 0;
	338	}
	339	BIO_get_md_ctx(chain, &mtmp);
	340	if (EVP_MD_CTX_type(mtmp) == nid
	341	/*
	342	* Workaround for broken implementations that use signature
	343	* algorithm OID instead of digest.
	344	*/
	345	\|\| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
	346	return EVP_MD_CTX_copy_ex(mctx, mtmp);
	347	chain = BIO_next(chain);
	348	}
	349	}
	350
	351	static STACK_OF(CMS_CertificateChoices)
	352	*cms_get0_certificate_choices(CMS_ContentInfo cms)
	353	{
	354	switch (OBJ_obj2nid(cms->contentType)) {
	355
	356	case NID_pkcs7_signed:
	357	return &cms->d.signedData->certificates;
	358
	359	case NID_pkcs7_enveloped:
6b360288 PH	360	if (cms->d.envelopedData->originatorInfo == NULL)
6b360288 PH	361	return NULL;
0f113f3e MC	362	return &cms->d.envelopedData->originatorInfo->certificates;
	363
	364	default:
	365	CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
	366	CMS_R_UNSUPPORTED_CONTENT_TYPE);
	367	return NULL;
	368
	369	}
	370	}
8931b30d DSH	371
8931b30d DSH	372	CMS_CertificateChoices CMS_add0_CertificateChoices(CMS_ContentInfo cms)
0f113f3e MC	373	{
	374	STACK_OF(CMS_CertificateChoices) **pcerts;
	375	CMS_CertificateChoices *cch;
12a765a5	376
0f113f3e	377	pcerts = cms_get0_certificate_choices(cms);
12a765a5	378	if (pcerts == NULL)
0f113f3e	379	return NULL;
12a765a5	380	if (*pcerts == NULL)
0f113f3e	381	*pcerts = sk_CMS_CertificateChoices_new_null();
12a765a5	382	if (*pcerts == NULL)
0f113f3e MC	383	return NULL;
	384	cch = M_ASN1_new_of(CMS_CertificateChoices);
	385	if (!cch)
	386	return NULL;
	387	if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
	388	M_ASN1_free_of(cch, CMS_CertificateChoices);
	389	return NULL;
	390	}
	391	return cch;
	392	}
8931b30d DSH	393
8931b30d DSH	394	int CMS_add0_cert(CMS_ContentInfo cms, X509 cert)
0f113f3e MC	395	{
	396	CMS_CertificateChoices *cch;
	397	STACK_OF(CMS_CertificateChoices) **pcerts;
	398	int i;
12a765a5	399
0f113f3e	400	pcerts = cms_get0_certificate_choices(cms);
12a765a5	401	if (pcerts == NULL)
0f113f3e MC	402	return 0;
	403	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
	404	cch = sk_CMS_CertificateChoices_value(*pcerts, i);
	405	if (cch->type == CMS_CERTCHOICE_CERT) {
	406	if (!X509_cmp(cch->d.certificate, cert)) {
	407	CMSerr(CMS_F_CMS_ADD0_CERT,
	408	CMS_R_CERTIFICATE_ALREADY_PRESENT);
	409	return 0;
	410	}
	411	}
	412	}
	413	cch = CMS_add0_CertificateChoices(cms);
	414	if (!cch)
	415	return 0;
	416	cch->type = CMS_CERTCHOICE_CERT;
	417	cch->d.certificate = cert;
	418	return 1;
	419	}
8931b30d DSH	420
8931b30d DSH	421	int CMS_add1_cert(CMS_ContentInfo cms, X509 cert)
0f113f3e MC	422	{
	423	int r;
	424	r = CMS_add0_cert(cms, cert);
	425	if (r > 0)
05f0fb9f	426	X509_up_ref(cert);
0f113f3e MC	427	return r;
0f113f3e MC	428	}
8931b30d	429
0f113f3e MC	430	static STACK_OF(CMS_RevocationInfoChoice)
	431	*cms_get0_revocation_choices(CMS_ContentInfo cms)
	432	{
	433	switch (OBJ_obj2nid(cms->contentType)) {
8931b30d	434
0f113f3e MC	435	case NID_pkcs7_signed:
0f113f3e MC	436	return &cms->d.signedData->crls;
8931b30d	437
0f113f3e	438	case NID_pkcs7_enveloped:
6b360288 PH	439	if (cms->d.envelopedData->originatorInfo == NULL)
6b360288 PH	440	return NULL;
0f113f3e	441	return &cms->d.envelopedData->originatorInfo->crls;
8931b30d	442
0f113f3e MC	443	default:
	444	CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
	445	CMS_R_UNSUPPORTED_CONTENT_TYPE);
	446	return NULL;
8931b30d	447
0f113f3e MC	448	}
0f113f3e MC	449	}
8931b30d DSH	450
8931b30d DSH	451	CMS_RevocationInfoChoice CMS_add0_RevocationInfoChoice(CMS_ContentInfo cms)
0f113f3e MC	452	{
	453	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
	454	CMS_RevocationInfoChoice *rch;
12a765a5	455
0f113f3e	456	pcrls = cms_get0_revocation_choices(cms);
12a765a5	457	if (pcrls == NULL)
0f113f3e	458	return NULL;
12a765a5	459	if (*pcrls == NULL)
0f113f3e	460	*pcrls = sk_CMS_RevocationInfoChoice_new_null();
12a765a5	461	if (*pcrls == NULL)
0f113f3e MC	462	return NULL;
0f113f3e MC	463	rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
12a765a5	464	if (rch == NULL)
0f113f3e MC	465	return NULL;
	466	if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
	467	M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
	468	return NULL;
	469	}
	470	return rch;
	471	}
8931b30d DSH	472
8931b30d DSH	473	int CMS_add0_crl(CMS_ContentInfo cms, X509_CRL crl)
0f113f3e MC	474	{
	475	CMS_RevocationInfoChoice *rch;
	476	rch = CMS_add0_RevocationInfoChoice(cms);
	477	if (!rch)
	478	return 0;
	479	rch->type = CMS_REVCHOICE_CRL;
	480	rch->d.crl = crl;
	481	return 1;
	482	}
8931b30d	483
19048b5c	484	int CMS_add1_crl(CMS_ContentInfo cms, X509_CRL crl)
0f113f3e MC	485	{
	486	int r;
	487	r = CMS_add0_crl(cms, crl);
	488	if (r > 0)
65cbf983	489	X509_CRL_up_ref(crl);
0f113f3e MC	490	return r;
0f113f3e MC	491	}
19048b5c	492
8931b30d	493	STACK_OF(X509) CMS_get1_certs(CMS_ContentInfo cms)
0f113f3e MC	494	{
	495	STACK_OF(X509) *certs = NULL;
	496	CMS_CertificateChoices *cch;
	497	STACK_OF(CMS_CertificateChoices) **pcerts;
	498	int i;
12a765a5	499
0f113f3e	500	pcerts = cms_get0_certificate_choices(cms);
12a765a5	501	if (pcerts == NULL)
0f113f3e MC	502	return NULL;
	503	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
	504	cch = sk_CMS_CertificateChoices_value(*pcerts, i);
	505	if (cch->type == 0) {
	506	if (!certs) {
	507	certs = sk_X509_new_null();
	508	if (!certs)
	509	return NULL;
	510	}
	511	if (!sk_X509_push(certs, cch->d.certificate)) {
	512	sk_X509_pop_free(certs, X509_free);
	513	return NULL;
	514	}
05f0fb9f	515	X509_up_ref(cch->d.certificate);
0f113f3e MC	516	}
	517	}
	518	return certs;
	519
	520	}
8931b30d DSH	521
8931b30d DSH	522	STACK_OF(X509_CRL) CMS_get1_crls(CMS_ContentInfo cms)
0f113f3e MC	523	{
	524	STACK_OF(X509_CRL) *crls = NULL;
	525	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
	526	CMS_RevocationInfoChoice *rch;
	527	int i;
12a765a5	528
0f113f3e	529	pcrls = cms_get0_revocation_choices(cms);
12a765a5	530	if (pcrls == NULL)
0f113f3e MC	531	return NULL;
	532	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
	533	rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
	534	if (rch->type == 0) {
	535	if (!crls) {
	536	crls = sk_X509_CRL_new_null();
	537	if (!crls)
	538	return NULL;
	539	}
	540	if (!sk_X509_CRL_push(crls, rch->d.crl)) {
	541	sk_X509_CRL_pop_free(crls, X509_CRL_free);
	542	return NULL;
	543	}
65cbf983	544	X509_CRL_up_ref(rch->d.crl);
0f113f3e MC	545	}
	546	}
	547	return crls;
	548	}
17c2764d DSH	549
17c2764d DSH	550	int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber ias, X509 cert)
0f113f3e MC	551	{
	552	int ret;
	553	ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
	554	if (ret)
	555	return ret;
1337a3a9	556	return ASN1_INTEGER_cmp(ias->serialNumber, X509_get0_serialNumber(cert));
0f113f3e	557	}
17c2764d DSH	558
17c2764d DSH	559	int cms_keyid_cert_cmp(ASN1_OCTET_STRING keyid, X509 cert)
0f113f3e	560	{
d19a50c9 DSH	561	const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
	562
	563	if (cert_keyid == NULL)
0f113f3e	564	return -1;
d19a50c9	565	return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
0f113f3e	566	}
17c2764d DSH	567
17c2764d DSH	568	int cms_set1_ias(CMS_IssuerAndSerialNumber *pias, X509 cert)
0f113f3e MC	569	{
	570	CMS_IssuerAndSerialNumber *ias;
	571	ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
	572	if (!ias)
	573	goto err;
	574	if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
	575	goto err;
1337a3a9	576	if (!ASN1_STRING_copy(ias->serialNumber, X509_get0_serialNumber(cert)))
0f113f3e	577	goto err;
2ace7450	578	M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
0f113f3e MC	579	*pias = ias;
	580	return 1;
	581	err:
2ace7450	582	M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
0f113f3e MC	583	CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
	584	return 0;
	585	}
17c2764d DSH	586
17c2764d DSH	587	int cms_set1_keyid(ASN1_OCTET_STRING *pkeyid, X509 cert)
0f113f3e MC	588	{
0f113f3e MC	589	ASN1_OCTET_STRING *keyid = NULL;
d19a50c9 DSH	590	const ASN1_OCTET_STRING *cert_keyid;
	591	cert_keyid = X509_get0_subject_key_id(cert);
	592	if (cert_keyid == NULL) {
0f113f3e MC	593	CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
	594	return 0;
	595	}
d19a50c9	596	keyid = ASN1_STRING_dup(cert_keyid);
0f113f3e MC	597	if (!keyid) {
	598	CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
	599	return 0;
	600	}
2ace7450	601	ASN1_OCTET_STRING_free(*pkeyid);
0f113f3e MC	602	*pkeyid = keyid;
	603	return 1;
	604	}