]>
Commit | Line | Data |
---|---|---|
8931b30d DSH |
1 | /* crypto/cms/cms_smime.c */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 | * project. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | */ | |
53 | ||
54 | #include "cryptlib.h" | |
55 | #include <openssl/asn1t.h> | |
56 | #include <openssl/x509.h> | |
57 | #include <openssl/x509v3.h> | |
58 | #include <openssl/err.h> | |
59 | #include <openssl/cms.h> | |
60 | #include "cms_lcl.h" | |
61 | ||
62 | static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) | |
63 | { | |
64 | unsigned char buf[4096]; | |
65 | int r = 0, i; | |
66 | BIO *tmpout = NULL; | |
67 | ||
eb9d8d8c DSH |
68 | if (out == NULL) |
69 | tmpout = BIO_new(BIO_s_null()); | |
70 | else if (flags & CMS_TEXT) | |
d0c36288 | 71 | { |
8931b30d | 72 | tmpout = BIO_new(BIO_s_mem()); |
d0c36288 DSH |
73 | BIO_set_mem_eof_return(tmpout, 0); |
74 | } | |
8931b30d DSH |
75 | else |
76 | tmpout = out; | |
77 | ||
eb9d8d8c DSH |
78 | if(!tmpout) |
79 | { | |
80 | CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE); | |
81 | goto err; | |
82 | } | |
83 | ||
e540d1cd | 84 | /* Read all content through chain to process digest, decrypt etc */ |
8931b30d DSH |
85 | for (;;) |
86 | { | |
87 | i=BIO_read(in,buf,sizeof(buf)); | |
88 | if (i <= 0) | |
e540d1cd DSH |
89 | { |
90 | if (BIO_method_type(in) == BIO_TYPE_CIPHER) | |
91 | { | |
92 | if (!BIO_get_cipher_status(in)) | |
93 | goto err; | |
94 | } | |
6d6c4798 DSH |
95 | if (i < 0) |
96 | goto err; | |
8931b30d | 97 | break; |
e540d1cd DSH |
98 | } |
99 | ||
6d6c4798 DSH |
100 | if (tmpout && (BIO_write(tmpout, buf, i) != i)) |
101 | goto err; | |
8931b30d DSH |
102 | } |
103 | ||
104 | if(flags & CMS_TEXT) | |
105 | { | |
106 | if(!SMIME_text(tmpout, out)) | |
107 | { | |
108 | CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR); | |
109 | goto err; | |
110 | } | |
111 | } | |
112 | ||
113 | r = 1; | |
114 | ||
115 | err: | |
116 | if (tmpout && (tmpout != out)) | |
117 | BIO_free(tmpout); | |
118 | return r; | |
119 | ||
120 | } | |
121 | ||
4f1aa191 DSH |
122 | static int check_content(CMS_ContentInfo *cms) |
123 | { | |
124 | ASN1_OCTET_STRING **pos = CMS_get0_content(cms); | |
125 | if (!pos || !*pos) | |
126 | { | |
127 | CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT); | |
128 | return 0; | |
129 | } | |
130 | return 1; | |
131 | } | |
132 | ||
852bd350 DSH |
133 | static void do_free_upto(BIO *f, BIO *upto) |
134 | { | |
135 | if (upto) | |
136 | { | |
137 | BIO *tbio; | |
138 | do | |
139 | { | |
140 | tbio = BIO_pop(f); | |
141 | BIO_free(f); | |
142 | f = tbio; | |
143 | } | |
144 | while (f != upto); | |
145 | } | |
146 | else | |
147 | BIO_free_all(f); | |
148 | } | |
149 | ||
8931b30d DSH |
150 | int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) |
151 | { | |
152 | BIO *cont; | |
153 | int r; | |
154 | if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) | |
155 | { | |
156 | CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA); | |
157 | return 0; | |
158 | } | |
159 | cont = CMS_dataInit(cms, NULL); | |
160 | if (!cont) | |
161 | return 0; | |
162 | r = cms_copy_content(out, cont, flags); | |
163 | BIO_free_all(cont); | |
164 | return r; | |
165 | } | |
166 | ||
167 | CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) | |
168 | { | |
169 | CMS_ContentInfo *cms; | |
170 | cms = cms_Data_create(); | |
171 | if (!cms) | |
172 | return NULL; | |
173 | ||
e0fbd073 | 174 | if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) |
8931b30d DSH |
175 | return cms; |
176 | ||
177 | CMS_ContentInfo_free(cms); | |
178 | ||
179 | return NULL; | |
180 | } | |
181 | ||
182 | int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, | |
183 | unsigned int flags) | |
184 | { | |
185 | BIO *cont; | |
186 | int r; | |
187 | if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) | |
188 | { | |
189 | CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA); | |
190 | return 0; | |
191 | } | |
192 | ||
4f1aa191 DSH |
193 | if (!dcont && !check_content(cms)) |
194 | return 0; | |
8931b30d DSH |
195 | |
196 | cont = CMS_dataInit(cms, dcont); | |
197 | if (!cont) | |
198 | return 0; | |
199 | r = cms_copy_content(out, cont, flags); | |
200 | if (r) | |
201 | r = cms_DigestedData_do_final(cms, cont, 1); | |
852bd350 | 202 | do_free_upto(cont, dcont); |
8931b30d DSH |
203 | return r; |
204 | } | |
205 | ||
206 | CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, | |
207 | unsigned int flags) | |
208 | { | |
209 | CMS_ContentInfo *cms; | |
210 | if (!md) | |
211 | md = EVP_sha1(); | |
212 | cms = cms_DigestedData_create(md); | |
213 | if (!cms) | |
214 | return NULL; | |
215 | ||
216 | if(!(flags & CMS_DETACHED)) | |
217 | CMS_set_detached(cms, 0); | |
218 | ||
e0fbd073 | 219 | if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) |
8931b30d DSH |
220 | return cms; |
221 | ||
222 | CMS_ContentInfo_free(cms); | |
223 | return NULL; | |
224 | } | |
225 | ||
b820455c DSH |
226 | int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, |
227 | const unsigned char *key, size_t keylen, | |
228 | BIO *dcont, BIO *out, unsigned int flags) | |
229 | { | |
230 | BIO *cont; | |
231 | int r; | |
232 | if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) | |
233 | { | |
234 | CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, | |
235 | CMS_R_TYPE_NOT_ENCRYPTED_DATA); | |
236 | return 0; | |
237 | } | |
238 | ||
4f1aa191 DSH |
239 | if (!dcont && !check_content(cms)) |
240 | return 0; | |
b820455c | 241 | |
320bfc1b DSH |
242 | if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0) |
243 | return 0; | |
b820455c DSH |
244 | cont = CMS_dataInit(cms, dcont); |
245 | if (!cont) | |
246 | return 0; | |
320bfc1b | 247 | r = cms_copy_content(out, cont, flags); |
852bd350 | 248 | do_free_upto(cont, dcont); |
b820455c DSH |
249 | return r; |
250 | } | |
251 | ||
320bfc1b DSH |
252 | CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, |
253 | const unsigned char *key, size_t keylen, | |
254 | unsigned int flags) | |
255 | { | |
256 | CMS_ContentInfo *cms; | |
fd47c361 DSH |
257 | if (!cipher) |
258 | { | |
259 | CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER); | |
260 | return NULL; | |
261 | } | |
320bfc1b DSH |
262 | cms = CMS_ContentInfo_new(); |
263 | if (!cms) | |
264 | return NULL; | |
265 | if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) | |
266 | return NULL; | |
267 | ||
268 | if(!(flags & CMS_DETACHED)) | |
269 | CMS_set_detached(cms, 0); | |
270 | ||
e0fbd073 DSH |
271 | if ((flags & (CMS_STREAM|CMS_PARTIAL)) |
272 | || CMS_final(cms, in, NULL, flags)) | |
320bfc1b DSH |
273 | return cms; |
274 | ||
275 | CMS_ContentInfo_free(cms); | |
276 | return NULL; | |
277 | } | |
278 | ||
8931b30d DSH |
279 | static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, |
280 | X509_STORE *store, | |
281 | STACK_OF(X509) *certs, | |
282 | STACK_OF(X509_CRL) *crls, | |
283 | unsigned int flags) | |
284 | { | |
285 | X509_STORE_CTX ctx; | |
286 | X509 *signer; | |
287 | int i, j, r = 0; | |
288 | CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); | |
289 | if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) | |
290 | { | |
291 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, | |
292 | CMS_R_STORE_INIT_ERROR); | |
293 | goto err; | |
294 | } | |
54571ba0 | 295 | X509_STORE_CTX_set_default(&ctx, "smime_sign"); |
8931b30d DSH |
296 | if (crls) |
297 | X509_STORE_CTX_set0_crls(&ctx, crls); | |
298 | ||
299 | i = X509_verify_cert(&ctx); | |
300 | if (i <= 0) | |
301 | { | |
302 | j = X509_STORE_CTX_get_error(&ctx); | |
303 | CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, | |
304 | CMS_R_CERTIFICATE_VERIFY_ERROR); | |
305 | ERR_add_error_data(2, "Verify error:", | |
306 | X509_verify_cert_error_string(j)); | |
307 | goto err; | |
308 | } | |
309 | r = 1; | |
310 | err: | |
311 | X509_STORE_CTX_cleanup(&ctx); | |
312 | return r; | |
313 | ||
314 | } | |
315 | ||
316 | int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, | |
317 | X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) | |
318 | { | |
319 | CMS_SignerInfo *si; | |
320 | STACK_OF(CMS_SignerInfo) *sinfos; | |
321 | STACK_OF(X509) *cms_certs = NULL; | |
322 | STACK_OF(X509_CRL) *crls = NULL; | |
323 | X509 *signer; | |
324 | int i, scount = 0, ret = 0; | |
325 | BIO *cmsbio = NULL, *tmpin = NULL; | |
326 | ||
4f1aa191 DSH |
327 | if (!dcont && !check_content(cms)) |
328 | return 0; | |
8931b30d DSH |
329 | |
330 | /* Attempt to find all signer certificates */ | |
331 | ||
332 | sinfos = CMS_get0_SignerInfos(cms); | |
333 | ||
334 | if (sk_CMS_SignerInfo_num(sinfos) <= 0) | |
335 | { | |
336 | CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS); | |
337 | goto err; | |
338 | } | |
339 | ||
340 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) | |
341 | { | |
342 | si = sk_CMS_SignerInfo_value(sinfos, i); | |
343 | CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); | |
344 | if (signer) | |
345 | scount++; | |
346 | } | |
347 | ||
348 | if (scount != sk_CMS_SignerInfo_num(sinfos)) | |
349 | scount += CMS_set1_signers_certs(cms, certs, flags); | |
350 | ||
351 | if (scount != sk_CMS_SignerInfo_num(sinfos)) | |
352 | { | |
353 | CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); | |
354 | goto err; | |
355 | } | |
356 | ||
357 | /* Attempt to verify all signers certs */ | |
358 | ||
359 | if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) | |
360 | { | |
361 | cms_certs = CMS_get1_certs(cms); | |
853eae51 DSH |
362 | if (!(flags & CMS_NOCRL)) |
363 | crls = CMS_get1_crls(cms); | |
8931b30d DSH |
364 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) |
365 | { | |
366 | si = sk_CMS_SignerInfo_value(sinfos, i); | |
367 | if (!cms_signerinfo_verify_cert(si, store, | |
368 | cms_certs, crls, flags)) | |
369 | goto err; | |
370 | } | |
371 | } | |
372 | ||
373 | /* Attempt to verify all SignerInfo signed attribute signatures */ | |
374 | ||
375 | if (!(flags & CMS_NO_ATTR_VERIFY)) | |
376 | { | |
377 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) | |
378 | { | |
379 | si = sk_CMS_SignerInfo_value(sinfos, i); | |
380 | if (CMS_signed_get_attr_count(si) < 0) | |
381 | continue; | |
382 | if (CMS_SignerInfo_verify(si) <= 0) | |
383 | goto err; | |
384 | } | |
385 | } | |
386 | ||
387 | /* Performance optimization: if the content is a memory BIO then | |
388 | * store its contents in a temporary read only memory BIO. This | |
389 | * avoids potentially large numbers of slow copies of data which will | |
390 | * occur when reading from a read write memory BIO when signatures | |
391 | * are calculated. | |
392 | */ | |
393 | ||
394 | if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) | |
395 | { | |
396 | char *ptr; | |
397 | long len; | |
398 | len = BIO_get_mem_data(dcont, &ptr); | |
399 | tmpin = BIO_new_mem_buf(ptr, len); | |
400 | if (tmpin == NULL) | |
401 | { | |
402 | CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE); | |
403 | return 0; | |
404 | } | |
405 | } | |
406 | else | |
407 | tmpin = dcont; | |
408 | ||
409 | ||
410 | cmsbio=CMS_dataInit(cms, tmpin); | |
411 | if (!cmsbio) | |
412 | goto err; | |
413 | ||
414 | if (!cms_copy_content(out, cmsbio, flags)) | |
415 | goto err; | |
416 | ||
417 | if (!(flags & CMS_NO_CONTENT_VERIFY)) | |
418 | { | |
419 | for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) | |
420 | { | |
421 | si = sk_CMS_SignerInfo_value(sinfos, i); | |
73ba116e | 422 | if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) |
8931b30d DSH |
423 | { |
424 | CMSerr(CMS_F_CMS_VERIFY, | |
425 | CMS_R_CONTENT_VERIFY_ERROR); | |
426 | goto err; | |
427 | } | |
428 | } | |
429 | } | |
430 | ||
431 | ret = 1; | |
432 | ||
433 | err: | |
434 | ||
435 | if (dcont && (tmpin == dcont)) | |
852bd350 DSH |
436 | do_free_upto(cmsbio, dcont); |
437 | else | |
438 | BIO_free_all(cmsbio); | |
8931b30d DSH |
439 | |
440 | if (cms_certs) | |
441 | sk_X509_pop_free(cms_certs, X509_free); | |
442 | if (crls) | |
443 | sk_X509_CRL_pop_free(crls, X509_CRL_free); | |
444 | ||
445 | return ret; | |
446 | } | |
447 | ||
eb9d8d8c DSH |
448 | int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, |
449 | STACK_OF(X509) *certs, | |
450 | X509_STORE *store, unsigned int flags) | |
451 | { | |
452 | int r; | |
eaee098e | 453 | flags &= ~(CMS_DETACHED|CMS_TEXT); |
eb9d8d8c DSH |
454 | r = CMS_verify(rcms, certs, store, NULL, NULL, flags); |
455 | if (r <= 0) | |
456 | return r; | |
457 | return cms_Receipt_verify(rcms, ocms); | |
458 | } | |
459 | ||
8931b30d DSH |
460 | CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, |
461 | BIO *data, unsigned int flags) | |
462 | { | |
463 | CMS_ContentInfo *cms; | |
464 | int i; | |
e6ef05d5 | 465 | |
8931b30d | 466 | cms = CMS_ContentInfo_new(); |
e6ef05d5 | 467 | if (!cms || !CMS_SignedData_init(cms)) |
8931b30d | 468 | goto merr; |
e6ef05d5 | 469 | |
8931b30d DSH |
470 | if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) |
471 | { | |
472 | CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR); | |
473 | goto err; | |
474 | } | |
e6ef05d5 | 475 | |
8931b30d DSH |
476 | for (i = 0; i < sk_X509_num(certs); i++) |
477 | { | |
478 | X509 *x = sk_X509_value(certs, i); | |
479 | if (!CMS_add1_cert(cms, x)) | |
480 | goto merr; | |
481 | } | |
8931b30d DSH |
482 | |
483 | if(!(flags & CMS_DETACHED)) | |
484 | CMS_set_detached(cms, 0); | |
485 | ||
e0fbd073 DSH |
486 | if ((flags & (CMS_STREAM|CMS_PARTIAL)) |
487 | || CMS_final(cms, data, NULL, flags)) | |
8931b30d | 488 | return cms; |
e4f0e40e DSH |
489 | else |
490 | goto err; | |
8931b30d DSH |
491 | |
492 | merr: | |
493 | CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); | |
494 | ||
495 | err: | |
496 | if (cms) | |
497 | CMS_ContentInfo_free(cms); | |
498 | return NULL; | |
499 | } | |
500 | ||
36309aa2 DSH |
501 | CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, |
502 | X509 *signcert, EVP_PKEY *pkey, | |
503 | STACK_OF(X509) *certs, | |
504 | unsigned int flags) | |
505 | { | |
506 | CMS_SignerInfo *rct_si; | |
507 | CMS_ContentInfo *cms = NULL; | |
508 | ASN1_OCTET_STRING **pos, *os; | |
509 | BIO *rct_cont = NULL; | |
510 | int r = 0; | |
511 | ||
eaee098e | 512 | flags &= ~(CMS_STREAM|CMS_TEXT); |
36309aa2 DSH |
513 | /* Not really detached but avoids content being allocated */ |
514 | flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED; | |
515 | if (!pkey || !signcert) | |
516 | { | |
517 | CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT); | |
518 | return NULL; | |
519 | } | |
520 | ||
521 | /* Initialize signed data */ | |
522 | ||
523 | cms = CMS_sign(NULL, NULL, certs, NULL, flags); | |
524 | if (!cms) | |
525 | goto err; | |
526 | ||
527 | /* Set inner content type to signed receipt */ | |
528 | if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt))) | |
529 | goto err; | |
530 | ||
531 | rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags); | |
532 | if (!rct_si) | |
533 | { | |
534 | CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR); | |
535 | goto err; | |
536 | } | |
537 | ||
538 | os = cms_encode_Receipt(si); | |
539 | ||
540 | if (!os) | |
541 | goto err; | |
542 | ||
543 | /* Set content to digest */ | |
544 | rct_cont = BIO_new_mem_buf(os->data, os->length); | |
545 | if (!rct_cont) | |
546 | goto err; | |
547 | ||
548 | /* Add msgSigDigest attribute */ | |
549 | ||
550 | if (!cms_msgSigDigest_add1(rct_si, si)) | |
551 | goto err; | |
552 | ||
553 | /* Finalize structure */ | |
e0fbd073 | 554 | if (!CMS_final(cms, rct_cont, NULL, flags)) |
36309aa2 DSH |
555 | goto err; |
556 | ||
557 | /* Set embedded content */ | |
558 | pos = CMS_get0_content(cms); | |
559 | *pos = os; | |
560 | ||
561 | r = 1; | |
562 | ||
563 | err: | |
564 | if (rct_cont) | |
565 | BIO_free(rct_cont); | |
566 | if (r) | |
567 | return cms; | |
568 | CMS_ContentInfo_free(cms); | |
569 | return NULL; | |
570 | ||
571 | } | |
572 | ||
761ffa72 | 573 | CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, |
8931b30d DSH |
574 | const EVP_CIPHER *cipher, unsigned int flags) |
575 | { | |
761ffa72 DSH |
576 | CMS_ContentInfo *cms; |
577 | int i; | |
578 | X509 *recip; | |
579 | cms = CMS_EnvelopedData_create(cipher); | |
580 | if (!cms) | |
581 | goto merr; | |
582 | for (i = 0; i < sk_X509_num(certs); i++) | |
583 | { | |
584 | recip = sk_X509_value(certs, i); | |
585 | if (!CMS_add1_recipient_cert(cms, recip, flags)) | |
586 | { | |
587 | CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR); | |
588 | goto err; | |
589 | } | |
590 | } | |
591 | ||
592 | if(!(flags & CMS_DETACHED)) | |
593 | CMS_set_detached(cms, 0); | |
594 | ||
e0fbd073 DSH |
595 | if ((flags & (CMS_STREAM|CMS_PARTIAL)) |
596 | || CMS_final(cms, data, NULL, flags)) | |
761ffa72 | 597 | return cms; |
e4f0e40e DSH |
598 | else |
599 | goto err; | |
761ffa72 DSH |
600 | |
601 | merr: | |
602 | CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); | |
603 | err: | |
604 | if (cms) | |
605 | CMS_ContentInfo_free(cms); | |
8931b30d DSH |
606 | return NULL; |
607 | } | |
eeb9cdfc DSH |
608 | |
609 | int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) | |
610 | { | |
611 | STACK_OF(CMS_RecipientInfo) *ris; | |
612 | CMS_RecipientInfo *ri; | |
613 | int i, r; | |
614 | ris = CMS_get0_RecipientInfos(cms); | |
615 | for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) | |
616 | { | |
617 | ri = sk_CMS_RecipientInfo_value(ris, i); | |
618 | if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) | |
619 | continue; | |
620 | /* If we have a cert try matching RecipientInfo | |
621 | * otherwise try them all. | |
622 | */ | |
623 | if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) | |
624 | { | |
625 | CMS_RecipientInfo_set0_pkey(ri, pk); | |
626 | r = CMS_RecipientInfo_decrypt(cms, ri); | |
627 | CMS_RecipientInfo_set0_pkey(ri, NULL); | |
628 | if (r > 0) | |
629 | return 1; | |
630 | if (cert) | |
631 | { | |
632 | CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, | |
633 | CMS_R_DECRYPT_ERROR); | |
634 | return 0; | |
635 | } | |
636 | ERR_clear_error(); | |
637 | } | |
638 | } | |
639 | ||
640 | CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT); | |
641 | return 0; | |
642 | ||
643 | } | |
644 | ||
645 | int CMS_decrypt_set1_key(CMS_ContentInfo *cms, | |
646 | unsigned char *key, size_t keylen, | |
647 | unsigned char *id, size_t idlen) | |
648 | { | |
649 | STACK_OF(CMS_RecipientInfo) *ris; | |
650 | CMS_RecipientInfo *ri; | |
651 | int i, r; | |
652 | ris = CMS_get0_RecipientInfos(cms); | |
653 | for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) | |
654 | { | |
655 | ri = sk_CMS_RecipientInfo_value(ris, i); | |
656 | if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) | |
657 | continue; | |
658 | ||
659 | /* If we have an id try matching RecipientInfo | |
660 | * otherwise try them all. | |
661 | */ | |
662 | if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) | |
663 | { | |
664 | CMS_RecipientInfo_set0_key(ri, key, keylen); | |
665 | r = CMS_RecipientInfo_decrypt(cms, ri); | |
666 | CMS_RecipientInfo_set0_key(ri, NULL, 0); | |
667 | if (r > 0) | |
668 | return 1; | |
669 | if (id) | |
670 | { | |
671 | CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, | |
672 | CMS_R_DECRYPT_ERROR); | |
673 | return 0; | |
674 | } | |
675 | ERR_clear_error(); | |
676 | } | |
677 | } | |
678 | ||
679 | CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT); | |
680 | return 0; | |
681 | ||
682 | } | |
d2a53c22 DSH |
683 | |
684 | int CMS_decrypt_set1_password(CMS_ContentInfo *cms, | |
eb1c48be | 685 | unsigned char *pass, ossl_ssize_t passlen) |
d2a53c22 DSH |
686 | { |
687 | STACK_OF(CMS_RecipientInfo) *ris; | |
688 | CMS_RecipientInfo *ri; | |
689 | int i, r; | |
690 | ris = CMS_get0_RecipientInfos(cms); | |
691 | for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) | |
692 | { | |
693 | ri = sk_CMS_RecipientInfo_value(ris, i); | |
694 | if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS) | |
695 | continue; | |
696 | CMS_RecipientInfo_set0_password(ri, pass, passlen); | |
697 | r = CMS_RecipientInfo_decrypt(cms, ri); | |
698 | CMS_RecipientInfo_set0_password(ri, NULL, 0); | |
699 | if (r > 0) | |
700 | return 1; | |
701 | } | |
702 | ||
703 | CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT); | |
704 | return 0; | |
705 | ||
706 | } | |
8931b30d | 707 | |
4f1aa191 DSH |
708 | int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, |
709 | BIO *dcont, BIO *out, | |
8931b30d DSH |
710 | unsigned int flags) |
711 | { | |
eeb9cdfc | 712 | int r; |
4f1aa191 DSH |
713 | BIO *cont; |
714 | if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) | |
715 | { | |
716 | CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA); | |
717 | return 0; | |
718 | } | |
719 | if (!dcont && !check_content(cms)) | |
720 | return 0; | |
eeb9cdfc DSH |
721 | if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert)) |
722 | return 0; | |
4f1aa191 | 723 | |
4f1aa191 DSH |
724 | cont = CMS_dataInit(cms, dcont); |
725 | if (!cont) | |
726 | return 0; | |
727 | r = cms_copy_content(out, cont, flags); | |
852bd350 | 728 | do_free_upto(cont, dcont); |
4f1aa191 | 729 | return r; |
8931b30d DSH |
730 | } |
731 | ||
e0fbd073 | 732 | int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) |
8931b30d DSH |
733 | { |
734 | BIO *cmsbio; | |
735 | int ret = 0; | |
e0fbd073 | 736 | if (!(cmsbio = CMS_dataInit(cms, dcont))) |
8931b30d DSH |
737 | { |
738 | CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE); | |
739 | return 0; | |
740 | } | |
741 | ||
742 | SMIME_crlf_copy(data, cmsbio, flags); | |
743 | ||
744 | (void)BIO_flush(cmsbio); | |
745 | ||
746 | ||
747 | if (!CMS_dataFinal(cms, cmsbio)) | |
748 | { | |
749 | CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR); | |
750 | goto err; | |
751 | } | |
752 | ||
753 | ret = 1; | |
754 | ||
755 | err: | |
852bd350 | 756 | do_free_upto(cmsbio, dcont); |
8931b30d DSH |
757 | |
758 | return ret; | |
759 | ||
760 | } | |
761 | ||
762 | #ifdef ZLIB | |
763 | ||
a5db50d0 | 764 | int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, |
8931b30d DSH |
765 | unsigned int flags) |
766 | { | |
767 | BIO *cont; | |
768 | int r; | |
769 | if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) | |
770 | { | |
771 | CMSerr(CMS_F_CMS_UNCOMPRESS, | |
772 | CMS_R_TYPE_NOT_COMPRESSED_DATA); | |
773 | return 0; | |
774 | } | |
775 | ||
4f1aa191 DSH |
776 | if (!dcont && !check_content(cms)) |
777 | return 0; | |
8931b30d DSH |
778 | |
779 | cont = CMS_dataInit(cms, dcont); | |
780 | if (!cont) | |
781 | return 0; | |
782 | r = cms_copy_content(out, cont, flags); | |
852bd350 | 783 | do_free_upto(cont, dcont); |
8931b30d DSH |
784 | return r; |
785 | } | |
786 | ||
787 | CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) | |
788 | { | |
789 | CMS_ContentInfo *cms; | |
790 | if (comp_nid <= 0) | |
791 | comp_nid = NID_zlib_compression; | |
792 | cms = cms_CompressedData_create(comp_nid); | |
793 | if (!cms) | |
794 | return NULL; | |
795 | ||
796 | if(!(flags & CMS_DETACHED)) | |
797 | CMS_set_detached(cms, 0); | |
798 | ||
c02b6b6b | 799 | if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) |
8931b30d DSH |
800 | return cms; |
801 | ||
802 | CMS_ContentInfo_free(cms); | |
803 | return NULL; | |
804 | } | |
805 | ||
806 | #else | |
807 | ||
808 | int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, | |
809 | unsigned int flags) | |
810 | { | |
811 | CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | |
812 | return 0; | |
813 | } | |
814 | ||
815 | CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) | |
816 | { | |
817 | CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | |
818 | return NULL; | |
819 | } | |
820 | ||
821 | #endif |