]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cms/cms_env.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Ensure ossl_cms_EncryptedContent_init_bio() reports an error on no OID
[thirdparty/openssl.git] / crypto / cms / cms_env.c
1 /*
2 * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/cryptlib.h"
11 #include <openssl/asn1t.h>
12 #include <openssl/pem.h>
13 #include <openssl/x509v3.h>
14 #include <openssl/err.h>
15 #include <openssl/cms.h>
16 #include <openssl/evp.h>
17 #include "internal/sizes.h"
18 #include "crypto/asn1.h"
19 #include "crypto/evp.h"
20 #include "crypto/x509.h"
21 #include "cms_local.h"
22
23 /* CMS EnvelopedData Utilities */
24 static void cms_env_set_version(CMS_EnvelopedData *env);
25
26 #define CMS_ENVELOPED_STANDARD 1
27 #define CMS_ENVELOPED_AUTH 2
28
29 static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
30 {
31 int nid = OBJ_obj2nid(cms->contentType);
32
33 switch (nid) {
34 case NID_pkcs7_enveloped:
35 return CMS_ENVELOPED_STANDARD;
36
37 case NID_id_smime_ct_authEnvelopedData:
38 return CMS_ENVELOPED_AUTH;
39
40 default:
41 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
42 return 0;
43 }
44 }
45
46 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
47 {
48 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
49 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
50 return NULL;
51 }
52 return cms->d.envelopedData;
53 }
54
55 CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms)
56 {
57 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) {
58 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
59 return NULL;
60 }
61 return cms->d.authEnvelopedData;
62 }
63
64 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
65 {
66 if (cms->d.other == NULL) {
67 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
68 if (cms->d.envelopedData == NULL) {
69 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
70 return NULL;
71 }
72 cms->d.envelopedData->version = 0;
73 cms->d.envelopedData->encryptedContentInfo->contentType =
74 OBJ_nid2obj(NID_pkcs7_data);
75 ASN1_OBJECT_free(cms->contentType);
76 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
77 return cms->d.envelopedData;
78 }
79 return ossl_cms_get0_enveloped(cms);
80 }
81
82 static CMS_AuthEnvelopedData *
83 cms_auth_enveloped_data_init(CMS_ContentInfo *cms)
84 {
85 if (cms->d.other == NULL) {
86 cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData);
87 if (cms->d.authEnvelopedData == NULL) {
88 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
89 return NULL;
90 }
91 /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */
92 cms->d.authEnvelopedData->version = 0;
93 cms->d.authEnvelopedData->authEncryptedContentInfo->contentType =
94 OBJ_nid2obj(NID_pkcs7_data);
95 ASN1_OBJECT_free(cms->contentType);
96 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData);
97 return cms->d.authEnvelopedData;
98 }
99 return ossl_cms_get0_auth_enveloped(cms);
100 }
101
102 int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
103 {
104 EVP_PKEY *pkey;
105 int i;
106 if (ri->type == CMS_RECIPINFO_TRANS)
107 pkey = ri->d.ktri->pkey;
108 else if (ri->type == CMS_RECIPINFO_AGREE) {
109 EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
110
111 if (pctx == NULL)
112 return 0;
113 pkey = EVP_PKEY_CTX_get0_pkey(pctx);
114 if (pkey == NULL)
115 return 0;
116 } else
117 return 0;
118
119 if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH"))
120 return ossl_cms_dh_envelope(ri, cmd);
121 else if (EVP_PKEY_is_a(pkey, "EC"))
122 return ossl_cms_ecdh_envelope(ri, cmd);
123 else if (EVP_PKEY_is_a(pkey, "RSA"))
124 return ossl_cms_rsa_envelope(ri, cmd);
125
126 /* Something else? We'll give engines etc a chance to handle this */
127 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
128 return 1;
129 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
130 if (i == -2) {
131 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
132 return 0;
133 }
134 if (i <= 0) {
135 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
136 return 0;
137 }
138 return 1;
139 }
140
141 CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
142 {
143 switch (cms_get_enveloped_type(cms)) {
144 case CMS_ENVELOPED_STANDARD:
145 return cms->d.envelopedData->encryptedContentInfo;
146
147 case CMS_ENVELOPED_AUTH:
148 return cms->d.authEnvelopedData->authEncryptedContentInfo;
149
150 default:
151 return NULL;
152 }
153 }
154
155 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
156 {
157 switch (cms_get_enveloped_type(cms)) {
158 case CMS_ENVELOPED_STANDARD:
159 return cms->d.envelopedData->recipientInfos;
160
161 case CMS_ENVELOPED_AUTH:
162 return cms->d.authEnvelopedData->recipientInfos;
163
164 default:
165 return NULL;
166 }
167 }
168
169 void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
170 {
171 int i;
172 CMS_RecipientInfo *ri;
173 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
174 STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms);
175
176 for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
177 ri = sk_CMS_RecipientInfo_value(rinfos, i);
178 if (ri != NULL) {
179 switch (ri->type) {
180 case CMS_RECIPINFO_AGREE:
181 ri->d.kari->cms_ctx = ctx;
182 break;
183 case CMS_RECIPINFO_TRANS:
184 ri->d.ktri->cms_ctx = ctx;
185 ossl_x509_set0_libctx(ri->d.ktri->recip,
186 ossl_cms_ctx_get0_libctx(ctx),
187 ossl_cms_ctx_get0_propq(ctx));
188 break;
189 case CMS_RECIPINFO_KEK:
190 ri->d.kekri->cms_ctx = ctx;
191 break;
192 case CMS_RECIPINFO_PASS:
193 ri->d.pwri->cms_ctx = ctx;
194 break;
195 default:
196 break;
197 }
198 }
199 }
200 }
201
202 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
203 {
204 return ri->type;
205 }
206
207 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
208 {
209 if (ri->type == CMS_RECIPINFO_TRANS)
210 return ri->d.ktri->pctx;
211 else if (ri->type == CMS_RECIPINFO_AGREE)
212 return ri->d.kari->pctx;
213 return NULL;
214 }
215
216 CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
217 OSSL_LIB_CTX *libctx,
218 const char *propq)
219 {
220 CMS_ContentInfo *cms;
221 CMS_EnvelopedData *env;
222
223 cms = CMS_ContentInfo_new_ex(libctx, propq);
224 if (cms == NULL)
225 goto err;
226 env = cms_enveloped_data_init(cms);
227 if (env == NULL)
228 goto err;
229
230 if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL,
231 0, ossl_cms_get0_cmsctx(cms)))
232 goto err;
233 return cms;
234 err:
235 CMS_ContentInfo_free(cms);
236 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
237 return NULL;
238 }
239
240 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
241 {
242 return CMS_EnvelopedData_create_ex(cipher, NULL, NULL);
243 }
244
245 BIO *CMS_EnvelopedData_decrypt(CMS_EnvelopedData *env, BIO *detached_data,
246 EVP_PKEY *pkey, X509 *cert,
247 ASN1_OCTET_STRING *secret, unsigned int flags,
248 OSSL_LIB_CTX *libctx, const char *propq)
249 {
250 CMS_ContentInfo *ci;
251 BIO *bio = NULL;
252 int res = 0;
253
254 if (env == NULL) {
255 ERR_raise(ERR_LIB_CMS, ERR_R_PASSED_NULL_PARAMETER);
256 return NULL;
257 }
258
259 if ((ci = CMS_ContentInfo_new_ex(libctx, propq)) == NULL
260 || (bio = BIO_new(BIO_s_mem())) == NULL)
261 goto end;
262 ci->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
263 ci->d.envelopedData = env;
264 if (secret != NULL
265 && CMS_decrypt_set1_password(ci, (unsigned char *)
266 ASN1_STRING_get0_data(secret),
267 ASN1_STRING_length(secret)) != 1)
268 goto end;
269 res = CMS_decrypt(ci, secret == NULL ? pkey : NULL,
270 secret == NULL ? cert : NULL, detached_data, bio, flags);
271
272 end:
273 if (ci != NULL)
274 ci->d.envelopedData = NULL; /* do not indirectly free |env| */
275 CMS_ContentInfo_free(ci);
276 if (!res) {
277 BIO_free(bio);
278 bio = NULL;
279 }
280 return bio;
281 }
282
283 CMS_ContentInfo *
284 CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx,
285 const char *propq)
286 {
287 CMS_ContentInfo *cms;
288 CMS_AuthEnvelopedData *aenv;
289
290 cms = CMS_ContentInfo_new_ex(libctx, propq);
291 if (cms == NULL)
292 goto merr;
293 aenv = cms_auth_enveloped_data_init(cms);
294 if (aenv == NULL)
295 goto merr;
296 if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo,
297 cipher, NULL, 0,
298 ossl_cms_get0_cmsctx(cms)))
299 goto merr;
300 return cms;
301 merr:
302 CMS_ContentInfo_free(cms);
303 ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
304 return NULL;
305 }
306
307
308 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher)
309 {
310 return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL);
311 }
312
313 /* Key Transport Recipient Info (KTRI) routines */
314
315 /* Initialise a ktri based on passed certificate and key */
316
317 static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
318 EVP_PKEY *pk, unsigned int flags,
319 const CMS_CTX *ctx)
320 {
321 CMS_KeyTransRecipientInfo *ktri;
322 int idtype;
323
324 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
325 if (!ri->d.ktri)
326 return 0;
327 ri->type = CMS_RECIPINFO_TRANS;
328
329 ktri = ri->d.ktri;
330 ktri->cms_ctx = ctx;
331
332 if (flags & CMS_USE_KEYID) {
333 ktri->version = 2;
334 idtype = CMS_RECIPINFO_KEYIDENTIFIER;
335 } else {
336 ktri->version = 0;
337 idtype = CMS_RECIPINFO_ISSUER_SERIAL;
338 }
339
340 /*
341 * Not a typo: RecipientIdentifier and SignerIdentifier are the same
342 * structure.
343 */
344
345 if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx))
346 return 0;
347
348 X509_up_ref(recip);
349 EVP_PKEY_up_ref(pk);
350
351 ktri->pkey = pk;
352 ktri->recip = recip;
353
354 if (flags & CMS_KEY_PARAM) {
355 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
356 ktri->pkey,
357 ossl_cms_ctx_get0_propq(ctx));
358 if (ktri->pctx == NULL)
359 return 0;
360 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
361 return 0;
362 } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
363 return 0;
364 return 1;
365 }
366
367 /*
368 * Add a recipient certificate using appropriate type of RecipientInfo
369 */
370
371 CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip,
372 EVP_PKEY *originatorPrivKey,
373 X509 *originator, unsigned int flags)
374 {
375 CMS_RecipientInfo *ri = NULL;
376 STACK_OF(CMS_RecipientInfo) *ris;
377 EVP_PKEY *pk = NULL;
378 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
379
380 ris = CMS_get0_RecipientInfos(cms);
381 if (ris == NULL)
382 goto err;
383
384 /* Initialize recipient info */
385 ri = M_ASN1_new_of(CMS_RecipientInfo);
386 if (ri == NULL) {
387 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
388 goto err;
389 }
390
391 pk = X509_get0_pubkey(recip);
392 if (pk == NULL) {
393 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY);
394 goto err;
395 }
396
397 switch (ossl_cms_pkey_get_ri_type(pk)) {
398
399 case CMS_RECIPINFO_TRANS:
400 if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx))
401 goto err;
402 break;
403
404 case CMS_RECIPINFO_AGREE:
405 if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator,
406 originatorPrivKey, flags, ctx))
407 goto err;
408 break;
409
410 default:
411 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
412 goto err;
413
414 }
415
416 if (!sk_CMS_RecipientInfo_push(ris, ri)) {
417 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
418 goto err;
419 }
420
421 return ri;
422
423 err:
424 M_ASN1_free_of(ri, CMS_RecipientInfo);
425 return NULL;
426
427 }
428
429 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
430 unsigned int flags)
431 {
432 return CMS_add1_recipient(cms, recip, NULL, NULL, flags);
433 }
434
435 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
436 EVP_PKEY **pk, X509 **recip,
437 X509_ALGOR **palg)
438 {
439 CMS_KeyTransRecipientInfo *ktri;
440 if (ri->type != CMS_RECIPINFO_TRANS) {
441 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
442 return 0;
443 }
444
445 ktri = ri->d.ktri;
446
447 if (pk)
448 *pk = ktri->pkey;
449 if (recip)
450 *recip = ktri->recip;
451 if (palg)
452 *palg = ktri->keyEncryptionAlgorithm;
453 return 1;
454 }
455
456 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
457 ASN1_OCTET_STRING **keyid,
458 X509_NAME **issuer,
459 ASN1_INTEGER **sno)
460 {
461 CMS_KeyTransRecipientInfo *ktri;
462 if (ri->type != CMS_RECIPINFO_TRANS) {
463 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
464 return 0;
465 }
466 ktri = ri->d.ktri;
467
468 return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer,
469 sno);
470 }
471
472 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
473 {
474 if (ri->type != CMS_RECIPINFO_TRANS) {
475 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
476 return -2;
477 }
478 return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
479 }
480
481 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
482 {
483 if (ri->type != CMS_RECIPINFO_TRANS) {
484 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
485 return 0;
486 }
487 EVP_PKEY_free(ri->d.ktri->pkey);
488 ri->d.ktri->pkey = pkey;
489 return 1;
490 }
491
492 /* Encrypt content key in key transport recipient info */
493
494 static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
495 CMS_RecipientInfo *ri)
496 {
497 CMS_KeyTransRecipientInfo *ktri;
498 CMS_EncryptedContentInfo *ec;
499 EVP_PKEY_CTX *pctx;
500 unsigned char *ek = NULL;
501 size_t eklen;
502 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
503
504 int ret = 0;
505
506 if (ri->type != CMS_RECIPINFO_TRANS) {
507 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT);
508 return 0;
509 }
510 ktri = ri->d.ktri;
511 ec = ossl_cms_get0_env_enc_content(cms);
512
513 pctx = ktri->pctx;
514
515 if (pctx) {
516 if (!ossl_cms_env_asn1_ctrl(ri, 0))
517 goto err;
518 } else {
519 pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
520 ktri->pkey,
521 ossl_cms_ctx_get0_propq(ctx));
522 if (pctx == NULL)
523 return 0;
524
525 if (EVP_PKEY_encrypt_init(pctx) <= 0)
526 goto err;
527 }
528
529 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
530 goto err;
531
532 ek = OPENSSL_malloc(eklen);
533 if (ek == NULL)
534 goto err;
535
536 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
537 goto err;
538
539 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
540 ek = NULL;
541
542 ret = 1;
543
544 err:
545 EVP_PKEY_CTX_free(pctx);
546 ktri->pctx = NULL;
547 OPENSSL_free(ek);
548 return ret;
549 }
550
551 /* Decrypt content key from KTRI */
552
553 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
554 CMS_RecipientInfo *ri)
555 {
556 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
557 EVP_PKEY *pkey = ktri->pkey;
558 unsigned char *ek = NULL;
559 size_t eklen;
560 int ret = 0;
561 size_t fixlen = 0;
562 const EVP_CIPHER *cipher = NULL;
563 EVP_CIPHER *fetched_cipher = NULL;
564 CMS_EncryptedContentInfo *ec;
565 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
566 OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
567 const char *propq = ossl_cms_ctx_get0_propq(ctx);
568
569 ec = ossl_cms_get0_env_enc_content(cms);
570
571 if (ktri->pkey == NULL) {
572 ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY);
573 return 0;
574 }
575
576 if (cms->d.envelopedData->encryptedContentInfo->havenocert
577 && !cms->d.envelopedData->encryptedContentInfo->debug) {
578 X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
579 char name[OSSL_MAX_NAME_SIZE];
580
581 OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0);
582
583 (void)ERR_set_mark();
584 fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq);
585
586 if (fetched_cipher != NULL)
587 cipher = fetched_cipher;
588 else
589 cipher = EVP_get_cipherbyobj(calg->algorithm);
590 if (cipher == NULL) {
591 (void)ERR_clear_last_mark();
592 ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER);
593 return 0;
594 }
595 (void)ERR_pop_to_mark();
596
597 fixlen = EVP_CIPHER_get_key_length(cipher);
598 EVP_CIPHER_free(fetched_cipher);
599 }
600
601 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
602 if (ktri->pctx == NULL)
603 goto err;
604
605 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
606 goto err;
607
608 if (!ossl_cms_env_asn1_ctrl(ri, 1))
609 goto err;
610
611 if (EVP_PKEY_is_a(pkey, "RSA"))
612 /* upper layer CMS code incorrectly assumes that a successful RSA
613 * decryption means that the key matches ciphertext (which never
614 * was the case, implicit rejection or not), so to make it work
615 * disable implicit rejection for RSA keys */
616 EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_pkcs1_implicit_rejection", "0");
617
618 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
619 ktri->encryptedKey->data,
620 ktri->encryptedKey->length) <= 0)
621 goto err;
622
623 ek = OPENSSL_malloc(eklen);
624 if (ek == NULL)
625 goto err;
626
627 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
628 ktri->encryptedKey->data,
629 ktri->encryptedKey->length) <= 0
630 || eklen == 0
631 || (fixlen != 0 && eklen != fixlen)) {
632 ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB);
633 goto err;
634 }
635
636 ret = 1;
637
638 OPENSSL_clear_free(ec->key, ec->keylen);
639 ec->key = ek;
640 ec->keylen = eklen;
641
642 err:
643 EVP_PKEY_CTX_free(ktri->pctx);
644 ktri->pctx = NULL;
645 if (!ret)
646 OPENSSL_free(ek);
647
648 return ret;
649 }
650
651 /* Key Encrypted Key (KEK) RecipientInfo routines */
652
653 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
654 const unsigned char *id, size_t idlen)
655 {
656 ASN1_OCTET_STRING tmp_os;
657 CMS_KEKRecipientInfo *kekri;
658 if (ri->type != CMS_RECIPINFO_KEK) {
659 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
660 return -2;
661 }
662 kekri = ri->d.kekri;
663 tmp_os.type = V_ASN1_OCTET_STRING;
664 tmp_os.flags = 0;
665 tmp_os.data = (unsigned char *)id;
666 tmp_os.length = (int)idlen;
667 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
668 }
669
670 /* For now hard code AES key wrap info */
671
672 static size_t aes_wrap_keylen(int nid)
673 {
674 switch (nid) {
675 case NID_id_aes128_wrap:
676 return 16;
677
678 case NID_id_aes192_wrap:
679 return 24;
680
681 case NID_id_aes256_wrap:
682 return 32;
683
684 default:
685 return 0;
686 }
687 }
688
689 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
690 unsigned char *key, size_t keylen,
691 unsigned char *id, size_t idlen,
692 ASN1_GENERALIZEDTIME *date,
693 ASN1_OBJECT *otherTypeId,
694 ASN1_TYPE *otherType)
695 {
696 CMS_RecipientInfo *ri = NULL;
697 CMS_KEKRecipientInfo *kekri;
698 STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
699
700 if (ris == NULL)
701 goto err;
702
703 if (nid == NID_undef) {
704 switch (keylen) {
705 case 16:
706 nid = NID_id_aes128_wrap;
707 break;
708
709 case 24:
710 nid = NID_id_aes192_wrap;
711 break;
712
713 case 32:
714 nid = NID_id_aes256_wrap;
715 break;
716
717 default:
718 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
719 goto err;
720 }
721
722 } else {
723
724 size_t exp_keylen = aes_wrap_keylen(nid);
725
726 if (!exp_keylen) {
727 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM);
728 goto err;
729 }
730
731 if (keylen != exp_keylen) {
732 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
733 goto err;
734 }
735
736 }
737
738 /* Initialize recipient info */
739 ri = M_ASN1_new_of(CMS_RecipientInfo);
740 if (!ri) {
741 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
742 goto err;
743 }
744
745 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
746 if (!ri->d.kekri) {
747 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
748 goto err;
749 }
750 ri->type = CMS_RECIPINFO_KEK;
751
752 kekri = ri->d.kekri;
753
754 if (otherTypeId) {
755 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
756 if (kekri->kekid->other == NULL) {
757 ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
758 goto err;
759 }
760 }
761
762 if (!sk_CMS_RecipientInfo_push(ris, ri)) {
763 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
764 goto err;
765 }
766
767 /* After this point no calls can fail */
768
769 kekri->version = 4;
770
771 kekri->key = key;
772 kekri->keylen = keylen;
773
774 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
775
776 kekri->kekid->date = date;
777
778 if (kekri->kekid->other) {
779 kekri->kekid->other->keyAttrId = otherTypeId;
780 kekri->kekid->other->keyAttr = otherType;
781 }
782
783 (void)X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, OBJ_nid2obj(nid),
784 V_ASN1_UNDEF, NULL); /* cannot fail */
785
786 return ri;
787
788 err:
789 M_ASN1_free_of(ri, CMS_RecipientInfo);
790 return NULL;
791 }
792
793 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
794 X509_ALGOR **palg,
795 ASN1_OCTET_STRING **pid,
796 ASN1_GENERALIZEDTIME **pdate,
797 ASN1_OBJECT **potherid,
798 ASN1_TYPE **pothertype)
799 {
800 CMS_KEKIdentifier *rkid;
801 if (ri->type != CMS_RECIPINFO_KEK) {
802 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
803 return 0;
804 }
805 rkid = ri->d.kekri->kekid;
806 if (palg)
807 *palg = ri->d.kekri->keyEncryptionAlgorithm;
808 if (pid)
809 *pid = rkid->keyIdentifier;
810 if (pdate)
811 *pdate = rkid->date;
812 if (potherid) {
813 if (rkid->other)
814 *potherid = rkid->other->keyAttrId;
815 else
816 *potherid = NULL;
817 }
818 if (pothertype) {
819 if (rkid->other)
820 *pothertype = rkid->other->keyAttr;
821 else
822 *pothertype = NULL;
823 }
824 return 1;
825 }
826
827 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
828 unsigned char *key, size_t keylen)
829 {
830 CMS_KEKRecipientInfo *kekri;
831 if (ri->type != CMS_RECIPINFO_KEK) {
832 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK);
833 return 0;
834 }
835
836 kekri = ri->d.kekri;
837 kekri->key = key;
838 kekri->keylen = keylen;
839 return 1;
840 }
841
842 static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx)
843 {
844 const char *alg = NULL;
845
846 switch (keylen) {
847 case 16:
848 alg = "AES-128-WRAP";
849 break;
850 case 24:
851 alg = "AES-192-WRAP";
852 break;
853 case 32:
854 alg = "AES-256-WRAP";
855 break;
856 default:
857 return NULL;
858 }
859 return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
860 ossl_cms_ctx_get0_propq(ctx));
861 }
862
863
864 /* Encrypt content key in KEK recipient info */
865
866 static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms,
867 CMS_RecipientInfo *ri)
868 {
869 CMS_EncryptedContentInfo *ec;
870 CMS_KEKRecipientInfo *kekri;
871 unsigned char *wkey = NULL;
872 int wkeylen;
873 int r = 0;
874 EVP_CIPHER *cipher = NULL;
875 int outlen = 0;
876 EVP_CIPHER_CTX *ctx = NULL;
877 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
878
879 ec = ossl_cms_get0_env_enc_content(cms);
880 if (ec == NULL)
881 return 0;
882
883 kekri = ri->d.kekri;
884
885 if (kekri->key == NULL) {
886 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
887 return 0;
888 }
889
890 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
891 if (cipher == NULL) {
892 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
893 goto err;
894 }
895
896 /* 8 byte prefix for AES wrap ciphers */
897 wkey = OPENSSL_malloc(ec->keylen + 8);
898 if (wkey == NULL)
899 goto err;
900
901 ctx = EVP_CIPHER_CTX_new();
902 if (ctx == NULL) {
903 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
904 goto err;
905 }
906
907 EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
908 if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
909 || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen)
910 || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) {
911 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
912 goto err;
913 }
914 wkeylen += outlen;
915 if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) {
916 ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR);
917 goto err;
918 }
919
920 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
921
922 r = 1;
923
924 err:
925 EVP_CIPHER_free(cipher);
926 if (!r)
927 OPENSSL_free(wkey);
928 EVP_CIPHER_CTX_free(ctx);
929
930 return r;
931 }
932
933 /* Decrypt content key in KEK recipient info */
934
935 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
936 CMS_RecipientInfo *ri)
937 {
938 CMS_EncryptedContentInfo *ec;
939 CMS_KEKRecipientInfo *kekri;
940 unsigned char *ukey = NULL;
941 int ukeylen;
942 int r = 0, wrap_nid;
943 EVP_CIPHER *cipher = NULL;
944 int outlen = 0;
945 EVP_CIPHER_CTX *ctx = NULL;
946 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
947
948 ec = ossl_cms_get0_env_enc_content(cms);
949 if (ec == NULL)
950 return 0;
951
952 kekri = ri->d.kekri;
953
954 if (!kekri->key) {
955 ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY);
956 return 0;
957 }
958
959 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
960 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
961 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
962 return 0;
963 }
964
965 /* If encrypted key length is invalid don't bother */
966
967 if (kekri->encryptedKey->length < 16) {
968 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
969 goto err;
970 }
971
972 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx);
973 if (cipher == NULL) {
974 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH);
975 goto err;
976 }
977
978 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
979 if (ukey == NULL)
980 goto err;
981
982 ctx = EVP_CIPHER_CTX_new();
983 if (ctx == NULL) {
984 ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
985 goto err;
986 }
987
988 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL)
989 || !EVP_DecryptUpdate(ctx, ukey, &ukeylen,
990 kekri->encryptedKey->data,
991 kekri->encryptedKey->length)
992 || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) {
993 ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR);
994 goto err;
995 }
996 ukeylen += outlen;
997
998 OPENSSL_clear_free(ec->key, ec->keylen);
999 ec->key = ukey;
1000 ec->keylen = ukeylen;
1001
1002 r = 1;
1003
1004 err:
1005 EVP_CIPHER_free(cipher);
1006 if (!r)
1007 OPENSSL_free(ukey);
1008 EVP_CIPHER_CTX_free(ctx);
1009
1010 return r;
1011 }
1012
1013 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1014 {
1015 switch (ri->type) {
1016 case CMS_RECIPINFO_TRANS:
1017 return cms_RecipientInfo_ktri_decrypt(cms, ri);
1018
1019 case CMS_RECIPINFO_KEK:
1020 return cms_RecipientInfo_kekri_decrypt(cms, ri);
1021
1022 case CMS_RECIPINFO_PASS:
1023 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0);
1024
1025 default:
1026 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
1027 return 0;
1028 }
1029 }
1030
1031 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
1032 {
1033 switch (ri->type) {
1034 case CMS_RECIPINFO_TRANS:
1035 return cms_RecipientInfo_ktri_encrypt(cms, ri);
1036
1037 case CMS_RECIPINFO_AGREE:
1038 return ossl_cms_RecipientInfo_kari_encrypt(cms, ri);
1039
1040 case CMS_RECIPINFO_KEK:
1041 return cms_RecipientInfo_kekri_encrypt(cms, ri);
1042
1043 case CMS_RECIPINFO_PASS:
1044 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1);
1045
1046 default:
1047 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
1048 return 0;
1049 }
1050 }
1051
1052 /* Check structures and fixup version numbers (if necessary) */
1053
1054 static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
1055 {
1056 CMS_OriginatorInfo *org = env->originatorInfo;
1057 int i;
1058 if (org == NULL)
1059 return;
1060 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
1061 CMS_CertificateChoices *cch;
1062 cch = sk_CMS_CertificateChoices_value(org->certificates, i);
1063 if (cch->type == CMS_CERTCHOICE_OTHER) {
1064 env->version = 4;
1065 return;
1066 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
1067 if (env->version < 3)
1068 env->version = 3;
1069 }
1070 }
1071
1072 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
1073 CMS_RevocationInfoChoice *rch;
1074 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
1075 if (rch->type == CMS_REVCHOICE_OTHER) {
1076 env->version = 4;
1077 return;
1078 }
1079 }
1080 }
1081
1082 static void cms_env_set_version(CMS_EnvelopedData *env)
1083 {
1084 int i;
1085 CMS_RecipientInfo *ri;
1086
1087 /*
1088 * Can't set version higher than 4 so if 4 or more already nothing to do.
1089 */
1090 if (env->version >= 4)
1091 return;
1092
1093 cms_env_set_originfo_version(env);
1094
1095 if (env->version >= 3)
1096 return;
1097
1098 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
1099 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
1100 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
1101 env->version = 3;
1102 return;
1103 } else if (ri->type != CMS_RECIPINFO_TRANS
1104 || ri->d.ktri->version != 0) {
1105 env->version = 2;
1106 }
1107 }
1108 if (env->originatorInfo || env->unprotectedAttrs)
1109 env->version = 2;
1110 if (env->version == 2)
1111 return;
1112 env->version = 0;
1113 }
1114
1115 static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms,
1116 STACK_OF(CMS_RecipientInfo) *ris)
1117 {
1118 int i;
1119 CMS_RecipientInfo *ri;
1120
1121 for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
1122 ri = sk_CMS_RecipientInfo_value(ris, i);
1123 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0)
1124 return -1;
1125 }
1126 return 1;
1127 }
1128
1129 static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec)
1130 {
1131 ec->cipher = NULL;
1132 OPENSSL_clear_free(ec->key, ec->keylen);
1133 ec->key = NULL;
1134 ec->keylen = 0;
1135 }
1136
1137 static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms)
1138 {
1139 CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo;
1140 BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec,
1141 ossl_cms_get0_cmsctx(cms));
1142 EVP_CIPHER_CTX *ctx = NULL;
1143
1144 if (contentBio == NULL)
1145 return NULL;
1146
1147 BIO_get_cipher_ctx(contentBio, &ctx);
1148 if (ctx == NULL) {
1149 BIO_free(contentBio);
1150 return NULL;
1151 }
1152 /*
1153 * If the selected cipher supports unprotected attributes,
1154 * deal with it using special ctrl function
1155 */
1156 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1157 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
1158 && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
1159 cms->d.envelopedData->unprotectedAttrs) <= 0) {
1160 BIO_free(contentBio);
1161 return NULL;
1162 }
1163 return contentBio;
1164 }
1165
1166 static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms)
1167 {
1168 CMS_EncryptedContentInfo *ec;
1169 STACK_OF(CMS_RecipientInfo) *rinfos;
1170 int ok = 0;
1171 BIO *ret;
1172 CMS_EnvelopedData *env = cms->d.envelopedData;
1173
1174 /* Get BIO first to set up key */
1175
1176 ec = env->encryptedContentInfo;
1177 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
1178
1179 /* If error end of processing */
1180 if (!ret)
1181 return ret;
1182
1183 /* Now encrypt content key according to each RecipientInfo type */
1184 rinfos = env->recipientInfos;
1185 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1186 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1187 goto err;
1188 }
1189
1190 /* And finally set the version */
1191 cms_env_set_version(env);
1192
1193 ok = 1;
1194
1195 err:
1196 cms_env_clear_ec(ec);
1197 if (ok)
1198 return ret;
1199 BIO_free(ret);
1200 return NULL;
1201 }
1202
1203 BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
1204 {
1205 if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) {
1206 /* If cipher is set it's encryption */
1207 return cms_EnvelopedData_Encryption_init_bio(cms);
1208 }
1209
1210 /* If cipher is not set it's decryption */
1211 return cms_EnvelopedData_Decryption_init_bio(cms);
1212 }
1213
1214 BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms)
1215 {
1216 CMS_EncryptedContentInfo *ec;
1217 STACK_OF(CMS_RecipientInfo) *rinfos;
1218 int ok = 0;
1219 BIO *ret;
1220 CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData;
1221
1222 /* Get BIO first to set up key */
1223 ec = aenv->authEncryptedContentInfo;
1224 /* Set tag for decryption */
1225 if (ec->cipher == NULL) {
1226 ec->tag = aenv->mac->data;
1227 ec->taglen = aenv->mac->length;
1228 }
1229 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms));
1230
1231 /* If error or no cipher end of processing */
1232 if (ret == NULL || ec->cipher == NULL)
1233 return ret;
1234
1235 /* Now encrypt content key according to each RecipientInfo type */
1236 rinfos = aenv->recipientInfos;
1237 if (cms_env_encrypt_content_key(cms, rinfos) < 0) {
1238 ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO);
1239 goto err;
1240 }
1241
1242 /* And finally set the version */
1243 aenv->version = 0;
1244
1245 ok = 1;
1246
1247 err:
1248 cms_env_clear_ec(ec);
1249 if (ok)
1250 return ret;
1251 BIO_free(ret);
1252 return NULL;
1253 }
1254
1255 int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain)
1256 {
1257 CMS_EnvelopedData *env = NULL;
1258 EVP_CIPHER_CTX *ctx = NULL;
1259 BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER);
1260
1261 env = ossl_cms_get0_enveloped(cms);
1262 if (env == NULL)
1263 return 0;
1264
1265 if (mbio == NULL) {
1266 ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND);
1267 return 0;
1268 }
1269
1270 BIO_get_cipher_ctx(mbio, &ctx);
1271
1272 /*
1273 * If the selected cipher supports unprotected attributes,
1274 * deal with it using special ctrl function
1275 */
1276 if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
1277 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
1278 if (env->unprotectedAttrs == NULL)
1279 env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
1280
1281 if (env->unprotectedAttrs == NULL) {
1282 ERR_raise(ERR_LIB_CMS, ERR_R_CRYPTO_LIB);
1283 return 0;
1284 }
1285
1286 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED,
1287 1, env->unprotectedAttrs) <= 0) {
1288 ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE);
1289 return 0;
1290 }
1291 }
1292
1293 cms_env_set_version(cms->d.envelopedData);
1294 return 1;
1295 }
1296
1297 int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio)
1298 {
1299 EVP_CIPHER_CTX *ctx;
1300 unsigned char *tag = NULL;
1301 int taglen, ok = 0;
1302
1303 BIO_get_cipher_ctx(cmsbio, &ctx);
1304
1305 /*
1306 * The tag is set only for encryption. There is nothing to do for
1307 * decryption.
1308 */
1309 if (!EVP_CIPHER_CTX_is_encrypting(ctx))
1310 return 1;
1311
1312 taglen = EVP_CIPHER_CTX_get_tag_length(ctx);
1313 if (taglen <= 0
1314 || (tag = OPENSSL_malloc(taglen)) == NULL
1315 || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
1316 tag) <= 0) {
1317 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG);
1318 goto err;
1319 }
1320
1321 if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen))
1322 goto err;
1323
1324 ok = 1;
1325 err:
1326 OPENSSL_free(tag);
1327 return ok;
1328 }
1329
1330 /*
1331 * Get RecipientInfo type (if any) supported by a key (public or private). To
1332 * retain compatibility with previous behaviour if the ctrl value isn't
1333 * supported we assume key transport.
1334 */
1335 int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk)
1336 {
1337 /* Check types that we know about */
1338 if (EVP_PKEY_is_a(pk, "DH"))
1339 return CMS_RECIPINFO_AGREE;
1340 else if (EVP_PKEY_is_a(pk, "DHX"))
1341 return CMS_RECIPINFO_AGREE;
1342 else if (EVP_PKEY_is_a(pk, "DSA"))
1343 return CMS_RECIPINFO_NONE;
1344 else if (EVP_PKEY_is_a(pk, "EC"))
1345 return CMS_RECIPINFO_AGREE;
1346 else if (EVP_PKEY_is_a(pk, "RSA"))
1347 return CMS_RECIPINFO_TRANS;
1348
1349 /*
1350 * Otherwise this might ben an engine implementation, so see if we can get
1351 * the type from the ameth.
1352 */
1353 if (pk->ameth && pk->ameth->pkey_ctrl) {
1354 int i, r;
1355 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
1356 if (i > 0)
1357 return r;
1358 }
1359 return CMS_RECIPINFO_TRANS;
1360 }
1361
1362 int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type)
1363 {
1364 int supportedRiType;
1365
1366 if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) {
1367 int i, r;
1368
1369 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED,
1370 ri_type, &r);
1371 if (i > 0)
1372 return r;
1373 }
1374
1375 supportedRiType = ossl_cms_pkey_get_ri_type(pk);
1376 if (supportedRiType < 0)
1377 return 0;
1378
1379 return (supportedRiType == ri_type);
1380 }
A mirror of the official openssl repository