abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-29 01:03:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source 
# Conflicts:
#	README.md
This commit is contained in:
Zhi Guan
2017-02-14 16:12:29 +08:00
parent d2254170b8
commit 43fed1108d
3503 changed files with 320546 additions and 408546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

325
crypto/cms/Makefile
View File

@@ -1,325 +0,0 @@
#
# OpenSSL/crypto/cms/Makefile
#
DIR= cms
TOP= ../..
CC= cc
INCLUDES= -I.. -I$(TOP) -I../../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
cms_pwri.c cms_kari.c
LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
cms_pwri.o cms_kari.o
SRC= $(LIBSRC)
EXHEADER= cms.h
HEADER= cms_lcl.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
test:
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_asn1.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_asn1.o: ../../include/openssl/opensslconf.h
cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_asn1.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_att.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_att.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_att.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_att.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_att.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_att.o: ../../include/openssl/x509v3.h cms.h cms_att.c cms_lcl.h
cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h
cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h
cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_cd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_cd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_cd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_cd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_cd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_cd.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_cd.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_cd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_cd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_cd.o: ../cryptlib.h cms_cd.c cms_lcl.h
cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h
cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_dd.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_dd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_dd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_dd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_dd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_dd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_dd.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_dd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_dd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_dd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_dd.c cms_lcl.h
cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h
cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_enc.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_enc.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
cms_enc.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_enc.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_enc.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_enc.o: ../cryptlib.h cms_enc.c cms_lcl.h
cms_env.o: ../../e_os.h ../../include/openssl/aes.h
cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_env.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_env.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_env.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_env.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_env.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_env.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_env.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_env.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_env.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_env.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_env.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_env.o: cms_env.c cms_lcl.h
cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_err.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_err.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_err.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_err.o: ../../include/openssl/x509_vfy.h cms_err.c
cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h
cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_ess.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_ess.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_ess.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_ess.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_ess.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_ess.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
cms_ess.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_ess.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_ess.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_ess.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_ess.o: ../cryptlib.h cms_ess.c cms_lcl.h
cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_io.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_io.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_io.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_io.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_io.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_io.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_io.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_io.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_io.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_io.o: ../../include/openssl/x509_vfy.h cms.h cms_io.c cms_lcl.h
cms_kari.o: ../../e_os.h ../../include/openssl/aes.h
cms_kari.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_kari.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_kari.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
cms_kari.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_kari.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_kari.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_kari.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_kari.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_kari.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_kari.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_kari.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_kari.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_kari.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_kari.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_kari.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_kari.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_kari.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_kari.o: cms_kari.c cms_lcl.h
cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_lib.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_lib.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_lib.o: ../../include/openssl/x509v3.h cms.h cms_lcl.h cms_lib.c
cms_pwri.o: ../../e_os.h ../../include/openssl/aes.h
cms_pwri.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_pwri.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_pwri.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
cms_pwri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_pwri.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_pwri.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_pwri.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_pwri.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_pwri.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_pwri.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_pwri.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_pwri.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_pwri.o: cms_lcl.h cms_pwri.c
cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_sd.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_sd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_sd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_sd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_sd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_sd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_sd.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_sd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_sd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_sd.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_sd.o: cms_lcl.h cms_sd.c
cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_smime.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_smime.o: ../../include/openssl/opensslconf.h
cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_smime.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_smime.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_smime.c

325
crypto/cms/Makefile.save
View File

@@ -1,325 +0,0 @@
#
# OpenSSL/crypto/cms/Makefile
#
DIR= cms
TOP= ../..
CC= cc
INCLUDES= -I.. -I$(TOP) -I../../include
CFLAG=-g
MAKEFILE= Makefile
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
cms_pwri.c cms_kari.c
LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
cms_pwri.o cms_kari.o
SRC= $(LIBSRC)
EXHEADER= cms.h
HEADER= cms_lcl.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
test:
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
links:
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_asn1.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_asn1.o: ../../include/openssl/opensslconf.h
cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_asn1.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_att.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_att.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_att.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_att.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_att.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_att.o: ../../include/openssl/x509v3.h cms.h cms_att.c cms_lcl.h
cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h
cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h
cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_cd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_cd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_cd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_cd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_cd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_cd.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_cd.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_cd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_cd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_cd.o: ../cryptlib.h cms_cd.c cms_lcl.h
cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h
cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_dd.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_dd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_dd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_dd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_dd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_dd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_dd.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_dd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_dd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_dd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_dd.c cms_lcl.h
cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h
cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_enc.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_enc.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
cms_enc.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_enc.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_enc.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_enc.o: ../cryptlib.h cms_enc.c cms_lcl.h
cms_env.o: ../../e_os.h ../../include/openssl/aes.h
cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_env.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_env.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_env.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_env.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_env.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_env.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_env.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_env.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_env.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_env.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_env.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_env.o: cms_env.c cms_lcl.h
cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_err.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_err.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_err.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_err.o: ../../include/openssl/x509_vfy.h cms_err.c
cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h
cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_ess.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_ess.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_ess.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_ess.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_ess.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_ess.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
cms_ess.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_ess.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_ess.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_ess.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_ess.o: ../cryptlib.h cms_ess.c cms_lcl.h
cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_io.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_io.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_io.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_io.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_io.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_io.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_io.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_io.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_io.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_io.o: ../../include/openssl/x509_vfy.h cms.h cms_io.c cms_lcl.h
cms_kari.o: ../../e_os.h ../../include/openssl/aes.h
cms_kari.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_kari.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_kari.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
cms_kari.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_kari.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_kari.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_kari.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_kari.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_kari.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_kari.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_kari.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_kari.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_kari.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_kari.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_kari.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_kari.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_kari.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_kari.o: cms_kari.c cms_lcl.h
cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_lib.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_lib.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_lib.o: ../../include/openssl/x509v3.h cms.h cms_lcl.h cms_lib.c
cms_pwri.o: ../../e_os.h ../../include/openssl/aes.h
cms_pwri.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_pwri.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_pwri.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
cms_pwri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
cms_pwri.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
cms_pwri.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
cms_pwri.o: ../../include/openssl/evp.h ../../include/openssl/kdf.h
cms_pwri.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
cms_pwri.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
cms_pwri.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_pwri.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_pwri.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_pwri.o: cms_lcl.h cms_pwri.c
cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_sd.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_sd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_sd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
cms_sd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
cms_sd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
cms_sd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_sd.o: ../../include/openssl/sm2.h ../../include/openssl/sm3.h
cms_sd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_sd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_sd.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
cms_sd.o: cms_lcl.h cms_sd.c
cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
cms_smime.o: ../../include/openssl/kdf.h ../../include/openssl/lhash.h
cms_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
cms_smime.o: ../../include/openssl/opensslconf.h
cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/sm2.h
cms_smime.o: ../../include/openssl/sm3.h ../../include/openssl/stack.h
cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_smime.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_smime.c

5
crypto/cms/build.info Normal file
View File

@@ -0,0 +1,5 @@
LIBS=../../libcrypto
SOURCE[../../libcrypto]= \
cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
cms_pwri.c cms_kari.c

555
crypto/cms/cms.h
View File

@@ -1,555 +0,0 @@
/* crypto/cms/cms.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#ifndef HEADER_CMS_H
# define HEADER_CMS_H
# include <openssl/x509.h>
# ifdef OPENSSL_NO_CMS
# error CMS is disabled.
# endif
#ifdef __cplusplus
extern "C" {
#endif
typedef struct CMS_ContentInfo_st CMS_ContentInfo;
typedef struct CMS_SignerInfo_st CMS_SignerInfo;
typedef struct CMS_CertificateChoices CMS_CertificateChoices;
typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
typedef struct CMS_Receipt_st CMS_Receipt;
typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
DECLARE_STACK_OF(CMS_SignerInfo)
DECLARE_STACK_OF(GENERAL_NAMES)
DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
# define CMS_SIGNERINFO_ISSUER_SERIAL 0
# define CMS_SIGNERINFO_KEYIDENTIFIER 1
# define CMS_RECIPINFO_NONE -1
# define CMS_RECIPINFO_TRANS 0
# define CMS_RECIPINFO_AGREE 1
# define CMS_RECIPINFO_KEK 2
# define CMS_RECIPINFO_PASS 3
# define CMS_RECIPINFO_OTHER 4
/* S/MIME related flags */
# define CMS_TEXT 0x1
# define CMS_NOCERTS 0x2
# define CMS_NO_CONTENT_VERIFY 0x4
# define CMS_NO_ATTR_VERIFY 0x8
# define CMS_NOSIGS \
(CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
# define CMS_NOINTERN 0x10
# define CMS_NO_SIGNER_CERT_VERIFY 0x20
# define CMS_NOVERIFY 0x20
# define CMS_DETACHED 0x40
# define CMS_BINARY 0x80
# define CMS_NOATTR 0x100
# define CMS_NOSMIMECAP 0x200
# define CMS_NOOLDMIMETYPE 0x400
# define CMS_CRLFEOL 0x800
# define CMS_STREAM 0x1000
# define CMS_NOCRL 0x2000
# define CMS_PARTIAL 0x4000
# define CMS_REUSE_DIGEST 0x8000
# define CMS_USE_KEYID 0x10000
# define CMS_DEBUG_DECRYPT 0x20000
# define CMS_KEY_PARAM 0x40000
const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
int CMS_is_detached(CMS_ContentInfo *cms);
int CMS_set_detached(CMS_ContentInfo *cms, int detached);
# ifdef HEADER_PEM_H
DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
# endif
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
int flags);
CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
unsigned int flags);
CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
STACK_OF(X509) *certs, BIO *data,
unsigned int flags);
CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
X509 *signcert, EVP_PKEY *pkey,
STACK_OF(X509) *certs, unsigned int flags);
int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
unsigned int flags);
CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
unsigned int flags);
int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
const unsigned char *key, size_t keylen,
BIO *dcont, BIO *out, unsigned int flags);
CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
const unsigned char *key,
size_t keylen, unsigned int flags);
int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
const unsigned char *key, size_t keylen);
int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
STACK_OF(X509) *certs,
X509_STORE *store, unsigned int flags);
STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
const EVP_CIPHER *cipher, unsigned int flags);
int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
BIO *dcont, BIO *out, unsigned int flags);
int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
unsigned char *key, size_t keylen,
unsigned char *id, size_t idlen);
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
unsigned char *pass, ossl_ssize_t passlen);
STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
X509 *recip, unsigned int flags);
int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
EVP_PKEY **pk, X509 **recip,
X509_ALGOR **palg);
int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer,
ASN1_INTEGER **sno);
CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
unsigned char *key, size_t keylen,
unsigned char *id, size_t idlen,
ASN1_GENERALIZEDTIME *date,
ASN1_OBJECT *otherTypeId,
ASN1_TYPE *otherType);
int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
X509_ALGOR **palg,
ASN1_OCTET_STRING **pid,
ASN1_GENERALIZEDTIME **pdate,
ASN1_OBJECT **potherid,
ASN1_TYPE **pothertype);
int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
unsigned char *key, size_t keylen);
int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
const unsigned char *id, size_t idlen);
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass,
ossl_ssize_t passlen);
CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
int iter, int wrap_nid,
int pbe_nid,
unsigned char *pass,
ossl_ssize_t passlen,
const EVP_CIPHER *kekciph);
int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
unsigned int flags);
CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
int CMS_SignedData_init(CMS_ContentInfo *cms);
CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
unsigned int flags);
EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer, ASN1_INTEGER **sno);
int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
unsigned int flags);
void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
X509 **signer, X509_ALGOR **pdig,
X509_ALGOR **psig);
ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
int CMS_SignerInfo_sign(CMS_SignerInfo *si);
int CMS_SignerInfo_verify(CMS_SignerInfo *si);
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
int algnid, int keysize);
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
int lastpos);
int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
int lastpos);
X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
const ASN1_OBJECT *obj, int type,
const void *bytes, int len);
int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
int nid, int type,
const void *bytes, int len);
int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
const char *attrname, int type,
const void *bytes, int len);
void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
int lastpos, int type);
int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
int lastpos);
int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
int lastpos);
X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
const ASN1_OBJECT *obj, int type,
const void *bytes, int len);
int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
int nid, int type,
const void *bytes, int len);
int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
const char *attrname, int type,
const void *bytes, int len);
void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
int lastpos, int type);
# ifdef HEADER_X509V3_H
int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
int allorfirst,
STACK_OF(GENERAL_NAMES)
*receiptList, STACK_OF(GENERAL_NAMES)
*receiptsTo);
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
ASN1_STRING **pcid,
int *pallorfirst,
STACK_OF(GENERAL_NAMES) **plist,
STACK_OF(GENERAL_NAMES) **prto);
# endif
int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
X509_ALGOR **palg,
ASN1_OCTET_STRING **pukm);
STACK_OF(CMS_RecipientEncryptedKey)
*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
X509_ALGOR **pubalg,
ASN1_BIT_STRING **pubkey,
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer,
ASN1_INTEGER **sno);
int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
ASN1_OCTET_STRING **keyid,
ASN1_GENERALIZEDTIME **tm,
CMS_OtherKeyAttribute **other,
X509_NAME **issuer, ASN1_INTEGER **sno);
int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
X509 *cert);
int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri,
CMS_RecipientEncryptedKey *rek);
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
ASN1_OCTET_STRING *ukm, int keylen);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_CMS_strings(void);
/* Error codes for the CMS functions. */
/* Function codes. */
# define CMS_F_CHECK_CONTENT 99
# define CMS_F_CMS_ADD0_CERT 164
# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
# define CMS_F_CMS_ADD1_SIGNER 102
# define CMS_F_CMS_ADD1_SIGNINGTIME 103
# define CMS_F_CMS_COMPRESS 104
# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
# define CMS_F_CMS_COPY_CONTENT 107
# define CMS_F_CMS_COPY_MESSAGEDIGEST 108
# define CMS_F_CMS_DATA 109
# define CMS_F_CMS_DATAFINAL 110
# define CMS_F_CMS_DATAINIT 111
# define CMS_F_CMS_DECRYPT 112
# define CMS_F_CMS_DECRYPT_SET1_KEY 113
# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
# define CMS_F_CMS_DECRYPT_SET1_PKEY 114
# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
# define CMS_F_CMS_DIGEST_VERIFY 118
# define CMS_F_CMS_ENCODE_RECEIPT 161
# define CMS_F_CMS_ENCRYPT 119
# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
# define CMS_F_CMS_ENVELOPED_DATA_INIT 126
# define CMS_F_CMS_ENV_ASN1_CTRL 171
# define CMS_F_CMS_FINAL 127
# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
# define CMS_F_CMS_GET0_CONTENT 129
# define CMS_F_CMS_GET0_ECONTENT_TYPE 130
# define CMS_F_CMS_GET0_ENVELOPED 131
# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
# define CMS_F_CMS_GET0_SIGNED 133
# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
# define CMS_F_CMS_RECEIPT_VERIFY 160
# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169
# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173
# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172
# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
# define CMS_F_CMS_SD_ASN1_CTRL 170
# define CMS_F_CMS_SET1_IAS 176
# define CMS_F_CMS_SET1_KEYID 177
# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
# define CMS_F_CMS_SET_DETACHED 147
# define CMS_F_CMS_SIGN 148
# define CMS_F_CMS_SIGNED_DATA_INIT 149
# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
# define CMS_F_CMS_SIGNERINFO_SIGN 151
# define CMS_F_CMS_SIGNERINFO_VERIFY 152
# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
# define CMS_F_CMS_SIGN_RECEIPT 163
# define CMS_F_CMS_STREAM 155
# define CMS_F_CMS_UNCOMPRESS 156
# define CMS_F_CMS_VERIFY 157
/* Reason codes. */
# define CMS_R_ADD_SIGNER_ERROR 99
# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
# define CMS_R_CERTIFICATE_VERIFY_ERROR 100
# define CMS_R_CIPHER_INITIALISATION_ERROR 101
# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
# define CMS_R_CMS_DATAFINAL_ERROR 103
# define CMS_R_CMS_LIB 104
# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
# define CMS_R_CONTENT_NOT_FOUND 105
# define CMS_R_CONTENT_TYPE_MISMATCH 171
# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
# define CMS_R_CONTENT_VERIFY_ERROR 109
# define CMS_R_CTRL_ERROR 110
# define CMS_R_CTRL_FAILURE 111
# define CMS_R_DECRYPT_ERROR 112
# define CMS_R_DIGEST_ERROR 161
# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
# define CMS_R_ERROR_SETTING_KEY 115
# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
# define CMS_R_INVALID_KEY_LENGTH 118
# define CMS_R_MD_BIO_INIT_ERROR 119
# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
# define CMS_R_MSGSIGDIGEST_ERROR 172
# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
# define CMS_R_NEED_ONE_SIGNER 164
# define CMS_R_NOT_A_SIGNED_RECEIPT 165
# define CMS_R_NOT_ENCRYPTED_DATA 122
# define CMS_R_NOT_KEK 123
# define CMS_R_NOT_KEY_AGREEMENT 181
# define CMS_R_NOT_KEY_TRANSPORT 124
# define CMS_R_NOT_PWRI 177
# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
# define CMS_R_NO_CIPHER 126
# define CMS_R_NO_CONTENT 127
# define CMS_R_NO_CONTENT_TYPE 173
# define CMS_R_NO_DEFAULT_DIGEST 128
# define CMS_R_NO_DIGEST_SET 129
# define CMS_R_NO_KEY 130
# define CMS_R_NO_KEY_OR_CERT 174
# define CMS_R_NO_MATCHING_DIGEST 131
# define CMS_R_NO_MATCHING_RECIPIENT 132
# define CMS_R_NO_MATCHING_SIGNATURE 166
# define CMS_R_NO_MSGSIGDIGEST 167
# define CMS_R_NO_PASSWORD 178
# define CMS_R_NO_PRIVATE_KEY 133
# define CMS_R_NO_PUBLIC_KEY 134
# define CMS_R_NO_RECEIPT_REQUEST 168
# define CMS_R_NO_SIGNERS 135
# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
# define CMS_R_RECEIPT_DECODE_ERROR 169
# define CMS_R_RECIPIENT_ERROR 137
# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
# define CMS_R_SIGNFINAL_ERROR 139
# define CMS_R_SMIME_TEXT_ERROR 140
# define CMS_R_STORE_INIT_ERROR 141
# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
# define CMS_R_TYPE_NOT_DATA 143
# define CMS_R_TYPE_NOT_DIGESTED_DATA 144
# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
# define CMS_R_UNKNOWN_CIPHER 148
# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
# define CMS_R_UNKNOWN_ID 150
# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
# define CMS_R_UNSUPPORTED_TYPE 156
# define CMS_R_UNWRAP_ERROR 157
# define CMS_R_UNWRAP_FAILURE 180
# define CMS_R_VERIFICATION_FAILURE 158
# define CMS_R_WRAP_ERROR 159
#ifdef __cplusplus
}
#endif
#endif

125
crypto/cms/cms_asn1.c
View File

@@ -1,61 +1,16 @@
/* crypto/cms/cms_asn1.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include "cms.h"
#include <openssl/cms.h>
#include "cms_lcl.h"
@@ -67,7 +22,7 @@ ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
ASN1_CHOICE(CMS_CertificateChoices) = {
ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
@@ -80,12 +35,12 @@ ASN1_CHOICE(CMS_CertificateChoices) = {
ASN1_CHOICE(CMS_SignerIdentifier) = {
ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
} ASN1_CHOICE_END(CMS_SignerIdentifier)
} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
/* Minor tweak to operation: free up signer key, cert */
static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -93,12 +48,9 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
if (si->pkey)
EVP_PKEY_free(si->pkey);
if (si->signer)
X509_free(si->signer);
if (si->pctx)
EVP_MD_CTX_cleanup(&si->mctx);
EVP_PKEY_free(si->pkey);
X509_free(si->signer);
EVP_MD_CTX_free(si->mctx);
}
return 1;
}
@@ -116,7 +68,7 @@ ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
ASN1_CHOICE(CMS_RevocationInfoChoice) = {
ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
@@ -135,13 +87,13 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
@@ -164,15 +116,14 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
if (operation == ASN1_OP_FREE_POST) {
if (rek->pkey)
EVP_PKEY_free(rek->pkey);
EVP_PKEY_free(rek->pkey);
}
return 1;
}
@@ -191,20 +142,21 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
if (operation == ASN1_OP_NEW_POST) {
EVP_CIPHER_CTX_init(&kari->ctx);
EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
kari->ctx = EVP_CIPHER_CTX_new();
if (kari->ctx == NULL)
return 0;
EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
kari->pctx = NULL;
} else if (operation == ASN1_OP_FREE_POST) {
if (kari->pctx)
EVP_PKEY_CTX_free(kari->pctx);
EVP_CIPHER_CTX_cleanup(&kari->ctx);
EVP_PKEY_CTX_free(kari->pctx);
EVP_CIPHER_CTX_free(kari->ctx);
}
return 1;
}
@@ -221,7 +173,7 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
@@ -240,7 +192,7 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
/* Free up RecipientInfo additional data */
static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -250,24 +202,15 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
if (ri->type == CMS_RECIPINFO_TRANS) {
CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
if (ktri->pkey)
EVP_PKEY_free(ktri->pkey);
if (ktri->recip)
X509_free(ktri->recip);
if (ktri->pctx)
EVP_PKEY_CTX_free(ktri->pctx);
EVP_PKEY_free(ktri->pkey);
X509_free(ktri->recip);
EVP_PKEY_CTX_free(ktri->pctx);
} else if (ri->type == CMS_RECIPINFO_KEK) {
CMS_KEKRecipientInfo *kekri = ri->d.kekri;
if (kekri->key) {
OPENSSL_cleanse(kekri->key, kekri->keylen);
OPENSSL_free(kekri->key);
}
OPENSSL_clear_free(kekri->key, kekri->keylen);
} else if (ri->type == CMS_RECIPINFO_PASS) {
CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
if (pwri->pass) {
OPENSSL_cleanse(pwri->pass, pwri->passlen);
OPENSSL_free(pwri->pass);
}
OPENSSL_clear_free(pwri->pass, pwri->passlen);
}
}
return 1;
@@ -312,7 +255,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
ASN1_SIMPLE(CMS_CompressedData, version, LONG),
@@ -396,7 +339,7 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
ASN1_CHOICE(CMS_ReceiptsFrom) = {
ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
} ASN1_CHOICE_END(CMS_ReceiptsFrom)
} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
ASN1_SEQUENCE(CMS_ReceiptRequest) = {
ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
@@ -426,7 +369,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
} ASN1_SEQUENCE_END(CMS_SharedInfo)
} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
ASN1_OCTET_STRING *ukm, int keylen)

65
crypto/cms/cms_att.c
View File

@@ -1,62 +1,17 @@
/* crypto/cms/cms_att.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include "cms.h"
#include <openssl/cms.h>
#include "cms_lcl.h"
/* CMS SignedData Attribute utilities */
@@ -71,7 +26,7 @@ int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
}
int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
int lastpos)
{
return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
@@ -120,7 +75,7 @@ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
return 0;
}
void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
int lastpos, int type)
{
return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
@@ -137,8 +92,8 @@ int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
}
int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
int lastpos)
int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
const ASN1_OBJECT *obj, int lastpos)
{
return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
}

74
crypto/cms/cms_cd.c
View File

@@ -1,71 +1,22 @@
/* crypto/cms/cms_cd.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#ifndef OPENSSL_NO_COMP
# include <openssl/comp.h>
#endif
#include <openssl/comp.h>
#include "cms_lcl.h"
DECLARE_ASN1_ITEM(CMS_CompressedData)
#ifdef ZLIB
/* CMS CompressedData Utilities */
@@ -84,12 +35,12 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
return NULL;
}
cms = CMS_ContentInfo_new();
if (!cms)
if (cms == NULL)
return NULL;
cd = M_ASN1_new_of(CMS_CompressedData);
if (!cd)
if (cd == NULL)
goto err;
cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
@@ -105,17 +56,14 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
return cms;
err:
if (cms)
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(cms);
return NULL;
}
BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
{
CMS_CompressedData *cd;
ASN1_OBJECT *compoid;
const ASN1_OBJECT *compoid;
if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);

84
crypto/cms/cms_dd.c
View File

@@ -1,58 +1,13 @@
/* crypto/cms/cms_dd.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -60,8 +15,6 @@
#include <openssl/cms.h>
#include "cms_lcl.h"
DECLARE_ASN1_ITEM(CMS_DigestedData)
/* CMS DigestedData Utilities */
CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
@@ -69,12 +22,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
CMS_ContentInfo *cms;
CMS_DigestedData *dd;
cms = CMS_ContentInfo_new();
if (!cms)
if (cms == NULL)
return NULL;
dd = M_ASN1_new_of(CMS_DigestedData);
if (!dd)
if (dd == NULL)
goto err;
cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
@@ -83,15 +36,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
dd->version = 0;
dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
X509_ALGOR_set_md(dd->digestAlgorithm, md);
return cms;
err:
if (cms)
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(cms);
return NULL;
}
@@ -104,19 +54,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
{
EVP_MD_CTX mctx;
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
int r = 0;
CMS_DigestedData *dd;
EVP_MD_CTX_init(&mctx);
if (mctx == NULL) {
CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
goto err;
}
dd = cms->d.digestedData;
if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
goto err;
if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
goto err;
if (verify) {
@@ -138,7 +92,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
}
err:
EVP_MD_CTX_cleanup(&mctx);
EVP_MD_CTX_free(mctx);
return r;

90
crypto/cms/cms_enc.c
View File

@@ -1,58 +1,13 @@
/* crypto/cms/cms_enc.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -63,8 +18,6 @@
/* CMS EncryptedData Utilities */
DECLARE_ASN1_ITEM(CMS_EncryptedData)
/* Return BIO based on EncryptedContentInfo and key */
BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
@@ -84,7 +37,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
enc = ec->cipher ? 1 : 0;
b = BIO_new(BIO_f_cipher());
if (!b) {
if (b == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -119,7 +72,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
if (RAND_pseudo_bytes(iv, ivlen) <= 0)
if (RAND_bytes(iv, ivlen) <= 0)
goto err;
piv = iv;
}
@@ -132,7 +85,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate random session key */
if (!enc || !ec->key) {
tkey = OPENSSL_malloc(tkeylen);
if (!tkey) {
if (tkey == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -164,8 +117,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
goto err;
} else {
/* Use random key */
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = tkey;
ec->keylen = tkeylen;
tkey = NULL;
@@ -179,10 +131,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_INITIALISATION_ERROR);
goto err;
}
if (piv) {
if (enc) {
calg->parameter = ASN1_TYPE_new();
if (!calg->parameter) {
if (calg->parameter == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -191,19 +142,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
/* If parameter type not set omit parameter */
if (calg->parameter->type == V_ASN1_UNDEF) {
ASN1_TYPE_free(calg->parameter);
calg->parameter = NULL;
}
}
ok = 1;
err:
if (ec->key && !keep_key) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
if (!keep_key || !ok) {
OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = NULL;
}
if (tkey) {
OPENSSL_cleanse(tkey, tkeylen);
OPENSSL_free(tkey);
}
OPENSSL_clear_free(tkey, tkeylen);
if (ok)
return b;
BIO_free(b);
@@ -217,7 +169,7 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
ec->cipher = cipher;
if (key) {
ec->key = OPENSSL_malloc(keylen);
if (!ec->key)
if (ec->key == NULL)
return 0;
memcpy(ec->key, key, keylen);
}

144
crypto/cms/cms_env.c
View File

@@ -1,77 +1,25 @@
/* crypto/cms/cms_env.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "asn1_locl.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
/* CMS EnvelopedData Utilities */
DECLARE_ASN1_ITEM(CMS_EnvelopedData)
DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
DECLARE_STACK_OF(CMS_RecipientInfo)
CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
@@ -158,18 +106,17 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
CMS_ContentInfo *cms;
CMS_EnvelopedData *env;
cms = CMS_ContentInfo_new();
if (!cms)
if (cms == NULL)
goto merr;
env = cms_enveloped_data_init(cms);
if (!env)
if (env == NULL)
goto merr;
if (!cms_EncryptedContent_init(env->encryptedContentInfo,
cipher, NULL, 0))
goto merr;
return cms;
merr:
if (cms)
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(cms);
CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -207,14 +154,15 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
return 0;
CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
X509_up_ref(recip);
EVP_PKEY_up_ref(pk);
ktri->pkey = pk;
ktri->recip = recip;
if (flags & CMS_KEY_PARAM) {
ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
if (!ktri->pctx)
if (ktri->pctx == NULL)
return 0;
if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
return 0;
@@ -242,7 +190,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
if (!ri)
goto merr;
pk = X509_get_pubkey(recip);
pk = X509_get0_pubkey(recip);
if (!pk) {
CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
goto err;
@@ -270,17 +218,12 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
goto merr;
EVP_PKEY_free(pk);
return ri;
merr:
CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
err:
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
if (pk)
EVP_PKEY_free(pk);
M_ASN1_free_of(ri, CMS_RecipientInfo);
return NULL;
}
@@ -370,7 +313,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
goto err;
} else {
pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
if (!pctx)
if (pctx == NULL)
return 0;
if (EVP_PKEY_encrypt_init(pctx) <= 0)
@@ -402,12 +345,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
ret = 1;
err:
if (pctx) {
EVP_PKEY_CTX_free(pctx);
ktri->pctx = NULL;
}
if (ek)
OPENSSL_free(ek);
EVP_PKEY_CTX_free(pctx);
ktri->pctx = NULL;
OPENSSL_free(ek);
return ret;
}
@@ -431,7 +371,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
}
ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!ktri->pctx)
if (ktri->pctx == NULL)
return 0;
if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
@@ -467,20 +407,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
ret = 1;
if (ec->key) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
}
OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = ek;
ec->keylen = eklen;
err:
if (ktri->pctx) {
EVP_PKEY_CTX_free(ktri->pctx);
ktri->pctx = NULL;
}
if (!ret && ek)
EVP_PKEY_CTX_free(ktri->pctx);
ktri->pctx = NULL;
if (!ret)
OPENSSL_free(ek);
return ret;
@@ -619,8 +553,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
err:
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
M_ASN1_free_of(ri, CMS_RecipientInfo);
return NULL;
}
@@ -703,7 +636,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
wkey = OPENSSL_malloc(ec->keylen + 8);
if (!wkey) {
if (wkey == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -721,7 +654,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
err:
if (!r && wkey)
if (!r)
OPENSSL_free(wkey);
OPENSSL_cleanse(&actx, sizeof(actx));
@@ -773,7 +706,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
if (!ukey) {
if (ukey == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -794,7 +727,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
err:
if (!r && ukey)
if (!r)
OPENSSL_free(ukey);
OPENSSL_cleanse(&actx, sizeof(actx));
@@ -832,11 +765,9 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
case CMS_RECIPINFO_KEK:
return cms_RecipientInfo_kekri_encrypt(cms, ri);
break;
case CMS_RECIPINFO_PASS:
return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
break;
default:
CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
@@ -901,10 +832,10 @@ static void cms_env_set_version(CMS_EnvelopedData *env)
env->version = 2;
}
}
if (env->version == 2)
return;
if (env->originatorInfo || env->unprotectedAttrs)
env->version = 2;
if (env->version == 2)
return;
env->version = 0;
}
@@ -944,12 +875,9 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
err:
ec->cipher = NULL;
if (ec->key) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
ec->key = NULL;
ec->keylen = 0;
}
OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = NULL;
ec->keylen = 0;
if (ok)
return ret;
BIO_free(ret);

103
crypto/cms/cms_err.c
View File

@@ -1,62 +1,11 @@
/* crypto/cms/cms_err.c */
/* ====================================================================
* Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*
* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
@@ -70,7 +19,7 @@
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
static ERR_STRING_DATA CMS_str_functs[] = {
{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
{ERR_FUNC(CMS_F_CHECK_CONTENT), "check_content"},
{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),
@@ -78,13 +27,13 @@ static ERR_STRING_DATA CMS_str_functs[] = {
{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "cms_add1_signingTime"},
{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),
"cms_CompressedData_init_bio"},
{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "cms_copy_content"},
{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "cms_copy_messageDigest"},
{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
@@ -109,17 +58,17 @@ static ERR_STRING_DATA CMS_str_functs[] = {
{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),
"cms_EnvelopedData_init_bio"},
{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "cms_enveloped_data_init"},
{ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"},
{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),
"CMS_GET0_CERTIFICATE_CHOICES"},
"cms_get0_certificate_choices"},
{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "cms_get0_econtent_type"},
{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),
"CMS_GET0_REVOCATION_CHOICES"},
{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
"cms_get0_revocation_choices"},
{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "cms_get0_signed"},
{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),
"CMS_ReceiptRequest_create0"},
@@ -137,9 +86,9 @@ static ERR_STRING_DATA CMS_str_functs[] = {
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP),
"CMS_RecipientInfo_kari_orig_id_cmp"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),
"CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
"cms_RecipientInfo_kekri_decrypt"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),
"CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
"cms_RecipientInfo_kekri_encrypt"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),
"CMS_RecipientInfo_kekri_get0_id"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),
@@ -147,9 +96,9 @@ static ERR_STRING_DATA CMS_str_functs[] = {
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),
"CMS_RecipientInfo_ktri_cert_cmp"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),
"CMS_RECIPIENTINFO_KTRI_DECRYPT"},
"cms_RecipientInfo_ktri_decrypt"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),
"CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
"cms_RecipientInfo_ktri_encrypt"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),
"CMS_RecipientInfo_ktri_get0_algs"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),
@@ -162,19 +111,19 @@ static ERR_STRING_DATA CMS_str_functs[] = {
"CMS_RecipientInfo_set0_password"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),
"CMS_RecipientInfo_set0_pkey"},
{ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "CMS_SD_ASN1_CTRL"},
{ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "cms_sd_asn1_ctrl"},
{ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"},
{ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"},
{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "cms_signed_data_init"},
{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),
"CMS_SIGNERINFO_CONTENT_SIGN"},
"cms_SignerInfo_content_sign"},
{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),
"CMS_SIGNERINFO_VERIFY_CERT"},
"cms_signerinfo_verify_cert"},
{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),
"CMS_SignerInfo_verify_content"},
{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
@@ -210,7 +159,6 @@ static ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
{ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
{ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
{ERR_REASON(CMS_R_DIGEST_ERROR), "digest error"},
{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
"error reading messagedigest attribute"},
@@ -297,7 +245,7 @@ static ERR_STRING_DATA CMS_str_reasons[] = {
#endif
void ERR_load_CMS_strings(void)
int ERR_load_CMS_strings(void)
{
#ifndef OPENSSL_NO_ERR
@@ -306,4 +254,5 @@ void ERR_load_CMS_strings(void)
ERR_load_strings(0, CMS_str_reasons);
}
#endif
return 1;
}

84
crypto/cms/cms_ess.c
View File

@@ -1,58 +1,13 @@
/* crypto/cms/cms_ess.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
@@ -61,9 +16,6 @@
#include <openssl/cms.h>
#include "cms_lcl.h"
DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
DECLARE_ASN1_ITEM(CMS_Receipt)
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
/* ESS services: for now just Signed Receipt related */
@@ -100,15 +52,14 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
CMS_ReceiptRequest *rr = NULL;
rr = CMS_ReceiptRequest_new();
if (!rr)
if (rr == NULL)
goto merr;
if (id)
ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
else {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
goto merr;
if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
<= 0)
if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
goto err;
}
@@ -129,9 +80,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
err:
if (rr)
CMS_ReceiptRequest_free(rr);
CMS_ReceiptRequest_free(rr);
return NULL;
}
@@ -155,8 +104,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
if (!r)
CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
if (rrder)
OPENSSL_free(rrder);
OPENSSL_free(rrder);
return r;
@@ -339,11 +287,8 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
r = 1;
err:
if (rr)
CMS_ReceiptRequest_free(rr);
if (rct)
M_ASN1_free_of(rct, CMS_Receipt);
CMS_ReceiptRequest_free(rr);
M_ASN1_free_of(rct, CMS_Receipt);
return r;
}
@@ -387,9 +332,6 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
err:
if (rr)
CMS_ReceiptRequest_free(rr);
CMS_ReceiptRequest_free(rr);
return os;
}

63
crypto/cms/cms_io.c
View File

@@ -1,73 +1,28 @@
/* crypto/cms/cms_io.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include "cms.h"
#include <openssl/cms.h>
#include "cms_lcl.h"
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
{
ASN1_OCTET_STRING **pos;
pos = CMS_get0_content(cms);
if (!pos)
if (pos == NULL)
return 0;
if (!*pos)
if (*pos == NULL)
*pos = ASN1_OCTET_STRING_new();
if (*pos) {
if (*pos != NULL) {
(*pos)->flags |= ASN1_STRING_FLAG_NDEF;
(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
*boundary = &(*pos)->data;

116
crypto/cms/cms_kari.c
View File

@@ -1,72 +1,21 @@
/* crypto/cms/cms_kari.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2013 The OpenSSL Project. All rights reserved.
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "asn1_locl.h"
DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
#include "internal/asn1_int.h"
/* Key Agreement Recipient Info (KARI) routines */
@@ -207,10 +156,9 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
{
EVP_PKEY_CTX *pctx;
CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
if (kari->pctx) {
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
}
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
if (!pk)
return 1;
pctx = EVP_PKEY_CTX_new(pk, NULL);
@@ -219,15 +167,14 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
kari->pctx = pctx;
return 1;
err:
if (pctx)
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_CTX_free(pctx);
return 0;
}
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
{
if (ri->type == CMS_RECIPINFO_AGREE)
return &ri->d.kari->ctx;
return ri->d.kari->ctx;
return NULL;
}
@@ -246,22 +193,22 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
int rv = 0;
unsigned char *out = NULL;
int outlen;
keklen = EVP_CIPHER_CTX_key_length(&kari->ctx);
keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
if (keklen > EVP_MAX_KEY_LENGTH)
return 0;
/* Derive KEK */
if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
goto err;
/* Set KEK in context */
if (!EVP_CipherInit_ex(&kari->ctx, NULL, NULL, kek, NULL, enc))
if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
goto err;
/* obtain output length of ciphered key */
if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen))
if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
goto err;
out = OPENSSL_malloc(outlen);
if (!out)
if (out == NULL)
goto err;
if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen))
if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
goto err;
*pout = out;
*poutlen = (size_t)outlen;
@@ -269,9 +216,10 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
err:
OPENSSL_cleanse(kek, keklen);
if (!rv && out)
if (!rv)
OPENSSL_free(out);
EVP_CIPHER_CTX_cleanup(&kari->ctx);
EVP_CIPHER_CTX_reset(kari->ctx);
/* FIXME: WHY IS kari->pctx freed here? /RL */
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
return rv;
@@ -295,17 +243,13 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
goto err;
ec = cms->d.envelopedData->encryptedContentInfo;
if (ec->key) {
OPENSSL_cleanse(ec->key, ec->keylen);
OPENSSL_free(ec->key);
}
OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = cek;
ec->keylen = ceklen;
cek = NULL;
rv = 1;
err:
if (cek)
OPENSSL_free(cek);
OPENSSL_free(cek);
return rv;
}
@@ -332,10 +276,9 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
kari->pctx = pctx;
rv = 1;
err:
if (!rv && pctx)
if (!rv)
EVP_PKEY_CTX_free(pctx);
if (ekey)
EVP_PKEY_free(ekey);
EVP_PKEY_free(ekey);
return rv;
}
@@ -378,7 +321,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
if (!cms_kari_create_ephemeral_key(kari, pk))
return 0;
CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
EVP_PKEY_up_ref(pk);
rek->pkey = pk;
return 1;
}
@@ -386,7 +329,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
const EVP_CIPHER *cipher)
{
EVP_CIPHER_CTX *ctx = &kari->ctx;
EVP_CIPHER_CTX *ctx = kari->ctx;
const EVP_CIPHER *kekcipher;
int keylen = EVP_CIPHER_key_length(cipher);
/* If a suitable wrap algorithm is already set nothing to do */
@@ -401,9 +344,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
* Pick a cipher based on content encryption cipher. If it is DES3 use
* DES3 wrap otherwise use AES wrap similar to key size.
*/
#ifndef OPENSSL_NO_DES
if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
kekcipher = EVP_des_ede3_wrap();
else if (keylen <= 16)
else
#endif
if (keylen <= 16)
kekcipher = EVP_aes_128_wrap();
else if (keylen <= 24)
kekcipher = EVP_aes_192_wrap();
@@ -434,7 +380,7 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
if (!cms_wrap_init(kari, ec->cipher))
return 0;
/*
* If no orignator key set up initialise for ephemeral key the public key
* If no originator key set up initialise for ephemeral key the public key
* ASN1 structure will set the actual public key value.
*/
if (kari->originator->type == -1) {

79
crypto/cms/cms_lcl.h
View File

@@ -1,55 +1,10 @@
/* crypto/cms/cms_lcl.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_CMS_LCL_H
@@ -109,6 +64,8 @@ struct CMS_ContentInfo_st {
} d;
};
DEFINE_STACK_OF(CMS_CertificateChoices)
struct CMS_SignedData_st {
long version;
STACK_OF(X509_ALGOR) *digestAlgorithms;
@@ -137,7 +94,7 @@ struct CMS_SignerInfo_st {
X509 *signer;
EVP_PKEY *pkey;
/* Digest and public key context for alternative parameters */
EVP_MD_CTX mctx;
EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx;
};
@@ -208,7 +165,7 @@ struct CMS_KeyAgreeRecipientInfo_st {
/* Public key context associated with current operation */
EVP_PKEY_CTX *pctx;
/* Cipher context for CEK wrapping */
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx;
};
struct CMS_OriginatorIdentifierOrKey_st {
@@ -431,7 +388,6 @@ int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
X509_ALGOR *mdalg);
@@ -465,6 +421,23 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
int en_de);
DECLARE_ASN1_ITEM(CMS_CertificateChoices)
DECLARE_ASN1_ITEM(CMS_DigestedData)
DECLARE_ASN1_ITEM(CMS_EncryptedData)
DECLARE_ASN1_ITEM(CMS_EnvelopedData)
DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
DECLARE_ASN1_ITEM(CMS_Receipt)
DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
DECLARE_ASN1_ITEM(CMS_SignedData)
DECLARE_ASN1_ITEM(CMS_CompressedData)
#ifdef __cplusplus
}
#endif

137
crypto/cms/cms_lib.c
View File

@@ -1,55 +1,10 @@
/* crypto/cms/cms_lib.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
@@ -58,18 +13,13 @@
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>
#include "cms.h"
#include <openssl/cms.h>
#include "cms_lcl.h"
IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
DECLARE_ASN1_ITEM(CMS_CertificateChoices)
DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
DECLARE_STACK_OF(CMS_CertificateChoices)
DECLARE_STACK_OF(CMS_RevocationInfoChoice)
const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
{
return cms->contentType;
}
@@ -78,7 +28,7 @@ CMS_ContentInfo *cms_Data_create(void)
{
CMS_ContentInfo *cms;
cms = CMS_ContentInfo_new();
if (cms) {
if (cms != NULL) {
cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
/* Never detached */
CMS_set_detached(cms, 0);
@@ -159,7 +109,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
if (!pos)
return 0;
/* If ebmedded content find memory BIO and set content */
/* If embedded content find memory BIO and set content */
if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
BIO *mbio;
unsigned char *cont;
@@ -314,15 +264,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
if (!pos)
return 0;
if (detached) {
if (*pos) {
ASN1_OCTET_STRING_free(*pos);
*pos = NULL;
}
ASN1_OCTET_STRING_free(*pos);
*pos = NULL;
return 1;
}
if (!*pos)
if (*pos == NULL)
*pos = ASN1_OCTET_STRING_new();
if (*pos) {
if (*pos != NULL) {
/*
* NB: special flag to show content is created and not read in.
*/
@@ -333,27 +281,12 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
return 0;
}
/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
{
int param_type;
if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
param_type = V_ASN1_UNDEF;
else
param_type = V_ASN1_NULL;
X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
}
/* Create a digest BIO from an X509_ALGOR structure */
BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
{
BIO *mdbio = NULL;
ASN1_OBJECT *digestoid;
const ASN1_OBJECT *digestoid;
const EVP_MD *digest;
X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
digest = EVP_get_digestbyobj(digestoid);
@@ -363,14 +296,13 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
goto err;
}
mdbio = BIO_new(BIO_f_md());
if (!mdbio || !BIO_set_md(mdbio, digest)) {
if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
goto err;
}
return mdbio;
err:
if (mdbio)
BIO_free(mdbio);
BIO_free(mdbio);
return NULL;
}
@@ -380,7 +312,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
X509_ALGOR *mdalg)
{
int nid;
ASN1_OBJECT *mdoid;
const ASN1_OBJECT *mdoid;
X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
nid = OBJ_obj2nid(mdoid);
/* Look for digest type to match signature */
@@ -413,6 +345,8 @@ static STACK_OF(CMS_CertificateChoices)
return &cms->d.signedData->certificates;
case NID_pkcs7_enveloped:
if (cms->d.envelopedData->originatorInfo == NULL)
return NULL;
return &cms->d.envelopedData->originatorInfo->certificates;
default:
@@ -475,7 +409,7 @@ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
int r;
r = CMS_add0_cert(cms, cert);
if (r > 0)
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
X509_up_ref(cert);
return r;
}
@@ -488,6 +422,8 @@ static STACK_OF(CMS_RevocationInfoChoice)
return &cms->d.signedData->crls;
case NID_pkcs7_enveloped:
if (cms->d.envelopedData->originatorInfo == NULL)
return NULL;
return &cms->d.envelopedData->originatorInfo->crls;
default:
@@ -535,7 +471,7 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
int r;
r = CMS_add0_crl(cms, crl);
if (r > 0)
CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
X509_CRL_up_ref(crl);
return r;
}
@@ -560,7 +496,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
sk_X509_pop_free(certs, X509_free);
return NULL;
}
CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509);
X509_up_ref(cch->d.certificate);
}
}
return certs;
@@ -588,7 +524,7 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return NULL;
}
CRYPTO_add(&rch->d.crl->references, 1, CRYPTO_LOCK_X509_CRL);
X509_CRL_up_ref(rch->d.crl);
}
}
return crls;
@@ -605,10 +541,11 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
{
X509_check_purpose(cert, -1, -1);
if (!cert->skid)
const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
if (cert_keyid == NULL)
return -1;
return ASN1_OCTET_STRING_cmp(keyid, cert->skid);
return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
}
int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
@@ -621,13 +558,11 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
goto err;
if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
goto err;
if (*pias)
M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
*pias = ias;
return 1;
err:
if (ias)
M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -635,18 +570,18 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
{
ASN1_OCTET_STRING *keyid = NULL;
X509_check_purpose(cert, -1, -1);
if (!cert->skid) {
const ASN1_OCTET_STRING *cert_keyid;
cert_keyid = X509_get0_subject_key_id(cert);
if (cert_keyid == NULL) {
CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
return 0;
}
keyid = ASN1_STRING_dup(cert->skid);
keyid = ASN1_STRING_dup(cert_keyid);
if (!keyid) {
CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
return 0;
}
if (*pkeyid)
ASN1_OCTET_STRING_free(*pkeyid);
ASN1_OCTET_STRING_free(*pkeyid);
*pkeyid = keyid;
return 1;
}

178
crypto/cms/cms_pwri.c
View File

@@ -1,58 +1,13 @@
/* crypto/cms/cms_pwri.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2009 The OpenSSL Project. All rights reserved.
* Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -61,7 +16,7 @@
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "asn1_locl.h"
#include "internal/asn1_int.h"
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass, ossl_ssize_t passlen)
@@ -90,7 +45,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri = NULL;
CMS_EnvelopedData *env;
CMS_PasswordRecipientInfo *pwri;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX *ctx = NULL;
X509_ALGOR *encalg = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
@@ -121,19 +76,22 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
/* Setup algorithm identifier for cipher */
encalg = X509_ALGOR_new();
EVP_CIPHER_CTX_init(&ctx);
if (encalg == NULL) {
goto merr;
}
ctx = EVP_CIPHER_CTX_new();
if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
if (RAND_pseudo_bytes(iv, ivlen) <= 0)
if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
@@ -142,24 +100,25 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
}
encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
ctx = NULL;
/* Initialize recipient info */
ri = M_ASN1_new_of(CMS_RecipientInfo);
if (!ri)
if (ri == NULL)
goto merr;
ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
if (!ri->d.pwri)
if (ri->d.pwri == NULL)
goto merr;
ri->type = CMS_RECIPINFO_PASS;
@@ -167,11 +126,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
/* Since this is overwritten, free up empty structure already there */
X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
if (!pwri->keyEncryptionAlgorithm)
if (pwri->keyEncryptionAlgorithm == NULL)
goto merr;
pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
if (!pwri->keyEncryptionAlgorithm->parameter)
if (pwri->keyEncryptionAlgorithm->parameter == NULL)
goto merr;
if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
@@ -201,11 +160,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
err:
EVP_CIPHER_CTX_cleanup(&ctx);
EVP_CIPHER_CTX_free(ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
if (encalg)
X509_ALGOR_free(encalg);
X509_ALGOR_free(encalg);
return NULL;
}
@@ -231,24 +189,26 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
return 0;
}
tmp = OPENSSL_malloc(inlen);
if (!tmp)
if (tmp == NULL)
return 0;
/* setup IV by decrypting last two blocks */
EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
in + inlen - 2 * blocklen, blocklen * 2);
/*
* Do a decrypt of last decrypted block to set IV to correct value output
* it to start of buffer so we don't corrupt decrypted block this works
* because buffer is at least two block lengths long.
*/
EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen);
/* Can now decrypt first n - 1 blocks */
EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
in + inlen - 2 * blocklen, blocklen * 2)
/*
* Do a decrypt of last decrypted block to set IV to correct value
* output it to start of buffer so we don't corrupt decrypted block
* this works because buffer is at least two block lengths long.
*/
|| !EVP_DecryptUpdate(ctx, tmp, &outl,
tmp + inlen - blocklen, blocklen)
/* Can now decrypt first n - 1 blocks */
|| !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
/* Reset IV to original value */
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
/* Decrypt again */
EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
/* Reset IV to original value */
|| !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
/* Decrypt again */
|| !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
goto err;
/* Check check bytes */
if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
/* Check byte failure */
@@ -262,8 +222,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
memcpy(out, tmp + 4, *outlen);
rv = 1;
err:
OPENSSL_cleanse(tmp, inlen);
OPENSSL_free(tmp);
OPENSSL_clear_free(tmp, inlen);
return rv;
}
@@ -298,11 +257,12 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
memcpy(out + 4, in, inlen);
/* Add random padding to end */
if (olen > inlen + 4
&& RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
&& RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
return 0;
/* Encrypt twice */
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
|| !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
return 0;
}
*outlen = olen;
@@ -317,11 +277,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
{
CMS_EncryptedContentInfo *ec;
CMS_PasswordRecipientInfo *pwri;
const unsigned char *p = NULL;
int plen;
int r = 0;
X509_ALGOR *algtmp, *kekalg = NULL;
EVP_CIPHER_CTX kekctx;
EVP_CIPHER_CTX *kekctx = NULL;
const EVP_CIPHER *kekcipher;
unsigned char *key = NULL;
size_t keylen;
@@ -329,7 +287,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
ec = cms->d.envelopedData->encryptedContentInfo;
pwri = ri->d.pwri;
EVP_CIPHER_CTX_init(&kekctx);
if (!pwri->pass) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
@@ -343,11 +300,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
return 0;
}
if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
p = algtmp->parameter->value.sequence->data;
plen = algtmp->parameter->value.sequence->length;
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
}
kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
algtmp->parameter);
if (kekalg == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
@@ -358,14 +313,19 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (!kekcipher) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
goto err;
return 0;
}
kekctx = EVP_CIPHER_CTX_new();
if (kekctx == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
return 0;
}
/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
goto err;
EVP_CIPHER_CTX_set_padding(&kekctx, 0);
if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
EVP_CIPHER_CTX_set_padding(kekctx, 0);
if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
@@ -377,7 +337,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (EVP_PBE_CipherInit(algtmp->algorithm,
(char *)pwri->pass, pwri->passlen,
algtmp->parameter, &kekctx, en_de) < 0) {
algtmp->parameter, kekctx, en_de) < 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
goto err;
}
@@ -386,28 +346,28 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (en_de) {
if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
goto err;
key = OPENSSL_malloc(keylen);
if (!key)
if (key == NULL)
goto err;
if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
goto err;
pwri->encryptedKey->data = key;
pwri->encryptedKey->length = keylen;
} else {
key = OPENSSL_malloc(pwri->encryptedKey->length);
if (!key) {
if (key == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!kek_unwrap_key(key, &keylen,
pwri->encryptedKey->data,
pwri->encryptedKey->length, &kekctx)) {
pwri->encryptedKey->length, kekctx)) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
goto err;
}
@@ -421,9 +381,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
err:
EVP_CIPHER_CTX_cleanup(&kekctx);
EVP_CIPHER_CTX_free(kekctx);
if (!r && key)
if (!r)
OPENSSL_free(key);
X509_ALGOR_free(kekalg);

196
crypto/cms/cms_sd.c
View File

@@ -1,58 +1,13 @@
/* crypto/cms/cms_sd.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
@@ -60,12 +15,11 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "asn1_locl.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
/* CMS SignedData Utilities */
DECLARE_ASN1_ITEM(CMS_SignedData)
static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
@@ -94,7 +48,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
return cms_get0_signed(cms);
}
/* Just initialize SignedData e.g. for certs only structure */
/* Just initialise SignedData e.g. for certs only structure */
int CMS_SignedData_init(CMS_ContentInfo *cms)
{
@@ -282,16 +236,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
si = M_ASN1_new_of(CMS_SignerInfo);
if (!si)
goto merr;
/* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(signer, -1, -1);
CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
X509_up_ref(signer);
EVP_PKEY_up_ref(pk);
si->pkey = pk;
si->signer = signer;
EVP_MD_CTX_init(&si->mctx);
si->mctx = EVP_MD_CTX_new();
si->pctx = NULL;
if (si->mctx == NULL) {
CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
goto err;
}
if (flags & CMS_USE_KEYID) {
si->version = 3;
if (sd->version < 3)
@@ -321,11 +281,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
goto err;
}
cms_DigestAlgorithm_set(si->digestAlgorithm, md);
X509_ALGOR_set_md(si->digestAlgorithm, md);
/* See if digest is present in digestAlgorithms */
for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
ASN1_OBJECT *aoid;
const ASN1_OBJECT *aoid;
alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
X509_ALGOR_get0(&aoid, NULL, NULL, alg);
if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
@@ -334,9 +294,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
alg = X509_ALGOR_new();
if (!alg)
if (alg == NULL)
goto merr;
cms_DigestAlgorithm_set(alg, md);
X509_ALGOR_set_md(alg, md);
if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
X509_ALGOR_free(alg);
goto merr;
@@ -347,7 +307,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
goto err;
if (!(flags & CMS_NOATTR)) {
/*
* Initialialize signed attributes strutucture so other attributes
* Initialize signed attributes structure so other attributes
* such as signing time etc are added later even if we add none here.
*/
if (!si->signedAttrs) {
@@ -383,13 +343,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (flags & CMS_KEY_PARAM) {
if (flags & CMS_NOATTR) {
si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
if (!si->pctx)
if (si->pctx == NULL)
goto err;
if (EVP_PKEY_sign_init(si->pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
goto err;
} else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <=
} else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
0)
goto err;
}
@@ -404,8 +364,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
merr:
CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
err:
if (si)
M_ASN1_free_of(si, CMS_SignerInfo);
M_ASN1_free_of(si, CMS_SignerInfo);
return NULL;
}
@@ -447,7 +406,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
{
return &si->mctx;
return si->mctx;
}
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
@@ -486,13 +445,11 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
{
if (signer) {
CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
if (si->pkey)
EVP_PKEY_free(si->pkey);
X509_up_ref(signer);
EVP_PKEY_free(si->pkey);
si->pkey = X509_get_pubkey(signer);
}
if (si->signer)
X509_free(si->signer);
X509_free(si->signer);
si->signer = signer;
}
@@ -576,19 +533,23 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
CMS_SignerInfo *si, BIO *chain)
{
EVP_MD_CTX mctx;
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
int r = 0;
EVP_PKEY_CTX *pctx = NULL;
EVP_MD_CTX_init(&mctx);
if (!si->pkey) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
if (mctx == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
if (!si->pkey) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
goto err;
/* Set SignerInfo algortihm details if we used custom parametsr */
}
if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err;
/* Set SignerInfo algorithm details if we used custom parameter */
if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
goto err;
@@ -601,7 +562,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err;
if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING, md, mdlen))
@@ -618,26 +579,28 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
pctx = si->pctx;
if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err;
siglen = EVP_PKEY_size(si->pkey);
sig = OPENSSL_malloc(siglen);
if (!sig) {
if (sig == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0)
if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
OPENSSL_free(sig);
goto err;
}
ASN1_STRING_set0(si->signature, sig, siglen);
} else {
unsigned char *sig;
unsigned int siglen;
sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
if (!sig) {
if (sig == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
OPENSSL_free(sig);
goto err;
@@ -648,9 +611,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
r = 1;
err:
EVP_MD_CTX_cleanup(&mctx);
if (pctx)
EVP_PKEY_CTX_free(pctx);
EVP_MD_CTX_free(mctx);
EVP_PKEY_CTX_free(pctx);
return r;
}
@@ -672,7 +634,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
int CMS_SignerInfo_sign(CMS_SignerInfo *si)
{
EVP_MD_CTX *mctx = &si->mctx;
EVP_MD_CTX *mctx = si->mctx;
EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL;
int alen;
@@ -691,7 +653,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
if (si->pctx)
pctx = si->pctx;
else {
EVP_MD_CTX_init(mctx);
EVP_MD_CTX_reset(mctx);
if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
goto err;
}
@@ -712,7 +674,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
goto err;
OPENSSL_free(abuf);
abuf = OPENSSL_malloc(siglen);
if (!abuf)
if (abuf == NULL)
goto err;
if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
goto err;
@@ -723,23 +685,22 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
goto err;
}
EVP_MD_CTX_cleanup(mctx);
EVP_MD_CTX_reset(mctx);
ASN1_STRING_set0(si->signature, abuf, siglen);
return 1;
err:
if (abuf)
OPENSSL_free(abuf);
EVP_MD_CTX_cleanup(mctx);
OPENSSL_free(abuf);
EVP_MD_CTX_reset(mctx);
return 0;
}
int CMS_SignerInfo_verify(CMS_SignerInfo *si)
{
EVP_MD_CTX *mctx = &si->mctx;
EVP_MD_CTX *mctx = NULL;
unsigned char *abuf = NULL;
int alen, r = -1;
const EVP_MD *md = NULL;
@@ -752,7 +713,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
if (md == NULL)
return -1;
EVP_MD_CTX_init(mctx);
if (si->mctx == NULL)
si->mctx = EVP_MD_CTX_new();
mctx = si->mctx;
if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
goto err;
@@ -774,7 +737,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
if (r <= 0)
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
err:
EVP_MD_CTX_cleanup(mctx);
EVP_MD_CTX_reset(mctx);
return r;
}
@@ -804,20 +767,23 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
}
return chain;
err:
if (chain)
BIO_free_all(chain);
BIO_free_all(chain);
return NULL;
}
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
{
ASN1_OCTET_STRING *os = NULL;
EVP_MD_CTX mctx;
EVP_MD_CTX *mctx = EVP_MD_CTX_new();
EVP_PKEY_CTX *pkctx = NULL;
int r = -1;
unsigned char mval[EVP_MAX_MD_SIZE];
unsigned int mlen;
EVP_MD_CTX_init(&mctx);
if (mctx == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
goto err;
}
/* If we have any signed attributes look for messageDigest value */
if (CMS_signed_get_attr_count(si) >= 0) {
os = CMS_signed_get0_data_by_OBJ(si,
@@ -830,10 +796,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
}
}
if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err;
if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
goto err;
@@ -855,8 +821,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
} else
r = 1;
} else {
const EVP_MD *md = EVP_MD_CTX_md(&mctx);
const EVP_MD *md = EVP_MD_CTX_md(mctx);
pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
if (pkctx == NULL)
goto err;
if (EVP_PKEY_verify_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
@@ -874,9 +842,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
}
err:
if (pkctx)
EVP_PKEY_CTX_free(pkctx);
EVP_MD_CTX_cleanup(&mctx);
EVP_PKEY_CTX_free(pkctx);
EVP_MD_CTX_free(mctx);
return r;
}
@@ -901,21 +868,20 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
ASN1_INTEGER *key = NULL;
if (keysize > 0) {
key = ASN1_INTEGER_new();
if (!key || !ASN1_INTEGER_set(key, keysize))
if (key == NULL || !ASN1_INTEGER_set(key, keysize))
return 0;
}
alg = X509_ALGOR_new();
if (!alg) {
if (key)
ASN1_INTEGER_free(key);
if (alg == NULL) {
ASN1_INTEGER_free(key);
return 0;
}
X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
if (!*algs)
if (*algs == NULL)
*algs = sk_X509_ALGOR_new_null();
if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) {
if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
X509_ALGOR_free(alg);
return 0;
}
@@ -941,6 +907,8 @@ static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
{
if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)

204
crypto/cms/cms_smime.c
View File

@@ -1,81 +1,43 @@
/* crypto/cms/cms_smime.c */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved.
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "cryptlib.h"
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "asn1_locl.h"
#include "internal/asn1_int.h"
static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
{
BIO *rbio;
if (out == NULL)
rbio = BIO_new(BIO_s_null());
else if (flags & CMS_TEXT) {
rbio = BIO_new(BIO_s_mem());
BIO_set_mem_eof_return(rbio, 0);
} else
rbio = out;
return rbio;
}
static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
{
unsigned char buf[4096];
int r = 0, i;
BIO *tmpout = NULL;
BIO *tmpout;
if (out == NULL)
tmpout = BIO_new(BIO_s_null());
else if (flags & CMS_TEXT) {
tmpout = BIO_new(BIO_s_mem());
BIO_set_mem_eof_return(tmpout, 0);
} else
tmpout = out;
tmpout = cms_get_text_bio(out, flags);
if (!tmpout) {
if (tmpout == NULL) {
CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -107,7 +69,7 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
r = 1;
err:
if (tmpout && (tmpout != out))
if (tmpout != out)
BIO_free(tmpout);
return r;
@@ -246,7 +208,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
return NULL;
}
cms = CMS_ContentInfo_new();
if (!cms)
if (cms == NULL)
return NULL;
if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
return NULL;
@@ -265,24 +227,28 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
X509_STORE *store,
STACK_OF(X509) *certs,
STACK_OF(X509_CRL) *crls,
unsigned int flags)
STACK_OF(X509_CRL) *crls)
{
X509_STORE_CTX ctx;
X509_STORE_CTX *ctx = X509_STORE_CTX_new();
X509 *signer;
int i, j, r = 0;
if (ctx == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
goto err;
}
CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) {
if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR);
goto err;
}
X509_STORE_CTX_set_default(&ctx, "smime_sign");
X509_STORE_CTX_set_default(ctx, "smime_sign");
if (crls)
X509_STORE_CTX_set0_crls(&ctx, crls);
X509_STORE_CTX_set0_crls(ctx, crls);
i = X509_verify_cert(&ctx);
i = X509_verify_cert(ctx);
if (i <= 0) {
j = X509_STORE_CTX_get_error(&ctx);
j = X509_STORE_CTX_get_error(ctx);
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
CMS_R_CERTIFICATE_VERIFY_ERROR);
ERR_add_error_data(2, "Verify error:",
@@ -291,7 +257,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
}
r = 1;
err:
X509_STORE_CTX_cleanup(&ctx);
X509_STORE_CTX_free(ctx);
return r;
}
@@ -305,10 +271,15 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
STACK_OF(X509_CRL) *crls = NULL;
X509 *signer;
int i, scount = 0, ret = 0;
BIO *cmsbio = NULL, *tmpin = NULL;
BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
if (!dcont && !check_content(cms))
return 0;
if (dcont && !(flags & CMS_BINARY)) {
const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
flags |= CMS_ASCIICRLF;
}
/* Attempt to find all signer certificates */
@@ -342,8 +313,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
crls = CMS_get1_crls(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
if (!cms_signerinfo_verify_cert(si, store,
cms_certs, crls, flags))
if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
goto err;
}
}
@@ -378,14 +348,44 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
}
} else
tmpin = dcont;
/*
* If not binary mode and detached generate digests by *writing* through
* the BIO. That makes it possible to canonicalise the input.
*/
if (!(flags & SMIME_BINARY) && dcont) {
/*
* Create output BIO so we can either handle text or to ensure
* included content doesn't override detached content.
*/
tmpout = cms_get_text_bio(out, flags);
if (!tmpout) {
CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
cmsbio = CMS_dataInit(cms, tmpout);
if (!cmsbio)
goto err;
/*
* Don't use SMIME_TEXT for verify: it adds headers and we want to
* remove them.
*/
SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT);
cmsbio = CMS_dataInit(cms, tmpin);
if (!cmsbio)
goto err;
if (flags & CMS_TEXT) {
if (!SMIME_text(tmpout, out)) {
CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
goto err;
}
}
} else {
cmsbio = CMS_dataInit(cms, tmpin);
if (!cmsbio)
goto err;
if (!cms_copy_content(out, cmsbio, flags))
goto err;
if (!cms_copy_content(out, cmsbio, flags))
goto err;
}
if (!(flags & CMS_NO_CONTENT_VERIFY)) {
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
@@ -399,17 +399,23 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
ret = 1;
err:
if (!(flags & SMIME_BINARY) && dcont) {
do_free_upto(cmsbio, tmpout);
if (tmpin != dcont)
BIO_free(tmpin);
} else {
if (dcont && (tmpin == dcont))
do_free_upto(cmsbio, dcont);
else
BIO_free_all(cmsbio);
}
if (dcont && (tmpin == dcont))
do_free_upto(cmsbio, dcont);
else
BIO_free_all(cmsbio);
if (out != tmpout)
BIO_free_all(tmpout);
err2:
if (cms_certs)
sk_X509_pop_free(cms_certs, X509_free);
if (crls)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
sk_X509_pop_free(cms_certs, X509_free);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
}
@@ -434,8 +440,12 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
int i;
cms = CMS_ContentInfo_new();
if (!cms || !CMS_SignedData_init(cms))
if (cms == NULL || !CMS_SignedData_init(cms))
goto merr;
if (flags & CMS_ASCIICRLF
&& !CMS_set1_eContentType(cms,
OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
goto err;
if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
@@ -461,8 +471,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
err:
if (cms)
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(cms);
return NULL;
}
@@ -526,8 +535,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
r = 1;
err:
if (rct_cont)
BIO_free(rct_cont);
BIO_free(rct_cont);
if (r)
return cms;
CMS_ContentInfo_free(cms);
@@ -564,8 +572,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
merr:
CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
err:
if (cms)
CMS_ContentInfo_free(cms);
CMS_ContentInfo_free(cms);
return NULL;
}
@@ -665,7 +672,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
unsigned char *key, size_t keylen,
unsigned char *id, size_t idlen)
const unsigned char *id, size_t idlen)
{
STACK_OF(CMS_RecipientInfo) *ris;
CMS_RecipientInfo *ri;
@@ -753,8 +760,9 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
{
BIO *cmsbio;
int ret = 0;
if (!(cmsbio = CMS_dataInit(cms, dcont))) {
CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
return 0;
}